Virtualization - PowerPoint PPT Presentation

Loading...

PPT – Virtualization PowerPoint presentation | free to download - id: 82823c-ZjJmN



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Virtualization

Description:

Title: Virtualization Author: mcolef Last modified by: dunny Created Date: 12/4/2012 2:48:23 AM Document presentation format: On-screen Show (4:3) Other titles – PowerPoint PPT presentation

Number of Views:170
Avg rating:3.0/5.0
Slides: 69
Provided by: mcol45
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Virtualization


1
Virtualization
  • Virtual Data Center Design

2
Goals
  • Mengapa membutuhkan virtualisasi ?
  • Memahami dasar dari virtualisasi
  • Teknologi virtualisasi

3
Problem
  • Perusahaan IT center mendukung berbagai macam
    aplikasi
  • Microsoft Exchange
  • Oracle
  • SAP
  • Web servers
  • Citrix
  • Setiap layanan aplikasi membutuhkan environment
    yang berbeda-beda
  • Specific version of operating system
  • Multiple processors and disks
  • Specialized configurations

4
Problem (continued)
  • Kerumitan menggabungkan layanan pada satu server
    yang sama
  • Konflik kebutuhan
  • Beban perangkat lunak yang tidak mampu di atasi
    perangkat keras
  • Kerumitan melakukan upgrade atau comissioning
    sebuah layanan
  • Membuat server shadow untuk proses debug dan test
  • Rumit dalam changeover
  • Kerumitan dalam menambah atau upgrade perangkat
    keras maupun OS
  • Testing dan melakukan benchmarking konfigurasi
    pada layanan yang aktif
  • Impossible load balancing
  • Layanan terikat pada satu sistem
  • Sebagian underused, sebagian overused

5
Virtualization
  • Virtualisasi ? Isitilah dalam komputasi yang
    mengacu pada sumber daya komputer.
  • Definisi
  • Teknik menyembunyikan sumber daya fisik komputer
  • End user tidak berinteraksi secara langsung
  • Satu sumber daya fisik berfungsi sebagai multi
    logical resource
  • Atau multi sumber daya fisik muncul sebagai satu
    sumber daya logical

6
Virtualization
  • Tema utama dari teknologi virtualisasi adalah
    menyembunyikan detil teknik melalui proses
    enkapsulasi.
  • Virtualisasi membuat sebuah antarmuka eksternal
    yang menyembunyikan implementasi yang terjadi
    didalamnya seperti proses multiplexing dsb dengan
    menggabungkan sumber daya dari beberapa lokasi
    yang berbeda atau dengan melakukan penyederhanaan
    kontrol sistem.

7
Virtualization
  • Terbagi menjadi dua kategori utama
  • Platform virtualisasi melibatkan simulasi dari
    mesin virtual
  • Resource Virtualisasi melibatkan simulasi dari
    sumberdaya yang digabungkan atau disederhanakan

8
Platform Virtualization
  • Pembuatan mesin virtual yang digunakan sebagai
    kombinasi dari perangkat keras dan perangkat
    lunak sebagai platform virtualisasi.
  • Dilakukan diatas sebuah platform perangkat keras
    (host) dengan sebuah software sebagai kontrol
    yang dapat membuat sebuah lingkungan simulasi
    komputer (Virtual Machine) atau guest
  • Guest adalah berjalan sebagai OS seperti
    layaknya terpasang pada sebuah hardware platform
    standalone
  • Untuk membuat guest system bekerja dengan baik,
    sistem harus bersifat robust untuk mendukung
    sistem external dari guest

9
Platform Virtualization
  • Terdapat beberapa pendekatan ( bukan merupakan
    terminologi universal )
  • Emulation / Simulation
  • Native dan Full Virtualization

10
Platform Virtualization
  • Emulation or simulation
  • Berjalan pada CPU yang berbeda untuk tiap guest
  • Bochs, PearPC, PPC version of Virtual PC, QEMU.

