IaaS, Private Cloud i Virtualizare

Tudor Damian
IT Solutions Specialist
Virtual Machine MVP

tudy.tel

Agenda
Private Cloud i IaaS - introducere
Arhitecturi de virtualizare
Soluii existente
Type 1 (bare-metal)
Full / paravirtualized (VMWare, Hyper-V, Xen)

Type 2 (hosted)
OS-assisted (KVM, VirtualBox, Virtuozzo/OpenVZ)

Studiu de caz: Hyper-V & System Center

Hyper-V 2012
System Center 2012 SP1

Interoperabilitate / Migrri P2V-V2V

Management / Monitorizare / Scripting
Protecia datelor / High-Availability

Private Cloud i IaaS

Surs imagine: wordle.net

dac la nceput lumea

era destul de reticent...

acum toi muli vor s se mute

n nor

...dar tiu toi la ce s se atepte?

Varianta tradiional, ineficient

IT CAPACITY

Under-supply
of capacities

Barrier for
innovations

Allocated
IT-capacities

Load
Forecast

Waste of
capacities

Actual Load

TIME
Source: Microsoft Cloud Continuum

ntr-un Cloud, totul e mult mai dinamic

Allocated IT
capacities

Load
Forecast

IT CAPACITY

No under-supply

Reduction
of initial
investments

Reduction of
over-supply

Possible
reduction of
IT-capacities
in case of
reduced load

Actual Load

Time
Source: Microsoft Cloud Continuum

Workload patterns n Cloud

Growing Fast
Compute

Compute

On and Off

Inactivity
Period

Average Usage

Usage

Average

Time

Time

Predictable Bursting
Compute

Compute

Unpredictable Bursting

Average Usage

Average Usage

Time

Time

Source: Microsoft Cloud Continuum

Tipuri de servicii Cloud

Private

Applications

Applications

Runtimes

Runtimes

Security

Security

Security

Databases

Databases

Databases

Servers

Servers

Servers

Virtualization

Virtualization

Server HW

Server HW

Storage

Storage

Networking

Networking

Security

Runtimes

You manage

Runtimes

Applications

You manage

Applications

Managed by vendor

Virtualization
Server HW

Databases
Servers
Virtualization
Server HW

Storage

Storage

Networking

Networking

Managed by vendor

(as a Service)

(as a Service)

Managed by vendor

(as a Service)

(On-Premise)

You manage

Software

Platform

Infrastructure

Source: Microsoft Cloud Continuum

Alegeri specifice Cloud-ului

Heterogeneous
CapEx
Own

Off Premises

Infrastructure
Business model
Ownership
Management

Homogeneous
OpEx
Lease/Rent

Third Party

Application Programming
Elasticity

Automated
Service
Management

High
Availability

MultiTenancy

Fundamentals

Fundamentals

Self

Location

Choices

Choices

On Premises

Source: Microsoft Cloud Continuum

Ce spune industria IT?

Compute

Network

Storage

Componentele unui Private Cloud

3rd

party extensions

Pooled Resources
Virtualization

Elasticity

Management

Scalability
Continuous Availability
Predictability

Virtualization

Usage-Based
Multi-Tenancy
Security
Automation
Service management

Compute

Network

Storage
Source: Microsoft Cloud Continuum

VIRTUAL? PRIVATE? CLOUD?

a. de ce vreau s fac asta?

b. pentru cine fac asta?

c. ce vreau s ofer?
SLA, compliance (PCI, ISO)

la ce ne uitm cnd construim un

virtual private cloud

1. buget
cost per kWh, pre per U, costuri legate de
band/conectivitate, personalul tehnic, etc.

2. arhitectur
structur, scalabilitate, fiabilitate, redundan,
securitate, flexibilitate

3. hardware
server (MIPS/MOPS), storage (I/O-OPS),
network (1Gbps, 10Gbps, infiniband, fiber)

4. virtualization layer

5. management / monitorizare

6. procese interne
politici de securitate/incident-response,
uurina de a detecta/repara problemele,
disaster recovery, high availability i timpul
necesar aducerii unui nod online

7. oameni
echipa tehnic, mentenan post-implementare

Recapitulare Private Cloud

1.
2.
3.
4.
5.
6.
7.

Buget
Arhitectur
Hardware
Virtualizare
Management i monitorizare
Procese interne
Oameni

Recapitulare Private Cloud

1.
2.
3.
4.
5.
6.
7.

