the developer’s guide to virtual...

The Developer’s Guide to Virtual Machines

an Developer eBook

I n a world of multiple operating systems, each with various versions, no developer has the luxury of building appli-cations for only one target configuration. Every developer needs to ensure that his or her applications will functioncorrectly on all the OS configurations used by today's heterogeneous IT environments. Because dedicating physi-

cal test systems for each target environment is out of most development teams' budgets, virtual machines (VMs) arethe right solution at the right time.

Virtualization solutions enable you to run multiple VMs on one physical computer. Each VM behaves as an isolated physi-cal PC or server with its own configuration – a very useful testing and development environment that's much cheaperthan the real thing. Java developers know the benefits of the VM concept well. The promise of enabling developers to"write once, run anywhere" was a key factor in the broad adoption of Java, which itself runs on the Java Virtual Machine.

As the market for virtualization grows, the ways in which developers use virtualization itself are expanding. The tradition-al development and testing uses of virtual machines as local disposable sandboxes and solutions for application isola-tion are broadening. Sharing development tasks across large teams in disparate locations appears to be the next step.

Proper Virtual Machine Uses in Development and Testing

Virtual machines can cut time and money from the software development and testing process, but they aren't thebest choice in every scenario. When should you use virtual machines for developing and testing software, and whenshould you use a more traditional setup with physical machines?

Software development typically involves developing and testing for different target environments, but dedicating aphysical computer to each environment can be expensive. Not only do you have to consider the initial purchasecost, but physical computers also take up space, use power, and require maintenance. Virtual machines can reducethis cost by providing a way to run multiple development and test environments on one physical computer.

Another problem with dedicating a physical computer to each environment is that setting up your target environ-ments can be quite time-consuming. In this situation, virtual machines can save you time. If you need to duplicate aparticular environment, you can create a library of virtual hard disks that are pre-loaded with specific sets of soft-ware. You and other members of your develop-ment and test team can clone the disks thatyou need and quickly replicate a particularenvironment in a virtual machine.

This type of setup can save lots of timewhen you need to start over with a cleaninstallation, or duplicate the same environ-ment in several virtual machines

This type of setup can save lots of time whenyou need to start over with a clean installa-tion, or duplicate the same environment inseveral virtual machines (See Figure 1).

The figure shows Microsoft's Virtual Serverwith three virtual machines running the samebuild of BizTalk Server on three differentoperating systems. You could click one of

1

The Developer's Guide to Virtual Machines

The Developer’s Guide to Virtual Machines, an Internet.com Developer eBook. Copyright 2006, Jupitermedia Corp.

Figure 1

the thumbnails to access the virtual machine or use a RemoteDesktop connection. (Note that licensing for software runningin virtual machines is pretty much the same as in physicalmachines, so make sure you have the proper licenses for allof your running software.)

You can also attach virtual machines to physical networks justas if they were physical, or you can create a virtual networkfor testing different scenarios, while isolating virtual machinenetwork traffic to the host computer. This is useful for patch-ing virtual machines, providing general network access tothem, and validating different network scenarios that might berelevant in your software testing.

Development and TestingUses for Virtual Machines

The following sections describe the different ways that youcan use virtual machines for development and testing.

Create a Library of Virtual Hard Disks

As previously mentioned, you can create a library of virtualhard disk (.vhd) files that you and your colleagues can use to"instantly" recreate a particular environment. Using Microsoft'sVirtual Server and Virtual PC, you can do this by creating avirtual machine, installing the requisite software on it, and thencloning the .vhd file. You can attach the .vhd file to a new vir-tual machine, boot it up, and voila: your environment is run-ning on the new virtual machine.

If you want to run more than one virtual machine with thesame .vhd on the same network, you must sysprep the virtualmachine to prevent network conflicts.

Create a Standardized IDE

With your IDE deployed in a virtual machine, you can quicklyset up a development environment that meets your compa-ny's standards and even share it with colleagues in your .vhdlibrary. If you work at home, you can install a virtual machineon your personal computer with the corporate "standard"environment so you can connect to the corporate network.

You can also sandbox the virtual machine, isolating it fromyour personal computer, to satisfy corporate security require-ments. We'll go into sandboxing in more detail later.

2



According to Rich Lechner, VP of Virtualization technol-ogy for IBM, “Anywhere from 40 to 50 percent of theclients out there either have implemented or plan toimplement virtualization over the next one to twoyears. We are seeing very broad-based adoption.Certainly much broader than, in my experience, theearly days of Java and Linux."

The trend has not been lost on chipmakers such asIntel and AMD, who are tweaking the underlying sili-con of the x86 platform to enable VM software makersto optimize their products.

Let's examine exactly how virtualization works.

An operating system running on a physical computercontrols the computer's hardware, including memory,CPU, network adapters, hard disks, and peripherals.Because only one operating system can control thehardware at any given time, you usually can't runmore than one operating system on the same comput-er at the same time.

Virtual machine technology uses an agent to allocatephysical hardware resources to the host operatingsystem and the running virtual machines as needed.The host still controls the physical hardware, but eachvirtual machine emulates its own set of hardware and"borrows" physical resources from the host to run it.The virtualization agent (called the virtual machinemonitor in Microsoft's Virtual Server and Virtual PCproducts) allocates the resources to each virtualmachine's emulated hardware. This allows the hard-ware of the physical computer to serve the host oper-ating system and a number of virtual machines simul-taneously.

As you might guess, you need enough hardwareresources to run the various operating systems andapplications, which is at the root of the main limitationof virtual machines: you may need to beef up yourhardware if it doesn't have enough resources for thevirtual machines you want to run.

Test New Development and Test Tools

You can try out new tools for software development and testing on a virtual machine without jeopardizing your pri-mary workstation setup. You can set up a .vhd file that has your basic environment installed, copy it, attach it to anew virtual machine, and boot it up. You can then install the new tools and see how they work in your environment.

Perform Functionality Tests

Use the following tips to make it quicker and easier to perform software functionality tests with virtual machines:

• Deploy a variety of destination environments for functionality testing using minimal hardware (as previouslymentioned).

• Set up a library of test environments in virtual machines for rapid deployment (also previously mentioned). Justcopy the .vhd file, attach it to a virtual machine, and boot up.

