Server virtualization
5,982 views
71 slides
Nov 19, 2017
Slide 1 of 71
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
About This Presentation
This presentation covers the server virtualization with KVM as the hypervisor
Slide Content
Server Virtualization Concepts Kingston Smiler . S ( [email protected] )
About Me
Levels of Server Virtualization
Server Virtualization Wikipedia Definition Partitioning of physical server into number of small virtual servers Uses Virtualization Software and hardware virtualization techniques In most cases the servers are not utilized fully which results in inefficient usage
Why Server Virtualization
History of Server Virtualization 1970s 1990s 2000s
IBM Mainframes IBM CP-67 (Mid 1960s) First Virtualized IBM Mainframe Server Split the computer into multiple virtual machines Different “tasks” can be run separately and independently on the same mainframe If one virtual machine or “task” has a problem, other virtual machines are unaffected
Personal Computer Evolution Introduction of Intel/AMD servers (x86 architecture) Each PC/server runs its own OS (Windows / Unix) and runs application. Best approach for personal computers. For server and IT infrastructure brings overhead while going for massive scale. Typically in IT and infrastructure deployment one server runs one application (Email Server, Application Server, DB Server etc ) File Server Web Server File Server Web Server File Server Domain Server App Server DNS Server Each Server Running 1 Application
Server Virtualization
Physical Server vs Virtual Server
Components of Server Virtualization Virtual Machine Software Implementation of a machine that executes program like a physical machine. Host Operating System Operating System actually running in the server / hardware Guest Operating System The Operating System running in the simulated virtual machine HyperVisor or VMM The Operating System running in the simulated virtual machine Host Operating System Hardware -- “real machine ” Virtual Machine Guest Operating System APP APP Virtual Machine Guest Operating System APP APP Hypervisor / VMM
Virtual Machine System Virtual Machine Full Virtualization VMs run directly on the server infrastructure without any general purpose OS Hardware -- “real machine” Virtual Machine Monitor (VMM) Simulated Machine Operating System APP APP Simulated Machine Operating System APP APP Hardware -- “real machine” Host Operating Syste m Simulated Machine Operating System APP APP Simulated Machine Operating System APP APP Process Virtual Machine? Needs host operating syste m Virtual Machine running as a process in the host OS
HyperVisor Hypervisor Hypervisor is a variant of supervisor and is the “Supervisor of Supervisor ” Piece of computer software, firmware or hardware that creates and runs VM Presents the guest operating system a virtual operating platform and manages the execution of guest OS Multiple instances of a variety of operating systems may share the virtualized hardware resources
Type 1 Hypervisors Also known as bare-metal implementation They sit directly on the top of hardware, without needing any operating system. Since they can directly communicate with hardware resources, they are much faster than type 2 hypervisor Pro’s Single virtual machine crash does not affect rest of guest system. More Secure than type2. Generate less overhead and fast. Example Vmware Esx , Microsoft Hyper-V
Type 2 Hypervisors Type 2 hypervisor resides on top of the operating system. They cannot directly communicate with the hardware, they are less efficient than the type 1 Pro’s Install is easier. OS takes care of all the hardware, that’s why can support wide range of hardware . Con’s More points of failure, anything that affects the stability of base os can also affect the guest os . Examples KVM, VirtualBox
Server V irtualization Components
CPU Virtualization
CPU Virtualization What is CPU Virtualization? Single CPU acting as if there are more than 1 CPU in the system. Most instructions are executed directly on the physical CPU The Hypervisor / VMM safely performs privileged instructions
X86 Architecture Privileges Four Levels of Privileges as Ring 0, 1, 2, 3 for both kernel space (OS) and user space applications These privileges are meant for accessing the hardware resources by the OS and user space applications User Apps run in Ring 3 and OS runs in Ring 0 The AMD-V and Intel-VT CPUs use a new privilege level called Ring -1 for the VMM
Server V irtualization Components
Full Virtualization User Apps Guest OS VMM System Hardware Ring 3 Ring 2 Ring 1 Ring 0 Full Virtualization Requires no hardware assist or OS assist for virtualization support Guest OS is not aware of whether it is running in VM or physical server . The Guest OS runs in Ring 1 privilege Hypervisor runs in Ring 0 privilege
Bare Metal Execution Methodology Guest user apps can’t tamper with the guest OS due to ring protections. However user level code can be directly executed on the processor for high performance virtualization. Guest user apps and guest OS can’t tamper with VMM due to ring protections When the guest OS executes a privileged instruction , it will trap into the VMM When a guest app generates a system call or exception, the app will trap into the VMM VMM’s trap handler uses a policy to decide what to do (e.g., emulate the instruction) User Apps Guest OS VMM System Hardware Ring 3 Ring 2 Ring 1 Ring 0 Direct Execution of virtualizable instructions Binary Translation of non- virtualizable instructions Bare Metal