Buget
Arhitectur
Hardware
Virtualizare
Management i monitorizare
Procese interne
Oameni

ARHITECTURI DE VIRTUALIZARE

cnd lucrm cu virtualizarea,

ajungem s auzim civa termeni
uzuali...

virtualizare
main virtual
hypervisor
paravirtualizare
microkernel
kernel monolitic
synthetic device drivers
parent partition
binary translation

un pic de istorie

virtualizarea e veche

primul val, IBM CP-40

CP-40 a intrat n producie n

ianuarie 1967

atunci, ca i acum, atracia o

constituia reducerea costurilor

era bazat pe sistemul S/360

S/360 a introdus faciliti de memorie

virtual i adresare pe 32-bit

CP-40 a extins S/360, oferind un

mediu complet virtualizat

astfel, CP-40 avea suport pentru

14 maini virtuale

a urmat CP-67, bazat pe S/360-67

iar n 1972, IBM a finalizat

VM Facility 370, sau VM/370

cu ocazia asta vin i termenii...

Virtual Machine (VM)

Control Program (hypervisor)

a aprut i o nou main, S/370

iar VM/370 a reuit s virtualizeze

eficient SO destinate S/360 i S/370

...i erau vreo cteva :)

OS/360, DOS/360, OS/370, DOS/370,
MVS, CMS, CMS/370

aa c virtualizarea i-a atins scopul:

reducerea costurilor

...n final s-a ajuns la z/VM care ruleaz

acum pe sistemele mainframe IBM
z10 i IBM zEnterprise (z196/z114)

chiar i cu VM/370,
costurile erau nc ridicate

al doilea val, microprocesoarele

1977, Macintosh
Apple II

1988, Connectix
Virtual PC (pentru Macintosh)

Virtual PC putea rula Windows, OS/2,

Linux pe hardware Macintosh

n 2003, Microsoft cumpr

Connectix

Virtual PC e modificat, i astfel userii

Windows pot s ruleze i alte SO

MS-DOS 6.22, Windows 95, 98, NT 4.0,

Me, OS/2, 2000, 2003, XP, Vista, 2008

al treilea val, VMware

1999, VMware produce

VMWare Workstation

2001, VMware (GSX) Server

(virtualizare server-level)

trecem i la partea tehnic

chiar dac la baz, conceptele

VMware i Virtual PC erau similare cu
CP-40

totui, att din Virtual PC, ct i din

VMware, lipsea hypervisor-ul

ambele se bazau pe
existena unui SO gazd (host)

host-ul era astfel intermediar

(ineficient) ntre VM i hardware

ulterior, au aprut mbuntiri

posibilitatea de a rula VM pe
hardware nespecializat

migrare de la arhitecturi hosted la

arhitecturi bazate pe hypervisor

VMware ESX, Hyper-V, Xen

folosesc o forma de hypervisor

reintroducerea suportului hardware:

Intel VT, AMD-V

tendine

chiar dac micro-virtualizarea tinde s

egaleze soluia IBM de acum 45 de ani

au aprut pe i elemente inovatoare,

majoritatea din partea VMware

live server migration

(VMotion)

dynamic load balancing

(Distributed Resource Scheduling)

real-time failover
(HA Clustering)

sau din partea Intel

Virtualization for Directed I/O (VT-d)

pentru procesarea input-output

i n acelai timp, virtualizarea a adus

cu ea probleme de securitate

la nceput, avantajele virtualizrii, gen

izolarea aplicaiilor, au fost afectate

procesoarele cu virtual-assist
sunt un bun exemplu

un guest putea s acceseze direct alt

guest, ignornd politicile de
securitate

sau mai ru, exploit-ul Blue Pill

tipuri de atacuri

jailbreak attacks (escapes)

migration attacks

virtual / physical
network service attacks

encryption attacks

exemple de atacuri raportate

feb 2007, apr 2009

VMware / ESX
VMware Workstation escape attack

oct 2007, Secunia

open-source Xen hypervisor
obinere de privilegii neautorizate

2007
Microsoft Virtual PC & Microsoft Virtual Server
vulnerabilitate care permitea unui guest s
ruleze cod pe host sau pe alt guest

cteva link-uri...

http://searchsecurity.bitpipe.com/detail/RES/1213273947_134.html

http://www.foolmoon.net/cgi-bin/blog/index.cgi?mode=viewone&blog=1185593255
http://www.securityfocus.com/bid/29183/info
http://secunia.com/advisories/29129/
http://seclists.org/fulldisclosure/2007/Sep/0355.html
http://lists.vmware.com/pipermail/security-announce/2009/000055.html
http://www.immunityinc.com/documentation/cloudburst-vista.html
http://taviso.decsystem.org/virtsec.pdf
http://www.eecs.umich.edu/techreports/cse/2007/CSE-TR-539-07.pdf
http://www.stanford.edu/~talg/papers/HOTOS05/virtual-harder-hotos05.pdf

soluia? faciliti de securitate

adugate la noul hardware

chiar i aa, virtualizarea va rmne,

att timp ct i ndeplinete scopul

ncepem cu cteva explicaii

de la soluiile de virtualizare,
toat lumea ateapt automat la:
izolare eficient
securitate
performan
uurin n administrare

tehnic, virtualizarea se poate

realiza n mai multe moduri

full virtualization (Type 1)

guest nemodificat, migrare uoar
spre medii virtualizate

paravirtualizare
guest modificat pentru a elimina
nevoia de binary translation
ofer avantaje de performan n
anumite circumstane, ns e nevoie
de o versiune modificat de kernel
instalat pe guest

virtualizare asistat hardware

AMD-V, Intel VT
prima generaie a inclus doar
virtualizare CPU, generaiile
urmtoare vin cu suport de
virtualizare pe memorie i I/O

hosted virtualization (Type 2)

