Technical update KVM and Red Hat Enterprise Virtualization (RHEV) by syedmshaaf

Technical update KVM and Red Hat
Enterprise Virtualization (RHEV)

Syed M Shaaf Klaus Oxdal
Solution Architect Strategic Alliance to IBM Nordics
Red Hat Red Hat

1 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf

IBM invests into KVM Development
Over 60 IBM programmers working on KVM as part of the community

Core KVM
Development Contributions to KVM in
Systems Linux 2.6 kernel
Management
Performance Company Changes Rate
and Memory Data Center Red Hat 352 31.8%
Networking
Intel 155 14.0%
Networking IBM 149 13.5%
and I/O Security and
Qumranet 143 12.9%
Reliability
AMD 97 8.8%
Cloud Early
Deployment

2 © 2011 IBM Corporation

Where IBM uses KVM
IBM Contributions to KVM
Over 60 IBM engineers and programmers working on KVM, Qemu and oVirt as part of
the open source community

IBM System x and PureSystems
IBM x86 servers for Linux and Windows support virtualization with KVM, as do IBM
PureFlex and PureApplication Systems support KVM which deliver hypervisor choice and
flexibility in next generation integrated systems

IBM zEnterprise
IBM System x Blades in the zEnterprise BladeCenter Extension (zBX) and Unified
Resource Manager support KVM.

+ IBM Systems Director VMControl
Automated virtualization management now also supported for KVM environments.

IBM Software Group Portfolio
KVM is a tier 1 virtualization technology for SWG with majority of SWG products
supporting KVM today. Tivoli system management solutions manage KVM

IBM SmartCloud Enterprise
Agile cloud computing infrastructure as a service (IaaS) designed to provide rapid access
to security-rich, enterprise-class virtual server environments, well suited for development
and test activities and other dynamic workloads uses KVM.

3
© 2011 IBM Corporation

INDUSTRY LEADING VIRTUALIZATION
PERFORMANCE ON SPECVIRT_SC2010

As of May 30, 2012, RHEV claims top 7 results and the only 8 socket server scores. SPEC® and the benchmark
name SPECvirt® are registered trademarks of the Standard Performance Evaluation Corporation.


Virtualizing the x86 architecture

● x86 architecture is difficult to virtualize
● CPU implements 4 privilege levels or “rings” - 0 thru 3
● Privileged kernels calls run in ring 0
● Applications / userspace run in ring 3
Application Application Application Application Ring 3

Ring 1 & 2

Operating System Ring 0

Physical
Hardware


Virtualizing the x86 architecture

● Hypervisor must run in ring 0
● Virtual machines run in ring 3
Problem :
The operating system kernel tries to privileged “ring 0” instructions.
Will cause machine fault


Challenges facing customers

● Performance
● Hardware emulation is slow compared to physical
hardware
● Also costly in terms of CPU
● Resulting in significant performance penalties for
virtualization

● Time keeping
● Many issues with clock skew for guests
● Time drift especially under load


KVM (Kernel-base Virtual Machine): Overview
● Integrated Hypervisor for Linux
● Converts Linux into a Type-1 Hypervisor
● Runs Windows, Linux and other guests
● Allows for Hybrid-mode operation
● Run regular Linux applications along side VM guests
● Upstream since Linux 2.6.20 (2007)
● Control over future evolution is held by linux development
community
● Supported in RHEL since v5.4 (Sept. 2009)
● Elegant, simple design reuses Linux and builds upon CPU
virtualization assistance


5 YEARS AND MORE..


Benefits of Linux KVM Model
• Leverages Linux – no need to re-invent the
wheel
– Built on trusted, stable enterprise grade
platform
– Scheduler, memory management, hardware
support etc.
– Ease of management – use same tools for
managing physical servers and hypervisors

• Advanced features
– Inherit scalability, NUMA support, power
management, hot-plug etc. from Linux –
others have to develop from scratch
– SELinux security, advanced scheduler,
RAS support etc.

• Hybrid-mode operation
– Run regular Linux applications side-by-
side with Virtual Machines on the same
server – much higher degree of hardware
efficiency

RHEV HYPERVISOR/KVM OVERVIEW

SMALL FORM FACTOR, SCALABLE,
HIGH PERFORMANCE ● Host: 160 logical CPU
(4,096 theoretical
max), 2 TB RAM
(64TB theoretical max)
● Guest: 64 vCPU,
512 GB RAM
● Supports latest silicon
virtualization
technology
● Based on the latest
RHEL 6 kernel
● Microsoft SVVP
certified

KVM Features
● KVM supports advanced memory management
● Leverages robust and scalable Linux virtual memory manager

Support for large memory systems > 1TB ram

● Support for NUMA

● Transparent memory page sharing

● Memory overcommit


Memory Page Sharing
● Implemented in loadable kernel module
● Kernel SamePage Merging (KSM)