11
Platform Virtualization
  • Native virtualization and full virtualization
  • VM disimuliasikan pada hardware berjalan pada
    satu CPU yang sama dan berjalan secara terisolasi
  • Diawali pada 1966 oleh CP-40 dan CP-67/CMS,
    predecessors dari IBM's VM family.
  • Contoh lain
  • Virtual Iron, VMware Workstation, VMware Server
    (formerly GSX Server), Parallels Desktop, Adeos,
    Mac-on-Linux, Win4BSD, Win4Lin Pro, and z/VM.

12
Full virtualization Menggunakan hypervisor untuk
membagi hardware
13
Hypervisor
  • Hypervisor adalah platform virtualisasi yang
    mampu membuat multiple OS untuk berjalan pada
    sebuah host pada waktu bersamaan. Terminologi ini
    mengacu pada sebuah implementasi yang menggunakan
    full virtualization

14
Hypervisor
  • Hypervisor diklasifikasikan menjadi 2 bagian
  • Tipe 1 Hypervisor ( atau tipe 1 VMM) adalah
    software yang berjalan langsung pada platform
    hardware (sebagai OS). Dan guest akan berjalan
    pada level ke 2 diatas hardware
  • The classic type 1 hypervisor was CP/CMS,
    developed at IBM in the 1960s, ancestor of IBM's
    current z/VM. More recent examples are Xen,
    VMware's ESX Server, and Sun's Hypervisor
    (released in 2005).
  • Type 2 hypervisor (or Type 2 virtual machine
    monitor) adalah software yang berjalan pada OS
    yang berjalan pada level ke 3 diatas hardware
  • Examples include VMware server and Microsoft
    Virtual Server.

15
Platform Virtualization
  • Partial virtualization (and including "address
    space virtualization")
  • VM mensimulasikan beberapa instances pada sebuah
    lingkungan hardware tetapi tidak memisahkan
    guest OS.

16
Platform Virtualization
  • Paravirtualization
  • VM tidak perlu mensimulasikan hardware tetapi
    memberikan API yang dapat digunakan untuk
    memodifikasi guest OS ? hypercall.

17
Paravirtualization shares the process with the
guest operating system
18
Platform Virtualization
  • Operating system-level virtualization
  • Melakukan proses virtualisasi server pada OS
    level, mengaktifkan multiple vserver virtuan
    untuk berjalan pada satu server fisik. Lingkungan
    guest akan melakukan share OS yang sama sesuai
    dengan host system ? misal menggunakan kernel
    yang sama untuk membuat sebuah guest
  • Examples are Linux-VServer, Virtuozzo, OpenVZ,
    Solaris Containers, and FreeBSD Jails.

19
Operating system-level virtualization isolates
servers
20
Resource Virtualization
  • Konsep virtualisasi semakin berkembang untuk
    implementasi sumber daya sistem secara spesifik
    misalkan untuk storage dan network.

21
Resource Virtualization
  • Resource aggregation, spanning, or concatenation
    combines individual components into larger
    resources or resource pools. For example
  • RAID Volume manager menggabungkan beberapa disk
    menjadi satu logical disk
  • Virtualisasi storage merefer pada proses
    membentuk sebuah storage logical dan biasanya
    digunakan pada SAN. Dimana satu physical storage
    di agregatkan menjadi beberapa pool storage.
  • Channel bonding pada sebuah network equipment,
    menggunakan multiple links untuk digabungkan dan
    bekerja menjadi satu sehingga mendapatkan
    bandwidth yang lebih tinggi.
  • VPN dan NAT ? Virtual Circuit
  • Multiprocessor

