Open Source Virtualization - Software Freedom Day 2008 Michael Clark <michael at metaparadigm dot com> Sep 20, 2008 1 Presentation Overview A bit on Software Freedom i.e. why we are here What is Virtualization & why do we need it Available Virtualization Technologies How it all works underneath How Xen and KVM do it Examples on deploying Xen Also EVMS Logical Volume Management KVM Virtualization Demo Sep 20, 2008 2 What is Open Source / Free Software? Sep 20, 2008 3 Open Source Software You rely on it every day Two thirds of web sites are served using the Apache Open Source Software The biggest sites on the Internet such as Google, Ebay, Yahoo and Amazon are all using Open Source Software Approximately 20% of all new servers are shipped or installed with the Linux OS Sep 20, 2008 4 Open Source Software You rely on it every day The vast majority of the Domain Name System (DNS) is implemented using Open Source Software Linux, an Open Source Operating System is being used by Corporations, Governments, Schools, Businesses and Individuals. The Fabric of the Internet is built on Open Source Software! Sep 20, 2008 5 What is Open Source? Open Source can be seen as 3 things: Open Source Software Open Source Development Model Open Source Community Sep 20, 2008 6 What is Open Source? Open Source Software Software that is unencumbered – Source code for developers – Binary code for users Allows free redistribution – No costly licensing fees, change to a support model Allows creation of derived works – You have the source to change it to suit your needs See http://www.opensource.org/ for a full definition Sep 20, 2008 7 What is Open Source? Open Source Development Model A superior development model that takes advantage of this access to source code Build on existing code, lower cost of development Shared common benefit – Amortise development cost with others Open collaboration using the Internet End users can contribute directly to the development process – it is not being done behind closed doors Sep 20, 2008 8 What is Open Source? Open Source Community The individuals, IT vendors, end user corporations and business that are producers, consumers or supporters of Open Source Software Communication is rapid and distributed Many choices for end user support – Go straight to the developers for support – Get commercial support from a OSS solution vendor such as Red Hat, Novell, Dell, HP, Sun, IBM, etc, ... – Use the source Luke, do it yourself! Sep 20, 2008 9 What is Virtualization? Sep 20, 2008 10 What is Virtualization? Virtual Machines create the appearance of a real machine “virtual” defines something that is not “real” but appears “real” ie. virtually a machine Provides a simulation of some real machine A program running in a Virtual machine should behave as it would running under on a real machine One physical machine can run many virtual machines Sep 20, 2008 11 What is Virtualization? Normal non-virtualized architecture Application Application A B Operating system PC Hardware Sep 20, 2008 12 What is Virtualization? Fully Virtualized architecture App A App B OS OS (Each virtual machine Virtual Virtual hardware hardware has separate RAM, disk, and share of CPU plus their own Virtulization software network address). OS / Hypervisor PC Hardware Sep 20, 2008 13 Why do we need Virtualization? Flexibility Run multiple OS on one machine. Solaris x86, FreeBSD, Linux, Windows, etc... Run an application not available on your OS Easy testing of software on different operating systems without a desk full of machines. – e.g. testing web applications with different browser/OS versions. Simulate a network of machines. Desktop / Server Virtualization Sep 20, 2008 14 Why do we need Virtualization? Server consolidation Reduce management of many physical machines – Host many virtual machines on a smaller number of larger and more powerful physical machines. Utilize resources (CPU/Disk/RAM) more efficiently. – Left over resources can't traditionally be used. Easily and dynamically control resource distribution – RAM, CPU, Disk Deploy new servers on-demand – Quicker time-to-market Sep 20, 2008 15 Why do we need Virtualization? Increased Security Partition untrusted applications from each other. – Minimize impact when an application is compromised. Partition applications across machines for separate management and administrative domains. – e.g. person with Administrator access to Customer Service dept. machine does not have Administrator access to Accounts dept. Sep 20, 2008 16 Why do we need Virtualization? Example server utilisation 6 x Dual Xeon servers wasted capacity server1 server2 server3 not enough capacity server4 server5 server6 Sep 20, 2008 17 Why do we need Virtualization? Virtual machines consolidated 2 x Eight Core Xeon servers