Embed Size (px)
Citation preview
Virtualization
Virtualization is a term that refers to the abstraction of computer resources:
Virtual machine(VM), a software implementation of a machine (computer) that
executes programs like a real machine Platform virtualization, which separates
an operating system from the underlying platform resources.
Full virtualization, sensitive instructions replaced by binary translation or trapped
by hardware - all software can run in the VM, e.g. IBM's CP/CM, VMware
Workstation.
Hardware-assisted virtualization, CPU traps sensitive instructions – runs
unmodified guest OS; used e.g. by VMware Workstation, Xen, KVM
Partial virtualization, for specific applications rather than the operating system
Paravirtualization, a virtualization technique that presents a software interface to
virtual machines that is similar, but not identical, to that of the underlying
hardware, thereby requiring guest operating systems to be adapted, e.g. Xen in
early stage.
Operating system-level virtualization, a method where the operating system .
allows for multiple user-space instances (virtual hosting, chroot jail + resource
management) Application virtualization, the hosting of individual applications on
alien hardware/software.
Portable application, a computer software program that runs from a removable
storage device as a USB flash drive.
Cross-platform virtualization, allows software compiled for a specific CPU and
operating system to run unmodified on different CPUs and/or operating systems.
Virtual appliance, a virtual machine image designed to run on a virtualization
platform.
Emulation or Simulation.
Virtual memory, which allows uniform, contiguous addressing of physically
separate and non-contiguous memory and disk areas.
Storage virtualization, the process of completely abstracting logical storage from
physical storage Memory virtualization, aggregates RAM resources from
networked systems into virtualized memory pool.
Network virtualization, creation of a virtualised network addressing space within
or across network subnets Virtual private network (VPN), a computer network in
which some of the links between nodes are carried by open connections or
virtual circuits in some larger network(s), such as the Internet Desktop
virtualization, the remote manipulation of a computer desktop
Data virtualization, the presentation of data as an abstract layer, independent of
underlying database systems, structures and storage.
Database virtualization, the decoupling of the database layer, which lies between
the storage and application layers within the application stack.
Virtual Chargeback, the allocation of costs and [virtual] resource usage based on
actual usage or a predetermined amount
Timeline of virtualization development
1964 IBM Cambridge Scientific Center begins development of CP-40.1965 IBM M44/44X, experimental paging system, in use at Thomas J. Watson Research Center .IBM announces the IBM System/360-67, a 32-bit CPU with virtual memory hardware(August 1965).1966 IBM ships the S/360-67 computer in June 1966IBM begins work on CP-67, a reimplementation of CP-40 for the S/360-67.1967 CP-40 (January) and CP-67 (April) go into production time-sharing use.1968 CP/CMS installed at eight initial customer sites.CP/CMS submitted to IBM Type-III Library by MIT's Lincoln Laboratory, making
system available to all IBM S/360 customers at no charge in source code form.Resale of CP/CMS access begins at time-sharing vendor National CSS (becoming a distinct version, eventually renamed VP/CSS).1970 IBM System/370 announced(June) – without virtual memory.Work begins on CP-370, a complete reimplementation of CP-67, for use on the System/370 series.1971 First System/370 shipped : S/370-155(January).1972 Announcement of virtual memory added to System/370 series.VM/370 announced – and running on announcement date. VM/370 includes the ability to run VM under VM (previously implemented both at IBM and at user sites under CP/CMS,but not made part of standard releases).1973First shipment of announced virtual memory S/370 models (April: -158, May: -168).1974-1998 [ongoing history of VM family and VP/CSS.]
1985 October 9, 1985: Announcement of the Intel 80286-based AT&T 6300+ with a virtual machine monitor developed by Locus Computing Corporation in collaboration with AT&T, that enabled the direct execution of an Intel 8086 guest operating system under a host Unix System V Release 2 OS. Although the product was marketed with Microsoft MS-DOS as the guest OS, in fact the Virtual Machine could support any realmode operating system or standalone program (such as Microsoft Flight Simulator) that was written using only valid 8086 instructions (not instructions introduced with the 80286). Locus subsequently developed this technology into their "Merge" product line.1987 January 1987: A "product evaluation" version of Merge/386 from Locus Computing Corporation was made available to OEMs. Merge/386 made use of the Virtual 8086 mode provided by the Intel 80386 processor, and supported multiple simultaneous virtual 8086 machines. The virtual machines supported unmodified guest operating systems and standalone programs such as Microsoft Flight Simulator; but in typical usage the guest was MS-DOS with a Locus proprietary redirector (also marketed for networked PCs as "PC-Interface") and a "network" driver that provided communication with a regular user-mode file server process running under the host operating system on the same machine.October 1987: Retail Version 1.0 of Merge/386 began shipping, offered with Microport Unix System V Release 3.
1988 SoftPC1.0 for Sun was introduced in 1988 by Insignia Solutions.SoftPC appears in its first version for Apple Macintosh. These versions (Sun and Macintosh) have only support for DOS.1997 First version of Virtual PC for Macintosh platform was released in June 1997 by Connectix.1998 October 26, 1998, VMware filed for a patent on their techniques, which is granted as U.S. Patent 6,397,242.1999 February 8, 1999, VMware introduced VMware Virtual Platform for the Intel IA-32 architecture.2000 IBM announces z/VM, new version of VM for IBM's 64-bit z/Architecture2001 June, Connectix launchs its first version of Virtual PC for Windows. July, VMware created the first x86 server virtualization product. 2003 First release of first open-source x86 hypervisor, Xen February 18,2003,Microsoft acquired virtualization technologies (Virtual PC and unreleased product called "Virtual Server")from Connectix Corporation. Late 2003,EMC acquired VMware for $635 million.Late 2003, VERITAS acquired Ejascent for $59 million.November 10, 2003 Microsoft releases Microsoft Virtual PC, which is machine-level virtualization technology, to ease the transition to Windows XP.2005 HP releases Integrity Virtual Machines 1.0 and 1.2 which ran only HP-UXOctober 24, 2005 VMware releases VMware Player, a free player for virtual machines, to the masses.Sun releases Solaris (operating system) 10, including Solaris Zones, for both x86/x64 and SPARC systems2006 July 12, 2006 VMware releases VMware Server, a free machine-level virtualization product for the server market.Microsoft Virtual PC 2006 is released as a free program, also in July.July 17,2006 Microsoft bought soft.August 16, 2006 VMware announces of the winners of the virtualization appliance contest.September 26,2006 moka5 delivers LivePC technology.HP releases Integrity Virtual Machines Version 2.0, which supports Windows Server 2003, CD and DVD burners, tape drives and VLAN.December 11, 2006 Virtual Iron releases Virtual Iron 3.1, a free bare metal virtualization product for enterprise server virtualization market.
2007 January 15, 2007 innoTek released VirtualBox Open Source Edition (OSE), the first professional PC virtualization solution released as open source under the GNU General Public License (GPL). It includes some code from the Qemu project.Sun releases Solaris 8 Containers to enable migration of a Solaris 8 computer into a Solaris Container on a Solaris 10 system - for SPARC only2008 January 15, 2008 VMware, Inc. announced it has entered into a definitive agreement to acquire Thinstall, a privately-held application virtualization software company.February 12, 2008 Sun Microsystems announced that it had entered into a stock purchase agreement to acquire innotek, makers of VirtualBox.In April, VMware releases VMware Workstation 6.5 beta, the first program for Windows and Linux to enable DirectX 9 accelerated graphics on Windows XP guests
Virtual Machine
A virtual machine (VM) is a software implementation of a machine (i.e. a computer) that executes programs like a physical machine.A virtual machine was originally defined by Popek and Goldberg as "an efficient, isolated duplicate of a real machine". Current use includes virtual machines which have no direct correspondence to any real hardware. Virtual machines are separated into two major categories, based on their use and degree of correspondence to any real machine. A system virtual machine provides a complete system platform which supports the execution of a complete operating system (OS). In contrast, a process virtual machine is designed to run a single program, which means that it supports a single process. An essential characteristic of a virtual machine is that the software running inside is limited to the resources and abstractions provided by the virtual machine—it cannot break out of its virtual world.Example: A program written in Java receives services from the Java Runtime Environment (JRE) software by issuing commands to, and receiving the expected results from, the Java software. By providing these services to the program, the Java software is acting as a "virtual machine", taking the place of the operating system or hardware for which the program would ordinarily be tailored.
System Virtual Machines
System virtual machines (sometimes called hardware virtual machines) allow the sharing of the underlying physical machine resources between different virtual machines, each running its own operating system.The software layer providing the virtualization is called a virtual machine monitor or hypervisor. A hypervisor can run on bare hardware (Type 1 or native VM) or on top of an operating system (Type 2 or hosted VM).The main advantages of system VMs are:multiple OS environments can co-exist on the same computer, in strong isolation from each other the virtual machine can provide an instruction set architecture (ISA)that is somewhat different from that of the real machine.application provisioning, maintenance, high availability and disaster recoveryThe main disadvantage of system VMs is:a virtual machine is less efficient than a real machine when it accesses the hardware indirectlyMultiple VMs each running their own operating system (called guest operating system) are frequently used in server consolidation, where different services that used to run on individual machines in order to avoid interference are instead run in separate VMs on the same physical machine. This use is frequently called quality-of-service isolation (QoS isolation).The desire to run multiple operating systems was the original motivation for virtual machines, as it allowed time-sharing a single computer between several single-tasking OSes. This technique requires a process to share the CPU resources between guest operating systems and memory virtualization to share the memory on the host.The guest OSes do not have to be all the same, making it possible to run different OSes on the same computer (e.g., Microsoft Windows and Linux, or older versions of an OS in order to support software that has not yet been ported to the latest version). The use of virtual machines to support different guest OSes is becoming popular in embedded systems; a typical use is to support a real-time operating system at the same time as a high-level OS such as Linux or Windows.Another use is to sandbox an OS that is not trusted, possibly because it is a system under development. Virtual machines have other advantages for OS development, including better debugging access and faster reboots.Alternate techniques such as Solaris Zones provides a level of isolation within a single operating system. This does not have isolation as complete as a VM.
Process Virtual Machine
A process VM, sometimes called an application virtual machine, runs as a normal application inside an OS and supports a single process. It is created when that process is started and destroyed when it exits. Its purpose is to provide a platform-independent programming environment that abstracts away details of the underlying hardware or operating system, and allows a program to execute in the same way on any platform.A process VM provides a high-level abstraction — that of a high-level programming language (compared to the low-level ISA abstraction of the system VM). Process VMs are implemented using an interpreter; performance comparable to compiled programming languages is achieved by the use of just-in-time compilation.This type of VM has become popular with the Java programming language, which is implemented using the Java virtual machine. Other examples include the Parrot virtual machine, which serves as an abstraction layer for several interpreted languages, and the .NET Framework, which runs on a VM called the Common Language Runtime.A special case of process VMs are systems that abstract over the communication mechanisms of a (potentially heterogeneous) computer cluster. Such a VM does not consist of a single process, but one process per physical machine in the cluster. They are designed to ease the task of programming parallel applications by letting the programmer focus on algorithms rather than the communication mechanisms provided by the interconnect and the OS. They do not hide the fact that communication takes place, and as such do not attempt to present the cluster as a single parallel machine.Unlike other process VMs, these systems do not provide a specific programming language, but are embedded in an existing language; typically such a system provides bindings for several languages (e.g., C and FORTRAN). Examples are PVM (Parallel Virtual Machine) and MPI (Message Passing Interface). They are not strictly virtual machines, as the applications running on top still have access to all OS services, and are therefore not confined to the system model provided by the "VM".
Hardware Virtualization
In computing, hardware virtualization is a virtualization of computers or operating systems. It hides the physical characteristics of a computing platform from users, instead showing another abstract computing platform.Platform virtualization is performed on a given hardware platform by host software (a control program), which creates a simulated computer environment, a virtual machine, for its guest software. The guest software is not limited to user applications; many hosts allow the execution of complete operating systems. The guest software executes as if it were running directly on the physical hardware, with several notable caveats. Access to physical system resources (such as the network access, display, keyboard, and disk storage) is generally managed at a more restrictive level than the processor and system-memory. Guests are often restricted from accessing specific peripheral devices, or may be limited to a subset of the device's native capabilities, depending on the hardware access policy implemented by the virtualization host.In case of server consolidation, many small physical servers are replaced by one larger physical server, to increase the utilization of costly hardware resources such as CPU. Although hardware is consolidated, typically OSs are not. Instead, each OS running on a physical server becomes converted to a distinct OS running inside a virtual machine. The large server can "host" many such "guest" virtual machines. This is known as Physical-to-Virtual (P2V) transformation.A virtual machine can be more easily controlled and inspected from outside than a physical one, and its configuration is more flexible. This is very useful in kernel development and for teaching operating system courses.A new virtual machine can be provisioned as needed without the need for an up-front hardware purchase. Also, a virtual machine can easily be relocated from one physical machine to another as needed. For example, a salesperson going to a customer can copy a virtual machine with the demonstration software to his laptop, without the need to transport the physical computer. Likewise, an error inside a virtual machine does not harm the host system, so there is no risk of breaking down the OS on the laptop.Because of the easy relocation, virtual machines can be used in disaster recovery scenarios.
There are several approaches to platform virtualization.
Full Virtualization
In computer science, full virtualization is a virtualization technique used to provide a certain kind of virtual machine environment, namely, one that is a complete simulation of the underlying hardware. In such an environment, any software capable of execution on the raw hardware can be run in the virtual machine and, in particular, any operating systems. Other forms of platform virtualization allow only certain or modified software to run within a virtual machine. The concept of full virtualization is well established in the literature, but it is not always referred to by this specific term; see platform virtualization for terminology.An important example of full virtualization was that provided by the control program of IBM's CP/CMS operating system. It was first demonstrated with IBM's CP-40 research system in 1967, then distributed via open source in CP/CMS in 1967-1972, and re-implemented in IBM's VM family from 1972 to the present. Each CP/CMS user was provided a simulated, stand-alone computer. Each such virtual machine had the complete capabilities of the underlying machine, and (for its user) the virtual machine was indistinguishable from a private system. This simulation was comprehensive, and was based on the Principles of Operation manual for the hardware. It thus included such elements as instruction set, main memory, interrupts, exceptions, and device access. The result was a single machine that could be multiplexed among many users.Full virtualization is only possible given the right combination of hardware and software elements. For example, it was not possible with most of IBM's System/360 series with the exception being the IBM System/360-67; nor was it possible with IBM's early System/370 system until IBM added virtual memory hardware to the System/370 series in 1972.Similarly, full virtualization was not quite possible with the x86 platform until the 2005-2006 addition of the AMD-V and Intel VT extensions (see x86 virtualization). Many platform virtual machines for the x86 platform came very close and claimed full virtualization even prior to the AMD-V and Intel VT additions. Examples include Mac-on-Linux, Parallels Desktop for Mac, Parallels Workstation, VMware Workstation, VMware Server (formerly GSX Server), VirtualBox, Win4BSD, and Win4Lin Pro. VMware, for instance, employs a technique called binary translation to automatically modify x86 software on-the-fly to replace instructions that "pierce the virtual machine" with a different, virtual machine safe sequence of instructions; this technique provides the appearance of full virtualization.A key challenge for full virtualization is the interception and simulation of privileged operations, such as I/O instructions. The effects of every operation performed within a given virtual machine must be kept within that virtual machine – virtual operations cannot be allowed to alter the state of any other virtual machine, the control program, or the hardware. Some machine instructions can be executed directly by the hardware, since their effects are entirely contained within the elements managed by the control program, such as memory locations
and arithmetic registers. But other instructions that would "pierce the virtual machine" cannot be allowed to execute directly; they must instead be trapped and simulated. Such instructions either access or affect state information that is outside the virtual machine.Full virtualization has proven highly successful for a) sharing a computer system among multiple users, b) isolating users from each other (and from the control program) and c) emulating new hardware to achieve improved reliability, security and productivity.
Hardware-Assisted Virtualization
First implemented on the IBM System/370, hardware-assisted virtualization is a platform virtualization approach that enables efficient full virtualization using help from hardware capabilities, primarily from the host processors. Full virtualization is used to simulate a complete hardware environment, or virtual machine, in which an unmodified guest operating system (using the same instruction set as the host machine) executes in complete isolation. Hardware-assisted virtualization was recently (2006) added to x86 processors (Intel VT or AMD-V).Hardware-assisted virtualization is also known as accelerated virtualization; Xen calls it hardware virtual machine (HVM), Virtual Iron calls it native virtualization.
