Technical update KVM and Red Hat
     Enterprise Virtualization (RHEV)

Syed M Shaaf                    Klaus Oxdal
Solution Architect              Strategic Alliance to IBM Nordics
Red Hat                         Red Hat




1                    KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
IBM invests into KVM Development
Over 60 IBM programmers working on KVM as part of the community

    Core KVM
    Development                             Contributions to KVM in
                   Systems                  Linux 2.6 kernel
                   Management
     Performance                       Company     Changes         Rate
    and Memory     Data Center          Red Hat       352        31.8%
                   Networking
                                         Intel        155        14.0%
    Networking                           IBM          149        13.5%
    and I/O        Security and
                                      Qumranet        143        12.9%
                   Reliability
                                         AMD           97          8.8%
    Cloud Early
    Deployment




2                                                              © 2011 IBM Corporation
Where IBM uses KVM
                 IBM Contributions to KVM
                     Over 60 IBM engineers and programmers working on KVM, Qemu and oVirt as part of
                     the open source community

                 IBM System x and PureSystems
                     IBM x86 servers for Linux and Windows support virtualization with KVM, as do IBM
                     PureFlex and PureApplication Systems support KVM which deliver hypervisor choice and
                     flexibility in next generation integrated systems

                 IBM zEnterprise
                     IBM System x Blades in the zEnterprise BladeCenter Extension (zBX) and Unified
                     Resource Manager support KVM.

    +            IBM Systems Director VMControl
                     Automated virtualization management now also supported for KVM environments.

                 IBM Software Group Portfolio
                     KVM is a tier 1 virtualization technology for SWG with majority of SWG products
                     supporting KVM today. Tivoli system management solutions manage KVM

                 IBM SmartCloud Enterprise
                     Agile cloud computing infrastructure as a service (IaaS) designed to provide rapid access
                     to security-rich, enterprise-class virtual server environments, well suited for development
                     and test activities and other dynamic workloads uses KVM.




3
                                                                               © 2011 IBM Corporation
INDUSTRY LEADING VIRTUALIZATION
PERFORMANCE ON SPECVIRT_SC2010




As of May 30, 2012, RHEV claims top 7 results and the only 8 socket server scores. SPEC® and the benchmark
name SPECvirt® are registered trademarks of the Standard Performance Evaluation Corporation.




4                                    KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
Virtualizing the x86 architecture

    ●   x86 architecture is difficult to virtualize
    ●   CPU implements 4 privilege levels or “rings” - 0 thru 3
    ●   Privileged kernels calls run in ring 0
    ●   Applications / userspace run in ring 3
        Application   Application   Application       Application        Ring 3

                                                                         Ring 1 & 2

                      Operating System                                   Ring 0


        Physical
        Hardware




5                                       KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
Virtualizing the x86 architecture

    ●   Hypervisor must run in ring 0
    ●   Virtual machines run in ring 3
        Problem   :
              The operating system kernel tries to privileged “ring 0” instructions.
              Will cause machine fault




6                            KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
Challenges facing customers

    ●   Performance
        ●   Hardware emulation is slow compared to physical
            hardware
        ●   Also costly in terms of CPU
        ●   Resulting in significant performance penalties for
            virtualization

    ●   Time keeping
        ●   Many issues with clock skew for guests
        ●   Time drift especially under load


7                          KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
KVM (Kernel-base Virtual Machine): Overview
    ●   Integrated Hypervisor for Linux
    ●   Converts Linux into a Type-1 Hypervisor
    ●   Runs Windows, Linux and other guests
    ●   Allows for Hybrid-mode operation
         ●   Run regular Linux applications along side VM guests
    ●   Upstream since Linux 2.6.20 (2007)
    ●   Control over future evolution is held by linux development
        community
    ●   Supported in RHEL since v5.4 (Sept. 2009)
    ●   Elegant, simple design reuses Linux and builds upon CPU
        virtualization assistance

8                           KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
5 YEARS AND MORE..




9            KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
Benefits of Linux KVM Model
• Leverages Linux – no need to re-invent the
  wheel
   – Built on trusted, stable enterprise grade
     platform
   – Scheduler, memory management, hardware
     support etc.
   – Ease of management – use same tools for
     managing physical servers and hypervisors

• Advanced features
   – Inherit scalability, NUMA support, power
     management, hot-plug etc. from Linux –
     others have to develop from scratch
   – SELinux security, advanced scheduler,
     RAS support etc.

