[Click ONCE to show the bullets for each graphic] We typically break describe three key properties of virtual machines that are responsible for their powerful benefits. Let’s examine each one of those properties… The first key property is partitioning. Virtual machines allow a single computer to be divided into separated partitions that can each run an operating system and application stack concurrently. In fact, those virtual machines can be running completely different operating systems and software because they each have their own virtual storage locations, memory spaces and networking interfaces. A component of the VMware virtualization layer called the virtual machine monitor manages the concurrent execution of each virtual machine on the host system hardware. Typically we’d actually see a ratio of about 4 to 8 running virtual machines per physical CPU. The networking and storage features of virtual machines let you use them just as you would real machines in networked configurations or joined together in clusters for high-availability. 2. Our second critical feature is isolation which is critical for safe and reliable server consolidation. VMware Virtual machine monitors use the hardware protection features of the CPU to isolate the virtual machines from each other and the monitor. By basing our isolation on the hardware protection we get very strong isolation. In other words, there is unlikely to be a hole. Each virtual machine is isolated from the host and other VMs, in the sense that it doesn’t share a kernel or processes. In a real environment, what this means is that applications in one virtual machine can encounter viruses or blue screen their operating system, and there is no effect on any other virtual machine. In fact, we had the U.S. National Security Agency try to hack from one virtual machine to another for over a year and they couldn’t find any weaknesses to exploit. That proven isolation strength has led the NSA to approve VMware technology for running insecure off-the-shelf software on their secure machines. Resource controls & isolation features give application owners full protection from the stability and performance problems of other applications. A virtual machine with an application leaking memory or a runaway process consuming CPU can only use as much of the host resources as you’ve allocated to that virtual machine. The neighboring virtual machines will retain their allocations of CPU, memory, disk I/O and network I/O. Isolation and resource controls r emoves end user objections to server consolidation because you can guarantee service levels and security. 3. Our third primary feature of virtual machines is encapsulation. The complete state of a virtual machine – memory, disk storage, I/O device and CPU state, and virtual hardware configuration – is stored in a small set of files. These files are hardware independent so you can move a virtual machine from one x86 system – say a Dell server– to another – say an IBM server – and that virtual machine will run with no changes necessary as long as the VMware virtualization layer is present. An encapsulated virtual machine is at a minimum just the virtual machine configuration file (a small text file defining the virtual machine’s properties) and the virtual disk file that contains its installed operating system. A snapshot of a running virtual machine would add files encapsulating the memory and processor state of the virtual machine so that a point-in-time image of a running virtual machine can be saved and reverted to at any time. Encapsulation means that your ability to copy, save, and move virtual machines wherever and whenever you need them is as simple as copying a directory of files.
ESX Server differs from VMware’s other platform products in that it uses a bare-metal or hypervisor architecture. The ESX Server virtualization layer (the VMkernel) is the first software installed on the x86 host. Once ESX Server is installed, the virtual machines can be created and run. This differs substantially from the other VMware platform products like Workstation and GSX Server. Those products use a hosted architecture where the virtualization layer is installed on a Windows or Linux host operating system much like a traditional application. Each approach has pros and cons, but the bare-metal architecture of ESX Server is better suited to the demands of production server virtualization in the datacenter. Hosted Architecture Characteristics: The host operating system provides the device drivers needed for virtual machines to access resources such as network interface cards, storage adapters or I/O ports. That means any device connected to the host can be used by the virtual machines, eliminating the need for a hardware compatibility list. The VMware virtualization layer in VMware Workstation or GSX Server installs like an application making the setup appropriate for novice users and it allows conventional host OS applications to run alongside the virtual machines. Bare-metal Architecture Characteristics By running directly on the x86 hardware, performance overhead of virtualization is minimized. Disk and network I/O performance is more efficient with the use of idealized device drivers in the virtual machines that avoid the need to pass I/O through an additional layer of host OS device drivers. Because the virtualization layer is providing hardware device support, it is important that only certified servers and connected devices be used with ESX Server. ESX Server has a hardware compatibility list published by VMware. Before installing ESX Server, confirm that your server, network adapters, storage adapters and storage networks are supported. The ESX Server virtualization layer is much smaller than a typical host operating system -- about 200,000 lines of custom-written code compared to tens of millions of lines of code. That, combined with the lack of a networking stack and user logins in the ESX Server VMkernel, means that ESX Server is a much more reliable and secure platform for critical virtual machines than a hosted product can be. Having complete control over hardware resources also allows ESX Server to offer advanced value-added features like VMotion.
