DOCSLIB.ORG

Virtualization Options for Hypervisors on Linux on IBM Z15 and IBM Linuxone III

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Virtualization Options for Hypervisors on Linux on IBM Z15 and IBM Linuxone III Virtualization options for hypervisors on Linux on IBM z15 and IBM LinuxONE III Richard Young IBM Executive IT Specialist IBM Z and LinuxONE IBM Systems Lab Services Architectural options for installations with Linux on IBM Z & LinuxONE Main Layers for Linux on Z Components - In Flight Security - At Rest - Key Management - SUSE Linux Distribution - Red Hat - Ubuntu - LPAR only - z/VM Virtualization - KVM - Containers, SSC, K8S, RH OCP - OSA options Network attachments - RoCE / ISM ~ TCP, SMC-R, SMC-D - Hipersockets - Virtual (MacvTap, Vswitch, bond) LPAR Management - DPM - PR / SM - FCP / SCSI Storage - FICON ECKD & Disk attachments - Internal NVMe - Spectrum Scale Agenda Ø Benefits of virtualization • Available options • Considerations for virtualization decisions • Virtualization options • Firmware hypervisors • Software hypervisors • Software Containers • Firmware hypervisor decision guide • Virtualization decision guide • Summary Why do we virtualize? What are the benefits of virtualization? § Simplification – use of standardized images, virtualized hardware, and automated configuration of virtual infrastructure § Migration – one of the first uses of virtualization, enable coexistence, phased upgrades and migrations. It can also simplify hardware upgrades by make changes transparent. § Efficiency – reduced hardware footprints, better utilization of available hardware resources, and reduced time to delivery. Reuse of deprovisioned or relinquished resources. § Resilience – run new versions and old versions in parallel, avoiding service downtime § Cost savings – having fewer machines translates to lower costs in server hardware, networking, floor space, electricity, administration (perceived) § To accommodate growth – virtualization allows the IT to be more responsive to business growth, hopefully avoiding interruption 4 © Copyright IBM Corporation 2020 Agenda • Benefits of virtualization Ø Available options • Considerations for virtualization decisions • Virtualization options • Firmware hypervisors • Software hypervisors • Software Containers • Firmware hypervisor decision guide • Virtualization decision guide • Summary What hypervisors and virtualization options on Linux on IBM Z & LinuxONE q IBM traditional PR/SM or via DPM (Dynamic Partition Manager) – Firmware based virtualization to securely share and partition hardware resources. DPM providing graphical interface & REST interfaces with simplified management, automation, and dynamic capability for LinuxONE. q IBM z/VM – IBM developed, software-based mainframe virtualization that can be traced back to the beginning of Virtualization in computing q Linux KVM – Open source software-based virtualization. Supports multiple hardware architectures. Kernel based virtual machines started in mid 2000’s. Available via Linux Distro’s. q Containers – System Containers and Application containers. Via Linux cgroups and namespaces, provide an isolated environment for applications to run. Containers share a single host kernel. qOCI based Containers - Standard for container with a toolset ( Docker, Podman, ..) image build process, an API & CLI, a registry. Clustering added with additional tools like Dock swarm, Kubernetes. q IBM Secure Service Container (SSC) – Special partition for fully encrypted workloads. Traditional system administrator access removed. Limited and encrypted network access. 