• Hybrid-mode operation
   – Run regular Linux applications side-by-
     side with Virtual Machines on the same
     server – much higher degree of hardware
     efficiency
10                        KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
RHEV HYPERVISOR/KVM OVERVIEW

     SMALL FORM FACTOR, SCALABLE,
          HIGH PERFORMANCE                                      ●    Host: 160 logical CPU
                                                                     (4,096 theoretical
                                                                     max), 2 TB RAM
                                                                     (64TB theoretical max)
                                                                ●    Guest: 64 vCPU,
                                                                     512 GB RAM
                                                                ●    Supports latest silicon
                                                                     virtualization
                                                                     technology
                                                                ●    Based on the latest
                                                                     RHEL 6 kernel
                                                                ●    Microsoft SVVP
                                                                     certified
11                    KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
KVM Features
 ●   KVM supports advanced memory management
      ●   Leverages robust and scalable Linux virtual memory manager


     Support for large memory systems > 1TB ram

 ●   Support for NUMA

 ●   Transparent memory page sharing

 ●   Memory overcommit




12                          KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
Memory Page Sharing
 ●   Implemented in loadable kernel module
      ●   Kernel SamePage Merging (KSM)

 ●   Kernel scans memory of virtual machines
      ●   Looks for identical pages
      ●   “Merges” identical pages
      ●   Only stores one copy (read only) of shared memory
      ●   If a guest changes the page it gets it's own private copy

 ●   Significant hardware savings
      ●   Better consolidation ratio
          Allows more virtual machines to run per host



13                           KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
Memory Page Sharing

 ●   Kernel Same-Page Merging (KSM)
     ●   Memory Page Sharing
     ●   Securely shares identical memory pages between
         virtual machines




14                    KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
Thin Provisioning


     ●   Allocate storage only when
         needed
     ●   Oversubscribe storage
     ●   Transparent to virtual
         machine
     ●   Improve Storage Utilization
     ●   Reduced Storage Costs
     ●   Works with NFS, iSCSI and
         Fiber Channel


15                      KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
Paravirtualized Drivers & VirtIO
 ●   KVM provides an interface for paravirtualized drivers
      ●   Paravirtualized drivers for block and network devices
      ●   High performance disk and networking
 ●   VirtIO
      ●   Common framework for paravirtualized drivers
      ●   Goal : To allow one set of drivers to be used for all hypervisors
      ●   Upstream Linux kernels include virtio drivers for disk, network & clock
      ●   PV drivers available for Windows Server 2000 -> 2008, XP and Vista
           ●   Including WHQL certification




16                            KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
RED HAT ENTERPRISE VIRTUALIZATION
SECURITY
 RHEV inherits the security features of
 Linux and RHEL
 SELinux security policy infrastructure
     Provides protection and isolation
     for virtual machines and host
     Compromised virtual machine
     cannot access other VMs or host
 sVirt Project
     Sub-project of NSA's SELinux
     community. Provides “hardened”
     hypervisors
     Multilevel security. Isolate guests
     Contain any hypervisor breaches




17                            KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
Security - SELinux to the rescue

          SELinux is all about labeling
          ●   Processes get labels – virtual machines with
              KVM are processes
          ●   Files and devices get labels – virtual images are
              stored on files and devices
          ●   Rules control how process labels interact with
              file labels and other process labels
          ●   The kernel enforces these rules




18                     KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
KVM guests are processes, so we can confine
them like processes




19             KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
Compromised virtual machine guest
     confined, despite its vulnerability




20             KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
And of course, the guest operating system
     can also run SELinux




21             KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
Red Hat Enterprise
       Virtualization




22       KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
RHEV Overview




23              KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
RED HAT ENTERPRISE VIRTUALIZATION
RHEV MANAGER FEATURES
                                                       ●    High Availability
                                                       ●    Live Migration
                                                       ●    Load Balancing (DRS)
                                                       ●    Power Saver (DPM)
                                                       ●    Templates, thin
                                                            provisioning, snapshots
                                                       ●    Centralized storage and
                                                            networking management
                                                       ●    V2V
                                                       ●    Power User Portal
                                                       ●    Reporting Engine


