Technical update KVM and Red Hat Enterprise Virtualization (RHEV) by syedmshaaf
1. Technical update KVM and Red Hat
Enterprise Virtualization (RHEV)
Syed M Shaaf Klaus Oxdal
Solution Architect Strategic Alliance to IBM Nordics
Red Hat Red Hat
1 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
4. INDUSTRY LEADING VIRTUALIZATION
PERFORMANCE ON SPECVIRT_SC2010
As of May 30, 2012, RHEV claims top 7 results and the only 8 socket server scores. SPEC® and the benchmark
name SPECvirt® are registered trademarks of the Standard Performance Evaluation Corporation.
4 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
5. Virtualizing the x86 architecture
● x86 architecture is difficult to virtualize
● CPU implements 4 privilege levels or “rings” - 0 thru 3
● Privileged kernels calls run in ring 0
● Applications / userspace run in ring 3
Application Application Application Application Ring 3
Ring 1 & 2
Operating System Ring 0
Physical
Hardware
5 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
6. Virtualizing the x86 architecture
● Hypervisor must run in ring 0
● Virtual machines run in ring 3
Problem :
The operating system kernel tries to privileged “ring 0” instructions.
Will cause machine fault
6 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
7. Challenges facing customers
● Performance
● Hardware emulation is slow compared to physical
hardware
● Also costly in terms of CPU
● Resulting in significant performance penalties for
virtualization
● Time keeping
● Many issues with clock skew for guests
● Time drift especially under load
7 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
8. KVM (Kernel-base Virtual Machine): Overview
● Integrated Hypervisor for Linux
● Converts Linux into a Type-1 Hypervisor
● Runs Windows, Linux and other guests
● Allows for Hybrid-mode operation
● Run regular Linux applications along side VM guests
● Upstream since Linux 2.6.20 (2007)
● Control over future evolution is held by linux development
community
● Supported in RHEL since v5.4 (Sept. 2009)
● Elegant, simple design reuses Linux and builds upon CPU
virtualization assistance
8 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
9. 5 YEARS AND MORE..
9 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
10. Benefits of Linux KVM Model
• Leverages Linux – no need to re-invent the
wheel
– Built on trusted, stable enterprise grade
platform
– Scheduler, memory management, hardware
support etc.
– Ease of management – use same tools for
managing physical servers and hypervisors
• Advanced features
– Inherit scalability, NUMA support, power
management, hot-plug etc. from Linux –
others have to develop from scratch
– SELinux security, advanced scheduler,
RAS support etc.
• Hybrid-mode operation
– Run regular Linux applications side-by-
side with Virtual Machines on the same
server – much higher degree of hardware
efficiency
10 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
11. RHEV HYPERVISOR/KVM OVERVIEW
SMALL FORM FACTOR, SCALABLE,
HIGH PERFORMANCE ● Host: 160 logical CPU
(4,096 theoretical
max), 2 TB RAM
(64TB theoretical max)
● Guest: 64 vCPU,
512 GB RAM
● Supports latest silicon
virtualization
technology
● Based on the latest
RHEL 6 kernel
● Microsoft SVVP
certified
11 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
12. KVM Features
● KVM supports advanced memory management
● Leverages robust and scalable Linux virtual memory manager
Support for large memory systems > 1TB ram
● Support for NUMA
● Transparent memory page sharing
● Memory overcommit
12 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
13. Memory Page Sharing
● Implemented in loadable kernel module
● Kernel SamePage Merging (KSM)
● Kernel scans memory of virtual machines
● Looks for identical pages
● “Merges” identical pages
● Only stores one copy (read only) of shared memory
● If a guest changes the page it gets it's own private copy
● Significant hardware savings
● Better consolidation ratio
Allows more virtual machines to run per host
13 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
14. Memory Page Sharing
● Kernel Same-Page Merging (KSM)
● Memory Page Sharing
● Securely shares identical memory pages between
virtual machines
14 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
15. Thin Provisioning
● Allocate storage only when
needed
● Oversubscribe storage
● Transparent to virtual
machine
● Improve Storage Utilization
● Reduced Storage Costs
● Works with NFS, iSCSI and
Fiber Channel
15 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
