Softpanorama
(slightly skeptical) Open Source Software Educational Society

May the source be with you, but remember the KISS principle ;-)

Google   

Virtual Machines
as a Special Class of Operating Systems

News

See Also

Recommended Links

 Selected Papers

Reference

 OS Internals
VMware Xen Virtual PC 2007 Suse on  Virtual PC 2007 Conversion of harddrive partitions  
Solaris Zones Solaris Ldoms BSD Jails VM/CMS

Humor

 Etc

Virtualization was pioneered by IBM with is ground breaking VM/CMS.  Also IBM mainframe hardware was the first virtualization friendly hardware.

As Intel CPU got traction everything was that were invented for other CPUs was reinvented for Intel. In 1998 VMware built VMware Workstation, which ran on a PC despite the fact that Intel CPu did not directly supported virtualization at this time.

The first mass deployment was not servers but "legacy desktop applications". Enterprises needed a way to run old applications when moving to new PCs and VMware provided a very good path. This was one can run Windows 9X in a virtual machine while running XP as the main desktop.

Later this was also used to run linux on the same Pc as Windows. This was very convenient for various demo and such configuration became holy grail of all types of consultants.

The latest Holy Grail of  large corporate IT is server consolidation. In an attempt to lower the costs of IT infrastructure many companies are looking to achieve this via server virtualization. Of course you cannot defy gravity with virtualization: you still a single challenge to RAM and with several OS running concurrently it can became a bottleneck. Still the idea is to consolidate small and not very loaded servers into fewer and larger as well as more heavily-loaded physical servers was a sound one.  Typically large enterprise runs dozens of servers that just circulate air, sometime in a very exact sense of this word. But here is it very important to avoid excessive zeal. If overdone this can bring up a whole new set of complications, however, as there is no free lunch.  But in moderation this new trend that lead to  called conversion of  "low load" servers into set of  Virtual Machines. this is a win-win situation. It is quite beneficial for environment and for the enterprize as it opens some additional, non-foreseen avenues of savings.  Please note that the price of servers grow very fast beyond midrange servers and, say, an Intel server that cost $35 will never be able to replace 7 reasonably loaded low end servers. But if they are not loaded or systematically loaded below 0.1 at can be a very good fit. 

Also if done intelligently virtualization can probably squeeze the number of the low end servers in a typical datacenter 30-50% and that also lead to some modest maintenance cost savings as well as electricity and air-conditioning related savings (low end servers as very wasteful as for electricity and add considerable to air-conditioning costs as their power supplies are very inefficient).  

Saving on hardware is more questionable as low level servers represent the most competitive segment of server market with profit margins squeezed to minimum; the margins are generally much larger of mid-range and high end servers.  In other words margins on midrange servers and high-end servers work against virtualization.

At the same time the heavy reliance on virtualized servers for production applications, as well as the task of managing and provisioning them, are fairly new areas in the "new brave" virtualized IT world and both need special software solutions. That increases the importance of Tivoli and other ESM applications. Virtualization has changed configuration management, capacity management, provisioning, patch management, back-ups, and software licensing. It is inherently favorable toward open source software and OS solutions. It also opens a lot of new possibilities in saving time on administration, electricity savings as well as makes some impressive feats like dynamic migration of a virtual instance from one (more loaded) physical server to another (less loaded) possible.

Major Types of Virtualization

We can distinguish the following five different types of virtualization:

Super-heavy-weight

This is hardware domain-based virtualization that is used only on high-end servers. Domain can, essentially, be called  "blades with common memory and I/O devices". Those "blades on steroids" are probably the closest thing on getting more power from a singe server without related sacrifices in CPU, memory access and I/O speed, sacrifices that are typical for all other virtualization solutions. Of course there is no free lunch and you need to pay for such luxury.  Sun is the most prominent vendor of such servers (mainframe class servers like E15K, etc are all hardware domain-based).

Access to memory of other domains is slower then to local memory so those systems are closer to NUMA.

Heavy-weight

By heavy-weight virtualization we will understand full hardware virtualization.

IBM calls it LPARs and is currently the king of the hill in this area as it pioneered this class of  VM machines in late 60 with the release of famous VM/CMS.  Until recently Power5 based server with AIX were the most battle-tested and reliable virtualized environments based on heavy-weight virtualization concept.  

Still the most popular implementation of this concept currently is VMware and recently it was greatly helped by Intel and ADM who incorporated virtualization extensions in their CPUs.  VMware can run Linux (Red Hat and Suse), Solaris and Windows virtual instances on one physical server and as such is the most versatile solution on this category although IBM Power5 servers still enjoy the advantages of  hardware designed with the virtualization in mind. 

But with Intel quad CPUs available you can have pretty impressive CPU power on a single Intel server and that makes VMware more important as rising tide of Intel server power (as well as AMD competitive efforts to match Intel after its introduction of 5xxx series of CPUs -- Duo and Quattro) lifts all boats.

On newer Intel and AMD CPUs Xen also can run unmodified OS instances making it another heavy-weight virtualization platform.

Sun calls heavy-weight virtual partitions "logical domains"(LDOM) and until recently  preferred hardware-base domains to logical domains. But this stance is changing with the introduction of LDOMs on Sun's T1000 and T2000 Sun Fire servers. The first is low end server and as such is questionable platform for heavy-weight virtualization, the second is actually something in between low end and middle-weight server and can run at least two or may be three virtual partitions with substantial simultaneous loads. I am not sure what is the speed of memory for T2000 but I doubt that it is 1.33GHz. It is probably lower so in this area T2000 is inferior to newer Intel 5xxxx based servers.

Customers that use Solaris 10 11/06 can turn to new hardware being shipped in January or a firmware update on older boxes in order to get LDOMs working on their UltraSPARC T1-based servers. Sun will support up to 32 operating systems per server with the virtualization technology. About differences with LPARs see Rolf M Dietze blog. Among other things he came to the following conclusions:

Sun’s LDoms supply a virtual terminal server, so you have consoles for the partitions, but I guess this comes out of the UNIX history: You don’t like flying without any sight or instruments at high speed through caves, do you? So you need a console for a partition! T2000 with LDoms seems to support this, at IBM you need to buy an HMC (Linux-PC with HMC-software).

