Xen , Linux Vserver , Planet Lab Virtualization Xen , Linux Vserver , Planet Lab

Paper Container-based Operating System Virtualization: A Scalable, High-performance Alternative to Hyper visors Stephen Soltesz, Herbert P¨otzl, Marc E. Fiuczynski, Andy Bavier, and Larry Peterson Princeton University PlanetLab Architecture: An Overview Larry Peterson*, Steve Muir*, Timothy Roscoey, Aaron Klingaman* * Princeton University , Intel Research – Berkeley

What is virtualization ? Virtualization is a broad term which refers to many different aspects of computing. In essence has to be some sort of abstraction of resources. These resources could be computing power or storage.

Why is virtualization important ? The one server one application idea can be avoided. Multiple servers can coexist on the same physical machine bringing IT costs down. Also makes administration easier.

Why is virtualization important ? Data Recovery Other areas include research areas such as Planet Lab , High Performance Clustering etc. http://news.zdnet.com/2036-2_22-6058678.html

Basic Concepts Host – The physical computer on which the virtual machine is loaded. Virtual Machine – It’s a software environment which appears to a guest OS as hardware. It consists of some computing power (CPU), Memory, NIC, and hard drive. Virtualization Layer – This is what is available as resources to the virtual machines. Also know as virtual machine monitor.

Different Virtualization Models Vmware Model Xen Model Linux Vserver Model

VMware model Reference: Virtualization with VMware ESX Server By Al Muller, Seburn Wilson Publisher: Syngress

Full Virtualization It provides total abstraction of the underlying physical system and creates a complete virtual system in which the guest operating system can execute. No modification is required in the guest OS or application. Example VMware ESX server

Drawbacks of Full Virtualization X86 architecture is not meant for virtualization. This reduces performance and increases complexity.

Xen Model Reference : http://www.dell.com/downloads/global/power/ps3q05-20050191-Abels.pdf

Para virtualization This provides each VM with an abstraction of the hardware that is similar but not identical to the hardware. It requires modification to the guest OS that are run on the VM. No changes to the ABI are to be made, so applications remain the same.

Issues in Virtualization Efficiency Vs Isolation The paper argues that isolation is dependant on the usage scenario. It sacrifices isolation partially in favour of performance.

Motivation for Container based OS Organizations run many copies of the same server software, operating system distribution and kernels in their mix of VMs. If this is the case then the same shared virtualized OS image can be used for all virtual machines.

Container Based OS VMM

Container Based OS VMM Hosting platform consists of the shared OS image and the privileged host (VMHost). VMHost – This is the VM that the system admin uses to manage other VMs.

How does this differ from Xen ? Fault Isolation : Container based VMM cant provide fault isolation as they use a single shared kernel. So if the kernel fails, all the VMs are affected. Resource Isolation : VMM should be able to isolate one VM from accessing resources of another VM. Security Isolation: VMM should isolate access to logical objects such as files, memory addresses, user id’s and so on.

How does this differ from Xen ? Key Difference : Hypervisors can run multiple kernels while container based OS VMM cant do that. On the other hypervisor based systems cant have live update.

Security Isolation in container based VMM Contexts : Separation of namespaces Filters : Access Control Lists Hardware virtualization

Resource Isolation CPU Isolation Token bucket filter runs on top of O(1) scheduler. Each VM has a bucket where it collects tokens at a specified rate. Tokens are charged on the basis of running processes per VM.

Resource Isolation Network Isolation Hierarchical Token bucket is used to provide bandwidth reservations. Each VM has a specified reservation and a share. Each packet has a context id tagged to it to map it to the VM.

Security Isolation Processes belonging to different VMs are not allowed to interact with each other.

Comparison

Planet Lab Overview Planet Lab is a geographically distributed platform for deploying, evaluating, and accessing planetary-scale net-work services. The internet has been a success and as a result has become ossified – that is it is resistant to change. Its difficult to introduce new ideas without trying them out. Reference : http://www.planet-lab.org/Talks/2004-01-30-APAN.pdf Planet Lab is a sort of a test bed or deployment platform of 1000 servers spread across more than 35 countries.

Planet Lab Features Distributed Virtualization : The need is for a global platform that supports broad coverage services at multiple points of presence. Each service runs as a slice of Planet Lab’s global resources. What is a slice ? A slice is a network of virtual machines.

Virtual Machine Monitor (VMM) Planet Lab Features Node : A physical machine capable of one or more virtual machines. It must have at least one non-shared IP address. Each unique node has a unique node Id. Node Mgr Local Admin VM1 VM2 VMn … Virtual Machine Monitor (VMM)

Planet lab Features Node Manager : It is a program running on each node that creates VMs on that node and controls the allocation of resources to those VMs.

Slices

Slices

Slices The individual VM’s that make up a slice contain no information about the other VMs in the set. The slice state is maintained by the Slice Authority. This task is done by the PLC for system wide slices. Creating a slice is a multistage process involving the node owner, slice creation service and a slice authority.