Microsoft Virtual Server / Virtual PC
VMWare Workstation
VirtualBox
Linux KVM

Tipuri de virtualizare

OS virtualization
Virtuozzo / OpenVZ

s discutm puin despre

Hyper-V / Xen / VMWare
KVM / Virtuozzo / OpenVZ

Arhitectura Hyper-V

Arhitectura Hyper-V

iar cerinele nu sunt exagerate...

x64
DEP
Intel VT / AMD-V
SLAT (W8 Client)

Xen

la VMWare,
lucrurile stau puin diferit

ESX

ESXi

Hyper-V microkernelized kernel

VMWare monolithic kernel

Hyper-V hypervisor (Windows 8)

hvax64.exe (AMD) 1.31MB
hvix64.exe (Intel) 1.36KB
VMWare hypervisor (ESXi 5) 144MB

Hyper-V synthetic drivers

VMWare emulated drivers

KVM / Qemu

KVM no emulation, user-space program

VMM architecture: KVM

Hypervisor integrat n Linux (code based)

QEMU

QEMU

QEMU

Hypervisor:
Kernel
module
Guest OS:
User space
process
(QEMU for
x86
emulation)
Are nevoie
de HW
virtualization
extension

Virtuozzo / OpenVZ

fa de arhitectura bazat pe hypervisor...

VZ / OpenVZ ofer virtualizare asistat-OS

soluii bazate pe virtualizare

consolidare hardware

high availability

testing

disaster recovery

virtual private clouds

sandboxing
http://en.wikipedia.org/wiki/Sandbox_(computer_security)

forensic analysis

honeypots / honeynets
http://en.wikipedia.org/wiki/Honeypot_(computing)

Nouti fa de Hyper-V 2008

HYPER-V 2008 R2

Live Migration

Live Migration

Blue = Storage
Orange = Networking

Quick Migration vs. Live Migration

1.

Quick Migration

Live Migration

(Windows Server 2008 Hyper-V)

(Windows Server 2008 R2 Server

Hyper-V)

Save state
a)
b)

2.

1.

Move storage connectivity

from source host to target
host via Ethernet

b)

2.

b)

Host 1

b)

Take VM memory from shared

storage and restore on Target
Run

Host 2

3.

Create VM on the target

Move memory pages from the
source to the target via Ethernet

Final state transfer and virtual

machine restore
a)

Restore state & Run

a)

VM State/Memory Transfer
a)

Move virtual machine

a)

3.

Create VM on the target

Write VM memory to shared
storage

Pause virtual machine

Move storage connectivity from
source host to target host via
Ethernet

Un-pause & Run

Host 1

Host 2

Cluster Shared Volumes

Hot Add/Remove Storage

Processor Compatibility Mode

Second Level Address Translation

mbuntiri pe partea de networking

Suport pentru 64 procesoare logice (LPs)

Server Core Parking

Windows Server 2008 (fr core parking)

Windows Server 2008 (core parking)

Dynamic Memory i Remote FX

HYPER-V 2008 R2 SP1

Utilizatorii, memoria i
virtualizarea
Nimeni nu tie ct memorie s aloce pentru un VM
Cum va afecta RAM-ul alocat performana unui VM?

1GB, mai mult doar dac lumea se plnge de performane

4GB pe fiecare main, nimeni nu se plnge
Iau cerinele minime, la care adaug 50% / 100% / 150%
Folosesc cerinele productorului, nu stau s verific

Memoria e un bottleneck
Unul din factorii cheie din punct de vedere al costurilor

Propunerea Dynamic Memory

Densitate maxim, fr a sacrifica performana
Performan predictibil
Production-use ready

Adugare/eliminare memorie RAM

Adugare
Enlightened
Se folosete Synthetic Memory Driver (VSP/VSC Pair)

Fr emulare hardware
Lightweight, instant

Eliminare
Iniial s-a dorit eliminarea memoriei (-> probleme)
Testele au artat c memory ballooning e mai eficient
Afecteaz Task Manager n Guest OS

Memoria neutilizat se conecteaz la fiecare 5 minute

Memory demand / Memory

buffer
Memory demand
Memoria necesar sistemului de operare Guest pentru a funciona n
condiii rezonabile
Calculat automat pe baza utilizrii raportate de Guest

