bezpieczna wirtualizacja na platformie xen z ... - · pdf filebezpieczna wirtualizacja na...
TRANSCRIPT
Bezpieczna wirtualizacja na platformie XEN z wykorzystaniem klastrów SUSE
Piotr Szewczukkonsultant
2
Workload
Application
Middleware
Operating System
Workload: The (New) IT Paradigm
A workload is an integrated stack of application, middleware, and operating system that accomplishes a computing task
A workload is portable and platform agnostic–it can run in physical, virtual or cloud computing environments
A workload or a collection of workloads makes up a business service, which is what the end user consumes
3
Example Workloads
•Apache
•Application Servers (Tomcat/JBoss/Glassfish)
•DNS
•Database
•LDAP
•An entire virtualized guest operating system can be treated as a single workload.
5
What is Xen?
• Open source virtualization technology specializing in paravirtualization
‒ paravirtualization consists of running guest OS's which have been modified to perform well with Xen
‒ stable, proven, and highly performant
• Also supports running unmodified guests by using hardware-assisted virtualization (AMD-V & Intel VT)
• A SUSE® Linux Enterprise Server 11 Supported Virtualization Solution
6
Xen History
• First released in 2003, now at version 4.x
‒ Currently an active, healthy open source project
‒ Development community has many contributors, including SUSE®
‒ Partly merged with Mainline Linux kernel and QEMU projects
‒ SUSE uses additional Linux kernel patches to achieve better performance and more features
• Included in SUSE Linux Enterprise Server 10 and 11
7
Virtualization Modes
Full-Virtual
‒ VMs can run native (unmodified) OS
‒ Requires the need to trap and emulate all privileged instructions*, or emulate everything
‒ Performance is negatively impacted
‒ Also know as “HVM” virtual machines
‒ Requires VT enabled CPU
*Some processors are difficult to fully virtualize such as traditional x86
Virtualization Layer
HW Platform
Apps
Operating System
Apps
Operating System
Virtual Machine (full-virtual)
Virtual Machine (full-virtual)
8
Virtualization Modes
Paravirtual
‒ Higher performance than full-virtualization
‒ Hypervisor is supplemented with an API that provides an assist for certain situations
‒ Requires hardware dependent portions of the VM OS to be modified to become aware of the virtualization layer
‒ Allows VMs to avoid hard to virtualize instructions by replacing them with a procedure call that provides the same functionality
Virtualization Layer
HW Platform
Apps
Operating System
Apps
Operating System
Virtual Machine (full-virtual)
Virtual Machine (full-virtual)M
anag
emen
t AP
I
AP
I
11
Xen Guests Supported by SUSE® (I)
Paravirtualized OS Support
• SUSE Linux Enterprise Server 11 SP2
• SUSE Linux Enterprise Server 10 SP4
• Novell Open Enterprise Server 2 SP3
• Novell Open Enterprise Server 11 SP1
• Novell NetWare 6.5 SP8
• Red Hat Enterprise Linux 4 (limited support)
• Red Hat Enterprise Linux 5 (limited support)
• Red Hat Enterprise Linux 6 (limited support)
12
Xen Guests Supported by SUSE® (II)
Fully Virtualized OS Support - Linux
• SUSE Linux Enterprise Server 11 SP2
• SUSE Linux Enterprise Server 10 SP4
• Novell Open Enterprise Server 2 SP3
• Novell Open Enterprise Server 11 SP1
• Red Hat Enterprise Linux 4 (limited support)
• Red Hat Enterprise Linux 5 (limited support)
• Red Hat Enterprise Linux 6 (limited support)
13
Xen Guests Supported by SUSE® (III)
Fully Virtualized OS Support – Microsoft Windows(PV drivers available through VMDP 2.0)
• Microsoft Windows Server 2012
• Microsoft Windows Server 2008 SP2+ / R2+
• Microsoft Windows Server 2003 SP2
• Microsoft Windows 8 (limited support)
• Microsoft Windows 7 SP1+ (limited support)
• Microsoft Windows Vista SP2+ (limited support)
• Microsoft Windows XP SP2+ (limited support)
14
Xen Limits Supported by SUSE®
• Host CPUs: 256 (64 for dom0)
• Host RAM: 2TB (500 GB for dom0)
• Guest RAM size: 512 GB
• Virtual CPUs per guest: 64
• NICs per guest: 8
• Block devices per guest: 4 IDE (emulated), 100 PV
16
libvirt
• Virtualization library for managing one host‒ Domains, networks, storage, host devices, ...
• Share application stack between hypervisors‒ Xen, qemu/kvm, LXC, VMware, VirtualBox, ...
• Long-term API/ABI stability and compatibility
• Integration with other SUSE® Linux Enterprise components
‒ AppArmor, SELinux, CGroups, Linux Audit Framework, PolicyKit, ...
• libvirt.org
17
libvirt Architecture
qemu
libvirtd
libvirt client
virt-manager
LXC ... storage legacy xen ESXnetwork
vm-install virt-managervirsh ...
