SUM405D: Virtualizing the Datacenter with Citrix XenServer 6.0
Download
Report
Transcript SUM405D: Virtualizing the Datacenter with Citrix XenServer 6.0
SUM405D: Virtualizing
the Datacenter with Citrix
XenServer 6.0
Mike Palmer
Product Specialist WW Technical Readiness
October 2011
Facilitators
• John Carver
• Diego Zaccariotto
• Olivier Withoff
If you have any questions or problems, please raise your hand
Agenda
• XenServer 6.0 New Feature Review (~10 minutes)
• Hands on Labs
•Virtual Appliances lab (~20 minutes)
•Distributed Virtual Switch (vSwitch) Lab (~100 minutes)
•Disaster Recovery Lab (~50 minutes)
XenServer 6.0 New Feature Review
XenServer 6.0 Simplifies Install, Upgrade & Management
• Simplified Installer
• Only one ISO
• Fully Automatic Upgrades
• XenCenter Rolling Pool Upgrade Wizard
• Fully Integrate StorageLink
• XenCenter Integrated access to storage array features
• Fully Integrated Disaster Recovery
• XenCenter integrated DR
• Import and Play Virtual Appliances
• Citrix Licensing, Workload Balancing, Distributed Virtual Switch (vSwitch) Controller
Rolling Pool Upgrade Wizard
• Upgrades all servers in a pool … one server at a time
• VMs are migrated to other servers while each server is upgraded
• All services offered by the pool remain available at all times
• VMs are automatically migrated to other servers while each server is upgraded
• Automated pre-upgrade checks
• Disable HA & WLB
• Remove CD/DVD from VMs
• Blocks unsupported upgrades
• Any pre-upgrade changes are automatically reversed after the server upgrade
StorageLink
• Storage fabrics and arrays are
traditionally managed with their own
proprietary user interface
• StorageLink permits XenCenter to
configure & manage many functions
of your storage arrays directly
• These functions include:
• Thin provisioning
• Fast cloning
• Fast snapshots
• De-duplication
StorageLink Integration
• StorageLink is now fully integrated into XenServer
• No longer uses Windows platform for running StorageLink components
• StorageLink components are now execute directly from Dom0
XenServer Host
Windows Platform
XAPI Daemon
SMAPI
StorageLink Gateway
LVM NFS NetApp …
CSLG
Bridge
EQL NetApp
SMI-S
…
GPU Pass-Through
• Enables a physical GPU to be assigned to a VM
• For high-end graphics applications (CAD, Simulations)
• For video transcoding & scientific calculation applications
Enhanced Linux Guest OS Support
• New Support for:
• Ubuntu 10.04 (32/64-bit)
• Updated support for:
• Debian Squeeze 6.0 64-bit
• Oracle Enterprise Linux 6.0 (32/64-bit)
• SUSE Linux Enterprise Server 10 SP4 (32/64-bit)
• Experimental VM templates for:
• CentOS 6.0 (32/64-bit)
• Ubuntu 10.10 (32/64-bit)
• Solaris 10
Virtual Appliances (vApps)
• Pre-packaged ready-for-work appliances
• Citrix License Server
• Distributed Virtual Switch Controller
• LAMP Stack (Instant Web Server)
• NetApp Simulator
• Import and export directly from XenCenter
• Uses the Open Virtualization Format (OVF) standard
• Can specify boot sequence of VMs
• Can also specify start-up delays
• Integrates with DR and HA
Workload Balancing Virtual Appliance (vApp)
• New ready-to-use Linux-based virtual appliance
• Small footprint
• No longer uses Windows
• VMs automatically migrate from one host to another based
on resource usage
• Automated VM start-up and management based on defined
policy
• Power-on / power-off hosts as need arises
• Needs server hardware support such as HP iLO, Dell DRAC etc.
