Risk Mitigation in Virtualized Systems

Risk Mitigation in Virtualized Systems

1 Introduction 1 Master Thesis University of Applied Sciences Luzern Risk Mitigation in Virtualized Systems Author: Markus Pfister Referent: Armand Portmann Co-Referent: Marcel Hiestand Period: June 23, 2008 to September 15, 2008 1 Introduction 2 Table of contents 1 INTRODUCTION ........................................................................................................................... 11 1.1 CITATIONS ................................................................................................................................ 11 1.2 DEFINITION OF VIRTUALIZATION .............................................................................................. 11 1.3 MOTIVATIONS FOR USING VIRTUALIZATION TECHNOLOGY ...................................................... 11 2 VIRTUALIZATION OVERVIEW ............................................................................................... 14 2.1 INTRODUCTION ......................................................................................................................... 14 3 VIRTUALIZATION TECHNIQUES ........................................................................................... 15 3.1 ENABLERS ................................................................................................................................. 15 3.1.1 Ring security model .................................................................................................................. 15 3.1.1.1 Expensive security perimeter switches ....................................................................................... 16 3.1.1.2 De-privileged guests .................................................................................................................. 16 3.1.1.3 Binary translation ....................................................................................................................... 17 3.1.2 Memory management ............................................................................................................... 17 3.1.2.1 Ballooning .................................................................................................................................. 18 3.1.2.2 Page sharing ............................................................................................................................... 19 3.1.3 Device drivers .......................................................................................................................... 20 3.2 VIRTUALIZATION TYPES ............................................................................................................ 20 3.2.1 Hardware virtualization ........................................................................................................... 21 3.2.2 Paravirtualization .................................................................................................................... 22 3.2.3 Hardware-assisted virtualization ............................................................................................. 23 3.2.4 Operating System virtualization “Containerization” ............................................................... 25 3.3 VIRTUAL MACHINE ARCHITECTURE ........................................................................................... 26 3.4 VIRTUAL DEVICES ..................................................................................................................... 26 3.4.1 Hardware virtualization ........................................................................................................... 26 3.4.2 Paravirtualization .................................................................................................................... 27 3.4.3 Hybrid ...................................................................................................................................... 27 3.4.4 Hardware supported I/O Virtual Machine ............................................................................... 28 1 Introduction 3 3.4.5 A complex I/O device architecture ........................................................................................... 29 3.5 STORAGE ................................................................................................................................... 30 3.5.1 Logical Unit Number LUN and LUN masking ......................................................................... 31 3.5.2 Zoning ...................................................................................................................................... 31 3.5.3 Backup ...................................................................................................................................... 31 3.5.4 High Availability ...................................................................................................................... 32 3.6 VIRTUAL NETWORKS ................................................................................................................ 32 3.6.1 Monitoring Virtual Networks ................................................................................................... 35 3.6.2 Virtual Network Layouts .......................................................................................................... 35 3.7 BACKUP AND RESTORE ............................................................................................................. 36 3.8 DISTRIBUTED VIRTUALIZED SYSTEMS ARCHITECTURE OVERVIEW............................................. 37 3.9 COMPARISON OF VIRTUALIZATION TECHNIQUES ....................................................................... 38 4 PRODUCT OVERVIEW ............................................................................................................... 39 4.1 IBM Z/OS ................................................................................................................................. 39 4.1.1 Logical partitions (LPAR) ........................................................................................................ 40 4.1.2 Shared data access ................................................................................................................... 41 4.1.2.1 Shared direct access storage devices .......................................................................................... 42 4.1.2.2 Channel-to-Channel Rings (CTC) .............................................................................................. 42 4.1.2.3 Sysplex ....................................................................................................................................... 43 4.1.2.4 The benefits of controlled, consistent shared data access ........................................................... 44 4.1.3 Networking ............................................................................................................................... 44 4.1.4 Backup and Restore .................................................................................................................. 46 4.2 VMWARE .................................................................................................................................. 46 4.2.1 Virtual server platform: ESX Server ........................................................................................ 46 4.2.2 Distributed Resource Scheduler DRS ....................................................................................... 47 4.2.3 High availability ....................................................................................................................... 50 4.2.4 Virtual File System VMFS ........................................................................................................ 50 4.2.5 Health checking ........................................................................................................................ 51 1 Introduction 4 4.2.6 Moving virtual machines: VMotion .......................................................................................... 51 4.2.7 Backup ...................................................................................................................................... 52 4.3 SUN ........................................................................................................................................... 53 4.3.1 Solaris Logical Domains (LDOMs).......................................................................................... 53 4.3.1.1 Control domains ......................................................................................................................... 53 4.3.1.2 Service domains ......................................................................................................................... 53 4.3.1.3 I/O domains ................................................................................................................................ 53 4.3.1.3.1 Device drivers ....................................................................................................................... 53 4.3.1.4 Guest domains ............................................................................................................................ 54 4.3.1.4.1 LDOMs and Zones ................................................................................................................ 55 4.3.1.4.1.1 Sparse or Small Zones .................................................................................................... 55 4.3.1.4.1.2 Big or Whole Root Zone (LDOM) ................................................................................

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    129 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us