18
libvirt – Host Management
• Storage Pools‒ Dedicated device, partition, directory, LVM, iSCSI, NFS
• Storage Volumes‒ raw, qcow2, vmdk
• Network Interfaces‒ Bonds, bridges, ethernet devices, VLANs
• Virtual Networks‒ NAT with DHCP
‒ Routed
‒ Isolated
19
libvirt – Domain Management
• Domains defined in XML
• Lifecycle management‒ Define, start, stop, pause, resume, save, restore, migrate
• Configuration management‒ Change virtual hardware, e.g. memory, cpu
‒ Add, remove, modify devices
• Tuning‒ CPU, memory, blkio, NUMA
20
libvirt Tools
• virsh
‒ In-tree command line application exposing libvirt API
• vm-install
‒ Create virtual hardware configuration
‒ Install an OS in a virtual machine
• virt-viewer
‒ Graphical console client for virtual machines
• virt-manager
‒ Graphical tool for administering virtual machines
• vhostmd
‒ Metrics communication channel between host and virtual machines
• libvirt-cim
‒ libvirt-based implementation of DMTF Virtualization Management standards
22
Cluster Intro
“A cluster is a type of parallel or distributed systems that: Consists of a collection of interconnected whole computers. It is used as a single unified computing resource”
Dr. Gregory Pfister, In search of Clusters (1995)
23
Types of Clusters
•Five well known cluster types
‒HA: High Availability Cluster
‒HTC: High Throughput Cluster
‒HPC: High Performance Cluster
‒VSC: Virtual System Cluster
‒Grid Computing
24
OverviewSUSE® Linux Enterprise High Availability Extension
• Most modern and complete open source solution for implementing high available Linux clusters
• A suite of robust open source technologies that is:‒ Affordable
‒ Integrated
‒ Virtualization agnostic
• Used with SUSE Linux Enterprise Server, it helps to:‒ Maintain business continuity
‒ Protect data integrity
‒ Reduce unplanned downtime for your mission-critical Linux workloads
25
BenefitsSUSE® Linux Enterprise High Availability Extension
Quickly and easily install, configure and manage clustered Linux servers
Ensure continuous access to your mission-critical systems and data
Transparent to Virtualization – nodes can be virtual or physical
Meet your Service-level agreements
Increase service availability
26
OverviewSUSE® Linux Enterprise High Availability Extension
• Service availability 24/7‒ Policy-driven clustering
• Shared and Scaled data-access
‒ Cluster file system
‒ Clustered Samba
• Geo Clustering‒ Cluster across unlimited
distance
• Virtualization Agnostic‒ Platform independent setup
• Disaster tolerance‒ Data replication via IP
‒ Node recovery
• Scale network services‒ IP load-balancing
• User friendly tools‒ Graphical user interface
‒ Unified command line interface
• Free Resource Agents
28
A Traditional Cluster2 Node Setup with Replicated Storage
Hardware Router
Node 1 Node 2
TCP/IPDRBD
29
Available Resources and Workloads
High Availability Engine
Operating System Setup
Local and Shared Storage
Cluster Building Blocks
Network and Fencing
30
DeliverySUSE® Linux Enterprise High Availability Extension
• Extension to and with SUSE Linux Enterprise Server
• Releases synchronized with base server product
• Sold as annual support subscriptions
• Inherits the support level of the underlying SUSE Linux Enterprise Server subscription
• Included for free with Itanium, IBM Power, and IBM System z subscriptions
• Charged for x86 and AMD64&Intel64
• Free trial available
31
Key Use CasesSUSE® Linux Enterprise High Availability Extension
• High availability for mission-critical services
• Active/active services‒ OCFS2, Databases, Samba File Servers
• Active/passive service fail-over‒ Traditional databases, SAP setups, regular services
• Private Cloud‒ HA, automation and orchestration for managed VMs
• High availability across guests‒ Fine granular monitoring and HA on top of virtualization
• Remote clustering‒ Local, Metro, and Geographical area clusters
32
Simple Stack HA Enqueue Replication
NFS and SAP in one ClusterHP CLX SAN Based Mirror
DRBD Data Replication
HA in VirtualizedEnvironments
Node B
Local Disk
Node A
Local Disk
SIDglobal
profile
exe
/export
/sapmnt
/sapmnt
/SID
/export
/sapmnt
/sapmnt
/SID
NFS Mount Point
Mount Point before Switchover
Mount Point after Switchover
Equivalent setup for/usr/sap/trans
/sapdb/programs/sapdb/datapossible.
Key Use CasesSUSE® Linux Enterprise High Availability Extension
34
3 Node Cluster Overview
Kernel
XenVM1
LAMPApache
IPext3
Kernel Kernel
Corosync + openAIS
Pacemaker
DLM
cLVM2+OCFS2
XenVM2
Network Links
Clients
Storage
35
ext3, XFS OCFS2
cLVM2
Local Disks SANFC(oE), iSCSI
DRBD Multipath IO
DLM
SCTP TCP UDPmulticast
UDPmulticastEthernet Infiniband
Bonding
Linux Kernel
SAP
MySQL
libvirt
Xen
Apache
iSCSI
Filesystems
IP address
DRBD
clvmd
Ocfs2_controld
dlm_controld
YaST2
cDRBD cOpenAISMPIO
LVS
Re
sour
ce A
gent
s
LSB
ini
t
ST
ON
ITH
LRM
...
DRAC
iLO
SBD
Fencing
Web GUI
Python GUI
CRM Shell
CIBPolicyEngine
Pacemaker
OpenAIS
Detailed View of ComponentsPer Node:
Unpublished Work of SUSE. All Rights Reserved.This work is an unpublished work and contains confidential, proprietary and trade secret information of SUSE. Access to this work is restricted to SUSE employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of SUSE. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.
General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. SUSE makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for SUSE products remains at the sole discretion of SUSE. Further, SUSE reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All SUSE marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.