Presentation is loading. Please wait.

Presentation is loading. Please wait.

Linux Virtualization Kir Kolyshkin OpenVZ project manager.

Published byMorgan Masengale Modified over 10 years ago

Similar presentations

Presentation on theme: "Linux Virtualization Kir Kolyshkin OpenVZ project manager."— Presentation transcript:

1 Linux Virtualization Kir Kolyshkin OpenVZ project manager

2 2 What is virtualization? Virtualization is a technique for deploying technologies. Virtualization creates a level of indirection or an abstraction layer between a physical object and the managing or using application. http://www.aarohi.net/info/glossary.html Virtualization is a framework or methodology of dividing the resources of a computer into multiple execution environments... http://www.kernelthread.com/publications/virtualization/ A key benefit of the virtualization is the ability to run multiple operating systems on a single physical server and share the underlying hardware resources – known as partitioning. http://www.vmware.com/pdf/virtualization.pdf

3 3 Ways to Virtualize Hardware Emulation Para-Virtualization Virtualization on the OS level Multi-server virtualization

4 4 Hardware Emulation a.k.a. VM (Virtual Machine)  VMware  QEmu  Bochs Pros: Can run arbitrary OS, unmodified Cons: Low density/scalability Slow/complex management Low performance

5 5 Para-virtualization  Xen  UML (User Mode Linux) Pros: Better performance Cons: Needs modified guest OS Static resource allocation, bad scalability, bad manageability

6 6 OS Level Virtualization  OpenVZ  FreeBSD jails  Linux-VServer  Solaris Zones Pros: Native performance Dynamic resource allocation, best scalability Cons: Single (same) kernel per physical server

7 7 OSs evolution Multitask many processes Multiuser many users Multiple execution environments many virtual environments (VEs, VPSs, containers, guests, partitions, zones...)

8 8 OpenVZ design approach

9 9 OpenVZ: components  Kernel  Virtualization and Isolation  Resource Management  Checkpointing  Tools  vzctl: Virtual Environment (VE) control utility  vzpkg: VE software package management  Templates  precreated VE images for fast VE creation

10 10 Kernel: Virtualization & Isolation Each virtual environment has its own Files System libraries, applications, virtualized /proc and /sys, virtualized locks etc. Process tree Featuring virtualized PIDs, so that the init PID is 1 Network Virtual network device, its own IP addresses, set of netfilter and routing rules Devices Plus if needed, any VE can be granted access to real devices like network interfaces, serial ports, disk partitions, etc. IPC objects shared memory, semaphores, messages …

11 11 Kernel: Resource Management Managed resource sharing and limiting. Two-level disk quota (first-level: per-VE quota; second-level: ordinary user/group quota inside a VE) Fair CPU scheduler (SFQ with shares and hard limits) User Beancounters is a set of per-VE resource counters, limits, and guarantees (kernel memory, network buffers, phys pages, etc.)

12 Kernel: Checkpointing/Migration Checkpoint: VE state can be saved in a file  running processes, CPU registers,...  opened files, signals, IPC,...  network connections, buffers, backlogs, etc.  private/shared memory Restore: VE state can be restored later Live migration: VE can be restored on a different physical server

13 Kernel: Security Security in virtualization solutions What makes OpenVZ secure?  Security model (deny by default)  Tracking mainstream security fixes  Stable kernel 2.6.8, code freeze, no new bugs  Security review by Solar Designer  Activity monitors Practice (400,000 public VEs)

14 14 Tools: VE control # vzctl create 101 --ostemplate fedora-core-5 # vzctl set 101 --ipadd 192.168.4.45 --save # vzctl start 101 # vzctl exec 101 ps ax PID TTY STAT TIME COMMAND 1 ? Ss 0:00 init 11830 ? Ss 0:00 syslogd -m 0 11897 ? Ss 0:00 /usr/sbin/sshd 11943 ? Ss 0:00 xinetd -stayalive -pidfile... 12218 ? Ss 0:00 sendmail: accepting connections 12265 ? Ss 0:00 sendmail: Queue runner@01:00:00 13362 ? Ss 0:00 /usr/sbin/httpd 13363 ? S 0:00 \_ /usr/sbin/httpd.............................................. 13373 ? S 0:00 \_ /usr/sbin/httpd 6416 ? Rs 0:00 ps axf # vzctl enter 101 bash# logout # vzctl stop 101 # vzctl destroy 101

15 15 Tools: Templates # vzpkgls fedora-core-5-i386-default centos-4-x86_64-minimal # vzpkgcache (creates templates from metadata/updates existing templates) # vzyum 101 install gcc (installs gcc and its deps to VE 101)

16 16 Scalability 768 (¾) MB RAM - up to 120 VEs 2GB RAM - up to 320 VEs

17 17 Usage Scenarios Server Consolidation Hosting Development and Testing Security Educational

18 18 Server Consolidation A bunch of servers: harder to manage upgrade is a pain eats up rack space high electricity bills A bunch of VEs: uniform management easily upgradeable and scalable fast migration