• Run tests and then quickly roll your virtual machines back to a clean state. You can do this with Microsoft'sVirtual PC and Virtual Server thanks to a cool feature called "undo disks." It can be used to reinstall builds ofsoftware that are under development at Microsoft. To get back to a clean base where you can install the latestbuild, do the following:

• Install all of the prerequisites for the software.• Enable undo disks.• Install the software.

When you want to go back to a clean base, turn off the virtual machine and discard undo disks.

• Test complex network scenarios without setting up a physical network. Thanks to the flexible virtual network-ing in Virtual Server, you can create a complete network setup on your test computer and keep all of the net-work traffic isolated to the physical box. You can even set up a domain.

What Not to Expect from Virtual Machines

While their benefits all sound ideal, virtual machines do have two main drawbacks: they share physical resourceswith the host and any other running virtual machines, and they carry some processing overhead. So you can'texpect the same performance from a virtual machine as you do from a physical one. Because they contend forresources in this way, the following are not good uses of virtual machines:

• Performance and stress testing. Your results may not be accurate because the amount of resources availablefor a given operation can fluctuate.

• Running multiple resource-intensive virtual environments on the same physical computer. Performance will besub-optimal unless your computer is sized adequately. Your host computer must have the sum of all of thephysical resources required by the running virtual machines, plus what the host system needs, plus aboutanother 10 percent for overhead. You'll have other considerations as well, such as disk I/O requirements.

What does this mean to you? If you're a developer, limit the number of resource-intensive programs you run on asingle computer. If you're a tester, you shouldn't try to use virtual machines for stress or performance testing. Youshould use physical computers for these purposes.

3



The Pros and Cons of Virtualization in theDatacenter

Let's discuss the pros and cons of virtual machine technology for helping you determine whether the cost of imple-menting virtual machine technology is worthwhile. Should the VM benefits outweigh the drawbacks in your multi-server datacenter, virtual machine technology can provide more reliability, easier manageability, and lower overallcost for your organization.

Features and Benefits

IsolationOne of the key reasons to employ virtualization is to isolate applications from each other. Running everything on onemachine would be great if it all worked, but many times it results in undesirable interactions or even outright con-flicts. The cause is often software problems or business requirements, such as the need for isolated security. Virtualmachines allow you to isolate each application (or group of applications) in its own sandbox environment. The virtualmachines can run on the same physical machine (simplifying IT hardware management), yet appear as independentmachines to the software you are running. For all intents and purposes – except performance – the virtual machinesare independent machines. If one virtual machine goes down due to application or operating system error, the oth-ers continue running, providing services your business needs to function smoothly.

StandardizationAnother key benefit virtual machines provide is standardization. The hardware that is presented to the guest operat-ing system is uniform for the most part, usually with the CPU being the only component that is "pass-through" in thesense that the guest sees what is on the host. A standardized hardware platform reduces support costs andincreases the share of IT resources that you can devote to accomplishing goals that give your business a competi-tive advantage. The host machines can be different (as indeed they often are when hardware is acquired at differenttimes), but the virtual machines will appear to be the same across all of them.

ConsolidationVirtual machines also increase utilization and promote consolidation. Consolidation of servers results in easier man-agement and decreased hardware costs. The drawback of consolidation is increased susceptibility to hardware fail-ures and increased impact from those failures. However, the risk and negative impact can be mitigated with failoversetups where virtual machines on two different physical machines monitor each other with each one ready to takeover for the other.

Using virtual machines should not require more physical machines and usually will result in fewer physical machines.This is a great boon because setting up and maintaining physical hardware is messy and time-consuming. On top ofthat, physical servers consume power. With electricity rising in cost, power savings translate into larger and largerfinancial savings.

Ease of TestingVirtual machines let you test scenarios easily. Most virtual machine software today provides snapshot and rollbackcapabilities. This means you can stop a virtual machine, create a snapshot, perform more operations in the virtualmachine, and then roll back again and again until you have finished your testing. This is very handy for softwaredevelopment, but it is also useful for system administration. Admins can snapshot a system and install some soft-ware or make some configuration changes that they suspect may destabilize the system. If the software installs orchanges work, then the admin can commit the updates. If the updates damage or destroy the system, the admincan roll them back.

4



Virtual machines also facilitate scenario testing by enabling virtual networks. In VMware Workstation, for example,you can set up multiple virtual machines on a virtual network with configurable parameters, such as packet loss fromcongestion and latency. You can thus test timing-sensitive or load-sensitive applications to see how they performunder the stress of a simulated heavy workload.

MobilityVirtual machines are easy to move between physical machines. Most of the virtual machine software on the markettoday stores a whole disk in the guest environment as a single file in the host environment. Snapshot and rollbackcapabilities are implemented by storing the change in state in a separate file in the host information. Having a singlefile represent an entire guest environment disk promotes the mobility of virtual machines. Transferring the virtualmachine to another physical machine is as easy as moving the virtual disk file and some configuration files to theother physical machine. Deploying another copy of a virtual machine is the same as transferring a virtual machine,except that instead of moving the files, you copy them. Multiple deployments of a single virtual machine are mucheasier to achieve than multiple deployments of an operating system on a physical machine.

Drawbacks and Challenges

Concentration RiskWe've already discussed the increased reliance on fewer physical machines: the "putting all your eggs in a few bas-kets" effect, which is also called concentration risk. You can ameliorate this risk by setting up heartbeat monitoringand failover on virtual machines located on independent physical machines. Virtual machine technology actuallyreduces concentration risk when deployed in the right configurations. Compared to a baseline configuration of xphysical machines, you can almost always achieve a more failure-resistant configuration using x or fewer physicalmachines hosting more than x virtual machines that are networked to watch each other and take over in the eventof a partner machine's failure. The efficiency multiple could be 1.5x, 2x, 3x, 4x, or more, depending on the applica-tions in the virtual machines and the specifications of the physical hosts.

CostLicensing costs were a drawback to running virtual machines, but the picture is starting to look better. If you were run-ning servers on VMware's GSX Server, for example, the dollar cost of licenses could have been a significant portion of(or more than) the cost of the physical hardware, depending on your physical machine specifications. That's becauseVMware GSX Server cost $1,400, which added considerably to the cost of a workgroup file server or a Web server.

VMWare replaced GSX Server with a free product called VMware Server, with the hopes that providing a free prod-uct will make the company's virtualization technology available to a wider audience.

