virtualization xen, linux vserver, planet lab. paper container-based operating system...
TRANSCRIPT
Virtualization
Xen , Linux Vserver , Planet Lab
Paper• Container-based Operating System Virtualization: A Scalable, High-performance Alternative to Hyper
visors Stephen Soltesz, Herbert P¨otzl, Marc E. Fiuczynski, Andy Bavier, and Larry Peterson Princeton University• PlanetLab Architecture: An Overview Larry Peterson*, Steve Muir*, Timothy Roscoey, Aaron Klingaman*• * Princeton University , Intel Research – Berkeley
What is virtualization ?
• Virtualization is a broad term which refers to many different aspects of computing. In essence has to be some sort of abstraction of resources.
• These resources could be computing power or storage.
Why is virtualization important ?
• The one server one application idea can be avoided. Multiple servers can coexist on the same physical machine bringing IT costs down. Also makes administration easier.
Application
OS
Application
OS
Application
OS
Application
OS
Application
OS
Application
OS
Application
OS
Virtual Machine Monitor
Hardware
Why is virtualization important ?
• Data Recovery• Other areas include research areas such as
Planet Lab , High Performance Clustering etc.• http://news.zdnet.com/2036-2_22-6058678.html
Basic Concepts
• Host – The physical computer on which the virtual machine is loaded.
• Virtual Machine – It’s a software environment which appears to a guest OS as hardware. It consists of some computing power (CPU), Memory, NIC, and hard drive.
• Virtualization Layer – This is what is available as resources to the virtual machines. Also know as virtual machine monitor.
Different Virtualization Models
• Vmware Model• Xen Model• Linux Vserver Model
VMware model
• Reference: Virtualization with VMware ESX Server By Al Muller, Seburn Wilson• Publisher: Syngress
Full Virtualization
• It provides total abstraction of the underlying physical system and creates a complete virtual system in which the guest operating system can execute.
• No modification is required in the guest OS or application.
• Example VMware ESX server
Drawbacks of Full Virtualization
• X86 architecture is not meant for virtualization. This reduces performance and increases complexity.
Xen Model
• Reference : http://www.dell.com/downloads/global/power/ps3q05-20050191-Abels.pdf
Para virtualization
• This provides each VM with an abstraction of the hardware that is similar but not identical to the hardware.
• It requires modification to the guest OS that are run on the VM.
• No changes to the ABI are to be made, so applications remain the same.
Issues in Virtualization
• Efficiency Vs Isolation• The paper argues that isolation is dependant
on the usage scenario. It sacrifices isolation partially in favour of performance.
Motivation for Container based OS
• Organizations run many copies of the same server software, operating system distribution and kernels in their mix of VMs.
• If this is the case then the same shared virtualized OS image can be used for all virtual machines.
Container Based OS VMM
Container Based OS VMM
Hosting platform consists of the shared OS image and the privileged host (VMHost).
VMHost – This is the VM that the system admin uses to manage other VMs.
How does this differ from Xen ? • Fault Isolation : Container based VMM cant
provide fault isolation as they use a single shared kernel. So if the kernel fails, all the VMs are affected.
• Resource Isolation : VMM should be able to isolate one VM from accessing resources of another VM.
• Security Isolation: VMM should isolate access to logical objects such as files, memory addresses, user id’s and so on.
How does this differ from Xen ?
• Key Difference : Hypervisors can run multiple kernels while container based OS VMM cant do that.
• On the other hypervisor based systems cant have live update.
Security Isolation in container based VMM
• Contexts : Separation of namespaces• Filters : Access Control Lists
• Hardware virtualization
Resource Isolation• CPU Isolation• Token bucket filter runs on top of O(1) scheduler.• Each VM has a bucket where it collects tokens at a
specified rate. • Tokens are charged on the basis of running processes
per VM.
Resource Isolation• Network Isolation• Hierarchical Token bucket is used to provide
bandwidth reservations. • Each VM has a specified reservation and a share.• Each packet has a context id tagged to it to map it to
the VM.
Security Isolation• Processes belonging to different VMs are not allowed
to interact with each other.
Comparison
Planet Lab Overview• Planet Lab is a geographically distributed
platform for deploying, evaluating, and accessing planetary-scale net-work services.
• The internet has been a success and as a result has become ossified – that is it is resistant to change. Its difficult to introduce new ideas without trying them out.
Reference : http://www.planet-lab.org/Talks/2004-01-30-APAN.pdf
• Planet Lab is a sort of a test bed or deployment platform of 1000 servers spread across more than 35 countries.
Planet Lab Features
• Distributed Virtualization : The need is for a global platform that supports broad coverage services at multiple points of presence.
• Each service runs as a slice of Planet Lab’s global resources.
• What is a slice ? • A slice is a network of virtual machines.
Planet Lab Features
• Node : A physical machine capable of one or more virtual machines. It must have at least one non-shared IP address. Each unique node has a unique node Id.
Virtual Machine Monitor (VMM)
NodeMgr
LocalAdmin
VM1 VM2 VMn…
Planet lab Features
• Node Manager : It is a program running on each node that creates VMs on that node and controls the allocation of resources to those VMs.
Slices
Slices
Slices
• The individual VM’s that make up a slice contain no information about the other VMs in the set.
• The slice state is maintained by the Slice Authority. This task is done by the PLC for system wide slices.
• Creating a slice is a multistage process involving the node owner, slice creation service and a slice authority.