Security Agility Reduced Cost Security Agility Reduced Cost Foundation for an agile IT Infrastructure: Building the ultimate database container with Red

Security Agility Reduced Security Agility Reduced CostCost

Foundation for an agile IT Infrastructure:

Building the ultimate database container with

Red Hat Enterprise Linux, MySQL, and Virtualization

Jan Mark [email protected] Engineer Emerging Technology GroupCTO Office

RHEL5 & MySQL Database Appliances / August 15th 2007

Product features subject to change prior to availability 2

Outline • What is virtualization and how can it help

• Red Hat Enterprise Linux 5 & Virtualization

• Database Appliances

• Use Models and Deployments

• Q&A

Red Hat Enterprise Linux



Why virtualization ?

It’s fun.

It gets a lot of papers published.

It’s going to change everything. Eventually.

But the customer benefits boil down to just two things…



Customer BenefitsVirtualization can help to manage cost

Virtualization enables distributed, automated system management Virtualization allows resources to be managed as abstract entities

Independent of physical instantiation, location – even existence Physical servers host multiple virtual servers

Virtual servers are objects that hide underlying complexity Presents a common interface and architecture Simplifies OS and system maintenance Hardware abstraction

Virtual resources can be allocated and managed dynamically Enables more efficient use of existing resources

Manage such things as cost, QoS, power,floor space, cooling and security

Enhances scalability while controlling costs

Virtualization is the fundamental enabling technology for utility computing and utility services, both of which will reduce costs



Customer BenefitsVirtualization can help to manage risk

Virtual servers run in secure compartments Isolation is comparable to separate physical servers Failures, even user and kernel errors, cannot propagate to other virtual

servers

Individual applications can be mapped to separate virtual servers Enhances security and separation Avoids application incompatibility problems

Separation of virtual and physical resources facilitates availability Transparent hot-swap component replacement and upgrades Live virtual server migration for load management and maintenance Low-cost redundancy

Virtualization provides a risk buffer for capacity planning Under-provisioning to reduce expenses Over-provisioning to ensure adequate capacity Dynamic resource management can mitigate these risks



Example: Data Center Dilemma

Data center has physical constraints Fixed sized, fixed power, fixed cooling, etc Often physical constraints are cost prohibitive to change

Data centers have excess capacity Volume servers (Intel ISS) 10-15% utilized, mid / high 30-40% (>4

socket) Customers comfortable with single application server

One application per OS instance – optimal unit of management, control, etc.

Application stacking to consolidate on a single OS viewed as higher risk and often more expensive

Need a new service, deploy a new server / storage (ie VM warehouse model)

Dilemma Can no longer afford current paradigm

Can’t afford the $10 million server or storage controller that translates into a new data center or expansion

Can’t afford continual increase in number of administrators or cost / time to deploy new services

Can’t afford power and thermal management e.g. Annual electric bill for Google’s 200K servers greater than

cost of all server hardware



Example: Server & Storage Virtualization Multiple Views

One or more applications per view One OS per view

Multiple OS versions per server Enable transparent migration of services between hardware

instances – blades, enclosures, etc. Benefits

Increased hardware utilization Avoid the $10 million dilemma

Reduced time to deploy new services Don’t need to purchase new server / storage to deliver Use views to validate service on existing hardware while

maintaining complete isolation and protection Reduced cost

Fewer servers to buy / manage Lower software licensing

Per core rather than unit of work / value delivered Few administrators

Decouple hardware evolution from software No longer legacy software constrained

Virtualization provides legacy view Change customer control point

Virtual and physical management infrastructure drive customer purchase decisions

Motivated to upgrade to virtualization-capable hardware and software

De-motivated to migrate to competitive offerings Those that establish beachhead will be more difficult to

displace



Multiplex one machine into different “Virtual Machines” VMs; allows running different isolated guest Operating Systems with different applications on same physical hardware.

