Softpanorama (slightly skeptical) Open Source Software Educational Society

May the source be with you, but remember the KISS principle ;-) Softpanorama Search

Virtual Machines
as a Special Class of Operating Systems

Virtualization was pioneered by IBM with its ground breaking VM/CMS.  Also IBM mainframe hardware was the first virtualization friendly hardware (IBM and HP virtualization):

Contrary to what many PC VMWARE techies believe, virtualization technology did not start with VMWARE back in 1999. It was pioneered by IBM more than 40 years ago. It all started with the IBM mainframe back in the 1960s, with CP-40, an operating system which was geared for the System/360 Mainframe. In 1967, the first hypervisor was developed and the second version of IBM's hypervisor (CP-67) was developed in 1968, which enabled memory sharing across virtual machines, providing each user his or her own memory space. A hypervisor is a type of software that allows multiple operating systems to share a single hardware host. This version was used for consolidation of physical hardware and to more quickly deploy environments, such as development environments. In the 1970s, IBM continued to improve on their technology, allowing you to run MVS, along with other operating systems, including UNIX on the VM/370. In 1997, some of the same folks who were involved in creating virtualization on the mainframe were transitioned towards creating a hypervisor on IBM's midrange platform.

One critical element that IBM's hypervisor has is the fact that virtualization is part of the system's firmware itself, unlike other hypervisor-based solutions. This is because of the very tight integration between the OS, the hardware, and the hypervisor, which is the systems software that sits between the OS and hardware that provides for the virtualization. In 2001, after a four-year period of design and development, IBM released its hypervisor for its midrange UNIX systems, allowing for logical partitioning. Advanced Power Virtualization (APV) shipped in 2004, which was IBM's first real virtualization solution and allowed for sharing of resources. It was rebranded in 2008 to PowerVM.

As Intel CPU got traction everything was that were invented for other CPUs was reinvented for Intel. In 1998 VMware built VMware Workstation, which ran on a PC despite the fact that Intel CPu did not directly supported virtualization at this time.

The first mass deployment was not servers but "legacy desktop applications". Enterprises needed a way to run old applications when moving to new PCs and VMware provided a very good path. This was one can run Windows 9X in a virtual machine while running XP as the main desktop.

Later this was also used to run linux on the same Pc as Windows. This was very convenient for various demo and such configuration became holy grail of all types of consultants.

The latest Holy Grail of  large corporate IT is server consolidation. In an attempt to lower the costs of IT infrastructure many companies are looking to achieve this via server virtualization. Of course you cannot defy gravity with virtualization: you still a single challenge to RAM and with several OS running concurrently it can became a bottleneck. Still the idea is to consolidate small and not very loaded servers into fewer and larger as well as more heavily-loaded physical servers was a sound one.  Typically large enterprise runs dozens of servers that just circulate air, sometime in a very exact sense of this word. But here is it very important to avoid excessive zeal. If overdone this can bring up a whole new set of complications, however, as there is no free lunch.  But in moderation this new trend that lead to  called conversion of  "low load" servers into set of  Virtual Machines. this is a win-win situation. It is quite beneficial for environment and for the enterprize as it opens some additional, non-foreseen avenues of savings.  Please note that the price of servers grow very fast beyond midrange servers and, say, an Intel server that cost $35 will never be able to replace 7 reasonably loaded low end servers. But if they are not loaded or systematically loaded below 0.1 at can be a very good fit. 

Also if done intelligently virtualization can probably squeeze the number of the low end servers in a typical datacenter 30-50% and that also lead to some modest maintenance cost savings as well as electricity and air-conditioning related savings (low end servers as very wasteful as for electricity and add considerable to air-conditioning costs as their power supplies are very inefficient).  

Saving on hardware is more questionable as low level servers represent the most competitive segment of server market with profit margins squeezed to minimum; the margins are generally much larger of mid-range and high end servers.  In other words margins on midrange servers and high-end servers work against virtualization.

At the same time the heavy reliance on virtualized servers for production applications, as well as the task of managing and provisioning them, are fairly new areas in the "new brave" virtualized IT world and both need special software solutions. That increases the importance of Tivoli and other ESM applications. Virtualization has changed configuration management, capacity management, provisioning, patch management, back-ups, and software licensing. It is inherently favorable toward open source software and OS solutions. It also opens a lot of new possibilities in saving time on administration, electricity savings as well as makes some impressive feats like dynamic migration of a virtual instance from one (more loaded) physical server to another (less loaded) possible.

Major Types of Virtualization

We can distinguish the following five different types of virtualization:

• Super-heavy-weight
• Heavy-weight
• Medium-weight  (para-virtualization)
• Light-weight virtualization
• Blades

Super-heavy-weight

This is hardware domain-based virtualization that is used only on high-end servers. Domain can, essentially, be called  "blades with common memory and I/O devices". Those "blades on steroids" are probably the closest thing on getting more power from a singe server without related sacrifices in CPU, memory access and I/O speed, sacrifices that are typical for all other virtualization solutions. Of course there is no free lunch and you need to pay for such luxury.  Sun is the most prominent vendor of such servers (mainframe class servers like E15K, etc are all hardware domain-based).

Access to memory of other domains is slower then to local memory so those systems are closer to NUMA.

Heavy-weight

By heavy-weight virtualization we will understand full hardware virtualization.

IBM calls it LPARs and is currently the king of the hill in this area as it pioneered this class of  VM machines in late 60 with the release of famous VM/CMS.  Until recently Power5 based server with AIX were the most battle-tested and reliable virtualized environments based on heavy-weight virtualization concept.  

Still the most popular implementation of this concept currently is VMware and recently it was greatly helped by Intel and ADM who incorporated virtualization extensions in their CPUs.  VMware can run Linux (Red Hat and Suse), Solaris and Windows virtual instances on one physical server and as such is the most versatile solution on this category although IBM Power5 servers still enjoy the advantages of  hardware designed with the virtualization in mind. 

But with Intel quad CPUs available you can have pretty impressive CPU power on a single Intel server and that makes VMware more important as rising tide of Intel server power (as well as AMD competitive efforts to match Intel after its introduction of 5xxx series of CPUs -- Duo and Quattro) lifts all boats.

On newer Intel and AMD CPUs Xen also can run unmodified OS instances making it another heavy-weight virtualization platform.

Sun calls heavy-weight virtual partitions "logical domains"(LDOM) and until recently  preferred hardware-base domains to logical domains. But this stance is changing with the introduction of LDOMs on Sun's T1000 and T2000 Sun Fire servers. The first is low end server and as such is questionable platform for heavy-weight virtualization, the second is actually something in between low end and middle-weight server and can run at least two or may be three virtual partitions with substantial simultaneous loads. I am not sure what is the speed of memory for T2000 but I doubt that it is 1.33GHz. It is probably lower so in this area T2000 is inferior to newer Intel 5xxxx based servers.

Customers that use Solaris 10 11/06 can turn to new hardware being shipped in January or a firmware update on older boxes in order to get LDOMs working on their UltraSPARC T1-based servers. Sun will support up to 32 operating systems per server with the virtualization technology. About differences with LPARs see Rolf M Dietze blog. Among other things he came to the following conclusions:

Sun’s LDoms supply a virtual terminal server, so you have consoles for the partitions, but I guess this comes out of the UNIX history: You don’t like flying without any sight or instruments at high speed through caves, do you? So you need a console for a partition! T2000 with LDoms seems to support this, at IBM you need to buy an HMC (Linux-PC with HMC-software).

With crossbow virtual network comes to Solaris. LDoms seem to give all advantages of logical partitioning as IBMs have, but hopefully a bit faster and clearly less power consumption.

Sun offers a far more open licensing of course and: You do not need a Windows-PC to administer the machine (iSeries OS/400 is administered from such a thing).

A T2000 is fast and has up to 8 cores (32 thread-CPUs) 16GBRam and has a good price and those that do not really need the pure power and are more interested in partitioning.

The Solaris zones have some restrictions aka no NFS/server in zones etc. That is where LDoms come in. That’s why I want to actually compare LDoms and LPARs.

It looks like it becomes cold out there for IBM boxes….

CPU vendors now are paying huge attention to virtualization. All new CPUs are usually "virtualization-friendly" and contain instructions and hardware capabilities that make heavy-weight virtualization more efficient. Intel 5xxx series (Duo and Quattro CPUs) is an example of this class of CPUs among Intel-compatible CPUs.   IBM P5 and Sun UltraSparc T1 are examples among RISK CPUs.

The main advantage of heavy-weight virtualization is almost complete isolation of instances.  You cannot achieve this with any other type of virtualization and here only blades can compete.

Disadvantages are connected with the fact that both CPUs, memory and I/O are shared and you will never get the same speed on high workloads as in case of several standalone servers each with corresponding fraction of CPUs and memory and the same set of applications. Especially problematic is sharing of memory as it might well become a bottleneck before CPU.  Each virtual instance of OS loads pages independently of the other and compete for memory bandwidth. So if, for example,  two virtual instances are simultaneously active and for example are loading modules or data from the disk each can enjoy probably only 2/3 of the memory bandwidth (accesses to memory are randomly spread in time so sum should probably be greater then 100%)  in comparison with a standalone system.  In other words you lose approximately 1/3 of memory bandwidth by jumping into virtualization bandwagon.  That's why heavy-weight virtualization behaves bad on memory intensive applications. Users of IBM Power5 servers and AIX 5.3 (probably are the best and the most widely used commercial heavyweight virtualization platform) know that all too well. 

As memory channel is shared between all virtual instances heavy-weight virtualization is best suited for Web and e-commerce workloads.

That probably means that other things equal you should strive for the fastest memory and the best designed memory bus (Opteron has better memory bus then Intel CPUs). That's probably why new 5xxx series of CPU that support 1.3Ghz memory significantly improves the performance of the VMware (see Dell paper about the improvements achieved).  

Both memory speed and CPU power can became bottlenecks as they are shared between all active virtual instances of OS.  The presence of a full non-modified version of an OS for each partition introduces significant drag on resources (both memory and CPU-wise).  I/O load can be diminished by using a separate controller for OS partitions and multiple controllers on the server. Still in some deep sense heavy-weight partitioning is inefficient and will always waist significant part of server resources.

In IBM Power-based server world "binary" deployments when a single server host two application in two different LPARs are common pretty popular and behave reasonably well. Taken to the extreme this approach guarantee 50% reduction of all physical servers. Larger number of applications on a single server are possible, but more tricky: such virtual server need careful planning as it faces memory bottleneck and CPU power bottleneck, especially painful if  "rush hours" are the same for both applications.  We need to understand that a larger server with two CPU and 8G of memory split equally between two partitions will always be less efficient then two several servers with one CPU and 4G of memory if speed of memory and speed of CPU are equal. As an alterative to heavy-weight partitioning see blade servers discussion below.

This approach is important for running legacy applications like application for SunOS 4.x as well as few linux applications that makes sense to run of Linux instead of Solaris  but that need to run on the same server.

Medium-weight  (para-virtualization)

Para-virtualization is a variant of native virtualization, where the VM (hypervisor) emulates only part of hardware and provides a special API requiring OS modifications. The most popular representative of this approach is Xen  with AIX as a distant second:

With Xen virtualization, a thin software layer known as the Xen hypervisor is inserted between the server’s hardware and the operating system. This provides an abstraction layer that allows each physical server to run one or more “virtual servers,” effectively decoupling the operating system and its applications from the underlying physical server.

Therefore only specially modified for Xen versions on OS can run in virtual mode.  Work on Xen has been supported by UK EPSRC grant GR/S01894, Intel Research, HP Labs and Microsoft Research (Yes, despite naive Linux zealots wining Microsoft did contributed code to Linux ;-).  Other things equal it provides higher speed and less overhead then native virtualization. NetBSD  was the first to implement Xen.  Currently the key platform for Xen is linux with Novell supporting it in production version of Suse. Red Hat does not support it in RHEL 4 but is expected to support in RHEL 5 somewhere in 2007. Sun Solaris 10 for x86 also have Xen support (currently in beta with production version in early 2007).

Xen is now sold commercially by IBM; Sun will have Xen compatible version of Solaris in mid 2007. SPARC has separate implementation that will be released in late 2007 and two implementations re expected to  merge in the future).  

The main advantage of Xen is that it supports live relocation capability. It is also more cost effective solution the VMware that is definitely overpriced.

The main problem is that para-virtualization requires OS kernel modification to be aware of the environment it is running and pass control to hypervisor in case of executing all privileged instructions. Therefore  it is not suitable for running legacy OSes and for running Microsoft Windows (although Xen can run it in newer 51xx CPU series)

Para-virtualization improves speed in comparison with heavy-weight virtualization (much less context switching), but does little beyond that. It is unclear how much faster is para-virtualized instance of OS in comparison with heavy-weight virtualization on "virtualization-friendly" CPUs.  Xen page claims that:

Xen offers near-native performance for virtual servers with up to 10 times less overhead than proprietary offerings, and benchmarked overhead of well under 5% in most cases compared to 35% or higher overhead rates for other virtualization technologies.

It's unclear was this difference measured of old Intel CPU or new 5xxx series that support virtualization extensions. I suspect the difference on newer CPUs should be smaller. 

I would like to stress it again that the level of modification OS is very basic and important idea of factoring out common functions like virtual memory management that was implemented in classic VM/CMS is not utilized.  Therefore all the redundant processing typical for heavy-weight virtualization is present in para-virtualization environment.