6 © Copyright IBM Corporation 2020 Agenda • Benefits of virtualization • Available options Ø Considerations for virtualization decisions • Virtualization options • Firmware hypervisors • Software hypervisors • Software Containers • Firmware hypervisor decision guide • Virtualization decision guide • Summary Considerations for virtualization decisions q Current in house standards – Distros q Open vs proprietary q Software supported in combination with it q Outage avoidance – Live migration/relocation q Hardware support – i.e. NVMe, CTC, ISM q Feature/Function and requirements q Colocation requirements ( z/OS, x86) ØLive relocation requirements x, y ,z q Available skill set in house to manage q Dynamic by design – No outages to change q Ability to hire talent with needed skills q Performance / Scalability rd q Learning curve / duration to become q Ecosystem – Documentation, training, 3 fluent/expert – Simplicity vs complexity party solutions and support q Level of Isolation / security q Cost – Direct / Indirect for additional features qMonitoring , Security, Automation, Auditing, q Certifications & Multitenancy requirements Time to train rd q Automation capability – Rest APIs or 3 party q Integrity and Isolation tooling – i.e. Kickstart deployment, qSecure boot OpenStack, or Ansible qSecure Execution qAutomated / Manual encryption 8 © Copyright IBM Corporation 2020 Agenda • Benefits of virtualization • Available options • Considerations for virtualization decisions Ø Virtualization options • Firmware hypervisors • Software hypervisors • Software Containers • Firmware hypervisor decision guide • Virtualization decision guide • Summary IBM LinuxONE virtualization options overview Server virtualization. There are typically Application isolation. There are typically dozens or hundreds of Linux servers in a thousands of Containers in Linux on KVM or z/VM LPAR. IBM Z. IBM LinuxONE 2nd level virtualization Linux Linux for Test & QA only Linux SSC Linux 2 Linux Virtual Linux Secure Linux CPUs Linux ServiceLinux (cores) Linux Container KVM Linux z/VM Linux (SSC) Virtual CPUs Server (cores) virtualization KVM z/VM LPAR LPAR1 LPAR2 LPAR3 LPAR4 virtualization Logical (PR/SM or DPM) CPUs (cores) Real P1 P2 P3 P4 P5 P6 P7 P8 CPUs* (cores) P1 – P8 are Central Processor Units (CPU -> core) or Integrated Facility for Linux (IFL) Processors (IFL -> core) * - One shared Pool of cores per System only 10 2020 IBM Corporation Note: - LPARs can be managed by DPM or traditional PR/SM IBM Z virtualization options Server virtualization. Typically dozens - hundreds of Linux Application isolation. There are typically servers in a KVM or z/VM LPAR collocated with z/OS or thousands of Containers in Linux on others IBM Z. IBM Z 2nd level virtualization Linux z/OS for Test & QA only Linux SSC Linux 2 Linux Virtual Linux Secure Linux CPUs Linux z/OS or ServiceLinux (cores) Linux Container KVM Linux z/VM z/VSE or Linux (SSC) Virtual z/TPF CPUs Server (cores) virtualization KVM z/VM LPAR LPAR1 LPAR2 LPAR3 LPAR4 LPAR5 virtualization Logical with PR/SM or CPUs DPM (With (cores) supported operating Real systems) P1 P2 P3 P4 P5 P6 P7 P8 P9 P10 CPUs* (cores) P1-P2 CPUs as general-purpose CPs, P3 – P10 are Central Processor Units (CPU -> core) or Integrated Facility for Linux (IFL) Processors (IFL -> core) * - One shared Pool of cores by type per System only 11 Note: - LPARs can be managed by DPM or traditional PR/SM 2020 IBM Corporation Architectural Options 1) Firmware hypervisor management • Traditional PR/SM • IBM Dynamic Partition Manager 12 © Copyright IBM Corporation 2020 2020 IBM Corporation Traditional PR/SM Management • Does not have to be implemented in a dynamic manner, but can be under the right conditions and process. You must take care to be dynamic capable. • You could build an assembler macro deck in a text file, but this is error prone and very labor intensive. • Typically you would build an IODF and populate an IOCDS from the IODF. • An IODF can be created and managed with HCD or HCM. • Both of these programs are available in z/OS and z/VM environments • In a z/VM environment, HCD manages an IODF and IOCDS, but does not have the panel system to build the IODF, that is where HCM is used. • z/VM can also manage the IO configuration via CP commands • While HCM graphically builds an IODF, it does not write an IOCDS or activate a new configuration. 13 © Copyright IBM Corporation 2020 What is IBM Dynamic Partition Manager? • Built on existing PR/SM technology capabilities • Simplified, consumable, enhanced, partition life-cycle and integrated dynamic I/O management capabilities LINUX LINUX LINUX SSC • Provides the technology foundation that enables APIs for IaaS and secure, private KVM Clouds PR/SM DPM IBM DPM Powerful and easy HMC 14 © Copyright IBM Corporation 2020 Architectural decisions for LPAR level virtualization management PR/SM - Processor Resource/Systems Manager • For Mixed workload (i.e. z/OS & Linux) with all features supported • For LinuxONE with all HW features supported • Needs specialized skill for new IBM Z & LinuxONE Admins • Requires use of HCD and optionally HCM to manage the IO configuration, which comes with z/VM or z/OS LINUX LINUX LINUX SSC DPM – Dynamic Partition Manager KVM • For Linux, z/VM, KVM, and SSC only, no z/OS, VSE, or others • Intuitive Graphical interface , all configuration from HMC PR/SM DPM • REST APIs for integration in SDD - Software Defined Datacenter HMC • Python and Ansible libraries for REST APIs • No support for z/VM SSI & LGR (CTC support – required) • No support yet for ISM and GDPS Appliance (NVMe is supported) • Requires FC0016 and two 1000BaseT adapters 15 © Copyright IBM Corporation 2020 Architectural Options 1) Firmware hypervisor management • Traditional PR/SM • IBM Dynamic Partition Manager 2) Optionally, one or more software hypervisor • IBM z/VM • KVM 16 © Copyright IBM Corporation 2020 2020 IBM Corporation Optionally a software Hypervisor, what if you choose none? Ø Limited to the number of partitions the Ø Could still utilize containers for enhanced isolation machine supports. Inhibits scale. vs a single Linux instance Ø Eliminates any hypervisor imposed limits
Load more

Recommended publications
  • Effective Virtual CPU Configuration with QEMU and Libvirt
    Effective Virtual CPU Configuration with QEMU and libvirt Kashyap Chamarthy <[email protected]> Open Source Summit Edinburgh, 2018 1 / 38 Timeline of recent CPU flaws, 2018 (a) Jan 03 • Spectre v1: Bounds Check Bypass Jan 03 • Spectre v2: Branch Target Injection Jan 03 • Meltdown: Rogue Data Cache Load May 21 • Spectre-NG: Speculative Store Bypass Jun 21 • TLBleed: Side-channel attack over shared TLBs 2 / 38 Timeline of recent CPU flaws, 2018 (b) Jun 29 • NetSpectre: Side-channel attack over local network Jul 10 • Spectre-NG: Bounds Check Bypass Store Aug 14 • L1TF: "L1 Terminal Fault" ... • ? 3 / 38 Related talks in the ‘References’ section Out of scope: Internals of various side-channel attacks How to exploit Meltdown & Spectre variants Details of performance implications What this talk is not about 4 / 38 Related talks in the ‘References’ section What this talk is not about Out of scope: Internals of various side-channel attacks How to exploit Meltdown & Spectre variants Details of performance implications 4 / 38 What this talk is not about Out of scope: Internals of various side-channel attacks How to exploit Meltdown & Spectre variants Details of performance implications Related talks in the ‘References’ section 4 / 38 OpenStack, et al. libguestfs Virt Driver (guestfish) libvirtd QMP QMP QEMU QEMU VM1 VM2 Custom Disk1 Disk2 Appliance ioctl() KVM-based virtualization components Linux with KVM 5 / 38 OpenStack, et al. libguestfs Virt Driver (guestfish) libvirtd QMP QMP Custom Appliance KVM-based virtualization components QEMU QEMU VM1 VM2 Disk1 Disk2 ioctl() Linux with KVM 5 / 38 OpenStack, et al. libguestfs Virt Driver (guestfish) Custom Appliance KVM-based virtualization components libvirtd QMP QMP QEMU QEMU VM1 VM2 Disk1 Disk2 ioctl() Linux with KVM 5 / 38 libguestfs (guestfish) Custom Appliance KVM-based virtualization components OpenStack, et al.
    [Show full text]
  • Ubuntu Installation Guide
    Ubuntu Installation Guide Ubuntu Installation Guide Copyright © 2004 – 2020 the Debian Installer team Copyright © 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2015, 2018 Canonical Ltd. This document contains installation instructions for the Ubuntu 20.04 system (codename “‘Focal Fossa’”), for the S/390 (“s390x”) architecture. It also contains pointers to more information and information on how to make the most of your new Ubuntu system. This manual is free software; you may redistribute it and/or modify it under the terms of the GNU General Public License. Please refer to the license in Appendix F. Table of Contents Installing Ubuntu 20.04 “Focal Fossa” For s390x...........................................................................ix 1. Welcome to Ubuntu ........................................................................................................................1 1.1. What is Ubuntu?...................................................................................................................1 1.1.1. Sponsorship by Canonical .......................................................................................1 1.2. What is Debian? ...................................................................................................................1 1.2.1. Ubuntu and Debian..................................................................................................2 1.2.1.1. Package selection........................................................................................2 1.2.1.2. Releases.......................................................................................................3
    [Show full text]
  • Ubuntu Server for IBM Z and Linuxone
    Ubuntu Server for IBM Z and LinuxONE What’s New - June 2021 Frank Heimes, Tech. Lead Z, Canonical Ltd. Ubuntu on Big Iron: ubuntu-on-big-iron.blogspot.com Ubuntu Server for IBM Z and LinuxONE (s390x) Mission and Philosophy - In a nutshell Freedom to download Ubuntu - study, use, share, (re-)distribute, contribute, improve and innovate it! Mapped to Ubuntu Server for IBM Z and LinuxONE (s390x) - the goal is: ● to expand Ubuntu’s ease of use to the s390x architecture (IBM Z and LinuxONE) ● unlock new workloads, especially in the Open Source, Cloud and container space ● to tap into new client segments ● quickly exploit new features and components - in two ways: ○ promptly supporting new hardware ○ releases built and based on the latest kernels, tool-chain and optimized libraries ● provide parity across architectures, in terms of release and feature parity and closing gaps ● provide a uniform user experience and look-and-feel ● be part of the collective world-wide Open Source power in action ● deal with upstream work and code only - no forks ● offer a radically new subscription pricing with drawer-based pricing, or alternatively provide entry-level pricing based on up to 4 IFLs Release Cadence - Ubuntu https://wiki.ubuntu.com/Releases https://wiki.ubuntu.com/LTS https://en.wikipedia.org/wiki/List_of_Ubuntu_releases 16.04 16.10 17.04 17.10 18.04 18.10 19.04 19.10 20.04 20.10 21.04 20.10 in development Ubuntu 20.04 LTS end-of-life 19.10 in service with s390x support 19.04 upgrade path 18.10 Ubuntu 18.04 LTS 5 years ESM 17.10 17.04 18 months 16.10 5 years Ubuntu 16.04 LTS 5 years ESM Ubuntu 18.04 LTS (Bionic Beaver) ● The codename for the current LTS (Long Term Support) release 18.04 is 'Bionic Beaver' or in short 'Bionic': https://launchpad.net/ubuntu/bionic ● Bionic Release Schedule: https://wiki.ubuntu.com/BionicBeaver/ReleaseSchedule Release date: April, 26th 2018 ● Updated major components: ○ Kernel 4.15 (linux-generic) + HWE kernels ○ docker.io 17.12.1 → 18.09.5 ○ Qemu-KVM 2.11.x / Libvirt (libvirt-bin) 4.0.0 ○ Open vSwitch 2.9 → 2.9.2 ○ LXD 3.0.0 (incl.