24           KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
RHEV HYPERVISOR/KVM OVERVIEW

     SMALL FORM FACTOR, SCALABLE,
          HIGH PERFORMANCE                                      ●    Host: 160 logical CPU
                                                                     (4,096 theoretical
                                                                     max), 2 TB RAM
                                                                     (64TB theoretical max)
                                                                ●    Guest: 64 vCPU,
                                                                     512 GB RAM
                                                                ●    Supports latest silicon
                                                                     virtualization
                                                                     technology
                                                                ●    Based on the latest
                                                                     RHEL 6 kernel
                                                                ●    Microsoft SVVP
                                                                     certified
25                    KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
RHEV 3.0 ARCHITECTURE


                                                        
                                                            RHEV-Manager is now a Java
                                                            application running on JBoss
                                                            EAP on RHEL
                                                        
                                                            Backend database is now
                                                            PostgreSQL 8.4
                                                        
                                                            New user portal, REST API,
                                                            Linux CLI
                                                        
                                                            Support for multiple external
                                                            authentication sources
                                                              
                                                                Red Hat IPA
                                                              
                                                                Microsoft Active Directory




26           KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
SPICE: EXCEPTIONAL USER EXPERIENCE

 
     User experience comparable to
     a local desktop PC
      
          Bi-directional audio & video
      
          VoIP & video conferencing
      
          HD quality video
      
          Hi resolution 2560x1600 (each)
      
          Up to 4 monitors
      
          USB redirection for nearly any
          device
      
          Smart Card/CAC authentication
      
          Copy & paste



27                           KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
RHEV 3.0 REPORTING


  Historical usage, trending,
  quality of service

  Integrated reporting engine
  based on Jasper reports

  Over 25 prebuilt reports and
  dashboards included

  Ability to create and customize
  reports and templates




28                   KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
RHEV 3.0 - Integration

     ●   Hook scripts are called at specific VM lifecycle events
         ● VDSM (management agent) Start

         ● Before VM start

         ● After VM start

         ● Before VM migration in/out

         ● After VM migration in/out

         ● Before and After VM Pause

         ● Before and After VM Continue

         ● Before and After VM Hibernate

         ● Before and After VM resume from hibernate

         ● On VM stop

         ● On VDSM Stop




     ➔Hooks can modify a virtual machines XML definition before VM start
     ➔Hooks can run system commands – e.g.. Apply firewall rule to VM




29                                 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
RED HAT ENTERPRISE VIRTUALIZATION
RHEV
             Integration & API

Python SDK   - Python SDK for developers




30                KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
Thank you!
Syed M Shaaf         Klaus Oxdal
Solution Architect   Strategic Alliance to IBM Nordics
Red Hat              Red Hat




