Virtualisation and multi

Download Report

Transcript Virtualisation and multi

Virtualisation
Virtualisation

Virtualisation is


the creation of a virtual (rather than actual) version of something,
such as a hardware platform, operating system, a storage device
or network resources
the beneficial separation of a resource or service from the typical
physical means of providing it

Common feature is that the resource appears “real” to
consumers of the resource e.g. virtual memory

A fundamental capability used in most cloud computing
platforms

Also both client and server side is used in many enterprises
A classification of
virtualisation

Process virtual machines (VM)


System virtual machines


VMs running on top of a native operating system (OS)
VMs running on a virtual machine monitor running on
a native OS
System/native virtual machines

VMs running on virtual machine monitor
3
Process virtual machine

Separate Guest OS from Physical Hardware



User mode linux
Applications access resources through the GuestOS
only
Guest OS communicates through Host OS to access
hardware
App
App
Guest OS
App
App
Guest OS
Host OS
Hardware
App
App
Guest OS
System Virtual machine (host)


Similar to process virtual machine and
Guest OS communicates through Host Virtual
machine monitor onto host OS to access hardware


VMWare player, Microsoft Virtual PC
Amazon EC2
App
App
Guest OS
App
App
Guest OS
App
Guest OS
Host Virtual Machine Monitor
Host OS
Hardware
App
System Virtual machine
(native)

Similar to system virtual machine and
Guest OS communicates through Host Virtual
machine monitor which runs directly on the hardware

VMWare ESX, Xen project

App
App
Guest OS
App
App
Guest OS
App
Guest OS
Native Virtual Machine Monitor
Hardware
App
Virtual machine monitor: The
Hypervisor

Strong Isolation


Security


Hypervisor mediates all interaction between VM and other
systems
Performance


Each virtual machine is isolated from other VMs and the
hardware
Hypervisor optimised to minimise overhead of virtualisation
Provisioning

Hypervisor manages allocation of physical resources
7
Two areas of application of
virtualisation

Desktop virtualisation


Addresses key problems in areas of
management, control and security
Server virtualisation


Addresses key problems in areas of utilisation
and provisioning
~ cloud computing
8
Desktop
virtualisation
9
Benefits of virtualisation: Desktop
virtualisation – central management and
control

The problems



Large enterprises have large numbers of desktops which will
need to be updated
Staff demand to use their own devices (laptops or smart phones)
with associated issues around compatibility and security
Virtualisation allows a standard desktop to be available
as a virtual machine on each desktop



Removes need to maintain each individual machine
Allows new apps to be streamed to the desktop (instead of
installed)
Allows staff to use their own equipment
10
Benefits of virtualisation: Desktop
virtualisation – other benefits

Security



Desktop virtualisation protects against ‘leakage’ between other
applications running on the device and the virtualised desktop
Maintenance/upgrade costs

Removes need to install new OS versions onto each desktop

With server-side workspace virtualisation, reduces the need to upgrade
desktop machines to support new applications
Supports model of employee owned equipment
11
Desktop Virtualization


A VMM/hypervisor running on a
physical desktop
Examples include:





Microsoft Virtual PC
Parallels Desktop for Mac
VMware Fusion
WINE.
Use cases include:


Running Windows applications on
the Mac
Software development: Testing
code inside VMs
(c) 2008 Intel Corporation
Server-side workspace
virtualization


A workspace (desktop operating system with
custom configuration) running inside a virtual
machine hosted on a server
Examples include:


VMware VDI
Use cases include:


Centrally managed desktop infrastructure
Security enforcement and lockdown
(c) 2008 Intel Corporation
Server-side workspace
virtualization



A pool of virtual workspaces resides on the
server. Remote users log into them from any
networked device via Microsoft’s Remote
Desktop Protocol (RDP)
Users can customize their virtual workspace
while desktop configuration is managed on one
central server
Negative: server-hosted workspace
virtualization is bandwidth usage. Performance
is constrained by the performance of your
network
(c) 2008 Intel Corporation
Client-side workspace
virtualization


A workspace (desktop operating system with
custom configuration) running inside a virtual
machine hosted on a desktop
Examples include:


Desktop virtualization
approaches
Kidaro Managed Workspace
Use cases include:



Secure remote access
Protection of sensitive data for defense,
healthcare industries
Personal computer running corporate desktops
remotely
(c) 2008 Intel Corporation
Client-side workspace
virtualization




Desktop virtualization
approaches
A virtual workspace is served out to execute on
the client device
Centralizes management
Its big advantage over other models is the
security and isolation of data and logic on the
client
It’s the right model for organizations that need to
ensure the security of environments served to
remote users


Defense contractors
Healthcare providers
(c) 2008 Intel Corporation
Application Streaming


Just-in-time delivery of a server-hosted
application to the desktop, such that the desktop
application can execute before the entire file has
been downloaded from the server
Examples include:



AppStream
Microsoft Applicaton Virtualisation
Use cases include:

Managing the number of instances of running
applications, in the case of license constraints
(c) 2008 Intel Corporation
Application Streaming

Application code to the desktop, where it runs in
isolation

No full PC environment, just the application, so
you have to provide a workspace

Requires to maintain the client-side operating
system and ensuring compatibility.
(c) 2008 Intel Corporation
Server side
virtualisation
19
Problems faced in enterprise
data farms

Server sprawl


Large numbers of servers increasingly difficult to provision and manage
Low utilisation


To ensure security and fault tolerance, enterprises typically deploy
applications onto multiple dedicated servers
Leads to high capital costs and on-going (maintenance and electricity)
costs


Power consumption increases non-linearly with increasingly powerful CPUs:
Comparatively cheaper to run an application on 4 low power CPUs than 1 powerful
CPU
Poor capacity management

