Tudy Virtualizare Si Private Cloud 2014

Tudor DamianIT Solutions SpecialistVirtual Machine MVP

tudy.tel

IaaS, Private Cloud i Virtualizare

Agenda

Private Cloud i IaaS - introducere

Arhitecturi de virtualizare

Soluii existente Type 1 (bare-metal)

Full / paravirtualized (VMWare, Hyper-V, Xen)

Type 2 (hosted) OS-assisted (KVM, VirtualBox, Virtuozzo/OpenVZ)

Studiu de caz: Hyper-V & System Center Hyper-V 2012

System Center 2012 SP1

Interoperabilitate / Migrri P2V-V2V

Management / Monitorizare / Scripting

Protecia datelor / High-Availability

Private Cloud i IaaS

Surs imagine: wordle.net

dac la nceput lumea era destul de reticent...

acum toi muli vor s se mute

n nor

...dar tiu toi la ce s se atepte?

Varianta tradiional, ineficient

TIME

IT C

AP

AC

ITY

Actual Load

Allocated IT-capacities

Waste of capacities

Under-supply of capacities

Load Forecast

Barrier forinnovations

Source: Microsoft Cloud Continuum

ntr-un Cloud, totul e mult mai dinamic

Actual Load

Allocated IT capacities

Reduction of initial

investments

Reduction of over-supply

No under-supply

Possible reduction of IT-capacities

in case of reduced load

Time

IT C

APA

CIT

Y

Load Forecast


Usage

Co

mp

ute

Time

Average

Inactivity

Period

On and Off

Co

mp

ute

Time

Unpredictable Bursting

Average Usage

Average Usage

Co

mp

ute

Time

Growing Fast

Co

mp

ute

Time

Average Usage

Predictable Bursting

Workload patterns n Cloud


Private(On-Premise)

Storage

Server HW

Networking

Servers

Databases

Virtualization

Runtimes

Applications

Security

You

man

ag

e

Infrastructure(as a Service)

Storage

Server HW

Networking

Servers

Databases

Virtualization

Runtimes

Applications

Security

Man

ag

ed

by v

en

do

r

Yo

u m

an

ag

e

Platform(as a Service)

Storage

Server HW

Networking

Servers

Databases

Virtualization

Runtimes

Applications

SecurityM

an

ag

ed

by ve

nd

or

Yo

u m

an

ag

e

Software(as a Service)

Storage

Server HW

Networking

Servers

Databases

Virtualization

Runtimes

Applications

Security

Man

ag

ed

by v

en

do

rTipuri de servicii Cloud


Ch

oic

es

Ch

oic

es

Off PremisesOn Premises Location

Infrastructure

Business model

Ownership

Management

HomogeneousHeterogeneous

CapEx OpEx

Own Lease/Rent

Self Third Party

Fu

nd

am

en

tals

Fu

nd

am

en

tals

Application Programming

ElasticityHigh

AvailabilityMulti-

Tenancy

Automated Service

Management

Alegeri specifice Cloud-ului


Ce spune industria IT?

Compute Network Storage

Componentele unui Private Cloud

Virtualization

Management

Pooled Resources

Virtualization

Elasticity

Scalability

Continuous Availability

Predictability

Usage-Based

Multi-Tenancy

Security

Automation

Service management

Network StorageCompute

3rd party extensions


VIRTUAL? PRIVATE? CLOUD?

a. de ce vreau s fac asta?

b. pentru cine fac asta?

c. ce vreau s ofer?

SLA, compliance (PCI, ISO)

la ce ne uitm cnd construim un

virtual private cloud ?

1. buget

cost per kWh, pre per U, costuri legate de band/conectivitate, personalul tehnic, etc.

2. arhitectur

structur, scalabilitate, fiabilitate, redundan, securitate, flexibilitate

3. hardware

server (MIPS/MOPS), storage (I/O-OPS), network (1Gbps, 10Gbps, infiniband, fiber)

4. virtualization layer

5. management / monitorizare

6. procese interne

politici de securitate/incident-response, uurina de a detecta/repara problemele,

disaster recovery, high availability i timpul necesar aducerii unui nod online

7. oameni

echipa tehnic, mentenan post-implementare

Recapitulare Private Cloud

1. Buget

2. Arhitectur

3. Hardware

4. Virtualizare

5. Management i monitorizare

6. Procese interne

7. Oameni

ARHITECTURI DE VIRTUALIZARE

cnd lucrm cu virtualizarea, ajungem s auzim civa termeni

uzuali...

virtualizaremain virtual

hypervisorparavirtualizare

microkernelkernel monolitic

synthetic device driversparent partition

binary translation

un pic de istorie

virtualizarea e veche

primul val, IBM CP-40

CP-40 a intrat n producie nianuarie 1967

atunci, ca i acum, atracia o constituia reducerea costurilor

era bazat pe sistemul S/360

S/360 a introdus faciliti de memorie virtual i adresare pe 32-bit

CP-40 a extins S/360, oferind un mediu complet virtualizat

astfel, CP-40 avea suport pentru14 maini virtuale

a urmat CP-67, bazat pe S/360-67

iar n 1972, IBM a finalizatVM Facility 370, sau VM/370

cu ocazia asta vin i termenii...

