KVM, OpenStack, and the Open Adam Jollans, IBM Southern California Expo – February 2015

21Feb15 Open Virtualizaon Alliance 1 Agenda

• A Brief History of Virtualizaon • KVM Architecture • OpenStack Architecture • KVM and OpenStack • Case Studies – NTT Com – IT – CERN • Addional Resources

21Feb15 Open Virtualizaon Alliance 2 A Brief History of Virtualizaon LXC /

KVM

x86 hardware

Xen hypervisor for x86

VMware hypervisor for x86

Virtualization on Unix systems

Virtualization on mainframes

1960s 1980s 1990s 2000s 2010s 2014 21Feb15 Open Virtualizaon Alliance 3 Conceptual Framework User Interface Applications

Management Tools

Storage Compute Networking

21Feb15 Open Virtualizaon Alliance 4 Introducon to KVM User Interface Applications

Management Tools oVirt Kimchi KVM

Storage Compute Networking

21Feb15 Open Virtualizaon Alliance 5 KVM Architecture Open source hypervisor based on Linux

Virtual Virtual KVM Machine Machine • Kernel module that turns Linux into a Virtual

Linux Other Machine Monitor Applications Applications • Merged into the Linux kernel

Linux Other QEMU Guest OS Guest OS Linux • Emulator used for I/O device virtualization QEMU QEMU Applications Processors supported KVM Linux • x86 with virtualization extensions • Intel VT-x • AMD (AMD-V) x86, POWER, z Systems, ARM • POWER8 • IBM z Systems • ARM64 21Feb15 Open Virtualizaon Alliance 6 KVM Performance

Source: SPECvirt_2013 Published Results - http://www.spec.org/virt_sc2013/results/specvirt_sc2013_perf.html

21Feb15 Open Virtualizaon Alliance 7 KVM Security

SELinux Virtual Virtual • Mandatory Access Control (MAC) Machine Machine integrated into Linux • Provides “need to know” security Linux Other between processes Applications Applications sVirt Linux Other Guest OS Guest OS • Combines SELinux and KVM Linux • Delivers “need to know” security QEMU QEMU Applications between virtual machines

KVM Linux Certifications • EAL4+ certification for KVM in RHEL 6 x86, POWER, z Systems, ARM and SLES 11 SP 2 on various x86 64-bit Intel and AMD64-based hardware from Dell, HP, IBM and SGI 21Feb15 Open Virtualizaon Alliance 8 KVM Management - libvirt User Interface

Remote Library Management • Open Source project Command Line • Manages multiple

Command Line • Powerful Network libvirt Library • Complex to use Daemon Network Daemon KVM • Enables remote management LXC Base for other management tools …. • virt-manager, Kimchi, oVirt • OpenStack Compute

21Feb15 Open Virtualizaon Alliance 9 KVM Management - Kimchi User Interface Kimchi • Open Source project HTML5 • Manages KVM on x86, Power Web Browser User Interface • Easy to use • Access from HTML5 web browser Kimchi Daemon libvirt Servers managed • Single digits KVM

Compute

21Feb15 Open Virtualizaon Alliance 10 KVM Management - oVirt User Interface oVirt • Open Source project • Manages KVM on x86 Web Command Portals Line User Interface • Web portals • Command line, API oVirt oVirt Engine oVirt Node oVirt Engine VDSM + libvirt • Manages VMs • Configures storage, network KVM oVirt Nodes • Run virtual machines

Storage Compute Servers managed • Tens to hundreds 21Feb15 Open Virtualizaon Alliance 11 KVM Futures

• Heterogeneous processor support – ARM – POWER – System z – GPUs • Network Funcon Virtualizaon • Addional Performance Improvements – Minimizing locks – Mul-threaded device model • Nested Virtualizaon 21Feb15 Open Virtualizaon Alliance 12 Building Open Clouds • Security • Resilience • Performance • – thousands of nodes • Heterogeneity • Interoperability

21Feb15 Open Virtualizaon Alliance 13 Introducon to OpenStack User Interface Applications

Command Horizon Line Management Tools

Open Ceilometer Keystone Heat Sahara Stack Cinder Swift Glance Nova Neutron Trove

Choice Choice Choice of of of storage hyper- network visor

Storage Compute Networking

21Feb15 Open Virtualizaon Alliance 14 OpenStack Design Principles

• Open – Open Development Model – Open Design Process – Open Community • General Purpose – Balancing Compute, Storage, Network • Massively Scalable • Mul-site • Resilient and recoverable

21Feb15 Open Virtualizaon Alliance 15 Nova – Compute Service Manages VM lifecycle • Starting and stopping VMs • Scheduling and monitoring VMs Command Horizon Line Key Components • API • Keystone • Scheduler Swift Glance Nova • Compute node and plug-ins Authentication VM Choice Images of • Keystone hyper- visor Access to VM images • Glance Storage Compute • Swift

21Feb15 Open Virtualizaon Alliance 16 OpenStack and Hypervisor Usage

Source: OpenStack User Survey November 2014 - http://superuser.openstack.org/articles/openstack-user-survey-insights-november-2014

21Feb15 Open Virtualizaon Alliance 17 Keystone – Authencaon Service Manages security • Service for all other modules • Authentication Command • Authorization Horizon Line Key components • API Keystone • Backends • Token • Catalog • Policy • Identity