19 19 Hosting Web server serving hundreds of virtual hosts Users see each other processes etc DoS attacks Unable to change/upgrade hardware Users are isolated from each other VE is like a real server, just cheap Much easier to admin

20 20 Development & Testing A lot of hardware Zoo: many different Linux distros Frequent reinstalls take much time Fast provisioning Different distros can co-exist on one box Cloning, snapshots, rollbacks VE is a sandbox – work and play, no fear

21 21 Security Several network services are running One of them has a hole Cracker gets through Whoops...”all your base are belong to us” Put each service into a separate VE OpenVZ creates walls between applications Added benefit: dynamic resource management

22 22 Educational No root access Frequent reinstalls DoS attacks Everybody and his dog can have a root access Different Linux distros No need for a lot of hardware

23 23 Future plans Stable 2.6.18 kernel I/O scheduling based on CFQ Continue to maintain kernels from various distributions (SUSE10, FC5, RHEL4, Mandriva) Work on mainstream kernel virtualization Support for more platforms (PPC, more?)

24 24 Your role Use OpenVZ Contribute, be a part of the community:  Programmer fixes enhancements new functionality  Non-programmer bug reports documentation, HOWTOs answer support questions

25 25 Project Links Main site:http://openvz.org/http://openvz.org/ Downloads:http://download.openvz.org/http://download.openvz.org/ Sources:http://git.openvz.org/http://git.openvz.org/ Forum:http://forum.openvz.org/http://forum.openvz.org/ Bug Tracking:http://bugzilla.openvz.org/http://bugzilla.openvz.org/ Blog:http://blog.openvz.org/http://blog.openvz.org/ Mailing lists: users@openvz.org devel@openvz.org announce@openvz.org

Download ppt "Linux Virtualization Kir Kolyshkin OpenVZ project manager."

Similar presentations

VCS 5.0 for VMware ESX.

VCS 5.0 for VMware ESX.
Building Fast, Flexible Virtual Networks on Commodity Hardware Nick Feamster Georgia Tech Trellis: A Platform for Building Flexible, Fast Virtual Networks.

Building Fast, Flexible Virtual Networks on Commodity Hardware Nick Feamster Georgia Tech Trellis: A Platform for Building Flexible, Fast Virtual Networks.
1 Building a Fast, Virtualized Data Plane with Programmable Hardware Bilal Anwer Nick Feamster.

1 Building a Fast, Virtualized Data Plane with Programmable Hardware Bilal Anwer Nick Feamster.
1 Copyright © 2005, Oracle. All rights reserved. Introducing the Java and Oracle Platforms.

1 Copyright © 2005, Oracle. All rights reserved. Introducing the Java and Oracle Platforms.
1 Linux IP Masquerading Brian Vargyas XNet Information Systems.

1 Linux IP Masquerading Brian Vargyas XNet Information Systems.
OPERATING SYSTEMS Lecturer: Szabolcs Mikulas Office: B38B

OPERATING SYSTEMS Lecturer: Szabolcs Mikulas Office: B38B
1 Processes and Threads Creation and Termination States Usage Implementations.

1 Processes and Threads Creation and Termination States Usage Implementations.
Chapter 1 Introduction Copyright © 2008. Operating Systems, by Dhananjay Dhamdhere Copyright © 20081.2 Introduction Abstract Views of an Operating System.

Chapter 1 Introduction Copyright © Operating Systems, by Dhananjay Dhamdhere Copyright © Introduction Abstract Views of an Operating System.
With ovirt & virt manager

With ovirt & virt manager
Debugging operating systems with time-traveling virtual machines Sam King George Dunlap Peter Chen CoVirt Project, University of Michigan.

Debugging operating systems with time-traveling virtual machines Sam King George Dunlap Peter Chen CoVirt Project, University of Michigan.
Chapter 4 Memory Management Basic memory management Swapping

Chapter 4 Memory Management Basic memory management Swapping
Hardware-assisted Virtualization

Hardware-assisted Virtualization
Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)

Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
Operating System Level Virtualization Reza Farivar.

Operating System Level Virtualization Reza Farivar.
COMP1214 Systems & Platforms: Operating Systems Concepts Dr. Yvonne Howard – Rikki Prince – 1.

COMP1214 Systems & Platforms: Operating Systems Concepts Dr. Yvonne Howard – Rikki Prince – 1.
Virtual Machine Technology Dr. Gregor von Laszewski Dr. Lizhe Wang.

Virtual Machine Technology Dr. Gregor von Laszewski Dr. Lizhe Wang.
1 Chapter 11: Data Centre Administration Objectives Data Centre Structure Data Centre Structure Data Centre Administration Data Centre Administration Data.

1 Chapter 11: Data Centre Administration Objectives Data Centre Structure Data Centre Structure Data Centre Administration Data Centre Administration Data.
User-Mode Linux Ken C.K. Lee

User-Mode Linux Ken C.K. Lee
PlanetLab Operating System support* *a work in progress.

PlanetLab Operating System support* *a work in progress.

Similar presentations

Ads by Google