 31                  KVM / Red Hat Enterprise Virtualization | Syed M Shaaf

Technical update KVM and Red Hat Enterprise Virtualization (RHEV) by syedmshaaf

  • 1.
    Technical update KVMand Red Hat Enterprise Virtualization (RHEV) Syed M Shaaf Klaus Oxdal Solution Architect Strategic Alliance to IBM Nordics Red Hat Red Hat 1 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
  • 2.
    IBM invests intoKVM Development Over 60 IBM programmers working on KVM as part of the community Core KVM Development Contributions to KVM in Systems Linux 2.6 kernel Management Performance Company Changes Rate and Memory Data Center Red Hat 352 31.8% Networking Intel 155 14.0% Networking IBM 149 13.5% and I/O Security and Qumranet 143 12.9% Reliability AMD 97 8.8% Cloud Early Deployment 2 © 2011 IBM Corporation
  • 3.
    Where IBM usesKVM IBM Contributions to KVM Over 60 IBM engineers and programmers working on KVM, Qemu and oVirt as part of the open source community IBM System x and PureSystems IBM x86 servers for Linux and Windows support virtualization with KVM, as do IBM PureFlex and PureApplication Systems support KVM which deliver hypervisor choice and flexibility in next generation integrated systems IBM zEnterprise IBM System x Blades in the zEnterprise BladeCenter Extension (zBX) and Unified Resource Manager support KVM. + IBM Systems Director VMControl Automated virtualization management now also supported for KVM environments. IBM Software Group Portfolio KVM is a tier 1 virtualization technology for SWG with majority of SWG products supporting KVM today. Tivoli system management solutions manage KVM IBM SmartCloud Enterprise Agile cloud computing infrastructure as a service (IaaS) designed to provide rapid access to security-rich, enterprise-class virtual server environments, well suited for development and test activities and other dynamic workloads uses KVM. 3 © 2011 IBM Corporation
  • 4.
    INDUSTRY LEADING VIRTUALIZATION PERFORMANCEON SPECVIRT_SC2010 As of May 30, 2012, RHEV claims top 7 results and the only 8 socket server scores. SPEC® and the benchmark name SPECvirt® are registered trademarks of the Standard Performance Evaluation Corporation. 4 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
  • 5.
    Virtualizing the x86architecture ● x86 architecture is difficult to virtualize ● CPU implements 4 privilege levels or “rings” - 0 thru 3 ● Privileged kernels calls run in ring 0 ● Applications / userspace run in ring 3 Application Application Application Application Ring 3 Ring 1 & 2 Operating System Ring 0 Physical Hardware 5 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
  • 6.
    Virtualizing the x86architecture ● Hypervisor must run in ring 0 ● Virtual machines run in ring 3 Problem : The operating system kernel tries to privileged “ring 0” instructions. Will cause machine fault 6 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
  • 7.
    Challenges facing customers ● Performance ● Hardware emulation is slow compared to physical hardware ● Also costly in terms of CPU ● Resulting in significant performance penalties for virtualization ● Time keeping ● Many issues with clock skew for guests ● Time drift especially under load 7 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
  • 8.
    KVM (Kernel-base VirtualMachine): Overview ● Integrated Hypervisor for Linux ● Converts Linux into a Type-1 Hypervisor ● Runs Windows, Linux and other guests ● Allows for Hybrid-mode operation ● Run regular Linux applications along side VM guests ● Upstream since Linux 2.6.20 (2007) ● Control over future evolution is held by linux development community ● Supported in RHEL since v5.4 (Sept. 2009) ● Elegant, simple design reuses Linux and builds upon CPU virtualization assistance 8 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
  • 9.
    5 YEARS ANDMORE.. 9 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
  • 10.
    Benefits of LinuxKVM Model • Leverages Linux – no need to re-invent the wheel – Built on trusted, stable enterprise grade platform – Scheduler, memory management, hardware support etc. – Ease of management – use same tools for managing physical servers and hypervisors • Advanced features – Inherit scalability, NUMA support, power management, hot-plug etc. from Linux – others have to develop from scratch – SELinux security, advanced scheduler, RAS support etc. • Hybrid-mode operation – Run regular Linux applications side-by- side with Virtual Machines on the same server – much higher degree of hardware efficiency 10 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
  • 11.
    RHEV HYPERVISOR/KVM OVERVIEW SMALL FORM FACTOR, SCALABLE, HIGH PERFORMANCE ● Host: 160 logical CPU (4,096 theoretical max), 2 TB RAM (64TB theoretical max) ● Guest: 64 vCPU, 512 GB RAM ● Supports latest silicon virtualization technology ● Based on the latest RHEL 6 kernel ● Microsoft SVVP certified 11 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
  • 12.
    KVM Features ● KVM supports advanced memory management ● Leverages robust and scalable Linux virtual memory manager Support for large memory systems > 1TB ram ● Support for NUMA ● Transparent memory page sharing ● Memory overcommit 12 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
  • 13.
