Novell SUSE Linux Enterprise Server 10 User Manual

Xen Expert Days

Virtualization with Xen SUSE Linux Enterprise Server 10

Ralf Dannert

Technology Specialist rdannert@novell.com

Agenda

•

Use cases

•

Terminology and Architecture

•

VM installation

•

Using Xen

•

Case Studies

•

Roadmap

•

Novell offerings

•

Helpful Links

2

Server Virtualization: Analyst's View

3

4

Executive Summary

●

Novell product portfolio offers choice

–

Customers can choose to deploy virtualization technologies provided by Novell and other VT vendors

●

Novell virtualization strategy is focused on Xen

–

Customer demand for server consolidation and price / performance will foster rapid acceptance

●

Novell supports customers

–

Virtual Machine Server Hardware from partners and Virtual Machine configurations are listed in YES certification bulletins

–

Novell Technical Services supports installation and operation

5

Use Cases

Uses of Virtualization

Virtual Resources

Sharing

Physical Resources

Examples: VMs, LPARs, Virtual Disks, VLANs

Virtual Resources

Extension

Physical Resources

Virtual Resources

Aggregation

Physical Resources

Examples: Virtual Disks, Virtual Storage Pools

Virtual Resources

Transparent Change

Physical

Add or Replace

Resources

Examples: iSCSI, Architecture Emulators

7

Examples: Spare CPU Substitution, CUoD

Use cases

•

Virtualization allows for more flexibility

–

Virtual Machines (VM) isolate hardware differences due to a abstracted resource layer between hardware and OS

–

Decouples software stacks from hardware life cycles

–

Dynamic provisioning reduces time to operation: preconfigured application stacks are faster to deploy

–

Integrated high availability increases reliability

8

A A A A A A A

OS OS OS OS OS

VM Virtualization Layer

Hardware

Terminology and Architecture

SLES 10 VM Server

SLES 9 and Windows XP - Fully Virtualized VMs

10

Xen Technology Background

Originally a research project from University of Cambridge

Open source

Xen 2.0 released November 2004 Xen 3.0.0 released December 2005 Xen 3.0.2 release May 2006 (SLES 10 Target) Xen 3.0.4 SLES 10 SP1 Target

11

Xen Community Terminology

Domain: A container for a running virtual machine. Colloquially,

the VM itself.

Domain 0: The first domain. Privileged to manage other domains. a.k.a. “dom0”.

Unprivileged domain: Any domain other than domain 0. Cannot manage other domains. a.k.a. “domU”.

Driver domain: A domain that contains physical drivers. Usually this is just domain 0.

Physical driver: A device driver (usually in the driver domain) that talks to the hardware.

Virtual driver: A device driver (usually in a domU) that fullfills requests by going to the physical driver.

12

Full & Paravirtualization Overview

Full Virtualization

Apps

Operating

System

Virtual

Machine

Virtual Machine Monitor

HW Platform

Runtime modification of Guest OS: VMM manages the conflict, then returns to OS

Apps

Operating

System

Virtual

Machine

Paravirtualization

Apps

Operating

System

A P

I

Virtual

Machine

A P

I

Virtual Machine Monitor

HW Platform

Static modification of Guest OS prior to runtime: Privileged instruction calls are exchanged with API functions provided by the VMM

– Almost no performance degradation

– Significant scalability

Apps

Operating

System

Virtual

Machine

A P

I

A P

I

13

Novell Terminology

Fully Virtual: A VM mode that can run a native, unmodified

operating system by emulating all hardware devices.

Paravirtual: A VM mode that can run a modified operating system, which cooperates with the VMM.

VT Computer: Computer supporting HVM Intel VT, AMD

Standard Computer: A computer that does not support

virtualization technology and therefore can run Xen VMs only in paravirtual mode.

Native Operating System: A typical operating system that is not optimized for the VM environment and must run in fully virtual mode.

14

Privilege Rings

Xen runs at ring 0 (highest privilege)

All domains run at rings 1 - 3.

•

Kernel is ring 1

•

User-space is ring 3

Applications Applications

ring 3

domain 0

(management)

Linux Kernel

Kernel Kernel

Hypercalls

Hypervisor (XEN)

Physical Hardware

15

Events

ring 1

ring 0

Hardware assisted virtualization

•VT Computer

•

run multiple OS concurrently

•

protected execution environments

•

priviledge ring expansion

•

simplify hypervisor

•

Intel VT for directed I/O(VT-d) - direct assign I/O

–no emulated drivers necessary

16

•

support for I/O device virtualization

–

direct I/O virtualization to the chipset(“VT-d”). Currently, I/O devices aren’t aware of virtualization and must go through the VMM before being assigned to a virtual machine.