22
Linux-related virtualization projects
Project Type License
Bochs Emulation LGPL
QEMU Emulation LGPL/GPL
VMware Full virtualization Proprietary
z/VM Full virtualization Proprietary
Xen Paravirtualization GPL
UML Paravirtualization GPL
Linux-VServer Operating system-level virtualization GPL
OpenVZ Operating system-level virtualization GPL
23
The layers of IT-as-a-Service
Collaboration
CRM/ERP/HR
Business Processes
Industry Applications
Software as a Service
Middleware
Web 2.0 Application Runtime
Java Runtime
High Volume Transactions
Development Tooling
Database
Platform as a Service
Data Center Fabric
Servers
Networking
Storage
Shared virtualized, dynamic provisioning
24
Cloud Service
  • Software as a Service (SaaS)
  • SalesForce.Com, Yahoomail, Google Docs
  • Platform as a Service (PaaS)
  • Google App Engine API, Microsoft Azure,
    Manjrasoft Aneka..
  • Infrastructure as a Service (IaaS)
  • CPU, Storage DropBox, Amazon.com, Nirvanix,
    GoGrid, VPS.

25
Bochs (emulation)
  • Bochs is an x86 computer simulator that is
    portable and runs on a variety of platforms,
    including x86, PowerPC, Alpha, SPARC, and MIPS.
    What makes Bochs interesting is that it doesn't
    just simulate the processor but the entire
    computer, including the peripherals, such as the
    keyboard, mouse, video graphics hardware, network
    interface card (NIC) devices, and so on.
  • Bochs can be configured as an older Intel 386,
    or successor processors such as the 486, Pentium,
    Pentium Pro, or a 64-bit variant. It even
    emulates optional graphics instructions like the
    MMX and 3DNow.
  • Using the Bochs emulator, you can run any Linux
    distribution on Linux, Microsoft Windows
    95/98/NT/2000 (and a variety of applications) on
    Linux, and even the Berkeley Software
    Distribution (BSD) operating systems (FreeBSD,
    OpenBSD, and so on) on Linux.

26
QEMU (emulation)
  • QEMU is another emulator, like Bochs, but it has
    some differences that are worth noting. QEMU
    supports two modes of operation. The first is the
    Full System Emulation mode. This mode is similar
    to Bochs in that it emulates a full personal
    computer (PC) system with processor and
    peripherals. This mode emulates a number of
    processor architectures, such as x86, x86_64,
    ARM, SPARC, PowerPC, and MIPS, with reasonable
    speed using dynamic translation. Using this mode,
    you can emulate the Windows operating systems
    (including XP) and Linux on Linux, Solaris, and
    FreeBSD. Many other operating system combinations
    are also supported (see the Resources section for
    more information).
  • QEMU also supports a second mode called User Mode
    Emulation. In this mode, which can only be hosted
    on Linux, a binary for a different architecture
    can be launched. This allows, for example, a
    binary compiled for the MIPS architecture to be
    executed on Linux running on x86. Other
    architectures supported in this mode include ARM,
    SPARC, and PowerPC, though more are under
    development.

27
VMware (full virtualization)
  • VMware is a commercial solution for full
    virtualization. A hypervisor sits between the
    guest operating systems and the bare hardware as
    an abstraction layer. This abstraction layer
    allows any operating system to run on the
    hardware without knowledge of any other guest
    operating system.
  • VMware also virtualizes the available I/O
    hardware and places drivers for high-performance
    devices into the hypervisor.
  • The entire virtualized environment is kept as a
    file, meaning that a full system (including guest
    operating system, VM, and virtual hardware) can
    be easily and quickly migrated to a new host for
    load balancing.

28
z/VM (full virtualization)
  • While the IBM System z is a new brand name, it
    actually has a long heritage originating back in
    the 1960s. The System/360 supported
    virtualization using virtual machines in 1965.
    Interestingly, the System z retains backward
    compatibility with the older System/360 line.
  • The z/VM is the operating system hypervisor for
    the System z. At its core is the Control Program
    (CP), which provides the virtualization of
    physical resources to the guest operating
    systems, including Linux (see the figure on the
    next slide). This permits multiple processors and
    other resources to be virtualized for a number of
    guest operating systems.
  • The z/VM can also emulate a guest local area
    network (LAN) virtually for those guest operating
    systems that want to communicate with each other.
    This is emulated entirely in the hypervisor,
    making it highly secure.