    Memory Page Sharing ● Implemented in loadable kernel module ● Kernel SamePage Merging (KSM) ● Kernel scans memory of virtual machines ● Looks for identical pages ● “Merges” identical pages ● Only stores one copy (read only) of shared memory ● If a guest changes the page it gets it's own private copy ● Significant hardware savings ● Better consolidation ratio Allows more virtual machines to run per host 13 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
  • 14.
    Memory Page Sharing ● Kernel Same-Page Merging (KSM) ● Memory Page Sharing ● Securely shares identical memory pages between virtual machines 14 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
  • 15.
    Thin Provisioning ● Allocate storage only when needed ● Oversubscribe storage ● Transparent to virtual machine ● Improve Storage Utilization ● Reduced Storage Costs ● Works with NFS, iSCSI and Fiber Channel 15 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
  • 16.
    Paravirtualized Drivers &VirtIO ● KVM provides an interface for paravirtualized drivers ● Paravirtualized drivers for block and network devices ● High performance disk and networking ● VirtIO ● Common framework for paravirtualized drivers ● Goal : To allow one set of drivers to be used for all hypervisors ● Upstream Linux kernels include virtio drivers for disk, network & clock ● PV drivers available for Windows Server 2000 -> 2008, XP and Vista ● Including WHQL certification 16 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
  • 17.
    RED HAT ENTERPRISEVIRTUALIZATION SECURITY RHEV inherits the security features of Linux and RHEL SELinux security policy infrastructure Provides protection and isolation for virtual machines and host Compromised virtual machine cannot access other VMs or host sVirt Project Sub-project of NSA's SELinux community. Provides “hardened” hypervisors Multilevel security. Isolate guests Contain any hypervisor breaches 17 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
  • 18.
    Security - SELinuxto the rescue SELinux is all about labeling ● Processes get labels – virtual machines with KVM are processes ● Files and devices get labels – virtual images are stored on files and devices ● Rules control how process labels interact with file labels and other process labels ● The kernel enforces these rules 18 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
  • 19.
    KVM guests areprocesses, so we can confine them like processes 19 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
  • 20.
    Compromised virtual machineguest confined, despite its vulnerability 20 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
  • 21.
    And of course,the guest operating system can also run SELinux 21 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
  • 22.
    Red Hat Enterprise Virtualization 22 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
  • 23.
    RHEV Overview 23 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
  • 24.
    RED HAT ENTERPRISEVIRTUALIZATION RHEV MANAGER FEATURES ● High Availability ● Live Migration ● Load Balancing (DRS) ● Power Saver (DPM) ● Templates, thin provisioning, snapshots ● Centralized storage and networking management ● V2V ● Power User Portal ● Reporting Engine 24 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
  • 25.
    RHEV HYPERVISOR/KVM OVERVIEW SMALL FORM FACTOR, SCALABLE, HIGH PERFORMANCE ● Host: 160 logical CPU (4,096 theoretical max), 2 TB RAM (64TB theoretical max) ● Guest: 64 vCPU, 512 GB RAM ● Supports latest silicon virtualization technology ● Based on the latest RHEL 6 kernel ● Microsoft SVVP certified 25 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
  • 26.
    RHEV 3.0 ARCHITECTURE  RHEV-Manager is now a Java application running on JBoss EAP on RHEL  Backend database is now PostgreSQL 8.4  New user portal, REST API, Linux CLI  Support for multiple external authentication sources  Red Hat IPA  Microsoft Active Directory 26 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
  • 27.
    SPICE: EXCEPTIONAL USEREXPERIENCE  User experience comparable to a local desktop PC  Bi-directional audio & video  VoIP & video conferencing  HD quality video  Hi resolution 2560x1600 (each)  Up to 4 monitors  USB redirection for nearly any device  Smart Card/CAC authentication  Copy & paste 27 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
  • 28.
    RHEV 3.0 REPORTING  Historical usage, trending, quality of service  Integrated reporting engine based on Jasper reports  Over 25 prebuilt reports and dashboards included  Ability to create and customize reports and templates 28 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
  • 29.
    RHEV 3.0 -Integration ● Hook scripts are called at specific VM lifecycle events ● VDSM (management agent) Start ● Before VM start ● After VM start ● Before VM migration in/out ● After VM migration in/out ● Before and After VM Pause ● Before and After VM Continue ● Before and After VM Hibernate ● Before and After VM resume from hibernate ● On VM stop ● On VDSM Stop ➔Hooks can modify a virtual machines XML definition before VM start ➔Hooks can run system commands – e.g.. Apply firewall rule to VM 29 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
  • 30.
    RED HAT ENTERPRISEVIRTUALIZATION RHEV Integration & API Python SDK - Python SDK for developers 30 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
  • 31.
    Thank you! Syed MShaaf Klaus Oxdal Solution Architect Strategic Alliance to IBM Nordics Red Hat Red Hat 31 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf