2.22k likes | 2.79k Views
Chapter 3 Virtual Machines, Docker Containers, and Server Clusters. Virtualization in Cloud Computing Systems. Virtualization technology primarily benefits the computer and IT industry Allows for the sharing of expensive hardware resources By multiplexing VM on the same set of hardware hosts.
E N D
Chapter 3Virtual Machines, Docker Containers, and Server Clusters
Virtualization in Cloud Computing Systems • Virtualization technology primarily benefits the computer and IT industry • Allows for the sharing of expensive hardware resources • By multiplexing VM on the same set of hardware hosts
Basic Concept of Machine Virtualization • The conventional computer has a simple architecture • The operating system (OS) manages all hardware resources at the privileged system space • All applications run at the user space under the control of the OS • After virtualization • Different user applications are managed by their own operating systems (guest OS) • Can run on the same hardware • Independent of the host OS • Often done by adding additional software • Known as a virtualization layer
Basic Concept of Machine Virtualization (cont.) • Applications run with their own guest OS over the virtualized CPU, memory, and I/O resources
Basic Concept of Machine Virtualization (cont.) • A VM is essentially built as a software package • Can be loaded into a host computer to execute certain user applications • Once the jobs are done, the VM package can be removed from the host computer • The host acts like a “hotel” to accommodate different “guests” at different timeframes • VMs offer a high degree of resources shared within a computer • Multiple VMs could co-exist in the same host • As long as the host has enough memory to handle the guest VMs
Basic Concept of Machine Virtualization (cont.) • Two guest VMs are being hosted by the computer • The two VMs could run with different guest OS • The virtual resources allocated to each VM • Known as virtual processors, virtual memory, virtual disks, or virtual I/O devices
Virtualization Operations • The virtual machine monitor (VMM) provides the VM abstraction to guest OSs • With full virtualization, the VMM exports a VM abstraction identical to the physical machine (PM) • A standard OS such as Windows 2000 or Linux can run just as it would on the physical hardware • Four categories of basic VMM operations • The VMs can be multiplexed between hardware machines • A VM can be suspended and stored in a stable storage • A suspended VM can be resumed or provisioned to a new hardware platform
Virtualization Operations (cont.) • A VM can be migrated from one hardware platform to another • These primitive VM operations enable a VM to cater to any available hardware platform • Make it flexible to carry out distributed application executions • The VM approach significantly enhances the utilization of server resources • Multiple server functions can be consolidated on the same hardware platform to achieve higher system efficiency • Eliminating server sprawl via deployment of systems with VMs
Virtualization Operations (cont.) • These VMs move transparency to the shared hardware • The server utilization could increase from a low rate of 5–15% to 60–80% after virtualization
Virtual Infrastructures • Physical resources for computing, storage, and networking at the bottom • Mapped to the needy applications embedded in various VMs at the top • Hardware and software are then separated • Virtual infrastructure is what connects resources to distributed applications • A dynamic mapping of the system resources to specific applications • The result is decreased costs and increased efficiencies and responsiveness • Virtualization for server consolidation and containment is a good example
Implementation Levels of Virtualization • Five levels of abstraction for virtualization • At the ISA level, VMs are created by emulating a given ISA by the ISA of the host machine • Gives the lowest performance due the slow emulation process • Has very high application flexibility • Some academic research VMs, like Dynamo, use this approach • Virtualization at the bare-metal or OS levels • The highest VM performance • The famous hypervisor XEN creates virtual CPU, virtual, memory, and virtual disks right on top of the bare-metal physical devices • Hardware-level virtualization results in the most complexity
Implementation Levels of Virtualization (cont.) • The main function of the software layer for virtualization • To virtualize the physical hardware of a host machine into virtual resources to be used by VMs • Can be implemented at various operational levels • The virtualization software creates the abstraction of VMs by interposing a layer at various levels of a computer system • Common virtualization layers include the ISA level, the hardware level, the operating system level, the library support level, and the application level • The best example of OS-level virtualization is the Docker containers
