Virtual Machine - Center | studyslide.com

Virtual Machine - Center

Transcript Virtual Machine - Center

Microsoft
Virtual
Academy
Part 1 | Windows Server 2012 Hyper-V &.
VMware vSphere 5.1
(01) Introduction & Scalability
Part 2 | System Center 2012 SP1 &
VMware’s Private Cloud
(05) Introduction & Overview of
System Center 2012
(02) Storage & Resource Management
(06) Application Management
(03) Security, Multi-tenancy & Flexibility
(07) Cross-Platform Management
(04) High-Availability & Resiliency
(08) Foundation, Hybrid Clouds & Costs
** MEAL BREAK **
Microsoft
Virtual
Academy
ISOLATION AND
MULTITENANCY
New feature
Handles network traffic among virtual
machines, external network, and host
operating system
Benefits
• Layer 2 virtual interface
• Managed programmatically
• Extensible by partners or customers
Hyper–V host
Virtual machine
Virtual machine
Network
application
Virtual network
adapter
Virtual machine
Network
application
Network
application
Virtual network
adapter
Virtual network
adapter
Hyper-V
Extensible Switch
Physical network
adapter
Physical switch
6
7
Hyper-V
(2012)
vSphere
Hypervisor
vSphere 5.1
Enterprise Plus
Yes
No
Replaceable1
5
No
2
Private Virtual LAN (PVLAN)
Yes
No
Yes1
ARP Spoofing Protection
Yes
No
vCNS/Partner2
DHCP Snooping Protection
Yes
No
vCNS/Partner2
Virtual Port ACLs
Yes
No
vCNS/Partner2
Trunk Mode to Virtual Machines
Yes
No
Yes3
Port Monitoring
Yes
Per Port Group
Yes3
Port Mirroring
Yes
Per Port Group
Yes3
Capability
Extensible vSwitch
Confirmed Partner Extensions
1 The
vSphere Distributed Switch (required for PVLAN capability) is available only in the Enterprise Plus edition of
vSphere 5.1 and is replaceable (By Partners such as Cisco/IBM) rather than extensible.
2 ARP Spoofing, DHCP Snooping Protection & Virtual Port ACLs require the App component of VMware vCloud
Network & Security (vCNS) product or a Partner solution, all of which are additional purchases
3 Trunking VLANs to individual vNICs, Port Monitoring and Mirroring at a granular level requires vSphere Distributed
Switch, which is available in the Enterprise Plus edition of vSphere 5.1
vSphere Hypervisor / vSphere 5.x Ent+ Information: http://www.vmware.com/products/cisco-nexus-1000V/overview.html, http://www03.ibm.com/systems/networking/switches/virtual/dvs5000v/, http://www.vmware.com/technical-resources/virtualization-topics/virtual-networking/distributed-virtual-switches.html,
http://www.vmware.com/files/pdf/techpaper/Whats-New-VMware-vSphere-51-Network-Technical-Whitepaper.pdf, http://www.vmware.com/products/vshield-app/features.html and
http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9902/data_sheet_c78-492971.html
• Reduces latency of network path
• Reduces CPU utilization for
processing network traffic
• Increases throughput
• Supports Live Migration
Root Partition
Hyper-V Switch
Routing
VLAN Filtering
Data Copy
Virtual Machine
Virtual NIC
Virtual Function
PhysicalSR-IOV
NIC
Physical NIC
Network
SR-IOV
NetworkI/O
I/Opath
pathwithout
with SR-IOV
Turn On IOV




Enable IOV (VM NIC Property)
Virtual Function is “Assigned”
Team automatically created
Traffic flows through VF
Live Migration
Post Migration
 Break Team
 Remove VF from VM
 Migrate as normal
 Reassign Virtual Function
 Assuming resources are available
 Software path is not used
Virtual Machine
Network Stack
Software NIC
“TEAM”
“TEAM”
VM has connectivity even if
Software Switch
(IOV Mode)
Virtual Function
Physical
SR-IOV
NIC Physical NIC




Switch not in IOV mode
IOV physical NIC not present
Different NIC vendor
Different NIC firmware
Software Switch
(IOV Mode)
Virtual Function
SR-IOV Physical NIC
Hyper-V
(2012)
vSphere
Hypervisor
vSphere 5.1
Enterprise Plus
Dynamic Virtual Machine Queue
Yes
NetQueue1
NetQueue1
IPsec Task Offload
Yes
No
No
SR-IOV with Live Migration
Yes
No2
No2
Storage Encryption
Yes
No
No
Capability
1 VMware
vSphere and the vSphere Hypervisor support VMq only (NetQueue)
SR-IOV implementation does not support vMotion, HA or Fault Tolerance. DirectPath I/O, whilst not
identical to SR-IOV, aims to provide virtual machines with more direct access to hardware devices, with
network cards being a good example. Whilst on the surface, this will boost VM networking performance, and
reduce the burden on host CPU cycles, in reality, there are a number of caveats in using DirectPath I/O:
2 VMware’s
•
•
•
•
•
•
•
•
Very small Hardware Compatibility List
No Memory Overcommit
No vMotion (unless running certain configurations of Cisco UCS)
No Fault Tolerance
No Network I/O Control
No VM Snapshots (unless running certain configurations of Cisco UCS)
No Suspend/Resume (unless running certain configurations of Cisco UCS)
No VMsafe/Endpoint Security support
SR-IOV also requires the vSphere Distributed Switch, meaning customers have to upgrade to the highest
vSphere edition to take advantage of this capability. No such restrictions are imposed when using SR-IOV in
Hyper-V, ensuring customers can combine the highest levels of performance with the flexibility they need for
an agile infrastructure.
vSphere Hypervisor / vSphere 5.x Ent+ Information: http://www.vmware.com/pdf/Perf_Best_Practices_vSphere5.1.pdf
VIRTUAL MACHINE
MOBILITY
Improvements
• Faster and simultaneous migration
• Live migration outside a clustered
environment
Modified
Memory
Storage
Live migration
pages
handle
transferred
moved
setup
VM
MEMORY
Live migration based on server
message block (SMB) share
Modified
memory
pages
Configuration
Memory
content
data
IP connection
• Store virtual machines on a File Share
SMB network storage
VM
VIRTUAL MACHINE
MOBILITY
Live migration of storage
Move virtual hard disks attached
to a running virtual machine
Disk
Disk
Reads
writes
contents
and
are mirrored;
writes
are copied
gooutstanding
to to
new
new
Reads and writes go to the source VHD
changes
destination
are replicated
VHD
Computer running
Hyper-V
Benefits
• Manage storage in a cloud environment
with greater flexibility and control
Virtual machine
• Move storage with no downtime
• Update physical storage available to a
virtual machine (such as SMB-based
storage)
• Windows PowerShell cmdlets
Source device
Target device
VIRTUAL MACHINE
MOBILITY
Benefits
• Increase flexibility of virtual machine
placement
Source
Hyper-V
Virtual
machine
MEMORY
Shared-nothing live migration
Disk
Reads
Disk
contents
writes
and writes
are
arecopied
mirrored;
go totothe
new
Live
Live Migration
Migration Completes
Continues
outstanding
source VHD.
destination
source
changes
Live Migration
VHD
VHD
are replicated
Begins
Destination
Hyper-V
Live Migration
Configuration
data
Modified
memory
pages
Memory
content
Virtual
machine
IP connection
• Increase administrator efficiency
• Reduce downtime for migrations across
cluster boundaries
Source device
Target device
Aggregation
Switches
VLAN tags
ToR
ToR
VMs
Topology limits VM placement and requires
reconfiguration of production switches
Blue VM
Blue Network
Red VM
Virtualization
Physical
Server
Physical
Network
Red Network
Provider Address Space (PA)
Blue
Corp
Red
Corp
System Center
Blue
10.0.0.5
10.0.0.7
Red
10.0.0.5
10.0.0.7
Datacenter Network
Virtualization Policy
10.0.0.5
10.0.0.7
10.0.0.5
10.0.0.7
Blue
192.168.4.11
192.168.4.22
Red
192.168.4.11
192.168.4.22
192.168.4.11
192.168.4.22
Host 1
Host 2
Blue
10.0.0.5 192.168.4.11
10.0.0.7 192.168.4.22
Blue
10.0.0.5 192.168.4.11
10.0.0.7 192.168.4.22
Red
10.0.0.5 192.168.4.11
10.0.0.7 192.168.4.22
Red
10.0.0.5 192.168.4.11
10.0.0.7 192.168.4.22
Blue1
Red1
Blue2
Red2
10.0.0.5
10.0.0.5
10.0.0.7
10.0.0.7
Customer Address Space (CA)
Customer
Network
Virtual
Subnet
Hoster Datacenter
Blue Corp
Blue R&D Net
Blue Subnet1
Blue Subnet2
Blue Subnet3
Red Corp
Blue Sales Net
Red HR Net
Blue Subnet5
Red Subnet2
Blue Subnet4
Red Subnet1
192.168.2.22
GRE Key
192.168.5.55
5001
10.0.0.5 
MAC
10.0.0.7
192.168.2.22
GRE Key
192.168.5.55
6001
10.0.0.5 
MAC
10.0.0.7
192.168.2.22
10.0.0.5
10.0.0.5
10.0.0.7
10.0.0.5
10.0.0.5
10.0.0.7
192.168.5.55
10.0.0.7
10.0.0.5 
10.0.0.7
10.0.0.7
10.0.0.5
10.0.0.7
VM1
Windows Server 2012
Management
Live Migration
Cluster
Storage
CA1
VM1
CA1
Hyper-V Switch
VSID ACL Isolation
Switch Extensions
Network Virtualization
Host Network Stack
IP Virtualization
Policy Enforcement
Routing
PA1
NIC
NIC
Data Center Policy
Blue
•
•
•
•
Red
•
•
•
•
System
Center
System
Center
Host
Agent
Datacenter
PA1
PAX
PA2
PA Y
Host 1
CA1
Host 2
CAX
AA1
VM1
AAX
VMX
CA2
VM2
CA Y
VMY
VM1: MAC1, CA1, PA1
VM2: MAC2, CA2, PA3
VM3: MAC3, CA3, PA5
…
VM1: MACX, CA1, PA2
VM2: MACY, CA2, PA4
VM3: MACZ, CA3, PA6
…
10.0.0.5
10.0.0.5
Blue1
Red1
VSID
5001
where is 10.0.0.7 ?
ARP for 10.0.0.7
Hyper-V Switch broadcasts ARP to:
1. All local VMs on VSID 5001
2. Network Virtualization filter
VSID
6001
Hyper-V Switch
10.0.0.7
10.0.0.7
Blue2
Red2
VSID
5001
Hyper-V Switch
OOB: VSID:5001
VSID ACL Enforcement
Network Virtualization
IP Virtualization
Policy Enforcement
Routing
ARP for 10.0.0.7
Network Virtualization filter responds
to ARP for IP 10.0.0.7 on VSID 5001
with Blue2 MAC
VSID
6001
VSID ACL Enforcement
Network Virtualization
IP Virtualization
Policy Enforcement
Routing
192.168.4.22
192.168.4.11
NIC
MACPA1
MACPA2
NIC
10.0.0.5
10.0.0.5
Blue1
Red1
VSID
5001
Blue1 learns MAC of Blue2
Use MACB2 for 10.0.0.7
10.0.0.7
10.0.0.7
Blue2
Red2
VSID
5001
VSID
6001
Hyper-V Switch
Hyper-V Switch
OOB: VSID:5001
VSID ACL Enforcement
Use MACB2 for 10.0.0.7
VSID
6001
VSID ACL Enforcement
Network Virtualization
Network Virtualization
IP Virtualization
Policy Enforcement
Routing
IP Virtualization
Policy Enforcement
Routing
192.168.4.22
192.168.4.11