Partial virtualization
In computer science, is a virtualization technique used to implement a certain kind of virtual machine environment: one that provides a partial simulation of the underlying hardware. Most but not all of the hardware features are simulated, yielding virtual machines in which some but not all software can be run without modification. Usually, this means that entire operating systems cannot run in the virtual machine – which would be the sign of full virtualization – but that many applications can run.A key form of partial virtualization is "address space virtualization", in which each virtual machine consists of an independent address space. This capability requires address relocation hardware, and has been present in most practical examples of partial virtualization.Partial virtualization was an important historical milestone on the way to full virtualization. It was used in the first-generation time-sharing system CTSS, and in the IBM M44/44X experimental paging system. The term could also be used to describe any operating system that provides separate address spaces for individual users or processes, including many that today would not be considered virtual machine systems. Experience with partial virtualization, and its limitations, led to the creation of the first full virtualization system (IBM's CP-40, the first iteration of CP/CMS which would eventually become IBM's VM family).Partial virtualization is significantly easier to implement than full virtualization. It has often provided useful, robust virtual machines, capable of supporting important applications. Its drawback (compared with full virtualization) is in
situations requiring backward compatibility or portability: If certain hardware features are not simulated, then any software using those features will fail. Moreover, it can be hard to anticipate precisely which features have been used by a given application.Partial virtualization has proven highly successful for sharing computer resources among multiple users.
Paravirtualization
In computing, paravirtualization is a virtualization technique that presents a software interface to virtual machines that is similar but not identical to that of the underlying hardwareThe intent of the modified interface is to reduce the portion of the guest's execution time spent performing operations which are substantially more difficult to run in a virtual environment compared to a non-virtualized environment. The paravirtualization provides specially defined 'hooks' to allow the guest(s) and host to request and acknowledge these tasks, which would otherwise be executed in the virtual domain (where execution performance is worse.) Hence, a successful paravirtualized platform may allow the virtual machine monitor (VMM) to be simpler (by relocating execution of critical tasks from the virtual domain to the host domain), and/or reduces the overall performance degradation of machine-execution inside the virtual-guest.Paravirtualization requires the guest operating system to be explicitly ported for the -API -- a conventional O/S distribution which is not paravirtualization-aware cannot be run on top of a paravirtualized VMM. However, even in cases where the operating system cannot be modified, components may be available which confer many of the significant performance advantages of paravirtualization; for example, the XenWindowsGplPv project provides a kit of paravirtualization-aware device drivers, licensed under GPL, that are intended to be installed into a Microsoft Windows virtual-guest running on the Xen hypervisor.
Operating System-Level Virtualization
It is a server virtualization method where the kernel of an operating system allows for multiple isolated user-space instances, instead of just one. Such instances (often called containers, VEs, VPSs or jails) may look and feel like a real server, from the point of view of its owner. On Unix systems, this technology can be thought of as an advanced implementation of the standard chroot mechanism. In addition to isolation mechanisms, the kernel often provides resource management features to limit the impact of one container's activities on the other containers.Operating system-level virtualization is commonly used in virtual hosting environments, where it is useful for securely allocating finite hardware resources amongst a large number of mutually-distrusting users. It is also used, to a lesser
extent, for consolidating server hardware by moving services on separate hosts into containers on the one server.
Advantages and DisadvantagesThis form of virtualization usually imposes little or no overhead, because programs in virtual partition use the operating system's normal system call interface and do not need to be subject to emulation or run in an intermediate virtual machine, as is the case with whole-system virtualizers (such as VMware and QEMU) or paravirtualizers (such as Xen and UML). It also does not require hardware assistance to perform efficiently.Operating system-level virtualization is not as flexible as other virtualization approaches since it cannot host a guest operating system different from the host one, or a different guest kernel. For example, with Linux, different distributions are fine, but other OS such as Windows cannot be hosted. This limitation is partially overcome in Solaris by its branded zones feature, which provides the ability to run an environment within a container that emulates a Linux 2.4-based release or an older Solaris release.Some operating-system virtualizers provide file-level copy-on-write mechanisms. (Most commonly, a standard file system is shared between partitions, and partitions which change the files automatically create their own copies.) This is easier to back up, more space-efficient and simpler to cache than the block-level copy-on-write schemes common on whole-system virtualizers. Whole-system virtualizers, however, can work with non-native file systems and create and roll back snapshots of the entire system state.
Application Virtualization
Application virtualization is an umbrella term that describes software technologies that improve portability, manageability and compatibility of applications by encapsulating them from the underlying operating system on which they are executed. A fully virtualized application is not installed in the traditional sense, although it is still executed as if it is. The application is fooled at runtime into believing that it is directly interfacing with the original operating system and all the resources managed by it, when in reality it is not. In this context, the term "virtualization" refers to the artifact being encapsulated (application), which is quite different to its meaning in hardware virtualization, where it refers to the artifact being abstracted(physical hardware).Limited application virtualization is used in modern operating systems such as Microsoft Windows and Linux. For example, IniFileMappings were introduced with Windows NT to virtualize (into the Registry) the legacy INI files of applications originally written for Windows 3.1. Similarly, Windows Vista implements limited file and Registry virtualization so that legacy applications that try to save user data in a system location that was writeable in older versions of Windows, but is now only writeable by highly privileged system software, can work on the new Windows system without the obligation of the program having
higher-level security privileges (which would carry security risks).Full application virtualization requires a virtualization layer. Application virtualization layers replace part of the runtime environment normally provided by the operating system. The layer intercepts all file and Registry operations of virtualized applications and transparently redirects them to a virtualized location, often a single file.The application never knows that it's accessing a virtual resource instead of a physical one. Since the application is now working with one file instead of many files and registry entries spread throughout the system, it becomes easy to run the application on a different computer and previously incompatible applications can be run side-by-side. Examples of this technology for the Windows platform are Ceedo, InstallFree, Citrix XenApp, Novell ZENworks Application Virtualization, Endeavors Technologies Application Jukebox, Microsoft Application Virtualization, Software Virtualization Solution, and VMware ThinApp.
Technology categories that fall under application virtualization include:Application Streaming. Pieces of the application's code, data, and settings are delivered when they're first needed, instead of the entire application being delivered before startup. Running the packaged application may require the installation of a lightweight client application. Packages are usually delivered over a protocol such as HTTP, CIFS or RTSP.Desktop Virtualization/Virtual Desktop Infrastructure (VDI). The application is hosted in a VM or blade PC that also includes the operating system (OS). These solutions include a management infrastructure for automating the creation of virtual desktops, and providing for access control to target virtual desktop. VDI solutions can usually fill the gaps where application streaming falls short.
Benefits Allows applications to run in environments that do not suit the native application (e.g. Wine allows Microsoft Windows applications to run on Linux). May protect the operating system and other applications from poorly written or buggy code. Uses fewer resources than a separate virtual machine . Run applications that are not written correctly, for example applications that try to store user data in a read-only system-owned location. Run incompatible applications side-by-side, at the same time and with minimal regression testing against one another. Maintain a standard configuration in the underlying operating system across multiple computers in an organization, regardless of the applications being used, thereby keeping costs down. Implement the security principle of least privilege by removing the requirement for end-users to have Administrator privileges in order to run poorly written applications. Simplified operating system migrations. Accelerated application deployment,through on-demand application streaming .
Improved security, by isolating applications from the operating system.[6] Enterprises can easily track license usage. Application usage history can then be used to save on license costs. Fast application provisioning to the desktop based upon user's roaming profile.
Allows applications to be copied to portable media and then imported to client computers without need of installing them.
Limitations Not all software can be virtualized. Some examples include applications that require a device driver and 16-bit applications that need to run in shared memory space. Some types of software such as anti-virus packages and application that require heavy OS integration, such as Windowblinds or StyleXP are difficult to virtualize. Only file and Registry-level compatibility issues between legacy applications and newer operating systems can be addressed by application virtualization. For example, applications that don't manage the heap correctly will not execute on Windows Vista as they still allocate memory in the same way, regardless of whether they are virtualized or not. For this reason, specialist application compatibility fixes ("SHIMs") may still be needed, even if the application is virtualized.