Implementation Levels of Virtualization (cont.) • Virtualization at run-time library and user application levels leads to an average performance • Creating VMs at the user application level leads to a high degree of application isolation • At the expense of very complex implementation efforts by the users • Only consider using hypervisors to create VMs at the hardware level and the use of Docker containers at the Linux kernel level • Implementing VMs at the ISA, user, or run-time library levels is most often done in academia • Rarely practiced in industry due to their low performance and the difficulty to implement
Implementation Levels of Virtualization (cont.) • A conventional computer has a single OS image • Offers a rigid architecture that tightly couples application software to a specific hardware platform • Some software running well on one hardware machine may not be executable on another platform with a different instruction set under a fixed OS management • VMs offer novel solutions • To boost underutilized resources, application inflexibility, software manageability, and security concerns in existing PMs • To build large clusters, grids, and clouds
Implementation Levels of Virtualization (cont.) • Need to access large amounts of computing, storage, and networking resources in a virtualized manner • Need to aggregate those resources and offer a single system image • A cloud of provisioned resources • Must rely on virtualization of processors, memory, and I/O facilities, dynamically • Most virtualization uses a software or firmware approach to generate the VMs • Can also use a hardware-assisted approach to help virtualization • Intel has produced VT-x for this purpose • The purpose is to improve the efficiency of its processors in the VM environment
Implementation Levels of Virtualization (cont.) • This requires modifying the CPU to provide hardware support for virtualization • Other types of virtualization also appear in desktop virtualization, memory and storage virtualization, and various levels of virtualization • Consider data and network virtualization • e.g., The virtual private network (VPN) allows a virtual network to be created over the Internet • Virtualization enables the concept of cloud computing • The major difference between traditional grid computing and today’s clouds • Lies in the use of virtualized resources
Implementation Levels of Virtualization (cont.) • In a cloud system • Hypervisors are often used to virtualize the hardware resources to create VMs • System-level virtualization demands a special kind of software • Simulates the execution of hardware • Runs the unmodified operating systems • Virtualized servers, storage, and networks are put together to yield a cloud computing platform • Some virtualized resources in compute, storage, and network clouds • High application flexibility is often a primary advantage over traditional computer systems
Implementation Levels of Virtualization (cont.) • The VM resources are shared by many users • Need a method to maximize the user’s privilege • Keep the provisioned VMs in an isolated execution environment • Traditional sharing of cluster resources is often set up statically before runtime • Such sharing is not flexible at all • Users cannot customize the system for interactive applications • OS is often the barrier on software portability • Virtualization can benefit a cloud system • By achieving higher availability, disaster recovery, dynamic load balancing, flexible resources provisioning
Implementation Levels of Virtualization (cont.) • Most importantly a scalable computing environment
Hardware Abstraction Level • Hardware-level virtualization is performed right on top of the hardware • This approach generates virtual hardware environments for VMs • The process manages the underlying hardware through virtualization • The idea is to virtualize a computer’s resources like processors, memory, and I/O devices • With the intention to upgrade the hardware utilization rate by multiple users concurrently • Implemented in the IBM VM/370 in the 1960s • The XEN attempted to virtualize x86-based machines to run Linux or other guest OS applications
Operating System Level • The OS level is an abstraction layer between the OS and user applications • OS-level virtualization creates isolated containers on a single physical server and the OS instances • To utilize the hardware and software in data centers • The containers behave like real servers • Commonly used in creating virtual hosting environments • To allocate hardware resources among a large number of mutually distrusting users • Used, to a lesser extent, in consolidating server hardware • By moving services on separate hosts into containers or VMs on one server
Library Support Level • Most applications use application programming interfaces (APIs) exported by user-level libraries • Rather than using lengthy system calls by the OS • Most systems provide well-documented APIs • Such an interface becomes another candidate for virtualization • Virtualization with library interfaces is possible • By controlling the communication link between applications and the rest of a system through API hooks
Library Support Level (cont.) • The software tool Wine has implemented this approach to support Windows applications on top of UNIX hosts • Another example is the vCUDA • Allows applications executing within VMs to leverage GPU hardware acceleration