With crossbow virtual network comes to Solaris. LDoms seem to give all advantages of logical partitioning as IBMs have, but hopefully a bit faster and clearly less power consumption.

Sun offers a far more open licensing of course and: You do not need a Windows-PC to administer the machine (iSeries OS/400 is administered from such a thing).

A T2000 is fast and has up to 8 cores (32 thread-CPUs) 16GBRam and has a good price and those that do not really need the pure power and are more interested in partitioning.

The Solaris zones have some restrictions aka no NFS/server in zones etc. That is where LDoms come in. That’s why I want to actually compare LDoms and LPARs.

It looks like it becomes cold out there for IBM boxes….

CPU vendors now are paying huge attention to virtualization. All new CPUs are usually "virtualization-friendly" and contain instructions and hardware capabilities that make heavy-weight virtualization more efficient. Intel 5xxx series (Duo and Quattro CPUs) is an example of this class of CPUs among Intel-compatible CPUs.   IBM P5 and Sun UltraSparc T1 are examples among RISK CPUs.

The main advantage of heavy-weight virtualization is almost complete isolation of instances.  You cannot achieve this with any other type of virtualization and here only blades can compete.

Disadvantages are connected with the fact that both CPUs, memory and I/O are shared and you will never get the same speed on high workloads as in case of several standalone servers each with corresponding fraction of CPUs and memory and the same set of applications. Especially problematic is sharing of memory as it might well become a bottleneck before CPU.  Each virtual instance of OS loads pages independently of the other and compete for memory bandwidth. So if, for example,  two virtual instances are simultaneously active and for example are loading modules or data from the disk each can enjoy probably only 2/3 of the memory bandwidth (accesses to memory are randomly spread in time so sum should probably be greater then 100%)  in comparison with a standalone system.  In other words you lose approximately 1/3 of memory bandwidth by jumping into virtualization bandwagon.  That's why heavy-weight virtualization behaves bad on memory intensive applications. Users of IBM Power5 servers and AIX 5.3 (probably are the best and the most widely used commercial heavyweight virtualization platform) know that all too well. 

As memory channel is shared between all virtual instances heavy-weight virtualization is best suited for Web and e-commerce workloads.

That probably means that other things equal you should strive for the fastest memory and the best designed memory bus (Opteron has better memory bus then Intel CPUs). That's probably why new 5xxx series of CPU that support 1.3Ghz memory significantly improves the performance of the VMware (see Dell paper about the improvements achieved).  

Both memory speed and CPU power can became bottlenecks as they are shared between all active virtual instances of OS.  The presence of a full non-modified version of an OS for each partition introduces significant drag on resources (both memory and CPU-wise).  I/O load can be diminished by using a separate controller for OS partitions and multiple controllers on the server. Still in some deep sense heavy-weight partitioning is inefficient and will always waist significant part of server resources.

In IBM Power-based server world "binary" deployments when a single server host two application in two different LPARs are common pretty popular and behave reasonably well. Taken to the extreme this approach guarantee 50% reduction of all physical servers. Larger number of applications on a single server are possible, but more tricky: such virtual server need careful planning as it faces memory bottleneck and CPU power bottleneck, especially painful if  "rush hours" are the same for both applications.  We need to understand that a larger server with two CPU and 8G of memory split equally between two partitions will always be less efficient then two several servers with one CPU and 4G of memory if speed of memory and speed of CPU are equal. As an alterative to heavy-weight partitioning see blade servers discussion below.

This approach is important for running legacy applications like application for SunOS 4.x as well as few linux applications that makes sense to run of Linux instead of Solaris  but that need to run on the same server.

Medium-weight  (para-virtualization)

Para-virtualization is a variant of native virtualization, where the VM (hypervisor) emulates only part of hardware and provides a special API requiring OS modifications. The most popular representative of this approach is Xen  with AIX as a distant second:

With Xen virtualization, a thin software layer known as the Xen hypervisor is inserted between the server’s hardware and the operating system. This provides an abstraction layer that allows each physical server to run one or more “virtual servers,” effectively decoupling the operating system and its applications from the underlying physical server.

Therefore only specially modified for Xen versions on OS can run in virtual mode.  Work on Xen has been supported by UK EPSRC grant GR/S01894, Intel Research, HP Labs and Microsoft Research (Yes, despite naive Linux zealots wining Microsoft did contributed code to Linux ;-).  Other things equal it provides higher speed and less overhead then native virtualization. NetBSD  was the first to implement Xen.  Currently the key platform for Xen is linux with Novell supporting it in production version of Suse. Red Hat does not support it in RHEL 4 but is expected to support in RHEL 5 somewhere in 2007. Sun Solaris 10 for x86 also have Xen support (currently in beta with production version in early 2007).

Xen is now sold commercially by IBM; Sun will have Xen compatible version of Solaris in mid 2007. SPARC has separate implementation that will be released in late 2007 and two implementations re expected to  merge in the future).  

The main advantage of Xen is that it supports live relocation capability. It is also more cost effective solution the VMware that is definitely overpriced.

The main problem is that para-virtualization requires OS kernel modification to be aware of the environment it is running and pass control to hypervisor in case of executing all privileged instructions. Therefore  it is not suitable for running legacy OSes and for running Microsoft Windows (although Xen can run it in newer 51xx CPU series)

Para-virtualization improves speed in comparison with heavy-weight virtualization (much less context switching), but does little beyond that. It is unclear how much faster is para-virtualized instance of OS in comparison with heavy-weight virtualization on "virtualization-friendly" CPUs.  Xen page claims that:

Xen offers near-native performance for virtual servers with up to 10 times less overhead than proprietary offerings, and benchmarked overhead of well under 5% in most cases compared to 35% or higher overhead rates for other virtualization technologies.