Portable Application
A portable application (portable app) is a computer software program that is able to run independently without the need to install files to the system it is run upon. They are commonly used on a removable storage device such as a CD, USB flash drive, flash card, or floppy disk. Portable apps should not be confused with software portability where software allows its source code to be compiled for different computing platforms. Portable applications can be run on any computer system with which they are compatible but typically require a specific operating system such as Microsoft Windows XP or above, certain version of a Linux etc.Portable software is typically designed to be able to store its configuration information and data on the storage media containing its program files.To certain operating systems such as Amiga OS, the concept of portable application has no use at all because all applications are portable by definition. Depending on the operating system, portability is more or less complex to implement.A portable application does not leave its files or settings on the host computer. Typically this means that the application does not write to the Windows registry or store its configuration files (such as an INI file) in the user's profile; instead, it stores its configuration files in the program's directory. Another requirement, since file paths will often differ on changing computers due to variation in
Windows drive letter assignments, is the need for applications to store them in a relative format. While some applications have options to support this behavior, many programs are not designed to do this. A common technique for such programs is the use of a launcher program to copy necessary settings and files to the host computer when the application starts and move them back to the application's directory when it closes.An alternative strategy for achieving application portability within Windows, without requiring application source code changes, is application virtualization: An application is "sequenced" or "packaged" against a runtime layer that transparently intercepts its file system and registry calls, then redirects these to other persistent storage without the application's knowledge. This approach leaves the application itself unchanged, yet portable.The same approach is used for individual application components: run-time libraries, COM components or ActiveX, not only for the entire application. As a result, when individual components are ported in such manner they are able to be: integrated into original portable applications, repeatedly instantiated (virtually installed) with different configurations/settings on the same operating system (OS) without mutual conflicts. As the ported components do not affect the OS-protected related entities (registry and files), the components will not require administrative privileges for installation and management.Microsoft saw the need for an application-specific registry for its Windows operating system as far back as 2005. It eventually incorporated some of this technology, using the techniques mentioned above, via its Application Compatibility Database using its Detours code library, into Windows XP. It did not, however, make any of this technology available via one of its system APIs.
Cross-Platform Virtualization
Cross-platform virtualization is a form of computer virtualization that allows software compiled for a specific CPU and operating system to run unmodified on computers with different CPUs and/or operating systems, through a combination of dynamic binary translation and operating system call mapping.Since the software runs on a virtualized equivalent of the original computer, it does not require recompilation or porting, thus saving time and development resources. However, the processing overhead of binary translation and call mapping imposes a performance penalty, when compared to natively-compiled software. For this reason, cross-platform virtualization may be used as a temporary solution until resources are available to port the software. Alternatively, cross-platform virtualization may be used to support legacy code, which running on a newer and faster machine still maintains adequate performance even with virtualization overhead.By creating an abstraction layer capable of running software compiled for a different computer system, cross-platform virtualization characterizes the Popek and Goldberg virtualization requirements outlined by Gerald J. Popek and Robert P. Goldberg in their 1974 article "Formal Requirements for Virtualizable Third
Generation Architectures"[1]. Cross-platform virtualization is distinct from simple emulation and binary translation - which involve the direct translation of one CPU instruction set to another - since the inclusion of operating system call mapping provides a more complete virtualized environment. Cross-platform virtualization is also complementary to server virtualization and desktop virtualization solutions, since these are typically constrained to a single CPU type, such as x86 or POWER.
Virtual Appliance
A virtual appliance is a virtual machine image designed to run on a virtualization platform (e.g., VirtualBox, Xen, VMware Workstation).Virtual appliances are a subset of the broader class of software appliances. Installation of a software appliance to a virtual machine creates a virtual appliance. Like software appliances, virtual appliances are aimed to eliminate the installation, configuration and maintenance costs associated with running complex stacks of software.A virtual appliance is not a virtual machine, but rather a software image containing a software stack designed to run inside a virtual machine. Like a physical machine, a virtual machine is merely a platform for running an operating system environment and by itself does not contain application software.Typically a virtual appliance will have a Web page user interface to configure the inner workings of the appliance. A virtual appliance is usually built to host a single application, and so represents a new way of deploying network applications.As an example, the MediaWiki software that powers Wikipedia is available as an appliance. This appliance contains all the necessary software, including operating system, database and MediaWiki, to run a wiki installation as a "black box".Virtualization solves a key problem in the grid computing arena - namely, the reality that any sufficiently large grid will inevitably consist of a wide variety of heterogeneous hardware and operating system configurations. Adding virtual appliances into the picture allows for extremely rapid provisioning of grid nodes and importantly, cleanly decouples the grid operator from the grid consumer by encapsulating all knowledge of the application within the virtual appliance.
EmulatorAn emulator in computer sciences duplicates (provides an emulation of) the functions of one system using a different system, so that the second system behaves like (and appears to be) the first system. This focus on exact reproduction of external behavior is in contrast to some other forms of computer simulation, which can concern an abstract model of the system being simulated.Emulation refers to the ability of a computer program or electronic device to imitate another program or device. Many printers, for example, are designed to emulate Hewlett-Packard LaserJet printers because so much software is written
for HP printers. By emulating an HP printer, a printer can work with any software written for a real HP printer. Emulation "tricks" the running software into believing that a device is really some other device.A hardware emulator is an emulator which takes the form of a hardware device. Examples includes the DOS-compatible card installed in some old-world Macintoshes like Centris 610 or Performa 630 that allowed them to run PC programs and FPGA-based hardware emulators.Typically, an emulator is divided into modules that correspond roughly to the emulated computer's subsystems. Most often, an emulator will be composed of the following modules:A CPU emulator or CPU simulator (the two terms are mostly interchangeable in this case) A memory subsystem module Various I/O devices emulatorsConsole emulators are programs that allow a computer or modern console to emulate a video game console. They are most often used to play older video games on personal computers and modern video game consoles, but they are also used to translate games into other languages, to modify existing games, and in the development process of homebrewed demos and new games for older systems.Terminal emulators are software programs that provide modern computers and devices interactive access to applications running on mainframe computer operating systems or other host systems such as HP-UX or OpenVMS. Terminals such as the IBM 3270 or VT100 and many others, are no longer produced as physical devices. Instead, software running on modern operating systems simulates a "dumb" terminal and is able to render the graphical and text elements of the host application, send keystrokes and process commands using the appropriate terminal protocol. Some terminal emulation applications include Attachmate Reflection, IBM Personal Communications, Stromasys CHARON-VAX/AXP and Micro Focus Rumba.
Simulation
Simulation is the imitation of some real thing, state of affairs, or process. The act of simulating something generally entails representing certain key characteristics or behaviours of a selected physical or abstract system.Simulation is used in many contexts, including the modeling of natural systems or human systems in order to gain insight into their functioning. [1] Other contexts include simulation of technology for performance optimization, safety engineering, testing, training and education. Simulation can be used to show the eventual real effects of alternative conditions and courses of action.Key issues in simulation include acquisition of valid source information about the relevant selection of key characteristics and behaviours, the use of simplifying approximations and assumptions within the simulation, and fidelity and validity of the simulation outcomes.
In computer science, simulation has some specialized meanings: Alan Turing used the term "simulation" to refer to what happens when a universal machine executes a state transition table (in modern terminology, a computer runs a program) that describes the state transitions, inputs and outputs of a subject discrete-state machine. The computer simulates the subject machine. Accordingly, in theoretical computer science the term simulation is a relation between state transition systems, useful in the study of operational semantics.Less theoretically, an interesting application of computer simulation is to simulate computers using computers. In computer architecture, a type of simulator, typically called an emulator, is often used to execute a program that has to run on some inconvenient type of computer (for example, a newly designed computer that has not yet been built or an obsolete computer that is no longer available), or in a tightly controlled testing environment (see Computer architecture simulator and Platform virtualization). For example, simulators have been used to debug a microprogram or sometimes commercial application programs, before the program is downloaded to the target machine. Since the operation of the computer is simulated, all of the information about the computer's operation is directly available to the programmer, and the speed and execution of the simulation can be varied at will.Simulators may also be used to interpret fault trees, or test VLSI logic designs before they are constructed. Symbolic simulation uses variables to stand for unknown values.In the field of optimization, simulations of physical processes are often used in conjunction with evolutionary computation to optimize control strategies.
Type of modelsActive models that attempt to reproduce living anatomy or physiology are recent developments. The famous “Harvey” mannikin was developed at the University of Miami and is able to recreate many of the physical findings of the cardiology examination, including palpation, auscultation, and electrocardiography.Interactive models have been developed that respond to actions taken by a student or physician. Until recently, these simulations were two dimensional computer programs that acted more like a textbook than a patient. Computer simulations have the advantage of allowing a student to make judgements, and also to make errors. The process of iterative learning through assessment, evaluation, decision making, and error correction creates a much stronger learning environment than passive instruction.