Citrix License Server Virtual Appliance (vApp)
• New ready-to-use Linux-based Virtual Appliance
• Small footprint
• No longer requires Windows
• 60 seconds to configure basic network
• Web based management interface
• Obtain licenses from mycitrix.com
• XS only for now, soon all Citrix
Virtual Appliance Lab
During this lab you will:
• Access the lab environment
• Configure the Citrix License Server vApp
• License your XenServer
To save you time:
• The License Server virtual appliance is already imported and started for you
• You would normally do the import from XenCenter (the file is almost 1GB in size, so it can take a while)
• The License Server comes with a pre-installed XenServer Platinum license
• Normally obtain licenses from mycitrix.com and load into the License Server using the web interface
Lab Access
1. Point your browser at: http://training.citrixsynergy.net
2. Enter your Class Code of Sangria
3. Enter your email address
4. Click Get Started
5. Keep the welcome screen handy (or write the data down)
as you’ll need the IP addresses throughout the lab
6. Click Start Lab
Questions
Distributed Virtual Switch (vSwitch) LAB
XenServer Networking
• XenServer acts as a layer 2
virtual switch
• Independent of layer 3
addressing such as TCP/IP
Layer
Description
7
6
5
4
Application layer
Presentation layer
Session layer
Transport layer
3
2
Network layer
Data link layer
• LLC sublayer
• MAC sublayer
1
Physical layer
XenServer Networking
Dom1
Citrix XS
PV Ethernet
Adapter
Dom2
VIF
VIF
VM1
eth0
VM2
Dom0
Vif1.0
Internal Network
Only
PIF
Virtual Switch
(Linux Bridge or vSwitch)
Vif2.0
Distributed Virtual Switch (vSwitch) Introduction
• Pre XS 6.0 the Linux Bridge was
the default XS network switch
• In XS 6.0 the vSwitch is a drop in
replacement for the Linux Bridge
• The vSwitch alone
XenServer
Pool
XS
XS
XS
Dom0
LinuxVM
vSwitch
Bridge
LinuxVM
Dom0
Bridge
vSwitch
Dom0
LinuxVM
vSwitch
Bridge
VM
VM
VM
VM
VM
VM
• Duplicates existing XS network functionality
• The vSwitch with its Controller
• Offers greater visibility into the XenServer networking layer (monitoring)
• Offers fine grained networking configuration and control policies (ACL, QoS)
vSwitch Controller
• Linux based vApp
• Enables policy controls
• Enables x-server networks
• Controller directs vSwitches
thru XAPI
• vSwitches talk to controller
directly using Openflow
• Web based controller UI sets
the polices for each vSwitch
XenServer Pool
XS
vSwitch Controller
UI
Dom0 VM
vSwitch
SSL/443
vSwitch
Controller
Appliance
XAPI
XS
XS
XS
Dom0 VM
vSwitch
Dom0 VM
vSwitch
Dom0 VM
vSwitch
VM
VM
VM
VM
VM
VM
vSwitch Cross-Server Private Networks
XenServer Pool
• Pre vSwitch, private
networks confined to server
• Using vSwitch (with
controller), private networks
are available to all servers
• Management interface used
to tunnel between servers
• Uses GRE tunneling
XS
Dom0 VM
vSwitch
vSwitch Controller
UI
vSwitch
Controller
Appliance
XAPI
XS
XS
Dom0 VM
vSwitch
VM
VM
Tunnel
Dom0 VM
vSwitch
VM
VM
XS
Tunnel
Dom0 VM
vSwitch
VM
VM
vSwitch Architecture
XAPI
• One controller can handle
multiple XenServer pools
• Controller talks to each pool’s XAPI
• vSwitches talk directly to the controller
XS
XS
XS
XS
XS
Dom0 VM
vSwitch
Dom0 VM
vSwitch
Dom0 VM
vSwitch
vSwitch
Controller
Appliance
VM
VM
VM
VM
XenServer Pool
XAPI
XenServer Pool
XAPI
XenServer Pool
XS
XS
XS
XS
Dom0 VM
vSwitch
Dom0 VM
vSwitch
Dom0 VM
vSwitch
Dom0 VM
vSwitch
Dom0 VM
vSwitch
Dom0 VM
vSwitch
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
VM
Ethernet Frame
• The vSwitch looks at the ethernet frame contents to
determine the correct action for the frame
• EtherType is a two-octet field in the Ethernet frame
• It is used to indicate which protocol is encapsulated in the
Payload of an Ethernet Frame
Preamble
Destination MAC
Source MAC
Ethertype
1 2 3 4 5 6 7 8 1 2 3 4 5 6 1 2 3 4 5 6 1
2
Payload
CRC
1 2 3 4
TCP Header
vSwitch Architecture
• The vSwitch uses a Flow Table to determine what to do with each frame
received
