Virtualization
Michael Tsai 2016/06/01
What is virtualization?
• Let’s first look at a video from VMware
• http://bcove.me/x9zhalcl
Problems?
DNS DHCP Web
NFS LDAP
Windows
Active Directory Server
Database
5% 5% 15% 8%
15% 15%
12% 6%
Low utilization
Different needs
Problem & Results
• Software vendors:
please run our applications on a separate
machine (incompatibility with other software)
• Utilization: between 5% to 15%
and decreasing due to better hardware in the future
• Results: a large number of servers
Results
• A large number of servers ==?
• Huge energy consumption
• CPU, hard drive, …
• Cooling to keep the servers running
• Maintenance associated with a large number of servers
Virtualization
• Basic idea:
allow multiple OS’es to run concurrently on the same physical hardware
• Per server maintenance is reduced
• Isolation: each OS “more or less” thinks that they run on a physical machine
• Ability to dynamically assign resources to different OS’es, e.g., memory, CPU time, storage, network bandwidth.
• Possibility of live migration
Types of Virtualization
• Full virtualization
• Paravirtualization
• Operating system virtualization
• Native virtualization
Full virtualization
ptg
Full virtualization 985
Virtualization
an abstraction of computing resources that lets operating systems run without direct knowledge of the underlying physical hardware. The virtualization software parcels out the physical resources such as storage, memory, and CPU, dynamically allocating their use among several virtual machines.
UNIX administrators should understand three distinct paradigms: full virtualiza- tion, paravirtualization, and OS-level virtualization. Each model resolves the re- source contention and hardware access issues in a slightly different manner, and each model has distinct benefits and drawbacks.
Full virtualization
Full virtualization is currently the most accepted paradigm in production use to- day. Under this model, the operating system is unaware that it is running on a virtualized platform. A “hypervisor,” also known as a virtual machine monitor, is installed between the virtual machines (“guests”) and the hardware.
Such hypervisors are also known as bare-metal hypervisors since they control the physical hardware. The hypervisor provides an emulation layer for all of the host’s hardware devices. The guest operating system is not modified. Guests make direct requests to the virtualized hardware, and any privileged instructions that guest kernels attempt to run are intercepted by the hypervisor for appropriate handling.
Bare-metal virtualization is the most secure type of virtualization because guest operating systems are isolated from the underlying hardware. In addition, no ker- nel modifications are required, and guests are portable among differing underly- ing architectures. As long as the virtualization software is present, the guest can run on any processor architecture. (Translation of CPU instructions does, how- ever, incur a modest performance penalty.)
VMware ESX is an example of a popular full virtualization technology. The gen- eral structure of these systems is depicted in Exhibit A.
Exhibit A Full virtualization architecture
Guest OS 0 Guest OS 1 Guest OS N
Fully virtualized hypervisor
(e.g., VMWare ESX) System Hardware
Disk CPU Memory
…
Full virtualization
• a.k.a bare-metal virtualization
• Most secure: no access to hardware from guest OS
• No guest OS modification is needed
• Require translation of CPU instructions (performance penalty)
Paravirtualization
ptg
986 Chapter 24 Virtualization
Paravirtualization
Paravirtualization is the technology used by Xen, the leading open source virtual platform. Like full virtualization, paravirtualization allows multiple operating sys- tems to run in concert on one machine. However, each OS kernel must be modi- fied to support “hypercalls,” or translations of certain sensitive CPU instructions.
User-space applications do not require modification and run natively on Xen ma- chines. A hypervisor is used in paravirtualization just as in full virtualization.
The translation layer of a paravirtualized system has less overhead than that of a fully virtualized system, so paravirtualization does lead to nominal performance gains. However, the need to modify the guest operating system is a dramatic
downside and is the primary reason why Xen paravirtualization has scant support outside of Linux and other open source kernels.
Exhibit B shows a paravirtualized environment. It looks similar to the fully virtu- alized system in Exhibit A, but the guest operating systems interface with the hy- pervisor through a defined interface, and the first guest is privileged.
Exhibit B Paravirtualization architecture
Operating system virtualization
OS-level virtualization systems are very different from the previous two models.
Instead of creating multiple virtual machine environments within a physical sys- tem, OS-level virtualization lets an operating system create multiple, isolated ap- plication environments that reference the same kernel. OS-level virtualization is properly thought of as a feature of the kernel rather than as a separate layer of software abstraction.
Because no true translation or virtualization layer exists, the overhead of OS-level virtualization is very low. Most implementations offer near-native performance.