Xen charges no license fee, but it currently runs only on Linux hosts and handles only guest operating systems forwhich source code is available, a criterion that includes Linux and BSD but not Windows. The guest operating sys-tem limitation is changing with Intel's release of its VT "Virtualization Technology" and AMD's Pacifica chip technolo-gy. Both enable a host hypervisor to execute unmodified guest operating systems, which means Xen will be able torun Windows as a guest operating system. The hypervisor is the bit of code sitting between the hardware and theguest environment that mediates access to physical hardware and controls execution of privileged instructions onthe CPU.

Performance PenaltyVirtual machine technology imposes a performance penalty from running an additional layer above the physical hard-ware but beneath the guest operating system. The performance penalty varies based on the virtualization softwareused and the guest software being run. Two good performance comparisons of VMware and Xen were conductedby the computer science departments at University of Cambridge, England and Clarkson University. Based on theCambridge study, VMware Workstation achieves near-native performance for processor-intensive tasks, but experi-ences slow-downs of up to 88 percent on I/O-bound tasks. That means your I/O-bound process would be running

5



at nearly 1/10 of its native speed – something that may be unacceptable to you. The Cambridge group performedits study based on VMware Workstation 3.2 because licensing restrictions in newer VMware versions prohibit testcomparisons. VMware likely has improved its performance, but in any case if your task is I/O-intensive, you woulddo well to test it in a trial copy before purchasing the software.

In the same study, Xen performed extremely well whether the task was CPU-bound or I/O-bound. In some cases,Xen's performance penalty is almost non-existent thanks to its paravirtualization function, which modifies the guestoperating system to optimize performance (hence, the more limited selection of supported guest operating systems).

The performance penalty can mean you need to purchase additional hardware or more expensive, higher-end hard-ware. This is one factor you must take into account when determining whether, or to what extent, to adopt virtualmachine technology. For large deployments, the increased ease of management often far outweighs the license feesand potentially more demanding hardware requirements per physical machine. Furthermore, services often can beconsolidated onto fewer physical machines that serve as hosts for multiple virtual machines, meaning that overallhardware costs decline.

Hardware SupportA fourth drawback of virtual machine technology is that it supports only the hardware that both the virtual machinehypervisor and the guest operating system support. Even if the guest operating system supports the physical hard-ware, it sees only the virtual hardware presented by the virtual machine. The virtual machine's hardware support actu-ally has two aspects. The first is what the virtual machine hypervisor recognizes on the host machine. This is generallyfairly broad within the common categories such as networking, hard drive storage, keyboards, mice, and video cards.

The virtual machine hypervisor, if it runs on top of the host operating system, usually just takes advantage of thehost operating system's support of the physical device in question. It takes advantage of the host's support forphysical devices so that they do not have to provide code specifically for the plethora of hardware devices on themarket today. VMware ESX Server, in contrast, is designed to run on bare hardware with no underlying host operat-ing system for support. As a result, performance can be better than that provided by GSX Server or Workstation,but the range of hardware that the virtual machine hypervisor will run on is much more limited because the ESXServer code base must contain code to handle each device that it supports.

The second aspect of virtual machine hardware support is the hardware presented to the guest operating system.No matter the hardware in the host, the hardware presented to the guest environment is usually the same (with theexception of the CPU, which shows through). For example, VMware GSX Server presented an AMD PCnet32 FastEthernet card or an optimized VMware-proprietary network card, depending on which you chose. The network cardin the host machine does not matter. VMware GSX Server performed the translation between the guest environ-ment's network card and the host environment's network card. This was great for standardization, but it also meansthat host hardware that VMware does not understand will not be present in the guest environment.

Software LicensingA fifth challenge of virtual machine technology is the complication of software licensing inside guest operating sys-tems. If you load and run Windows Server 2003 in eight virtual machines on four physical machines, how manylicenses would you be obligated to pay for? What about database software like Oracle or SQL Server, which areusually licensed based on the number of processors? A virtual machine on a dual processor host machine may haveonly one processor. If Oracle runs in the virtual machine, should you be charged for one processor or two?

Choose Wisely

The challenge of deploying virtual machine technology is figuring out whether the benefits outweigh the costs in yoursituation. Virtual machines improve utilization, facilitate management, reduce downtime, and enhance the mobility ofapplications in many scenarios. So if the management of IT hardware and software resources is a current or antici-

6



pated headache, you should take a look at VMware, Xen, and Microsoft Virtual Server and carefully consider thepros and cons for your particular situation.

Building a Virtual PC

We're now going to walk through a step-by-step Microsoft Virtual PC 2004 installation of SuSE Linux 9.1Professional. Once it's built, you can clone your Virtual PC, back it up, perform experiments on it, restore it, andeven distribute it to others.

This is a good skill for a developer to have because in order to replicate their customers' problems, developers needthe ability to run their software in the same environments as their customers. If you develop on Windows XP, and acustomer discovers a problem on Windows 98 Second Edition, it helps you immensely to have a Windows 98 SEinstallation.

Installing an operating system on a Virtual PC is just as much work as installing it on a real PC, at least the first time.To give you an idea of what building a Virtual PC involves, this tutorial walks you through a Microsoft Virtual PC 2004installation of SuSE Linux 9.1 Professional from DVD. It uses Virtual PC 2004 SP1, installed on Windows XP SP2.The host computer has 1 GB of RAM.

Start by choosing to create a VPC. The New Virtual Machine Wizard will come up. Choose to create a virtualmachine:

You usually name a virtual machine by the operating system you're installing (in this case, SuSE 9.1 Professional). Ifyou later clone the VPC, use a name that indicates the special purpose of the clone. If you attempt to maintain sim-ple numbered clones, you'll probably find out that after a week or so you can't remember which number had whichsoftware version.

The New VM Wizard knows the memory needs of 11 specific Microsoft operating systems, ranging from MS-DOSto Windows Server 2003. The wizard allows you to choose Other for anything else. The Wizard tends to recom-mend less memory than you'll want for most systems, but you can change it now, and adjust it later. To install SuSELinux, allot 256 MB of RAM, at least for now. Later, you might decide to run the VM with less RAM to allow moreprocesses to run in the host machine, or you might decide to run the VM with more RAM to accommodate thememory needs of the applications you are running in it.

