Tudor DamianIT Solutions SpecialistVirtual Machine MVP
tudy.tel
IaaS, Private Cloud i Virtualizare
Agenda
Private Cloud i IaaS - introducere
Arhitecturi de virtualizare
Soluii existente Type 1 (bare-metal)
Full / paravirtualized (VMWare, Hyper-V, Xen)
Type 2 (hosted) OS-assisted (KVM, VirtualBox, Virtuozzo/OpenVZ)
Studiu de caz: Hyper-V & System Center Hyper-V 2012
System Center 2012 SP1
Interoperabilitate / Migrri P2V-V2V
Management / Monitorizare / Scripting
Protecia datelor / High-Availability
Private Cloud i IaaS
Surs imagine: wordle.net
dac la nceput lumea era destul de reticent...
acum toi muli vor s se mute
n nor
...dar tiu toi la ce s se atepte?
Varianta tradiional, ineficient
TIME
IT C
AP
AC
ITY
Actual Load
Allocated IT-capacities
Waste of capacities
Under-supply of capacities
Load Forecast
Barrier forinnovations
Source: Microsoft Cloud Continuum
ntr-un Cloud, totul e mult mai dinamic
Actual Load
Allocated IT capacities
Reduction of initial
investments
Reduction of over-supply
No under-supply
Possible reduction of IT-capacities
in case of reduced load
Time
IT C
APA
CIT
Y
Load Forecast
Source: Microsoft Cloud Continuum
Usage
Co
mp
ute
Time
Average
Inactivity
Period
On and Off
Co
mp
ute
Time
Unpredictable Bursting
Average Usage
Average Usage
Co
mp
ute
Time
Growing Fast
Co
mp
ute
Time
Average Usage
Predictable Bursting
Workload patterns n Cloud
Source: Microsoft Cloud Continuum
Private(On-Premise)
Storage
Server HW
Networking
Servers
Databases
Virtualization
Runtimes
Applications
Security
You
man
ag
e
Infrastructure(as a Service)
Storage
Server HW
Networking
Servers
Databases
Virtualization
Runtimes
Applications
Security
Man
ag
ed
by v
en
do
r
Yo
u m
an
ag
e
Platform(as a Service)
Storage
Server HW
Networking
Servers
Databases
Virtualization
Runtimes
Applications
SecurityM
an
ag
ed
by ve
nd
or
Yo
u m
an
ag
e
Software(as a Service)
Storage
Server HW
Networking
Servers
Databases
Virtualization
Runtimes
Applications
Security
Man
ag
ed
by v
en
do
rTipuri de servicii Cloud
Source: Microsoft Cloud Continuum
Ch
oic
es
Ch
oic
es
Off PremisesOn Premises Location
Infrastructure
Business model
Ownership
Management
HomogeneousHeterogeneous
CapEx OpEx
Own Lease/Rent
Self Third Party
Fu
nd
am
en
tals
Fu
nd
am
en
tals
Application Programming
ElasticityHigh
AvailabilityMulti-
Tenancy
Automated Service
Management
Alegeri specifice Cloud-ului
Source: Microsoft Cloud Continuum
Ce spune industria IT?
Compute Network Storage
Componentele unui Private Cloud
Virtualization
Management
Pooled Resources
Virtualization
Elasticity
Scalability
Continuous Availability
Predictability
Usage-Based
Multi-Tenancy
Security
Automation
Service management
Network StorageCompute
3rd party extensions
Source: Microsoft Cloud Continuum
VIRTUAL? PRIVATE? CLOUD?
a. de ce vreau s fac asta?
b. pentru cine fac asta?
c. ce vreau s ofer?
SLA, compliance (PCI, ISO)
la ce ne uitm cnd construim un
virtual private cloud ?
1. buget
cost per kWh, pre per U, costuri legate de band/conectivitate, personalul tehnic, etc.
2. arhitectur
structur, scalabilitate, fiabilitate, redundan, securitate, flexibilitate
3. hardware
server (MIPS/MOPS), storage (I/O-OPS), network (1Gbps, 10Gbps, infiniband, fiber)
4. virtualization layer
5. management / monitorizare
6. procese interne
politici de securitate/incident-response, uurina de a detecta/repara problemele,
disaster recovery, high availability i timpul necesar aducerii unui nod online
7. oameni
echipa tehnic, mentenan post-implementare
Recapitulare Private Cloud
1. Buget
2. Arhitectur
3. Hardware
4. Virtualizare
5. Management i monitorizare
6. Procese interne
7. Oameni
Recapitulare Private Cloud
1. Buget
2. Arhitectur
3. Hardware
4. Virtualizare
5. Management i monitorizare
6. Procese interne
7. Oameni
ARHITECTURI DE VIRTUALIZARE
cnd lucrm cu virtualizarea, ajungem s auzim civa termeni
uzuali...
virtualizaremain virtual
hypervisorparavirtualizare
microkernelkernel monolitic
synthetic device driversparent partition
binary translation
un pic de istorie
virtualizarea e veche
primul val, IBM CP-40
CP-40 a intrat n producie nianuarie 1967
atunci, ca i acum, atracia o constituia reducerea costurilor
era bazat pe sistemul S/360
S/360 a introdus faciliti de memorie virtual i adresare pe 32-bit
CP-40 a extins S/360, oferind un mediu complet virtualizat
astfel, CP-40 avea suport pentru14 maini virtuale
a urmat CP-67, bazat pe S/360-67
iar n 1972, IBM a finalizatVM Facility 370, sau VM/370
cu ocazia asta vin i termenii...
Virtual Machine (VM)
Control Program (hypervisor)
a aprut i o nou main, S/370
iar VM/370 a reuit s virtualizeze eficient SO destinate S/360 i S/370
...i erau vreo cteva :)OS/360, DOS/360, OS/370, DOS/370,
MVS, CMS, CMS/370
aa c virtualizarea i-a atins scopul: reducerea costurilor
...n final s-a ajuns la z/VM care ruleaz acum pe sistemele mainframe IBM
z10 i IBM zEnterprise (z196/z114)
chiar i cu VM/370, costurile erau nc ridicate
al doilea val, microprocesoarele
1977, MacintoshApple II
1988, ConnectixVirtual PC (pentru Macintosh)
Virtual PC putea rula Windows, OS/2, Linux pe hardware Macintosh
n 2003, Microsoft cumpr Connectix
Virtual PC e modificat, i astfel userii Windows pot s ruleze i alte SO
MS-DOS 6.22, Windows 95, 98, NT 4.0, Me, OS/2, 2000, 2003, XP, Vista, 2008
al treilea val, VMware
1999, VMware produce VMWare Workstation
2001, VMware (GSX) Server (virtualizare server-level)
trecem i la partea tehnic
chiar dac la baz, conceptele VMware i Virtual PC erau similare cu
CP-40
totui, att din Virtual PC, ct i din VMware, lipsea hypervisor-ul
ambele se bazau pe existena unui SO gazd (host)
host-ul era astfel intermediar (ineficient) ntre VM i hardware
ulterior, au aprut mbuntiri
posibilitatea de a rula VM pe hardware nespecializat
migrare de la arhitecturi hosted la arhitecturi bazate pe hypervisor
VMware ESX, Hyper-V, Xenfolosesc o forma de hypervisor
reintroducerea suportului hardware:Intel VT, AMD-V
tendine
chiar dac micro-virtualizarea tinde s egaleze soluia IBM de acum 45 de ani
au aprut pe i elemente inovatoare, majoritatea din partea VMware
live server migration(VMotion)
dynamic load balancing(Distributed Resource Scheduling)
real-time failover(HA Clustering)
sau din partea Intel
Virtualization for Directed I/O (VT-d)pentru procesarea input-output
i n acelai timp, virtualizarea a adus cu ea probleme de securitate
la nceput, avantajele virtualizrii, gen izolarea aplicaiilor, au fost afectate
procesoarele cu virtual-assistsunt un bun exemplu
un guest putea s acceseze direct alt guest, ignornd politicile de
securitate
sau mai ru, exploit-ul Blue Pill
tipuri de atacuri
jailbreak attacks (escapes)
migration attacks
virtual / physical network service attacks
encryption attacks
exemple de atacuri raportate
feb 2007, apr 2009
VMware / ESX
VMware Workstation escape attack
oct 2007, Secunia
open-source Xen hypervisor
obinere de privilegii neautorizate
2007
Microsoft Virtual PC & Microsoft Virtual Server
vulnerabilitate care permitea unui guest sruleze cod pe host sau pe alt guest
cteva link-uri...