29
z/VM (full virtualization)
30
Xen (paravirtualization)
  • Xen is a free open source solution for operating
    system-level paravirtualization from XenSource.
    Recall that in paravirtualization the hypervisor
    and the operating system collaborate on the
    virtualization, requiring operating system
    changes but resulting in near native performance.
  • As Xen requires collaboration (modifications to
    the guest operating system), only those operating
    systems that are patched can be virtualized over
    Xen. From the perspective of Linux, which is
    itself open source, this is a reasonable
    compromise because the result is better
    performance than full virtualization. But from
    the perspective of wide support (such as
    supporting other non-open source operating
    systems), it's a clear disadvantage.
  • It is possible to run Windows as a guest on Xen,
    but only on systems running the Intel Vanderpool
    or AMD Pacifica. Other operating systems that
    support Xen include Minix, Plan 9, NetBSD,
    FreeBSD, and OpenSolaris.

31
User-mode Linux (paravirtualization)
  • User-mode Linux (UML) allows a Linux operating
    system to run other Linux operating systems in
    user-space. Each guest Linux operating system
    exists within a process of the host Linux
    operating system (see Figure 6). This permits
    multiple Linux kernels (with their own associated
    user-spaces) to run within the context of a
    single Linux kernel.

32
User-mode Linux (paravirtualization)
  • As of the 2.6 Linux kernel, UML resides in the
    main kernel tree, but it must be enabled and then
    recompiled for use. These changes provide, among
    other things, device virtualization. This allows
    the guest operating systems to share the
    available physical devices, such as the block
    devices (floppy, CD-ROM, and file systems, for
    example), consoles, NIC devices, sound hardware,
    and others.

33
User-mode Linux (paravirtualization)
  • Note that since the guest kernels run in
    application space, they must be specially
    compiled for this use (though they can be
    different kernel versions). This results in
    what's called the host kernel (which resides on
    the hardware) and the guest kernel (which runs in
    the user space of the host kernel). These kernels
    can even be nested, allowing a guest kernel to
    run on another guest kernel that is running on
    the host kernel.

34
User-mode Linux (paravirtualization)
35
Linux-VServer (operating system-level
virtualization)
  • Linux-VServer is a solution for operating
    system-level virtualization. Linux-VServer
    virtualizes the Linux kernel so that multiple
    user-space environments, otherwise known as
    Virtual Private Servers (VPS), run independently
    with no knowledge of one another. Linux-VServer
    achieves user-space isolation through a set of
    modifications to the Linux kernel.

36
Linux-VServer (operating system-level
virtualization)
  • To isolate the individual user-spaces from one
    another, you begin with the concept of a context.
    A context is a container for processes of a given
    VPS, so that tools like ps know only about the
    processes of the VPS. For initial boot, the
    kernel defines a default context. A spectator
    context also exists for administration (to view
    all executing processes). As you can guess, the
    kernel and internal data structures are modified
    to support this approach to virtualization.

37
Linux-VServer (operating system-level
virtualization)
  • Linux-VServer also uses a form of chroot to
    isolate the root directory for each VPS. Recall
    that chroot allows a new root directory to be
    specified, but additional functionality is
    required (called a Chroot-Barrier) so that a VPS
    can't escape its isolated root directory to the
    parent. Given an isolated root directory, each
    VPS has its own user list and root password.

38
Linux-VServer (operating system-level
virtualization)
  • The Linux-VServer is supported by both the 2.4
    and 2.6 Linux kernels and operates on a number of
    platforms, including x86, x86-64, SPARC, MIPS,
    ARM and PowerPC.