•

software emulation slow

–

Performance

>

I/O requests must traverse two I/O stacks (guest and host)

–

Functionality

>

Guest OSes “see” only restricted sets of legacy devices

–

Reliability

>

Drivers are potentially undependable if they run as part of privileged software

Extending Intel Virtualization Technology

17

Full Virtualization Mode on VT using qemu-dm

●

using “device model”

●

hypervisor intercepts mmio regions

●

forwards request to qemu

●

i.e.: read request to harddisk

●

VM emulates the following devices

●

requires the VM's operating system to install, load, and run its

native device drivers

●

Network card: AMD PCnet, NE2000

●

Disk drive: IDE

●

Graphics card: Cirrus Logic* GD5446, VESA-compliant VGA

●

Input: PS/2 mouse and keyboard

●

Sound: Creative* Sound Blaster 16, Ensoniq* ES1370

18

Intel Pre- and Post-VT

19

AMD IOMMU

•in DomU OS not loaded at address 0

•Xen: direct access to memory difficult-->corruption

•

hypervisor intervenes in I/O, apply translation-->overhead

•solutions:

•

rewrite graphics driver ?

•

HW to support IOMMU

•AMD IOMMU -provides isolation and memory protection

•IOMMU: device remap address accessed by HW,

20

Ring Buffers

Network, disk I/O is done via shared memory, asynchronous ring buffers.

One ring per VM reduces cross-talk.

Events replace hardware interrupts for notifications.

Page-for-page swap between VM and Xen.

request consumer

response producer

21

request producer

response consumer

Xen Architecture – Simple View

Dom0

Pd

Linux

Dom1

Linux

Vd

Hypervisor

Hardware

Dom2

Netware

Vd

Pd = Physical Device Driver Vd = Virtual Device Driver

Xen Architecture – Simple View

Dom0 is the management domain for Xen guests

•

controls compute resources dynamically (e.g. memory, CPU, I/O)

•

provides interfaces to the physical server.

•

provides administration tools and interfaces

Dom0

Linux

Dom1

Linux

Dom2

Netware

Pd

Vd

Hypervisor

Hardware

Vd

Pd = Physical Device Driver Vd = Virtual Device Driver

Xen Architecture – Simple View

Dom0 is the management domain for Xen guests

•

controls compute resources dynamically (e.g. memory, CPU, I/O)

•

provides interfaces to the physical server.

•

provides administration tools and interfaces

Dom0

Linux

Dom1

Linux

Dom2

Netware

Hypervisor

•

is the virtual interface to the hardware – virtualizes the hardware

•

manages conflicts caused by OS access to privileged machine instructions

Pd

Vd

Hypervisor

Hardware

Vd

Pd = Physical Device Driver Vd = Virtual Device Driver

Xen Architecture – Simple View

Dom0 is the management domain for Xen guests

•

controls compute resources dynamically (e.g. memory, CPU, I/O)

•

provides interfaces to the physical server.

•

provides administration tools and interfaces

Hypervisor

•

is the virtual interface to the hardware – virtualizes the hardware

Dom0

Linux

Pd

Dom1

Linux

Vd

Hypervisor

Hardware

Dom2

DomU is the guest OS

•

Netware

•

Vd

•

hosts the application workloads

typically uses virtual device drivers to connect to the physical drivers in Dom0 by the hypervisor.

can also use physical device drivers directly

can be stored in a file-image

•

manages conflicts caused by OS access to privileged machine instructions

Pd = Physical Device Driver Vd = Virtual Device Driver

Distribution

•

pDistro

–

Tuned thin, platform distribution specialized for specific physical hardware

management

agents

kernel

system drivers

hard

w are s

pecif

ic tu

ning

•

vDistro

–

Tailored for application stacks, able to run on any pDistro

operating system

application(s)

libraries

configuration

secu

app l

rity

ic ation

a nd f

spec

ault t

i

f

ic tu

oleranc

ning

hypervisor

(vmm)

26

kernel

virtual drivers

e

Xen Technology – Architecture (cont)

27

Emerging Virtual Architectures

Novell Customer

Center

pDistros

Are used to deploy physical machine specific hypervisors with those drivers and agents needed by specific hardware vendors. Typically Hardware Vendors would create pDistros or build templates for their hardware.

Are used to deploy virtual machines on any

physical server and to move application stacks

between them in 'real-time'

Virtual Machines

(XEN/VMW)

Virtual Storage

(EVMS & CFS or segmented storage)

vDistros

Physical Servers

pDistro pDistro

Data Center Servers

Physical

Storage

Arrays

Data Center Storage

Application stack distribution

containers w/ fault containment and

intrusion protection

VM Management

vDistros

•

Incubator & Warehouse

•

Central (CIM-based) Model

•

Distributed p/v Monitoring

•

Workload Orchestration

ZENworks Linux Management

•

p/v-Distro Provisioning

•

Patching Agent

•

Application Deployment

•

Registration & Licensing

Monitor / Manage / Analyze / Respond

28

Novell SUSE Linux Enterprise Server 10 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual