LINUX Virtualization

LINUX Virtualization

LINUX Virtualization Running other code under LINUX Environment Virtualization • Citrix/MetaFrame – Virtual desktop under Windows NT. aka Windows Remote Desktop Protocol • VNC, Dameware – virtual console. • XWindows – virtual console • Mac OS RDP – same as Windows. • WUBI.EXE Hardware Emulation • IBM – Virtual Machine (VM) OS Also using code: • Processor virtualization • Instruction set virtualization. • Slow. Usually requires OS (re-)installation • Examples: KVM (uses QEMU), Solaris Domains, DOSBox, DOSEmu, WINE Processor Virtualization • “Native” or full virtualization: virtual machine that mediates between the guest operating systems and the native hardware. Certain protected instructions must be trapped and handled within the hypervisor because the underlying hardware isn't owned by an operating system but is instead shared by it through the hypervisor. • This form usually requires specially virtualization CPU processors (Intel, AMD) for performance. The only constraint is that the operating system must support the underlying hardware. Close to hardware-level performance. • The biggest advantage of full virtualization is that a guest OS can run unmodified. OS is usually “ported” to the hypervisor machine. VmWare, Microsoft HyperV. • Examples: VMWare. Processor Virtualization • Paravirtualization: uses a hypervisor for shared access to the underlying hardware but integrates virtualization-aware code into the operating system itself. Obviates the need for any recompilation or trapping because the operating systems themselves cooperate in the virtualization process. • Also requires specialized CPU hardware but not to the same level as “native” virtualization. Close to “native” performance. • Guest OS is (re-)installed to run virtualized. • Examples: LINUX Xen, User Mode LINUX (UML), Microsoft Virtual PC, VirtualBox Hypervisor. OS Level Virtualization • OS Level Virtualization: Virtualizes servers on top of the operating system itself - uses a single operating system and simply isolates the independent virtual servers from one another (code, memory, filesystems). • Doesn’t use special virtualization hardware • Uses a lot of underlying OS resources – memory, filesystem space. • Original concept – BSD “chroot jail” • Examples: LINUX: lxc “containers”. Solaris “Zones” Hardware support for virtualization • IA-32 (Intel x86) supports four rings of protection, where level 0 (the highest privilege) typically runs the operating system, levels 1 and 2 support operating system services, and level 3 (the lowest level) supports applications. • In IA-32 (x86) architecture certain privileged-mode instructions do not trap, and can return different results based upon the mode. This is problematic when attempting to virtualize different operating systems at different levels. • Hardware vendors have recognized this shortcoming (and others), and have produced new designs that support and accelerate virtualization. Intel’s new virtualization technology supports hypervisors for both the x86 32-bit (VT-x) and Itanium® (VT-I) 64-bit architectures. The VT-x supports two new forms of operation, one for the VMM (root) and one for guest operating systems (non-root). The root form is fully privileged, while the non- root form is deprivileged (even for ring 0). • AMD is producing hardware-assisted virtualization technology, under the name Pacifica which Pacifica maintains a control block for guest operating systems that are saved on execution of special instructions. This allows a virtual machine (and its associated guest operating system) to run until the VMM regains control. Pacifica also amends address translation with host and guest memory management unit (MMU) tables. • These hardware virtualization can be used by a number of virtualization techniques, including Xen, VMware, User-mode Linux, and others. Virtualization Products • Bochs and QEMU are PC emulators that allow operating systems such as Windows or Linux to be run in the user-space of a Linux operating system. • VMware is a popular commercial full-virtualization solution that can virtualize unmodified operating systems. • Xen is an open source paravirtualization solution that requires modifications to the guest operating systems but achieves near native performance by collaborating with the hypervisor. • Microsoft Virtual PC is a paravirtualization virtual machine approach. See also HyperV. • User-mode Linux (UML) is another paravirtualization solution that is open source. Each guest operating system executes as a process of the host operating system. • coLinux, or Cooperative Linux, is a virtualization solution that allows two operating systems to cooperatively share the underlying hardware. • Linux-Containers (see also Docker) • The Linux KVM is virtualization technology that has been integrated into the mainline Linux kernel (not KVM kernel, but does require PAE support). Runs as a single kernel loadable module, a Linux kernel running on virtualization-capable hardware is able to act as a hypervisor and support unmodified Linux and Windows guest operating systems. What is a container? • A Linux® container is a set of one or more processes that are isolated from the rest of the system. All the files necessary to run them are provided from a distinct image, meaning that Linux containers are portable and consistent as they move from development, to testing, and finally to production. This makes them much quicker than development pipelines that rely on replicating traditional testing environments. Because of their popularity and ease of use containers are also an important part of IT security. • The container that holds your application has the necessary libraries, dependencies, and files so that you can move it through production without worrying about changes from test/dev/stage migration. In fact, the contents of a container image can be thought of as an installation of a Linux distribution because it comes complete with RPM packages, configuration files, etc. But, container image distribution is a lot easier than installing new copies of operating systems. • Unlike OS virtualization that lets your operating systems (Windows or Linux) run simultaneously on a single hardware system. Containers share the same operating system kernel and isolate the application processes from the rest of the system. For example: ARM Linux systems run ARM Linux containers, x86 Linux systems run x86 Linux containers, x86 Windows systems run x86 Windows containers. Linux containers are extremely portable, but they must be compatible with the underlying system. What is a container? Docker Project/Docker Inc. • The initial container engine is now known as "Docker Engine." • Other tools have been added: • Docker Compose (formerly "Fig") • Docker Machine • Docker Swarm • Kitematic (acquisition) • Tutum (recent acquisition) • Founded in 2009. • Formerly dotCloud Inc. • Primary sponsor of the Docker Project. • Hires maintainers and contributors. • Provides infrastructure for the project. • Runs the Docker Hub. HQ in San Francisco. What is Docker? • In a way, Docker is unlike a virtual machine, rather than creating a whole virtual operating system, Docker allows applications to use the same Linux kernel as the system that they're running on and only requires applications be shipped with things not already running on the host computer. This gives a significant performance boost and reduces the size of the application. • Docker is essentially a "snapshot" of the LINUX kernel with a restricted subset of kernel services allowed to isolate an application within a container using only the resources needed to run the app - similar to a Linux container. Howver multiple canned Docker "images" can be run to propogate the application among multiple LINUX instances - usual VMs under other hypervisors; and occasionally in the "cloud". • Docker comes in two flavors - Enterprise Edition EE ($$) and Community Edition CE. Both allow for published canned docker images to be downloaded and used as app containers. There is also the option of generating your own proprietary docker images. • The importance of containers is a relfection of the virtualization of environments in private and public virtualized “clouds” – Azure. AWS etc. • See: https://docs.docker.com/engine/docker-overview.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    12 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us