Note:  Xen 3.0 and above support both para-virtualization and full (heavy-weight) virtualization to leverage the built-in hardware support built into the Intel-VT-x and AMD Pacifica processors. According to XenSource Products - Xen 3.0 page:

With the 3.0 release, Xen extends its feature leadership with functionality required to virtualize the servers found in today’s enterprise data centers. New features include:

• Support for up to 32-way SMP guest
• Intel® VT-x and AMD Pacifica hardware virtualization support
• PAE support for 32 bit servers with over 4 GB memory
• x86/64 support for both AMD64 and EM64T

Light-weight virtualization

This type of virtualization was pioneered in Free BCD (jails) and was further developed by Sun and introduced in Solaris 10 as concept of Zones.  There are various experimental add-ons of this type for Linux but none got any prominence.

In Solaris 10 11/06, the next build of the operating system that will be released at the end of November, admins will be able to clone a Zone as well as relocate it to another box, through a feature called Attach/Detach. Also now it is possible to run Linux applications in zones on X86 servers (branded zones).  The key advantage is that you have a single instance of OS so the price that you paid in case of heavy-weight virtualization is waived. That means that light-weight virtualization is the most efficient resources-wise. It also has great security value. Memory can become a bottleneck here as all memory accesses are channeled via a single controller.

IBM's "lightweight" product would be "Workload manager" for AIX which is an older (2001 ???)and less elegant technology then BSD Jails and Solaris zones:

Current UNIX offerings for partitioning and workload management have clear architectural differences. Partitioning creates isolation between multiple applications running on a single server, hosting multiple instances of the operating system. Workload management supplies effective management of multiple, diverse workloads to efficiently share a single copy of the operating system and a common pool of resources

IBM lightweight virtualization operates under a different paradigm with the most close thing to zone being a "class". The system administrator (root) can delegate the administration of the subclasses of each superclass to a superclass administrator (a non-root user). Unlike zones classes can be nested:

The central concept of WLM is the class. A class is a collection of processes (jobs) that has a single set of resource limits applied to it. WLM assigns processes to the various classes and controls the allocation of system resources among the different classes. For this purpose, WLM uses class assignment rules and per-class resource shares and limits set by the system administrator. T he resource entitlements and limits are enforced at the class level. This is a way of defining classes of service and regulating the resource utilization of each class of applications to prevent applications with very different resource utilization patterns from interfering with each other when they are sharing a single server.

Blades

Blade servers are an increasingly important part of the enterprise datacenters, with consistent double-digit growth easily outpacing the overall server market. IDC estimated that 500,000 blade servers were sold in 2005, or 7% of the total market, with customers spending $2.1 billion.

While blades are not virtualization in pure technical sense, the rack with blades (bladesystem) possesses some additional management capabilities that are not present in stand-alone U1 servers and in modern versions usually have shared I/O channel to NAS.  They can be viewed as "hardware factorization" approach to server construction which is not that different from virtualization.  The first shot in this direction is the new generation of bladesystems like IBM BladeCenter H system has offered I/O virtualization since February, 2006 and HP BladeSystem c-Class. The latter offers better server management, virtualization and saves up to 30% power in comparison with rack mounted 1U servers with identical CPU and memory configurations.

Sun also offers blades but it is a minor player in this area.  It offers pretty interesting and innovative Sun Blade 8000 Modular System  which target higher end that usual blade servers.  Here is how Cnet described the key idea behind the server if the article Sun defends big blade server 'Size matters':

Sun co-founder Andy Bechtolsheim, the company's top x86 server designer and a respected computer engineer, shed light on his technical reasoning for the move.

"It's not that our blade is too large. It's that the others are too small," he said.

Today's dual-core processors will be followed by models with four, eight and 16 cores, Bechtolsheim said. "There are two megatrends in servers: miniaturization and multicore--quad-core, octo-core, hexadeci-core. You definitely want bigger blades with more memory and more input-output."

When blade server leaders IBM and HP introduced their second-generation blade chassis earlier this year, both chose larger products. IBM's grew 3.5 inches taller, while HP's grew 7 inches taller. But opinions vary on whether Bechtolsheim's prediction of even larger systems will come true.

"You're going to have bigger chassis," said IDC analyst John Humphries, because blade server applications are expanding from lower-end tasks such as e-mail to higher-end tasks such as databases. On the more cautious side is Illuminata analyst Gordon Haff, who said that with IBM and HP just at the beginning of a new blade chassis generation, "I don't see them rushing to add additional chassis any time soon."

Business reasons as well as technology reasons led Sun to re-enter the blade server arena with big blades rather than more conventional smaller models that sell in higher volumes, said the Santa Clara, Calif.-based company's top server executive, John Fowler. "We believe there is a market for a high-end capabilities. And sometimes you go to where the competition isn't," Fowler said.

As a result of such factorization more and more functions move to the blade enclosure. As a result power consumption improves dramatically as blades typically use low power dissipating CPUs and all blades typically share the same power supply that in case of full or nearly full rack permits power supply to work with much greater power efficiency (twice of more efficient then on a typical server). That cuts air conditioning costs too. also newer blades monitor air flow and adjust fans accordingly. As a result energy bill can be half of the same amount of U1 servers.  

Blades generally solves the problem of lack of CPU power typical for most types of virtualization except domain-based, and with the current price of memory it solves the memory latency problem. Think about them are predefined partitions with fixed amount of CPU and memory. Dynamic swap of images between blades is possible.  Some I/O can be local and with high speed solid drives very reliable and fast. That permits offloading OS-related IO from application related I/O.

Major vendors support

Among major vendors:

• IBM competes  in all categories:
  • Super-heavy-weight  
    • POWER systems, which can run partitions with electrical isolation but this is not widely used. Still that fits  "super-heavyweight" category as defined above.
  • Heavy-weight
    • Mainframes. Classic VM implementation is still famous IBM's VM/CMS  That was the first successful commercial virtualization product that was created when almost nobody even thought about virtualization.
    • Power 5 and 6 Logical partitions (LPARs) fit the "heavyweight" category and are extremely popular with AIX users (the technology  originated in classic IBM VM on System 3xx architecture which was the first successful "heavy-virtualization" implementation).  See P5  virtualization
       
  • Medium-weight  (para-virtualization)   IBM sells servers with XEN preinstalled. 
  • IBM is weal in light-weight virtualization and missed the train. They will catch it with AIX 6.
  • IBM blade servers are slightly behind HP blades in factorization but not by much
     
• Sun now competes in all five categories but its presence in heavyweight category is simply symbolic as only recently this capability was made available.  Sun blade servers can mix and match both UltraSparc and Opteron-based blades.
   
• Microsoft competes mainly in two categories (heavy-weight virtualization and para-virtualization)
   
• FreeBSD in just one category (light-weight virtualization) but it pioneered this category.
   
• Linux vendors compete mainly in one category (para-virtualization using Xen).

Conclusions

There is no free lunch and virtualization is not panacea. It increases the complexity of environment and put severe stress of a single server that host multiple instances on virtual machines. Failure of this server lead to failure of all instances.

Therefore the natural habitat of virtualization is development, test and stage servers as well as almost idle servers that servers various enterprise consoles and similar low CPU intensive applications (Web servers and e-commerce servers).

At the same time virtualization opens new capabilities and sometimes it make sense to run a single instance of virtual machine on the server to get such advantages as on the fly relocation of instances, virtual images manipulation capabilities, etc. With technologies like Xen that claims less then 5% overhead that approach becomes feasible. "Binary servers" -- servers that host just two applications also look very promising.  

Migration of  rack-mounted servers to  blade servers is the most safe approach to server consolidation. Managers without experience of work in partitioned environment shouldn’t underestimate what their administrators need to learn and the set of new problems that virtualization creates  One good advice is "Make sure you put the training dollars in."

There are also other problems. A lot of software vendors won’t certify applications as virtual environment compatible, for example VMware compatible. In such cases running the application in virtual environment means that you need to assume the risks and cannot count on vendor tech support to resolve your issues.

All-in all virtualization is mainly played now in desktop and low end servers space. It make sense to proceed slowly testing the water before jumping in. Those that have adopted virtualization have, on average, only about 20% of their environment virtualized, according to IDC. VMware pricing structure is a little bit ridiculous and nullifies hardware savings, if any. Their maintenance costs are even worse.  That means that alternative solutions like Xen3 or Microsoft should be considered on Intel side and IBM and Sun on Unix side. As vendor consolidation is ahead if you don’t have a clear benefit from virtualization today, you can wait or limit yourself to "sure bets" like development, testing and staging servers.  The next version of Windows Server will put serious pressure on VMware in  a year or so. Xen is also making progress with IBM support behind it. With those competitive pressures, VMware could become significantly less expensive in the future.

VMs are also touted as a solution to the computer security problem. It's pretty obvious that they can improve security. After all, if you're running your browser on one VM and your mailer on another, a security failure by one shouldn't affect the other. If one virtual machine is compromised you can just discard it and create an fresh image. There is some merit to that argument, and in many situations it's a good configuration to use. But at the same time the transient nature of Virtual Machines introduces new security and compliance challenges not addressed by traditional systems management processes and tools. For example virtual images are more portable and possibility of stealing the whole OS images and running them on a different VM are very real.  New security risks inherent in virtualized environments need to be understood and mitigated.

Here is a suitable definition taken from the article published in Linux Magazine:

 "(Virtual machines) offer the ability to partition the resources of a large machine between a large number of users in such a way that those users can't interfere with one another. Each user gets a virtual machine running a separate operating system with a certain amount of resources assigned to it. Getting more memory, disks, or processors is a matter of changing a configuration, which is far easier than buying and physically installing the equivalent hardware."

And FreeBSD and Solaris users has their lightweight VM built in the OS. Actually FreeBSD jails, Solaris 10 zone and Xen are probably the most democratic light weight VM.  To counter the threat from free VMs VMware now produces a free version too. VMware Player is able to run virtual machines made in VMware Workstation. There are many free OS's on the website. Most of them are community made. There are also freeware tools for creating VM's, mounting, manipulating and converting VMware disks and floppies, so it is possible to create, run and maintain virtual machines for free (even for commercial use).

Here is how this class of virtual machines is described in Wikipedia

Conventional emulators like Bochs emulate the microprocessor, executing each guest CPU instruction by calling a software subroutine on the host machine that simulates the function of that CPU instruction. This abstraction allows the guest machine to run on host machines with a different type of microprocessor, but is also very slow.

An improvement on this approach is dynamically recompiling blocks of machine instructions the first time they are executed, and later using the translated code directly when the code runs a second time. This approach is taken by Microsoft's Virtual PC for Mac OS X.

VMware Workstation takes an even more optimized approach and uses the CPU to run code directly when this is possible. This is the case for user mode and virtual 8086 mode code on x86. When direct execution is not possible, code is rewritten dynamically. This is the case for kernel-level and real mode code. In VMware's case, the translated code is put into a spare area of memory, typically at the end of the address space, which can then be protected and made invisible using the segmentation mechanisms. For these reasons, VMware is dramatically faster than emulators, running at more than 80% of the speed that the virtual guest OS would run on hardware. VMware boasts an overhead as small as 3%–6% for computationally intensive applications.

Although VMware virtual machines run in user mode, VMware Workstation itself requires installing various drivers in the host operating system, notably in order to dynamically switch the GDT and the IDT tables.

One final note: it is often erroneously believed that virtualization products like VMware or Virtual PC replace offending instructions or simply run kernel code in user mode. Neither of these approaches can work on x86. Replacing instructions means that if the code reads itself it will be surprised not to find the expected content; it is not possible to protect code against reading and at the same time allow normal execution; replacing in place is complicated. Running the code unmodified in user mode is not possible either, as most instructions which just read the machine state do not cause an exception and will betray the real state of the program, and certain instructions silently change behavior in user mode. A rewrite is always necessary; a simulation of the current program counter in the original location is performed when necessary and notably hardware code breakpoints are remapped.

The Xen open source virtual machine partitioning project is picking up momentum since acquiring the backing of venture capitalists at the end of 2004. Now, server makers and Linux operating system providers are starting to line up to support the project, contribute code, and make it a feature of their systems at some point in the future. Work on Xen has been supported by UK EPSRC grant GR/S01894, Intel Research, HP Labs and Microsoft Research. Novell and Advanced Micro Devices also back Xen. See also

While everybody seemed to get interested in the open source Xen virtual machine partitioning hypervisor just when XenSource incorporated and made its plans clear for the Linux platform, the NetBSD variant of the BSD Unix platform has been Xen-compatible for over a year now, and will be as fully embracing the technology as Linux is expected to.

Xen has really taken off since Dec, 2004, when the leaders of the Xen project formed a corporation to sell and support Xen and they immediately secured $6 million from venture capitalists Kleiner Perkins Caufield & Byers and Sevin Rosen Funds.

Xen is headed up by Ian Pratt, a senior faculty member at the University of Cambridge in the United Kingdom, who is the chief technology officer at XenSource, the company that has been created to commercialize Xen. Pratt told me in December that he had basically been told to start a company to support Xen because some big financial institutions on Wall Street and in the City (that's London's version of Wall Street for the Americans reading this who may not have heard the term) insisted that he do so because they loved what Xen was doing.

Seven years ago, Ian Pratt joined the senior faculty at the University of Cambridge in the United Kingdom, and after being on the staff for two years, he came up with a schematic for a futuristic, distributed computing platform for wide area network computing called Xenoserver. The idea behind the Xenoserver project is one that now sounds familiar, at least in concept, but sounded pretty sci-fi seven years ago: hundreds of millions of virtual machines running on tens of millions of servers, connected by the Internet, and delivering virtualized computing resources on a utility basis where people are charged for the computing they use. The Xenoserver project consisted of the Xen virtual machine monitor and hypervisor abstraction layer, which allows multiple operating systems to logically share the hardware on a single physical server, the Xenoserver Open Platform for connecting virtual machines to distributed storage and networks, and the Xenoboot remote boot and management system for controlling servers and their virtual machines over the Internet.

Work on the Xen hypervisor began in 1999 at Cambridge, where Pratt was irreverently called the "XenMaster" by project staff and students. During that first year, Pratt and his project team identified how to do secure partitioning on 32-bit X86 servers using a hypervisor and worked out a means for shuttling active virtual machine partitions around a network of machines. This is more or less what VMware does with its ESX Server partitioning software and its VMotion add-on to that product. About 18 months ago, after years of coding the hypervisor in C and the interface in Python, the Xen portion of the Xenoserver project was released as Xen 1.0. According to Pratt, it had tens of thousands of downloads. This provided the open source developers working on Xen with a lot of feedback, which was used to create Xen 2.0, which started shipping last year. With the 2.0 release, the Xen project added the Live Migration feature for moving virtual machines between physical machines, and then added some tweaks to make the code more robust.

Xen and VMware's GSX Server and EXS Server have a major architectural difference. VMware's hypervisor layer completely abstracts the X86 system, which means any operating system supported on X86 processors can be loaded into a virtual machine partition. This, said Pratt, puts tremendous overhead on the systems. Xen was designed from the get-go with an architecture focused on running virtual machines in a lean and mean fashion, and Xen does this by having versions of open source operating systems tweaked to run on the Xen hypervisor. That is why Xen 2.0 only supports Linux 2.4, Linux 2.6, FreeBSD 4.9 and 5.2, and NetBSD 2.0 at the moment; special tweaks of NetBSD and Plan 9 are in the works, and with Solaris 10 soon to be open-source, that will be available as well. With Xen 1.0, Pratt had access to the source code to Windows XP from Microsoft, which allowed the Xen team to put Windows XP inside Xen partitions. With the future "Pacifica" hardware virtualization features in single-core and dual-core Opterons and Intel creating a version of its "Vanderpool" virtualization hardware features in Xeon and Itanium processors also being made for Pentium 4 processors (this is called "Silvervale" for some reason), both Xen and VMware partitioning software will have hardware-assisted virtual machine partitioning. While no one is saying this because they cannot reveal how Pacifica or Vanderpool actually work, these technologies may do most of the X86 abstraction work, and therefore should allow standard, compiled operating system kernels run inside Xen or VMware partitions. That means Microsoft can't stop Windows from being supported inside Xen over the long haul.

Thor Lancelot Simon, one of the key developers and administrators at the NetBSD Foundation that controls the development of NetBSD, reminded everyone that NetBSD has been supporting the Xen 1.2 hypervisor and monitor within a variant of the NetBSD kernel (that's NetBSD/xen instead of NetBSD/i386) since March of last year. Moreover, the foundation's own servers are all equipped with Xen, which allows programmers to work in isolated partitions with dedicated resources and not stomp all over each other as they are coding and compiling. "We aren't naive enough to think that any system has perfect security; but Xen helps us isolate critical systems from each other, and at the same time helps keep our systems physically compact and easy to manage," he said. "When you combine virtualization with Xen with NetBSD's small size, code quality, permissive license, and comprehensive set of security features, it's pretty clear you have a winning combination, which is why we run it on our own systems." NetBSD contributor Manuel Bouyer has done a lot of work to integrate the Xen 2.0 hypervisor and monitor into the NetBSD-current branch, and he said he would be making changes to the NetBSD/i386 release that would all integrate /xen kernels into it and will allow Xen partitions to run in privileged and unprivileged mode.

The Xen 3.0 hypervisor and monitor is expected some time in late 2005 early 2006, with support for 64-bit Xeon and Opteron processors. XenSource's Pratt told me recently that Xen 4.0 is due to be released in the second half of 2005, and it will have better tools for provisioning and managing partitions. It is unclear how the NetBSD project will absorb these changes, but NetBSD 3.0 is expected around the middle of 2005. The project says that they plan to try to get one big release of NetBSD out the door once a year going forward.

Old News ;-)

[Jan 15, 2010] Migrate to a virtual Linux environment with Clonezilla

Learn how to use the open source Clonezilla Live cloning software to convert your physical server to a virtual one. Specifically, see how to perform a physical-to-virtual system migration using an image-based method.

IBM and HP virtualization

As mentioned, IBM has one virtualization type on their midrange systems, PowerVM, formerly referred to as Advanced Power Virtualization. IBM uses a type-one hypervisor for its logical partitioning and virtualization, similar in some respects to Sun Microsystems' LDOMs and VMWARE's ESX server. Type-1 hypervisors run directly on a host's hardware, as a hardware control and guest operating system, which is an evolvement of IBM's classic originally hypervisor- vp/cms. Generally speaking, they are more efficient, more tightly integrated with hardware, better performing, and more reliable than other types of hypervisors. Figure 1 illustrates some of the fundamental differences between the different types of partitioning and hypervisor-based virtualization solutions. IBM LPARs and HP vPars fall into the first example -- hardware partitioning (through their logical partitioning products), while HP also offers physical partitioning through nPars.

Figure 1. Server virtualization approaches

 

IBM's solution, sometimes referred to as para-virtualization, embeds the hypervisor within the hardware platform. The fundamental difference with IBM is that there is one roadmap, strategy, and hypervisor, all integrated around one hardware platform: IBM Power Systems. Because of this clear focus, IBM can enhance and innovate, without trying to mix and match many different partitioning and virtualization models around different hardware types. Further, they can integrate their virtualization into the firmware, where HP simply cannot or chooses not to.

Migrate to a virtual Linux environment with Clonezilla

Introducing Clonezilla Live

Clonezilla is an open source (GPL) Norton Ghost-like duplication and clone solution that you can use to clone a particular partition or entire disk. There are two releases: Clonezilla SE (server edition) and Clonezilla Live. Clonezilla SE is best suited for backup and restoring multiple servers simultaneously across the network. Clonezilla Live is a more lightweight build for single-machine cloning.

Clonezilla Live is the combination of Debian Live and Clonezilla; it has the following features and benefits:

• It clones only the used blocks on the hard disk.
• It provides multiple file system and even LVM support, including the ext2, ext3, xfs, jfs, and LVM2 under GNU/Linux; FAT, NTFS under MS Windows; and HFS+ under Mac OS.
• You don't need a diskless remote boot server (DRBL) in Linux to set up Clonezilla SE.
• CD/DVD, USB flash/hard drives, and PXE boots are supported.
• There is a customized capability for boot and recovery procedure.

Clonezilla Live uses such existing tools as Partition Image, ntfsclone, partclone, and dd to clone the partition or disk. For unlisted file systems, Clonezilla uses dd to copy all used and unused blocks.

From now on, we'll be creating a virtual machine within VMware Server as the destination for system migration. Make sure that the host environment complies with the VMware Server and guest operating system requirements and limitations. Because the virtual machine will use the same processor as the host as a baseline, it requires that the host environment and the physical server we cloned have compatible types of processors.

First, use the VMware New Virtual Machine Wizard to create the virtual machine. During the process, select the operating system version that matches the cloned one from the physical server. Also, you have to create a virtual disk with the size equal to or larger than the partition where the original cloned system resides, because Clonezilla does not support restoring an image from a large hard disk or partition to a smaller one. During the Clonezilla Live restoration process, however, you are able to restore the image to a large hard disk according to the original disk layout.

Figure 5. Specifying the virtual machine's disk capacity
 
 

Note: The Clonezilla Live kernel might not support the SCSI disk for the earlier VMware Server versions. In this case, when you create the virtual machine, use the IDE type for the virtual disks.

Second, change the virtual CD-ROM device as using the Clonezilla Live ISO image for the virtual machine, as shown in Figure 6.

Figure 6. Using Clonezilla Live ISO image in VM
 
 

Third, put the system image files from the previous section under the host server's second disk, the Partition 0 of PhysicalDrive 1. Because the VMware Server supports the pass-through SCSI drive access on the host system, add another hard disk for the virtual machine with the Partition 0 of PhysicalDrive 1 directly attached in VMware. At the restore phase, this device will be presented to the /home/partimag.

Figure 7. Attaching the partition with system image
 
 

Now that you have a compact virtual machine created, it's time to boot the virtual machine from the Clonezilla Live.

Step 3. Restoring the image onto the virtual machine

After the virtual machine boots up from the Clonezilla Live image, Clonezilla Live has the same GUI-based wizard interface for restoration as for backup until you choose the mode. In this example, we will enter the Debian-based Clonezilla Live shell directly to select a manual restoration.

Figure 8. Clonezilla Live shell

 

To restore the image under the Clonezilla Live shell, you must log on with the root role; then you have full access on the Clonezilla.

Listing 1. Becoming root user
 

user@debian:~$ sudo su - debian:~#

 

Now you need to determine the destination disk for restoration and the disk where the source image is to be placed. Listing 2 shows two local hard disks.

Listing 2. Viewing disk information
 

debian:~# fdisk -l Disk /dev/sda: 42.9 GB, 42949672960 bytes 255 heads, 63 sectors/track, 5221 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Disk identifier: 0x00000000 Disk /dev/sda doesn't contain a valid partition table Disk /dev/sdb: 160.0 GB, 160039272960 bytes 255 heads, 63 sectors/track, 19457 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Disk identifier: 0xa0bea0be Device Boot Start End Blocks Id System /dev/sdb1 1 19457 156288321 7 HPFS/NTFS

The /dev/sda is the virtual disk we created as the restoration destination; it is unformatted. The /dev/sdb is the PhysicalDrive 1 of the host server that we attached to the virtual machine directly in the form of a pass-through SCSI device; we have the cloned system image on it.

To restore the cloned partition image, the destination virtual disk has to be presented to Clonezilla as formatted. You can use the fdisk tool to write the label onto the virtual disk. This procedure is shown in Listing 3.

Listing 3. Format the destination disk
 

# fdisk /dev/sda Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel Building a new DOS disklabel with disk identifier 0xee2955bc. Changes will remain in memory only, until you decide to write them. After that, of course, the previous content won't be recoverable. The number of cylinders for this disk is set to 5221. There is nothing wrong with that, but this is larger than 1024, and could in certain setups cause problems with: 1) software that runs at boot time (e.g., old versions of LILO) 2) booting and partitioning software from other OSs (e.g., DOS FDISK, OS/2 FDISK) Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite) Command (m for help): Command action e extended p primary partition (1-4) p Partition number (1-4): 1 First cylinder (1-5221, default 1): Using default value 1 Last cylinder or +size or +sizeM or +sizeK (1-5221, default 5221): Using default value 5221 Command (m for help): Command (m for help): w The partition table has been altered! Calling ioctl() to re-read partition table. [ 866.679048] sd 0:0:0:0: [sda] 83886080 512-byte hardware sectors (42950 MB) [ 866.682658] sd 0:0:0:0: [sda] Write Protect is off [ 866.683795] sd 0:0:0:0: [sda] Cache data unavailable [ 866.683822] sd 0:0:0:0: [sda] Assuming drive cache: write through [ 866.686443] sda: sda1 [ 866.695530] sd 0:0:0:0: [sda] 83886080 512-byte hardware sectors (42950 MB) [ 866.698278] sd 0:0:0:0: [sda] Write Protect is off [ 866.699422] sd 0:0:0:0: [sda] Cache data unavailable [ 866.699495] sd 0:0:0:0: [sda] Assuming drive cache: write through [ 868.702058] sda: sda1 Syncing disks.

 

We can accept the default values in Listing 3. The partition type is not a concern at this time because it will be re-created by Clonezilla during the image restoration.

As with the backup procedure, you must mount a writable device or space as /home/partimag, then Clonezilla will search the cloned image directory under /home/partimag. To prepare the restoration from the image on the partition /dev/sdb1 to the newly created partition /dev/sda1, first mount the /dev/sdb1 to /home/partimag with the writable privilege. Note that here /dev/sdb1 is an NTFS file system on the host server, and it may be open, so a force option might be required to mount it successfully. See Listing 4.

Listing 4. Mounting the image device to /home/partimag
 

debian:~# mount -t ntfs-3g /dev/sdb1 /home/partimag -o force debian:~# ls /home/partimag Sys01-2009-02-23-img

 

When the /home/partimag and the destination partition are ready, you have to choose the best way to restore the image for your environment. As for backup, Clonezilla also provides a variety of advanced and flexible options for image restoration. See Figure 9 for the restoration parameters and their meanings.

Figure 9. Clonezilla advanced extra parameters: restore

 

For Windows system image restoration, the boot header has to be written to the destination disk. To achieve this, -j0 (use dd to create partition table) and -t1 (client restores the prebuilt MBR from syslinux) are recommended. The hnX PC (X is 0 or 1) option is good to ensure that your environment has a unique Windows machine name. In case you don't want to keep your current destination partition layout, you also can try -k1 or another partition-relation parameter to create another partition table.

Listing 5 restores the image Sys01-2009-02-23-img from /home/partimag (/dev/sdb1) to the destination device /dev/sda1.

Listing 5. Using command line to restore the image
 

debian:~# /opt/drbl/sbin/ocs-sr -e1 auto -c -t1 -r -j3 -cm -j0 -p reboot restoreparts "Sys01-2009-02-23-img" "sda1"

 

Figure 10 shows the summary and progress updates you'll receive after you confirm the choice. After that, you have your cloned system on a virtual machine.

Figure 10. Clonezilla restore summary and progress
 
 

When the restoration is done, you can watch your system boot up from the virtual machine. To get better performance, install the VMware Tools for the virtual operating system.

To ensure a successful migration experience for Windows, you should have solid knowledge of HAL and be able to use tools like sysprep to prepare your physical server to support the virtual machine environment.