39
OpenVZ (operating system-level virtualization)
  • OpenVZ is another operating system-level
    virtualization solution, like Linux-VServer, but
    it has some interesting differences.
  • OpenVZ is a virtualization-aware (modified)
    kernel that supports isolated user-spaces, VPS,
    with a set of user-tools for management.
  • For example, you can easily create a new VPS from
    the command line

40
OpenVZ (operating system-level virtualization)
  • vzctl create 42 --ostemplate fedora-core-4
  • Creating VPS private area
  • VPS private area was created
  • vzctl start 42
  • Starting VPS ...
  • VPS is mounted

41
OpenVZ (operating system-level virtualization)
  • You can also list the currently created VPSes
    using the vzlist command, which operates in a
    similar fashion to the standard Linux ps command.
  • To schedule processes, OpenVZ includes a
    two-level CPU scheduler. First, the scheduler
    determines which VPS should get the CPU. After
    this is done, the second-level scheduler picks
    the process to execute given the standard Linux
    priorities.

42
OpenVZ (operating system-level virtualization)
  • OpenVZ also includes what are called
    beancounters. A beancounter consists of a number
    of parameters that define resource distribution
    for a given VPS. This provides a level of control
    over a VPS, defining how much memory is
    available, how many interprocess communication
    (IPC) objects are available, and so on.
  • A unique feature of OpenVZ is the ability to
    checkpoint and migrate a VPS from one physical
    server to another. Checkpointing means that the
    state of a running VPS is frozen and store into a
    file. This file can then be migrated to a new
    server and restored to bring the VPS back online.
  • OpenVZ supports a number of hardware
    architectures, including x86, x86-64, and PowerPC.

43
Hardware support for full virtualization and
paravirtualization
  • Recall that the IA-32 (x86) architecture creates
    some issues when it comes to virtualization.
    Certain privileged-mode instructions do not trap,
    and can return different results based upon the
    mode. For example, the x86 STR instruction
    retrieves the security state, but the value
    returned is based upon the particular requester's
    privilege level. This is problematic when
    attempting to virtualize different operating
    systems at different levels. For example, the x86
    supports four rings of protection, where level 0
    (the highest privilege) typically runs the
    operating system, levels 1 and 2 support
    operating system services, and level 3 (the
    lowest level) supports applications. Hardware
    vendors have recognized this shortcoming (and
    others), and have produced new designs that
    support and accelerate virtualization.

44
Hardware support for full virtualization and
paravirtualization
  • Intel is producing new virtualization technology
    that will support hypervisors for both the x86
    (VT-x) and Itanium (VT-i) architectures.
  • The VT-x supports two new forms of operation
  • one for the VMM (root)
  • one for guest operating systems (non-root).
  • The root form is fully privileged, while the
    non-root form is deprivileged (even for ring 0).
  • The architecture also supports flexibility in
    defining the instructions that cause a VM (guest
    operating system) to exit to the VMM and store
    off processor state. Other capabilities have been
    added

45
Hardware support for full virtualization and
paravirtualization
  • AMD is also producing hardware-assisted
    virtualization technology, under the name
    Pacifica.
  • Among other things, Pacifica maintains a control
    block for guest operating systems that are saved
    on execution of special instructions.
  • The VMRUN instruction allows a virtual machine
    (and its associated guest operating system) to
    run until the VMM regains control (which is also
    configurable). The configurability allows the VMM
    to customize the privileges for each of the
    guests.
  • Pacifica also amends address translation with
    host and guest memory management unit (MMU)
    tables.

46
Linux KVM (Kernel Virtual Machine)
  • The most recent news out of Linux is the
    incorporation of the KVM into the Linux kernel
    (2.6.20).
  • KVM is a full virtualization solution that is
    unique in that it turns a Linux kernel into a
    hypervisor using a kernel module.
  • This module allows other guest operating systems
    to then run in user-space of the host Linux
    kernel (see Figure in the next slide).
  • The KVM module in the kernel exposes the
    virtualized hardware through the /dev/kvm
    character device.
  • The guest operating system interfaces to the KVM
    module using a modified QEMU process for PC
    hardware emulation.