Memory buffer
Memoria alocat unui VM pentru necesiti imediate
Scopul principal e de a preveni utilizarea file cache

Memoria ideal pentru un VM

Memory demand + Memory Buffer

Dynamic Memory - UI

Dynamic Memory - UI

Memory balancing (1)

Dac e memorie suficient pe host, se aloc valoarea ideal de
RAM pentru fiecare VM

Available
Memory
Available
Memory

Root
Reserve
Hyper-V Host

Host Memory Availability = 100%

Memory balancing (1)

Dac e memorie suficient pe host, se aloc valoarea ideal de
RAM pentru fiecare VM

Ideal Memory

Available
Memory

Root
Reserve
Hyper-V Host

Host Memory Availability = 60%

Buffer

Memory
Demand

VM1

Memory balancing (1)

Dac e memorie suficient pe host, se aloc valoarea ideal de
RAM pentru fiecare VM

Ideal Memory

Ideal Memory

Buffer

Buffer

Root
Reserve
Hyper-V Host

Host Memory Availability = 0%

Memory
Demand

VM1

Memory
Demand

VM2

Memory balancing (2)

Dac nu e memorie suficient, se folosete Priority pentru a
determina distribuia memoriei

Ideal Memory

Ideal Memory

Buffer

Buffer

Root
Reserve
Hyper-V Host

Memory
Demand

VM1
Low Priority

Memory
Demand

VM2
Medium Priority

Memory balancing (2)

Dac nu e memorie suficient, se folosete Priority pentru a
determina distribuia memoriei

Ideal Memory

Ideal Memory

Buffer

Buffer

Root
Reserve
Hyper-V Host

Memory
Demand

VM1
Low Priority

Ideal Memory

Buffer
Memory
Demand

VM2
Medium Priority

Memory
Demand

VM3
High Priority

Memory balancing (2)

Dac nu e memorie suficient, se folosete Priority pentru a
determina distribuia memoriei

Ideal Memory

Ideal Memory

Priority
Buffer
Penalty

Root
Reserve
Hyper-V Host

Memory
Demand

VM1
Low Priority

Priority
Penalty
Buffer
Buffer

Memory
Demand

VM2
Medium Priority

Ideal Memory

Priority Penalty

Buffer
Buffer
Memory
Demand

VM3
High Priority

Memory balancing (2)

Dac nu e memorie suficient, se folosete Priority pentru a
determina distribuia memoriei

Ideal Memory

Ideal Memory

Ideal Memory

Buffer
Buffer

Root
Reserve
Hyper-V Host

Memory
Demand

VM1
Low Priority

Memory
Demand

VM2
Medium Priority

Memory
Demand

VM3
High Priority

DM introduce Root Reserve

Hyper-V a folosit dintotdeauna conceptul de memory reserve
(memorie rezervat pentru parent partition)
DM permite VMs s nghesuie root reserve
Soluia: o cheie n regitri
Permite rezervarea static de memorie pentru Parent Partition
HKLM:\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Virtualization\MemoryReserve

Mai puin memorie pentru VMs

Sistemul gazd rmne stabil

Dynamic Memory, nu Overcommit!

Memory Overcommit e un termen suprancrcat
Page Sharing
Second Level Paging
Mecanisme de memory balooning

Nimeni nu vrea s supraaloce resursele

Nu supraalocm celelalte resurse
Nici VMWare nu vrea/recomand overcommit

DM trateaz memoria aa cum tratm CPU:

Resurs scalabil dinamic

Cerine pentru Dynamic Memory

Sistemul gazd:
Windows Server 2008 R2 SP1
Microsoft Hyper-V Server 2008 R2 SP1

Windows Server 2003, 2008 & 2008 R2 guest

32-bit & 64-bit versions
Web, Standard, Enterprise, Datacenter

Windows Vista and Windows 7 guest

Doar Enterprise i Ultimate
32-bit & 64-bit versions

Compatibilitatea aplicaiilor
Probleme
Aplicaii cu static memory allocation (Exchange)

Setri suplimentare
Aplicaii cu cache / memory management intern (SQL, Apache,
Java, Oracle, ...)
Aplicaii care pornesc cu mult memorie prealocat (?)

