Risk Mitigation in Virtualized Systems
Total Page:16
File Type:pdf, Size:1020Kb
1 Introduction 1 Master Thesis University of Applied Sciences Luzern Risk Mitigation in Virtualized Systems Author: Markus Pfister Referent: Armand Portmann Co-Referent: Marcel Hiestand Period: June 23, 2008 to September 15, 2008 1 Introduction 2 Table of contents 1 INTRODUCTION ........................................................................................................................... 11 1.1 CITATIONS ................................................................................................................................ 11 1.2 DEFINITION OF VIRTUALIZATION .............................................................................................. 11 1.3 MOTIVATIONS FOR USING VIRTUALIZATION TECHNOLOGY ...................................................... 11 2 VIRTUALIZATION OVERVIEW ............................................................................................... 14 2.1 INTRODUCTION ......................................................................................................................... 14 3 VIRTUALIZATION TECHNIQUES ........................................................................................... 15 3.1 ENABLERS ................................................................................................................................. 15 3.1.1 Ring security model .................................................................................................................. 15 3.1.1.1 Expensive security perimeter switches ....................................................................................... 16 3.1.1.2 De-privileged guests .................................................................................................................. 16 3.1.1.3 Binary translation ....................................................................................................................... 17 3.1.2 Memory management ............................................................................................................... 17 3.1.2.1 Ballooning .................................................................................................................................. 18 3.1.2.2 Page sharing ............................................................................................................................... 19 3.1.3 Device drivers .......................................................................................................................... 20 3.2 VIRTUALIZATION TYPES ............................................................................................................ 20 3.2.1 Hardware virtualization ........................................................................................................... 21 3.2.2 Paravirtualization .................................................................................................................... 22 3.2.3 Hardware-assisted virtualization ............................................................................................. 23 3.2.4 Operating System virtualization “Containerization” ............................................................... 25 3.3 VIRTUAL MACHINE ARCHITECTURE ........................................................................................... 26 3.4 VIRTUAL DEVICES ..................................................................................................................... 26 3.4.1 Hardware virtualization ........................................................................................................... 26 3.4.2 Paravirtualization .................................................................................................................... 27 3.4.3 Hybrid ...................................................................................................................................... 27 3.4.4 Hardware supported I/O Virtual Machine ............................................................................... 28 1 Introduction 3 3.4.5 A complex I/O device architecture ........................................................................................... 29 3.5 STORAGE ................................................................................................................................... 30 3.5.1 Logical Unit Number LUN and LUN masking ......................................................................... 31 3.5.2 Zoning ...................................................................................................................................... 31 3.5.3 Backup ...................................................................................................................................... 31 3.5.4 High Availability ...................................................................................................................... 32 3.6 VIRTUAL NETWORKS ................................................................................................................ 32 3.6.1 Monitoring Virtual Networks ................................................................................................... 35 3.6.2 Virtual Network Layouts .......................................................................................................... 35 3.7 BACKUP AND RESTORE ............................................................................................................. 36 3.8 DISTRIBUTED VIRTUALIZED SYSTEMS ARCHITECTURE OVERVIEW............................................. 37 3.9 COMPARISON OF VIRTUALIZATION TECHNIQUES ....................................................................... 38 4 PRODUCT OVERVIEW ............................................................................................................... 39 4.1 IBM Z/OS ................................................................................................................................. 39 4.1.1 Logical partitions (LPAR) ........................................................................................................ 40 4.1.2 Shared data access ................................................................................................................... 41 4.1.2.1 Shared direct access storage devices .......................................................................................... 42 4.1.2.2 Channel-to-Channel Rings (CTC) .............................................................................................. 42 4.1.2.3 Sysplex ....................................................................................................................................... 43 4.1.2.4 The benefits of controlled, consistent shared data access ........................................................... 44 4.1.3 Networking ............................................................................................................................... 44 4.1.4 Backup and Restore .................................................................................................................. 46 4.2 VMWARE .................................................................................................................................. 46 4.2.1 Virtual server platform: ESX Server ........................................................................................ 46 4.2.2 Distributed Resource Scheduler DRS ....................................................................................... 47 4.2.3 High availability ....................................................................................................................... 50 4.2.4 Virtual File System VMFS ........................................................................................................ 50 4.2.5 Health checking ........................................................................................................................ 51 1 Introduction 4 4.2.6 Moving virtual machines: VMotion .......................................................................................... 51 4.2.7 Backup ...................................................................................................................................... 52 4.3 SUN ........................................................................................................................................... 53 4.3.1 Solaris Logical Domains (LDOMs).......................................................................................... 53 4.3.1.1 Control domains ......................................................................................................................... 53 4.3.1.2 Service domains ......................................................................................................................... 53 4.3.1.3 I/O domains ................................................................................................................................ 53 4.3.1.3.1 Device drivers ....................................................................................................................... 53 4.3.1.4 Guest domains ............................................................................................................................ 54 4.3.1.4.1 LDOMs and Zones ................................................................................................................ 55 4.3.1.4.1.1 Sparse or Small Zones .................................................................................................... 55 4.3.1.4.1.2 Big or Whole Root Zone (LDOM) ................................................................................