Virtualisation and multi
Download
Report
Transcript Virtualisation and multi
Virtualisation
Virtualisation
Virtualisation is
the creation of a virtual (rather than actual) version of something,
such as a hardware platform, operating system, a storage device
or network resources
the beneficial separation of a resource or service from the typical
physical means of providing it
Common feature is that the resource appears “real” to
consumers of the resource e.g. virtual memory
A fundamental capability used in most cloud computing
platforms
Also both client and server side is used in many enterprises
A classification of
virtualisation
Process virtual machines (VM)
System virtual machines
VMs running on top of a native operating system (OS)
VMs running on a virtual machine monitor running on
a native OS
System/native virtual machines
VMs running on virtual machine monitor
3
Process virtual machine
Separate Guest OS from Physical Hardware
User mode linux
Applications access resources through the GuestOS
only
Guest OS communicates through Host OS to access
hardware
App
App
Guest OS
App
App
Guest OS
Host OS
Hardware
App
App
Guest OS
System Virtual machine (host)
Similar to process virtual machine and
Guest OS communicates through Host Virtual
machine monitor onto host OS to access hardware
VMWare player, Microsoft Virtual PC
Amazon EC2
App
App
Guest OS
App
App
Guest OS
App
Guest OS
Host Virtual Machine Monitor
Host OS
Hardware
App
System Virtual machine
(native)
Similar to system virtual machine and
Guest OS communicates through Host Virtual
machine monitor which runs directly on the hardware
VMWare ESX, Xen project
App
App
Guest OS
App
App
Guest OS
App
Guest OS
Native Virtual Machine Monitor
Hardware
App
Virtual machine monitor: The
Hypervisor
Strong Isolation
Security
Hypervisor mediates all interaction between VM and other
systems
Performance
Each virtual machine is isolated from other VMs and the
hardware
Hypervisor optimised to minimise overhead of virtualisation
Provisioning
Hypervisor manages allocation of physical resources
7
Two areas of application of
virtualisation
Desktop virtualisation
Addresses key problems in areas of
management, control and security
Server virtualisation
Addresses key problems in areas of utilisation
and provisioning
~ cloud computing
8
Desktop
virtualisation
9
Benefits of virtualisation: Desktop
virtualisation – central management and
control
The problems
Large enterprises have large numbers of desktops which will
need to be updated
Staff demand to use their own devices (laptops or smart phones)
with associated issues around compatibility and security
Virtualisation allows a standard desktop to be available
as a virtual machine on each desktop
Removes need to maintain each individual machine
Allows new apps to be streamed to the desktop (instead of
installed)
Allows staff to use their own equipment
10
Benefits of virtualisation: Desktop
virtualisation – other benefits
Security
Desktop virtualisation protects against ‘leakage’ between other
applications running on the device and the virtualised desktop
Maintenance/upgrade costs
Removes need to install new OS versions onto each desktop
With server-side workspace virtualisation, reduces the need to upgrade
desktop machines to support new applications
Supports model of employee owned equipment
11
Desktop Virtualization
A VMM/hypervisor running on a
physical desktop
Examples include:
Microsoft Virtual PC
Parallels Desktop for Mac
VMware Fusion
WINE.
Use cases include:
Running Windows applications on
the Mac
Software development: Testing
code inside VMs
(c) 2008 Intel Corporation
Server-side workspace
virtualization
A workspace (desktop operating system with
custom configuration) running inside a virtual
machine hosted on a server
Examples include:
VMware VDI
Use cases include:
Centrally managed desktop infrastructure
Security enforcement and lockdown
(c) 2008 Intel Corporation
Server-side workspace
virtualization
A pool of virtual workspaces resides on the
server. Remote users log into them from any
networked device via Microsoft’s Remote
Desktop Protocol (RDP)
Users can customize their virtual workspace
while desktop configuration is managed on one
central server
Negative: server-hosted workspace
virtualization is bandwidth usage. Performance
is constrained by the performance of your
network
(c) 2008 Intel Corporation
Client-side workspace
virtualization
A workspace (desktop operating system with
custom configuration) running inside a virtual
machine hosted on a desktop
Examples include:
Desktop virtualization
approaches
Kidaro Managed Workspace
Use cases include:
Secure remote access
Protection of sensitive data for defense,
healthcare industries
Personal computer running corporate desktops
remotely
(c) 2008 Intel Corporation
Client-side workspace
virtualization
Desktop virtualization
approaches
A virtual workspace is served out to execute on
the client device
Centralizes management
Its big advantage over other models is the
security and isolation of data and logic on the
client
It’s the right model for organizations that need to
ensure the security of environments served to
remote users
Defense contractors
Healthcare providers
(c) 2008 Intel Corporation
Application Streaming
Just-in-time delivery of a server-hosted
application to the desktop, such that the desktop
application can execute before the entire file has
been downloaded from the server
Examples include:
AppStream
Microsoft Applicaton Virtualisation
Use cases include:
Managing the number of instances of running
applications, in the case of license constraints
(c) 2008 Intel Corporation
Application Streaming
Application code to the desktop, where it runs in
isolation
No full PC environment, just the application, so
you have to provide a workspace
Requires to maintain the client-side operating
system and ensuring compatibility.