16. Paravirtualized Drivers & VirtIO
● KVM provides an interface for paravirtualized drivers
● Paravirtualized drivers for block and network devices
● High performance disk and networking
● VirtIO
● Common framework for paravirtualized drivers
● Goal : To allow one set of drivers to be used for all hypervisors
● Upstream Linux kernels include virtio drivers for disk, network & clock
● PV drivers available for Windows Server 2000 -> 2008, XP and Vista
● Including WHQL certification
16 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
17. RED HAT ENTERPRISE VIRTUALIZATION
SECURITY
RHEV inherits the security features of
Linux and RHEL
SELinux security policy infrastructure
Provides protection and isolation
for virtual machines and host
Compromised virtual machine
cannot access other VMs or host
sVirt Project
Sub-project of NSA's SELinux
community. Provides “hardened”
hypervisors
Multilevel security. Isolate guests
Contain any hypervisor breaches
17 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
18. Security - SELinux to the rescue
SELinux is all about labeling
● Processes get labels – virtual machines with
KVM are processes
● Files and devices get labels – virtual images are
stored on files and devices
● Rules control how process labels interact with
file labels and other process labels
● The kernel enforces these rules
18 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
19. KVM guests are processes, so we can confine
them like processes
19 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
20. Compromised virtual machine guest
confined, despite its vulnerability
20 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
21. And of course, the guest operating system
can also run SELinux
21 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
22. Red Hat Enterprise
Virtualization
22 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
23. RHEV Overview
23 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
24. RED HAT ENTERPRISE VIRTUALIZATION
RHEV MANAGER FEATURES
● High Availability
● Live Migration
● Load Balancing (DRS)
● Power Saver (DPM)
● Templates, thin
provisioning, snapshots
● Centralized storage and
networking management
● V2V
● Power User Portal
● Reporting Engine
24 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
25. RHEV HYPERVISOR/KVM OVERVIEW
SMALL FORM FACTOR, SCALABLE,
HIGH PERFORMANCE ● Host: 160 logical CPU
(4,096 theoretical
max), 2 TB RAM
(64TB theoretical max)
● Guest: 64 vCPU,
512 GB RAM
● Supports latest silicon
virtualization
technology
● Based on the latest
RHEL 6 kernel
● Microsoft SVVP
certified
25 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
26. RHEV 3.0 ARCHITECTURE
RHEV-Manager is now a Java
application running on JBoss
EAP on RHEL
Backend database is now
PostgreSQL 8.4
New user portal, REST API,
Linux CLI
Support for multiple external
authentication sources
Red Hat IPA
Microsoft Active Directory
26 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
27. SPICE: EXCEPTIONAL USER EXPERIENCE
User experience comparable to
a local desktop PC
Bi-directional audio & video
VoIP & video conferencing
HD quality video
Hi resolution 2560x1600 (each)
Up to 4 monitors
USB redirection for nearly any
device
Smart Card/CAC authentication
Copy & paste
27 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
28. RHEV 3.0 REPORTING
Historical usage, trending,
quality of service
Integrated reporting engine
based on Jasper reports
Over 25 prebuilt reports and
dashboards included
Ability to create and customize
reports and templates
28 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
29. RHEV 3.0 - Integration
● Hook scripts are called at specific VM lifecycle events
● VDSM (management agent) Start
● Before VM start
● After VM start
● Before VM migration in/out
● After VM migration in/out
● Before and After VM Pause
● Before and After VM Continue
● Before and After VM Hibernate
● Before and After VM resume from hibernate
● On VM stop
● On VDSM Stop
➔Hooks can modify a virtual machines XML definition before VM start
➔Hooks can run system commands – e.g.. Apply firewall rule to VM
29 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
30. RED HAT ENTERPRISE VIRTUALIZATION
RHEV
Integration & API
Python SDK - Python SDK for developers
30 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf
31. Thank you!
Syed M Shaaf Klaus Oxdal
Solution Architect Strategic Alliance to IBM Nordics
Red Hat Red Hat
31 KVM / Red Hat Enterprise Virtualization | Syed M Shaaf