    [Show full text]
  • IBM Z Systems Introduction May 2017
    IBM z Systems Introduction May 2017 IBM z13s and IBM z13 Frequently Asked Questions Worldwide ZSQ03076-USEN-15 Table of Contents z13s Hardware .......................................................................................................................................................................... 3 z13 Hardware ........................................................................................................................................................................... 11 Performance ............................................................................................................................................................................ 19 z13 Warranty ............................................................................................................................................................................ 23 Hardware Management Console (HMC) ..................................................................................................................... 24 Power requirements (including High Voltage DC Power option) ..................................................................... 28 Overhead Cabling and Power ..........................................................................................................................................30 z13 Water cooling option .................................................................................................................................................... 31 Secure Service Container .................................................................................................................................................
    [Show full text]
  • Flexible Lustre Management
    Flexible Lustre management Making less work for Admins ORNL is managed by UT-Battelle for the US Department of Energy How do we know Lustre condition today • Polling proc / sysfs files – The knocking on the door model – Parse stats, rpc info, etc for performance deviations. • Constant collection of debug logs – Heavy parsing for common problems. • The death of a node – Have to examine kdumps and /or lustre dump Origins of a new approach • Requirements for Linux kernel integration. – No more proc usage – Migration to sysfs and debugfs – Used to configure your file system. – Started in lustre 2.9 and still on going. • Two ways to configure your file system. – On MGS server run lctl conf_param … • Directly accessed proc seq_files. – On MSG server run lctl set_param –P • Originally used an upcall to lctl for configuration • Introduced in Lustre 2.4 but was broken until lustre 2.12 (LU-7004) – Configuring file system works transparently before and after sysfs migration. Changes introduced with sysfs / debugfs migration • sysfs has a one item per file rule. • Complex proc files moved to debugfs • Moving to debugfs introduced permission problems – Only debugging files should be their. – Both debugfs and procfs have scaling issues. • Moving to sysfs introduced the ability to send uevents – Item of most interest from LUG 2018 Linux Lustre client talk. – Both lctl conf_param and lctl set_param –P use this approach • lctl conf_param can set sysfs attributes without uevents. See class_modify_config() – We get life cycle events for free – udev is now involved. What do we get by using udev ? • Under the hood – uevents are collect by systemd and then processed by udev rules – /etc/udev/rules.d/99-lustre.rules – SUBSYSTEM=="lustre", ACTION=="change", ENV{PARAM}=="?*", RUN+="/usr/sbin/lctl set_param '$env{PARAM}=$env{SETTING}’” • You can create your own udev rule – http://reactivated.net/writing_udev_rules.html – /lib/udev/rules.d/* for examples – Add udev_log="debug” to /etc/udev.conf if you have problems • Using systemd for long task.
    [Show full text]
  • User's Guide and Reference for IBM Z/OS® Remote Access Programs August 2, 2021
    User's Guide and Reference for IBM z/OS® Remote Access Programs August 2, 2021 International Business Machines Corporation IBM Z Dallas ISV Center Dallas, TX USA This document is intended for the sole use of participants in an IBM Z Dallas ISV Center Remote Development or Early Test Program and is not to be distributed to non-participants or used for purposes other than intended. © Copyright International Business Machines Corporation 2019. All rights reserved. 1 Table of Contents 1 Preface .................................................................................................................................................... 4 1.1 Links ................................................................................................................................................. 4 2 Overview – Remote Access Environment ........................................................................................... 5 2.1 Hardware / Software Platform .......................................................................................................... 5 2.2 Introduction to the Virtual Machine Concept ................................................................................... 5 2.3 z/OS Remote Access Environment ................................................................................................... 5 2.4 Printers .............................................................................................................................................. 7 2.5 System Availability..........................................................................................................................
    [Show full text]
  • Version 7.8-Systemd
    Linux From Scratch Version 7.8-systemd Created by Gerard Beekmans Edited by Douglas R. Reno Linux From Scratch: Version 7.8-systemd by Created by Gerard Beekmans and Edited by Douglas R. Reno Copyright © 1999-2015 Gerard Beekmans Copyright © 1999-2015, Gerard Beekmans All rights reserved. This book is licensed under a Creative Commons License. Computer instructions may be extracted from the book under the MIT License. Linux® is a registered trademark of Linus Torvalds. Linux From Scratch - Version 7.8-systemd Table of Contents Preface .......................................................................................................................................................................... vii i. Foreword ............................................................................................................................................................. vii ii. Audience ............................................................................................................................................................ vii iii. LFS Target Architectures ................................................................................................................................ viii iv. LFS and Standards ............................................................................................................................................ ix v. Rationale for Packages in the Book .................................................................................................................... x vi. Prerequisites
    [Show full text]
  • Understanding Full Virtualization, Paravirtualization, and Hardware Assist
    VMware Understanding Full Virtualization, Paravirtualization, and Hardware Assist Contents Introduction .................................................................................................................1 Overview of x86 Virtualization..................................................................................2 CPU Virtualization .......................................................................................................3 The Challenges of x86 Hardware Virtualization ...........................................................................................................3 Technique 1 - Full Virtualization using Binary Translation......................................................................................4 Technique 2 - OS Assisted Virtualization or Paravirtualization.............................................................................5 Technique 3 - Hardware Assisted Virtualization ..........................................................................................................6 Memory Virtualization................................................................................................6 Device and I/O Virtualization.....................................................................................7 Summarizing the Current State of x86 Virtualization Techniques......................8 Full Virtualization with Binary Translation is the Most Established Technology Today..........................8 Hardware Assist is the Future of Virtualization, but the Real Gains Have
    [Show full text]
  • Introduction to Virtualization
    z Systems Introduction to Virtualization SHARE Orlando Linux and VM Program Romney White, IBM [email protected] z Systems Architecture and Technology © 2015 IBM Corporation Agenda ° Introduction to Virtualization – Concept – Server Virtualization Approaches – Hypervisor Implementation Methods – Why Virtualization Matters ° Virtualization on z Systems – Logical Partitions – Virtual Machines 2 z Systems Virtualization Technology © 2015 IBM Corporation Virtualization Concept Virtual Resources Proxies for real resources: same interfaces/functions, different attributes May be part of a physical resource or multiple physical resources Virtualization Creates virtual resources and "maps" them to real resources Primarily accomplished with software or firmware Resources Components with architecturally-defined interfaces/functions May be centralized or distributed - usually physical Examples: memory, disk drives, networks, servers Separates presentation of resources to users from actual resources Aggregates pools of resources for allocation to users as virtual resources 3 z Systems Virtualization Technology © 2015 IBM Corporation Server Virtualization Approaches Hardware Partitioning Bare-metal Hypervisor Hosted Hypervisor Apps ... Apps Apps ... Apps Apps ... Apps OS OS OS OS OS OS Adjustable partitions Hypervisor Hypervisor Partition Controller Host OS SMP Server SMP Server SMP Server Server is subdivided into fractions Hypervisor provides fine-grained Hypervisor uses OS services to each of which can run an OS timesharing of all resources
    [Show full text]
  • Enabling Intel® Virtualization Technology Features and Benefits
    WHITE PAPER Intel® Virtualization Technology Enterprise Server Enabling Intel® Virtualization Technology Features and Benefits Maximizing the benefits of virtualization with Intel’s new CPUs and chipsets EXECUTIVE SUMMARY Although virtualization has been accepted in most data centers, some users have not yet taken advantage of all the virtualization features available to them. This white paper describes the features available in Intel® Virtualization Technology (Intel® VT) that work with Intel’s new CPUs and chipsets, showing how they can benefit the end user and how to enable them. Intel® Virtualization Technology Goldberg. Thus, developers found it difficult Feature Brief and Usage Model to implement a virtual machine platform on Intel VT combines with software-based the x86 architecture without significant virtualization solutions to provide maximum overhead on the host machine. system utilization by consolidating multiple environments into a single server or PC. In 2005 and 2006, Intel and AMD, working By abstracting the software away from the independently, each resolved this by creat- underlying hardware, a world of new usage ing new processor extensions to the x86 models opens up that can reduce costs, architecture. Although the actual implemen- increase management efficiency, and tation of processor extensions differs strengthen security—all while making your between AMD and Intel, both achieve the computing infrastructure more resilient in same goal of allowing a virtual machine the event of a disaster. hypervisor to run an unmodified operating system without incurring significant emula- During the last four years, Intel has intro- tion performance penalties. duced several new features to Intel VT. Most of these features are well known, but others Intel VT is Intel’s hardware virtualization for may not be.
