Cloud Operating System Unit 12 Cloud System Management I M. C. Chiang Department of Computer Science and Engineering National Sun Yat-sen University Kaohsiung,

Slides:



Advertisements
Similar presentations
Remus: High Availability via Asynchronous Virtual Machine Replication
Advertisements

Live migration of Virtual Machines Nour Stefan, SCPD.
Virtual Machine Technology Dr. Gregor von Laszewski Dr. Lizhe Wang.
Virtualization and Cloud Computing. Definition Virtualization is the ability to run multiple operating systems on a single physical system and share the.
NWCLUG 01/05/2010 Jared Moore Xen Open Source Virtualization.
Virtual Machine Security Design of Secure Operating Systems Summer 2012 Presented By: Musaad Alzahrani.
Security Issues and Challenges in Cloud Computing
MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 11 Windows Server 2008 Virtualization.
Introduction to Virtualization
Towards High-Availability for IP Telephony using Virtual Machines Devdutt Patnaik, Ashish Bijlani and Vishal K Singh.
Virtualization 101.
© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.
Virtualization 101.
Virtualization Performance H. Reza Taheri Senior Staff Eng. VMware.
Presented by : Ran Koretzki. Basic Introduction What are VM’s ? What is migration ? What is Live migration ?
Condor Project Computer Sciences Department University of Wisconsin-Madison Virtual Machines in Condor.
Virtualization Technology Prof D M Dhamdhere CSE Department IIT Bombay Moving towards Virtualization… Department of Computer Science and Engineering, IIT.
Tanenbaum 8.3 See references
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
Operating System Virtualization
Zen and the Art of Virtualization Paul Barham, et al. University of Cambridge, Microsoft Research Cambridge Published by ACM SOSP’03 Presented by Tina.
About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.
VMs Virtual Machines. VM What is a VM  Virtual Machine  Software implementation of a machine running on another machine The VM may or may not resemble.
CS 149: Operating Systems April 21 Class Meeting
CERN IT Department CH-1211 Genève 23 Switzerland t Virtualization with Windows at CERN Juraj Sucik, Emmanuel Ormancey Internet Services Group.
Cloud Operating System Unit 13 Cloud System Management II M. C. Chiang Department of Computer Science and Engineering National Sun Yat-sen University Kaohsiung,
Cloud Computing Saneel Bidaye uni-slb2181. What is Cloud Computing? Cloud Computing refers to both the applications delivered as services over the Internet.
Microkernels, virtualization, exokernels Tutorial 1 – CSC469.
SAIGONTECH COPPERATIVE EDUCATION NETWORKING Spring 2010 Seminar #1 VIRTUALIZATION EVERYWHERE.
SAIGONTECH COPPERATIVE EDUCATION NETWORKING Spring 2009 Seminar #1 VIRTUALIZATION EVERYWHERE.
Remus: VM Replication Jeff Chase Duke University.
Virtualization. Virtualization  In computing, virtualization is a broad term that refers to the abstraction of computer resources  It is "a technique.
Secure & flexible monitoring of virtual machine University of Mazandran Science & Tecnology By : Esmaill Khanlarpour January.
Virtualization Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation is licensed.
Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.
Windows Vista Inside Out Chapter 22 - Monitoring System Activities with Event Viewer Last modified am.
INTRODUCTION TO VIRTUALIZATION KRISTEN WILLIAMS MOSES IKE.
COMS E Cloud Computing and Data Center Networking Sambit Sahu
Virtualization 3 Subtitle: “What can we do to a VM?” Learning Objectives: – To understand the VM-handling mechanisms of a hypervisor – To understand how.
Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.
VMware vSphere Configuration and Management v6
Operating Systems Security
Efficient Live Checkpointing Mechanisms for computation and memory-intensive VMs in a data center Kasidit Chanchio Vasabilab Dept of Computer Science,
Security Vulnerabilities in A Virtual Environment
Full and Para Virtualization
SubVirt: Implementing malware with virtual machines Authors: Samuel T. King, Peter M. Chen University of Michigan Yi-Min Wang, Chad Verbowski, Helen J.
COMP25212: Virtualization 3 Subtitle: “What can we do to a VM?” Learning Objectives: –To understand the VM-handling mechanisms of a hypervisor –To understand.
Lecture 26 Virtual Machine Monitors. Virtual Machines Goal: run an guest OS over an host OS Who has done this? Why might it be useful? Examples: Vmware,
Virtualization One computer can do the job of multiple computers, by sharing the resources of a single computer across multiple environments. Turning hardware.
Alessandro Cardoso, Microsoft MVP Creating your own “Private Cloud” with Windows 10 Hyper- V WIN443.
Hands-On Virtual Computing
Cloud Computing Lecture 5-6 Muhammad Ahmad Jan.
Cloud Computing – UNIT - II. VIRTUALIZATION Virtualization Hiding the reality The mantra of smart computing is to intelligently hide the reality Binary->
Virtual Machine Movement and Hyper-V Replica
© ExplorNet’s Centers for Quality Teaching and Learning 1 Explain the purpose of Microsoft virtualization. Objective Course Weight 2%
Unit 2 VIRTUALISATION. Unit 2 - Syllabus Basics of Virtualization Types of Virtualization Implementation Levels of Virtualization Virtualization Structures.
© 2012 Eucalyptus Systems, Inc. Cloud Computing Introduction Eucalyptus Education Services 2.
VIRTUAL MACHINE – VMWARE. VIRTUAL MACHINE (VM) What is a VM? – A virtual machine (VM) is a software implementation of a computing environment in which.
Intro To Virtualization Mohammed Morsi
Daniel P. Berrangé Principal Software Engineer, Red Hat.
Chapter 6: Securing the Cloud
Cloud computing issues
Operating System Structure
Group 8 Virtualization of the Cloud
Introduction to Operating Systems
OS Virtualization.
Virtualization Meetup Discussion
Virtualization 101.
Presentation transcript:

Cloud Operating System Unit 12 Cloud System Management I M. C. Chiang Department of Computer Science and Engineering National Sun Yat-sen University Kaohsiung, Taiwan, ROC Cloud Operating System

Outline  Out of the Machine  IDC Management  Based on the Machine  Service Availability  Virtual Machine Management The Management Tool: libvirt Snapshot and Checkpoint Live Migration Virtual Machine Security Rootkit  Summary 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-2

Out of the Machine  Cloud is not only the Cloud on the network.  Plenty of elements support the Cloud.  Server  Power Supplies  Air Conditioner  Staff Members  etc.  Virtual is built on reality. 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-3

IDC Management  Comfortable environment for machines.  Temperature, humidity level.  Prevents from natural disasters.  Flood, earthquake.  Prevents from power failure.  UPS.  Prevents from microwaves.  Well-planned escape.  Guarded entrance.  Limited use of data storage media.  Circumstance in movie “Transformers”. 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-4

Based on the Machine  Eventually, what customers concern is the services provided.  Here are some important issues.  Customers think what Cloud should be.  Maintainers think what help Cloud to be. 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-5

Service Availability (1)  Very important for all services  Amazon EC2 guarantees at least 99.95% availability in agreement (about minutes down time at most in a year)  Google App Engine guarantees same service level agreement  Both provide refund if the requirements are not met 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-6

Service Availability (2)  Possibly methods of increasing availability  Providing virtual machine instance snapshots Can backup VM’s state  Providing virtual machine live migration Can move the virtual machine to another physical machine on the fly  Redundant storage data In different physical storages and different place. 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-7