http://searchsecurity.bitpipe.com/detail/RES/1213273947_134.html
http://www.foolmoon.net/cgi-bin/blog/index.cgi?mode=viewone&blog=1185593255
http://www.securityfocus.com/bid/29183/info
http://secunia.com/advisories/29129/
http://seclists.org/fulldisclosure/2007/Sep/0355.html
http://lists.vmware.com/pipermail/security-announce/2009/000055.html
http://www.immunityinc.com/documentation/cloudburst-vista.html
http://taviso.decsystem.org/virtsec.pdf
http://www.eecs.umich.edu/techreports/cse/2007/CSE-TR-539-07.pdf
http://www.stanford.edu/~talg/papers/HOTOS05/virtual-harder-hotos05.pdf
soluia? faciliti de securitate adugate la noul hardware
chiar i aa, virtualizarea va rmne, att timp ct i ndeplinete scopul
ncepem cu cteva explicaii
de la soluiile de virtualizare, toat lumea ateapt automat la:
izolare eficientsecuritate
performanuurin n administrare
tehnic, virtualizarea se poate realiza n mai multe moduri
full virtualization (Type 1)
guest nemodificat, migrare uoar spre medii virtualizate
paravirtualizare
guest modificat pentru a elimina nevoia de binary translation
ofer avantaje de performan n anumite circumstane, ns e nevoie de o versiune modificat de kernel
instalat pe guest
virtualizare asistat hardware
AMD-V, Intel VT
prima generaie a inclus doar virtualizare CPU, generaiile urmtoare vin cu suport de
virtualizare pe memorie i I/O
hosted virtualization (Type 2)
Microsoft Virtual Server / Virtual PC VMWare Workstation
VirtualBoxLinux KVM
Tipuri de virtualizare
OS virtualization
Virtuozzo / OpenVZ
s discutm puin despre
Hyper-V / Xen / VMWareKVM / Virtuozzo / OpenVZ
Arhitectura Hyper-V
Arhitectura Hyper-V
iar cerinele nu sunt exagerate...
x64DEP
Intel VT / AMD-VSLAT (W8 Client)
Xen
la VMWare, lucrurile stau puin diferit
ESX
ESXi
Hyper-V microkernelized kernel
VMWare monolithic kernel
Hyper-V hypervisor (Windows 8)hvax64.exe (AMD) 1.31MBhvix64.exe (Intel) 1.36KB
VMWare hypervisor (ESXi 5) 144MB
Hyper-V synthetic drivers
VMWare emulated drivers
KVM / Qemu
KVM no emulation, user-space program
VMM architecture: KVM Hypervisor integrat n Linux (code based)
QEMU QEMU QEMU
Hypervisor: Kernel module
Guest OS:User space process(QEMU for x86 emulation)
Are nevoie de HW virtualization extension
Virtuozzo / OpenVZ
fa de arhitectura bazat pe hypervisor...
VZ / OpenVZ ofer virtualizare asistat-OS
soluii bazate pe virtualizare
consolidare hardware
high availability
testing
disaster recovery
virtual private clouds
sandboxing
http://en.wikipedia.org/wiki/Sandbox_(computer_security)
forensic analysis
honeypots / honeynets
http://en.wikipedia.org/wiki/Honeypot_(computing)
HYPER-V 2008 R2
Nouti fa de Hyper-V 2008
Live Migration
Live Migration
Blue = StorageOrange = Networking
Quick Migration vs. Live Migration
Quick Migration(Windows Server 2008 Hyper-V)
1. Save state
a) Create VM on the target
b) Write VM memory to shared storage
2. Move virtual machine
a) Move storage connectivity from source host to target host via Ethernet
3. Restore state & Run
a) Take VM memory from shared storage and restore on Target
b) Run
Live Migration(Windows Server 2008 R2 Server
Hyper-V)
1. VM State/Memory Transfer
a) Create VM on the target
b) Move memory pages from the source to the target via Ethernet
2. Final state transfer and virtual machine restore
a) Pause virtual machine
b) Move storage connectivity from source host to target host via Ethernet
3. Un-pause & Run
Host 1 Host 2 Host 1 Host 2
Cluster Shared Volumes
Hot Add/Remove Storage
Processor Compatibility Mode
Second Level Address Translation
mbuntiri pe partea de networking
Suport pentru 64 procesoare logice (LPs)
Server Core Parking
Windows Server 2008 (fr core parking)
Windows Server 2008 (core parking)
HYPER-V 2008 R2 SP1
Dynamic Memory i Remote FX
Utilizatorii, memoria i virtualizarea Nimeni nu tie ct memorie s aloce pentru un VM
Cum va afecta RAM-ul alocat performana unui VM?