• Flow Table entries define what action the switch takes on a particular
frame type
• The Flow Table is managed by the controller – entries are called “flows”
vSwitch Architecture
Dom0
• The vSwitch daemon runs in Dom0 and
holds the Flow Table for this network
• Each network has it’s own vSwitch and
Flow Table
• The vSwitch Kernel component has a
cached version of the Flow Table to
speed processing
vSwitch daemon
Flow Table
User
Kernel
vSwitch
Flow Table Cache
vSwitch Architecture
Dom0
• Frame processing depends on how recently,
(if at all) a particular frame type was seen
vSwitch daemon
Flow Table
User
Kernel
vSwitch
Flow Table Cache
vSwitch Architecture
• Case 1: A frame arrives on the VIF of a
type seen in the last 5 seconds
• A match should be found in the Flow Table Cache
• The matched “flow” defines the action the switch
takes, which in these examples, is to send the
frame out of the PIF
Packet Flow
Flow table entries
PIF
VIF
To
LAN
From
VM
vSwitch Architecture
• Case 2: A frame arrives on the VIF of a type
seen since the VM started, but not seen in
the last 5 seconds
• A match should not be found in the flow table cache
• The frame will be passed to the vSwitch daemon for a
full flow table search
• The flow should be matched as the frame type has
been seen before
• The flow is added to the flow table cache
• The matched “flow” defines the action, which in these
examples, is to send the frame out of the PIF
PIF
VIF
To
LAN
From
VM
vSwitch Architecture
• Case 3: A frame arrives on the VIF
of a type never seen before
vSwitch
Controller
• A match will not be found in the flow table cache
or the full flow table
• The frame will be passed to the vSwitch controller
to create a flow based on the policies
• The controller adds an appropriate flow to the flow
table and the flow table cache
• The new “flow” defines the action, which in these
examples, is to send the frame out of the PIF
Packet Flow
Flow table entries
PIF
VIF
To
LAN
From
VM
vSwitch Architecture
XenServer Pool
• If the controller link fails:
• Frame types with flows already in
the flow table get processed as
they always have
• Frame types that haven't been
seen before may be passed or
dropped, depending on the
configuration
• Fail Open: Frames passed regardless
• Fail Safe: Frames are dropped
• Default is to Fail Open
XS
Dom0 VM
vSwitch
Management
Interface
vSwitch
Controller
Appliance
XAPI
XS
XS
XS
Dom0 VM
vSwitch
Dom0 VM
vSwitch
Dom0 VM
vSwitch
VM
VM
VM
VM
VM
VM
vSwitch Policies
vSwitch
Controller
• XenServer with vSwitch
• The vSwitch controller is
responsible for setting up all
policies within the vSwitches
• Only the policies for currently
running VMs are present in
the vSwitch
vSwitch Policies
VM
Linux VM
Allow SSH on eth0
Allow HTTP on eth1
VM
XS
Windows VM
Allow RDP
Deny HTTP
SAP VM
Allow only SAP traffic
RSPAN to VLAN 26
Policies and XenMotion
VM
• SAP VM is moving to XS2
• SAP policy is firstly added
to XS2 vSwitch
• SAP VM moves to XS2
• SAP VM policy removed
from XS1 vSwitch
Linux VM
Allow SSH on eth0
Allow HTTP on eth1
VM
XS1
Windows VM
Allow RDP
Deny HTTP
SAP VM
Allow only SAP traffic
RSPAN to VLAN 26
VM
Linux VM
Allow SSH on eth0
Allow HTTP on eth1
VM
XS2
Windows VM
Allow RDP
Deny HTTP
SAP VM
Allow only SAP traffic
RSPAN to VLAN 26
vSwitch ACL Policies
• Action: Permitted (Allow) or Dropped (Deny)
• Protocol: Network protocol to which the rule applies
• Apply the rule to all protocols (any), choose from an existing protocol list, or specify a new
protocol.
• Direction: Direction of traffic to which the rule applies
• ‘to’ means traffic outbound from the VM
• Remote Addresses: Indicates whether the rule is limited to traffic to or
from a particular set of remote IP addresses.
vSwitch Policies Hierarchy
• Global: Includes all VIFs in all resource
pools
• Resource pools: All VIFs in a particular
resource pool
• Networks: All VIFs attached to a
particular network
• VMs: All VIFs attached to a particular VM
• VIFs: A single VIF
vSwitch Policies
1.