RemoteFX infrastructur / grafic

Infrastructur

Izolarea VM = centralizarea desktop-urilor

Evoluia procesoarelor de la vitez la paralelism
Reele mai rapide
Diversitate crescut pe partea de client devices

Grafic
Crete complexitatea graficii: Media, 3D UI, Video, Animations,
Flash, Silverlight
Crete fragmentarea stack-urilor n procesarea grafic
Silverlight i Flash portabil emit flat bitmaps

RemoteFX soluie VDI

vGPU expus n Hyper-V Guest

Rendering pe host, nu pe guest
Codec nou inclus n RDP 7.1 pentru RemoteFX
Utilizarea unui singur GPU pentru mai multe VMs
Dispozitive hardware de decoding pentru thin clients

Iniial doar pentru scenarii de tip office worker

Cerine:
SLAT
GPU din generaie nou

Ultra Lightweight Thin Clients

O nou clas de thin clients

ARM, MIPS, sau PPC-based designs
Windows CE, Linux, sau alt embedded OS
Suport pentru USB Redirection
Resurse client necesare foarte putine
CPU: 200 400 MHz
Memory: < 256MB RAM, < 128MB Flash
Consum curent: <5W

Utilizarea accelerrii printr-un codec hardware

ThinLinX Hot-e TLX-400 M

Arm Processor
RemoteFX HDMI Display
Audio Wolfson
WM8731l 16bit, 48KHz
Stereo Headphone Out,
Line out, Biased
Microphone In
Ethernet 10/100 Mbs
2 x USB 2.0 Full Speed
Host Ports
5V DC Power
Linux Embedded OS

HYPER-V 2012

Performance improvements

Catching up with VMWare

Hyper-V 3.0

vSphere 5.0

Max Logical Cores Per Host

160

160

Max RAM Per Host

2TB

2TB

Max VMs Per Cluster

8000

3000

Max Nodes Per Cluster

64

32

Max CPUs Per VM

32

32

Max RAM Per VM

1TB

1TB

Max VM Disk Size

64TB (VHDX)

2TB

Max Concurrent VM Migrations

Unlimited

128/datastore

Max Concurrent Storage Migrations

Unlimited

8/datastore, 2/host

Disaster recovery
Hyper-V Replica
Disaster Recovery Scenarios:
Planned, Unplanned and Test Failover
Pre-configuration for IP settings for primary/remote location

Key Features:
RPO/RTO in minutes
Seamless integration with Hyper-V and Clustering
Automatically handles all VM mobility scenarios (e.g. Live
Migration)
Supports heterogonous storage between primary and recovery

Storage improvements

VHDX
Virtual Fiber Channel in the Guest (MPIO)
NFS Storage (SMB 2.2) with SMB2 direct (RDMA) support
Offloaded Date Transfer (ODX)
Native data deduplication
4k Native Disk Support
iSCSI Target
NTFS online scan/repair

VHDX

Supports up to 64TB size (VHDs had a 2TB limit)

Supports larger block file size
Improved performance and corruption resistance
Windows 8 only
Easy conversion

Data Deduplication
High optimization savings
State of the art chunking and compression

Transparent to primary server workload

Minimal IO impact through scheduled and selective optimization
Minimal server impact through low resource use

Reliability and data integrity

Built-in insurance against natural risk of data reduction
Data integrity validation on all data and metadata
Redundancy for metadata and popular chunks

Storage & network optimization

Integration with BranchCache for faster file download times and
reduced bandwidth consumption over WAN
Typical savings
by workload

VHD Library
Software Deployment Share
General File Share
User Home Folder (MyDocs)
0%

20%

40%

60%

80%

100%

New migration scenarios

Increased VM Mobility
Live Migration with High Availability (already available now)

Live Migration with no clustering (using an SMB share)

Live Migration with no shared storage
Live Storage Migration (SMB 2.2)

Live Storage Migration

Enables Storage
Load Balancing

Hyper-V

Virtual Machine

No downtime
servicing

VHD Stack

Leverages
Hyper-V
Offloaded Data
Transfer (ODX)

VHD

Source Device

VHD

Destination Device

Snapshots, backup & control

Online snapshot merge

Windows Server Backup support
Dynamic Memory improvements
VM Priority

Network improvements

NIC Teaming
Extensible Virtual Switch
Multi-tenant deployments
Bandwidth QoS
Dynamic Virtual Machine Queue (DVMQ)
Single Root I/O Virtualization (SR-IOV)
Receive Side Scaling (RSS)
Receive Side Coalescing (RSC)
IPSec Task Offload
Address Virtualization
Generic Routed Encapsulation (GRE)
Address Rewrite

Bandwidth QoS

Hyper-V Extensible Switch

Virtual
Machine
VM NIC

Augment Hyper-V Virtual

Switch capabilities
Monitoring
Traffic filtering / shaping
Forwarding algorithms

Root Partition
Host NIC

Hyper-V Switch
Capture Extensions
WFP Extensions

Filtering Extensions
Forwarding Extension

Physical NIC

Virtual
Machine

VM NIC

The Multi-Tenant Cloud

Secure Isolation Between Tenants
Dynamic Placement of Services

QoS and Resource Metering

Hoster

Multiple Customers on
Shared Infrastructure

Contoso Bank

Woodgrove Bank

Multi-Tenant Network Reqs

Tenant wants to easily move VMs to/from the cloud
Hoster wants to place VMs anywhere in the data center
Both want: Easy Onboarding, Flexibility & Isolation