Virtual Machine (VM)

Control Program (hypervisor)

a aprut i o nou main, S/370

iar VM/370 a reuit s virtualizeze eficient SO destinate S/360 i S/370

...i erau vreo cteva :)OS/360, DOS/360, OS/370, DOS/370,

MVS, CMS, CMS/370

aa c virtualizarea i-a atins scopul: reducerea costurilor

...n final s-a ajuns la z/VM care ruleaz acum pe sistemele mainframe IBM

z10 i IBM zEnterprise (z196/z114)

chiar i cu VM/370, costurile erau nc ridicate

al doilea val, microprocesoarele

1977, MacintoshApple II

1988, ConnectixVirtual PC (pentru Macintosh)

Virtual PC putea rula Windows, OS/2, Linux pe hardware Macintosh

n 2003, Microsoft cumpr Connectix

Virtual PC e modificat, i astfel userii Windows pot s ruleze i alte SO

MS-DOS 6.22, Windows 95, 98, NT 4.0, Me, OS/2, 2000, 2003, XP, Vista, 2008

al treilea val, VMware

1999, VMware produce VMWare Workstation

2001, VMware (GSX) Server (virtualizare server-level)

trecem i la partea tehnic

chiar dac la baz, conceptele VMware i Virtual PC erau similare cu

CP-40

totui, att din Virtual PC, ct i din VMware, lipsea hypervisor-ul

ambele se bazau pe existena unui SO gazd (host)

host-ul era astfel intermediar (ineficient) ntre VM i hardware

ulterior, au aprut mbuntiri

posibilitatea de a rula VM pe hardware nespecializat

migrare de la arhitecturi hosted la arhitecturi bazate pe hypervisor

VMware ESX, Hyper-V, Xenfolosesc o forma de hypervisor

reintroducerea suportului hardware:Intel VT, AMD-V

tendine

chiar dac micro-virtualizarea tinde s egaleze soluia IBM de acum 45 de ani

au aprut pe i elemente inovatoare, majoritatea din partea VMware

live server migration(VMotion)

dynamic load balancing(Distributed Resource Scheduling)

real-time failover(HA Clustering)

sau din partea Intel

Virtualization for Directed I/O (VT-d)pentru procesarea input-output

i n acelai timp, virtualizarea a adus cu ea probleme de securitate

la nceput, avantajele virtualizrii, gen izolarea aplicaiilor, au fost afectate

procesoarele cu virtual-assistsunt un bun exemplu

un guest putea s acceseze direct alt guest, ignornd politicile de

securitate

sau mai ru, exploit-ul Blue Pill

tipuri de atacuri

jailbreak attacks (escapes)

migration attacks

virtual / physical network service attacks

encryption attacks

exemple de atacuri raportate

feb 2007, apr 2009

VMware / ESX

VMware Workstation escape attack

oct 2007, Secunia

open-source Xen hypervisor

obinere de privilegii neautorizate

2007

Microsoft Virtual PC & Microsoft Virtual Server

vulnerabilitate care permitea unui guest sruleze cod pe host sau pe alt guest

cteva link-uri...

http://searchsecurity.bitpipe.com/detail/RES/1213273947_134.html

http://www.foolmoon.net/cgi-bin/blog/index.cgi?mode=viewone&blog=1185593255

http://www.securityfocus.com/bid/29183/info

http://secunia.com/advisories/29129/

http://seclists.org/fulldisclosure/2007/Sep/0355.html

http://lists.vmware.com/pipermail/security-announce/2009/000055.html

http://www.immunityinc.com/documentation/cloudburst-vista.html

http://taviso.decsystem.org/virtsec.pdf

http://www.eecs.umich.edu/techreports/cse/2007/CSE-TR-539-07.pdf

http://www.stanford.edu/~talg/papers/HOTOS05/virtual-harder-hotos05.pdf

soluia? faciliti de securitate adugate la noul hardware

chiar i aa, virtualizarea va rmne, att timp ct i ndeplinete scopul

ncepem cu cteva explicaii

de la soluiile de virtualizare, toat lumea ateapt automat la:

izolare eficientsecuritate

performanuurin n administrare

tehnic, virtualizarea se poate realiza n mai multe moduri

full virtualization (Type 1)

guest nemodificat, migrare uoar spre medii virtualizate

paravirtualizare

guest modificat pentru a elimina nevoia de binary translation

ofer avantaje de performan n anumite circumstane, ns e nevoie de o versiune modificat de kernel

instalat pe guest

virtualizare asistat hardware

AMD-V, Intel VT

prima generaie a inclus doar virtualizare CPU, generaiile urmtoare vin cu suport de

virtualizare pe memorie i I/O

hosted virtualization (Type 2)

