Virtualization

Xen , Linux Vserver , Planet Lab

Paper• Container-based Operating System Virtualization: A Scalable, High-performance Alternative to Hyper

visors Stephen Soltesz, Herbert P¨otzl, Marc E. Fiuczynski, Andy Bavier, and Larry Peterson Princeton University• PlanetLab Architecture: An Overview Larry Peterson*, Steve Muir*, Timothy Roscoey, Aaron Klingaman*• * Princeton University , Intel Research – Berkeley

What is virtualization ?

• Virtualization is a broad term which refers to many different aspects of computing. In essence has to be some sort of abstraction of resources.

• These resources could be computing power or storage.

Why is virtualization important ?

• The one server one application idea can be avoided. Multiple servers can coexist on the same physical machine bringing IT costs down. Also makes administration easier.

Application

OS

Application

OS

Application

OS

Application

OS

Application

OS

Application

OS

Application

OS

Virtual Machine Monitor

Hardware

Why is virtualization important ?

• Data Recovery• Other areas include research areas such as

Planet Lab , High Performance Clustering etc.• http://news.zdnet.com/2036-2_22-6058678.html

Basic Concepts

• Host – The physical computer on which the virtual machine is loaded.

• Virtual Machine – It’s a software environment which appears to a guest OS as hardware. It consists of some computing power (CPU), Memory, NIC, and hard drive.

• Virtualization Layer – This is what is available as resources to the virtual machines. Also know as virtual machine monitor.

Different Virtualization Models

• Vmware Model• Xen Model• Linux Vserver Model

VMware model

• Reference: Virtualization with VMware ESX Server By Al Muller, Seburn Wilson• Publisher: Syngress

Full Virtualization

• It provides total abstraction of the underlying physical system and creates a complete virtual system in which the guest operating system can execute.

• No modification is required in the guest OS or application.

• Example VMware ESX server

Drawbacks of Full Virtualization

• X86 architecture is not meant for virtualization. This reduces performance and increases complexity.

Xen Model

• Reference : http://www.dell.com/downloads/global/power/ps3q05-20050191-Abels.pdf

Para virtualization

• This provides each VM with an abstraction of the hardware that is similar but not identical to the hardware.

• It requires modification to the guest OS that are run on the VM.

• No changes to the ABI are to be made, so applications remain the same.

Issues in Virtualization

• Efficiency Vs Isolation• The paper argues that isolation is dependant

on the usage scenario. It sacrifices isolation partially in favour of performance.

Motivation for Container based OS

• Organizations run many copies of the same server software, operating system distribution and kernels in their mix of VMs.

• If this is the case then the same shared virtualized OS image can be used for all virtual machines.

Container Based OS VMM

Container Based OS VMM

Hosting platform consists of the shared OS image and the privileged host (VMHost).

VMHost – This is the VM that the system admin uses to manage other VMs.

How does this differ from Xen ? • Fault Isolation : Container based VMM cant

provide fault isolation as they use a single shared kernel. So if the kernel fails, all the VMs are affected.

• Resource Isolation : VMM should be able to isolate one VM from accessing resources of another VM.

• Security Isolation: VMM should isolate access to logical objects such as files, memory addresses, user id’s and so on.

How does this differ from Xen ?

• Key Difference : Hypervisors can run multiple kernels while container based OS VMM cant do that.

• On the other hypervisor based systems cant have live update.

Security Isolation in container based VMM

• Contexts : Separation of namespaces• Filters : Access Control Lists

• Hardware virtualization

Resource Isolation• CPU Isolation• Token bucket filter runs on top of O(1) scheduler.• Each VM has a bucket where it collects tokens at a

specified rate. • Tokens are charged on the basis of running processes

per VM.

Resource Isolation• Network Isolation• Hierarchical Token bucket is used to provide

bandwidth reservations. • Each VM has a specified reservation and a share.• Each packet has a context id tagged to it to map it to

the VM.

Security Isolation• Processes belonging to different VMs are not allowed

to interact with each other.

Comparison

Planet Lab Overview• Planet Lab is a geographically distributed

platform for deploying, evaluating, and accessing planetary-scale net-work services.

• The internet has been a success and as a result has become ossified – that is it is resistant to change. Its difficult to introduce new ideas without trying them out.

Reference : http://www.planet-lab.org/Talks/2004-01-30-APAN.pdf

• Planet Lab is a sort of a test bed or deployment platform of 1000 servers spread across more than 35 countries.

Planet Lab Features

• Distributed Virtualization : The need is for a global platform that supports broad coverage services at multiple points of presence.

• Each service runs as a slice of Planet Lab’s global resources.

• What is a slice ? • A slice is a network of virtual machines.

Planet Lab Features

• Node : A physical machine capable of one or more virtual machines. It must have at least one non-shared IP address. Each unique node has a unique node Id.

Virtual Machine Monitor (VMM)

NodeMgr

LocalAdmin

VM1 VM2 VMn…

Planet lab Features

• Node Manager : It is a program running on each node that creates VMs on that node and controls the allocation of resources to those VMs.

Slices

Slices

Slices

• The individual VM’s that make up a slice contain no information about the other VMs in the set.

• The slice state is maintained by the Slice Authority. This task is done by the PLC for system wide slices.

• Creating a slice is a multistage process involving the node owner, slice creation service and a slice authority.