It's unclear was this difference measured of old Intel CPU or new 5xxx series that support virtualization extensions. I suspect the difference on newer CPUs should be smaller. 

I would like to stress it again that the level of modification OS is very basic and important idea of factoring out common functions like virtual memory management that was implemented in classic VM/CMS is not utilized.  Therefore all the redundant processing typical for heavy-weight virtualization is present in para-virtualization environment.

Note:  Xen 3.0 and above support both para-virtualization and full (heavy-weight) virtualization to leverage the built-in hardware support built into the Intel-VT-x and AMD Pacifica processors. According to XenSource Products - Xen 3.0 page:

With the 3.0 release, Xen extends its feature leadership with functionality required to virtualize the servers found in today’s enterprise data centers. New features include:

Light-weight virtualization

This type of virtualization was pioneered in Free BCD (jails) and was further developed by Sun and introduced in Solaris 10 as concept of Zones.  There are various experimental add-ons of this type for Linux but none got any prominence.

In Solaris 10 11/06, the next build of the operating system that will be released at the end of November, admins will be able to clone a Zone as well as relocate it to another box, through a feature called Attach/Detach. Also now it is possible to run Linux applications in zones on X86 servers (branded zones).  The key advantage is that you have a single instance of OS so the price that you paid in case of heavy-weight virtualization is waived. That means that light-weight virtualization is the most efficient resources-wise. It also has great security value. Memory can become a bottleneck here as all memory accesses are channeled via a single controller.

IBM's "lightweight" product would be "Workload manager" for AIX which is an older (2001 ???)and less elegant technology then BSD Jails and Solaris zones:

Current UNIX offerings for partitioning and workload management have clear architectural differences. Partitioning creates isolation between multiple applications running on a single server, hosting multiple instances of the operating system. Workload management supplies effective management of multiple, diverse workloads to efficiently share a single copy of the operating system and a common pool of resources

IBM lightweight virtualization operates under a different paradigm with the most close thing to zone being a "class". The system administrator (root) can delegate the administration of the subclasses of each superclass to a superclass administrator (a non-root user). Unlike zones classes can be nested:

The central concept of WLM is the class. A class is a collection of processes (jobs) that has a single set of resource limits applied to it. WLM assigns processes to the various classes and controls the allocation of system resources among the different classes. For this purpose, WLM uses class assignment rules and per-class resource shares and limits set by the system administrator. T he resource entitlements and limits are enforced at the class level. This is a way of defining classes of service and regulating the resource utilization of each class of applications to prevent applications with very different resource utilization patterns from interfering with each other when they are sharing a single server.

Blades

Blade servers are an increasingly important part of the enterprise datacenters, with consistent double-digit growth easily outpacing the overall server market. IDC estimated that 500,000 blade servers were sold in 2005, or 7% of the total market, with customers spending $2.1 billion.

While blades are not virtualization in pure technical sense, the rack with blades (bladesystem) possesses some additional management capabilities that are not present in stand-alone U1 servers and in modern versions usually have shared I/O channel to NAS.  They can be viewed as "hardware factorization" approach to server construction which is not that different from virtualization.  The first shot in this direction is the new generation of bladesystems like IBM BladeCenter H system has offered I/O virtualization since February, 2006 and HP BladeSystem c-Class. The latter offers better server management, virtualization and saves up to 30% power in comparison with rack mounted 1U servers with identical CPU and memory configurations.

Sun also offers blades but it is a minor player in this area.  It offers pretty interesting and innovative Sun Blade 8000 Modular System  which target higher end that usual blade servers.  Here is how Cnet described the key idea behind the server if the article Sun defends big blade server 'Size matters':

Sun co-founder Andy Bechtolsheim, the company's top x86 server designer and a respected computer engineer, shed light on his technical reasoning for the move.

"It's not that our blade is too large. It's that the others are too small," he said.

Today's dual-core processors will be followed by models with four, eight and 16 cores, Bechtolsheim said. "There are two megatrends in servers: miniaturization and multicore--quad-core, octo-core, hexadeci-core. You definitely want bigger blades with more memory and more input-output."

When blade server leaders IBM and HP introduced their second-generation blade chassis earlier this year, both chose larger products. IBM's grew 3.5 inches taller, while HP's grew 7 inches taller. But opinions vary on whether Bechtolsheim's prediction of even larger systems will come true.

"You're going to have bigger chassis," said IDC analyst John Humphries, because blade server applications are expanding from lower-end tasks such as e-mail to higher-end tasks such as databases. On the more cautious side is Illuminata analyst Gordon Haff, who said that with IBM and HP just at the beginning of a new blade chassis generation, "I don't see them rushing to add additional chassis any time soon."

Business reasons as well as technology reasons led Sun to re-enter the blade server arena with big blades rather than more conventional smaller models that sell in higher volumes, said the Santa Clara, Calif.-based company's top server executive, John Fowler. "We believe there is a market for a high-end capabilities. And sometimes you go to where the competition isn't," Fowler said.

As a result of such factorization more and more functions move to the blade enclosure. As a result power consumption improves dramatically as blades typically use low power dissipating CPUs and all blades typically share the same power supply that in case of full or nearly full rack permits power supply to work with much greater power efficiency (twice of more efficient then on a typical server). That cuts air conditioning costs too. also newer blades monitor air flow and adjust fans accordingly. As a result energy bill can be half of the same amount of U1 servers.  

Blades generally solves the problem of lack of CPU power typical for most types of virtualization except domain-based, and with the current price of memory it solves the memory latency problem. Think about them are predefined partitions with fixed amount of CPU and memory. Dynamic swap of images between blades is possible.  Some I/O can be local and with high speed solid drives very reliable and fast. That permits offloading OS-related IO from application related I/O.

Major vendors support

Among major vendors:

Conclusions

There is no free lunch and virtualization is not panacea. It increases the complexity of environment and put severe stress of a single server that host multiple instances on virtual machines. Failure of this server lead to failure of all instances.

Therefore the natural habitat of virtualization is development, test and stage servers as well as almost idle servers that servers various enterprise consoles and similar low CPU intensive applications (Web servers and e-commerce servers).

At the same time virtualization opens new capabilities and sometimes it make sense to run a single instance of virtual machine on the server to get such advantages as on the fly relocation of instances, virtual images manipulation capabilities, etc. With technologies like Xen that claims less then 5% overhead that approach becomes feasible. "Binary servers" -- servers that host just two applications also look very promising.  

Migration of  rack-mounted servers to  blade servers is the most safe approach to server consolidation. Managers without experience of work in partitioned environment shouldn’t underestimate what their administrators need to learn and the set of new problems that virtualization creates  One good advice is "Make sure you put the training dollars in."

There are also other problems. A lot of software vendors won’t certify applications as virtual environment compatible, for example VMware compatible. In such cases running the application in virtual environment means that you need to assume the risks and cannot count on vendor tech support to resolve your issues.

All-in all virtualization is mainly played now in desktop and low end servers space. It make sense to proceed slowly testing the water before jumping in. Those that have adopted virtualization have, on average, only about 20% of their environment virtualized, according to IDC. VMware pricing structure is a little bit ridiculous and nullifies hardware savings, if any. Their maintenance costs are even worse.  That means that alternative solutions like Xen3 or Microsoft should be considered on Intel side and IBM and Sun on Unix side. As vendor consolidation is ahead if you don’t have a clear benefit from virtualization today, you can wait or limit yourself to "sure bets" like development, testing and staging servers.  The next version of Windows Server will put serious pressure on VMware in  a year or so. Xen is also making progress with IBM support behind it. With those competitive pressures, VMware could become significantly less expensive in the future.

VMs are also touted as a solution to the computer security problem. It's pretty obvious that they can improve security. After all, if you're running your browser on one VM and your mailer on another, a security failure by one shouldn't affect the other. If one virtual machine is compromised you can just discard it and create an fresh image. There is some merit to that argument, and in many situations it's a good configuration to use. But at the same time the transient nature of Virtual Machines introduces new security and compliance challenges not addressed by traditional systems management processes and tools. For example virtual images are more portable and possibility of stealing the whole OS images and running them on a different VM are very real.  New security risks inherent in virtualized environments need to be understood and mitigated.

Here is a suitable definition taken from the article published in Linux Magazine:

 "(Virtual machines) offer the ability to partition the resources of a large machine between a large number of users in such a way that those users can't interfere with one another. Each user gets a virtual machine running a separate operating system with a certain amount of resources assigned to it. Getting more memory, disks, or processors is a matter of changing a configuration, which is far easier than buying and physically installing the equivalent hardware."

And FreeBSD and Solaris users has their lightweight VM built in the OS. Actually FreeBSD jails, Solaris 10 zone and Xen are probably the most democratic light weight VM.  To counter the threat from free VMs VMware now produces a free version too. VMware Player is able to run virtual machines made in VMware Workstation. There are many free OS's on the website. Most of them are community made. There are also freeware tools for creating VM's, mounting, manipulating and converting VMware disks and floppies, so it is possible to create, run and maintain virtual machines for free (even for commercial use).

Here is how this class of virtual machines is described in Wikipedia

Conventional emulators like Bochs emulate the microprocessor, executing each guest CPU instruction by calling a software subroutine on the host machine that simulates the function of that CPU instruction. This abstraction allows the guest machine to run on host machines with a different type of microprocessor, but is also very slow.

An improvement on this approach is dynamically recompiling blocks of machine instructions the first time they are executed, and later using the translated code directly when the code runs a second time. This approach is taken by Microsoft's Virtual PC for Mac OS X.

VMware Workstation takes an even more optimized approach and uses the CPU to run code directly when this is possible. This is the case for user mode and virtual 8086 mode code on x86. When direct execution is not possible, code is rewritten dynamically. This is the case for kernel-level and real mode code. In VMware's case, the translated code is put into a spare area of memory, typically at the end of the address space, which can then be protected and made invisible using the segmentation mechanisms. For these reasons, VMware is dramatically faster than emulators, running at more than 80% of the speed that the virtual guest OS would run on hardware. VMware boasts an overhead as small as 3%–6% for computationally intensive applications.

Although VMware virtual machines run in user mode, VMware Workstation itself requires installing various drivers in the host operating system, notably in order to dynamically switch the GDT and the IDT tables.

One final note: it is often erroneously believed that virtualization products like VMware or Virtual PC replace offending instructions or simply run kernel code in user mode. Neither of these approaches can work on x86. Replacing instructions means that if the code reads itself it will be surprised not to find the expected content; it is not possible to protect code against reading and at the same time allow normal execution; replacing in place is complicated. Running the code unmodified in user mode is not possible either, as most instructions which just read the machine state do not cause an exception and will betray the real state of the program, and certain instructions silently change behavior in user mode. A rewrite is always necessary; a simulation of the current program counter in the original location is performed when necessary and notably hardware code breakpoints are remapped.

The Xen open source virtual machine partitioning project is picking up momentum since acquiring the backing of venture capitalists at the end of 2004. Now, server makers and Linux operating system providers are starting to line up to support the project, contribute code, and make it a feature of their systems at some point in the future. Work on Xen has been supported by UK EPSRC grant GR/S01894, Intel Research, HP Labs and Microsoft Research. Novell and Advanced Micro Devices also back Xen. See also

While everybody seemed to get interested in the open source Xen virtual machine partitioning hypervisor just when XenSource incorporated and made its plans clear for the Linux platform, the NetBSD variant of the BSD Unix platform has been Xen-compatible for over a year now, and will be as fully embracing the technology as Linux is expected to.

Xen has really taken off since Dec, 2004, when the leaders of the Xen project formed a corporation to sell and support Xen and they immediately secured $6 million from venture capitalists Kleiner Perkins Caufield & Byers and Sevin Rosen Funds.

Xen is headed up by Ian Pratt, a senior faculty member at the University of Cambridge in the United Kingdom, who is the chief technology officer at XenSource, the company that has been created to commercialize Xen. Pratt told me in December that he had basically been told to start a company to support Xen because some big financial institutions on Wall Street and in the City (that's London's version of Wall Street for the Americans reading this who may not have heard the term) insisted that he do so because they loved what Xen was doing.

Seven years ago, Ian Pratt joined the senior faculty at the University of Cambridge in the United Kingdom, and after being on the staff for two years, he came up with a schematic for a futuristic, distributed computing platform for wide area network computing called Xenoserver. The idea behind the Xenoserver project is one that now sounds familiar, at least in concept, but sounded pretty sci-fi seven years ago: hundreds of millions of virtual machines running on tens of millions of servers, connected by the Internet, and delivering virtualized computing resources on a utility basis where people are charged for the computing they use. The Xenoserver project consisted of the Xen virtual machine monitor and hypervisor abstraction layer, which allows multiple operating systems to logically share the hardware on a single physical server, the Xenoserver Open Platform for connecting virtual machines to distributed storage and networks, and the Xenoboot remote boot and management system for controlling servers and their virtual machines over the Internet.

Work on the Xen hypervisor began in 1999 at Cambridge, where Pratt was irreverently called the "XenMaster" by project staff and students. During that first year, Pratt and his project team identified how to do secure partitioning on 32-bit X86 servers using a hypervisor and worked out a means for shuttling active virtual machine partitions around a network of machines. This is more or less what VMware does with its ESX Server partitioning software and its VMotion add-on to that product. About 18 months ago, after years of coding the hypervisor in C and the interface in Python, the Xen portion of the Xenoserver project was released as Xen 1.0. According to Pratt, it had tens of thousands of downloads. This provided the open source developers working on Xen with a lot of feedback, which was used to create Xen 2.0, which started shipping last year. With the 2.0 release, the Xen project added the Live Migration feature for moving virtual machines between physical machines, and then added some tweaks to make the code more robust.

Xen and VMware's GSX Server and EXS Server have a major architectural difference. VMware's hypervisor layer completely abstracts the X86 system, which means any operating system supported on X86 processors can be loaded into a virtual machine partition. This, said Pratt, puts tremendous overhead on the systems. Xen was designed from the get-go with an architecture focused on running virtual machines in a lean and mean fashion, and Xen does this by having versions of open source operating systems tweaked to run on the Xen hypervisor. That is why Xen 2.0 only supports Linux 2.4, Linux 2.6, FreeBSD 4.9 and 5.2, and NetBSD 2.0 at the moment; special tweaks of NetBSD and Plan 9 are in the works, and with Solaris 10 soon to be open-source, that will be available as well. With Xen 1.0, Pratt had access to the source code to Windows XP from Microsoft, which allowed the Xen team to put Windows XP inside Xen partitions. With the future "Pacifica" hardware virtualization features in single-core and dual-core Opterons and Intel creating a version of its "Vanderpool" virtualization hardware features in Xeon and Itanium processors also being made for Pentium 4 processors (this is called "Silvervale" for some reason), both Xen and VMware partitioning software will have hardware-assisted virtual machine partitioning. While no one is saying this because they cannot reveal how Pacifica or Vanderpool actually work, these technologies may do most of the X86 abstraction work, and therefore should allow standard, compiled operating system kernels run inside Xen or VMware partitions. That means Microsoft can't stop Windows from being supported inside Xen over the long haul.

Thor Lancelot Simon, one of the key developers and administrators at the NetBSD Foundation that controls the development of NetBSD, reminded everyone that NetBSD has been supporting the Xen 1.2 hypervisor and monitor within a variant of the NetBSD kernel (that's NetBSD/xen instead of NetBSD/i386) since March of last year. Moreover, the foundation's own servers are all equipped with Xen, which allows programmers to work in isolated partitions with dedicated resources and not stomp all over each other as they are coding and compiling. "We aren't naive enough to think that any system has perfect security; but Xen helps us isolate critical systems from each other, and at the same time helps keep our systems physically compact and easy to manage," he said. "When you combine virtualization with Xen with NetBSD's small size, code quality, permissive license, and comprehensive set of security features, it's pretty clear you have a winning combination, which is why we run it on our own systems." NetBSD contributor Manuel Bouyer has done a lot of work to integrate the Xen 2.0 hypervisor and monitor into the NetBSD-current branch, and he said he would be making changes to the NetBSD/i386 release that would all integrate /xen kernels into it and will allow Xen partitions to run in privileged and unprivileged mode.

The Xen 3.0 hypervisor and monitor is expected some time in late 2005 early 2006, with support for 64-bit Xeon and Opteron processors. XenSource's Pratt told me recently that Xen 4.0 is due to be released in the second half of 2005, and it will have better tools for provisioning and managing partitions. It is unclear how the NetBSD project will absorb these changes, but NetBSD 3.0 is expected around the middle of 2005. The project says that they plan to try to get one big release of NetBSD out the door once a year going forward.

Notes:
  • Those pages are written by people for whom English is not a native language. Some amount of grammar and spelling errors should be expected.
  • This is a Spartan WHYFF (We Help You For Free) site. It cannot replace the best teachers and the best books.
  • The site contain some obsolete pages as it develops like a living tree... Some links on older pages are broken. Please try to use Google, Open directory, etc. to find a replacement link (see HOWTO search the WEB for details). We would appreciate if you can mail us a correct link.

Search Amazon by keywords:

 Google   
Open directory
Research Index
 

Old News ;-)

2009 2008 2007 2006 2005 2004 2003 2002 2001 2000

[Mar 19, 2008]  Technology - Open source’s green claims by Sam Hiser

Published: March 19 2008 |  FT.com

The combination of free software from the likes of Linux and GNU with virtualisation – which maximises computing efficiency – is a compelling proposition. It offers lower costs, flexibility and greater efficiency, plus environmental benefits

Bogamil Balkansky, chief of product marketing at VMWare, the leading virtualisation vendor, agrees that vitualisation is inherently green. “It helps shrink the physical footprint and the energy footprint,” he says. “For every application running virtually, the data centre saves about 7,000 kilowatt-hours a year.”

With virtual machine technology, application workloads can be consolidated to fewer servers and they can be moved around, closed down, opened up and re-provisioned remotely with remarkable ease.

Until now, PCs and servers have been vastly over-provisioned because of software inflexibility and the need to maintain some leeway in hardware resources.

Mike Grandinetti, chief marketing officer of Virtual Iron and senior lecturer at MIT’s Sloan School of Management, says: “Average server capacity utilization is between 4 and 7 per cent.” Experts say we might expect long-term capacity utilization above 50 per cent, and well beyond that for some applications, but the virtualisation trend is only just getting started.

IBM is curing its own server sprawl in a big green effort to shrink 3,900 servers down to 33 z10 mainframes. “One z10 is equivalent to 1,500 standard Intel x86 servers; it takes up 85 per cent less space and uses 85 per cent less power,” says David Gelardi, IBM’s vice-president of mainframes and high performance computing.

The project is focused on migrating IBM’s internal Unix applications to applications running in virtual machines upon zLinux, which supports either Red Hat Enterprise Linux (RHEL 4 or 5) or Novell’s Suse Linux Enterprise Server (SLES 9 or 10) as host.

Alongside server consolidation, GNU/Linux and virtualisation are driving the Web 2.0 trend, which sees businesses using the internet to interact with customers and the wider public.

Companies such as Google, Ebay, Amazon and MySpace use GNU/Linux to drive their services and many use virtual machine technology to provision applications efficiently and allocate hardware resources for customers.

There is hardly any debate that by 2018 IT will consume more aggregate kilowatt-hours than it did in 2008, but by then data centres will do so much more and desktops so much less.

Mr Grandinetti of Virtual Iron says: “There will be an explosion in services without an explosion in energy consumed.”

Microsoft's Ballmer On Windows Server, Yahoo, Linux -- Microsoft -- InformationWeek

InformationWeek: I think you see VMware aggressively courting virtualization customers. Customers that I've spoken with are saying Microsoft is definitely coming from behind here. You mentioned it on stage here. There's Hyper-V's delay. Does Microsoft's entrance now into the virtualization space put it at a disadvantage in the virtualization world?

Ballmer: The choice is, you know, to be first to have share or not. I guess I prefer to be first to have share. Now, you've got to remember, this market has barely been scratched, less probably in the install base -- less than 5% of all systems run virtually. Virtualization is way too complicated, way too expensive today for people to take advantage of it, and it's way too isolated from the rest of everything that happens in application development to data center deployment and operations. That's not my way of criticizing, it's just if we're going to get -- if the phenomenon is going to fully take effect, then we've got to democratize it. That might be VMware, [but] they haven't shown moves in that direction. Somebody could argue it might be one of the open source alternatives. I like what we've got. I think we pay out on those problems.

That doesn't mean the other guys are going to go away. Obviously we recognize that fact and we provide good interoperability with VMware's virtual machine. But I don't think -- there's a simplicity with performance, with management, integrated management, with everything else, I think we're going to make a real difference. Sure, I wish we had everything we're announcing now and shipping this year a year ago, sure. Two years ago? Sure. But, believe me. We're going to make a big difference.

[Nov 12, 2007] Oracle’s virtual challenge to Windows and Red Hat

Matthew Aslett, November 12, 2007
 
VMware’s share price may have taken a hit following the launch of Oracle VM but the product has wider implications in the software market. To some extent it is a software appliance play: like Raw Iron without the iron. This question and answer from the Q&A says it all:

“Does Oracle VM require a host operating system?
No. Oracle VM installs directly on server hardware and does not require a host operating system.”

Oracle VM comes with pre-configured virtual machine images of Oracle Database and Oracle Enterprise Linux and is designed to install directly on the server hardware. It’s no surprise to find that the product is a development of the Unbreakable Linux group within Oracle. This makes sense given that it is based on Xen and a lot of Oracle’s Xen expertise is within the Unbreakable group, but also because it further disrupts the relationship between customers and their operating system suppliers.

The target of Raw Iron was eradicating the layer of Microsoft Windows that stood between Oracle and its customers’ hardware. Oracle VM targets both Windows and Red Hat Enterprise Linux. Sure, you can run both as guest operating systems on Oracle VM, but the customer’s first port of call becomes Oracle. Whether the offering will make much of an impact outside Oracle-heavy environments remains to be seen, however.

[Oct 25, 2007] Virtualization Decreases Security

'You are absolutely deluded, if not stupid, if you think that a worldwide collection of software engineers who can't write operating systems or applications without security holes, can then turn around and suddenly write virtualization layers without security holes.'

ParaFan writes "In a fascinating story on KernelTrap, Theo de Raadt asserts that while virtualization can increase hardware utilization, it does not in any way improve security. In fact, he contends the exact opposite is true:

'You are absolutely deluded, if not stupid, if you think that a worldwide collection of software engineers who can't write operating systems or applications without security holes, can then turn around and suddenly write virtualization layers without security holes.'

de Raadt argues that the lack of support for process isolation on x86 hardware combined with numerous bugs in the architecture are a formula for virtualization decreasing overall security, not increasing it."

VMware Communities- ESX 3.0.1 Guests Freeze ...

Interesting term: Purple Screen of Death (VMware ESX server crash). In this case all you virtual instances are hosed and you have a small man-man disaster in your hands if there are more then 3 production instances on the server. 

[Aug 02, 2007] XenSource's Simon Crosby speaks out by Manek Dubash

"For virtualization to be prolific, there has to be a step up in terms of know-how. "

August 02, 2007 | Techworld

Open source virtualization developer XenSource has just inked a deal with Symantec to collaborate on embedding Veritas Storage Foundation into XenEnterprise, and delivering HA/DR and backup technology to XenSource's customers. In the wake of that deal, founder and CTO Simon Crosby was in London recently to explain the background to the deal. He also delivers his trenchant thoughts on the future of the virtualization industry -- and launches a serious critique of VMware and even of business partner Microsoft.

Q: How do you see the future of the virtualization market? A: The world has created a new Microsoft -- there's a monster embedded in our industry. So the market is starting to crystallize, partly as a consequence of the way that VMware is building its company. They just want to sell more and more, and it's starting to step on people's toes.

Q: Is VMware really that horrible? A: Unlike VMware, Microsoft doesn't compete with its channel but leaves room for an ecosystem. It's a superb platform player. Microsoft is very conscious of its scale and leaves pockets of $100m markets around for its partners. Our relationship with Microsoft is strong, will remain strong, and strengthens every day. Microsoft has been a very supportive partner.

The chink in VMware's armor is the weakness of its ecosystem -- all its partners are under threat. That said, I wouldn't fault VMware entirely. VMware has grown very fast -- they had to do that so I can't fault them for it, but no-one's making money out of VMware. There's a general sense of unease.

Q: Will virtualization technology be absorbed into the OS? A: There's plenty of scope for development. Microsoft's Viridian feature set has been slashed because the features in the kernel of Server 2008 were fixed and there was otherwise an overlap between it and Viridian. And Red Hat and Novell haven't done much with Xen yet. None of the virtualization platforms are anything but a way of virtualizing themselves.

We have managed to benefit from relationships on both sides. Open source is a very clearly articulated argument -- it's about aligning a community around a common codebase. Some of the open source software (OSS) vendors compete with each other not with the bigger guys. OSS generates pull-through because the customers get a richer set of services -- it's a longer term play. We believe that the virtualization engine is a standard, commoditized product that has to be open. It must address a range of CPUs, and have a big hardware footprint.

It's also important not to make it the whole product so others get an incentive to take it to market. We don't do an ESX [VMware's flagship product] -- that's a car not an engine -- because an engine is more flexible, you can use it anywhere and it gives space for others to develop, and they have financial incentives to do so.

Q: Why is Microsoft not perceived as the big Satan now? A: The consent decree has changed things -- there are 1,400 lawyers at Microsoft. In every conversation with them we find they're absolutely egalitarian about access to APIs. They have huge market control but they realize they have to embrace and manage open source. That means they have to interoperate and work with it, because they know they can't eliminate it -- the world's changed. Also they're huge so their ability to innovate gets clogged up, which leaves tons of space for others to innovate -- they've learned to cooperate with others in markets they can't get to.

Also, I think in terms of the scale of everything Microsoft does, virtualization is only a minor project in a monster organization. Virtualization has become the major shaping force in the industry -- and they [Microsoft] said that they thought that more VMs meant more revenue but they're changing that as customers need to know that it's OK to start Windows in a VM.

Q: Will this change? A: I don't know where they're going with this -- it could be that things are taking longer. The policy is rational but they haven't communicated that to the market yet. It's a huge opportunity for someone to be make a product to manage licensing -- using technology used for DRM and licensing so that you know how long an OS has run etc. It would need to be an independent verifiable source for legal licensing.

Q: Will Xen continue to use the same technology in future -- in other words, para-virtualization? A: Para-virtualization is an awful name: if someone asks what would you rather have, full virtualization or para-virtualization, what's your answer? The aim was to encourage OS vendors to make the OS ready for virtualization -- but 95 percent of applications and OSes are legacy, unvirtualized.

Para-virtualization is relevant in another content -- we use para-virtualized I/O and timers etc by inserting drivers etc into Windows to get a fast stack working. From a product perspective, it means the guest automatically installs the right software and it just works. We hook into the HAL and get the best performance.

But most of the OSes aren't para-virtualized -- there's only RHEL 5 and SLES 10. The important thing is that in future every OS will be ready to run on a hypervisor. [Intel's] VT gives us everything else.

Q: How do you see virtualization evolving over the next two years? A: Hardware vendors will certify the hypervisor and it's up to the customer to do everything else. Customers want to virtualized everything else because the savings are so huge -- the confidence in virtualization is high but it's too complex for the average guy.

On the client, virtualization technology has to be invisible and work using [management] technology such as Intel's vPro. There also has to be a viable ecosystem or it's a niche product.

The world will break into two camps: VMware, where you add more features and sell more software, or open source. We're just a great component -- we do a fantastic job of server virtualization working with best of breed partners -- we plug into storage virtualization and it all works.

We have agreements with people such as Stratus and Marathon -- there's lots we've not announced yet. Virtualization will be another category of IT admin -- you'll find virtualization specialists much as you have database specialists etc now.

Q: What about skill sets? A: Lack of skill sets is a major barrier to take-up. We have over 300 certified partners, over 500 certified trained partner engineers worldwide who train the trainers -- we have a course that partners can resell. For virtualization to be prolific, there has to be a step up in terms of know-how.

[Sep 25, 2007] Container-based Operating System Virtualization: A Scalable, High-performance Alternative to Hypervisors Stephen Soltesz, Herbert P¨otzl , Marc E. Fiuczynski, Andy Bavier, and Larry Peterson Princeton University, fsoltesz,mef,acb,llpg@cs.princeton.edu
Linux VServer Maintainer herbert@13th oor.at

An important paper comparing performance of para-virtualization approaches (eg Xen) with OS-level virtualization (jails).  The authors shows that jail-style virtualization has tremendous advantages in typical scenarios.