Unfortunately, this type of virtualization precludes the use of multiple operating systems since a single kernel is shared by all guests (or “containers” as they are
Guest OS 0 (modified) Guest OS N
Paravirtualized hypervisor
(e.g., Xen, LDoms)
System Hardware
Disk CPU Memory
…
Guest OS 1 (modified) Guest OS N (modified)
Privileged guest (host)
Paravirtualization
• Each guest OS kernel must be modified,
so that sensitive CPU instructions can be translated using “hypercalls”
• Less overhead
• Due to the modification requirements,
support for non-open-source kernels (e.g., Windows) is scant.
OS virtualization
ptg
Cloud computing 987
Virtualization
commonly known in this context).1 AIX workload partitions and Solaris contain- ers and zones are examples of OS-level virtualization.
OS-level virtualization is illustrated in Exhibit C.
Exhibit C OS-level virtualization architecture
Native virtualization
In an attempt to distinguish their hardware offerings, the silicon heavyweights AMD and Intel are competing head to head to best support virtualization through hardware-assisted (“native”) virtualization. Both companies offer CPUs that in- clude virtualization instructions, eliminating the need for the translation layer used in full and paravirtualization. Today, all major virtualization players can take advantage of these processors’ features.
Cloud computing
In addition to traditional virtualization, a relatively recent offering in the industry known informally (and, to some, begrudgingly) as cloud computing is an alterna- tive to locally run server farms. Cloud computing offers computing power as a service, typically attractively priced on an hourly basis. The most obvious benefit is the conversion of server resources into a form of infrastructure analogous to power or plumbing. Administrators and developers never see the actual hardware they are using and need have no knowledge of its structure. The name comes from the traditional use of a cloud outline to denote the Internet in network diagrams.
As a system administration book, this one focuses on cloud computing at the server level, but applications are also being moved to the cloud (commonly known as software-as-a-service, or SAAS). Everything from email to business productivity suites to entire desktop environments can be outsourced and man- aged independently.
1. This is not entirely true. Solaris containers have a feature called “branded zones” that allows Linux binaries to run on a Solaris kernel.
isk D
CPU
Memory
Virtual machine 1
Virtual machine 3
Host Kernel OS Virtualization
(e.g., Solaris containers, HP Integrity VM,
IBM workload partitions) Virtual machine 2
OS virtualization
• Multiple, isolated application environments that references the same kernel
• No translation or virtualization layer exists —> very low overhead
• Cannot use multiple OS’es - sharing of a single kernel
Native virtualization
• Intel & AMD offer CPUs that support virtualization with hardware-assisted (native) virtualization
• No need for translation layer in full/para- virtualization
• Most solution utilizes them today
Benefits
• Cost:
• New project: new VM instead of new hardware
• Cooling: major cost saving
• Lower data center cost:
rack space, maintenance, etc.
• Better utilization of multi-core servers
• Business continuity: live migration for disaster recovery
Benefits
• Manageability
• Use script for boot, shutdown, migration (or
even temporarily assign more memory / CPU to a VM)
• Software for legacy hardware can be run on new hardware
• Development, test, staging can be separated from production environments
When virtualization shouldn’t be used
• Resource intensive backup servers or log hosts
• High-bandwidth applications (e.g., IDS)
• Busy I/O-bound database servers
• Proprietary applications with hardware-based copy protection
• Applications with specialized hardware needs
Good candidates for virtualization
• Internet-facing web servers that query middleware systems / databases
• Underused stand-alone application servers
• Developer systems, e.g., build / version control servers
• Quality assurance test hosts and staging environments
• Core infrastructure systems, e.g., LDAP, DHCP, DNS, time servers, SSH gateways
Today’s in-class lab
• We will try a free and popular bare-metal hypervisor - VMWare ESXi
• Install ESXi on a desktop machine
• Install Windows XP as a guest OS
• Run lubuntu live cd as a guest OS
• Let’s thank the TAs (Meng-Hung, Ming-Yuan, Wally) for setting up the environment
Steps
1. Install ESXi (remember to boot from CD) to the hard drive
• Remember the password you set
2. Install VMWare vSphere Client on your windows machine & login as root
3. Upload installation ISO files to datastore (I’ll show you how)
Steps
4. Create a new virtual machine
1. Configure the CPU, memory, hard drive space properly
2. Install your OS (remember to mount the ISO) 3. Install VMWare Tools
(drivers, better cursor control)
Resources
• URL: http://goo.gl/8cP8C2 here you can find:
• VMWare vSphere client for you to manage the hypervisor
• ISOs for you to install Windows
• Serial numbers for Windows can be found on:
http://download.cc.ntu.edu.tw
• ESXi slides from last year:
http://slides.com/wallywei/deck--2
