By Jens-Christoph Brendel, Henning Sprang, and Jürgen Quade
Servers are not human. They don't live and breathe. They just consume power and take up space. Do we really need so many? The virtualization revolution is about saving money, time, and floor space. Today's virtualization tools provide an efficient environment for testing, running, and managing applications - with lower electric bills and fewer hardware headaches. But is virtualization all good, or does it also open the door to new kinds of threats?
In this month's cover story, we examine the practical side of virtualization. We start with an introduction to some of the virtualization tools available for Linux. Then we take a closer look at a pair of popular open source virtualization alternatives: Xen and VirtualBox. Finally, we settle in for a look at the dark side of virtualization: the mysterious world of virtualizing rootkits.
| Virtualization in Action |
|
Amazon's S3 storage system lets customers store volatile data. Although this offering is still officially in the "Unlimited Beta" phase, some companies are already considering it for production use. In November 2007, IBM announced that it would offer a similar service, Blue Cloud, based on Xen and IBM's own Power VM. Google also uses Xen: In a move that is atypical for the corporation, which tends not to reveal details of its IT systems, Google introduced the Ganeti management tool, which they have developed specially for this purpose. Ganeti was released under the GPL in August 2007. The search giant uses the technology for its internal systems, but not for its search engine. Ganeti is best suited to systems with low resource requirements, said Google's Guido Trotter at the LISA 07 conference. Lufthansa also uses Xen for test systems. Recently, both Oracle and Sun surprised the market with the Oracle VM and Sun xVM Xen variants. |
The virtualization paradigm has come down to Earth, leaving the lofty heights of Mount Olympus for real-world concerns like stability, performance, and ease of management. A virtualization system that wants to fulfill all of these requirements must be ready for:
The best solution for your network depends on your needs and your budget. Table 1 introduces some of the more popular virtualization options for Linux environments.
Many distributors have gone to great lengths to facilitate virtualization for their customers. Both the Novell and Red Hat enterprise distributions integrate a tool known as Virtual Machine Manager (or Virt-Manager). On SUSE, the tool is integrated with YaST. Virt-Manager gives users the ability to set up a Xen instance in a couple of simple steps. Besides Linux (Novell, Red Hat), Solaris 8-10, and Netware 6, the tool also works with various Windows versions - provided the CPU has the required virtualization support.
Red Hat Enterprise Linux 5.1 also uses Virt-Manager for managing virtual machines. Red Hat also offers a tool on top of Enterprise Server, called Advanced Platform, which builds clusters of virtual machines and is capable of migrating guests across the borders of a physical host.
Fedora 8 gives a clue to where things are headed for Red Hat. The latest Fedora includes the new Xen 3.1, and the Virt-Manager version supports both Xen and QEMU. Additionally, Red Hat is looking to improve the security of the administration tool, something that has been a mere sideshow in the past.
Google also has a tool for virtual cluster management, Ganeti, which is released under the GPL. Installing Ganeti is complicated because the tool requires half a dozen Python modules, which Novell, for example, does not provide in a single package.
Ganeti does not offer the convenience of a GUI. This said, the text-based Ganeti commands lend themselves to scripting solutions, which provides a means for integrating the tool with other open source utilities.
Another tool for managing virtual machines is openQRM, a powerful utility that manages images for virtual and physical machines on the same interface. Another contender is Qumranet's Solid ICE, which focuses entirely on desktop virtualization using the KVM kernel hypervisor.
At the other end of the scale are various small command-line tools, such as xen-tools, a collection of scripts used on Debian for creating and configuring virtual instances.
| What Runs Where? |
|
A rule of thumb dictates that flexibility requires either more performance or special hardware. In hardware virtualization, the physical CPU handles most of the guest's instructions: The hypervisor only steps in to avoid conflict. If the hardware is unable to detect conflict directly, para-virtualization takes the role of manager. This technology is fairly advanced with respect to the main processor, whereas virtualization of I/O components is still at an early stage of development. Emulators simulate almost any scenario and architecture, but their performance is comparatively slow because everything is handled by the software. All of the virtualization solutions we discuss in this issue support Linux as a guest system, although some require changes to the guest kernel. These changes can cause a problem with support for some applications, especially if the service provider requires a special kernel version. VMware and VirtualBox will basically run on any recent, unpatched kernel, as will the emulators. Guest support for different versions may be limited. The current Windows versions, XP and Vista, are supported by all server virtualizations; operating system virtualization tools, such as OpenVZ or VServer, work on a different principle and cannot offer this feature. |
In many cases, users do not need to simulate a full-fledged computer with a custom kernel for every one of the virtual guests. Professional hosters, who are simply concerned with keeping their customers' web offerings apart, are quite happy with a single kernel that the guests can share.