(c) 2008 Intel Corporation
Server side
virtualisation
19
Problems faced in enterprise
data farms
Server sprawl
Large numbers of servers increasingly difficult to provision and manage
Low utilisation
To ensure security and fault tolerance, enterprises typically deploy
applications onto multiple dedicated servers
Leads to high capital costs and on-going (maintenance and electricity)
costs
Power consumption increases non-linearly with increasingly powerful CPUs:
Comparatively cheaper to run an application on 4 low power CPUs than 1 powerful
CPU
Poor capacity management
To support peak demand on each server further reduces utilisation
20
Benefits of virtualisation:
Security
Hypervisor mediates all communication into and out of
the virtual instance supports isolation of suspect VMs
Supports rapid isolation of ‘suspect’ servers
Allows replay of traffic to assist in analysis of incident
Hypervisor is designed for 1 job: Managing multiple VMs
Less likely to be prone to attack as user code does not run
directly on the hypervisor
21
Benefits of virtualisation:
Server utilisation
Improve utilisation on single server by allowing multiple
VMs to run
Improve utilisation across a data farm
VMs could belong to different owners
It is easier to ‘start-up’ a prepared virtual server than run
applications directly on the server (which may require installation,
compatibility checking etc)
Support better capacity planning
Reduces cost associated with provisioning based on
maximum load profile
22
Server utilisation
Across many servers, leads
to significant wastage or
potential lack of capacity for
peak usage period
Virtualisation allows for
greater utilisation
Resources
“Traditional” server
utilisation is driven by
peak demand
Potential to reduce the total
capacity required in a data
farm
Capacity
Demand
1
2
Waste
3 t
Shortfall
Ideal solution
Resources
Provisioning problem
Capacity
Demand
t
23
Benefits of virtualisation: Automated
infrastructure management
Packaging of “standard” virtual machines reduces
provisioning time
Configurations can be quickly deployed
Packaging can include network and storage resources
Advanced deployments can automatically locate virtual
machines on servers to match requirements and
optimise utilisation
Known as elastic provisioning – as provided by Amazon EC2
24
Automated infrastructure
management capabilities
Level 0: Virtual images
Packaging standard OS and applications as virtual needs
Reduces install/configuration/deploy time
Easy to implement
Level 1 – Integrated provisioning
Provisioning of servers including network and storage is
integrated (such as VMWare VirtualCentre)
Reduces complexity (and hence time and cost) associated with
provisioning
25
Automated infrastructure
management capabilities
Level 2: Elastic Provisioning
Automatic matching between the resource needs (including
current and projected requirements) and a physical server
Provisioning carried out by non-system administrators (such as
the development team)
E.g. Amazon EC2
Level 3 – Elastic Operations
Auomated monitoring of usage profile of running VMs with the
capability to automatically migrate running VMs to different virtual
machines or provision new VMs
Partially available in Amazon EC2 (new provisioning – no
migration supported)
26
Risks of virtualisation
False fault tolerance
Multiple virtual servers running on the same physical server
which fails
Security risk associated with hypervisors
Virtual machine sprawl
Complex networks made more complex with virtual machines
Inefficient provisioning
Allocated resources to virtual machines do not optimise actual
requirements
27
Exercise
Download VirtualBox (www.virtualbox.org)
Download ubuntu
(http://www.ubuntu.com/download/ubuntu/do
wnload)
Use the default choices
Configure a virtual server based on ubuntu
Use the default choices
28
Multi-tenant software
29
Mult-tenant software
Allow a single platform to safely access/update data
belonging to multiple “tenants”
Sometimes considered as application virtualisation
Tenants can be departments in a single business or multiple
businesses (in case of SaaS)
Similar benefits to Virtual Machine
Shared resource is the database
Preferred where the applications have similar schemas with
customisation client interface
30
Typical Multi-tenancy
architecture
User Interface
Your Clicks
Logic
Your Code
Database
Metadata representations:
Partitioned data, logic and
customizations for multiple
customers
Coherent Code Base and Managed Infrastructure
Typical software using multi-tenant architecture is heavily database
centric
Involves customisation of a UI (with field extensions and custom
workflows if needed) with few changes to underlying logic
Multi-tenant software: DB
requirements
Access control restricting applications/users to their data
only
Support customisations/extensions of the schema to
support diverse requirements
Make such customisation as easy as possible
Metadata driven configurability
Instead of customizing the application for a customer (requiring code
changes), one allows the user to configure the application through
metadata
32
Multi-tenants in DB: Single
Schema model
Database table is appended with a column marking the
‘owner’ ID
All queries are appended with a condition based on the
‘owner’ value of the logged in user
Name
Address
Address2
City
OWNER
33
Multi-tenants in DB: Single
Schema model - extensions
The extensions of the base schema are stored in a
second table which is accessed through a join across the
two tables
Both tables include an owner column marking the ‘owner’ ID
Base schema
Name
Address
Address2
City
OWNER
O1
O2County
Customer extension
Province
OWNER
O1
O1
34
Multi-tenants in DB: Single
Schema model
Advantage: Easy to upgrade all users by redefining
schemas
Disadvantage:
Requires changes to any existing code (if migrating legacy code)
Customer extensions must be maintained external to the single
schema leading to problems if sorting/filtering (joins) is required
on the extension
Multi-tenants in DB: Multiple
Schema model
Application connects to the appropriate database
schema using the ‘owner’ ID appended to the schema
name
Details of the customisation is stored in another table
Accessed at run-time by the user interface to determine the
structure of any query
Advantages:
Allows customisation to occur to each schema independent of
other users
Mapping to multiple schema occurs at the database access layer
independent of the application code
Multi-tenants in DB: Multiple
Schema model
Client logic looks up meta-data to
build query dynamically and then
perform the appropriate look-up on
the customer schema table
Meta-data
The ‘owner’ value is appended to the
schema based on the currently logged
in user
Customer schema O1
Name
Address
Address2
City
County
Customer schema O2
Name
Address
Address2
City
ZIP
Entity
Custom field
OWNER
Customer
County
O1
Customer
Province
O1
Customer
ZIP
O2
Province