Woodgrove Bank
Blue 10.1.0.0/16

Cloud Data Center

Contoso Bank
Red 10.1.0.0/16

One Solution: PVLAN

Green

Blue

Red1

Red2

10.1.1.31

10.1.1.21

10.1.1.11

10.1.1.12

Hyper-V
Switch

Isolated

Isolated

Community

Community

Win 8 Host

Isolation Scenario

To Internet
(10.1.1.1)

Hoster wants to isolate all VMs from each other and allow internet connectivity
#1 Customer Ask from hosters

Community Scenario
Hoster wants tenant VMs to interact with each other but not with other tenant VMs
Requires a VLAN id for each community (limited scalability, only 4095 VLAN IDs)

Hyper-V Network Virtualization

Woodgrove VM

Woodgrove network

Contoso VM

Physical
network

Physical
server

Hyper-V Machine
Virtualization

Run multiple virtual servers

on a physical server
Each VM has illusion it is
running as a physical server

Contoso network

Hyper-V Network Virtualization

Run multiple virtual networks on a physical network

Each virtual network has illusion it is running as a
physical fabric

Generic Routing Encapsulation

1 Provider Address per HOST (shared by all VMs on the host)
Embed Tenant Network ID in the GRE header Key field

192.168.2.22192.168.5.55

GRE Key=20 MAC 10.1.1.1110.1.1.12

192.168.2.22192.168.5.55

GRE Key=30 MAC 10.1.1.1110.1.1.12

192.168.2.22

192.168.5.55

1:N
10.1.1.11
10.1.1.1110.1.1.12

10.1.1.11
10.1.1.1110.1.1.12

10.1.1.12
10.1.1.1110.1.1.12

10.1.1.12
10.1.1.1110.1.1.12

Address Rewrite
Each VM IP (CA) is mapped to a unique Provider Address (PA)
Regular TCP/IP packets on the wire

192.168.2.22192.168.5.55
192.168.2.23192.168.5.56
192.168.2.22

192.168.2.23
192.168.5.55

10.1.1.11
10.1.1.1110.1.1.12

192.168.5.56

10.1.1.11
10.1.1.1110.1.1.12

10.1.1.12
10.1.1.1110.1.1.12

10.1.1.12
10.1.1.1110.1.1.12

Address Virtualization Summary

GRE Encapsulation

IP Rewrite

Deeper Multi-Tenancy
Integration

Performance and
Compatibility

Standards based RFCs 2784 & 2890

As few as one IP address per host
lowering burden on the switches
Full MAC headers and explicit Tenant
Network ID marking supports for traffic
analysis, metering and control
Any encapsulation will break stateless
offloads in the host server (LSO,
Checksum, RSC, RSS, VMQ)

No need to upgrade existing

NICs, existing switches, and
existing network appliances
Immediately and incrementally
deployable today without
sacrificing performance

VDI improvements
RemoteFX for WAN (rich desktop over various networks)
RemoteFX adaptive graphics (remoting of experiences adapting to
network types)
RemoteFX media remoting (high performance media remoting)
RemoteFX multi-touch (consistent touch interface, even when
remoting to RDS)
RemoteFX USB redirection
Metro-style Remote Desktop App
Choice of software or physical GPU
No requirement for hardware GPU

Available for sessions, VMs, and physical machines

Broad range of clients (ubiquitous access)
DX11 video support

The power of PowerShell

PowerShell support

Fast & Intuitive

~150 new Hyper-V cmdlets
All Hyper-V Manager UI capability can be scripted
Perfect for automation

In-box metering

Hyper-V Resource Meters

Historic Resource utilization information, persistent through live migrations
Network
Incoming & Outgoing
Traffic per IP Address
Range
Storage
High Water-Mark Disk
Allocation
Memory
Low & High Water-Mark
Memory Utilization
Average Memory
Utilization
CPU
Average CPU Utilization

Instrumente de management

SUITA SYSTEM CENTER

System Center

Surs: TechEd Europe MGT206

SCVMM 2012

SCVMM 2012

SCVMM 2012 - Fabric Management

Physical Server

Manage multiple hypervisors Hyper-V, VMware, Xen

Server hardware management IPMI, DCMI, SMASH, Custom via Provider

Host provisioning from baremetal to Hyper-V to Cluster provisioning

Network

Define Logical Networks using VLANs and Subnets per datacenter location

Address management for Static IPs, Load Balancer VIPs and MAC addresses

Automated provisioning of Load Balancers via Provider

Storage

Storage Management using SMI-S

Discover storage arrays and pools

Classify storage based on throughput and capabilities

Discover or configure LUNs and assign to hosts and clusters

Rapid provisioning of VMs using snap cloning of LUNs

SCVMM 2012 - Fabric Management

Update Management of Fabric Servers

Update operation control (On-demand scan and on-demand remediation)