Since you are installing the system from scratch, create anew virtual hard disk. If you were cloning an existing VPC,you'd use a copy of the existing virtual hard disk file. Thedefault hard disk name is usually fine for a new VPC.

You now have a VPC that's ready to run, but it has anempty, unformatted hard disk. You need to boot it from aphysical CD or DVD, or an ISO CD or DVD image file.The CD menu on the Virtual PC shows that you'vealready captured the physical D: drive. The boot informa-tion from the VPC's BIOS shows that it sees 256 MB ofRAM, just as you set it. (See Figure 2.)

With a SuSE installation DVD booted, you get a menu of options. Choose a normal installation. From this point on,installing to the Virtual PC is almost exactly like installing to a physical PC. In YaST, SuSE's OS setup and configura-tion tool, you pick your language and you accept the default installation settings. YaST does not automatically detect

7



Figure 2

the emulation sound card. So ask it to detect older sound chips, and it will find the emulation Sound Blaster 16.

Working with the SuSE VPC

Two or three hours of automatic installation later, you can bootSuSE Linux. As you might expect, the support for Linux in VirtualPC 2004 is not as complete as the support for Windows. Torelease the mouse from the Linux VPC window, you must pressthe right Alt key. On a VPC that runs Windows, you can move themouse focus in and out of the VPC window smoothly and trans-parently once you have installed the Virtual Machine Additions (seeFigure 3).

The Virtual Machine Additions also allow the emulation of a videocard with more memory, allowing for better video modes. They fur-ther support sizing the VPC window interactively with the mouse to nearly arbitrary sizes, as well as sharing foldersbetween the host PC and the VPC.

You can work around the lack of shared host folders. SuSE, like most modern Linux builds, can view Windows net-works using Samba, as long as you don't block the Samba ports with a firewall. If you have a Linux build ofActiveState Komodo on your host Windows machine, and you have shared the directory over the Windows networkso that it can be seen from Linux with Samba, once you copy the license file to your VPC, you can run it in a shell.

If a firewall blocked Samba, you could still transfer the file using Web sharing of the folder on the host Windows PCand view the directory from the Linux VPC using a Web browser.

Transferring the compressed installation TAR is asimilar process. Once you've transferred it to theLinux VPC, you open it with the default archivemanagement tool and extract it to a new directo-ry. Then you install the software. In order to do sosuccessfully, you need to take root privilege tem-porarily.

Once the software is installed, you need to exitthe privileged shell to run under your own ID,since you have installed a license for only youruser account. You can either create a link or putthe installed software on the path to make it con-venient to start from a shell (see Figure 4).

SuSE installs Perl, Python, and Tcl by default, andKomodo detects all three. SuSE also installsJava, but Komodo is not a Java editor. SuSEdoes not install PHP by default, but you candownload and install it from php.net using thebuilt-in Web browser, just as you would for aSuSE installation on a physical PC.

Similarly, you can download and install Eclipse from eclipse.org and NetBeans from netbeans.org for Java editing.

8



Figure 3

Figure 4

Just like that, you have configured a complete installation of SuSE 9.1 Professional Linux in a Virtual PC andinstalled development tools. Now you can use the Virtual PC for Linux development and testing. You also can savethe disk image on a DVD+R or other media, enabling you to revert to this configuration quickly in the future.

Tips for Working with Virtual PCs

The following tips can save you time and aggravation when working with Virtual PCs. Use them to get the most outof your VPC investments.

1. If you are installing a Windows OS in a Virtual PC, you can save yourself at least half an hour by doing a quickformat of the virtual hard disk instead of a full format. What you're skipping is the extensive testing that the formatutility does to find bad disk sectors. It's not a real disk, so the testing is essentially useless – assuming that you havea reliable physical hard disk on your host computer.

2. When working with Virtual PCs, you have the option to turn on "undo" disks. This option allows you to experimentwith a VPC and decide at the end of your session whether to commit your changes to disk or return the disk to itsoriginal state. It's not as great as it sounds.

Undo disks can slow the VPC down to a crawl. Instead, you can "clone" a VPC. For example, if you have an exist-ing Windows XP VPC, you can copy its hard disk image file to a new VPC. If the experiments you do with thecloned VPC work, you can make that your new base VPC and delete the original. If the experiments fail, you candelete the clone. If the experiments create a configuration you want to keep in addition to the base configuration,then you can keep both around.

3. Three factors limit the number of VPCs you can keep and run: disk space, RAM, and your time. Disk space isobvious: if a VPC takes between 500 KB and 5 GB of space on your host machine's hard disk, it's easy to chew updisk space by keeping too many VPCs live. Writable DVDs are a good way to store VPCs offline.

The RAM limit is not so obvious. You would think that VPCs could utilize the large virtual memory space of your hostPC, but the actual RAM in your host limits them. For example, with the 256 MB SuSE VPC you created running, thehost PC has only 450 MB of its total 1,024 MB of physical RAM available. With the VPC closed, the host PC has750 MB of its physical RAM available. In other words, the VPC takes up the entire physical RAM you allocated, plusabout 45 MB. That makes sense, because emulating the hardware also takes some RAM.

What about your time? Just like a physical PC, a Virtual PC needs not only to be installed, but maintained as well.The disk file needs to be backed up. The operating system needs to be patched. The antivirus needs to be kept upto date, and the anti-spyware solution needs to be kept up to date.

On the other hand, if a VPC gets a virus and you have been faithful about backing up the virtual hard disk, restoringto a clean backup is a snap: delete the infected image file and copy the saved disk image back from a DVD in just afew minutes.

4. If you're planning to buy a new PC that will run multiple VPCs, include one or more big hard disks, a big backup,lots of RAM, and the fastest CPU you can get. It's only money, but giving this machine the ability to run multipleVPCs eliminates the need to buy a whole bunch of other computers.

Prototyping Complex Enterprise Solutions with aWorkstation

Suppose you have to deploy a highly available and scalable database backend solution for an Internet application. A

9



cluster immediately comes to mind. A cluster is a conglomerateof two or more machines that are capable of sharing their work-load in a real-time, near real-time, or scheduled "toggle" mode.The following are its three main components:

1. Machines running some form of an enterprise-level operating system, such as Linux, Windows, or Unix2. A network – a key component of the clustered architecture3. Cluster-capable software products running withinmachines that are designated as the cluster members

Buying some hardware to prototype and test the proposedsolution seems to be a reasonable course of action, but beforeyou embark on a hardware purchasing spree, consider anoption that will let you build a prototype of your clustered back-end application right on your desktop: virtualization.