Conclusion

This article has shown you how to complete a physical-to-virtual system migration using an image-based method and open source tools. Remember to use the steps here as a reference; due to differences in environments, your system and migration experience may be different from what you read here.

 

Resources

Learn
 

• The Clonezilla site provides full and detailed information and resources on Clonezilla Live.
  
   
• "Manage partitions and disks with GParted-Clonezilla live CD" (Linux.com, July 2007) provides a guided tour of Clonezilla.
  
   
• The DRBL FAQ/Q&A can answer many questions you might have about Clonezilla Live.
  
   
• VMware provides data and documentation on its virtualization technologies, including the VMware Server.
  
   
• Knowledge of HAL is needed if you're migrating a Windows system.
  
   
• "How Convert Physical to Virtual" (VMTS) shares valuable experience on P2V migration via cloning.
  
   
• Linux has a long history of virtualization efforts, many of them documented at developerWorks; for example:
  • "Virtual Linux" (December 2006) gives an overview of virtualization methods, architectures, and implementations.
  • "Discover the Linux Kernel Virtual Machine" (April 2007) describes the first virtualization solution to be part of the mainline Linux kernel.
  • "LXC: Linux container tools" (February 2009) shows how to provide lightweight virtualization without encountering the complexities of full virtualization.
  
   
• In the developerWorks Linux zone, find more resources for Linux developers, and scan our most popular articles and tutorials.
• See all Linux tips and Linux tutorials on developerWorks.
• Stay current with developerWorks technical events and Webcasts.

Get products and technologies

• Download the latest Clonezilla Live ISO image.
  
   
• With IBM trial software, available for download directly from developerWorks, build your next development project on Linux.

[Apr 2, 2009] Will SLES Make Virtualization Ubiquitous

With SLES it is offering "a baseline image so software vendors can easily build appliances. The concept is something know as a JeOS (Just enough Operating System) and has been trumpeted by Novell as the future of operating systems," InternetNews.com reports

Even more revealing is Vice President of Solution and Product Marketing Justin Steinman's comment to InternetNews.com, "We designed SLES 11 to be ubiquitous, to run in physical, virtual and cloud models."

This approach is very different from the one that its chief competitor, Red Hat, is taking. Last month, Red Hat released a stand-alone virtualization hypervisor based on KVM (Kernel Virtual Machine) as well as a new hypervisor for Red Hat Enterprise Linux. It also unveiled Red Hat Enterprise Virtualization Manager for Servers, an open source virtualization management suite to facilitate fully integrated management across virtual servers and desktops.

Red Hat is in many ways hedging its bets, updating its operating system as well as releasing its own hypervisor. Let's face it, though, there are three hypervisors out the that merit consideration. One is currently well-entrenched. The second will soon to be breathing down the first one's neck. A third is grabbing for the open source crowd while simultaneously aligning itself with the up and coming hypervisor. And this is all occurring in a commoditized market, no less.

[Jun 24, 2008] VMware's CEO talks Microsoft, security, EMC and cloud computing r By Jon Brodkin

06/24/2008 | Network World

Diane Greene is the president, CEO and co-founder of VMware, a pioneer of x86 server virtualization and one of the most innovative companies to hit the IT world in the past decade. Greene was in Boston last week with her VMware team, briefing analysts on new technologies that haven't been made public yet. She took some time out to speak with Network World's Jon Brodkin about a range of topics.

Microsoft is entering the market with Hyper-V. How are you preparing for that?

We've got our hypervisor, which is the world's best, the most reliable, the most secure, the most functional, the smallest footprint. Then we have this broad portfolio of 21 products that make this hypervisor powerful. We've been expecting competition for years. We got ready for it. We knew what they would do, they would come in and say 'the hypervisor is free.' And we have shifted our revenue, we have shifted our value to the software that makes that hypervisor so valuable.

VMware does charge a lot more than its competitors. Are you feeling any pressure to lower your prices?

We're the only company with a price point for every kind of use of virtualization starting with just the hypervisor. ESXi is available from our Web site for $495. We have a free VMware Server that is very actively used, if you look at the discussion groups.

The portfolio of software for managing and automating the applications for running virtual machines, giving them quality of service, is where we increasingly charge, but that's completely separate from the base platform, the hypervisor layer.

What really differentiates the VMware hypervisor from Microsoft and Xen server virtualization software? (Compare server products.)   

VMware's hypervisor is incredibly robust. We have a [big pharmaceuticals] customer that has run one with no reboots for over four years. No restarts. It's the only hypervisor that has no dependence on an operating system. It can be much more secure because a hypervisor is only as secure as its weakest link. We have this architecture that can be embedded in the hardware with this small, very secure footprint [under 32MB]. And the functionality our hypervisor supports, such as memory overcommit and so forth is the broadest. Not to mention that it's in use in production by over 100,000 customers.

IBM virtualized the mainframe several decades ago. How is VMware's technology modeled after mainframe virtualization?

VMware was founded with the notion that if you revisited this concept of virtualization that IBM had done and modernized it, and brought it to industry-standard systems, that where hardware had come in terms of fast CPUs, and cheap memory and cheap disk and networking support was going to make it phenomenally valuable. We had taken it to a much broader applicability than was originally done on the mainframe, but the concept of virtualization and a lot of the value proposition that IBM saw in the late ‘60s hasn't changed at all.

There were some rumors about EMC selling VMware, which seem to have fizzled out. How much attention do you pay to that kind of thing?

As CEO of VMware my job is to keep the company executing and fulfilling our potential, and that's really what I focus on and lead the company to focus on.

Any idea why these rumors crop up from time to time, though?

The situation VMware is in, where we're 86% [owned by EMC] and a partial spinout [on the stock market] is an unusual situation and has some instability associated with it. Naturally people are watching that closely. If you looked at data on companies that get partially spun out, generally something happens afterwards, you know it evolves one way or another.

You've discussed in the past how it was important to keep the operations of VMware separate from EMC, even though EMC owns VMware. Who do you report to? Is there any interference from on high?

VMware is now a separate public company from EMC. As CEO I report to the VMware board.

Which is composed mostly of EMC executives?

The VMware board is mostly EMC, either directors or officers of EMC. What we're focused on at VMware is our partnering, that's very key to how we go to market, how we integrate, and executing on our strategy.

Do you ever feel friction or have strategic disagreements with EMC?

I find that it's important to be very articulate about how in order for VMware to realize its full potential -- and we're in an amazing position right now -- the importance of our partners and our ability to execute in an unfettered way.

You co-founded VMware with your husband. What is his current involvement with the company and what's your business relationship like?

VMware had five co-founders and Mendel Rosenblum, who is my husband, is our chief scientist. He's also a professor of computer science in the systems space at Stanford University where he continues to be a full-time professor. But he is also very involved at VMware one day a week and on an ongoing basis.

Is there a next wave of virtualization we don't know about?

What we're doing with computers is getting more complex. The sophistication with which we handle delivering applications with the top quality of service and security. The next wave is using virtualization to provide a complete simplification of how you do that -- being able to build, develop, deploy, maintain and update applications, where an application can be a composite application of multiple virtual machines, and delivering that from any place over any set of hardware resources, be it on-premise or off-premise in a cloud, if you will.

How does cloud computing play into virtualization?

Virtualization is really the key building block to being able to do cloud computing, because the notion of a cloud is that all the resources are kind of aggregated, sort of magically, and you just run services from the quote cloud. It's very important you be able to separate the software from the hardware and move it around without any service interruption. And be able to have the application take with it the quality of service it wants. So what customers want is complete freedom of choice. They want to take their application and run it anywhere in any cloud. The only way to do that is with virtualization.

Amazon uses virtualization in its EC2 cloud. Are they using VMware?

I can't comment on that, but I think the model that Amazon is doing is helping people to understand what's possible.

What's the biggest challenge for VMware this year?

If I had to identify one thing, we've definitely stepped up our communication this year. Part of that is being a public company. Part of that is explaining, as the noise has increased due to our expected arrival of competitors coming into the market, explaining the different category of value proposition we have.

What are the most innovative VMware customers doing with virtualization?

There are great innovations going on in the desktop and in the data center and even in the cloud. The desktop is used heavily in the health industry and the hospitals. There's Huntsville hospital [in Alabama], which uses thin clients on wheeled carts with the desktop hosted on a centralized server. They're using virtualized desktops so they can have wireless thin clients running around on hospital carts.

The U.S. Marine Corps consolidated 300 data centers down to 30, and 100 mobile platforms, a data center in a box, that can go on a tank or what have you. With [virtual desktop software] VMware ACE, they can carry [desktops] on their thumb drives and deploy on any PC.

The National Security Agency, of course, has used it to provide different security levels on the same physical machine. They've been a customer of ours since 1999. They started out really early, we gave them our source code right away, they did a full audit of it. One of the first things they used it for was to isolate what people are doing because a single individual that has top security clearance needs to do different things at different security levels. [Previously], they had to have a different PC depending on how secure the data was. They were able to consolidate that onto a single machine made up of multiple virtual machines. Each virtual machine was encrypted and so forth and had a different security clearance level.

The VMsafe program you announced in February essentially opened your hypervisor to security vendors. Has anything innovative come out of that yet? (Compare security products.) 

You'll see products over the next 18 to 24 months out of that. Once that comes out you'll see a new level of security, because instead of being either inside the operating system or out on the network, you're on a special very secure virtual machine that can aggregate what's going on in all the memory and CPU and operating system and network. Also, people won't need to install antivirus in the software anymore because you'll be able to put it in the container [the virtual server running the software]. In other words, you can control what goes in and out of a virtual machine. If there's a new virus you can update right there, you don't have to update the operating system or the application.

Do you think a virtual server today is more secure or less secure than a physical server?

I would say it's certainly as secure and in some ways more secure simply because the hypervisor is so small, so you can really secure the hypervisor. And a virtual machine container is as secure as the hardware.

Are there any problems people run into that are unique to virtual servers?

With products like ACE, where you can actually put security policies around the virtual machine, that actually takes it to a stronger level. You can have a desktop virtual machine not allowed to send anything to a printer or have to check in with a central server to make sure it's still valid and properly updated before you can operate it. You can add security policies around that in a way you wouldn't be able to do with a physical machine.

Another problem is virtual server sprawl. How does that compare to physical server sprawl?

A virtual machine when it's inactive uses no power. A virtual machine doesn't require physical space other than the disk the virtual machine file sits on. So if you have excellent monitoring and management tools around a virtual machine you're going to be in a much better position than if you had to bring out a new physical machine every time you want to run another workload. It is interesting, oftentimes when people bring in our capacity planner tool, they'll discover machines and nobody knows what they're used for.

VMware is doing application virtualization now, with the acquisition of Thinstall.  Are there any other types of virtualization you haven't done yet that you might get into?

Virtualization can be a very broad, all-encompassing term. People apply virtualization to social networks, even. But we virtualize comprehensively all the hardware resources: servers, storage, network, memory, CPU, disk, I/O. We do that within ESX.

That lets you separate the software from the hardware. Then we let you virtualize the application from the operating system so you can seamlessly install an application on any version of the operating system.

In a way we're virtualizing how you do management and automation because we're simplifying it.

... ... ...

[Jun 24, 2008]  7 side effects of sloppy virtualization - Network World By Denise Dubie

06/24/2008 | Network World ,

Virtualization can cause as many problems as it solves if left unmanaged, according to Gartner.

IT professionals may initially be awestruck by the promises of virtualization, but Gartner analysts warn that awe could turn into upset when organizations start to suffer from seven nasty side effects.

David Coyle, research vice president at Gartner, detailed the seven side effects at the research firm's Infrastructure, Operations and Management Summit, which drew nearly 900 attendees. While virtualization promises to solve issues such as underutilization, high hardware costs and poor system availability, the benefits come only when the technology is applied with proper care and consistently monitored for change, Coyle explained.

Here are the reasons Gartner says virtualization is no IT cure-all:

1. Magnified failures. In the physical world, a server hardware failure typically would mean one server failed and backup servers would step in to prevent downtime. In the virtual world, depending on the number of virtual machines residing on a physical box, a hardware failure could impact multiple virtual servers and the applications they host.

"Failures will have a much larger impact, effecting multiple operating systems, multiple applications and those little tiny fires will turn into big fires fast," Coyle said.

2. Degraded performance. Companies looking to ensure top performance of critical applications often dedicate server, network and storage resources for those applications, segmenting them from other traffic to ensure they get the resources they need. With virtualization, sharing resources that can be automatically allocated on demand is the goal in a dynamic environment. At any given time, performance of an application could degrade, perhaps not to a failure, but slower than desired.

3. Obsolete skills. IT might not realize the skill sets it has in-house won't apply to a large virtualized production environment until they have it live. The skills needed to manage virtual environments should span all levels of support, including service desk operators who may be fielding calls regarding their virtual PCs. Companies will feel a bit of a talent shortage when moving toward more virtualized systems, and Coyle recommends starting the training now.

"Virtualized environments require enhanced skill sets, and virtual training across many disciplines," he said.

4. Complex root cause analysis. Virtual machines move -- that is the part of their appeal. But as Coyle pointed out, it is also a potential issue when managing problems. Server problems in the past could be limited to one box, but now the problem can move with the virtual machine and lull IT staff into a false sense of security.

"Is the problem fixed or did you just lose it? You can't tell in a virtual environment," Coyle said. "Are you just transferring the problem around from virtual server to virtual server?"

5. No standardization. Tools and processes used to address the physical environment can't be directly applied to the virtual world, so many IT shops will have to think about standardizing how they address issues in the virtual environment.

"Mature tools and processes must be revamped," Coyle said.