Microsoft Virtual Server / Virtual PC VMWare Workstation

VirtualBoxLinux KVM

Tipuri de virtualizare

OS virtualization

Virtuozzo / OpenVZ

s discutm puin despre

Hyper-V / Xen / VMWareKVM / Virtuozzo / OpenVZ

Arhitectura Hyper-V

iar cerinele nu sunt exagerate...

x64DEP

Intel VT / AMD-VSLAT (W8 Client)

la VMWare, lucrurile stau puin diferit

ESX

ESXi

Hyper-V microkernelized kernel

VMWare monolithic kernel

Hyper-V hypervisor (Windows 8)hvax64.exe (AMD) 1.31MBhvix64.exe (Intel) 1.36KB

VMWare hypervisor (ESXi 5) 144MB

Hyper-V synthetic drivers

VMWare emulated drivers

KVM / Qemu

KVM no emulation, user-space program

VMM architecture: KVM Hypervisor integrat n Linux (code based)

QEMU QEMU QEMU

Hypervisor: Kernel module

Guest OS:User space process(QEMU for x86 emulation)

Are nevoie de HW virtualization extension

Virtuozzo / OpenVZ

fa de arhitectura bazat pe hypervisor...

VZ / OpenVZ ofer virtualizare asistat-OS

soluii bazate pe virtualizare

consolidare hardware

high availability

testing

disaster recovery

virtual private clouds

sandboxing

http://en.wikipedia.org/wiki/Sandbox_(computer_security)

forensic analysis

honeypots / honeynets

http://en.wikipedia.org/wiki/Honeypot_(computing)

HYPER-V 2008 R2

Nouti fa de Hyper-V 2008

Live Migration

Live Migration

Blue = StorageOrange = Networking

Quick Migration vs. Live Migration

Quick Migration(Windows Server 2008 Hyper-V)

1. Save state

a) Create VM on the target

b) Write VM memory to shared storage

2. Move virtual machine

a) Move storage connectivity from source host to target host via Ethernet

3. Restore state & Run

a) Take VM memory from shared storage and restore on Target

b) Run

Live Migration(Windows Server 2008 R2 Server

Hyper-V)

1. VM State/Memory Transfer

a) Create VM on the target

b) Move memory pages from the source to the target via Ethernet

2. Final state transfer and virtual machine restore

a) Pause virtual machine

b) Move storage connectivity from source host to target host via Ethernet

3. Un-pause & Run

Host 1 Host 2 Host 1 Host 2

Cluster Shared Volumes

Hot Add/Remove Storage

Processor Compatibility Mode

Second Level Address Translation

mbuntiri pe partea de networking

Suport pentru 64 procesoare logice (LPs)

Server Core Parking

Windows Server 2008 (fr core parking)

Windows Server 2008 (core parking)

HYPER-V 2008 R2 SP1

Dynamic Memory i Remote FX

Utilizatorii, memoria i virtualizarea Nimeni nu tie ct memorie s aloce pentru un VM

Cum va afecta RAM-ul alocat performana unui VM?

1GB, mai mult doar dac lumea se plnge de performane

4GB pe fiecare main, nimeni nu se plnge

Iau cerinele minime, la care adaug 50% / 100% / 150%

Folosesc cerinele productorului, nu stau s verific

Memoria e un bottleneck

Unul din factorii cheie din punct de vedere al costurilor

Propunerea Dynamic Memory

Densitate maxim, fr a sacrifica performana

Performan predictibil

Production-use ready

Adugare/eliminare memorie RAM

Adugare

Enlightened

Se folosete Synthetic Memory Driver (VSP/VSC Pair)

Fr emulare hardware

Lightweight, instant

Eliminare

Iniial s-a dorit eliminarea memoriei (-> probleme)

Testele au artat c memory ballooning e mai eficient

Afecteaz Task Manager n Guest OS

Memoria neutilizat se conecteaz la fiecare 5 minute

Memory demand / Memory buffer

Memory demand

Memoria necesar sistemului de operare Guest pentru a funciona n condiii rezonabile

Calculat automat pe baza utilizrii raportate de Guest

Memory buffer

Memoria alocat unui VM pentru necesiti imediate

Scopul principal e de a preveni utilizarea file cache

Memoria ideal pentru un VM

Memory demand + Memory Buffer

Dynamic Memory - UI

Memory balancing (1)

