Upload
syed-m-shaaf
View
3.823
Download
2
Tags:
Embed Size (px)
DESCRIPTION
Technical update KVM and Red Hat Enterprise Virtualization (RHEV)
Citation preview
KVM / Red Hat Enterprise Virtualization | Syed M Shaaf1
Technical update KVM and Red Hat
Enterprise Virtualization (RHEV)
Syed M ShaafSolution ArchitectRed Hat
Klaus OxdalStrategic Alliance to IBM NordicsRed Hat
© 2011 IBM Corporation2
IBM invests into KVM Development Over 60 IBM programmers working on KVM as part of the community
Core KVM Development
Performance and Memory Data Center
Networking
Systems Management
Networking and I/O Security and
Reliability
Cloud Early Deployment
Company Changes Rate
Red Hat 352 31.8%
Intel 155 14.0%
IBM 149 13.5%
Qumranet 143 12.9%
AMD 97 8.8%
Contributions to KVM in Linux 2.6 kernel
© 2011 IBM Corporation3
Where IBM uses KVM
+
IBM Contributions to KVMOver 60 IBM engineers and programmers working on KVM, Qemu and oVirt as part of the open source community
IBM System x and PureSystemsIBM x86 servers for Linux and Windows support virtualization with KVM, as do IBM PureFlex and PureApplication Systems support KVM which deliver hypervisor choice and flexibility in next generation integrated systems
IBM zEnterprise IBM System x Blades in the zEnterprise BladeCenter Extension (zBX) and Unified Resource Manager support KVM.
IBM Systems Director VMControl Automated virtualization management now also supported for KVM environments.
IBM Software Group PortfolioKVM is a tier 1 virtualization technology for SWG with majority of SWG products supporting KVM today. Tivoli system management solutions manage KVM
IBM SmartCloud EnterpriseAgile cloud computing infrastructure as a service (IaaS) designed to provide rapid access to security-rich, enterprise-class virtual server environments, well suited for development and test activities and other dynamic workloads uses KVM.
KVM / Red Hat Enterprise Virtualization | Syed M Shaaf4
INDUSTRY LEADING VIRTUALIZATION PERFORMANCE ON SPECVIRT_SC2010
As of May 30, 2012, RHEV claims top 7 results and the only 8 socket server scores. SPEC® and the benchmark name SPECvirt® are registered trademarks of the Standard Performance Evaluation Corporation.
KVM / Red Hat Enterprise Virtualization | Syed M Shaaf5
Virtualizing the x86 architecture
● x86 architecture is difficult to virtualize
● CPU implements 4 privilege levels or “rings” - 0 thru 3
● Privileged kernels calls run in ring 0
● Applications / userspace run in ring 3
Physical Hardware
Operating System
Application Application Application Application
Ring 0
Ring 3
Ring 1 & 2
KVM / Red Hat Enterprise Virtualization | Syed M Shaaf6
Virtualizing the x86 architecture
● Hypervisor must run in ring 0
● Virtual machines run in ring 3
Problem :The operating system kernel tries to privileged “ring 0” instructions. Will cause machine fault
KVM / Red Hat Enterprise Virtualization | Syed M Shaaf7
Challenges facing customers
● Performance● Hardware emulation is slow compared to physical
hardware● Also costly in terms of CPU● Resulting in significant performance penalties for
virtualization
● Time keeping● Many issues with clock skew for guests● Time drift especially under load
KVM / Red Hat Enterprise Virtualization | Syed M Shaaf8
KVM (Kernel-base Virtual Machine): Overview
● Integrated Hypervisor for Linux
● Converts Linux into a Type-1 Hypervisor
● Runs Windows, Linux and other guests
● Allows for Hybrid-mode operation
● Run regular Linux applications along side VM guests● Upstream since Linux 2.6.20 (2007)
● Control over future evolution is held by linux development community
● Supported in RHEL since v5.4 (Sept. 2009)
● Elegant, simple design reuses Linux and builds upon CPU virtualization assistance
KVM / Red Hat Enterprise Virtualization | Syed M Shaaf9
5 YEARS AND MORE..
KVM / Red Hat Enterprise Virtualization | Syed M Shaaf10
Benefits of Linux KVM Model• Leverages Linux – no need to re-invent the
wheel – Built on trusted, stable enterprise grade
platform– Scheduler, memory management, hardware
support etc. – Ease of management – use same tools for
managing physical servers and hypervisors
• Advanced features – Inherit scalability, NUMA support, power
management, hot-plug etc. from Linux – others have to develop from scratch
– SELinux security, advanced scheduler, RAS support etc.
