Monday, March 13, 2017

Introduction to Virtualization on Solaris and Linux

Virtualization describes a technology in which an application, guest OS or data storages is abstracted away from the true underlying hardware or software.
Key use of virtualization technology is server virtualization.
The performance of the virtual system is not equal to the performance of the OS running on the true hardware; the concept of virtualization works because most guest OS and application don’t need the full use of the underlying hardware.
This allows for greater flexibility, control and isolation by removing the depending on n a given hardware platform.
Whilst initially mean for server virtualization, the concept of virtualization has spread to applications, networks, data and desktops.

Kernel-based Virtual Machine (KVM) is a free, open source virtualization architecture for Linux distributions.
KVM virtualization, which is supported by RedHat; uses Type-2 hypervisor that resides within the Linux kernel.  KVM virtualization is often compared with Xen.

A hypervisor is a function which abstracts-isolates -OS and applications from the underlying computer hardware.  This abstraction allows the underlying host machine hardware to independently operate one or more virtual machines as guests, allowing multiple guest VMs to effectively share the system’s physical compute resources, such as processor cycles, memory space, network bandwidth and so on.

A hypervisor is sometimes also called a virtual Machine Monitor (VMM).

A hypervisor makes the underlying hardware details irrelevant to the VMs.  This allows any VMs to be moved or migrated between any local or remote virtualized servers – with sufficient computing resources available – almost at- will with effectively zero disruption to the VM; a feature often termed as “Live Migration”.
VMs are also logically isolated from each other, even though they run on the same physical machine.
In effect, a VM has no native knowledge or dependence on any other VMs.  An error, crash or malware attack on one VM does not proliferate to other VMs on the same or other machines.  This makes hypervisor technology extremely secure.

Type-1: Bare Metal
Type-2: Hosted

Type-1/Bare Metal:
Hypervisors are deployed directly a top the system’s hardware without any underlying OS or other software.  These are called “Bare Metal” hypervisors and are the most common and popular type of hypervisor for the enterprise data center.
Eg: VSphere or Hyper-V


Hypervisors runs as a software layer atop a host OS and are usually called “Hosted” hypervisors like VMware. Hosted hypervisors are often found on end points like PCs.
The role of hypervisor is expanding.

Storage Hypervisors are used to virtualize all of the storage resources in the environment to create centralized storage pools that administrators can provision, without having to concern themselves with where the storage was physically located.

Networks are also being virtualized with hypervisors, allowing networks and network devices to be created, changes, managed and destroyed entirely through software without ever touching physical network devices.

Solaris Zones:
Zones is a software partitioning technology that enables the creation and management of multiple virtualized OS execution environments within a single instance of the Solaris Kernel.  Each zone (virtualized environment) appears as a system to the processes, users, and administrators within the zone and is isolated from other zones running within the same kernel instance.
Note: theoretically/ conceptually – The upper limit for the number of zones on a system is 8192.

The isolation provides security, since processes running in one zone are not visible to the processes running in other zones in the same kernel instance.  The only exception to this is the global zone, which is the primary zone that represents the Solaris kernel instance.  All processes running in all zones in a kernel instance are visible to the global zone.
Zones also provide a resource management container, such that zones created to run specify applications (webserver, database server etc) can be configured to use a subset of the hardware resources available on the system.

Some refer to Zones and Containers interchangeably as if they mean exactly the same thing.  This is incorrect because containers is a technology that comprises the resource management features, such as resource pools and solaris zones.  Solaris zones is a subset of containers, so the two terms should not be used interchangeably.

1.       Containers = Zones + SRM (Solaris Resource Management)
2.       Containers is a technology that comprises the resource management features, such as resource pools and solaris zones
3.       Remember solaris containers use the same kernel structure.

Resource Management:
1.       One of the integral component of Soalris10 containers technology.
2.       Allows us to perform –
a.       Allocate specific computer resource, such as CPU times & memory
b.       Monitor how resource allocations are being used and adjust the allocation when required.
c.       Generates more detailed accounting information
d.       A new resource capping daemon (rcapd) by a project. [Remember, a project can be number of processes/users].

1.       Resource Management feature of Solaris containers is extremely useful when a need of consolidating a number of applications to run on a single server.
2.       Reduces cost, complexity of having to manage numerous separate systems.
3.       Consolidate applications onto fewer, larger, more scalable servers, and also segregate the work load to restrict the resources that each can use.
4.       Via Resource Management feature, multiple workloads can now be run on a single server, providing an isolated environment for each, so that one workload cannot affect the performance of the other.
5.       Resource pools can be utilized to group applications, functions, together and control their resource usage globally, such as the maximum amount of CPU resource or memory.  Additionally, the resource management feature can tailor the behavior of the Fair Share Scheduler (FSS) to give priority to specific applications.  This is very useful if, to allocation additional resources to a group of resources for a limited period of time.
Before Resource Management, was introduced, this would have meant that a larger server would be needed to accommodate the resource requirement; even though it only  would be used to its capacity once in a month.  Now the resources can be allocated accordingly to priority, allowing the server to be more effectively utilized.

1.       In virtualization terminology, Logical DOMains (LDOM) is a technology for server virtualization that enable users to allocate system resources, such as memory or devices into logical groupings in order to create multiple virtual machines.
2.       Each of the these virtual machines can use its own OS, have its own resources and also be identified as a single stand-alone unit within the computer system.
3.       LDOM is a free Sun virtualization technology and is supported on Sun servers which utilize Ultra SPARC T1 or Ultra SPARC T2 processors, running at least Solaris 10 11/06 and the latest server firmware.
4.       LDOMs make use of a hypervisor as a layer of abstraction between real, physical hardware and virtual hardware.  This virtual hardware is then used to create number of guest system which can behave very similar to a system running on bare metal.
5.       Importantly, each has its own OBP, each will install its own copy of the Solaris OS and each will see a certain amount of CPU, memory, disk and network resources available to it.
6.       Unlike some other Type1 hypervisors running on X86 hardware, the SPARC hypervisor is embedded in the system firmware and makes both of supporting functions in the Sun4V SPARC instruction set as well as the overall CPU architecture to fulfill its function