Mandatory rules at the global level
2.
Mandatory rules for the resource pool containing the VIF
3.
Mandatory rules for the network containing the VIF
4.
Mandatory rules for the VM containing the VIF
5.
Rules for the VIF containing the VIF
6.
Default rules for the VM containing the VIF
7.
Default rules for the network containing the VIF
8.
Default rules for the resource pool containing the VIF
9.
Default rules for the global containing the VIF
The first rule that matches is executed; no further rules are evaluated
Distributed Virtual Switch (vSwitch) LAB
During this lab you will
• Ex 2: Configure the vSwitch Controller
• Ex 3: Add your XenServer Pool to the Controller
• Ex 4: Create a Cross-Server Private Network
• Ex 5: Set Up an Access Control List
• Ex 6: Limit Port Bandwidth
Questions
Integrated Disaster Recovery Lab
NetApp Filer
• Can be File based (eg NFS, CIFS, FTP)
• Or Block based (eg FC, FCoE, iSCSI)
• We will use as block based iSCSI storage for our Lab
• Allows replication to Disaster Recovery site
• NetApp calls this SnapMirroring
NetApp Data ONTAP Simulator
• Simulates administering and
using a NetApp storage system
• All the features of Data ONTAP
• Same code base
• Same web based UI
• Limited capabilities
• Small capacity
• Much slower than real hardware
• Supplied as a vApp
Disaster Recovery Concept and Lab Terms
• The Source site is the Production site
• The Target site is the Disaster Recovery (DR) site
• The Source site data is constantly replicated on the target DR site
• Disaster hits the Source site breaking the replication link
• Using the DR Wizard, operations resume on the Target site
Data Replication
Source
Target
NetApp Storage terms
• The Aggregate is a logical storage
container over the raw disks
• A Flex Volume is a partition on the
aggregate that can grow and shrink
• LUNs are created from the volumes
• A LUN is a block access device
• Looks like a SCSI drive to XenServer
LUN
LUN
FlexVol
LUN
FlexVol
Aggregate
XenServer Storage terms
• A Storage Repository (SR) is created on
the LUN by XenCenter. This is formatted
and looks like a block device to XenServer
• A VDI (Virtual Disk Image) for the Virtual
Machine (VM) is created on the SR
VDI
VDI
SR
LUN
VDI
Disaster Recovery Metadata VDI
• The XenCenter Disaster Recovery Wizard
creates a metadata VDI on the SR
• It describes the XS pool so the pool can be
re-created on the Target XenServer
Meta
Data
VDI
SR
VDI
Source Site DR preparation
• Create a 10GB source volume on the Aggregate
• Add a 10GB LUN to the volume
• Create Storage Repository on the LUN
• Create VM using SR for the VDI
• Customize the VDI (hello.txt)
• Use DR Wizard to create metadata VDI
VolumeMeta
LUN
SR
VDI
Aggregate
(source)Data
Target Site DR Preparation
• Create the target volume
• Setup a SnapMirror replication from the source volume
• Initialize the Snapmirror (starting the replication)
SnapMirror
VolumeMeta
LUN
SR
VDI
Aggregate
(source)Data
Source
VolumeMeta
Aggregate
VDI
(target)Data
Target
SR
Disaster Strikes!
• The SnapMirror link is Quieced
• Then Broken, simulating a Source site failure
Quiece
SnapMirror
VolumeMeta
LUN
SR
VDI
Aggregate
(source)Data
Source
VolumeMeta
Aggregate
VDI(target)
Data
Target
Failover
• The DR Wizard is used to recover the VM on the Target
Integrated Disaster Recovery Lab
During this lab you will
• Ex 7: Setup the NetApp Storage Simulator
• Ex 8: Create a Volume on the Netapp Simulator
• Ex 9: Create a Storage Repository (SR)
• Ex 10: Configure Disaster Recovery on the source site
• Ex 11: Synchronize the source and target site storage
• Ex 12: Simulate a source site failure & recover on the target
• Exercise 11 Video Link: http://www.citrix.com/tv/#videos/4624
• Exercise 12 Video Link: http://www.citrix.com/tv/#videos/4625
Questions