NIC
MACPA1
MACPA2
NIC
10.0.0.5
10.0.0.5
Blue1
Red1
VSID
5001
sent from Blue1
MACB1MACB2
VSID
6001
10.0.0.5  10.0.0.7
in Hyper-V switch
Hyper-V Switch
10.0.0.7
10.0.0.7
Blue2
Red2
VSID
5001
Hyper-V Switch
OOB: VSID:5001
VSID ACL Enforcement
Network Virtualization
IP Virtualization
Policy Enforcement
Routing
MACB1MACB2
10.0.0.5  10.0.0.7
in Network Virtualization filter
OOB: VSID:5001
MACB1MACB2
10.0.0.5  10.0.0.7
VSID
6001
VSID ACL Enforcement
Network Virtualization
IP Virtualization
Policy Enforcement
Routing
192.168.4.22
192.168.4.11
NIC
MACPA2
MACPA1
NIC
NVGRE on the wire
MACPA1  MACPA2
192.168.4.11  192.168.4.22
5001 MACB1MACB2
10.0.0.5  10.0.0.7
10.0.0.5
10.0.0.5
Blue1
Red1
VSID
5001
VSID
6001
received by Blue2
MACB1MACB2
10.0.0.7
Blue2
Red2
10.0.0.5  10.0.0.7
VSID
5001
in Hyper-V switch
Hyper-V Switch
10.0.0.7
Hyper-V Switch
OOB: VSID:5001
VSID ACL Enforcement
Network Virtualization
IP Virtualization
Policy Enforcement
Routing
MACB1MACB2
VSID ACL Enforcement
10.0.0.5  10.0.0.7
in Network Virtualization filter
Network Virtualization
OOB: VSID:5001
MACB1MACB2
VSID
6001
10.0.0.5  10.0.0.7
IP Virtualization
Policy Enforcement
Routing
192.168.4.22
192.168.4.11
NIC
MACPA2
MACPA1
NIC
NVGRE on the wire
MACPA1  MACPA2
192.168.4.11  192.168.4.22
5001 MACB1MACB2
10.0.0.5  10.0.0.7
Hyper-V
(2012)
vSphere
Hypervisor
vSphere 5.1
Enterprise Plus
Yes
No1
Yes2
1GB Simultaneous Live Migrations
Unlimited3
N/A
4
10GB Simultaneous Live Migrations
Unlimited3
N/A
8
Live Storage Migration
Yes
No4
Yes5
Shared Nothing Live Migration
Yes
No
Yes5
Network Virtualization
Yes
No
VXLAN6
Capability
VM Live Migration
1 Live
Migration (vMotion) is unavailable in the vSphere Hypervisor – vSphere 5.1 required
2 Live Migration (vMotion) and Shared Nothing Live Migration (Enhanced vMotion) is available in Essentials Plus &
higher editions of vSphere 5.1
3 Within the technical capabilities of the networking hardware
4 Live Storage Migration (Storage vMotion) is unavailable in the vSphere Hypervisor
5 Live Storage Migration (Storage vMotion) is available in Standard, Enterprise & Enterprise Plus editions of vSphere 5.1
6 VXLAN is a feature of the vCloud Networking & Security Product, which is available at additional cost to vSphere 5.1.
In addition, it requires the vSphere Distributed Switch, only available in vSphere 5.1 Enterprise Plus.
vSphere Hypervisor / vSphere 5.x Ent+ Information: http://www.vmware.com/products/vsphere/buy/editions_comparison.html,
http://www.vmware.com/files/pdf/products/vcns/vCloud-Networking-and-Security-Overview-Whitepaper.pdf http://www.vmware.com/products/datacenter-virtualization/vcloudnetwork-security/features.html#vxlan
©2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Office, Azure, System Center, Dynamics and other product names are or may be registered trademarks and/or trademarks in the
U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft
must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
3

Virtual Machine - Center

Transcript Virtual Machine - Center

Directory