1GB, mai mult doar dac lumea se plnge de performane
4GB pe fiecare main, nimeni nu se plnge
Iau cerinele minime, la care adaug 50% / 100% / 150%
Folosesc cerinele productorului, nu stau s verific
Memoria e un bottleneck
Unul din factorii cheie din punct de vedere al costurilor
Propunerea Dynamic Memory
Densitate maxim, fr a sacrifica performana
Performan predictibil
Production-use ready
Adugare/eliminare memorie RAM
Adugare
Enlightened
Se folosete Synthetic Memory Driver (VSP/VSC Pair)
Fr emulare hardware
Lightweight, instant
Eliminare
Iniial s-a dorit eliminarea memoriei (-> probleme)
Testele au artat c memory ballooning e mai eficient
Afecteaz Task Manager n Guest OS
Memoria neutilizat se conecteaz la fiecare 5 minute
Memory demand / Memory buffer
Memory demand
Memoria necesar sistemului de operare Guest pentru a funciona n condiii rezonabile
Calculat automat pe baza utilizrii raportate de Guest
Memory buffer
Memoria alocat unui VM pentru necesiti imediate
Scopul principal e de a preveni utilizarea file cache
Memoria ideal pentru un VM
Memory demand + Memory Buffer
Dynamic Memory - UI
Dynamic Memory - UI
Memory balancing (1)
Dac e memorie suficient pe host, se aloc valoarea ideal de RAM pentru fiecare VM
AvailableMemory
RootReserve
Hyper-V Host
AvailableMemory
Host Memory Availability = 100%
Memory balancing (1)
Dac e memorie suficient pe host, se aloc valoarea ideal de RAM pentru fiecare VM
RootReserve
Hyper-V Host
Memory Demand
VM1
BufferAvailableMemory
Host Memory Availability = 60%
Ideal Memory
Memory balancing (1)
Dac e memorie suficient pe host, se aloc valoarea ideal de RAM pentru fiecare VM
RootReserve
Hyper-V Host
Memory Demand
VM1
Buffer
Memory Demand
VM2
Buffer
Host Memory Availability = 0%
Ideal Memory
Ideal Memory
Memory balancing (2)
Dac nu e memorie suficient, se folosete Priority pentru a determina distribuia memoriei
RootReserve
Hyper-V Host VM1Low Priority
VM2Medium Priority
Memory Demand
Buffer
Memory Demand
BufferIdeal Memory
Ideal Memory
Memory balancing (2)
Dac nu e memorie suficient, se folosete Priority pentru a determina distribuia memoriei
RootReserve
Hyper-V Host VM1Low Priority
VM2Medium Priority
VM3High Priority
Memory Demand
Buffer
Memory Demand
Buffer
Memory Demand
Buffer
Ideal Memory
Ideal Memory
Ideal Memory
Memory balancing (2)
Dac nu e memorie suficient, se folosete Priority pentru a determina distribuia memoriei
RootReserve
Hyper-V Host VM1Low Priority
VM2Medium Priority
VM3High Priority
Memory Demand
Buffer
Memory Demand
Buffer
Memory Demand
BufferPriority Penalty
Priority Penalty
Priority Penalty
BufferBuffer
Ideal Memory
Ideal Memory
Ideal Memory
Memory balancing (2)
Dac nu e memorie suficient, se folosete Priority pentru a determina distribuia memoriei
RootReserve
Hyper-V Host VM1Low Priority
VM2Medium Priority
VM3High Priority
Memory Demand
Memory Demand Memory
Demand
BufferBuffer
Ideal Memory
Ideal Memory
Ideal Memory
DM introduce Root Reserve
Hyper-V a folosit dintotdeauna conceptul de memory reserve (memorie rezervat pentru parent partition)
DM permite VMs s nghesuie root reserve
Soluia: o cheie n regitri Permite rezervarea static de memorie pentru Parent Partition HKLM:\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Virtualization\MemoryReserve
Mai puin memorie pentru VMs
Sistemul gazd rmne stabil
Dynamic Memory, nu Overcommit!
Memory Overcommit e un termen suprancrcat
Page Sharing
Second Level Paging
Mecanisme de memory balooning
Nimeni nu vrea s supraaloce resursele
Nu supraalocm celelalte resurse
Nici VMWare nu vrea/recomand overcommit
DM trateaz memoria aa cum tratm CPU:
Resurs scalabil dinamic
Cerine pentru Dynamic Memory
Sistemul gazd:
Windows Server 2008 R2 SP1
Microsoft Hyper-V Server 2008 R2 SP1
Windows Server 2003, 2008 & 2008 R2 guest 32-bit & 64-bit versions
Web, Standard, Enterprise, Datacenter
Windows Vista and Windows 7 guest Doar Enterprise i Ultimate
32-bit & 64-bit versions
Compatibilitatea aplicaiilor
Probleme
Aplicaii cu static memory allocation (Exchange)
Setri suplimentare
Aplicaii cu cache / memory management intern (SQL, Apache, Java, Oracle, ...)
Aplicaii care pornesc cu mult memorie prealocat (?)