47
Linux KVM (Kernel Virtual Machine)
48
Linux KVM (Kernel Virtual Machine)
  • The KVM module introduces a new execution mode
    into the kernel. Where vanilla kernels support
    kernel mode and user mode, the KVM introduces a
    guest mode. The guest mode is used to execute all
    non-I/O guest code, where normal user mode
    supports I/O for guests.
  • The introduction of the KVM is an interesting
    evolution of Linux, as it represents the first
    virtualization technology that is part of the
    mainline Linux kernel. It exists in the 2.6.20
    tree, but can be used as a kernel module for the
    2.6.19 kernel. When run on hardware that supports
    virtualization, Linux (32-and 64-bit) and Windows
    (32-bit) guests are supported.

49
Virtualization Examples
  • Server consolidation - Virtual machines are used
    to consolidate many physical servers into fewer
    servers, which in turn host virtual machines.
    Each physical server is reflected as a virtual
    machine "guest" residing on a virtual machine
    host system. This is also known as
    Physical-to-Virtual or 'P2V' transformation.

50
Virtualization Examples
  • Disaster recovery - Virtual machines can be used
    as "hot standby" environments for physical
    production servers. This changes the classical
    "backup-and-restore" philosophy, by providing
    backup images that can "boot" into live virtual
    machines, capable of taking over workload for a
    production server experiencing an outage.

51
Virtualization Examples
  • Testing and training - Hardware virtualization
    can give root access to a virtual machine. This
    can be very useful such as in kernel development
    and operating system courses.

52
Virtualization Examples
  • Portable applications - The Microsoft Windows
    platform has a well-known issue involving the
    creation of portable applications, needed (for
    example) when running an application from a
    removable drive, without installing it on the
    system's main disk drive. This is a particular
    issue with USB drives. Virtualization can be used
    to encapsulate the application with a redirection
    layer that stores temporary files, Windows
    Registry entries, and other state information in
    the application's installation directory and
    not within the system's permanent file system.
    See portable applications for further details. It
    is unclear whether such implementations are
    currently available.

53
Virtualization Examples
  • Portable workspaces - Recent technologies have
    used virtualization to create portable workspaces
    on devices like iPods and USB memory sticks.
    These products include
  • Application Level Thinstall which is a
    driver-less solution for running "Thinstalled"
    applications directly from removable storage
    without system changes or needing Admin rights
  • OS-level MojoPac, Ceedo, and U3 which allows
    end users to install some applications onto a
    storage device for use on another PC.
  • Machine-level moka5 and LivePC which delivers
    an operating system with a full software suite,
    including isolation and security protections.

54
Server Virtualization
  • Server virtualization is used to describe many
    different technologies and approaches to abstract
    operating systems from hardware.
  • Server virtualization presents a virtual view of
    hardware to an operating system to allow multiple
    operating systems to share the same physical
    resource in complete isolation from each other.

55
Server Virtualization
  • The key benefits of virtualization are
  • Isolation A virtual servers state is unaffected
    by the state of other virtual servers on the same
    physical hardware.
  • Encapsulation The state of a virtual server can
    be captured and files representing a virtual
    server are portable.
  • Hardware-independence Virtual hardware does not
    have to be identical to the underlying physical
    hardware.

56
X86 Virtualization
  • The x86 architecture was not originally designed
    for virtualization.
  • This created tradeoffs in early server
    virtualization implementations in terms of both
    performance and complexity.
  • Historically there have been two approaches to
    virtualize x86 architecture
  • binary patching
  • paravirtualization.
  • Although both approaches create the illusion of
    physical hardware to achieve the goal of
    operating system independence from the hardware,
    there are significant differences between the
    approaches

57
X86 Virtualization
  • Full virtualization with binary patching, at
    run-time rewrites x86 instructions that cannot be
    trapped and converts them into a series of
    instructions that can be trapped and virtualized.
    Full virtualization is capable of running
    existing, legacy operating systems without
    modifications, however it has significant costs
    in complexity and runtime performance.