6. Virtual machine sprawl. The most documented side effect to date, virtual server sprawl results from the combination of ease of deployment and lack of life-cycle management of virtual machines. The issue could cause consolidation efforts to go awry when more virtual machines crop up than there are server administrators to manage them.

"The virtualized environment is in constant flux," he said.

7. May be habit forming. Once IT organizations start to use virtualization, they can't stop themselves, Coyle said. He offered tips to help curb the damage done from giving into a virtual addition.

"Start small. Map dependencies. Create strong change processes. Update runbooks. Invest in capacity management tools. And test, test, test," he said.

[Mar 19, 2008]  Technology - Open source’s green claims by Sam Hiser

Published: March 19 2008 |  FT.com

The combination of free software from the likes of Linux and GNU with virtualisation – which maximises computing efficiency – is a compelling proposition. It offers lower costs, flexibility and greater efficiency, plus environmental benefits

Bogamil Balkansky, chief of product marketing at VMWare, the leading virtualisation vendor, agrees that vitualisation is inherently green. “It helps shrink the physical footprint and the energy footprint,” he says. “For every application running virtually, the data centre saves about 7,000 kilowatt-hours a year.”

With virtual machine technology, application workloads can be consolidated to fewer servers and they can be moved around, closed down, opened up and re-provisioned remotely with remarkable ease.

Until now, PCs and servers have been vastly over-provisioned because of software inflexibility and the need to maintain some leeway in hardware resources.

Mike Grandinetti, chief marketing officer of Virtual Iron and senior lecturer at MIT’s Sloan School of Management, says: “Average server capacity utilization is between 4 and 7 per cent.” Experts say we might expect long-term capacity utilization above 50 per cent, and well beyond that for some applications, but the virtualisation trend is only just getting started.

IBM is curing its own server sprawl in a big green effort to shrink 3,900 servers down to 33 z10 mainframes. “One z10 is equivalent to 1,500 standard Intel x86 servers; it takes up 85 per cent less space and uses 85 per cent less power,” says David Gelardi, IBM’s vice-president of mainframes and high performance computing.

The project is focused on migrating IBM’s internal Unix applications to applications running in virtual machines upon zLinux, which supports either Red Hat Enterprise Linux (RHEL 4 or 5) or Novell’s Suse Linux Enterprise Server (SLES 9 or 10) as host.

Alongside server consolidation, GNU/Linux and virtualisation are driving the Web 2.0 trend, which sees businesses using the internet to interact with customers and the wider public.

Companies such as Google, Ebay, Amazon and MySpace use GNU/Linux to drive their services and many use virtual machine technology to provision applications efficiently and allocate hardware resources for customers.

There is hardly any debate that by 2018 IT will consume more aggregate kilowatt-hours than it did in 2008, but by then data centres will do so much more and desktops so much less.

Mr Grandinetti of Virtual Iron says: “There will be an explosion in services without an explosion in energy consumed.”

Microsoft's Ballmer On Windows Server, Yahoo, Linux -- Microsoft -- InformationWeek

InformationWeek: I think you see VMware aggressively courting virtualization customers. Customers that I've spoken with are saying Microsoft is definitely coming from behind here. You mentioned it on stage here. There's Hyper-V's delay. Does Microsoft's entrance now into the virtualization space put it at a disadvantage in the virtualization world?

Ballmer: The choice is, you know, to be first to have share or not. I guess I prefer to be first to have share. Now, you've got to remember, this market has barely been scratched, less probably in the install base -- less than 5% of all systems run virtually. Virtualization is way too complicated, way too expensive today for people to take advantage of it, and it's way too isolated from the rest of everything that happens in application development to data center deployment and operations. That's not my way of criticizing, it's just if we're going to get -- if the phenomenon is going to fully take effect, then we've got to democratize it. That might be VMware, [but] they haven't shown moves in that direction. Somebody could argue it might be one of the open source alternatives. I like what we've got. I think we pay out on those problems.

That doesn't mean the other guys are going to go away. Obviously we recognize that fact and we provide good interoperability with VMware's virtual machine. But I don't think -- there's a simplicity with performance, with management, integrated management, with everything else, I think we're going to make a real difference. Sure, I wish we had everything we're announcing now and shipping this year a year ago, sure. Two years ago? Sure. But, believe me. We're going to make a big difference.

[Nov 12, 2007] Oracle’s virtual challenge to Windows and Red Hat

Matthew Aslett, November 12, 2007

 

VMware’s share price may have taken a hit following the launch of Oracle VM but the product has wider implications in the software market. To some extent it is a software appliance play: like Raw Iron without the iron. This question and answer from the Q&A says it all:

“Does Oracle VM require a host operating system?
No. Oracle VM installs directly on server hardware and does not require a host operating system.”

Oracle VM comes with pre-configured virtual machine images of Oracle Database and Oracle Enterprise Linux and is designed to install directly on the server hardware. It’s no surprise to find that the product is a development of the Unbreakable Linux group within Oracle. This makes sense given that it is based on Xen and a lot of Oracle’s Xen expertise is within the Unbreakable group, but also because it further disrupts the relationship between customers and their operating system suppliers.

The target of Raw Iron was eradicating the layer of Microsoft Windows that stood between Oracle and its customers’ hardware. Oracle VM targets both Windows and Red Hat Enterprise Linux. Sure, you can run both as guest operating systems on Oracle VM, but the customer’s first port of call becomes Oracle. Whether the offering will make much of an impact outside Oracle-heavy environments remains to be seen, however.

[Oct 25, 2007] Virtualization Decreases Security

'You are absolutely deluded, if not stupid, if you think that a worldwide collection of software engineers who can't write operating systems or applications without security holes, can then turn around and suddenly write virtualization layers without security holes.'

ParaFan writes "In a fascinating story on KernelTrap, Theo de Raadt asserts that while virtualization can increase hardware utilization, it does not in any way improve security. In fact, he contends the exact opposite is true:

'You are absolutely deluded, if not stupid, if you think that a worldwide collection of software engineers who can't write operating systems or applications without security holes, can then turn around and suddenly write virtualization layers without security holes.'

de Raadt argues that the lack of support for process isolation on x86 hardware combined with numerous bugs in the architecture are a formula for virtualization decreasing overall security, not increasing it."

VMware Communities- ESX 3.0.1 Guests Freeze ...

Interesting term: Purple Screen of Death (VMware ESX server crash). In this case all you virtual instances are hosed and you have a small man-man disaster in your hands if there are more then 3 production instances on the server. 

[Aug 02, 2007] XenSource's Simon Crosby speaks out by Manek Dubash

"For virtualization to be prolific, there has to be a step up in terms of know-how. "

August 02, 2007 | Techworld

Open source virtualization developer XenSource has just inked a deal with Symantec to collaborate on embedding Veritas Storage Foundation into XenEnterprise, and delivering HA/DR and backup technology to XenSource's customers. In the wake of that deal, founder and CTO Simon Crosby was in London recently to explain the background to the deal. He also delivers his trenchant thoughts on the future of the virtualization industry -- and launches a serious critique of VMware and even of business partner Microsoft.

Q: How do you see the future of the virtualization market? A: The world has created a new Microsoft -- there's a monster embedded in our industry. So the market is starting to crystallize, partly as a consequence of the way that VMware is building its company. They just want to sell more and more, and it's starting to step on people's toes.

Q: Is VMware really that horrible? A: Unlike VMware, Microsoft doesn't compete with its channel but leaves room for an ecosystem. It's a superb platform player. Microsoft is very conscious of its scale and leaves pockets of $100m markets around for its partners. Our relationship with Microsoft is strong, will remain strong, and strengthens every day. Microsoft has been a very supportive partner.

The chink in VMware's armor is the weakness of its ecosystem -- all its partners are under threat. That said, I wouldn't fault VMware entirely. VMware has grown very fast -- they had to do that so I can't fault them for it, but no-one's making money out of VMware. There's a general sense of unease.

Q: Will virtualization technology be absorbed into the OS? A: There's plenty of scope for development. Microsoft's Viridian feature set has been slashed because the features in the kernel of Server 2008 were fixed and there was otherwise an overlap between it and Viridian. And Red Hat and Novell haven't done much with Xen yet. None of the virtualization platforms are anything but a way of virtualizing themselves.

We have managed to benefit from relationships on both sides. Open source is a very clearly articulated argument -- it's about aligning a community around a common codebase. Some of the open source software (OSS) vendors compete with each other not with the bigger guys. OSS generates pull-through because the customers get a richer set of services -- it's a longer term play. We believe that the virtualization engine is a standard, commoditized product that has to be open. It must address a range of CPUs, and have a big hardware footprint.

It's also important not to make it the whole product so others get an incentive to take it to market. We don't do an ESX [VMware's flagship product] -- that's a car not an engine -- because an engine is more flexible, you can use it anywhere and it gives space for others to develop, and they have financial incentives to do so.

Q: Why is Microsoft not perceived as the big Satan now? A: The consent decree has changed things -- there are 1,400 lawyers at Microsoft. In every conversation with them we find they're absolutely egalitarian about access to APIs. They have huge market control but they realize they have to embrace and manage open source. That means they have to interoperate and work with it, because they know they can't eliminate it -- the world's changed. Also they're huge so their ability to innovate gets clogged up, which leaves tons of space for others to innovate -- they've learned to cooperate with others in markets they can't get to.

Also, I think in terms of the scale of everything Microsoft does, virtualization is only a minor project in a monster organization. Virtualization has become the major shaping force in the industry -- and they [Microsoft] said that they thought that more VMs meant more revenue but they're changing that as customers need to know that it's OK to start Windows in a VM.

Q: Will this change? A: I don't know where they're going with this -- it could be that things are taking longer. The policy is rational but they haven't communicated that to the market yet. It's a huge opportunity for someone to be make a product to manage licensing -- using technology used for DRM and licensing so that you know how long an OS has run etc. It would need to be an independent verifiable source for legal licensing.

Q: Will Xen continue to use the same technology in future -- in other words, para-virtualization? A: Para-virtualization is an awful name: if someone asks what would you rather have, full virtualization or para-virtualization, what's your answer? The aim was to encourage OS vendors to make the OS ready for virtualization -- but 95 percent of applications and OSes are legacy, unvirtualized.

Para-virtualization is relevant in another content -- we use para-virtualized I/O and timers etc by inserting drivers etc into Windows to get a fast stack working. From a product perspective, it means the guest automatically installs the right software and it just works. We hook into the HAL and get the best performance.

But most of the OSes aren't para-virtualized -- there's only RHEL 5 and SLES 10. The important thing is that in future every OS will be ready to run on a hypervisor. [Intel's] VT gives us everything else.

Q: How do you see virtualization evolving over the next two years? A: Hardware vendors will certify the hypervisor and it's up to the customer to do everything else. Customers want to virtualized everything else because the savings are so huge -- the confidence in virtualization is high but it's too complex for the average guy.

On the client, virtualization technology has to be invisible and work using [management] technology such as Intel's vPro. There also has to be a viable ecosystem or it's a niche product.

The world will break into two camps: VMware, where you add more features and sell more software, or open source. We're just a great component -- we do a fantastic job of server virtualization working with best of breed partners -- we plug into storage virtualization and it all works.

We have agreements with people such as Stratus and Marathon -- there's lots we've not announced yet. Virtualization will be another category of IT admin -- you'll find virtualization specialists much as you have database specialists etc now.

Q: What about skill sets? A: Lack of skill sets is a major barrier to take-up. We have over 300 certified partners, over 500 certified trained partner engineers worldwide who train the trainers -- we have a course that partners can resell. For virtualization to be prolific, there has to be a step up in terms of know-how.

[Sep 25, 2007] Container-based Operating System Virtualization: A Scalable, High-performance Alternative to Hypervisors Stephen Soltesz, Herbert P¨otzl , Marc E. Fiuczynski, Andy Bavier, and Larry Peterson Princeton University, fsoltesz,mef,acb,llpg@cs.princeton.edu
Linux VServer Maintainer herbert@13th oor.at

An important paper comparing performance of para-virtualization approaches (eg Xen) with OS-level virtualization (jails).  The authors shows that jail-style virtualization has tremendous advantages in typical scenarios.

Hypervisors, popularized by Xen and VMware, are quickly becoming commodity. They are appropriate for many usage scenarios, but there are scenarios that require system virtualization with high degrees of both isolation and efficiency. Examples include HPC clusters, the Grid, hosting centers, and PlanetLab. We present an alternative to hypervisors that is better suited to such scenarios. The approach is a synthesis of prior work on resource containers and security containers applied to general-purpose, time-shared operating systems. Examples of such container-based systems include Solaris 10, Virtuozzo for Linux, and Linux- VServer. As a representative instance of container-based systems, this paper describes the design and implementation of Linux-VServer. In addition, it contrasts the architecture of Linux-VServer with current generations of Xen, and shows how Linux-VServer provides comparable support for isolation and superior system efficiency.

[Aug 26, 2007] How To Use NTFS Write Support (ntfs-3g) On Fedora 7

Write access to NTFS permits some using it virtual machines

"Normally Linux systems can only read from Windows NTFS partitions, but not write to them which can be very annoying if you have to work with Linux and Windows systems. This is where ntfs-3g comes into play. ntfs-3g is an open source, freely available NTFS driver for Linux with read and write support. This tutorial shows how to use ntfs-3g on a Fedora 7 desktop to read from and write to Windows NTFS drives and partitions.