Virtual Memory
Virtual memory is a computer system technique which gives an application program the impression that it has contiguous working memory (an address space), while in fact it may be physically fragmented and may even overflow on to disk storage.Developed for multitasking kernels, virtual memory provides two primary
functions.Each process has its own address space, thereby not required to be relocated nor required to use relative addressing mode.Each process sees one contiguous block of free memory upon launch. Fragmentation is hidden.All implementations (excluding emulators) require hardware support. This is typically in the form of a memory management unit built into the CPU.Systems that use this technique make programming of large applications easier and use real physical memory (e.g. RAM) more efficiently than those without virtual memory. Virtual memory differs significantly from memory virtualization in that virtual memory allows resources to be virtualized as memory for a specific system, as opposed to a large pool of memory being virtualized as smaller pools for many different systems.Note that "virtual memory" is more than just "using disk space to extend physical memory size" - which is merely the extension of the memory hierarchy to include hard disk drives. Extending memory to disk is a normal consequence of using virtual memory techniques, but could be done by other means such as overlays or swapping programs and their data completely out to disk while they are inactive. The definition of "virtual memory" is based on redefining the address space with contiguous virtual memory addresses to "trick" programs into thinking they are using large blocks of contiguous addresses.Modern general-purpose computer operating systems generally use virtual memory techniques for ordinary applications, such as word processors, spreadsheets, multimedia players, accounting, etc., except where the required hardware support (a memory management unit) is unavailable. Older operating systems, such as DOS [1] of the 1980s, or those for the mainframes of the 1960s, generally had no virtual memory functionality - notable exceptions being the Atlas, B5000 and Apple Computer's Lisa.Embedded systems and other special-purpose computer systems which require very fast and/or very consistent response times may opt not to use virtual memory due to decreased determinism. This is based on the idea that unpredictable processor exceptions produce unwanted jitter on CPU operated I/O, which the smaller embedded processors often perform directly to keep cost and power consumption low, and the associated simple application has little use for multitasking features.In the 1940s and 1950s, before the development of virtual memory, all larger programs had to contain logic for managing two-level storage (primary and secondary, today's analogies being RAM and hard disk), such as overlaying techniques. Programs were responsible for moving overlays back and forth from secondary storage to primary.The main reason for introducing virtual memory was therefore not simply to extend primary memory, but to make such an extension as easy to use for programmers as possible.Many systems already had the ability to divide the memory between multiple programs (required for multiprogramming and multiprocessing), provided for
example by "base and bounds registers" on early models of the PDP-10, without providing virtual memory. That gave each application a private address space starting at an address of 0, with an address in the private address space being checked against a bounds register to make sure it's within the section of memory allocated to the application and, if it is, having the contents of the corresponding base register being added to it to give an address in main memory. This is a simple form of segmentation without virtual memory.Virtual memory was developed in approximately 1959–1962, at the University of Manchester for the Atlas Computer, completed in 1962. In 1961, Burroughs released the B5000, the first commercial computer with virtual memory. It used segmentation rather than paging.Like many technologies in the history of computing, virtual memory was not accepted without challenge. Before it could be implemented in mainstream operating systems, many models, experiments, and theories had to be developed to overcome the numerous problems. Dynamic address translation required specialized, expensive, and hard to build hardware. Moreover, initially it slightly slowed down the access to memory. There were also worries that new system-wide algorithms of utilizing secondary storage would be far less effective than previously used application-specific ones.By 1969 the debate over virtual memory for commercial computers was over. An IBM research team led by David Sayre showed that the virtual memory overlay system consistently worked better than the best manually controlled systems.Possibly the first minicomputer to introduce virtual memory was the Norwegian NORD-1 During the 1970s, other minicomputers implemented virtual memory, notably VAX models running VMS.Virtual memory was introduced to the x86 architecture with the protected mode of the Intel 80286 processor. At first it was done with segment swapping, which became inefficient with larger segments. The Intel 80386 introduced support for paging underneath the existing segmentation layer. The page fault exception could be chained with other exceptions without causing a double fault.
Some systems, such as the Burroughs large systems, do not use paging to implement virtual memory. Instead, they use segmentation, so that an application's virtual address space is divided into variable-length segments. A virtual address consists of a segment number and an offset within the segment.Notably, the Intel 80286 supported a similar segmentation scheme as an option, but it was unused by most operating systems.It is possible to combine segmentation and paging, usually dividing each segment into pages. In systems that combine them, such as Multics and the IBM System/38 and IBM System i machines, virtual memory is usually implemented with paging, with segmentation used to provide memory protection. [7][8][9] With the Intel 80386 and later IA-32 processors, the segments reside in a 32-bit linear paged address space, so segments can be moved into and out of that linear address space, and pages in that linear address space can be moved in and out of main memory, providing two levels of virtual memory; however, few if any
operating systems do so. Instead, they only use paging.The difference between virtual memory implementations using pages and using segments is not only about the memory division with fixed and variable sizes, respectively. In some systems, e.g. Multics, or later System/38 and Prime machines, the segmentation was actually visible to the user processes, as part of the semantics of a memory model. In other words, instead of a process just having a memory which looked like a single large vector of bytes or words, it was more structured. This is different from using pages, which doesn't change the model visible to the process. This had important consequences.A segment wasn't just a "page with a variable length", or a simple way to lengthen the address space (as in Intel 80286). In Multics, the segmentation was a very powerful mechanism that was used to provide a single-level virtual memory model, in which there was no differentiation between "process memory" and "file system" - a process' active address space consisted only a list of segments (files) which were mapped into its potential address space, both code and data. It is not the same as the later nmap function in Unix, because inter-file pointers don't work when mapping files into semi-arbitrary places. Multics had such an addressing mode built into most instructions. In other words it could perform relocated inter-segment references, thus eliminating the need for a linker completely. This also worked when different processes mapped the same file into different places in their private address spaces.
Storage Virtualization
Storage virtualization is a concept in System Administration, referring to the abstraction(separation) of logical storage from physical storage. This separation allows the Systems Admin increased flexibility in how they manage storage for end users.
Key Concepts
Address Space RemappingVirtualization of storage helps achieve location independence by abstracting the physical location of the data. The virtualization system presents to the user a logical space for data storage and itself handles the process of mapping it to the actual physical location.The actual form of the mapping will depend on the chosen implementation. Some implementations may limit the granularity of the mapping which itself may limit the capabilities of the device. Typical granularities range from a single physical disk down to some small subset (multiples of megabytes or gigabytes) of the physical disk.In a block-based storage environment, a single block of information is addressed using a logical unit identifier (LUN) and an offset within that LUN - known as a Logical Block Address (LBA). The address space mapping is between a logical disk, usually referred to as a virtual disk (vdisk) and a logical unit presented by
one or more storage controllers. The LUN itself may be also a product of virtualization in a different layer.
Meta-DataThe virtualization software or device is responsible for maintaining a consistent view of all the mapping information for the virtualized storage. This mapping information is usually called meta-data and is stored as a mapping table.The address space may be limited by the capacity needed to maintain the mapping table. This is directly influenced by the granularity of the mapping information.
I/O redirectionThe virtualization software or device uses the meta-data to re-direct I/O requests. It will receive an incoming I/O request containing information about the location of the data in terms of the logical disk (vdisk) and translates this into a new I/O request to the physical disk location.For example the virtualization device may:
Receive a read request for vdisk LUN ID=1, LBA=32 Perform a meta-data look up for LUN ID=1, LBA=32, and finds this maps to
physical LUN ID=7, LBA0
Sends a read request to physical LUN ID=7, LBA0
Receives the data back from the physical LUN
Sends the data back to the originator as if it had come from vdisk LUN ID=1, LBA32
Capabalities
Most implementations allow for heterogeneous management of multi-vendor storage devices, within the scope of a given implementation's support matrix. This means that the following capabilities are not limited to a single vendor's device (as with similar capabilities provided by specific storage controllers) and are in fact possible across different vendor's devices.ReplicationData replication techniques are not limited to virtualization appliances and as such are not described here in detail. However most implementations will provide some or all of these replication services.When storage is virtualized, these services must be implemented above the software or device that is performing the virtualization. This is true because it is only above the virtualization layer that a true and consistent image of the logical disk (vdisk) can be copied. This limits the services that some implementations can implement - or makes them seriously difficult to implement. If the virtualization is implemented in the network or higher, then this renders any replication services provided by the underlying
storage controllers useless.Remote data replication for disaster recovery Synchronous Mirroring - where I/O completion is only returned when the remote site acknowledges the completion. Applicable for shorter distances (<200 km)Asynchronous Mirroring - where I/O completion is returned before the remote site has acknowledged the completion. Applicable for much greater distances (>200 km)Point-In-Time Snapshots to copy or clone data for diverse uses When combined with thin provisioning, enables space-efficient snapshots
PoolingThe physical storage resources are aggregated into storage pools, from which the logical storage is created. More storage systems, which may be heterogeneous in nature, can be added as and when needed, and the virtual storage space will scale up by the same amount. This process is fully transparent to the applications using the storage infrastructure.