Full Virtualization – Execution Methodology Guest user apps can’t tamper with the guest OS due to ring protections. However user level code can be directly executed on the processor for high performance virtualization. Guest user apps and guest OS can’t tamper with VMM due to ring protections Any instruction either privileged or non-privileged will trap into the VMM When a guest app generates a system call or exception, the app will trap into the VMM VMM’s trap handler uses a policy to decide what to do (e.g., emulate the instruction) User Apps Guest OS Host OS System Hardware Ring 3 Ring 2 Ring 1 Ring 0 Binary Translation of All Instructions Host Based VM
Full Virtualization – Drawbacks
Para Virtualization Para Virtualization Requires communication between the guest OS and hypervisor to improve performance and efficiency Guest OS should be aware of whether it is running in VM or physical server Guest OS kernel needs to be modified to replace non virtualizable instructions with hypercalls that communicate directly with the hypervisor The Guest OS runs in Ring 1 privilege. Hypervisor runs in Ring 0 privilege User Apps Guest OS Instrumented Host S System Hardware Ring 3 Ring 2 Ring 1 Ring 0 Virtualization Layer
Para Virtualization – Execution Methodology Guest user apps can’t tamper with the guest OS due to ring protections. However user level code can be directly executed on the processor for high performance virtualization. Guest user apps and guest OS can’t tamper with VMM due to ring protections As the guest OS kernel is modified to replace non virtualizable instructions with hypercalls that communicate directly with the hypervisor it will issue a hypercall to the VMM VMM’s trap handler uses a policy to decide what to do (e.g., execute the instruction)
Hardware Assisted Virtualization Hardware Assisted Virtualization Techniques like Intel VT-X, AMD-V facilitates the hardware assisted virtualization Privileged and sensitive calls are set to automatically trap to the hypervisor and handled by hardware The Guest OS runs in Ring 1 privilege Hypervisor runs in Ring 0 privilege User Apps Guest OS System Hardware Ring 3 Ring 2 Ring 1 Ring 0 VMM Ring -1
Multithread Vs Multicore Vs CPU Virtualization
Memory Virtualization What is Memory Virtualization? Abstracts the physical memory resources in a virtualized server. Handles the physical memory, virtual memory of both guest and host OS and maintains mapping between these entities.
I/O Virtualization
Emulated I/O Guest VM Guest OS Host OS (Linux) KVM (kernel module) QEMU vCPU vCPU User space Kernel space I/O emulation I/O operation MMIO or PIO Trap Native drivers Interrupt Software emulates real hardware device VMs run same driver for the emulated hardware device Trap hypervisor I/O emulator (e.g., QEMU) Every I/O operation generates trap and emulation Poor performance
Para-Virtualized I/O Split driver model Front-end driver in a guest VM Virtual driver to forward an I/O request to its back-end driver Back-end driver in a host OS Request a forwarded I/O to HW via native driver Guest VM Guest OS Host OS (Linux) KVM (kernel module) QEMU vCPU vCPU User space Kernel space VirtIO Backend I/O operation Native drivers VirtIO Frontend Shared descriptor ring: Optimization by batching I/O requests Reducing VMM intervention cost
Direct I/O Guest VM Guest OS Host OS (Linux) KVM (kernel module) QEMU vCPU vCPU User space Kernel space I/O emulation I/O operation MMIO or PIO Native drivers 33 /32 Directly assign device to Guest High performance and low CPU utilization
KVM, QEMU, LibVirt
Agenda
KVM (Kernel Virtual Machine) By itself, KVM does not perform any emulation. It exposes / dev / kvm interface for virtualization KVM (Kernel VM) Hardware Assisted Virtualization infra for linux on X86 Requires hardware containing virtualization extensions (Intel VT or AMD-V) Open Source Software under GPL license Two Components: Kernel Component part of mainline linux for 2.6.20. User Component (part of Qemu )
Why KVM
KVM
QEMU (Quick Emulator) QEMU (Quick EMUlator ) Generic and open source machine emulator and virtualizer QEMU can run programs made for one machine ( for example: an ARM board) on a different machine Hosted hypervisor/VMM that performs hardware virtualization Work along with KVM for providing Hardware Assisted Virtualization
Emulation Vs Virtualization Both can act as a hypervisor Virtualization Slice the underlying hardware into multiple disjoint virtual devices The ISA of host and guest typically are same Guest operations can be directly dispatched to hardware Emulation Host and Guest may have different ISA Guest ISA is managed in software Guest operations needs translation
Usage of QEMU
KVM vs QEMU Both are hypervisors Stand alone QEMU uses paravirtualization where as KVM provides infra for hardware virtualization KVM virtualizes only CPU and memory whereas Qemu virtualizes all other devices When QEMU and KVM are working together we get hardware assisted virtualization
KVM – Components KVM.ko Core KVM kernel module Implements vCPU and MMU Emulates few virtual devices in kernel Provides ioctls for communications Kvm-intel.ko / kvm-amd.ko Provide support for Intel VMX and AMDs SVM support qemu-kvm Based on Qemu emulator Implements much of virtual devices Provides user interface to KVM
KVM – High Level Overview
KVM – High Level Overview
libvirt Libvirt Provides Open Source API for managing the various hypervisors The management task includes provision, creation, modification, monitoring, control, migration etc Various cloud orchestration platforms uses libvirt libraries for instantiating the VMs Any libvirt client can remotely connect to the libvirt running in a host server
Libvirt and QEMU
KVM Virtualization
KVM Concepts KVM converts the Linux Kernel to provide Hypervisor support However there is no change introduced in the Linux kernel to provide the Hypervisor support. Instead new kernel modules are introduced. Linux kernel already does all the process, memory and i/o management for the process running in the host OS KVM introduces a new mode called guest mode along with the User Mode and Kernel Mode