Hypervisors, popularized by Xen and VMware, are quickly becoming commodity. They are appropriate for many usage scenarios, but there are scenarios that require system virtualization with high degrees of both isolation and efficiency. Examples include HPC clusters, the Grid, hosting centers, and PlanetLab. We present an alternative to hypervisors that is better suited to such scenarios. The approach is a synthesis of prior work on resource containers and security containers applied to general-purpose, time-shared operating systems. Examples of such container-based systems include Solaris 10, Virtuozzo for Linux, and Linux- VServer. As a representative instance of container-based systems, this paper describes the design and implementation of Linux-VServer. In addition, it contrasts the architecture of Linux-VServer with current generations of Xen, and shows how Linux-VServer provides comparable support for isolation and superior system efficiency.

[Aug 26, 2007] How To Use NTFS Write Support (ntfs-3g) On Fedora 7

Write access to NTFS permits some using it virtual machines

"Normally Linux systems can only read from Windows NTFS partitions, but not write to them which can be very annoying if you have to work with Linux and Windows systems. This is where ntfs-3g comes into play. ntfs-3g is an open source, freely available NTFS driver for Linux with read and write support. This tutorial shows how to use ntfs-3g on a Fedora 7 desktop to read from and write to Windows NTFS drives and partitions.

See also:

How To Use NTFS Drives/Partitions Under Ubuntu Edgy Eft
Our-Picks: Access Your Linux Partitions Under Windows(Mar 05, 2007)

IBM To Support Xen Virtualization Software For Suse 10 Linux -- Virtualization -- InformationWeek

[Jul 14, 2006] IBM To Support Xen Virtualization Software For Suse 10 Linux -- Virtualization -- InformationWeek By Charles Babcock

July 14, 2006 06:00 PM  | InformationWeek

IBM said Friday it will support Novell's Suse 10 Linux and Xen virtualization on its IBM's BladeCenter and other x86 hardware. It will also allow management of Xen virtual machines under its Virtualization Engine. That allows IBM customers to use familiar IBM management software to provision and manage multiple Xen virtual machines.

Xen can convert a low-cost Intel or AMD processor-based server into multiple virtual machines, each running a separate application. As freely available open-source code, Xen is expected to play a major role in server consolidation over the next few years. A consolidated server running six or seven applications will achieve far higher utilization rates than one running a single application.

IBM support is a plus for Novell, which is getting Linux out the door with Xen ahead of its competitor, Red Hat. Both have announced support for Xen on their future Linux distributions. Novell on its Web site says it's putting "the final touches" on its Suse 10 distribution.

Red Hat plans to offer a distribution including Xen 3.0 late this year. IBM says the company will support Xen running on Red Hat Linux when Red Hat gets its distribution out containing Xen 3.0.

Xen was originally developed at Cambridge University in England, and its originators formed XenSource, a commercial company, to provide technical support for its adoption.

As a more mature Xen version 3.0 approached release last year, the virtualization market leader, VMware, made a bid to compete with the open-source code by making VMware Server, a base-level, single-server virtualization product, available free. VMware, an independent business unit of EMC, reported revenues of $157 million in its second quarter of 2006, a growth rate of 73%. If revenues continue at that pace for four quarters, VMware will become a $630 million-a-year software company. EMC hasn't previously broken out revenue figures for VMware.

IBM, HP, and Sun Microsystems(SUNW) are lined up behind open-source Xen as a way of bidding for part of the burgeoning virtualization software revenues currently commanded by VMware.

[Mar 31, 2007] Virtualization with coLinux

Probably the fastest way to run Linux under Windows. It works (you need to connect to virtual mashine via VNC -- no screen sharing).

Virtualization with VMware, Xen, and Kernel-based Virtual Machine (KVM) are all the rage these days. But did you know that you can run Linux cooperatively with Microsoft Windows? This article explores Cooperative Linux (coLinux), starting with a quick introduction to virtualization and then looking at the approach taken by coLinux. You'll also see how to get coLinux up and running on Windows.

Sys Admin v16, i04 Navigating the System Virtualization Maze -- Part 1

For systems virtualization, products and product marketing have given us several variations on the theme of "one system pretending to be many systems". These can be segregated into several categories, as follows.

[Mar 10, 2006] Red Hat to up the virtualization price war ante

February 14th, 2007 ZDNet.com

Red Hat plans to squeeze VMware on pricing as it bundles virtualization technology with its operating system.

... Crenshaw argues that with current VMware software a customer buys software from VMware and then has to buy more operating system licenses for each instance virtualized. By combining the operating system–in this case Red Hat–with virtualization technology those additional licenses aren't necessary.

...Red Hat will also aim to simplify pricing with virtualization. "We will have everything you need to virtualize your environment into one SKU. It will be much more economical than buying separate components," says Crenshaw.

Red Hat's target is pretty clear. For instance, VMware Infrastructure 3 comes in three editions–starter, standard and enterprise–with prices ranging from $1,000 per two processors to $5,750. Support and upgrade subscriptions boost those totals.

[Mar 10, 2006] Techworld.com - OS and Servers Insight - Linux-kernel virtualisation -- finally on the fast track

...KVM appears to be on the fast path. This project first surfaced in October 2006; it found its way into the 2.6.20 kernel a few months later. On 25 February, KVM 15 was announced. This release has an interesting new feature: live migration. The speed with which the KVM developers have been able to add relatively advanced features is impressive; equally impressive is just how simple the code that implements live migration is.

KVM starts with a big advantage over other virtualisation projects: it relies on support from the hardware, which is only available in recent processors. As a result, KVM will not work on the bulk of currently deployed systems. On the other hand, designing for future hardware is often a good idea -- the future tends to come quickly in the technology world.

By focusing on hardware-supported virtualisation, KVM is able to concentrate on developing interesting features to run on the systems that companies are buying now.

The migration code is built into the QEMU emulator; the relevant source file is less than 800 lines long.

[Mar 09, 2006] Slashdot Virtualization Is Not All Roses

[Mar 2, 2007] Five tips for getting started with server virtualization

You need to calculate saving to avoid spending more money then with an old solution. Also large servers are really expensive so hardware saving might be illusionary. You should always consider blades as an alternative.
The big day arrives -- after months of planning