RemoteFX infrastructur / grafic
Infrastructur
Izolarea VM = centralizarea desktop-urilor
Evoluia procesoarelor de la vitez la paralelism
Reele mai rapide
Diversitate crescut pe partea de client devices
Grafic
Crete complexitatea graficii: Media, 3D UI, Video, Animations, Flash, Silverlight
Crete fragmentarea stack-urilor n procesarea grafic
Silverlight i Flash portabil emit flat bitmaps
RemoteFX soluie VDI
vGPU expus n Hyper-V Guest
Rendering pe host, nu pe guest
Codec nou inclus n RDP 7.1 pentru RemoteFX
Utilizarea unui singur GPU pentru mai multe VMs
Dispozitive hardware de decoding pentru thin clients
Iniial doar pentru scenarii de tip office worker
Cerine:
SLAT
GPU din generaie nou
Ultra Lightweight Thin Clients
O nou clas de thin clients
ARM, MIPS, sau PPC-based designs
Windows CE, Linux, sau alt embedded OS
Suport pentru USB Redirection
Resurse client necesare foarte putine
CPU: 200 400 MHz
Memory: < 256MB RAM, < 128MB Flash
Consum curent:
ThinLinX Hot-e TLX-400 M
Arm Processor
RemoteFX HDMI Display
Audio Wolfson WM8731l 16bit, 48KHz Stereo Headphone Out, Line out, Biased Microphone In
Ethernet 10/100 Mbs
2 x USB 2.0 Full Speed Host Ports
5V DC Power
Linux Embedded OS
HYPER-V 2012
Performance improvements
Catching up with VMWare
Hyper-V 3.0 vSphere 5.0
Max Logical Cores Per Host 160 160
Max RAM Per Host 2TB 2TB
Max VMs Per Cluster 8000 3000
Max Nodes Per Cluster 64 32
Max CPUs Per VM 32 32
Max RAM Per VM 1TB 1TB
Max VM Disk Size 64TB (VHDX) 2TB
Max Concurrent VM Migrations Unlimited 128/datastore
Max Concurrent Storage Migrations Unlimited 8/datastore, 2/host
Disaster recovery
Hyper-V Replica
Disaster Recovery Scenarios:
Planned, Unplanned and Test Failover
Pre-configuration for IP settings for primary/remote location
Key Features:
RPO/RTO in minutes
Seamless integration with Hyper-V and Clustering
Automatically handles all VM mobility scenarios (e.g. Live Migration)
Supports heterogonous storage between primary and recovery
Storage improvements
VHDX
Virtual Fiber Channel in the Guest (MPIO)
NFS Storage (SMB 2.2) with SMB2 direct (RDMA) support
Offloaded Date Transfer (ODX)
Native data deduplication
4k Native Disk Support
iSCSI Target
NTFS online scan/repair
VHDX
Supports up to 64TB size (VHDs had a 2TB limit)
Supports larger block file size
Improved performance and corruption resistance
Windows 8 only
Easy conversion
Data Deduplication High optimization savings
State of the art chunking and compression
Transparent to primary server workload
Minimal IO impact through scheduled and selective optimization
Minimal server impact through low resource use
Reliability and data integrity
Built-in insurance against natural risk of data reduction
Data integrity validation on all data and metadata
Redundancy for metadata and popular chunks
Storage & network optimization
Integration with BranchCache for faster file download times and reduced bandwidth consumption over WAN
0% 20% 40% 60% 80% 100%
User Home Folder (MyDocs)
General File Share
Software Deployment Share
VHD Library
Typical savings by workload
New migration scenarios
Increased VM Mobility
Live Migration with High Availability (already available now)
Live Migration with no clustering (using an SMB share)
Live Migration with no shared storage
Live Storage Migration (SMB 2.2)
Live Storage Migration Enables Storage
Load Balancing
No downtime servicing
Leverages Hyper-V Offloaded Data Transfer (ODX)
Hyper-V
Virtual Machine
Source Device Destination Device
VHD VHD
VHD Stack
1
2
3
45
Snapshots, backup & control
Online snapshot merge
Windows Server Backup support
Dynamic Memory improvements
VM Priority
Network improvements
NIC Teaming
Extensible Virtual Switch
Multi-tenant deployments
Bandwidth QoS
Dynamic Virtual Machine Queue (DVMQ)
Single Root I/O Virtualization (SR-IOV)
Receive Side Scaling (RSS)
Receive Side Coalescing (RSC)
IPSec Task Offload
Address Virtualization Generic Routed Encapsulation (GRE)
Address Rewrite
Bandwidth QoS
Root Partition
Hyper-V Switch
Physical NIC
Virtual Machine
Host NICVM NIC
Virtual Machine
VM NIC
Filtering Extensions
Forwarding Extension
WFP Extensions
Capture Extensions
Hyper-V Extensible Switch
Augment Hyper-V Virtual Switch capabilities
Monitoring
Traffic filtering / shaping
Forwarding algorithms
The Multi-Tenant Cloud
Secure Isolation Between Tenants
Dynamic Placement of Services
QoS and Resource Metering
Contoso Bank Woodgrove Bank
Multiple Customers on Shared Infrastructure
Hoster
Multi-Tenant Network Reqs
Tenant wants to easily move VMs to/from the cloud
Hoster wants to place VMs anywhere in the data center
Both want: Easy Onboarding, Flexibility & Isolation
Cloud Data CenterWoodgrove BankBlue 10.1.0.0/16
Contoso BankRed 10.1.0.0/16
One Solution: PVLAN
Isolation Scenario
Hoster wants to isolate all VMs from each other and allow internet connectivity
#1 Customer Ask from hosters
Community Scenario
Hoster wants tenant VMs to interact with each other but not with other tenant VMs
Requires a VLAN id for each community (limited scalability, only 4095 VLAN IDs)
u
Win 8 Host
Blue10.1.1.21
Red110.1.1.11
To Internet (10.1.1.1)
Hyper-V Switch
Red210.1.1.12
Green10.1.1.31
Isolated Isolated CommunityCommunity
Hyper-V Network Virtualization
Physical network
Physicalserver
Woodgrove VM Contoso VM Woodgrove network Contoso network
Hyper-V Machine Virtualization Run multiple virtual servers
on a physical server Each VM has illusion it is
running as a physical server
Hyper-V Network Virtualization Run multiple virtual networks on a physical network Each virtual network has illusion it is running as a
physical fabric
Generic Routing Encapsulation 1 Provider Address per HOST (shared by all VMs on the host)
Embed Tenant Network ID in the GRE header Key field
10.1.1.11 10.1.1.11 10.1.1.12 10.1.1.12
192.168.2.22 192.168.5.55
192.168.2.22192.168.5.55
10.1.1.1110.1.1.12 10.1.1.1110.1.1.1210.1.1.1110.1.1.12 10.1.1.1110.1.1.12
1:N
10.1.1.1110.1.1.12
10.1.1.1110.1.1.12
GRE Key=20
GRE Key=30
MAC
MAC192.168.2.22192.168.5.55
Address Rewrite Each VM IP (CA) is mapped to a unique Provider Address (PA)
Regular TCP/IP packets on the wire
10.1.1.11 10.1.1.11
10.1.1.12 10.1.1.12
192.168.2.22 192.168.2.23
192.168.5.55 192.168.5.56
10.1.1.1110.1.1.12
192.168.2.22192.168.5.55
10.1.1.1110.1.1.12
10.1.1.1110.1.1.12
10.1.1.1110.1.1.12
192.168.2.23192.168.5.56
Address Virtualization Summary
IP RewritePerformance and
Compatibility
No need to upgrade existing NICs, existing switches, and existing network appliances
Immediately and incrementally deployable today without sacrificing performance
GRE EncapsulationDeeper Multi-Tenancy
Integration
Standards based RFCs 2784 & 2890
As few as one IP address per host lowering burden on the switches
Full MAC headers and explicit Tenant Network ID marking supports for traffic analysis, metering and control
Any encapsulation will break stateless offloads in the host server (LSO, Checksum, RSC, RSS, VMQ)
VDI improvements
RemoteFX for WAN (rich desktop over various networks)
RemoteFX adaptive graphics (remoting of experiences adapting to network types)
RemoteFX media remoting (high performance media remoting)
RemoteFX multi-touch (consistent touch interface, even when remoting to RDS)
RemoteFX USB redirection
Metro-style Remote Desktop App
Choice of software or physical GPU
No requirement for hardware GPU
Available for sessions, VMs, and physical machines
Broad range of clients (ubiquitous access)
DX11 video support
The power of PowerShell
PowerShell support
Fast & Intuitive
~150 new Hyper-V cmdlets
All Hyper-V Manager UI capability can be scripted
Perfect for automation
In-box metering
Hyper-V Resource Meters
Network Incoming & Outgoing
Traffic per IP Address Range
Storage High Water-Mark Disk
AllocationMemory Low & High Water-Mark
Memory Utilization Average Memory
UtilizationCPU Average CPU Utilization
Historic Resource utilization information, persistent through live migrations
SUITA SYSTEM CENTER
Instrumente de management
System Center
Surs: TechEd Europe MGT206
SCVMM 2012
SCVMM 2012
SCVMM 2012 - Fabric ManagementPhysical Server
Manage multiple hypervisors Hyper-V, VMware, Xen
Server hardware management IPMI, DCMI, SMASH, Custom via Provider
Host provisioning from baremetal to Hyper-V to Cluster provisioning
Network
Define Logical Networks using VLANs and Subnets per datacenter location
Address management for Static IPs, Load Balancer VIPs and MAC addresses
Automated provisioning of Load Balancers via Provider
Storage
Storage Management using SMI-S
Discover storage arrays and pools
Classify storage based on throughput and capabilities
Discover or configure LUNs and assign to hosts and clusters
Rapid provisioning of VMs using snap cloning of LUNs
SCVMM 2012 - Fabric ManagementUpdate Management of Fabric Servers
Update operation control (On-demand scan and on-demand remediation)
Updating a Hyper-V cluster is fully automated
Integrated with Windows Server Update Server
Dynamic Optimization (DO)
Cluster level workload balancing scheme to optimize for VM performance
Leverages live migration to move workloads
Power Optimization (PO)
Leverages live migration to pack more VMs per host
Powers down servers to optimize for power utilization
Enhanced Placement
Over 100 placement checks/validation
Support for custom placement rules
Multi-VM deployment for Services
SCVMM 2012 - Service Lifecycle
Service Templates
Used to model a multi-tier application
Source of truth for deployed service configuration
Applications
Built-in support for Web deploy, Server App-V, SQL DAC
Custom command execution for other application packages
Image-based
OS separated from apps
Composed during deployment
Servicing
Change the template and then apply that change to deployed instances
Upgrade domains ensures application availability during servicing
INTEROPERABILITATE
Suport pentru medii eterogene
How does it work?