    [Show full text]
  • KVM Based Virtualization and Remote Management Srinath Reddy Pasunuru St
    St. Cloud State University theRepository at St. Cloud State Culminating Projects in Information Assurance Department of Information Systems 5-2018 KVM Based Virtualization and Remote Management Srinath Reddy Pasunuru St. Cloud State University, [email protected] Follow this and additional works at: https://repository.stcloudstate.edu/msia_etds Recommended Citation Pasunuru, Srinath Reddy, "KVM Based Virtualization and Remote Management" (2018). Culminating Projects in Information Assurance. 53. https://repository.stcloudstate.edu/msia_etds/53 This Starred Paper is brought to you for free and open access by the Department of Information Systems at theRepository at St. Cloud State. It has been accepted for inclusion in Culminating Projects in Information Assurance by an authorized administrator of theRepository at St. Cloud State. For more information, please contact [email protected]. 1 KVM Based Virtualization and Remote Management by Srinath Reddy Pasunuru A Starred Paper Submitted to the Graduate Faculty of St. Cloud State University in Partial Fulfillment of the Requirements for the Degree Master of Science in Information Assurance May, 2018 Starred Paper Committee Susantha Herath, Chairperson Ezzat Kirmani Sneh Kalia 2 Abstract In the recent past, cloud computing is the most significant shifts and Kernel Virtual Machine (KVM) is the most commonly deployed hypervisor which are used in the IaaS layer of the cloud computing systems. The Hypervisor is the one which provides the complete virtualization environment which will intend to virtualize as much as hardware and systems which will include the CPUs, Memory, network interfaces and so on. Because of the virtualization technologies such as the KVM and others such as ESXi, there has been a significant decrease in the usage if the resources and decrease in the costs involved.
    [Show full text]
  • PCI DSS Virtualization Guidelines
    Standard: PCI Data Security Standard (PCI DSS) Version: 2.0 Date: June 2011 Author: Virtualization Special Interest Group PCI Security Standards Council Information Supplement: PCI DSS Virtualization Guidelines Information Supplement • PCI DSS Virtualization Guidelines • June 2011 Table of Contents 1 Introduction ....................................................................................................................... 3 1.1 Audience ................................................................................................................ 3 1.2 Intended Use .......................................................................................................... 4 2 Virtualization Overview .................................................................................................... 5 2.1 Virtualization Concepts and Classes ..................................................................... 5 2.2 Virtual System Components and Scoping Guidance ............................................. 7 3 Risks for Virtualized Environments .............................................................................. 10 3.1 Vulnerabilities in the Physical Environment Apply in a Virtual Environment ....... 10 3.2 Hypervisor Creates New Attack Surface ............................................................. 10 3.3 Increased Complexity of Virtualized Systems and Networks .............................. 11 3.4 More Than One Function per Physical System ................................................... 11 3.5 Mixing VMs of
    [Show full text]