Virtual Machine Management  Most IaaS solutions aren’t bound with hypervisors  Can use different hypervisors in clouds  Manage instances will be an issue  A cloud is composited with many hosts, increasing even more complexity  A common layer for managing all hypervisors with one controlling point  Reduce the complexity greatly 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-8

libvirt - Introductions (1)  Initial release: Dec 19, 2005  Most recent stable release: Feb 13, 2012  An open source API, daemon and management tools are included  Aiming for “being a building block for higher level management tools” 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-9

libvirt - Introductions (2)  Supported by Red Hat  Writing in C  Binding with C#, Python, Perl, OCaml, Ruby, Java, PHP  Support hypervisor:  KVM, Xen, VMWare, MS Hyper-V, etc. 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-10

libvirt - Introductions (3) 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-11

libvirt - Features (1)  VM Management  Including provision, create, modify, monitor, control, migrate, and stop instances  Instance resources management  Network interfaces and firewall setup  Storage management  Overall instances’ states monitoring  Local physical host resource consumption monitoring. 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-12

libvirt - Features (2)  Remote management  Using TLS encryption and x509 certificates  Authenticating with Kerberos and SASL  Provides secure remote control  Portable client API for multiple OSs  Including Linux, Solaris, and Windows 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-13

libvirt – Operation Modes  libvirt has two operation modes.  Local use libvirt API directly  Remote executes extra libvirtd allows user to access hypervisors on remote machine through authenticated connections 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-14

libvirt – Tools Based on It  virsh  An interactive CLI including in libvirt  Virtual Machine Manager  An GUI developed by Red Hat  oVirt  Web application for virtual machines management. Developed by Red Hat as well  And more than 20 projects base or use libvirt 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-15

libvirt – Supported by Xen (1) 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-16

libvirt – Supported by Xen (2)  Programs using libvirt execute in Dom0.  libvirt can be initialized in two ways, each has their methods to connect to the Xen infrastructure.  With root access, use virConnectOpen(). Connect to the Xen Daemon through an HTTP RPC layer. A read/write ocnnection to the XenStore. Use Xen Hypervisor calls.  Without root access, use virConnectOpenReadOnly(). Fork a libvirt_proxy program (running as root) to provide read_only access to the API. Be useful for reporting and monitoring. 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-17

Snapshot and Checkpoint (1)  Not only the disk image  File-based representation of the state, data and hardware configuration of whole VM  Can “freeze” the virtual machine in some particular states, then resume the execution  Useful for system forensics, or restore the whole system back after failed upgrade/patch 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-18

Snapshot and Checkpoint (2)  Difference between “snapshot” and “checkpoint”  Different definitions in different hypervisors Xen Only “checkpoint” Microsoft Hyper-V “snapshot” for long-term backup “checkpoint” for short term recovery VMWare Only “snapshot” 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-19

Snapshot - Creation  With the CLI command, making snapshots can be scheduled and executed automatically  Different command for different hypervisor of course Xen xl save [OPTIONS] VMWare Workstation vmrun snapshot [OPTIONS]  With help of libvirt: All can be done with “virsh snapshot-create [OPTIONS]” 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-20

Live Migration (1)  Snapshot can make backups for disaster recovery  If host needs maintenance, we have to move virtual machine from host to host on the fly for minimizing downtime  Live migration can be seamless from end-users  Two ways of migration  Pre-copy memory  Post-copy memory 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-21

Live Migration (2)  Pre-copy memory migration implementation  Warm-up Copy the current memory pages to destination If pages change, re-copy them until the rate is less than given rate  Stop-and-copy Stop the source VM and copy the remaining dirty pages to target VM. Downtime happens here. Could be milliseconds to seconds, depends on memory size. 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-22

Live Migration (3)  Post-copy memory migration implementation  Suspending the source VM first, then copy the minimal execution state of the VM to the destination Including CPU, registers, and non-pageable memory  After copying the state the VM at destination start running  What about the memory? Each time the page that haven’t transferred it generates page-faults. The page-faults will be handled by hypervisor, and copy from the source through network. 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-23

Live Migration (4)  Pre-Copy  Need warm-up stage for copying most pagetable  Longer downtime depends on the VM’s workload From 60ms to 210ms*  Post-Copy  Even less downtime than pre-copy  Performance impact after migration Demand-paging mechanism reduce the performance impact 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-24