VSP (virtualization service provider)
Hyper-V component in theparent partition
Communicates with the hardware drivers
Gives access to the host resources
VSC (virtualization service client)
Drivers forsynthetic devices installed in the enlightened guest OS
Exposes every virtual device and translates I/O requests
Theres always a VSP/VSC pair
VMBus (virtual machine bus)
A high-speed point-to-point in-memory bus
Allows the communication between VSPs and VSCs through Hyper-V
For Linux, every VSC has a DIM (Driver Interface Mapper)
DIMs interact with the Linux Kernel like any other driver
Theres also a VSC core based on each existing VSP
Emulated vs. enlightened Emulated drivers
Drivers are emulated
All requests targeting the hardware (HDD, network, etc) are not direct
Translated in both directions (VM-hw, hw-VM) by the hypervisor
They bring in a performance overhead
The emulated drivers are pretty similar to what we had in Virtual Server:
Video = S3 Trio64+ SVGA (VESA)
Network = Intel/DEC Tulip 21x4x
IDE = Intel 440BX chipset MB
Enlightened drivers
Also known as synthetic drivers
These make the VM hypervisor aware
Written especially for virtualized environments => paravirtualization
Theyre basically just pointers to the drivers in the parent partition
Huge performance boost!
Whats been done so far?
July 2009 Microsoft contributes with over 20.000 lines of code in the Linux kernel
December 2009 The drivers (in staging) are included in the 2.6.32 Kernel
July 1st 2010 Microsoft presents at the Red Hat Summit
Official support list:
http://technet.microsoft.com/en-us/library/cc794868(WS.10).aspx
Linux Integration Services 2.1 RTM (July 2010)
SUSE Linux Enterprise Server (10 SP1/SP2/SP3, 11)
Red Hat Enterprise Linux (5.2, 5.3, 5.4, 5.5)
Linux Integration Services 3.4 RTM (September 2012)
Red Hat Enterprise Linux 5.5-5.9 & 6.0-6.3 x86 and x64 (Up to 4 vCPU)
CentOS 5.5-5.8 & 6.0-6.3 x86 and x64 (Up to 4 vCPU)
SUSE Linux Enterprise Server 10 SP4 & 11 SP1/SP2
The story so far
Driver support for synthetic devices (v1 original distro code, created by Citrix) Synthetic network controller & Synthetic storage controller (IDE/SCSI)
Fastpath Boot Support for Hyper-V (v2.0 December 2009) Block VSC increased boot performance
Timesync (v2.1 July 2010) The clock inside the virtual machine will remain synchronized with the clock on the host
Integrated Shutdown (v2.1 July 2010) VMs can be cleanly shut down from Hyper-V
Symmetric Multi-Processing (SMP) Support (v2.1 July 2010) Supported Linux distributions can use up to 4 virtual processors (VP) per virtual machine
Heartbeat (v2.1 July 2010) Allows the host to detect whether the guest is running and responsive
Pluggable Time Source (v2.1 July 2010) A pluggable clock source module is included to provide a more accurate time source to the guest.