● Kernel scans memory of virtual machines
● Looks for identical pages
● “Merges” identical pages
● Only stores one copy (read only) of shared memory
● If a guest changes the page it gets it's own private copy

● Significant hardware savings
● Better consolidation ratio
Allows more virtual machines to run per host


Memory Page Sharing

● Kernel Same-Page Merging (KSM)
● Memory Page Sharing
● Securely shares identical memory pages between
virtual machines


Thin Provisioning

● Allocate storage only when
needed
● Oversubscribe storage
● Transparent to virtual
machine
● Improve Storage Utilization
● Reduced Storage Costs
● Works with NFS, iSCSI and
Fiber Channel


Paravirtualized Drivers & VirtIO
● KVM provides an interface for paravirtualized drivers
● Paravirtualized drivers for block and network devices
● High performance disk and networking
● VirtIO
● Common framework for paravirtualized drivers
● Goal : To allow one set of drivers to be used for all hypervisors
● Upstream Linux kernels include virtio drivers for disk, network & clock
● PV drivers available for Windows Server 2000 -> 2008, XP and Vista
● Including WHQL certification


RED HAT ENTERPRISE VIRTUALIZATION
SECURITY
RHEV inherits the security features of
Linux and RHEL
SELinux security policy infrastructure
Provides protection and isolation
for virtual machines and host
Compromised virtual machine
cannot access other VMs or host
sVirt Project
Sub-project of NSA's SELinux
community. Provides “hardened”
hypervisors
Multilevel security. Isolate guests
Contain any hypervisor breaches


Security - SELinux to the rescue

SELinux is all about labeling
● Processes get labels – virtual machines with
KVM are processes
● Files and devices get labels – virtual images are
stored on files and devices
● Rules control how process labels interact with
file labels and other process labels
● The kernel enforces these rules


KVM guests are processes, so we can confine
them like processes


Compromised virtual machine guest
confined, despite its vulnerability


And of course, the guest operating system
can also run SELinux


Red Hat Enterprise
Virtualization


RHEV Overview


RHEV MANAGER FEATURES
● High Availability
● Live Migration
● Load Balancing (DRS)
● Power Saver (DPM)
● Templates, thin
provisioning, snapshots
● Centralized storage and
networking management
● V2V
● Power User Portal
● Reporting Engine


RHEV HYPERVISOR/KVM OVERVIEW

SMALL FORM FACTOR, SCALABLE,
HIGH PERFORMANCE ● Host: 160 logical CPU
(4,096 theoretical
max), 2 TB RAM
(64TB theoretical max)
● Guest: 64 vCPU,
512 GB RAM
● Supports latest silicon
virtualization
technology
● Based on the latest
RHEL 6 kernel
● Microsoft SVVP
certified

RHEV 3.0 ARCHITECTURE


RHEV-Manager is now a Java
application running on JBoss
EAP on RHEL

Backend database is now
PostgreSQL 8.4

New user portal, REST API,
Linux CLI

Support for multiple external
authentication sources

Red Hat IPA

Microsoft Active Directory


SPICE: EXCEPTIONAL USER EXPERIENCE


User experience comparable to
a local desktop PC

Bi-directional audio & video

VoIP & video conferencing

HD quality video

Hi resolution 2560x1600 (each)

Up to 4 monitors

USB redirection for nearly any
device

Smart Card/CAC authentication

Copy & paste


RHEV 3.0 REPORTING


Historical usage, trending,
quality of service

Integrated reporting engine
based on Jasper reports

Over 25 prebuilt reports and
dashboards included

Ability to create and customize
reports and templates


RHEV 3.0 - Integration

● Hook scripts are called at specific VM lifecycle events
● VDSM (management agent) Start

● Before VM start

● After VM start

● Before VM migration in/out

● After VM migration in/out

● Before and After VM Pause

● Before and After VM Continue

● Before and After VM Hibernate

● Before and After VM resume from hibernate

● On VM stop

● On VDSM Stop

➔Hooks can modify a virtual machines XML definition before VM start
➔Hooks can run system commands – e.g.. Apply firewall rule to VM


RHEV
Integration & API

Python SDK - Python SDK for developers


Thank you!
Syed M Shaaf Klaus Oxdal
Solution Architect Strategic Alliance to IBM Nordics
Red Hat Red Hat


Technical update KVM and Red Hat Enterprise Virtualization (RHEV) by syedmshaaf

More Related Content

What's hot

Viewers also liked

Similar to Technical update KVM and Red Hat Enterprise Virtualization (RHEV) by syedmshaaf

More from Syed Shaaf

Recently uploaded

Technical update KVM and Red Hat Enterprise Virtualization (RHEV) by syedmshaaf