Allows a “Guest” OS to run

under control of a supervising

master program that is called:

“Hypervisor” or “Virtual Machine Monitor (VMM)”. Hypervisor / VMM Functionality:

Virtualizes System Resources Provides Scheduling of host/guests Intra-guest communication

Common grounding 'Host' also often referred as 'dom0' and/or HyperVisor 'Guest' also known as 'domU'

Hypervisor/VMMHardware

What is Virtualization?



Red Hat Enterprise Linux Overview



Red Hat development model• Collaboration with partners and open source contributors to

develop technology• Deliver complete distributions in two stages for two users

− First stage• Fedora: The development vehicle

• New versions approximately twice each year

• Unsupported

• Fast moving, latest technology

− Second stage• Red Hat Enterprise Linux

• New versions approximately every 18 – 22 months

• Supported and certified

• Stable, mature, commerciallyfocused technologies



What's new in Version 5?

• Enterprise Linux Advanced Platform• Integrated virtualization• Industry leading performance and price/performance• Enhanced and easy to use security• Improved networking and interoperability• Enhanced development tools• New SLAs• Enhanced client



Red Hat Enterprise Linux Overview

2005 2006 2007 2008 20102009

RHEL 5

RHEL 4

RHEL 3

RHEL 2.1

RHEL 3 in transition from Full Support to Maintenance mode. Final bug-fix-only update 9 Improved para-virtualized drivers planned.

RHEL 4.5 released May 2ndLengthened release cycle to avoid schedule

overlap.Support of RHEL4 para-virt guests on RHEL5.Extended full support phase of approx. 3 yearsRHEL 4.6 in November. Final bug-fix-only release, similar to 3.9 in

August '08.

U7

U8...

U3

U4

U9

4.5 4.6

5.1 5.2

4.7 4.8

RHEL 5 released March 2007 Virtualization and Advanced Platform

intergation Selinux enhancementsNew cluster management infrastructureGFS2 , Statless Linux technology preview

RHEL 6 no schedule yet for next major releasePlanning driven by customers, partners and

technology Fedora 7 released and Fedora 8 in planning



RHEL Virtualization Roadmap

2007 2008 20102009

RHEL 5

5.1 5.2

RHEL 5.1 HVM Improvements

Performance (Hot-) Migration

32 on 64 bit para-virtualized. Dom0 KDump IA64 Support Libvirt enhancement Security

Post-RHEL 5.1 Para-VIrtualized drivers for HVM RHEL 3, later 4. Para-Virtualized drivers for Windows.

RHEL 5.2 Large System Support

NUMA Memory

Nested Page Table support planned. Path for CIM support on top of libvirt. Virtual Desktop

RHEL 5.0 GA Core Virtualization. Para-Virt RHEL on RHEL, 32/32, 64/64 bit, x86 & x86_64 Libvirt management RHEL 5 guests RHEL 4 guests with 4.5+



Red Hat Enterprise Linux 5: Product summary• Servers:

− Red Hat Enterprise Linux Advanced Platform for mainstream customers• Unlimited server size and virtualization capabilities

• Maximum flexibility and value

− Red Hat Enterprise Linux available forsmall environments

• Clients:− Red Hat Enterprise Linux Desktop

− Workstation and Multi-OSoptions for special environments

− High volume security and manageability



Red Hat Enterprise Linux 5 Advanced Platform • Extends the base product to provide a complete solution for

virtualized environments− The ideal solution for the mainstream customers

• Advanced Platform provides− Integrated server and storage capabilities

− Unlimited guest operating systems

− Guest migration with consistent storage

− Application migration*

− Cluster Logical Volume Management &Global File System*

− Seamless expansion across multiple systems

− Enhanced management capabilities

− Easy transition for Red Hat Enterprise Linux AS customers• Provides significantly greater capabilities

* Previously offered as separate layered products:Red Hat Global File System and Red Hat Cluster Suite