vm4 vm3 vm5 vm2 vm6 vm1 (SAN is optional server1 server2 but popular Fibre Channel SAN architecture) Sep 20, 2008 18 Types of virtualization Operating system level virtualization Time-sharing / Virtual Memory Virtual Private Servers / Resource Containers Full-virtualization Emulated – slow using CPU emulation Hybrid – combination of emulation and hardware Hardware assisted – Intel VT, AMD Pacifica Para-virtualization Modified operating system kernel Sep 20, 2008 19 Virtualization Technologies VMWare http://www.vmware.com/ Provides “Full Virtualization” of X86 architecture. Has performance penalties for Ring 0 emulation. Proprietary commercial software. Runs on Windows, Linux and Mac OS X Multiple flavours: – Server (Freeware) – Workstation – ESX – ESX Lite - BIOS hypervisor Sep 20, 2008 20 Virtualization Technologies UML – User mode Linux http://http://user-mode-linux.sourceforge.net/ Provides virtualization of X86, X86-64, and PowerPC Linux userspace ABI (Application Binary interface). Linux kernel is effectively ported to run as a user program instead of on a hardware interface. One kernel image per virtual machine. Open Source software Sep 20, 2008 21 Virtualization Technologies QEMU http://www.qemu.org/ Provides full virtualization of x86, PowerPC, MIPS, Sparc through CPU simulation. Slow! Runs on many Operating Systems – Linux, FreeBSD, Solaris, Mac OS X, Windows, ... QEMU is open source – although there exists a proprietary module for x86 which provides accelerated simulation similar to VMWare Sep 20, 2008 22 Virtualization Technologies Linux Virtual Server http://linux-vserver.org/ Operating system level virtualization for Linux Provides enhanced security chroot (change root) type virtualization. ie. system runs only one kernel. Single kernel image shared by all virtual machines. Open Source software Sep 20, 2008 23 Virtualization Technologies OpenVZ http://openvz.org/ Operating system level virtualization for Linux Support all architectures that Linux supports Runs a single Linux kernel with security containerization / isolation – Lighter-weight than full virtualisation although offers less isolation between virtual machines Open Source software Technology behind proprietary Virtuozzo product Sep 20, 2008 24 Virtualization Technologies Xen http://xensource.org/ Initially a para-virtualization only solution – para-virtualization requires a modified operating system kernel Now supports hardware-assisted virtualization – Intel VT, AMD Pacifica Hypervisor-based Open Source software Sep 20, 2008 25 Virtualization Technologies KVM – Kernel Virtual Machine http://kvm.qumranet.com/ A full-virtualization solution for Linux – Intel VT, AMD Pacifica Does not require modification to operating system Kernel-based (as against hypervisor based) Open Source software Sep 20, 2008 26 Virtualization Technologies Many more ... Parallels Desktop – Proprietary software – Runs on Linux, Windows and Mac OS X Microsoft Virtual Server – Proprietary software – Runs on Windows only VirtualBox - http://virtualbox.org/ – Open Source software ... Sep 20, 2008 27 How it all works... Xen and KVM Sep 20, 2008 28 Why is virtualization hard? Design“flaws” of intel x86 x86 has 4 privilege levels named “rings” (0-3) and each ring is protected from each other. Executing privileged instructions causes a trap (or fault). – lgdt, lldt, hlt, updating page tables OSes such as Linux runs its kernel code in Ring 0 and user code in unprivileged Ring 3 x86 is not fully virtualizable by design. Certain Ring 0 instructions cannot be run in Ring 1 and trapped so Ring 0 can't be virtualized without special tricks. Full virtualization techniques such as those in VMWare need to emulate or rewrite code running in Ring 0 (big slow down!) Sep 20, 2008 29 How Xen does it? Xen Paravirtualization Xen implements a hypervisor that runs at Ring 0 and the Guest OS kernel runs at Ring 1 Xen requires small poritions of the Linux kernel source code to be modified. Instead of the Linux kernel calling the privileged instructions directly, a call is made to the Xen hypervisor to virtual memory update page tables, halt the processor, etc. This has the advantage of much higher performance than full virtualization techniques like VMWare as not code inspection/ emulation is required of code executing in Ring 0. Sep 20, 2008 30 How Xen does it? Xen hypervisor The xen hypervisor is actually loaded instead of the linux kernel and arbitrates access to system resources and virtual memory. Domain0 The Domain0 kernel is the first virtual machine kernel that is loaded and it has access to the physical hardware on the underlying pyshical machine. Only one Domain0 runs in the first memory partition. DomainU's The DomainU kernels are the virtual machines kernels. Many domainU kernels run