See also:

How To Use NTFS Drives/Partitions Under Ubuntu Edgy Eft
Our-Picks: Access Your Linux Partitions Under Windows(Mar 05, 2007)

IBM To Support Xen Virtualization Software For Suse 10 Linux -- Virtualization -- InformationWeek

[Jul 14, 2006] IBM To Support Xen Virtualization Software For Suse 10 Linux -- Virtualization -- InformationWeek By Charles Babcock

July 14, 2006 06:00 PM  | InformationWeek

[Mar 31, 2007] Virtualization with coLinux

Probably the fastest way to run Linux under Windows. It works (you need to connect to virtual mashine via VNC -- no screen sharing).

Virtualization with VMware, Xen, and Kernel-based Virtual Machine (KVM) are all the rage these days. But did you know that you can run Linux cooperatively with Microsoft Windows? This article explores Cooperative Linux (coLinux), starting with a quick introduction to virtualization and then looking at the approach taken by coLinux. You'll also see how to get coLinux up and running on Windows.

Sys Admin v16, i04 Navigating the System Virtualization Maze -- Part 1

• Hardware partitioning -- This method involves the strict division of a system into fixed collections of CPUs. Those CPUs get their own operating system installed on them and run independently of the other partitioned CPUs on the system. Note that hardware partitioning has been available to Sun customers for many years, in the form of hardware domains on the enterprise servers. These servers also include an advanced form of hardware partitioning that can move CPUs between partitions -- Sun calls it "dynamic reconfiguration". Dynamic reconfiguration still partitions the system into separate groups of CPUs, and the resource movement is on large time scales (hours or days), so it deserves a separate category from the other forms of virtualization discussed below. Hardware partitioning virtualization is also newly available in the T1 chip (as found in the T1000 and T2000 serves. The T1 chip sports a "logical domain" facility as of the Solaris 10 11/06 release. The T1-based systems can now create up to 32 LDoms, each of which can have its own Solaris 10 installed and running. It could be argued that this physical partitioning of a system is not really virtualization, but it does involve one system acting like many so it is included here. See Figure 1A .
• Normal virtualization (also called operating system virtualization) -- This setup has hardware or software, the "hypervisor", acting like the bare metal of the system, allowing for example multiple operating systems to be installed on the same system. The virtual machines see only the virtual bare metal, and therefore do not realize they are virtualized. The hypervisor then manages the resources to share them amongst the virtual machines. Sometimes this resource management is basic (e.g., virtual machine A gets four CPUs and machine B gets two CPUs) and sometimes more advanced. Note that there is complexity to this solution. For example, many aspects of the bare metal virtualization involve emulating hardware facilities, such as page tables and interrupt vectors. VMware Workstation and ESX are examples of this type of virtualization. See Figure 1B .
   
• Paravirtualization -- This is a cooperative solution in which the virtualization technology exposes an API to the operating systems running on top of it. That API allows the virtualized OS to ask the paravirtualizing hypervisor to perform tasks for it (e.g., change a page table entry). In this case the complexity is reduced and, potentially, performance can be gained. However, the virtualized operating system must be modified to call the hypervisor's API. Therefore, the operating systems being virtualized must volunteer for that duty, and non-volunteers (i.e., Windows) are not invited to play. Xen and VirtualIron are examples of this type of virtualization. See Figure 1C .
   
• Hardware-assisted virtualization -- This setup improves both normal and paravirtualization by giving the hypervisor help in emulating the base hardware. With hardware assist, such as the Intel VT and AMD-V (as found in the Sun Opteron "M2" servers), there is less emulation and interception by hypervisors. For example, Xen could not run Windows in a virtual machine before Intel VT and AMD-V came along.
   
• Containers -- Containers, as found in Solaris 10 and beyond, and BSD "jails" belong in a separate category from the other technologies. They draw the virtualization line not between the operating system and the hardware but rather between the applications and the operating system. In this manner, applications can run in virtual containers on top of one operating system. This form of virtualization is less flexible than the standard models in that there is one kernel running and all applications run within that one kernel (and kernel patch set). But before condemning them as too restrictive, consider the Solaris project "BrandZ" (http://www.opensolaris.org/os/community/brandz/), which will allow other operating systems to run (virtually, of course) with a Solaris Container.

[Mar 10, 2006] Red Hat to up the virtualization price war ante

February 14th, 2007 ZDNet.com

Red Hat plans to squeeze VMware on pricing as it bundles virtualization technology with its operating system.

... Crenshaw argues that with current VMware software a customer buys software from VMware and then has to buy more operating system licenses for each instance virtualized. By combining the operating system–in this case Red Hat–with virtualization technology those additional licenses aren't necessary.

...Red Hat will also aim to simplify pricing with virtualization. "We will have everything you need to virtualize your environment into one SKU. It will be much more economical than buying separate components," says Crenshaw.

Red Hat's target is pretty clear. For instance, VMware Infrastructure 3 comes in three editions–starter, standard and enterprise–with prices ranging from $1,000 per two processors to $5,750. Support and upgrade subscriptions boost those totals.

[Mar 10, 2006] Techworld.com - OS and Servers Insight - Linux-kernel virtualisation -- finally on the fast track

...KVM appears to be on the fast path. This project first surfaced in October 2006; it found its way into the 2.6.20 kernel a few months later. On 25 February, KVM 15 was announced. This release has an interesting new feature: live migration. The speed with which the KVM developers have been able to add relatively advanced features is impressive; equally impressive is just how simple the code that implements live migration is.

KVM starts with a big advantage over other virtualisation projects: it relies on support from the hardware, which is only available in recent processors. As a result, KVM will not work on the bulk of currently deployed systems. On the other hand, designing for future hardware is often a good idea -- the future tends to come quickly in the technology world.

By focusing on hardware-supported virtualisation, KVM is able to concentrate on developing interesting features to run on the systems that companies are buying now.

The migration code is built into the QEMU emulator; the relevant source file is less than 800 lines long.

[Mar 09, 2006] Slashdot Virtualization Is Not All Roses

• Re:Yawn

  (Score:5, Informative)

  by giminy (94188) on Friday March 09, @02:16PM (#18292472)
  (http://www.readingfordummies.com/blog/ | Last Journal: Thursday November 21, @05:10PM)

  We took a system that according to our monitoring sat at essentially 0-1% used (load average: 0.01, 0.02, 0.01) and put it on a virtual.
  
  Load average is a bad way of looking at machine utilization. Load average is the average number of processes on the run queue over the last 1,5,15 minutes. Programs running exclusively I/O will be on the sleep queue while the kernel does i/o stuff, giving you a load average of near-zero even though your machine is busy scrambling for files on disk or waiting for network data. Likewise, a program that consists entirely of NOOPs will give you a load average of one (+1 per each additional instance) even if its nice value is all the way up and it is quite interruptable/is really putting zero strain on your system.
  
  Before deciding that a machine is virtualizable, don't just look at load average. Run a real monitoring utility and look at iowait times, etc.
  
  Reid
• by hackstraw (262471) on Friday March 09, @03:48PM (#18293756)
  (http://www.spamgourmet.com/) Load average is a bad way of looking at machine utilization. Load average is the average number of processes on the run queue over the last 1,5,15 minutes.
  
  This may be wrong, but I've always looked at load as the number of processes waiting for resources (usually disk, CPU, or network).
  
  I've seen boxes with issues that have had a number of processes stuck in the nonkillable D (disk) wait state that were just stuck, but they had no real impact on the system besides artifically running the load up.
  
  I've also seen where load was reported as N/NCPUs and N regardless of the number of CPUs.
  
  Like all statistics, any single number in isolation is just a number. Even if the real meaning is the average number of processes in the run queue, that does not tell you much. Thinking of it as the number of processes waiting for some piece of hardware seems more accurate.
• by T-Ranger (10520) <jeffw@cheb u c t o . n s . ca> on Friday March 09, @02:19PM (#18292508)
  (http://coherentnetworksolutions.com/) Well, disks may not be a great example. VMWare is of course a product of EMC, which makes (drumroll) high end SAN hardware and software management tools. While Im not quite saying that there is a clear conflict of interest here, the EMC big picture is clear: "now that you have saved a metric shit load of cash on server hardware, spend some of that on a shiny new SAN system". The nicer way of that is that both EMC SANs and VMware do the same thing: consolidation of hardware onto better hardware, abstraction of services provided, finer grained allocation of services, shared overhead - and management.
  
  If spikes on one VM are killing the whole physical host, then you are surely doing something wrong. Perhaps you do need that SAN with very fast disk access. Perhaps you need to schedule migration of VMs from one physical host to another when your report server pegs the hardware. Or, if its an unscheduled spike, you need to have rules that trigger migration if one VM is degrading service to others.
   
• Re:Yawn

  (Score:2, Interesting)

  by dthable (163749) <dhable AT uwm DOT edu> on Friday March 09, @01:11PM (#18291506)
  (Last Journal: Monday February 12, @01:59PM)

  I could also see their use when upgrading or patching machines. Just take a copy of the virtual image and try to execute the upgrade (after testing, of course). If it all goes to hell, just flip the switch back. Then you can take hours trying to figure out what went wrong instead of being under the gun.
   

• Re:Yawn

  (Score:4, Interesting)

  by afidel (530433) on Friday March 09, @01:55PM (#18292162)

  Well, our Oracle servers are DL585's with four dual core cpu's, 32GB of ram, dual HBA's backed by an 112 disk SAN and they regularly max out both HBA's, trying to run that kind of load on a VM just doesn't make sense with the I/O latency and throughput degradation that I've seen with VMWare. I know I'm not the only one as I have seen this advice from a number of top professionals that I know and respect. If you have a lightly loaded SQL server or some AD controllers handling a small number of users then they might be good candidates, but any server that is I/O bound and/or spends a significant percentage of the day busy is probably the lowest priority to try to virtualize. You can probably get 99+% of the benefit of virtualization from the other 80-90% of your servers that are likely good candidates.

• by ergo98 (9391) <dennis.forbes@gmail.com> on Friday March 09, @02:08PM (#18292350)
  (http://www.yafla.com/dforbes/ | Last Journal: Tuesday September 27, @10:43AM)  

  I know I'm not the only one as I have seen this advice from a number of top professionals that I know and respect.

  
  Indeed, it has become a bit of a unqualified, blanket meme: "Don't put database servers on virtual machines!" we hear. I heard it just yesterday from an outsourced hardware rep for crying out loud (they were trying to display that they "get" virtualization).
  
  Ultimately, however, it's one of those easy bits of "wisdom" that people parrot because it's cheap advice, and it buys some easy credibility.
  
  Unqualified, however, the statement is complete and utter nonsense. It is absolutely meaningless (just because something can superficially get called a "database" says absolutely nothing about what usage it sees, its disk access patterns, CPU and network needs, what it is bound by, etc).
  
  An accurate rule would be "a machine that saturates one of the resources of a given piece of hardware is not a good candidate to be virtualized on that same piece of hardware" (e.g. your aforementioned database server). That really isn't rocket science, and I think it's obvious to everyone. It also doesn't rely upon some meaningless simplification of application roles.
  
  Note that all of the above is speaking more towards the industry generalization, and not towards you. Indeed, you clarified it more specifically later on.
   
• Re:Yawn

  (Score:2)

  by Courageous (228506) on Friday March 09, @03:23PM (#18293384)

  Well. VMWare has issues with IO latency. One has to watch for that, not try to virtualize everything. But. You say "Virtualization bad" for "CPU intensive," and I cannot agree with that. SPECint2006 and SPECfp2006, as well as rates are within 5% of hard metal for ESX. I've run the tests myself. Old school "CPU intensive" applications are a non-conversation in in virtualizaation today.
  
  It's the network IO and network latency that will kill you if you don't know what you're doing. VMWare has known issues in that area (although they must break through these entirely or 10GE will never work properly in VMWare). One can work around these issues, however I'd simply say it's a Best Practice to simply plan to "not virtualize everything." I'd say target 65%-ish of your compute infrastructure in preplanning and base your real decisions on an actual analysis.
  
  C//
   

• Re:He must be talking about freeware

  (Score:5, Informative) by Semireg (712708) on Friday March 09, @12:59PM (#18291308)

I'm certified for both VMware ESX 2.5 and VMware VI3. VMware's best practices are to never use a single path, whether it be for NIC or FC HBA (storage). VMware also has Virtual Switches, which not only allows you to team NICs for load balancing and failover, but also use port groups (VLANs). You can then view pretty throughput graphs for either physical NICs or virtual adapters. It's crazy amazing(TM).

As for "putting many workloads on a box and uptime," this writer should really take a look at VMware VI3 and Vmotion. Not only can you migrate a running VM without downtime, you can "enter maintenance mode" on a physical host, and using DRS (distributed resource scheduler) it will automatically migrate the VMs to hosts and achieve a load balance between CPU/Memory. It's crazy amazing(TM).

Lastly, just to toot a bit of the virtualization horn... VMware's HA will automatically restart your VMs on other physical hosts in your HA cluster. It's not unusual for a Win2k3 VM to boot in under 20 seconds (VMware's BIOS posts in about .5 seconds compared to an IBM xSeries 3850 which takes 6 minutes). Oh, and there is the whole snapshotting feature, memory and disk, which allows for point in time recovery on any host. Yea... downsides indeed.

Virtualization is Sysadmin Utopia. -- cvl, a Virtualization Consultant
 
• Re:He must be talking about freeware

  (Score:2) by div_2n (525075) on Friday March 09, @02:05PM (#18292314) I'm managing VI3 and we use it for almost everything. Ran into some trouble with one antiquated EDI application that just HAD to have a serial port. That is a long discussion, but for reasons I'm quite sure you could guess, I offloaded it to an independent box. We run our ERP software on it and the vendor has tried (unsuccessfully) several times to blame VMWare for issues.
  
  You don't mention it, but consolidated backup just rocks. I have some external Linux based NAS machines that use rsync to keep local copies of both our nightly backups and occasional image backups at both sites.
  