KVP (Key Value Pair) Exchange (v3.1 July 2011) Information about the running Linux VM can be obtained by using the Key Value Pair exchange functionality on the host (FQDN,
Linux IS version, IP addresses, OS version/distro/kernel, CPU architecture x86/x64)
Integrated Mouse Support (v3.2 January 2012) The cursor is no longer bound to the VMConnect window when used with the Linux Graphical User Interface
SMP 32 vCPU support (v3.3 June 2012) Support for up to 32 vCPUs on certain distros
Live Migration (v3.4 September 2012) Linux virtual machines can undergo live migration for load balancing purposes
Jumbo Frames (v3.4 September 2012) Linux virtual machines can be configured to use Ethernet frames with more than 1500 bytes of payload
The road to enlightment
Comparing to IS on Windows Synthetic Drivers
IDE driver
SCSI driver
Network Drive
Mouse Integration
Video
Integration Services
Operating System Shutdown
Time Synchronization
Heartbeat
Data Exchange
Backup (VSS)
TechEd 2010 - WSV305
IS on Windows
TechEd 2010 - WSV305
IS on Windows
TechEd 2010 - WSV305
Wrap-up: Linux IS components
hv_vmbus communication with the host
hv_storvsc storage VSC
hv_netvsc network VSC
hv_timesource pluggable time source
hv_mouse enlightened mouse
hv_utils graceful shutdown, timesync, heartbeat
LINUX IN AZURE
VM Depothttp://msopentech.com/blog/project-categories/virtual-machine-depot/
CONVERSII P2V PENTRU LINUX
Se folosesc DD i VHD tool
DD funcioneaz att sub Windows ct i sub Linux
Ex. se ia HDD-ul cu Linux, se ataeaz unui sistem Windows
Conversii P2V Linuxhttp://blogs.technet.com/b/enterprise_admin/archive/2010/05/13/linux-p2v-with-dd-and-vhdtool-easy-and-cheap.aspx
TechEd 2010 - WSV305
Din linie de comand, se realizeaz conversia HDD-ului n format RAW (.img) dd if=\\?\Device\Harddisk1\DR2 of=D:\rhel54.img bs=1M --progress
Conversii P2V Linux (continuare)
TechEd 2010 - WSV305
Instrument command line, open source
Include funcii de manipulare a fiierelor VHD (create, convert, extend, repair)
E un tool excelent de conversie P2V pentru maini Linux
Conversia se face din format RAW n VHD
VHD toolhttp://code.msdn.microsoft.com/vhdtool
TechEd 2010 - WSV305
POWERSHELL
Soluii de scripting
Powershell v1.0 Command Line Interpreter CLI
Script Execution Engine
Help online vast
Comenzi build-in (cmdlets), extensibile
Suport WMI, COM, CMD, etc.
Construit peste .NET Framework 2.0
Suport pentru: Windows Server, Exchange, SQL, SCOM, SCVMM, SCDPM,
Compute Cluster, OpenXML, IBM WebSphere MQ, Active Directory, Lotus Domino, VMWare Infrastructure, Windows 7, WDK, NetApp Data ONTAP
PowerShell before & after
INAINTE ACUM
GUI MMCGUI-uri bazatepe PowerShell
Shell interactiv CMD PowerShell
Scripting BAT n CMD PowerShell
COM WMI (VBScript) PowerShell
Securitate n PowerShell
Secure by design & by default
Fisierele script sunt asociate cu Notepad Scripturile nu vor rula
CLI cere permisiunea de executare pentruscripturi neverificate
Execuia PS se face: Prin 'cmdlets', (programe .NET, scrise de un developer, compilate ntr-un
DLL i ncrcate de un script PowerShell)
Script-uri PowerShell ('.ps1')
Funcii PowerShell
Programe executabile
PowerShell v2.0 Control Remote (PowerShell Remoting)
mbuntiri ale engine-ului (cmdlets, operators, debugging)
Try-Catch-Finally
GUI pentru PowerShell (PowerShell ISE)
Hosting- Run-space restricionat
- Delegare drepturi
Background Jobs
Operaii tranzacionale
Eventing
Network File Transfer
API-uri noi
PowerShell v3.0 New commandlets
$Pv3 = Get-Command *
$Pv3.count
PowerShell ISE Single Command Pane
IntelliSense
Snippets
Collapsible regions
Updatable Help Update-Help
Windows PowerShell Workflows
Parallel, Sequence & InlineScript keywords
Remote Get-Module Get-Module implicit remoting
Windows PowerShell resurse/comuniti Team blog: http://blogs.msdn.com/PowerShell
PowerShell Community: http://www.powershellcommunity.org
PowerShell Forum: http://social.technet.microsoft.com/Forums/en-US/winserverpowershell/threads
Channel 9: http://channel9.msdn.com/tags/PowerShell
Wiki: http://channel9.msdn.com/wiki/default.aspx/Channel9.WindowsPowerShellWiki
Script Center: http://www.microsoft.com/technet/scriptcenter/hubs/msh.mspx
CodePlex: http://codeplex.com/Project/ProjectDirectory.aspx?TagName=powershell
Cri
PowerShell in Action by Bruce Payettehttp://manning.com/powershell
Windows PowerShell Cookbook by Lee Holmes http://www.oreilly.com/catalog/9780596528492/index.html
Professional Windows PowerShell Programming http://www.wrox.com/WileyCDA/WroxTitle/productCd-0470173939.html
www.itspark.ro
www.codecamp.ro
www.itcamp.ro
www.vimeo.com/channels/itcamp
Thanks!
Top Related