Advanced Platform benefits

• Designed for mainstream customers who seek the advantages of virtualization without complexity or risk

• Provides a full virtualization infrastructure in one complete package

• Eliminates the need to create a solution using multiple products from different vendors

• Reduced solution cost• Reduced deployment time• Integrated installation and

management• Extensive documentation• Training services• Installation and maintenance services



Red Hat virtualization architecture

• Physical computing and storage components provide a central pool of resources

• Virtual systems with appropriate compute, memory, and data can be dynamically allocated, provisioned, and managed



Development Approach• Requirements: Stability, reliability, effectiveness• Release focus is on foundational elements

− Innovation rate is high in virtualization technologies

− Stable platform with stable APIs for easy enhancement

• Support for x86, x86_64, UP and SMP at GA

− Support for IA64, PPC tech preview in RHEL5 GA

• Focus is on foundational elements− Priority is to deliver hooks, APIs to enable continued development of rich

management & monitoring tools

• At a minimum, will include: − libvirt – local Virtual Machine (VM) management API

• create, destroy, start, stop, suspend, resume

• basic support for hot and cold migration

− iSCSI, GFS2 (tech preview in RHEL5 GA), NFS containers

− Virtual block, network



libvirt: Stable and Open API Management of hypervisor(s) Hypervisor agnostic Stable API for application developers Isolation from Xen HV instability Isolation from XenD protocol changes Formalized error reporting/handling XML definitions for Vms Distributed in FC4/FC5/FC6/F7/RHEL5/Debian/OpenSolaris Core API in C, Python/Perl bindings CLI access via virsh



DatabaseAppliances



High Level Xen Architecture

Hardware

Hypervisor

Domain 0

Device Driver

Back End

Domain 1

Front end

Domain 2

Front end

Virtual CPU & Memory



MySQL Database Appliances• Virtual Appliances

− One or more virtual machines packaged and tailored for distribution and deployment

− Pre-defined function and packaging− Pre-configured and optimized for specific use case

• MySQL and OS configuration/tuning

• Benefits of appliances− Ease of Installation, configuration and deployment− Tested as a whole by vendor/supplier− Can be easily replicated− Long term storage and archival− Hardware agnostic and independence− Application isolation (performance, security)− Dynamic workload management− Ability to move workloads online throughout the environment



Virtual SMP combined with

sub-CPU granularity

text

CPU text

CPUtext

CPU text

CPU

All available in one offering on RHEL5

VM2

VM1

VM4

VM5

VM7 VM8

VM3

VM6

Virtual machine scalability and Higher resource utilization

VMn == domUn

RHEL5 Virt Platform

Virtual Machines



Memory ballooning

VM 1

VMn == domUn

RHEL5 Virt Platform

Virtual Machines

1GB2GB

Current Memory Size

Max Memory Size

0.5GB

1GB

VM 2Max

MemCurr Mem

MEM

1GB

MEM

1GB

MEM

1GB

MEM

1GB

Guest can be configured to balloon/grow their current memory footprint

Allows for online expansion and growthCan use virt-manager or CLI interface for management



Memory ballooning

VM 1

VMn == domUn

RHEL5 Virt Platform

Virtual MachinesCurrent Memory Size

Max Memory Size

VM 2Max

MemCurr Mem

MEM

1GB

MEM

1GB

MEM

1GB

MEM

1GB

Growing guest VM2 to 1GB using memory ballooning

Now both guests have increased their available memory onlineResize database SGA Increase available VM for applications etc...