Virtualization products support the creation of the first twoessential clustering components in your scenario: provisioningof machines and the establishment of a network between thesemachines. The third key component, cluster-capable software,is independent of the physical architecture and therefore has tobe installed as part of the prototyping process.

Let's take a look at how to prototype machine clusters for theproposed solution utilizing VMware Workstation version 5.5.

Establish the VirtualEnvironment

Step 1: Determine Guest Machine Template

To save time and expedite the effort, you should establish a"template machine" that contains all the required componentsfor your virtual machines. The example prototype uses MySQL5.1 with cluster extensions installed on the template machine.

Your configuration depends on your needs and the nature ofthe prototype (security, size, performance requirements, etc.).You could select a "hardened" installation with only the smallest,safest set of operating system components. In that event, youshould still have at least one file-transfer protocol available, sothat you can add components to your virtual machines later ifneeded. Another approach is installing the operating systemwith all the options you can imagine. This installation would cer-tainly require more resources from the virtual machine.

Step 2: Install Guest Machine

VMware Workstation offers two convenient ways to install the

10



Running a cluster prototype on a single machine iscertainly more cost effective than purchasing therequisite hardware for a physical cluster, but itdoes carry certain software, hardware, and skillsrequirements.

Software: We're using VMware Workstation 5.5because it is a highly capable virtualization prod-uct. Similar products such as Microsoft's VirtualPC and the open source Xen also would enableyou to develop similar prototyping solutions.

VMware Workstation runs on Windows XP,Windows 2003, and the majority of current Linuxdistributions. It enables installation of any x86-compliant guest operating system (even NovellNetWare), including the 64-bit offerings.

Hardware: You will need plenty of working memoryand CPU power: at least 256MB of RAM per virtualmachine plus 256-500MB for the host operatingsystem and a 2.4GHz Pentium 4 or AMD Athlon XP2400+ class or above.

Skills: In order to successfully establish the virtualcluster, you need to know the specifics of theoperating system you are installing, as well asthose for the network configurations and the clus-ter-aware software components.

Understanding a few crucial aspects of the pro-posed virtualization prototype and the strategy forits implementation will make the prototypingprocess as fast and productive as possible.

As previously mentioned, VMware works well withall three major x86-compliant operating systems:Linux, Windows, and Solaris

For prototyping three-tier application clusters, youmay find Linux on Windows to be the most con-venient combination because Linux allows forminimal, bare-bones guest operating systeminstalls and the Windows version of VMware wasthe most convenient to work with because most ofthe workstations in my professional environmentare already running some form of Windows OS (XPor Server 2003).

The cluster here consists of CentOS Linux 3 (freedistribution of RedHat ES 3) guests on a VMwareWorkstation 5.5 for Windows XP.

operating system:

1. From the host machine's physical CD/DVD drive2. From the virtual CD/DVD drive (i.e., from the ISO image on the physical machine's hard drive)

Virtual drive installation is very quick. You may find it more con-venient to have ISO images for your operating system, but keepin mind that if you have a multi-CD installation you will need toremap the virtual CD (ISO image) every time you are asked tocontinue installation from the next CD. For this reason, I founddownloading the Server ISO or DVD ISO images for Linux distri-butions (e.g., CentOS) very convenient (see Figure 5).

Each CentOS Linux 3 guest will be installed in a non-graphicmode, which occupies about 1GB of space on the hard driveand runs minimal kernel services requiring between 192MB and256MB of memory per virtual machine.

When you install the guest operating system, VMware requiresyou to specify all the basic parameters for your virtual machine:memory, network, allocated drive storage. For the templateoperating system, I usually select the default options and NAT(Network Address Translation) networking. You can customizethese options later.

Step 3: Create Clones

The ability to clone the virtual machines is the primary reasonfor having a template operating system in the first place. Youwill use it to create clone machines (i.e., other members in thecluster).

With VMware 5.5, creating clones of the virtual guests is gener-ally a simple process. It enables you to create a linked or a fullclone (see Figure 6). Linked clone is an especially convenient fea-ture for the type of prototype discussed here. As the nameimplies, it creates a clone whose installation files are linked to a"parent,” an original virtual machine, and for which VMware cre-ates only the specific configuration files. If you do not plan tomove these clone machines around, linked clones are probablythe best solution. If you plan on moving the guest machinesacross multiple host machines, I recommend going with the fullclone option. It creates a full replica of the parent virtual machine.

For the example, I created three clones of the templated Linux-with-MySQL installation.

Step 4: Configure and Customize Networking

The VMware Workstation installation process automatically configures two new (virtual) network adapters on yourmachine: VMNet1 and VMNet8. The VMNet1 adapter is used for the private networking between the host and the

11



Figure 5

Figure 6

virtual machines. VMNet8 is used for NAT networking, which enables sharing of the host's external network accesswith the virtual machines.

These adapters are essential for the interconnectivity and proper operation of the network between the virtualmachines and the host, and for the virtual machines' access to the Internet. Through these adapters, VMware pro-vides DHCP services to the virtual machines, as well as NAT access to the Internet.

VMware Network Configuration

It is time now to look at some basics of VMware network configuration and how they pertain to the cluster configu-ration.

VMware Workstation supports three network modes:

1. Bridged networking – Virtual machines have full access to the host's network. However, in order to gainaccess to the network they need to be assigned their own IP addresses.

2. NAT – With NAT configuration, guest machines do not have their own IP addresses on the external network.They are assigned IP addresses in the context of the private network within the virtual environment. Virtualmachines gain access to the external network via the host machine's VMNet8 adapter. The host machine trans-lates the traffic coming from the virtual machines via the VMNet8 adapter as well as external traffic.

3. Host Only networking – This type of networking enables the connection only between the host machine andthe virtual machine. Virtual machines do not have access to the external network.

The ability to create the virtual network adapters and configure network options as described above is essential tothe cluster prototyping process.

For the example cluster, the best approach is to start with Host Only networking to establish the interconnectivitybetween the machines in the cluster, and then to test it from the host machine.