• Hybrid-mode operation– Run regular Linux applications side-by-
side with Virtual Machines on the same server – much higher degree of hardware efficiency
KVM / Red Hat Enterprise Virtualization | Syed M Shaaf11
● Host: 160 logical CPU (4,096 theoretical max), 2 TB RAM (64TB theoretical max)
● Guest: 64 vCPU, 512 GB RAM
● Supports latest silicon virtualization technology
● Based on the latest RHEL 6 kernel
● Microsoft SVVP certified
RHEV HYPERVISOR/KVM OVERVIEW
SMALL FORM FACTOR, SCALABLE, HIGH PERFORMANCE
KVM / Red Hat Enterprise Virtualization | Syed M Shaaf12
KVM Features
● KVM supports advanced memory management
● Leverages robust and scalable Linux virtual memory manager
Support for large memory systems > 1TB ram
● Support for NUMA
● Transparent memory page sharing
● Memory overcommit
KVM / Red Hat Enterprise Virtualization | Syed M Shaaf13
Memory Page Sharing
● Implemented in loadable kernel module
● Kernel SamePage Merging (KSM)
● Kernel scans memory of virtual machines
● Looks for identical pages
● “Merges” identical pages
● Only stores one copy (read only) of shared memory
● If a guest changes the page it gets it's own private copy
● Significant hardware savings
● Better consolidation ratioAllows more virtual machines to run per host
KVM / Red Hat Enterprise Virtualization | Syed M Shaaf14
Memory Page Sharing
● Kernel Same-Page Merging (KSM)● Memory Page Sharing● Securely shares identical memory pages between
virtual machines
KVM / Red Hat Enterprise Virtualization | Syed M Shaaf15
Thin Provisioning
● Allocate storage only when needed
● Oversubscribe storage● Transparent to virtual
machine● Improve Storage Utilization● Reduced Storage Costs● Works with NFS, iSCSI and
Fiber Channel
KVM / Red Hat Enterprise Virtualization | Syed M Shaaf16
Paravirtualized Drivers & VirtIO
● KVM provides an interface for paravirtualized drivers
● Paravirtualized drivers for block and network devices
● High performance disk and networking
● VirtIO
● Common framework for paravirtualized drivers
● Goal : To allow one set of drivers to be used for all hypervisors
● Upstream Linux kernels include virtio drivers for disk, network & clock
● PV drivers available for Windows Server 2000 -> 2008, XP and Vista
● Including WHQL certification
KVM / Red Hat Enterprise Virtualization | Syed M Shaaf17
RHEV inherits the security features of Linux and RHEL
SELinux security policy infrastructure
Provides protection and isolation for virtual machines and host
Compromised virtual machine cannot access other VMs or host
sVirt Project
Sub-project of NSA's SELinux community. Provides “hardened” hypervisors
Multilevel security. Isolate guests
Contain any hypervisor breaches
RED HAT ENTERPRISE VIRTUALIZATIONSECURITY
KVM / Red Hat Enterprise Virtualization | Syed M Shaaf18
Security - SELinux to the rescue
SELinux is all about labeling
● Processes get labels – virtual machines with KVM are processes
● Files and devices get labels – virtual images are stored on files and devices
● Rules control how process labels interact with file labels and other process labels
● The kernel enforces these rules
KVM / Red Hat Enterprise Virtualization | Syed M Shaaf19
KVM guests are processes, so we can confine them like processes
KVM / Red Hat Enterprise Virtualization | Syed M Shaaf20
Compromised virtual machine guest confined, despite its vulnerability
KVM / Red Hat Enterprise Virtualization | Syed M Shaaf21
And of course, the guest operating system can also run SELinux
KVM / Red Hat Enterprise Virtualization | Syed M Shaaf22
Red Hat Enterprise Virtualization
KVM / Red Hat Enterprise Virtualization | Syed M Shaaf23
RHEV Overview
KVM / Red Hat Enterprise Virtualization | Syed M Shaaf24
● High Availability
● Live Migration
● Load Balancing (DRS)
● Power Saver (DPM)
● Templates, thin provisioning, snapshots
● Centralized storage and networking management
● V2V
● Power User Portal
● Reporting Engine
RED HAT ENTERPRISE VIRTUALIZATIONRHEV MANAGER FEATURES
KVM / Red Hat Enterprise Virtualization | Syed M Shaaf25
● Host: 160 logical CPU (4,096 theoretical max), 2 TB RAM (64TB theoretical max)
● Guest: 64 vCPU, 512 GB RAM
● Supports latest silicon virtualization technology
● Based on the latest RHEL 6 kernel
● Microsoft SVVP certified
RHEV HYPERVISOR/KVM OVERVIEW
SMALL FORM FACTOR, SCALABLE, HIGH PERFORMANCE
KVM / Red Hat Enterprise Virtualization | Syed M Shaaf26
RHEV 3.0 ARCHITECTURE
RHEV-Manager is now a Java application running on JBoss EAP on RHEL
Backend database is now PostgreSQL 8.4
New user portal, REST API, Linux CLI
Support for multiple external authentication sources
Red Hat IPA Microsoft Active Directory
KVM / Red Hat Enterprise Virtualization | Syed M Shaaf27
SPICE: EXCEPTIONAL USER EXPERIENCE
User experience comparable to a local desktop PC
Bi-directional audio & video
VoIP & video conferencing
HD quality video
Hi resolution 2560x1600 (each)
Up to 4 monitors
USB redirection for nearly any
device
Smart Card/CAC authentication
Copy & paste
KVM / Red Hat Enterprise Virtualization | Syed M Shaaf28
RHEV 3.0 REPORTING
Historical usage, trending, quality of service
Integrated reporting engine based on Jasper reports
Over 25 prebuilt reports and dashboards included
Ability to create and customize reports and templates
KVM / Red Hat Enterprise Virtualization | Syed M Shaaf29
RHEV 3.0 - Integration
● Hook scripts are called at specific VM lifecycle events● VDSM (management agent) Start● Before VM start● After VM start● Before VM migration in/out● After VM migration in/out● Before and After VM Pause● Before and After VM Continue● Before and After VM Hibernate● Before and After VM resume from hibernate● On VM stop● On VDSM Stop
➔Hooks can modify a virtual machines XML definition before VM start➔Hooks can run system commands – e.g.. Apply firewall rule to VM
KVM / Red Hat Enterprise Virtualization | Syed M Shaaf30
Integration & API
RED HAT ENTERPRISE VIRTUALIZATIONRHEV
Python SDK - Python SDK for developers
KVM / Red Hat Enterprise Virtualization | Syed M Shaaf31
Thank you!Syed M ShaafSolution ArchitectRed Hat
Klaus OxdalStrategic Alliance to IBM NordicsRed Hat