2GB2GB

1GB

1GB



I/O virtualization

SAN

Virtual Machine 1

Virtual Machine 2

Virtual Machine 3

Physical Disks

Partition(s)

Logical Volumes SAN Storage Arrays

File Containers

CD/DVD DriveISO Images

RHEL5 Virt Platform



Dynamic I/O Sharing

Virtual server’s I/O packets directed to

I/O cards by the HyperVisor/dom0

Virtual Machine 1

Virtual Machine 2

Virtual Machine 3

I/O card can be “dedicated” to a

virtual machine for performance

isolation

vHBA

vHBA

vHBA

RHEL5 Virt Platform



Dynamic Network I/O SharingVirtual machine’s network packets

directed to physical NIC by

the HyperVisor/dom0

NIC can be “dedicated” to a virtual machine for performance

isolation

Virtual BridgeNIC 1

Virtual BridgeDMZ

Virtual BridgeNIC 2

Virtual NIC may be defined

without a physical NIC for guest-to-

guest communication

Virtual Machine 1

Virtual Machine 2

Virtual Machine 3

vNIC

vNIC

vNIC

vNIC

vNIC

RHEL5 Virt Platform



HighAvailability



Highly Available RHEL5 Host and MySQL instance

RHEL5

Host A

Guest

RHEL5

Host B

Shared

Storage

Guest running as a RHCS serviceGuest 1

Guest 2

Guest X



RHEL5

Host A

Guest

RHEL5

Host B

Shared

Storage

Guest running as a RHCS serviceGuest 1

Guest 2

Guest X

Automatic failover upon Hypervisor failure




RHEL5

Host A

Guest

RHEL5

Host B

Shared

Storage

App

Guest 2

Guest XGuest 1Guests running as independent cluster

Hypervisor clustered via RHCS




RHEL5

Host A

RHEL5

Host B

Shared

Storage

Guest 2

App


Hypervisor clustered via RHCSApplication failover upon hosts/guest failure




RHEL5

Host A

Guest

RHEL5

Host B

Shared

Storage

Guest 2

App


Hypervisor clustered via RHCSApplication failover upon hosts/guest failure




Shared

Storage

App

Guest 2

Guest X

Guests running as independent cluster

RHEL5

Host C

Guest 1 Guest X

Hypervisor and bare metal host clustered via RHCS


RHEL5

Host A

RHEL5

Host B



Shared

Storage

Guest 2

Guest X


RHEL5

Host C

Guest 1 Guest XMySQL can migrate to another Guest/VM



RHEL5

Host A

RHEL5

Host B



Shared

Storage

Guest 2

Guest X



RHEL5

Host C

Guest 1 Guest X

MySQL can migrate to a bare metal system


RHEL5

Host A

RHEL5

Host B



RHEL5 Disaster RecoveryRHEL5

Site A

RHEL5

Site B

Shared

Storage

Guest 1

Guest 2

Guest XGuestImage

GuestImage

GuestImage

GuestImage

GuestImage

GuestImage

XP/CA, EVA/CA



RHEL5 Disaster RecoveryRHEL5

Site A

RHEL5

Site B

Shared

Storage

Guest 1

Guest 2

Guest XGuestImage

GuestImage

GuestImage

GuestImage

GuestImage

GuestImage



RHEL5 Disaster Recovery

RHEL5

Site A

RHEL5

Site B

Shared

Storage

Guest 1

Guest 2

Guest X

GuestImage

GuestImage

GuestImage

XP/CA, EVA/CA



Solving real business problems

Virtual Machine relocation enables High Availability:

machine maintenance

Load Balancing: statistical multiplexing gain

Live Migration



Consider the possibilities...



Resources

• MySQL− http://www.mysql.com/

• Red Hat − http://www.redhat.com/

• Virtualization Infocenter− http://www.openvirtualization.com/

• libvirt− http://www.libvirt.org/

• Virt-Manager− http://virt-manager.et.redhat.com/

• Red Hat Cluster Suite− http://www.redhat.com/solutions/gfs/

• Red Hat Emerging Technology Group− http://et.redhat.com/



QuestionsQuestions??

ThanksThanks

Documents

Security Agility Reduced Cost Security Agility Reduced Cost Foundation for an agile IT Infrastructure: Building the ultimate database container with Red