For the cluster configuration, you need to create the subnet for the machines in the cluster and assign static IPaddresses to them. To assign static IP addresses, you should manually assign them in the C-class network rangingfrom <net>.3 to <net>.192. (Addresses <net>.1-3 are reserved for virtual machine use.)

On Linux, you could configure the subnet, range, and IP address for each machine. One way would be to add thefollowing command (use the machine IP address as specified in the MySQL tutorial):

/sbin/ifconfig eth0 192.168.0.10 netmask 255.255.255.0 broadcast 192.168.0.255

to this:

/etc/rc.d/rc.local

and execute it on startup.

Since the VMware host does not automatically provide internal DNS service for the virtual machines, you need tomanually configure some of the machines to serve the purpose of a DNS server or to configure the host files (whichis outside our scope right now).

The simplest cluster configuration has no firewalls between the machines, enabling software components to interactwith each other based on your configuration preferences. In a more sophisticated configuration, you could configure

12



special-purpose machines to serve as therouters/firewalls. (More on this option in Step 6).

Step 5: Customize Cluster-Aware SoftwareComponents

Once you have established the networkingbetween the virtual machines, and when you areoperating within the boundaries of the virtualmachine, the cluster-aware software components"see" the virtual machine exactly as they see thenetwork and surrounding software. From this pointon, the example just follows the cluster setup stepsfor the components it prototypes: MySQLManagement Server on machine 168.192.0.10,MySQL Server on 168.192.0.20, and data serverson 168.192.0.30 and 168.192.0.40 (see Figure 7).You can just follow the MySQL 5.1 clusteringinstructions, as the virtualization process requiresnothing extra except that you must have enoughRAM to support all virtual machines running con-currently.

Note: RedHat-based systems require a few extra steps in order to enable unicast-based clustering.

To enable your primary network card (likely eth0) for unicast, use the following command:

ifconfig eth0 multicast

Use this command to enable unicast:

route add -net 224.0.0.0 network 240.0.0.0 dev eth0

Step 6 (Optional): Configuring Firewall

To simulate a firewall, you could install a very small Linux virtual machine with two (virtual) network adapters (eth0,eth1) and configure Bridged networking on one adapter, allowing the incoming traffic from the external network intothat machine. You would configure the other adapter for membership in your virtual cluster's subnet. Utilizing ipta-bles and ipchains on Linux, you could configure the rules for allowed traffic between the external system (throughthe bridged adapter) and into the adapter (on the private subnet).

Now that you have configured the virtual machine to represent the cluster of physical machines getting the clusteredapplication up and running is completely a matter of following the directions as laid out in the MySQL documenta-tion. From this point on there is nothing specific to the virtual machine operations anymore. Make a note that anyconfiguration error that you may experience in the setup process will likely be related to the improper setting of thenetworking on Linux. It is absolutely essential that you understand all the intricacies of the network configurationbefore embarking on the cluster prototyping.

Once the virtual cluster is established you can proceed with the testing and experimentation that is typical for thistype of the architecture: load balancing properties by generating the load and examining the switching between theservers, suddenly bringing down (powering off) one of the servers, etc.

13



Figure 7

Keep in mind that virtual machines in this configuration will not exercise the same performance properties as theirphysical counterparts. They will perform slower. However, the performance ratios, failures, and successes observedduring the experimentation on the virtual machines will be the same for the physical counterparts. If you experiencethe performance issues with the data replication between two virtual data servers you will see the same issues in thephysical environment. The same will apply for all the positives that you may observe during the testing.

Oh, the Possibilities...

We've provided you with one idea for utilizing virtualization to prototype clustered, highly available applications. Asyou can imagine, it is only the tip of the iceberg. Here are some other interesting ideas that you may find useful.

Prototyping Different Database Designs

The database is the most critical performance component of almost any system. A proper relational design and aphysical storage strategy often help make a difference in how well the complete application performs. With virtualiza-tion products capable of savepoints (an important feature that enables you to save the complete state of the virtualmachine at a given point in time), you can establish a baseline database architecture and then explore how well thedatabase performs under different data loads, storage strategies, and logical optimizations such as denormalization.Savepoints will enable you to safely fall back to the original state of the application, or to the one you liked best.

Securing the Network

As mentioned previously, virtualization does not cover only the installation and configuration of guest machines, butalso the configuration of virtual networks. With some creativity, you could prototype and explore different configura-tions and elements of network security: machine hardening, setting up and operating honeypots and traps, probingthe network for weaknesses, exploits, and data leaks – and do it all within the safe confines of your own machine.

As you can see, virtualization software opens the door to many professionally exciting prototyping opportunities.Although we could not cover all the details involved in the relatively sophisticated prototyping process, the generalconcepts and ideas presented hopefully showed how helpful the virtualization concept can be, even in relativelycomplicated, multi-machine scenarios. So explore them. You will make yourself and your organization more agileand productive in accomplishing your technical goals.

Make A Virtual Machine Your Safe BrowsingSandbox

No matter how well protected your system is and how careful you are, browsing unknown Web sites puts your sys-tem at risk. Consider the highly publicized Microsoft Graphics Rendering Engine Vulnerability. An unpatched systemwith this vulnerability is subject to being completely taken over by an attacker. Browsing an infected Web site can beenough for this vulnerability to be exploited. Using a virtual machine for Web browsing provides an excellent defenseagainst this type of threat.

To understand how to use a virtual machine for safer browsing, first some terminology needs to be defined:

• The physical machine on which the virtualization application (e.g., Virtual PC, Virtual Server, VMware, Xen)resides is the host machine, as in the machine that hosts the virtual machine.

14



• A virtual machine is a guest machine.

The entire guest operating system and programs are written into a large virtual hard disk file that resides on the hostmachine. (Although the figures in this section use Microsoft Virtual PC 2004, the concepts illustrated are generic andapplicable to other virtualization products.)

Undoing a Threat

The single most valuable reason to use a virtualmachine for browsing is the undo capability.Microsoft implements this with its undo disksfeature. The idea is simple: Whatever takesplace in the guest machine, such as inadver-tently downloading spyware, is written toanother file instead of the principal virtual harddisk file where the OS and applications areinstalled. When the browsing session ends, theguest machine is turned off without saving anyof the changes that occurred while it was run-ning.