Disk ManagementThe software or device providing storage virtualization becomes a common disk manager in the virtualized environment. Logical disks (vdisks) are created by the virtualization software or device and are mapped (made visible) to the required host or server, thus providing a common place or way for managing all volumes in the environment.Enhanced features are easy to provide in this environment :
Thin Provisioning to maximize storage utilization This is relatively easy to implement as physical storage is only allocated in the mapping table when it is used.
Disk expansion and shrinking More physical storage can be allocated by adding to the mapping table (assuming the using system can cope with online expansion)Similarly disks can be reduced in size by removing some physical storage from the mapping (uses for this are limited as there is no guarantee of what resides on the areas removed)
BenefitsNon-disruptive Data MigrationOne of the major benefits of abstracting the host or server from the actual storage is the ability to migrate data while maintaining concurrent I/O access.The host only knows about the logical disk (vdisk) and so any changes to the meta-data mapping is transparent to the host. This means the actual data can be moved or replicated to another physical location without affecting the operation of any client. When the data has been copied or moved, the meta-data can simply be updated to point to the new location, therefore freeing up the physical storage at the old location.
The process of moving the physical location is known as data migration Most implementations allow for this to be done in a non-disruptive manner, that is concurrently while the host continues to perform I/O to the logical disk (vdisk).The mapping granularity dictates how quickly the meta-data can be updated, how much extra capacity is required during the migration, and how quickly the previous location is marked as free. The smaller the granularity the faster the update, less space required and quicker the old storage can be freed up.There are many day to day tasks a storage administrator has to perform that can be simply and concurrently performed using data migration techniques.
Moving data off an over-utilized storage device. Moving data onto a faster storage device as needs require
Implementing a Information Lifecycle Management policy
Migrating data off older storage devices (either being scrapped or off-lease)
Improved UtilizationUtilization can be increased by virtue of the pooling, migration and Thin Provisioning services. When all available storage capacity is pooled, system administrators no longer have to search for disks that have free space to allocate to a particular host or server. A new logical disk can be simply allocated from the available pool, or an existing disk can be expanded.Pooling also means that all the available storage capacity can potentially be used. In a traditional environment, an entire disk would be mapped to a host. This may be larger than is required, thus wasting space. In a virtual environment, the logical disk (vdisk) is assigned the capacity required by the using host.Storage can be assigned where it is needed at that point in time, reducing the need to guess how much a given host will need in the future. Using Thin Provisioning, the administrator can create a very large thin provisioned logical disk, thus the using system thinks it has a very large disk from day 1.
Fewer Points of ManagementWith storage virtualization, multiple independent storage devices, that may be scattered over a network, appear to be a single monolithic storage device, which can be managed centrally. However, traditional storage controller management is still required. That is, the creation and maintenance of RAID arrays, including error and fault management.
RisksBacking Out a Failed ImplementationOnce the abstraction layer is in place, only the virtualizer knows where the data actually resides on the physical medium. Backing out of a virtual storage environment therefore requires the reconstruction of the logical disks as contiguous disks that can be used in a traditional manner.Most implementations will provide some form of back-out procedure and with the data migration
services it is at least possible, but time consuming.
Interoperability and Vendor SupportInteroperability is a key enabler to any virtualization software or device. It applies to the actual physical storage controllers and the hosts, their operating systems, multi-pathing software and connectivity hardware. Interoperability requirements differ based on the implementation chosen. For example virtualization implemented within a storage controller adds no extra overhead to host based interoperability, but will require additional support of other storage controllers if they are to be virtualized by the same software.Switch based virtualization may not require specific host interoperability — if it uses packet cracking techniques to redirect the I/O.Network based appliances have the highest level of interoperability requirements as they have to interoperate with all devices, storage and hosts.
Memory Virtualization
In computer science, memory virtualization decouples volatile random access memory (RAM) resources from individual systems in the data center, and then aggregates those resources into a virtualized memory pool available to any computer in the cluster. The memory pool is accessed by the operating system or applications running on top of the operating system. The distributed memory pool can then be utilized as a high-speed cache, a messaging layer, or a large, shared memory resource for a CPU or a GPU application.Memory virtualization allows networked, and therefore distributed, servers to share a pool of memory to overcome physical memory limitations, a common bottleneck in software performance.With this capability integrated into the network, applications can take advantage of a very large amount of memory to improve overall performance, system utilization, increase memory usage efficiency, and enable new use cases. Software on the memory pool nodes (servers) allows nodes to connect to the memory pool to contribute memory, and store and retrieve data. Management software manages the shared memory, data insertion, eviction and provisioning policies, data assignment to contributing nodes, and handles requests from client nodes. The memory pool may be accessed at the application level or operating system level. At the application level, the pool is accessed through an API or as a networked file system to create a high-speed shared memory cache. At the operating system level, a page cache can utilize the pool as a very large memory resource that is much faster than local or networked storage.Memory virtualization implementations are distinguished from shared memory systems. Shared memory systems do not permit abstraction of memory resources, thus requiring implementation with a single operating system instance (i.e. not within a clustered application environment).Memory virtualization is also different from memory-based storage such as solid state disks (SSDs). They both allow sharing the memory space (i.e. RAM, flash
memory) in a cluster, but SSDs use an overly complicated and less efficient interface, identical to the interface of hard disk drives.
BenefitsImproves memory utilization via the sharing of scarce resources Increases efficiency and decreases run time for data intensive and I/O bound applications Allows applications on multiple servers to share data without replication, decreasing total memory needs Lowers latency and provides faster access than other solutions such as SSD, SAN or NAS Scales linearly as memory resources are added to the cluster and made available to the memory pool.
Network Virtualization
In computing, Network Virtualization is the process of combining hardware and software network resources and network functionality into a single, software-based administrative entity, a virtual network. Network virtualization involves platform virtualization, often combined with resource virtualization.Network virtualization is categorized as either external, combining many networks, or parts of networks, into a virtual unit, or internal, providing network-like functionality to the software containers on a single system. Whether virtualization is internal or external depends on the implementation provided by vendors that support the technology.
Components of Virtual NetworkVarious equipment and software vendors offer network virtualization by combining any of the following:Network hardware, such as switches and network adapters, also known as network interface cards (NICs)Networks, such as virtual LANs (VLANs) and containers such as virtual machines (VMs) and Solaris ContainersNetwork storage devicesNetwork media, such as Ethernet and Fibre Channel
External Network VirtualizationSome vendors offer external network virtualization, in which one or more local networks are combined or subdivided into virtual networks, with the goal of improving the efficiency of a large corporate network or data center. The key components of an external virtual network is the VLAN and the network switch. Using VLAN and switch technology, the system administrator can configure systems physically attached to the same local network into different virtual networks. Conversely, VLAN technology enables the system administrator to combine systems on separate local networks into a VLAN spanning the
segments of a large corporate network.Example: Cisco Systems' Service-Oriented Network Architecture enables external network virtualization through use of the network switch hardware and VLAN software. In this scenario, systems that are physically connected to the same network switch can be configured as members of different VLANs.Hewlett Packard has implemented external network virtualization through their X Blade Virtualization technologies. Chief among these is Virtual Connect, which allows system administrators to combine local area networks and storage networks into a singly wired and administered network entity.
Internal Network VirtualizationOther vendors offer internal network virtualization. Here a single system is configured with containers, such as the Xen domain, combined with hypervisor control programs or pseudo-interfaces such as the VNIC, to create a “network in a box.” This solution improves overall efficiency of a single system by isolating applications to separate containers and/or pseudo interfaces.Examples: OpenSolaris network virtualization features enable the "network in the box" scenario. The features of the OpenSolaris Crossbow Project provide the ability for containers such as zones or virtual machines on a single system to share resources and exchange data. Major Crossbow features include VNIC pseudo-interfaces and virtual switches, which emulate network connectivity by enabling containers to exchange data without having to pass that data onto the external network.Microsoft Virtual Server uses virtual machines such as those provided by Xen to create a network in the box scenario for x86 systems. These containers can run different operating systems, such as Windows or Linux, and be associated with or independent of a system's NIC.