KVM Virtualization
Intel Hardware Support For Virtualization Intel Virtualization Support For processor virtualization, Intel offers the VT-x . VT-X adds the guest mode or ring –1 privilege for KVM For memory virtualization, Intel offers the EPT, which translates the virtual address to the machine's physical addresses to improve performance For I/O virtualization, Intel implements VT-d and VT-c
CPU Virtualization Every VM is a normal application process in the host machine. The VM process in the host machine can be scheduled to run on the CPU by the host OS (like normal process). However KVM allows the quest code / OS to run directly into the host CPU (although the quest OS / code runs as an application process) using the guest mode execution For scheduling, memory management, and other services KVM uses the linux kernel however it helps the user program to make use of the hardware virtualization
CPU Modes
Mode Transitions
Virtual Memory Virtualization Virtual Memory Virtualization is similar to Virtual Memory concept. In virtual memory concept the operating system maintains mappings of virtual memory to machine memory using page tables. However in VM environment, virtual memory virtualization involves mapping between virtual memory of guest operating system to physical memory of guest operating system along with the mapping of physical memory of guest operating system to the machine memory The first mapping will be maintained by guest OS and the second mapping will be maintained by the hypervisor
KVM Device Virtualization
KVM Emulated Device Virtualization QEMU in user space provides the emulated device which is a software implementation of the hardware. The guest VM is not aware that it is an emulated device and interacts with the device When there is any I/O operation by the guest VM, the hypervisor intercepts all I/O requests from the guest operating system and emulates the operation of the real I/O hardware
KVM Para Device Virtualization / VirtIO Para-virtualized devices are software implementations of hardware devices Para-virtualization requires that the guest operating system be modified to communicate with the hypervisor. It’s a split driver implementation with front-end driver sitting in VM and backend driver sitting in KVM The frontend and backend drivers communicate through a path that is nothing but virtio The frontend driver manages the I/O requests of the guest OSes and the backend driver is responsible for managing the real I/O devices and multiplexing the I/O data of different VMs
KVM Para Device Virtualization / VirtIO
KVM Network Virtualization
vNIC , TUN/TAP Interface vNIC A VNIC is a virtualized Network Interface Card, used by a Virtual Machine as its network interface. Linux Bridge The Linux bridge code implements a subset of the ANSI/IEEE 802.1d standard. Bridge can be created inside a system and can be used to provide connectivity across the VM TAP Interface TAP simulates a link layer device and it operates with layer 2 packets like Ethernet frames . Packets sent by an operating system via a TAP device are delivered to a user-space program which attaches itself to the device OVS open-source implementation of a distributed virtual multilayer switch. Provides a switching stack for hardware virtualization environments
KVM Network Virtualization
User Networking When ? When the virtual machine is required to access to the host, to internet or to resources available on your local network. T here is no need to access your guest from the network or from another guest. Procedure Simply run guest without specifying network parameters, which by default will create user-level ( a.k.a slirp ) networking
Private Virtual Bridge When ? When setting up a private network between 2 or more virtual machines. This network won't be seen from the other virtual machines nor from the real network. Procedure Create a bridge Create a tap device Attach the tap device to the bridge
Public Bridge When ? You want to assign IP addresses to your virtual machines and make them accessible from your local network Procedure Create a bridge Create a tap device Attach the tap device to the bridge Attach the host machine interface to the bridge
Routing With IP Tables When ? You want to pass through all the traffic from VM to IP tables of Host Procedure Create a bridge Create a tap device Attach the tap device to the bridge Attach the host machine interface to the bridge
VirtIO Example (Packet IO)
Handson
KVM Installation Check your CPU has hardware virtualization support – either Intel VT-x or AMD-V . egrep -c ‘( svm|vmx )’ / proc / cpuinfo should return a value 1 or more Install KVM, l ib- virt , linux bridge utilities and GUI based virt -manager sudo apt-get install qemu-kvm libvirt -bin bridge- utils virt -manager Run the command to add your user account to the libvirt group sudo adduser name libvirtd
Basic QEMU-KVM CLI Commands qemu-kvm options disk_img qemu-kvm -name “Telsites" -M pc-0.12 -m 512 - cpu kvm64 - smp 2 / images/telsitessp1.raw qemu-kvm - hda / images/selsitessp1.raw -net nic -net user qemu-kvm - hda /images/imagei1.raw - hdb /images/image2.raw - hdc \ /images/image3.raw - hdd /images/image4.raw
Thank you [email protected]
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 5,982
- Slides 71
- Favorites 5
- Age 2935 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
45 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
45 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
20 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
24 views