User Application Level • Virtualization at the application level virtualizes an application as a VM • On an OS, an application often runs as a process • Also known as process-level virtualization • The most popular approach is to deploy high-level language (HLL) VMs • The virtualization layer sits as an application program on top of an OS • The layer exports an abstraction of a VM • Can run programs written and compiled to a particular abstract machine definition • Any program written in the HLL and compiled for this VM will be able to run on it • e.g., The Microsoft .NET CLR (common language runtime) and JVM (Java VM)
User Application Level (cont.) • Another form of application-level virtualization • Known as application isolation, application sandboxing, or application streaming • Involves wrapping the application in a layer • Isolates it from the host OS and other applications • The result is an application much easier to distribute and remove from user workstations • e.g., LANDesk is an application virtualization platform • Enables the deployment of software applications as self-contained, executable files in an isolated environment without requiring installation, system modifications, or elevated security privileges
Relative Merits of Different VM Approaches • The relative merits of implementing virtualization at various levels • The application isolation refers to the effort to isolate resources committed to different VMs • User isolation is the most difficult to achieve
Resources Virtualization in Cluster or Cloud Systems • Traditional data centers are built with large-scale clusters of servers • Used not only for storing large databases but also for building fast search engines • More and more data center clusters are being converted into clouds • Ever since the introduction of virtualization • Google, Amazon, and Microsoft are all building their cloud platforms this way • Consider the resource virtualization techniques • Both hypervisors and Docker engines
Resources Virtualization in Cluster or Cloud Systems (cont.) • Virtualization can be done at the software process level and the host system level • Or at various extended levels • Five resource virtualization levels • With some representative products • Server virtualization is indispensable in converting a data center to an operating cloud • To serve a large number of users simultaneously • To upgrade the cluster elasticity and also enhance the utilization of shared servers • Desktop virtualization attempts to provide application flexibility by individual users • Applications able to be run on different OS platforms can be executed on the same hardware host
Resources Virtualization in Cluster or Cloud Systems (cont.) • Virtual storage and virtual networking make clouds more even more powerful on colocation operations • Application virtualization refers to software process-level virtualization • Without resource virtualization • No elastic clouds can be built to satisfy multitenancy operations
Resources Virtualization in Cluster or Cloud Systems (cont.)
Hardware Virtualization • The use of special software to create a VM on a host hardware machine • The VM acts like a real computer with a guest OS • The host machine is the actual machine where the VM is executed • The software that creates VM on the host hardware is called a hypervisor or VMM • Three types of hardware virtualization • Full virtualization • A complete simulation or translation of the host hardware to some sort of virtual CPU, virtual memory, or virtual disks • The VM uses its own unmodified OS
Hardware Virtualization (cont.) • Partial virtualization • Selected resources are virtualized and some are not • Some guest programs must be modified to run in such an environment • Paravirtualization • The hardware environment of the VM is not virtualized • The guest applications are executed in an isolated domain or are sometimes called software containers • The guest OS is must be modified • A VMM is installed at the user space to guide the execution of user programs
Hypervisors for Creating Native Virtual Machines • Traditional computers are PMs • Each physical host runs with its own OS • A VM is a software-defined abstract machine created by virtualization • A physical computer running an OS X can execute application programs • Only specially tailored to the X platform • Other programs written for a different OS Y may not be executable on the X-platform • The guest OS of VMs can differ from the host OS • e.g., The X-platform is an Apple OS and the Y-platform could be a Windows-based computer • VMs offer a solution to bypass the software portability barrier
Virtual Machine Architecture Types • The host machine is equipped with the physical hardware • e.g., A desktop with x-86 architecture runs its installed Windows OS • The VM can be provisioned to any hardware system • Built with virtual resources managed by a guest OS to run a specific application • Between the VMs and the host platform • Needs to deploy a middleware layer known as VMM • A native VM is installed with the use of a VMM at the privileged mode
Virtual Machine Architecture Types (cont.) • e.g., The guest OS could be a Linux system and the hypervisor the XEN system developed at Cambridge University • This hypervisor approach is also called bare-metal VM • This hypervisor sits right on top of the bare metal • CPU, memory, and I/O • A hypervisor handles the bare hardware directly • Another architecture is the hosted VM • The VMM runs with a nonprivileged mode • The host OS does not need to be modified • The VM can be also implemented with a dual mode