58
X86 Virtualization
  • Paravirtualization modifies an operating system
    to replace non-trappable x86 instructions with a
    series of calls directly into a hypervisor (a
    virtual machine monitor). It achieves high
    performance with less complexity in the
    virtualization layer but requires the guest
    operating system to be substantially modified and
    tied to a particular version of the hypervisor.

59
Virtual Infrastructure
  • All data center resources can be virtualized to
    create a Virtual Infrastructure. The components
    described in the chart below provide the
    foundation to create virtual servers. A virtual
    server consists of 32 or 64-bit CPUs, memory,
    disks, network adapters, fibre channel adapters,
    keyboard, video, and mouse. A virtual server can
    run standard Linux and Windows operating systems
    and applications.

60
Virtual Infrastructure
Physical Resource Virtual Infrastructure
Industry standard Intel and AMD servers upon which the virtualization layer is automatically deployed A Virtualized Node consists of a collection of CPUs and RAM that can be allocated to a virtual server
Each server can have multiple gigabit Ethernet cards (NICs) to provide required throughput and availability Virtual servers connect through virtual NICs to physical or virtual networks
iSCSI, SAN and NAS storage technologies are used for reliable persistent storage A collection of storage resources can be partitioned and allocated to virtual servers using raw mappings or virtual hard disks
61
Virtualization Tips
  • In the VMware space, VirtualCenter is the
    management tool of choice for ESX Server.
  • Other products, like Hewlett-Packard's Virtual
    Machine Management or IBM's Director modules, are
    adding functionality to deal with virtual machine
    VM environments.
  • The problem is that most of these tools that are
    snap-ins lack much of the simple functionality
    you get in VirtualCenter.
  • Most companies will end up buying both
    VirtualCenter and the vendor's tool and use both
    depending on what they are doing.

62
Virtualization Tips
  • Shy away from large amounts of processing when
    doing consolidation.
  • If you are doing virtualization for other
    reasons, like workload management, then you can
    get nearly anything to run virtualized if you are
    willing to change some of the things you do.
  • However, if you are looking for maximum
    consolidation ratios and high ROIs, stay away
    from the quad boxes that are already running at
    50.

63
Security Tips
  • Some standard minimum security at least
  • Disable remote root access
  • use sudo when needed
  • configure the AD PAM modules for Windows shops.

64
Security Tips
  • Some organizations use too much surrounding
    security and end up making their environment
    slower, more difficult and expensive to manage.
  • When dealing with the VMs, all of the standard
    procedures should be followed.
  • The host systems themselves should often be
    considered appliances, and organizations should
    limit the amount of customized agents and
    security hacks performed on these systems.

65
Security Tips
  • One should not go overboard with ESX hosts, since
    they are basically appliances serving up
    computing resources and should be treated as
    such. Nevertheless, taking a common sense
    approach to security on the servers is the best
    bet.
  • The most common mistakes made with virtual
    security are based on ignorance, lack of
    knowledge of the Linux console, failure to
    understand how virtual switch architecture works,
    and what the host does not directly see in the
    data in the VM disk files.

66
Security Tips
  • The same practices that are performed to secure a
    physical environment can, and should, be used in
    a virtual environment as well.
  • Everything from proper VLAN/firewall organization
    to host-based intrusion detection should be
    leveraged to keep the environment secure.

67
Scalability Tips
  • Simplicity. The more complicated the design and
    infrastructure, the less scalable it will be.
  • For example, a common mistake in large
    organizations, is that they assume they cannot
    create a simple solution because they are big.
    One can argue that they should make the solution
    or design for VMware as simple as possible to
    make it scalable for the size of their
    organization and largest client base.
  • Don't design the entire solution around the
    one-offs.

68
Scalability Tips
  • When designing a virtual infrastructure, one
    should never look at the environment and try to
    plan one large infrastructure for the entire
    virtualization project. It wont work.
  • Organize the overall environment into smaller
    groupings of servers and addressed individually.
  • When approached this way, at the end of the
    project, a very scalable deployment methodology
    that uses the same principals with a manageable
    number of servers in various phases of the
    project will be in place
About PowerShow.com