Additional Notes Each virtual machine has a total of 5 virtual PCI slots, therefore the total number of virtual adapters, SCSI plus Ethernet, cannot be greater than 5. Sound and IDE disks are not supported on ESX.
When any amount of downtime is unacceptable, VMware offers the revolutionary VMotion feature as an add-on to VirtualCenter and as a component in the VMware ESX Server Virtual Infrastructure Node Bundle. VMotion is a unique VMware technology that allows a running virtual machine to be migrated between ESX Server hosts with zero-downtime, uninterrupted user sessions, and no loss of network connectivity. Virtual Infrastructure and VMotion for the first time deliver on the promise of utility computing initiatives that assume the ability to freely shift services across a pool of computing resources. Only with VMotion technology and the hardware-independent encapsulation of complete servers provided by VMware virtualization has that promise been finally fulfilled. With VMotion, you now have full freedom to migrate running servers across any hosts in your datacenter to balance workloads, respond to changing demands and perform hardware maintenance with zero-downtime.
Resource pools - a new capability in VMware Infrastructure 3 – allow you to organize your IT environment around your business, not your hardware. Resource pool is a collection of hardware resources including processor, memory, disk and networking that is aggregated by VMware Infrastructure into a Abstraction of resources from hardware . Manage resources independently of the physical servers that contribute the resources. Flexible hierarchical organization . Organize resource pools hierarchically to match available IT resources to the business organization: individual business units can receive dedicated infrastructure while still profiting from the efficiency of resource pooling. Resource pools ensure that resource utilization is maximized while business units retain control and autonomy of their infrastructure. Resource pools can be flexibly added, removed, or reorganized as business needs or organization change. Isolation between resource pools . Make allocation changes within a resource pool without impacting other unrelated resource pools. For example, any allocation changes in the resource pool dedicated to a given business unit do not impact other resource pools Management of sets of virtual machines running a distributed application. Optimize the service level of distributed applications by controlling the aggregate allocation of resources for the entire set of virtual machines running the distributed application.
Virtualization Performance H. Reza Taheri Senior Staff Eng. VMware
ESX Server Architecture Hardware Device Drivers Storage Stack Network Stack VMM VMM VMkernel POSIX API VMX VMX Peripheral Device Drivers Management Agents and Interfaces Service Console VMX VMX VMM VMM Resource Management VM VM VM VM
Virtual Machines in ESX Server (Up to 2 CD-ROMs) 1-4 ports 1-4 ports 1-4 adapters 1-4 adapters; 1-15 devices each Up to 16GB RAM 1-2 drives VM Chipset 1 CPU (4 CPUs with VMware SMP)
Failed server mean less resources not a failed application
Dedicated (virtual) infrastructure for each business unit; central IT retains control over hardware
Delegation of resource and virtual machine management down to the business unit
Management of an entire SOA application stack as a single entity
Aggregate collections of disparate hardware resources into unified logical resource pools Servers, Storage, Networking Business Unit Aggregate Resources Resource Pool 2 CPU 36GHz, Mem 58GB Priority HIGH Resource Pool 3 CPU 12GHz, Mem 22GB Priority LOW CPU 48 GHz, Mem 80GB Department A Department B
VMware HA: Restart VMs if ESX Server fails Virtual Machine Virtual Machine Virtual Machine Virtual Machine Virtual Machine Virtual Machine Virtual Machine Virtual Machine X VC