Combined Internal and External VirtualizationSome vendors offer both internal and external network virtualization software in their product line. For example, VMware provides products that offer both internal and external network virtualization. VMware's basic approach is network in the box on a single system, using virtual machines that are managed by hypervisor software. VMware then provides its VMware Infrastructure software to connect and combine networks in multiple boxes into an external virtualization scenario.
Virtual Private Network
A virtual private network (VPN) is a computer network that is layered on top of an underlying computer network. The private nature of a VPN means that the data travelling over the VPN is not generally visible to, or is encapsulated from, the underlying network traffic. Similarly, the traffic within the VPN appears to the underlying network as just another traffic stream to be passed. A VPN connection can be envisioned as a "pipe within a pipe", with the outer pipe being the underlying network connection.In more technical terms, the link layer protocols of
the virtual network are said to be tunneled through the underlying transport network.
VPN ClassificationsVPN technologies are not easily compared, due to myriad protocols, terminologies and marketing influences that have defined them. For example, VPN technologies can differ:In the protocols they use to tunnel the traffic over the underlying network;By the location of tunnel termination, such as the customer edge or network provider edge;Whether they offer site-to-site or remote access connectivity;In the levels of security provided;By the OSI layer which they present to the connecting network, such as Layer 2 circuits or Layer 3 network connectivity.
Secure VPN v/s Trusted VPNThe industry group 'Virtual Private Networking Consortium' have defined two types of VPN classifications, Secure VPNs and Trusted VPNs. The consortium includes members such as Cisco, D-Link, Juniper and many others.Secure VPNs explicitly provide mechanisms for authentication of the tunnel endpoints during tunnel setup, and encryption of the traffic in transit. Often secure VPNs are used to protect traffic when using the Internet as the underlying backbone, but equally they may be used in any environment when the security level of the underlying network differs from the traffic within the VPN.Secure VPNs may be implemented by organizations wishing to provide remote access facilities to their employees or by organizations wishing to connect multiple networks together securely using the Internet to carry the traffic. A common use for secure VPNs is in remote access scenarios, where VPN client software on an end user system is used to connect to a remote office network securely. Secure VPN protocols include IPSec, L2TP (with IPsec for traffic encryption), SSL/TLS VPN (with SSL/TLS) or PPTP (with MPPE).Trusted VPNs are commonly created by carriers and large organizations and are used for traffic segmentation on large core networks. They often provide quality of service guarantees and other carrier-grade features. Trusted VPNs may be implemented by network carriers wishing to multiplex multiple customer connections transparently over an existing core network or by large organizations wishing to segregate traffic flows from each other in the network. Trusted VPN protocols include MPLS, ATM or Frame Relay.Trusted VPNs differ from secure VPNs in that they do not provide security features such as data confidentiality through encryption. Secure VPNs however do not offer the level of control of the data flows that a trusted VPN can provide such as bandwidth guarantees or routing.From a customer perspective, a trusted VPN may act as a logical wire connecting two networks. The underlying carrier network is not visible to the
customer, nor is the customer aware of the presence of other customers traversing the same backbone. Interference between customers, or interference with the backbone itself, is not possible from within a trusted VPN.Some Internet service providers offer managed VPN service for business customers who want the security and convenience of a VPN but prefer not to undertake administering a VPN server themselves. Managed secure VPNs are again a hybrid of the two major VPN models, and are a contracted security solution that can reach into hosts. In addition to providing remote workers with secure access to their employer's internal network, other security and management services are sometimes included as part of the package. Examples include keeping anti-virus and anti-spyware programs updated on each connecting computer or ensuring particular software patches are installed before connection is permitted.
Categorization by User Administrative Relationships
The Internet Engineering Task Force (IETF) has categorized a variety of VPNs, some of which, such as Virtual LANs (VLAN) are the standardization responsibility of other organizations, such as the Institute of Electrical and Electronics Engineers (IEEE) Project 802, Workgroup 802.1 (architecture). Originally, wide area network (WAN) links from a telecommunications service provider interconnected network nodes within a single enterprise. With the advent of LANs, enterprises could interconnect their nodes with links that they owned. While the original WANs used dedicated lines and layer 2 multiplexed services such as Frame Relay, IP-based layer 3 networks, such as the ARPANET, Internet, military IP networks (NIPRNet, SIPRNet, JWICS, etc.), became common interconnection media. VPNs began to be defined over IP networks. The military networks may themselves be implemented as VPNs on common transmission equipment, but with separate encryption and perhaps routers.It became useful first to distinguish among different kinds of IP VPN based on the administrative relationships (rather than the technology) interconnecting the nodes. Once the relationships were defined, different technologies could be used, depending on requirements such as security and quality of service.When an enterprise interconnects a set of nodes, all under its administrative control, through a LAN, that is termed an intranet. When the interconnected nodes are under multiple administrative authorities but are hidden from the public Internet, the resulting set of nodes is called an extranet. A user organization can manage both intranets and extranets itself, or negotiate a service as a contracted (and usually customized) offering from an IP service provider. In the latter case, the user organization contracts for layer 3 services – much as it may contract for layer 1 services such as dedicated lines, or multiplexed layer 2 services such as frame relay.IETF documents distinguish between provider-provisioned and customer-provisioned VPNs. Just as an interconnected and set of providers can supply
conventional WAN services, so a single service provider can supply provider-provisioned VPNs (PPVPNs), presenting a common point-of-contact to the user organization.
Internet Protocol TunnelsSome customer-managed virtual networks may not use encryption to protect the data contents. These types of overlay networks do not neatly fit within the secure or trusted categorization. An example of such an overlay network could be a GRE tunnel, set up between two hosts. This tunneling would still be a form of virtual private network yet is neither a secure nor a trusted VPN.Examples of native plaintext tunneling protocols include GRE, L2TP (without IPsec) and PPTP (without MPPE).
Secuirty MechanismsSecure VPNs use cryptographic tunneling protocols to provide the intended confidentiality (blocking intercept and thus packet sniffing), sender authentication (blocking identity spoofing), and message integrity (blocking message alteration) to achieve privacy Secure. VPN protocols include the following:
IPsec (Internet Protocol Security) - A standards-based security protocol developed originally for IPv6, where support is mandatory, but also widely used with IPv4. For VPNs L2TP is commonly used over IPsec.
Transport Layer Security (SSL/TLS) is used either for tunneling an entire network's traffic (SSL/TLS VPN), as in the Open VPN project, or for securing individual connection. SSL has been the foundation by a number of vendors to provide remote access VPN capabilities. A practical advantage of an SSL VPN is that it can be accessed from locations that restrict external access to SSL-based e-commerce websites without IPsec implementations. SSL-based VPNs may be vulnerable to denial-of-service attacks mounted against their TCP connections because latter are inherently unauthenticated.
Datagram Transport Layer Security (DTLS), used by Cisco for a next generation VPN product called Cisco Any Connect VPN. DTLS solves the issues found when tunneling TCP over TCP as is the case with SSL/TLS
Microsoft Point-to-Point Encryption (MPPE) by Microsoft is used with their PPTP. Several compatible implementations on other platforms also exist.
Secure Socket Tunneling Protocol (SSTP) by Microsoft introduced in Windows Server 2008 and Windows Vista Service Pack 1. SSTP tunnels PPP or L2TP traffic through an SSL 3.0 channel.
MPVPN (Multi Path Virtual Private Network). Ragula Systems Development Company owns the registered trademark "MPVPN".
SSH VPN -- OpenSSH offers VPN tunneling to secure remote connections to a network (or inter-network links). This feature (option -w) should not be
confused with port forwarding (option -L/-R/-D). OpenSSH server provides limited number of concurrent tunnels and the VPN feature itself does not support personal authentication.
Desktop Virtualization
Desktop virtualization, as a concept, separates a personal computer desktop environment from a physical machine through a client-server computing model. The resulting "virtualized" desktop is stored on a remote central server, instead of on the local storage of a remote client; thus, when users work from their remote desktop client, all of the programs, applications, processes, and data used are kept and run centrally. This scenario allows users to access their desktops on any capable device, such as a traditional personal computer, notebook computer, smartphone, or thin client.Virtual desktop infrastructure, sometimes referred to as virtual desktop interface (VDI) is the server computing model enabling desktop virtualization, encompassing the hardware and software systems required to support the virtualized environment. Desktop virtualization consists of encapsulating and delivering either access to an entire information system environment or the environment itself to a remote client device. The client device may be based upon an entirely different hardware architecture than that used by the projected desktop environment, and may also be based upon an entirely different operating system.The desktop virtualization model allows the use of virtual machines to let multiple network subscribers maintain individualized desktops on a single, centrally located computer or server. The central machine may be at a residence, business, or data center. Users may be geographically scattered, but all may be connected to the central machine by a local area network, wide area network, or via the public Internet.
UsesA simple use for desktop virtualization is remote administration where the controlling computer will work almost the same as on a duplicate desktop, except that the actions of the controlling computer may be almost unnoticeable on the remote computer display. This differs from simple remote desktop software in that several people can use the same computer at once, without disturbing each others' work. This could be useful for several administrators doing different tasks on the same server. It can also be used for using hardware attached to the controlled computer, without disturbing a person who may already be using the computer.However, a major use is for spreading the resources of one machine to several users. In some cases it is cheaper to buy one large computer or server, and several thin clients or dumb terminals, rather than purchasing a complete computer for each workstation. The controlling thin-client computers only need to be powerful enough to run the remote controlling software, therefore virtualization
can provide a very simple and cheap computing system. Users of such a "thin client" or "dumb terminal" may not even know that their software is actually running on another computer. If one already has enough computers, but they are not powerful enough, only one new computer may be needed, with the old ones re-used as thin clients.
Advantages and DisadvantagesThe shared resources model inherent in desktop virtualization offers advantages over the traditional model, in which every computer operates as a completely self-contained unit with its own operating system, peripherals, and application programs. Overall hardware expenses may diminish as resources can be shared and allocated to users on an as-needed basis. Virtualization potentially improves the integrity of user information because all data can be maintained and backed-up in the data center. Other potential advantages include:
simpler provisioning of new desktops reduced downtime in the event of server or client hardware-failures
lower cost of new application deployment
desktop image-management capabilities
longer refresh cycle for client desktop infrastructure
secure remote access to an enterprise desktop environment
Limitations of desktop virtualization include:
potential security risks if the network is not properly managed some loss of user autonomy and privacy
challenges in setting up and maintaining drivers for printers and other peripherals
difficulty in running certain complex applications such as multimedia
increased downtime in the event of network failures
complexity and high costs of VDI deployment and management
Hosted Virtual Desktops
Hosted virtual desktops are desktop virtualization services provided through an outsourced, hosted subscription model. Hosted virtual desktop services generally include a managed desktop client operating-system configuration. Security may be physical, through a local storage-area network, or virtual through data-center policies. Transferring information technology infrastructure to an outsourced model shifts accounting for the associated costs from capital expenses to
operating expenses.According to a report by Gartner, hosted services accounted for more than 500,000 desktop units as of March 2009, but will grow to 49 million desktop units by 2013, and may make up as much as 40% of the worldwide professional personal computer market by revenue.
Providers and Products Citrix XenDesktop Ericom WebConnect Iland Workforce Cloud Leostream Microsoft Remote Desktop Services MokaFive Suite NComputing NX technology Pano Logic
Data virtualization
Data virtualization is the abstraction of data contained within a variety of databases so that they may be accessed without regard to their physical storage or heterogeneous structure. This concept is commonly used within grid computing, cloud computing and business intelligence systems. Data virtualization has emerged as the new technology to complete the virtualization stack in the enterprise. The virtualization stack can be divided into the following categories or technology layers: server infrastructure (memory and CPU), network resources, applications layer and finally the data layer. The Data Virtualization is designed to combine disparate data silos into a single uniform data source and make the data available to consuming applications. The challenges DV addresses were present in the enterprise for a long time: uniform holistic access, data access security, performance and political and cultural barriers of the data owners forcing them to share the data they own and responsible for. Several other technologies were designed to solve them in past: Master Data Management (MDM), Data Warehouse solutions, Data Extract Transform and Load technologies (ETL), Data Aggregation. With the advent of cloud computing, DV technology was designed to utilize the advantages of cloud platform and resolve the above problems in more effective and efficient way than older traditional technologies.
Vendors
IBM Informatica
Composite Software
Radiant Logic
Denodo
Microsoft
Queplix
Database Virtualization
Database virtualization is the decoupling of the database layer, which lies between the storage and application layers within the application stack. Virtualization at the database layer allows hardware resources to be extended to allow for better sharing of resources between applications and users, as well as enable more scalable computing.
ConceptData virtualization allows users to access various sources of disparately located data without knowing or caring where the data actually resides (Broughton). Database virtualization allows the use of multiple instances of a DBMS, or different DBMS platforms, simultaneously and in a transparent fashion regardless of their physical location. These practices are often employed in data mining and data warehousing systems. With the recent 2009 advances in cloud computing and data virtualization technologies, companies started utilizing database virtualization to enable enterprise search, legacy to cloud migration, providing secure data access to consumption applications like Business Intelligence and reporting. Queplix introduced in 2009 a concept of data globalization, which in addition to abstracting of the physical data also globalizes common data structures or objects across disperse data sources. For example, a virtual Customer record can be created from multiple enterprise databases containing common data. Such new implementation of data virtualization enables ubiquitous 360 degree view of the data across the enterprise.Data Management ChallengesIn most computing applications, data is paired with a given application such that it is not feasible to make that data available to other applications. This has led to a problem in which disparate data silos cannot communicate with each other. Data fragmentation also comes from the many different date primitives used by applications such as SQL, LDAP and XML.Virtual Data PartitioningThe act of partitioning data stores as a database grows has been in use for several decades. There are two primary ways that data has been partitioned inside legacy data management solutions:
I. Shared All Databases–an architecture that assumes all database cluster nodes share a single partition. Inter-node communications is used to synchronize update activities performed by different nodes on the cluster. Shared-all data management systems are limited to single-digit node clusters.II. Shared-Nothing Databases–an architecture in which all data is segregated to internally managed partitions with clear, well-defined data location boundaries. Shared-nothing databases require manual partition management.
In virtual partitioning, logical data is abstracted from physical data by autonomously creating and managing large number of data partitions (100s to 1000s). Because they are autonomously maintained, resources required to manage the partitions are minimal. This kind of massive partitioning results in:
partitions that are small, efficiently managed and load balanced; and systems that do not required re-partitioning events to define additional
partitions , even when hardware is changed
This virtual architecture converges together the “shared-all” and “shared nothing” architectures allowing scalability through multiple data partitions and cross-partition querying and transaction processing without full partition scanning.
AdvantagesAdded flexibility and agility to the existing computing infrastructureEnhanced database performancePool and share computing resourcesSimplify administration and managementIncreases fault toleranceProvide real-time back-up of important business dataLower total cost of ownership
Vendors
Denodo IBM
Informatica
Microsoft
Queplix
Virtual Chargeback
In information technology, virtual chargeback is a practice of charging back the costs of virtual IT infrastructure to departments or business units, that actually
use it. This means analyzing and recording the resource utilisation on virtual machines (VMs).The idea of chargeback in a traditional (non-virtualised) sense is not new, and references go as far back as the 1980’s. Publications available on the Internet generally support the notion that chargeback involved literally charging departments based on actual resource consumption rather than forecast usage . Chargeback is most relevant to IT departments, simply due to the fact that almost all areas of an organisation use computing resources. Rather than IT having to justify expenditures for another area of the organisation, the burden is on those departments who are actually planning on using the resource provided by IT. Reasons for using a chargeback model include:• More effective use of IT services due to customers becoming more conscious of the cost associated with new hardware and software• A better understanding of the TCO (total cost of ownership) for performing a business function• Prevention of business groups being charged for applications and services they rarely use• The entire IT infrastructure is taken into account (i.e. from network I/O through to storage)
The Virtual Chargeback ChallengeWhile numerous tools exist for tracking asset utilisation in a traditional sense (such as Microsoft's Operations Manager), they are considered by some to be of limited use when it comes to virtual machines. Numerous attempts have been made to address with this problem, some of which are available today:
VMware vCenter Chargeback, PlateSpin Recon,
vKernel.