The undo disks feature is off by default, so youmust enable it. The following steps show howto configure it:

1. Select a virtual machine in the Virtual PCConsole.2. Click the Settings button.3. Select Undo Disks.4. Check the Enable undo disks checkboxas shown in Figure 8 and then click OK.

The advantage of using the virtual machinebecomes apparent when you turn off themachine (see Figure 9).

By selecting the option Turn off and deletechanges, you restore the virtual machine to theexact same state it was in before it was turnedon. If any malware was downloaded, it will bein the undo disk file, which is discarded. Thevirtual hard disk where the operating systemand programs reside is untouched.

In order for safe browsing to work, the virtualmachine must connect to the network. How toconfigure networking in a virtual machine is covered in the next section.

15



Figure 8

Figure 9

Enabling Network Access

Virtual PC provides two options for enabling network access via the host machine's network adapter, using eitherthe host network adapter itself or shared networking. These options are the last two in the dropdown list of network-ing options in the Virtual PC settings (see Figure 10). The second from the last option (using the host networkadapter) is different on every machine because it is the description of the network adapter on the physical hostmachine.

Enabling the host's network adapter causesthe guest machine to appear on the networkas a separate machine with its own IP address.From a networking perspective, the guest func-tions the same way as a physical machineequipped with a network adapter. This is typi-cally fine for a home network, but may notwork in a corporate environment with aWindows domain because unless the guestmachine joins the domain, it will not be author-ized and may not be able to use the network.(Note: wireless networking and dialup do notwork with a host network adapter.)

The other option to enable network access is Shared networking (NAT), which is referred to simply as NAT inVMware Workstation. With Shared networking enabled, Virtual PC serves as a NAT router that uses the host's IPaddress to access the network. Since all network access is routed through the host, you can establish networkaccess in a tightly controlled domain. If the host is authorized to use the network, then Shared networking uses thehost to connect to the network and then to the Internet. If multiple network adapters are available, you can configureShared networking only on the first one. A guest using Shared networking cannot communicate with other guestmachines on the same host. (Note: wireless networking and dialup do work with Shared networking.)

Regardless of which networking option you choose, if Windows Firewall is enabled only on the host, it will not pro-tect the guest. You must enable Windows Firewall within the guest as well to ensure maximum protection.

Mitigating Risk

Virtual PC Shared Folders are host local drives or folders that appear as mapped drives, and they are actually func-tionally equivalent to mapped drives. A guest machine used to browse the Internet should not use the SharedFolders feature or have any drives mapped. Network drives on the host cannot be shared using Shared Folders, andany type of drive mapping exposes the host filesystem to guest malware that targets mapped drives.

Remember, the objective is to keep the host safe from any malware that may affect the guest, so don't connect thehost's filesystem to the guest. However, at some point, you may want to use the guest's browser to download a filefrom the Internet and make it available to the host. The safest way to do this is to use Virtual PC's drag-and-dropfeature to transfer files between guest and host because it does not open up a TCP/IP connection between them.

Keeping a guest machine up to date with all Windows Updates, service packs, and security patches is just asimportant as keeping the host machine up to date. It's easy for a guest machine to get behind on updates becauseit typically is turned off most of the time. It has to be running to receive updates and they must not be undone whenthe machine is turned off.

16



Figure 10

Using Virtual Machines for Security Analysis

Now that you've seen how to use a virtual machine as a sort of Internet-browsing sandbox, expanding the use ofthe sandbox may seem logical. Using the Not connected network setting and then transferring a suspected malwarefile into a guest machine with drag and drop would appear to offer a safe environment for analyzing the behavior ofthe file. This technique might indeed work in many cases, but it could easily fail to detect malware in others. Theproblem is that a malicious coder can easily add code that checks whether his or her malware program is executinginside a virtual machine. The coder could program the malware to behave safely if it detects that it is running in a vir-tual environment. Thus, the malware would falsely pass the safety test and then run amuck inside the physicalmachines you wanted to protect.

Some have proposed using virtual machines to host honeypots, another security technique that may seem attrac-tive. Should malware damage the virtual honeypot, the argument goes, the virtual machine can be reset. Onceagain, the malware can determine if it's running in a virtual machine and behave differently, which makes the analysisa waste of time.

With these caveats in mind, you should always undo your changes when you browse unknown Web sites. You can'tassume that the virtual machine is free of malware just because it appears to be normal.

Keys to a Successful Virtual InfrastructureImplementation

We asked Todd Hudson, a senior systems engineer who oversaw his organization's virtual infrastructure deploy-ment, for some valuable advice for those ready to make the VM leap. Here's what he said.

The company I worked for decided to check out virtualization to reduce costs. We chose VMware because it is themarket leader and its ESX server product gave great performance for the cost. Our team consisted of an architectand three engineers. We had help from other groups as needed, but that was the core group that got it implement-ed. We spent several months training and using VMware ESX Server before implementing it enterprise-wide. Today,we have dozens of hosts running hundreds of VMs.

Comparing the differences between each product and determining which is best is beyond the scope of this article.Suffice it to say, you can pick the best product yet still fail miserably in your virtualization project if you do not planwell.

A Step-by-Step Process

When the company I worked for decided to adopt a virtualization solution, they chose VMware ESX Server for amultitude of reasons. We wanted to go with the market leader and use the product that would allow the greatestuse of virtualization, while maintaining the lowest possible costs and minimizing hardware. We found that the mainplayers for us were VMware and Microsoft, as the others were way too expensive or didn't support Microsoft as aVM. Comparing the number of VMs against the total ROI and TCO, VMware ESX was the best choice.

We spent the first few months learning about the product, completing extensive research on how to set up and con-figure it, and determining which servers would be virtual and which physical servers to migrate to a virtual environ-ment. We finally went live with our implementation after five months.

We started with the lowest-risk servers – our test servers – in case there was an issue. When all went well with the

17



test servers, we moved on to disaster recovery and staging servers. Finally, we went after the CPUs with the lowestutilization, migrating them to a virtual environment with VMware's P2V Assistant, a migration tool that transforms animage of an existing physical system into a VMware virtual machine.