Virtualization solutions such as OpenVZ, Virtuozzo, and VServer use this approach to the virtualization problem, giving users an amazing application density on normal hardware, with low overhead.
Many professional hosters use the commercial Virtuozzo product to give customers who want to manage their own systems access to virtual consoles. SWsoft, the company behind OpenVZ and Virtuozzo, first acquired a majority shareholding in Parallels, the desktop virtualization company, early in 2007 and is now using the Parallels brand name. The OpenVZ virtualization tools are available with any major distribution.
The big players in the server virtualization market each offer advantages, although a few of the tools are only for Windows.
Market leader VMware offers an excellent line of virtualation products. However, VMware's VirtualCenter management tool, which plays the role of managing the guests on the ESX and GSX servers, only runs on Windows at present - and it doesn't look like a Linux port will be on the roadmap any time in the near future.
If you prefer a Linux-only solution, you have to make do with the free VMware server. This entry-level solution still has much to offer. The biggest visual change compared with the previous 1.x version on VMware server is the new web interface, Virtual Infrastructure Web Access. (The former standalone server console is no longer usable.) This web interface requires a separate browser plugin (Figure 1).
Provisioning and deployment of VMs is supported by a large number of templates - for 17 Windows versions and 17 Linux distributions (including 64-bit variants) - as well as NetWare and Solaris 10. Although VMware Server does not let you migrate VMs between physical machines (in contrast to its big brother ESX Server), and definitely not at run time, at least virtual machines can reside in a shared memory area exported by NFS. Load balancing is also restricted to the commercial versions; however, the free version has excellent centralized server administration and monitoring.
Virtual Iron is hot on the heels of VMware. Its Virtual Iron 4 product, or at least the most expensive Extended Enterprise Edition, not only supports cloning of virtual instances and live migration, but also dynamic capacity management of virtual machines at run time.
The Virtual Iron virtualization environment also includes high-availability features, such as failover for virtual machines on a reserve host (N+1 clusters). Virtual Iron comes with sophisticated monitoring and logging for virtual instances and policy-based capacity management, which gives administrators the ability to swap out virtual machines automatically if a host exceeds a specific load threshold.
On the storage side, Virtual Iron supports iSCSI, SAN (Fibre Channel), and NAS. VMware's lead on its competitors is no longer very substantial; however, the price differences are still significant. Virtual Iron starts at US$ 500 per socket, whereas the price for VMware's ESX Server starts at approximately three times that.
Xen Source Server used to be a Linux virtualization solution that was very close to the VMware concept. Citrix recently acquired Xen Source. The server product, which is now know as Citrix Xen Server, is still a Linux system at its core. Unfortunately, the Citrix Xen Server command bridge, which is known as Xen Center, has been transformed into a Windows-only application (Figure 2). One point worthy of notice is that Xen now has a live migration feature, XenMotion, which resembles VMware's VMotion.
Linux virtualization has entered the real world, and the choice of tools comes down to real-world questions of stability, efficiency, and management. The commercial vendors, with their well-integrated, graphical controls, are currently the major contenders. On the other hand, a single host is easily managed through less sophisticated alternatives.
Before choosing a virtualization system, take a careful look at your needs and build a comprehensive solution that is easy to manage, monitor, and deploy. Also, leave yourself room to grow, because you're no longer limited by the size of your server room.
| INFO |
|
[1] VMware: http://www.vmware.com
[2] Virtual Iron: http://www.virtualiron.com [3] Novell: http://www.novell.com [4] Red Hat: http://www.redhat.com/ [5] Xen: http://www.xen.org/ [6] Citrix: http://www.citrix.com/ [7] VServer: http://linux-vserver.org/ [8] Qumranet: http://www.qumranet.com/ [9] KVM: http://kvm.qumranet.com/ [10] Solid ICE: http://web1.qumranet.com/ [11] QEMU: http://fabrice.bellard.free.fr/qemu/ [12] VirtualBox: http://www.virtualbox.org [13] S3: http://www.amazon.com/gp/browse.html?node=16427261 [14] Parallels: http://www.parallels.com/ [15] Ganeti: http://code.google.com/p/ganeti/ [16] SWsoft: http://www.swsoft.com [17] OpenVZ: http://openvz.org/ [18] openQRM: http://www.openqrm.com [19] xen-tools: http://xen-tools.org |