21Feb15 Open Virtualizaon Alliance 18 Cinder – Block Storage Service Manages persistent block storage • Provides volumes to running instances • Pluggable driver architecture Command • High Availability Horizon Line Key components • API Keystone • Queue Cinder • Database • Scheduler • Storage plug-ins Choice of Block Storage Authentication • Keystone

Storage

21Feb15 Open Virtualizaon Alliance 19 Neutron – Networking Service Manages networking connectivity • Provides volumes to running instances • Pluggable driver architecture Command • Support for range of networking technologies Horizon Line Key components • API Keystone • Queue Neutron • Database • Scheduler • Agent Choice • Networking plug-ins of Network Authentication • Keystone Networking

21Feb15 Open Virtualizaon Alliance 20 Glance – Image Service Manages VM images • Catalog of images • Search and registration Command • Fetch and delivery Horizon Line Key components • API Keystone • Registry Swift Glance • Database

Authentication VM Images • Keystone

Storage of VM images • Swift Storage • Local

21Feb15 Open Virtualizaon Alliance 21 Swi – Service Manages unstructured object storage • Highly scalable • Durable – three times Command • Distributed Horizon Line Key components • Proxy / API Keystone • Rings Swift • Accounts • Containers • Objects Object Storage • Data stores

Authentication • Keystone Storage

21Feb15 Open Virtualizaon Alliance 22 Provisioning a VM User Interface Applications

Command Horizon Line Management Tools 1 2, 10 Keystone 4 Cinder Swift Glance Nova Neutron 9 8 7 6 3 5

Storage Compute Networking

21Feb15 Open Virtualizaon Alliance 23 OpenStack Futures – Kilo

• Horizon – Updated user interface • Glance – Addional arfacts beyond just images • Ironic – Bare Metal Provisioning • Zaqar – Messaging and Queuing System

21Feb15 Open Virtualizaon Alliance 24 KVM and OpenStack

• KVM excels at choice criteria for Hypervisor – Cost – Scale & Performance – Security – Interoperability • Development Affinity – Both open source projects – KVM is default hypervisor for OpenStack development • Deployment Affinity – KVM is best supported, easiest to deploy, with most full-featured driver

21Feb15 Open Virtualizaon Alliance 25 NTT Com’s OpenStack Deployment • NTT Com – Leading global carrier headquartered in Japan – Early adopter of both KVM and OpenStack – Basing one of its public cloud offerings on OpenStack and KVM • NTT involvement – Acvely involved with the OpenStack and KVM communies – Connues to contribute to the development of both projects, with an emphasis on the cloud service provider use case • Use of OpenStack – Flexible plug-in infrastructure used as a unified orchestrator of both compung and networking resources – Integrate soware-defined-networking (SDN)-powered enterprise VPN service, allowing customers to create virtual datacenters that can span two or more physical ones – GUI portal for its cloud services using OpenStack nave APIs, leng customers provision and manage virtual machines, networks, and storage without having to know the OpenStack APIs Source: IDC white paper – “KVM – Open Source Virtualization for the Enterprise and OpenStack Clouds” 21Feb15 Open Virtualizaon Alliance 26 Intel IT & OpenStack/KVM Deployment History

Public

Public

2013 - Present Initial Deployment – 2012

• OpenStack Essex • OpenStack Grizzly • ~1000 virtual instances for • ~3500 instances for mulple external services services (~40:1, ~100 vCPU) • -system-x86_64 1.0 • qemu-system-x86_64 1.4.2

Source: Open Virtualization Alliance presentation by IBM and Intel at LinuxCon Europe 2014

21Feb15 Open Virtualizaon Alliance 27 Intel IT & OpenStack/KVM KVM Benefits Performance Stability • 2012 Study on ‘standard’ cloud workloads (database) • Open Source, ght OpenStack and Linux kernel integraon • Par or beer vs. marketplace • Hypervisor efficiency • HV realm is seemingly near-stable on straight performance • Drinking our own champagne - we’ve got a few KVM devs :-)

KVM Lessons Learned Performance Stability •Check flags – lots of features/opons •Oversubscribing & big mul- vCPU instances •Windows guest updates •Windows guest can be sensive IO interrupons •Keep your images current

Source: Open Virtualization Alliance presentation by IBM and Intel at LinuxCon Europe 2014 21Feb15 Open Virtualizaon Alliance 28 CERN Private Cloud • CERN – Fundamental research into parcle physics – Large Hadron Collider seeking to find new parcles – Massive need for scalable compung resource on demand • CERN Private Cloud – Producon since July 2013 with OpenStack using KVM, MySQL and RabbitMQ – Currently 3,200 hypervisors with 83,000 cores – Expected to reach over 100,000 cores by 2Q 2015 • Key Requirements – Scale – Technology and Developer ecosystem – Interacon with exisng IT services

Source: CERN OpenStack public reference on www.openstack.org

21Feb15 Open Virtualizaon Alliance 29 Addional Resources

• Open Virtualizaon Alliance – hps://openvirtualizaonalliance.org • IDC White Paper – “KVM – Open Source Virtualizaon for the Enterprise and Open Stack Clouds” • New Linux Foundaon Training Course – LFS540 – “Linux KVM Virtualizaon”

• OpenStack Foundaon – hp://www.openstack.org

21Feb15 Open Virtualizaon Alliance 30