VM Security  Virtual machine monitor security is recently the most important issue for Cloud Computing.  All virtual machines controlled by VMM.  VMM is the bridge between virtual machines and the hardware. Hard disk Memory CPU, etc.  Theoretically, a virtual machine is a completely isolated guest operating system installation. 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-25

VM Security – Virtual Machine Escape  What is virtual machine escape?  The process of breaking out of a virtual machine and interacting with the host OS.  The first discovery of virtual machine escape.  2008, within VMWare  By Core Security Technologies  CVE Allows guest OS users to read and write arbitrary files on the host OS. 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-26

VM Security – VMWare (1)  The number of security vulnerabilities in record  154 due to 2012/04/02  The oldest record  CVE Miss Buffer overflow in VMWare for Linux. Method Uses a long HOME environmental variable. 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-27

VM Security – VMWare (2)  The newest record  CVE Miss VMWare ESX/ESXi 3.5, 4.0 and 4.1 do not implement port- based I/O operations properly. Effect Allows guest OS users to gain guest OS privileges. Method Overwrites memory locations in a read-only memory block associated with the Virtual DOS Machine. 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-28

VM Security – Xen (1)  The number of security vulnerabilities in record  9 due to 2012/04/02  The newest record  CVE Miss tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0 and 4.1 Effect Allows local users to cause a DoS Method Unspecified vectors related to “Lack of error checking in the decompression loop” 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-29

VM Security – Xen (2)  The oldest record  CVE Miss xend in Xen does not properly limit the contents of the /local/domain/xenstore directory tree restrict a guest VM’s write access within the directory tree Effect Allows guest OS users to cause a DoS 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-30

VM Security – Hyper-V  The number of security vulnerabilities in record  3 due to 2012/04/02  All allow users to cause a DoS  CVE  Host OS hang  Via a crafted application that executes a malformed series of machine instructions.  CVE  host OS hang  By sending a crafted encapsulated packet over the VMBus.  CVE  host OS infinite loop  Via malformed machine instructions in a VMBus packet. 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-31

VM Security - OpenStack  The number of security vulnerabilities in record  2 due to 2012/04/02  CVE  When enabling EC2 API and the S3/RegisterImage image-registration method, allow remote authenticated users to overwrite arbitrary files.  CVE  When using OpenStack API, allow remote authenticated uses to bypass access restrictions for tenants of other users. 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-32

VM Security – About Vulnerability  Top 3 of vulnerability types  Execute Code  Denial of Service  SQL Injection  Information resource  supplies the records above   9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-33

VM Management – Rootkit  What is a rootkit?  A tool for getting root or cleaning the invade history.  A kind of malicious software.  In order to hide the existence of certain processes.  It is nice, before.  Sony BMG copy protection rootkit scandal.  Trojan can be seen as a rootkit. 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-34

Rootkit - Examples  We have already known that a rootkit is a software which intends to get the control of the computer  Here are two VMBRs (Virtual-Machine Based Rootkit).  SubVirt  Blue Pill 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-35

Rootkit– SubVirt (1)  Proposed by team of Microsoft Research and University of Michigan on  The procedure of infection.  We assume that SubVirt has the administrator authority.  After rebooting, SubVirt should be executed first.  SubVirt starts VMM and runs the original operating system as a virtual machine on VMM.  SubVirt can collects the wanted information. 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-36

Rootkit– SubVirt (2) 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-37

Rootkit– Blue Pill (1)  Designed by Joanna Rutkowska.  First demonstrated at the Black Hat Briefings on August 3,  Originally it required AMD-V support, but was ported to Intel VT-x as well.  It will start a thin hypervisor and virtualize the rest of the machine under it.  The machine doesn’t need to be restarted. 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-38

Rootkit– Blue Pill (2) 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-39

Summary  Cloud is not only what user see.  Snapshot and checkpoint can help to retain the service availability.  There are two ways for live migration:  Pre-copy memory  Post-copy memory  Services based on virtual machines, and virtual machines managed by hypervisors, so the security of hypervisors is important. 9/4/2015 Cloud Operating System - Unit 12: Cloud Management U12-40

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.