  Thanks to VMWare, it's like I've told management--"Our main facility could burn to the ground and I could have our infrastructure back up and running at our remote site before the remains stop smoldering much less get a check from the insurance company."
   

• He must. ESX set up properly avoids most pitfalls

  (Score:5, Insightful)

  by cbreaker (561297) on Friday March 09, @01:38PM (#18291910)
  (Last Journal: Tuesday December 12, @07:54PM)

  Indeed. If you have a proper ESX configuration: At least two hosts, SAN back-end, multiple NIC's, supported hardware - you'll find that almost none of the points are valid.
  
  Teaming, hot-migrations, resource management, and lots of other great tools make modern x86 virtualization really enterprise caliber.
  
  I think that the people that see it as a toy are people that have never used virtualization in the context of a large environment, being used properly with proper hardware. You can virtualize almost any server if you plan properly for it.
  
  In the end, by going virtual you end up actually removing so much complexity from your systems that you'll never know how you did it before. No longer does each server have it's own drivers, quirks, OpenManage/hardware monitor, etc etc. You can create a new VM from a template in 5 minutes, ready to go. You can clone a server in minutes. You can snapshot the disks (and RAM, in ESX3) and you can migrate them to new hardware without bringing them down. You can create scheduled copies of production servers for your test environment. So much more simple then all-hardware.
  
  I'll admit that you shouldn't use virtual servers for everything (yet) but you will eventually be able to run everything virtual, so it's best to get used to it now.
   

• Virtualization

  (Score:4, Interesting)

  by DesertBlade (741219) on Friday March 09, @12:51PM (#18291170)

  Good story, but I disagree in some areas.
  
  Bandwidth concerns. You can have more than one NIC installed on the server and have it dedicated to each virtual machine.
  
  Downtime: If you need to do maintance on the host that may be a slight issue, but I hardly ever have to anything to the host. Also if the host is dying, you can shut donw the Virtual machine and copy it to another server (or move the drive) and bring it up fairly quickly. You also have cluster capability with virtualization.
   

• it is all roses for Disaster Recovery

  (Score:2) by QuantumRiff (120817) on Friday March 09, @12:52PM (#18291196) If your servers become toast, due to whatever reason, you can get a simple workstation, put a ton of RAM in it, and load up your virtual systems. Of course they will be slower, but they will still be running. We don't need to carry expensive 4 hour service contracts, just next business day contracts, saving a ton of money. The nice thing for me with Virtual servers is it is device agnostic, so if I have to recover, worst case, I have only one server to worry about NIC drivers, RAID settings/drivers, etc. After that, its just loading up the virtual server files.

• Re:it is all roses for Disaster Recovery

  (Score:1) by bigredradio (631970) on Friday March 09, @01:08PM (#18291444)
  (http://www.storix.com/ | Last Journal: Sunday August 20, @03:39PM) Sort of... I agree that you can limit hardware needs, but you also have a central point of failure. If the host OS or local storage goes, you now have lost multiple systems instead of one. One issue I have seen is having external scsi support. At least with Xen, you cannot dynamically allocate a pci scsi card to each node. This may also hold true for fiber channel cards.(not sure). That means, no offsite tape backups for the individual nodes and no access to SAN storage through the virtual nodes.

• We're about 95% virtualized and never going back!

  (Score:1, Interesting) by Anonymous Coward on Friday March 09, @12:56PM (#18291262) The absolute only place it has not been appropriate are locations requiring high amounts of disk IO. It has been a godsend everywhere else. All of our web servers, application servers, support servers, management servers, blah blah blah. It's all virtual now. Approximately 175 servers are now virtual. The rest are huge SQL Server/Oracle systems.
  
  License controls are fine. All the major players support flexible VM licensing. The only people that bark about change control are those who simply don't understand virtual infrastructure and a good sit-down solved that issue. "Compliance" has not been an issue for us at all. As far as politics are concerned -- if they can't keep up with the future, then they should get out of IT.
  
  FYI: We run VMware ESX on HP hardware (DL585 servers) connected to an EMC Clariion SAN.

• Home Use

  (Score:2, Insightful) by 7bit (1031746) on Friday March 09, @12:59PM (#18291316) I find Virtualization to be great for home use.
  
  It's safer to browse the web through a VM that is set to not allow access to your main HD's or partitions. Great for any internet activity really, like P2P or running your own server; if it gets hacked they still can't affect the rest of your system or data outside of the VM's domain. It's also much safer to try out new and untested software from within a VM, in case of virus or spyware infection, or just registry corruption or what have you. I can also be useful for code developement within a protected environment.
  
  Did I mention portability? Keep back-up's of your VM file and run it on any system you want after installing something like the Free VMWare Server:
  
  http://www.vmware.com/products/server/ [vmware.com]
   

• Hype Common Sense

  (Score:3, Interesting)

  by micromuncher (171881) on Friday March 09, @01:14PM (#18291556)

  The article mentions a point of common sense that I fought tooth 'n nail about and lost in the Big Company I'm at now.
  
  For a year I fought against virtualizing our sandbox servers because of resource contention issues. One machine pretending to be many with one NIC and one router. We had a web app that pounded a database... pre virtualization it was zippy. Post virtualization it was unusuable. I explained that even though you can Tune virtualized servers, it happens after the fact, and it becomes a big active management problem to make sure your IT department doesn't load up tons of virtual servers to the point it affects everyone virtualized. They argued, well, you don't have a lot of use (a few users, and not a lot of resource utilization.)
  
  My boss eventually gave in. The client went from zippy workability in an app being developed, to slow piece of crap because of resource contention, and its hard to explain that an IT change forced under the hood was the reason for SLOW, and in UAT, SLOW = BUSTED.
  
  That was a huge nail in the coffin for the project. When the user can't use the app on demand, for whatever reason, and they don't want to hear jack about tuning or saving rack space.
  
  So all you IT managers and people thinking you'll get big bonuses by virtualizing everything... consider this... ONE MACHINE, ONE NETWORK CARD, pretending to be many...

• Author is completely uninformed

  (Score:5, Insightful)

  by LodCrappo (705968) on Friday March 09, @01:28PM (#18291790)
  (http://www.spogbiper.com/)

  Increased uptime requirements arise when enterprises stack multiple workloads onto a single server, making it even more essential to keep the server running. "The entire environment becomes as critical as the most critical application running on it," Mann explains. "It is also more difficult to schedule downtime for maintenance, because you need to find a window that's acceptable for all workloads, so uptime requirements become much higher."

  No, no, no. First of all, in a real enterprise type solution (something this author seems unfamiliar with) the entire environment is redundant. "the" server? You don't run anything on "the" server, you run it on a server and you just move the virtual machine(s) to another server as needed when there is a problem or maintenance is needed. It is actually very easy to deal with hardware failures.. you don't ever have to schedule downtime, you just move the VMs, fix the broken node, and move on. For software maintenance you just snapshot the image, do your updates, and if they don't work out, you're back online in no time.

  In a physical server environment, each application runs on a separate box with a dedicated network interface card (NIC), Mann explains. But in a virtual environment, multiple workloads share a single NIC, and possibly one router or switch as well.

  Uh... well maybe you would just install more nics? It seems the "expert" quoted in this article has played around with some workstation level product and has no idea how enterprise level solutions actually work.

  The only valid point I find in this whole article is the mention of additional training and support costs. These can be significant, but the flexibility and reliability of the virtualized environment is very often well worth the cost.
   

• Re:Should I jump?

  (Score:2) by 15Bit (940730) on Friday March 09, @03:17PM (#18293318) It will depend what you do with your 3 shuttles.

   

  I just ditched my dual opteron (linux) + shuttle (windows) setup and replaced it with a single Core Duo box with linux virtualized under WinXP. I'm running the VMware free server software (http://www.vmware.com/products/free_virtualizatio n.html [vmware.com]) and i have to say i'm impressed.

  The only negatives i've found so far (aside from the obvious ones related to two systems in one computer) are some slowdown in mouse responsiveness in the virtualized linux and the lack of hardware accelerated graphics (these might be the same thing, i don't know). You also have to turn off access of the virtualized OS to the DVDROM or everything gets confused.

  The positives are that it was piss easy to set up and really "just works". The VMware'd linux talked to my network card without intervention and happily picked up a unique IP from my DHCPD. NIS/NFS to my fileserver "just worked". I can allocate the VMware OS 1 or 2 cores and vary the amount of RAM it sees. My main use for the linux V/OS is molecular dynamics simulations, the software running message passing via LAM/MPI and all compiled under Intel C and Fortran Compilers. Again, all of that "just worked".

  In terms of performance, MD calcs done on 1 cpu seem to be at close to full speed for one core, but running them dual gives only an 80% scaling improvement. That slowdown is about as expected, given that there's another OS running. Another nice side benefit is that i can run an MD calc on 1 cpu and play games with the other. I don't notice any lag.

  So to summarise - if i'd paid money for VMware i'd be seriously impressed, but for something to do exactly what i want for free is truly amazing.
   

• A nice buffer zone!

  (Score:1) by Gazzonyx (982402) on Friday March 09, @03:19PM (#18293356) I've found that virtualization is a nice buffer zone from management decisions! Case in point, yesterday my boss (he's got a degree in comp. sci - 20 years ago...), who's just getting somewhat used to the linux server that I set up, decided that we should 'put /var in the /data directory tree'; I had folded once when he wanted to put /home in /data, for backup reasons, and made it a symlink from /.
   

  Now when he gets these ideas, before just going and doing it on the production server, I can say "How about I make a VM and we'll see how that goes over", thinking under my breath the words of Keith Moon, "That'll go over like a lead zeppelin". It give me a technology to leverage where I can show that an idea is a Bad Idea, without having to trash the production server to prove my point.

  I've even set up a virtual network (1 samba PDC and 3 windows machines), to simulate our network on a small scale to set up proof of concepts. If they don't believe that something will work, I can show them without having their blessing to mess with our network. If it doesn't work, I roll back to my snapshots, and I have a virgin virtual network again.

  Does anyone do this? Has it worked out where you can do a proof of concept that otherwise, without virtualization, you would be confined to whiteboard concepts that no one would listen to?

• Re:the sad thing is how much we need virtualizatio

  (Score:2, Interesting)

  by dthable (163749) <dhable AT uwm DOT edu> on Friday March 09, @01:17PM (#18291608)
  (Last Journal: Monday February 12, @01:59PM)

  And if the software doesn't require a dedicated machine, the IT department wants one. The company I used to work for would buy a new machine for every application component because they didn't want Notes and a homegrown ASP application to conflict with each other. Seemed like a waste of hardware in my opinion.
   
• This is FUD

  (Score:2)

  by fyngyrz (762201) * on Friday March 09, @05:38PM (#18295052)
  (http://www.blackbeltsystems.com/ | Last Journal: Saturday January 27, @06:16PM)

  ...virtualization's problems can include cost accounting (measurement, allocation, license compliance); human issues (politics, skills, training); vendor support (lack of license flexibility); management complexity; security (new threats and penetrations, lack of controls); and image and license proliferation.

  Examine that quote from the article closely. See anything there that indicates virtualization "doesn't work"? No, nor do I. What they are talking about here has nothing to do with how well virtualization works, what they're complaining about is that a particular tool requires competence to use well in various work environments. Well, no one ever said that virtualization would gift brains to some middle level manager, or teach anyone how to use an office suite, or imbue morals and ethics into those who would steal; virtualization lets you run an operating system in a sandbox, sometimes under another operating system entirely. And it does that perfectly well, or in other words, it works very well indeed. I call FUD.

[Mar 2, 2007] Five tips for getting started with server virtualization

You need to calculate saving to avoid spending more money then with an old solution. Also large servers are really expensive so hardware saving might be illusionary. You should always consider blades as an alternative.

The big day arrives -- after months of planning and preparation, the time comes to actually move physical to virtual. Consider some migration tools to help you. Microsoft is releasing a tool in the near future that will allow you to move a fully installed server running a supported version of Windows to a virtual hard disk format, which is fully supported by its Virtual Server product. VMware has a similar tool in the works. These migration utilities can save you hours, if not days, of performing the actual move.

Other things to consider:

• Take advantage of clustering capabilities. Using high-performance clusters gives your virtual machines higher availability while also improving their performance.
   
• Think about management. How will your staff manage the virtual machine collection you will have? What scripting languages and APIs do your virtual server software support? Are you able to access certain controls via the command line for simple remote access-based administration?
   
• Don’t forget about storage. You’ll need a very fast disk subsystem to get maximum performance for your virtualized servers. Typically, you’ll find the biggest bang for the buck is in iSCSI-based disk offerings. They are reasonably priced but have great configurability, and such products are fast, too.

As with any ongoing process, it’s important to keep tabs on the virtualization project as you begin transitioning users and services to the new platform. Establish some performance and usage guidelines and thresholds, and evaluate what these metrics will mean for future tweaks and enhancements. Consider tweaking hardware configurations, network setups or increasing bandwidth as needed. Your job isn’t over once the final boot into the virtualized operating system is finished.

[Mar 2, 2007] The Virtualization Procrastinators What's The Holdup

Fear Factor

Shahri Moin, IT director at Oscient Pharmaceuticals Corp. in Waltham, Mass., is testing Microsoft Virtual Server 2005. So far, so good, he says, but Moin has reservations about upsetting the status quo. “Putting it in production scares the daylights out of me,” he acknowledges. And since he has just a few dozen servers to manage, the most common motivation for adopting virtualization — consolidation — isn’t a big concern. “It’s not going to allow me in a meaningful way to reduce staff or operating costs,” Moin says.

PerkinElmer first started using virtual machines in 2005 in a project designed to address space, power and cooling problems in its Boston data center by consolidating physical servers. Jeff Brittain, IT director for the city of Hickory, N.C., found another way to achieve a similar goal. He tested Microsoft Virtual Server 2005 but decided to migrate 40 rack-mounted servers to IBM blade servers instead. “That is accomplishing the consolidation we were looking at,” he says. With no pressing reason to go ahead with Virtual Server, he says he’ll revisit the technology “down the road.”

John Nordin, CIO at Insurance Auto Auctions Inc. in Westchester, Ill., has been testing VMware, but he says he doesn’t trust the technology enough to use it on the 130 servers that run the company’s auction business.

During an auction, a car is sold every 40 seconds, and many bids come in electronically. With 750,000 auctions a year, Nordin says he can’t afford problems. “This is super-mission-critical stuff. When it isn’t there, we can see it on the bottom line,” he says.

In early testing of VMware, a virtual server inexplicably reverted back to a prior configuration. That corrupted the system, which had to be restored from tape. Nordin says explanations from his vendors, VMware and Microsoft, haven’t been forthcoming. “I got a lot of the classic multivendor finger-pointing,” he says. “Nobody has been able to give me a root cause, and this thing is never seeing production until I know why this happened.” Even if those answers come, Nordin says, he’ll start out slowly by using the technology only on his print servers.

Bob Holstein, CIO at National Public Radio Inc., isn’t worried about the reliability of VMware ESX Server, which he calls “rock-solid and production-worthy.” He’s testing the product now and plans to do a small rollout on production servers later this year. If all goes according to plan, application servers with low utilization rates will be consolidated and then moved to a collocation facility to make room for more servers that handle live digital audio feeds for NPR’s radio programs. Those servers will stay on physical hardware, however. “Those vendors are not going to support a virtual environment, and they’re too mission-critical to take that risk,” Holstein says.

“I have a ‘show me’ attitude about [VMware] right now,” Holstein says, adding that staffers need to get plenty of hands-on experience with the technology before moving to a production environment.

Nordin agrees. “People who haven’t worked in any partitioned environment shouldn’t underestimate what their system engineers need to learn,” he says. “Make sure you put the training dollars in.”

“Virtualization is kind of a leap of faith,” says Mike French, senior network engineer at Perkin�Elmer. He has spent time explaining the technology to his peers. “It’s a tough thing to break the barrier, but if you build the environment rock-solid with redundancy and safeguards, nobody should ever have a problem.”

Although the technology has been in use for several years, it’s still common to find applications that aren’t supported on virtual machines. “A lot of vendors won’t certify applications as VMware-compatible,” Dattilo says. “In most cases, we assumed the risk, unless it was a mission-critical application.”

A VMware spokesman says that the problem has diminished. Indeed, a few of Dattilo’s vendors, such as Hyperion Solutions Corp. and Business Objects SA, have begun supporting virtual machines since he started working with the technology. As for the others, Dattilo says that most software vendors’ support organizations will still work with his staff on problems, but he hasn’t had any so far.

Nordin says the fact that some software vendors still don’t support applications on virtual servers is evidence that the market still isn’t fully mature.

“Those types of issues have been long resolved in the MVS, VM and Unix space,” he says, adding that server virtualization products “need to get going.” With Red Hat, SUSE and Microsoft embedding hypervisors into the Linux and Windows operating systems, however, application vendors will have little choice but to support it, analysts say.

Software vendors aren’t the only ones who’ve been slow to support their products running in virtual servers. Jon Elsasser, CIO at The Timken Co. in Canton, Ohio, says IT staff resistance to deploying homegrown applications on virtual machines has stopped some projects. “Some internal application-support personnel are a bit leery of it,” Elsasser says, but he expects attitudes to change over time.

Slow Uptake

Even companies that have embraced virtual server technology have limited its penetration into the data center. Those that have adopted virtualization have, on average, only about 20% of their environment virtualized, according to IDC analyst John Humphreys.

After a pilot last year, Timken went on to virtualize 35% of its servers. It now has 125 virtual servers running on six quad-processor physical machines, but Elsasser has no plans to expand beyond that. The 100 Windows and SQL servers supporting a new SAP ERP software implementation are off-limits to virtualization, he says. “At this point, we’re just glad it’s running,” Elsasser says.

At PerkinElmer, Dattilo’s goal is to have 52% of servers virtualized by the time the current project there is completed. That includes application servers with relatively low utilization levels, but others, such as Exchange Server mailbox nodes, are staying put.

Payton plans to roll out virtualization at Case Design/Remodeling this fall. “We’ll stay away from Exchange and SQL Server” and focus on low-utilization applications like domain controllers and file- and print-sharing servers, he says. Most users aren’t ready to consider virtualization for important applications, says IDC analyst Steven Elliot. “The really mission-critical stuff is further down the line,” he says.

Tools for managing virtual machines are still evolving, and their availability is “still a little light,” says Dattilo. However, he adds that tools included with the recently introduced VMware Infrastructure 3 Enterprise Edition have solved some of his problems. Currently, every virtual machine on a physical server needs its own instance of Backup Exec. VMware Consolidated Backup eliminates that problem.

Distributing loads across virtual machines — a time-consuming, manual process today — can be automated using Distributed Resource Scheduler. Payton has been testing with the previous version of VMware and says, “We’re running into CPU utilization problems because the limit is set statically.” He and Dattilo both plan to migrate to the new version.

With VMware so far ahead of the competition, there’s little pressure on pricing today. “Software licensing costs are a little high, and their maintenance is out of this world,” says Dattilo. Application software licensing on virtual machines is also in flux. “There’s a lot of confusion among application vendors as to how those will be licensed,” he says, noting he doesn’t want to pay a per-proc�essor premium for running on a quad-processor machine when an application is running in a virtual machine and using just a fraction of those resources.

Analysts expect the adoption curve to accelerate this year as users become more comfortable with virtualization technology. Says Elliot, “2006 is the year of production for large enterprises.”

But that doesn’t mean everyone should rush ahead. “If you don’t have a clear benefit from virtualization today, you can wait,” says Reynolds. That said, most companies will find at least some immediate benefits, whether from consolidation or reduced server configuration and deployment costs. Elsasser says server procurement time savings made his project worthwhile. “It used to take two weeks to deploy a new server,” he says. “Now we can do it in two days, and in an emergency, we can do it in an hour.”

A compromise strategy is to focus on “high-value production deployments” but put off broader implementations, says Reynolds. The next version of Windows Server will offer technology to compete with VMware in 18 months or so, and Linux distributions with virtualization technology will be here even sooner. With those competitive pressures, “VMware could become significantly less expensive,” Reynolds says.

[Jan 09, 2007] Linux.com Virtualization begins to materialize in the Linux kernel by Michael Stutz

Virtualization, the ability to run multiple "virtual" systems on a single host, is nearly as old as solid state computing. But it's been all the rage again in recent years, with more than a dozen large-scale Linux virtualization projects -- and while they require special custom kernels, patches, and software, the first steps toward OS-level virtualization have been implemented in the Linux kernel.

"To me, what we see now on the virtualization front is a natural evolution, rather than a revolution," says Kir Kolyshkin, project manager for OpenVZ, an open source virtualization effort supported by SWsoft. "We went from single-user to multi-user, from single task to multitasking. Now we go from single OS to multiple OSes, from single instance to multiple isolated VMs or VEs."

Virtualization has many applications, including testbeds and virtual server hosting. "The core motivation for most users is that a single machine now has more power than they can use for a single application," says Eric W. Biederman, a kernel hacker who works on system software and clusters for the high-performance supercomputing market. "Therefore it makes sense to consolidate servers on a single machine."

"Newer machines are 95% idle when used for 'typical' setups," agrees Herbert Poetzl, project leader of the Linux-VServer project. According to Poetzl, virtualization is also important for security. "Isolating services without adding unnecessary overhead and/or blocking out wanted communications is a big advantage," he says. "Lightweight isolation allows you to save a lot of resources by sharing, and increases security for service isolation."

Biederman says that virtualization also opens up the possibility for migration of running programs. "[I]f you can take everything with you that is global [such as a system's IP addresses and PIDs], and use those same global identifiers after you migrate, the problem becomes tractable without application modifications."

Two types of virtualization

Biederman explains that there are actually two separate and non-conflicting approaches to virtualization that are being addressed for the Linux kernel. One is to use a hypervisor, which handles calls to hardware allowing a system to run multiple (and different) operating systems at the same time in virtual servers; with paravirtualization (as with Xen), the kernel or OS is modified so that it knows that it's running on a virtual machine.

The other approach is to give the kernel the ability to run multiple instances of itself in separate, secure "containers" on the host system by virtualizing the namespace of the kernel.

"The core idea is that several objects that the kernel manages have global identifiers, and by making those identifiers non-global and doing a context-sensitive lookup, you can have the feel of multiple UNIX instances without the overhead," says Biederman. "Essentially this is building a super chroot facility."

A team of many players

OS-level virtualization is a major feature; implementing it in the Linux kernel is a large undertaking and isn't going to happen casually. In fact, several developers in the Linux virtualization arena, including Biederman, Linux-VServer, OpenVZ, and IBM are contributing to the effort. IBM's contribution should be particularly useful, since the company was a pioneer in the development of virtualization, and has more than 40 years of experience with the technology. IBM says that its recent innovations being integrated into the Linux kernel "represent some of the most significant development initiatives underway at IBM's Linux Technology Center."

Biederman says that the first thing everybody had to do was learn how to work together. What helped, he says, was working on first implementing "generally non-controversial" features. "Plus, this cemented the incremental approach," he adds, noting that both Linux-VServer and OpenVZ have already announced that they're using these new features in their software.

To help things get going, some of the key developers met at the Linux Kernel Developers Summit in Ottawa, Canada this past summer.

"Face-to-face meetings are always helpful, and I think we need more," says Kolyshkin, who suggests a "virtualization track" at next year's Kernel Summit. He says that what they've accomplished so far is only the beginning.

"I think it's too early to say we have achieved something big," he says. "In fact, there are just a few building blocks, a few bricks that came in."

The first few bricks

All of these first virtualization building blocks were proposed, discussed and worked on throughout 2006, and were in Linux kernel developer Andrew Morton's merge tree for a while; now, having made it to a stable 2.6 kernel (2.6.19, released November 29), they're officially a part of mainstream Linux.

"Strictly speaking, [these patchsets] do not change the current behavior of the Linux kernel," says Poetzl, "but they pave the road to OS-level virtualization."

IPC virtualization

The IPC virtualization patch virtualizes Linux Inter-Process Communication (IPC), which is the ability of processes to communicate and share data with each other. With this patch, processes can only see and communicate with those processes in the same virtual container.

"Traditionally, there is a single set of IPC objects (shared memory segments, message queues, and semaphores) per a running kernel," explains Kolyshkin. "Since we want to create multiple isolated environments -- containers -- on top of a single kernel, we do not want those containers to see each other's IPC objects. Thus the need to virtualize IPC -- or, in other words, create IPC namespaces."

PID virtualization

PID (Process ID) virtualization allows PID space to be unique to each container so that inside a container no processes outside of it can be seen.

On a UNIX system, the init process always has a PID of 1, explains Kolyshkin. "Since with multiple containers there are multiple inits, all those inits also should have PID=1. Thus the need for PID namespaces, or PID virtualization."

Kolyshkin adds that this isn't the only time PID virtualization can be handy. "Consider the live migration scenario when you migrate a set of processes from one machine to another," he says. "Since there is no way to change the PID of the task, you have to have all the same PIDs on a destination machine. Without separate PID namespaces, you cannot guarantee that."

UTS virtualization

The UTS namespace patch virtualizes the utsname structure, which gives basic information about the operating system and hardware, as well as the hostname; with this patch, utsname is local to each container -- a necessity for virtualization.

"We cannot live with the hostname being the same for all containers," says Kolyshkin.

According to IBM, the purpose of this patchset isn't merely the functionality itself, but that it helps lay the groundwork for virtualizing other system resources in the same way. Towards that end, the patchset introduced the necessary structures and code and provided an example of how to use them.

"IBM contributed it to 'get the ball rolling' on development for application containers, which are needed both for virtual server and application migration functionality," the company said in a statement. "In developing the patch, IBM also helped to get all the parties who were working to develop such functionality privately, together. This both accelerates development of the features and increases the code quality by ensuring that all parties get the right to object to bad design or bad code."

But on the paravirtualization side, things have been advancing, too. "The truth is that the paravirtualization support has been trickling in for a long time," says Biederman.

Patches to begin implementing paravirtualization have been merged into the development kernels; another patch merged into the development tree is the Kernel-based Virtual Machine (KVM). It creates a /dev/kvm device that allows the system to run virtual machines.

Morton says that he expects both KVM and the base paravirtualization to be included in Linux 2.6.20. "OS-level virtualization continues to trickle in," says Morton. "I don't know when [or] if it will be complete."

What's next

Meanwhile, all of the developers are steadily working on making it happen. "My personal plan is to finish up the PID namespace before I move forward with network namespace," says Biederman. "In some senses that is the critical namespace, because once you start separating out processes it really begins to feel like a separate system."

IBM is continuing to develop full-featured Linux virtualization at three levels -- full OS, virtual servers, and lightweight application sets. Kolyshkin predicts that the next two big advances will be more resource management work, and a checkpointing and live migration capability. While it will be some time before all these pieces are in mainstream Linux, these careful steps show that it's materializing.

"As for the general idea of how to achieve it -- bit by bit, patch by patch, with peer review, suggestions and improvements from everybody," says Kolyshkin. "And this is how we do that. Slowly, but moving forward."

Continued

Recommended Links