Updating a Hyper-V cluster is fully automated

Integrated with Windows Server Update Server

Dynamic Optimization (DO)

Cluster level workload balancing scheme to optimize for VM performance

Leverages live migration to move workloads

Power Optimization (PO)

Leverages live migration to pack more VMs per host

Powers down servers to optimize for power utilization

Enhanced Placement

Over 100 placement checks/validation

Support for custom placement rules

Multi-VM deployment for Services

SCVMM 2012 - Service Lifecycle

Service Templates
Used to model a multi-tier application
Source of truth for deployed service configuration

Applications
Built-in support for Web deploy, Server App-V, SQL DAC
Custom command execution for other application packages

Image-based
OS separated from apps
Composed during deployment

Servicing
Change the template and then apply that change to deployed
instances
Upgrade domains ensures application availability during
servicing

Suport pentru medii eterogene

INTEROPERABILITATE

How does it work?

VSP (virtualization service provider)

VSC (virtualization service client)

Drivers forsynthetic devices installed in the enlightened guest OS

Exposes every virtual device and translates I/O requests
Theres always a VSP/VSC pair

VMBus (virtual machine bus)

Hyper-V component in theparent partition

Communicates with the hardware drivers
Gives access to the host resources

A high-speed point-to-point in-memory bus

Allows the communication between VSPs and VSCs through Hyper-V

For Linux, every VSC has a DIM (Driver Interface Mapper)

DIMs interact with the Linux Kernel like any other driver
Theres also a VSC core based on each existing VSP

Emulated vs. enlightened

Emulated drivers

Drivers are emulated

All requests targeting the hardware (HDD, network, etc) are not direct
Translated in both directions (VM-hw, hw-VM) by the hypervisor
They bring in a performance overhead
The emulated drivers are pretty similar to what we had in Virtual Server:

Video = S3 Trio64+ SVGA (VESA)

Network = Intel/DEC Tulip 21x4x
IDE = Intel 440BX chipset MB

Enlightened drivers

Also known as synthetic drivers

These make the VM hypervisor aware
Written especially for virtualized environments => paravirtualization
Theyre basically just pointers to the drivers in the parent partition
Huge performance boost!

The story so far

Whats been done so far?

July 2009 Microsoft contributes with over 20.000 lines of code in the Linux kernel

December 2009 The drivers (in staging) are included in the 2.6.32 Kernel

July 1st 2010 Microsoft presents at the Red Hat Summit

Official support list:

http://technet.microsoft.com/en-us/library/cc794868(WS.10).aspx

Linux Integration Services 2.1 RTM (July 2010)

SUSE Linux Enterprise Server (10 SP1/SP2/SP3, 11)

Red Hat Enterprise Linux (5.2, 5.3, 5.4, 5.5)

Linux Integration Services 3.4 RTM (September 2012)

Red Hat Enterprise Linux 5.5-5.9 & 6.0-6.3 x86 and x64 (Up to 4 vCPU)
CentOS 5.5-5.8 & 6.0-6.3 x86 and x64 (Up to 4 vCPU)
SUSE Linux Enterprise Server 10 SP4 & 11 SP1/SP2

The road to enlightment

Driver support for synthetic devices (v1 original distro code, created by Citrix)

Synthetic network controller & Synthetic storage controller (IDE/SCSI)

Fastpath Boot Support for Hyper-V (v2.0 December 2009)

Block VSC increased boot performance

Timesync (v2.1 July 2010)

The clock inside the virtual machine will remain synchronized with the clock on the host

Integrated Shutdown (v2.1 July 2010)

VMs can be cleanly shut down from Hyper-V

Symmetric Multi-Processing (SMP) Support (v2.1 July 2010)

Supported Linux distributions can use up to 4 virtual processors (VP) per virtual machine

Heartbeat (v2.1 July 2010)

Allows the host to detect whether the guest is running and responsive

Pluggable Time Source (v2.1 July 2010)

A pluggable clock source module is included to provide a more accurate time source to the guest.

KVP (Key Value Pair) Exchange (v3.1 July 2011)

Information about the running Linux VM can be obtained by using the Key Value Pair exchange functionality on the host (FQDN,
Linux IS version, IP addresses, OS version/distro/kernel, CPU architecture x86/x64)

Integrated Mouse Support (v3.2 January 2012)

The cursor is no longer bound to the VMConnect window when used with the Linux Graphical User Interface

SMP 32 vCPU support (v3.3 June 2012)

Support for up to 32 vCPUs on certain distros

Live Migration (v3.4 September 2012)

Linux virtual machines can undergo live migration for load balancing purposes

Jumbo Frames (v3.4 September 2012)

Linux virtual machines can be configured to use Ethernet frames with more than 1500 bytes of payload

Comparing to IS on Windows
Synthetic Drivers
IDE driver
SCSI driver
Network Drive
Mouse Integration
Video
Integration Services
Operating System Shutdown
Time Synchronization
Heartbeat
Data Exchange
Backup (VSS)

TechEd 2010 - WSV305

IS on Windows

TechEd 2010 - WSV305

IS on Windows

TechEd 2010 - WSV305

Wrap-up: Linux IS components

hv_vmbus communication with the host

hv_storvsc storage VSC
hv_netvsc network VSC
hv_timesource pluggable time source
hv_mouse enlightened mouse
hv_utils graceful shutdown, timesync, heartbeat

LINUX IN AZURE

VM Depot
http://msopentech.com/blog/project-categories/virtual-machine-depot/

CONVERSII P2V PENTRU LINUX

TechEd 2010 - WSV305

Conversii P2V Linux

http://blogs.technet.com/b/enterprise_admin/archive/2010/05/13/linux-p2v-with-dd-and-vhdtool-easy-and-cheap.aspx

Se folosesc DD i VHD tool

DD funcioneaz att sub Windows ct i sub Linux
Ex. se ia HDD-ul cu Linux, se ataeaz unui sistem Windows

TechEd 2010 - WSV305

Conversii P2V Linux (continuare)

Din linie de comand, se realizeaz conversia HDD-ului n format RAW (.img)

dd if=\\?\Device\Harddisk1\DR2 of=D:\rhel54.img bs=1M --progress

TechEd 2010 - WSV305

VHD tool
http://code.msdn.microsoft.com/vhdtool

Instrument command line, open source

Include funcii de manipulare a fiierelor VHD (create, convert, extend,
repair)
E un tool excelent de conversie P2V pentru maini Linux
Conversia se face din format RAW n VHD

Soluii de scripting

POWERSHELL

Powershell v1.0

Command Line Interpreter CLI

Script Execution Engine
Help online vast
Comenzi build-in (cmdlets), extensibile
Suport WMI, COM, CMD, etc.
Construit peste .NET Framework 2.0

Suport pentru:
Windows Server, Exchange, SQL, SCOM, SCVMM, SCDPM,
Compute Cluster, OpenXML, IBM WebSphere MQ, Active
Directory, Lotus Domino, VMWare Infrastructure, Windows 7,
WDK, NetApp Data ONTAP

PowerShell before & after

INAINTE

ACUM

GUI

MMC

GUI-uri bazate
pe PowerShell

Shell interactiv

CMD

PowerShell

Scripting

BAT n CMD

PowerShell

COM

WMI (VBScript)

PowerShell

Securitate n PowerShell
Secure by design & by default
Fisierele script sunt asociate cu Notepad
Scripturile nu vor rula

CLI cere permisiunea de executare pentru

scripturi neverificate
Execuia PS se face:
Prin 'cmdlets', (programe .NET, scrise de un developer, compilate ntr-un
DLL i ncrcate de un script PowerShell)
Script-uri PowerShell ('.ps1')
Funcii PowerShell
Programe executabile

PowerShell v2.0

Control Remote (PowerShell Remoting)

mbuntiri ale engine-ului (cmdlets, operators, debugging)
Try-Catch-Finally
GUI pentru PowerShell (PowerShell ISE)
Hosting
- Run-space restricionat
- Delegare drepturi

Background Jobs
Operaii tranzacionale
Eventing
Network File Transfer
API-uri noi

PowerShell v3.0
New commandlets
$Pv3 = Get-Command *
$Pv3.count

PowerShell ISE

Single Command Pane

IntelliSense
Snippets
Collapsible regions

Updatable Help
Update-Help

Windows PowerShell Workflows

Parallel, Sequence & InlineScript keywords
Remote Get-Module
Get-Module implicit remoting

Windows PowerShell resurse/comuniti

Team blog: http://blogs.msdn.com/PowerShell
PowerShell Community: http://www.powershellcommunity.org
PowerShell Forum: http://social.technet.microsoft.com/Forums/enUS/winserverpowershell/threads
Channel 9: http://channel9.msdn.com/tags/PowerShell
Wiki:
http://channel9.msdn.com/wiki/default.aspx/Channel9.WindowsPowerShellWiki
Script Center: http://www.microsoft.com/technet/scriptcenter/hubs/msh.mspx
CodePlex: http://codeplex.com/Project/ProjectDirectory.aspx?TagName=powershell
Cri

PowerShell in Action by Bruce Payette

http://manning.com/powershell

Windows PowerShell Cookbook by Lee Holmes

http://www.oreilly.com/catalog/9780596528492/index.html

Professional Windows PowerShell Programming

http://www.wrox.com/WileyCDA/WroxTitle/productCd-0470173939.html

Thanks!
www.itspark.ro
www.codecamp.ro
www.itcamp.ro
www.vimeo.com/channels/itcamp