To support peak demand on each server further reduces utilisation
20
Benefits of virtualisation:
Security

Hypervisor mediates all communication into and out of
the virtual instance supports isolation of suspect VMs



Supports rapid isolation of ‘suspect’ servers
Allows replay of traffic to assist in analysis of incident
Hypervisor is designed for 1 job: Managing multiple VMs

Less likely to be prone to attack as user code does not run
directly on the hypervisor
21
Benefits of virtualisation:
Server utilisation

Improve utilisation on single server by allowing multiple
VMs to run


Improve utilisation across a data farm



VMs could belong to different owners
It is easier to ‘start-up’ a prepared virtual server than run
applications directly on the server (which may require installation,
compatibility checking etc)
Support better capacity planning
Reduces cost associated with provisioning based on
maximum load profile
22
Server utilisation


Across many servers, leads
to significant wastage or
potential lack of capacity for
peak usage period
Virtualisation allows for
greater utilisation

Resources
“Traditional” server
utilisation is driven by
peak demand
Potential to reduce the total
capacity required in a data
farm
Capacity
Demand
1
2
Waste
3 t
Shortfall
Ideal solution
Resources

Provisioning problem
Capacity
Demand
t
23
Benefits of virtualisation: Automated
infrastructure management

Packaging of “standard” virtual machines reduces
provisioning time



Configurations can be quickly deployed
Packaging can include network and storage resources
Advanced deployments can automatically locate virtual
machines on servers to match requirements and
optimise utilisation

Known as elastic provisioning – as provided by Amazon EC2
24
Automated infrastructure
management capabilities

Level 0: Virtual images




Packaging standard OS and applications as virtual needs
Reduces install/configuration/deploy time
Easy to implement
Level 1 – Integrated provisioning


Provisioning of servers including network and storage is
integrated (such as VMWare VirtualCentre)
Reduces complexity (and hence time and cost) associated with
provisioning
25
Automated infrastructure
management capabilities

Level 2: Elastic Provisioning




Automatic matching between the resource needs (including
current and projected requirements) and a physical server
Provisioning carried out by non-system administrators (such as
the development team)
E.g. Amazon EC2
Level 3 – Elastic Operations


Auomated monitoring of usage profile of running VMs with the
capability to automatically migrate running VMs to different virtual
machines or provision new VMs
Partially available in Amazon EC2 (new provisioning – no
migration supported)
26
Risks of virtualisation

False fault tolerance

Multiple virtual servers running on the same physical server
which fails

Security risk associated with hypervisors

Virtual machine sprawl


Complex networks made more complex with virtual machines
Inefficient provisioning

Allocated resources to virtual machines do not optimise actual
requirements
27
Exercise


Download VirtualBox (www.virtualbox.org)
Download ubuntu
(http://www.ubuntu.com/download/ubuntu/do
wnload)


Use the default choices
Configure a virtual server based on ubuntu

Use the default choices
28
Multi-tenant software
29
Mult-tenant software

Allow a single platform to safely access/update data
belonging to multiple “tenants”


Sometimes considered as application virtualisation


Tenants can be departments in a single business or multiple
businesses (in case of SaaS)
Similar benefits to Virtual Machine
Shared resource is the database

Preferred where the applications have similar schemas with
customisation client interface
30
Typical Multi-tenancy
architecture
User Interface
Your Clicks
Logic
Your Code
Database
Metadata representations:
Partitioned data, logic and
customizations for multiple
customers
Coherent Code Base and Managed Infrastructure


Typical software using multi-tenant architecture is heavily database
centric
Involves customisation of a UI (with field extensions and custom
workflows if needed) with few changes to underlying logic
Multi-tenant software: DB
requirements

Access control restricting applications/users to their data
only

Support customisations/extensions of the schema to
support diverse requirements


Make such customisation as easy as possible
Metadata driven configurability

Instead of customizing the application for a customer (requiring code
changes), one allows the user to configure the application through
metadata
32
Multi-tenants in DB: Single
Schema model


Database table is appended with a column marking the
‘owner’ ID
All queries are appended with a condition based on the
‘owner’ value of the logged in user
Name
Address
Address2
City
OWNER
33
Multi-tenants in DB: Single
Schema model - extensions

The extensions of the base schema are stored in a
second table which is accessed through a join across the
two tables

Both tables include an owner column marking the ‘owner’ ID
Base schema
Name
Address
Address2
City
OWNER
O1
O2County
Customer extension
Province
OWNER
O1
O1
34
Multi-tenants in DB: Single
Schema model

Advantage: Easy to upgrade all users by redefining
schemas

Disadvantage:


Requires changes to any existing code (if migrating legacy code)
Customer extensions must be maintained external to the single
schema leading to problems if sorting/filtering (joins) is required
on the extension
Multi-tenants in DB: Multiple
Schema model

Application connects to the appropriate database
schema using the ‘owner’ ID appended to the schema
name

Details of the customisation is stored in another table


Accessed at run-time by the user interface to determine the
structure of any query
Advantages:


Allows customisation to occur to each schema independent of
other users
Mapping to multiple schema occurs at the database access layer
independent of the application code
Multi-tenants in DB: Multiple
Schema model

Client logic looks up meta-data to
build query dynamically and then
perform the appropriate look-up on
the customer schema table
Meta-data
The ‘owner’ value is appended to the
schema based on the currently logged
in user
Customer schema O1

Name
Address
Address2
City
County
Customer schema O2
Name
Address
Address2
City
ZIP
Entity
Custom field
OWNER
Customer
County
O1
Customer
Province
O1
Customer
ZIP
O2
Province