Virtual Machine Architecture Types (cont.) • Part of VMM runs at the user level • Another portion runs at the hypervisor level • In this mixed mode, the host OS may have to be modified to some extent • Multiple VMs can be ported to one given hardware system • To support the virtualization process • The VM approach offers hardware independence of the OS and applications • The user application running on its dedicated OS could be bundled together • As a virtual appliance ported on any hardware platform
Virtual Machine Architecture Types (cont.) • The conventional computer has a simple architecture • The OS manages all hardware resources at the privileged system space • All applications run at the user space under the control of the OS • On a native VM • The VM consists of the user application controlled by a guest OS • Created by the hypervisor installed at the privileged system space • Multiple VMs can be ported to one physical computer
Virtual Machine Architecture Types (cont.) • The VM approach extends the software portability beyond the platform boundaries • On a hosted VM • Created by a VMM or a hosted hypervisor implemented on top of the host OS • The VMM is a middleware between the host OS and the user application • Replaces the guest OS used in a native VM • Abstracts the guest OS from the host OS • VMware Workstation, VM player, and VirtualBox are examples of hosted VMs • Known as paravirtualization • The host OS is left unchanged
Virtual Machine Architecture Types (cont.) • The VMM monitors the execution of the user application directly • Hypervisor supports a hardware-level virtualization • The hypervisor software sits directly between the physical hardware and the guest OS • The hypervisor provides hypercalls for the guest OSs and applications • Depending on the functionality • Can assume micro-kernel architecture like the Microsoft Hyper-V • Or monolithic hypervisor architecture like the VMware ESX for server virtualization
Virtual Machine Architecture Types (cont.) • A micro-kernel hypervisor • Includes only the basic and unchanging functions • Such as physical memory management and processor scheduling • The device drivers and other changeable components are outside of the hypervisor • The size of hypervisor code of a micro-kernel hypervisor is smaller • A monolithic hypervisor implements all of the above functions • Including device drivers • VMware VMM packages are not responsible for allocation resources for all programs
Virtual Machine Architecture Types (cont.) • Players or VirtualBox • Used to allocate only restricted resources to selected applications • The VMM controls resources explicitly allocated to these selected special applications • The VMM is tied to selected processor resources • Not all processors meet the VMM requirements • Specific limitations include the inability to trap some privileged instructions • Hypervisors or VMMs • The XEN is the most popular one used in almost all x86-based PCs, servers, or workstations • Hypervisor-created VMs are heavily weighted
Virtual Machine Architecture Types (cont.) • They consist of the user application code which could be only KB • Plus a guest OS which may demand GB of memory • The guest OS supervises the execution of the user applications on the VM • The KVM is a Linux kernel-based VMM • KVM is mostly used in Linux hosts • The Microsoft Hyper-V is used for Windows server virtualization • Hyper-V must be used in Windows hosts • Involves OS integration at the lowest level • Malware and rootkits could post potential threats to hypervisor security • A rootkit is a collection of malicious computer software
Virtual Machine Architecture Types (cont.) • Microsoft and academia have developed some anti-rootkit HookSafe software to protect hypervisors from malware and rootkit attacks
Virtual Machine Architecture Types (cont.) • The Xen Hypervisor Architecture and Resources Control • The Xen is an open-source, micro-kernel hypervisor developed at Cambridge University • The Xen hypervisor implements all mechanisms • Leaving the policy to be handled by a Domain0 • The Xen does not include any device drivers natively • The core components of a Xen system are the hypervisor, kernel, and applications • The guest OS with the control ability is called Domain0 • The others are called DomainU • Domain0 is a privileged guest OS of Xen
Virtual Machine Architecture Types (cont.) • Initially loaded when Xen boots without any file system drivers • Designed to access hardware directly and manage devices • One function of Domain0 is to allocate and map hardware resources to the guest domains, DomainUs • e.g., The Xen is based on Linux • Its security level is higher • Its management VM is named Domain0 • Domain0 has the privilege of managing other VMs implemented on the same host • If the Domain0 is compromised, the hacker can control the entire system. • Special security policy is applied to secure Domain0
Virtual Machine Architecture Types (cont.) • The Domain0 behaves like a hypervisor • Allows users to create, copy, save, read, modify, share, migrate, and rollback VMs as easily as manipulating a file