At first, we fielded a lot of questions from our developers and users about VMware and how we were using it.Surprisingly, the biggest doubters were members of our IT department. We had to prove to them that virtualizationwas a good strategy for the datacenter, both in terms of productivity and cost savings. Today, the same people whoquestioned "going virtual" are the ones who complain when they can't virtualize their projects.

Two years later, we have hundreds of virtual machines running on several dozen VMware ESX Servers. Virtualizationhas been invaluable in our disaster recovery strategy, because we can swap out a failed server with a spare wekeep just for this purpose, reboot the virtual machines onto the new machine, and be up and running in about 45minutes.

Where to Begin

The best way to get any virtualization method implemented is to first understand exactly what you are trying to do.The two most common reasons for virtualizing are saving money and addressing capacity issues such as limitedrack space. No matter the issue, you can easily make a case for purchasing quad-processor servers, and perhapseven eight-way servers, because the cost of these large machines is substantially lower today than it was a fewyears ago. After all, the lowest-cost upfront method to begin your virtualization project is to use internal storage.However, in VMware's case, this would rule out the use of VMware's VMotion, which is a method of migrating virtualmachines from one physical server to another without an outage. VMotion requires a storage-attached network(SAN).

Once you choose a hardware platform and verify that all the parts are on the software manufacturer's hardwarecompatibility list, the next process is to get trained on the product.

The first step is to create a lab setup with a minimum of two physical machines, enough disk space for four to eightvirtual machines, and enough server resources (RAM, NIC, CPU, and disk I/O) to handle the virtual machines' activi-ties. Then install and configure the virtualization software. If you are using HP or IBM servers, you will need to dosome hardware tuning.

Once you have installed and properly configured the software, you need to become familiar with the product. Nomatter which product you use, the vendors all offer training at a fairly nominal cost. For support reasons, maintainingan excellent relationship with your virtualization product vendor is also critical. One bad experience can lead to virtu-alization being delayed or potentially not even being adopted.

On to the Fun Stuff

Once you are familiar with the product, create a number of virtual machines to learn how the process works.Familiarize yourself with how the VMs share the physical servers' (hosts') resources and what, if any, impact chang-ing parameters or adding new virtual machines has on the other virtual machines.

You also should create good documentation explaining how to set it all back up if (or when) an issue arises. As anexample, most companies that use VMware ESX Server do not back up the host server because installing and con-figuring it is very easy – it takes only five to seven minutes. However, backing up the virtual machines themselves iscritical, as is backing up each VM's configuration files.

When you start virtualizing, go after the least critical servers first – specifically, the ones that won't create a huge

18



problem if they fail and the ones that use minimal CPU. Typically, these are development or test servers. As anexample, my company first used a planning tool to gather metrics on CPU, network, RAM, and disk I/O over thecourse of a month. We then focused our first efforts on the physical servers that used less than 20 percent CPU,using VMware's P2V product to move them from physical machines to VMs.

Make sure your own migration process, regardless of which tool you use, does not make any changes to the physi-cal server's hard drive, as changes can cause issues. VMware's P2V tool boots to a CD-ROM and writes no data tothe physical server's hard drive at all. This way, if you have to turn the VM off and fail back to the physical server, itmost likely will work without problems.

Once you have the lower-end servers running in a virtual environment, you can tackle the higher-end servers, thosethat have 20 to 40 percent CPU usage. Give careful consideration to avoid overloading a system. It is better to mixhigh CPU/low disk I/O/low RAM usage virtual machines with virtual machines that are low CPU/high RAM usagethan to have all of the same type on the same physical server.

Issues and Resolutions

As you well know, the server will eventually fail, if for no other reason than a system board failure. To help minimizethis impact, do not group all virtual machines from the same group together, nor group all production or all testservers together. We decided that no more than 60 percent of the virtual machines on a physical server would beproduction servers; we use the rest of the capacity for development, staging, test, and disaster recovery virtualmachines. This way, if a server goes down, it is easy to prioritize which virtual machines need to be recovered in theevent of a serious disk failure. Or if the system board has an issue, an entire group of virtual machines won't godown with it. Rather, just a few systems from each of several groups are affected.

When you are deciding what else to migrate to a virtual environment, stop and review the documentation. Is it cur-rent, or have you made some changes? If so, update it first and then ensure that various members of your teamhave been cross-trained. Planning like this is where you can make yourself (and your virtualization project) really valu-able to your managers and executive team.

As your virtual infrastructure grows, expect growing pains that test the manageability of the new environment. If theproduct you are using for virtualization does not have strong management capabilities, you'll end up spending a lotof time performing duties that otherwise could have been automated.

As an example, suppose you have more than 50 virtual machines running on several servers. How do you find out(easily and quickly) where VM "X" is? What if you have 300+ virtual machines? What if you have 1,000? How do youshut down all of the virtual machines, or automatically start them when you need to reboot the physical server? WithVMware's VirtualCenter product, you can easily do all this and more. If a product like VirtualCenter is not available,you will need to consider some type of scripting, such as Perl, to automate some of these functions. Otherwise,they will eat up your time and you will not gain all the efficiencies and cost savings that virtualization promises. Forexample, if you need to perform an upgrade of the host server for the virtualization product you choose, you thengenerally need to upgrade a software component running in each VM as well. Since it takes one minute to log on toa system, doing this manually is very time consuming.

Planning Is Key

Virtualization is here to stay. According to everything I have read, companies that do not use virtualization technologywill have higher costs in not only acquiring new systems, but also in maintaining existing (legacy) systems. Based onwhat I have seen at different engagements, for every 1,000 servers a company has, it stands to save a minimum of$750,000 by using virtualization.

19



Which product should you pick? That depends on what you are looking to do. What works for one company will notnecessarily be right for your company. Not that the product cannot do what you need, but if you want to virtualize anumber of test servers and are really sensitive to upfront costs, then you need to look for a less expensive solution. With planning and some training, your company can easily amass significant savings. Plan well so you can executeflawlessly. If you succeed, your group will be stars to management. And when you look back after your first year andsee the money you've saved, how about throwing some my way? : )

This content was adapted from the Special Report “Virtual Machines Usher in a New Era” on DevX.com.Contributors: Glen Kunene, Megan Davis, Wellie Chao, Martin Heller, Edmon Begoli, John Paul Cook, and ToddHudson.

Copyright 2006 Jupitermedia Corp.

20



the developer’s guide to virtual...

Documents