Dac e memorie suficient pe host, se aloc valoarea ideal de RAM pentru fiecare VM

AvailableMemory

RootReserve

Hyper-V Host

AvailableMemory

Host Memory Availability = 100%



RootReserve

Hyper-V Host

Memory Demand

VM1

BufferAvailableMemory


Ideal Memory



RootReserve

Hyper-V Host

Memory Demand

VM1

Buffer

Memory Demand

VM2

Buffer


Ideal Memory

Ideal Memory


Dac nu e memorie suficient, se folosete Priority pentru a determina distribuia memoriei

RootReserve

Hyper-V Host VM1Low Priority

VM2Medium Priority

Memory Demand

Buffer

Memory Demand

BufferIdeal Memory

Ideal Memory



RootReserve


VM2Medium Priority

VM3High Priority

Memory Demand

Buffer

Memory Demand

Buffer

Memory Demand

Buffer

Ideal Memory

Ideal Memory

Ideal Memory



RootReserve


VM2Medium Priority

VM3High Priority

Memory Demand

Buffer

Memory Demand

Buffer

Memory Demand

BufferPriority Penalty

Priority Penalty

Priority Penalty

BufferBuffer

Ideal Memory

Ideal Memory

Ideal Memory



RootReserve


VM2Medium Priority

VM3High Priority

Memory Demand

Memory Demand Memory

Demand

BufferBuffer

Ideal Memory

Ideal Memory

Ideal Memory

DM introduce Root Reserve

Hyper-V a folosit dintotdeauna conceptul de memory reserve (memorie rezervat pentru parent partition)

DM permite VMs s nghesuie root reserve

Soluia: o cheie n regitri Permite rezervarea static de memorie pentru Parent Partition HKLM:\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\Virtualization\MemoryReserve

Mai puin memorie pentru VMs

Sistemul gazd rmne stabil

Dynamic Memory, nu Overcommit!

Memory Overcommit e un termen suprancrcat

Page Sharing

Second Level Paging

Mecanisme de memory balooning

Nimeni nu vrea s supraaloce resursele

Nu supraalocm celelalte resurse

Nici VMWare nu vrea/recomand overcommit

DM trateaz memoria aa cum tratm CPU:

Resurs scalabil dinamic

Cerine pentru Dynamic Memory

Sistemul gazd:

Windows Server 2008 R2 SP1

Microsoft Hyper-V Server 2008 R2 SP1

Windows Server 2003, 2008 & 2008 R2 guest 32-bit & 64-bit versions

Web, Standard, Enterprise, Datacenter

Windows Vista and Windows 7 guest Doar Enterprise i Ultimate

32-bit & 64-bit versions

Compatibilitatea aplicaiilor

Probleme

Aplicaii cu static memory allocation (Exchange)

Setri suplimentare

Aplicaii cu cache / memory management intern (SQL, Apache, Java, Oracle, ...)

Aplicaii care pornesc cu mult memorie prealocat (?)

RemoteFX infrastructur / grafic

Infrastructur

Izolarea VM = centralizarea desktop-urilor

Evoluia procesoarelor de la vitez la paralelism

Reele mai rapide

Diversitate crescut pe partea de client devices

Grafic

Crete complexitatea graficii: Media, 3D UI, Video, Animations, Flash, Silverlight

Crete fragmentarea stack-urilor n procesarea grafic

Silverlight i Flash portabil emit flat bitmaps

RemoteFX soluie VDI

vGPU expus n Hyper-V Guest

Rendering pe host, nu pe guest

Codec nou inclus n RDP 7.1 pentru RemoteFX

Utilizarea unui singur GPU pentru mai multe VMs

Dispozitive hardware de decoding pentru thin clients

Iniial doar pentru scenarii de tip office worker

Cerine:

SLAT

GPU din generaie nou

Ultra Lightweight Thin Clients

O nou clas de thin clients

ARM, MIPS, sau PPC-based designs

Windows CE, Linux, sau alt embedded OS

Suport pentru USB Redirection

Resurse client necesare foarte putine

CPU: 200 400 MHz

Memory: < 256MB RAM, < 128MB Flash

Consum curent:

ThinLinX Hot-e TLX-400 M

Arm Processor

RemoteFX HDMI Display

Audio Wolfson WM8731l 16bit, 48KHz Stereo Headphone Out, Line out, Biased Microphone In

Ethernet 10/100 Mbs

2 x USB 2.0 Full Speed Host Ports

5V DC Power

Linux Embedded OS

HYPER-V 2012

Performance improvements

Catching up with VMWare

Hyper-V 3.0 vSphere 5.0

Max Logical Cores Per Host 160 160

Max RAM Per Host 2TB 2TB

Max VMs Per Cluster 8000 3000

Max Nodes Per Cluster 64 32

Max CPUs Per VM 32 32

Max RAM Per VM 1TB 1TB

Max VM Disk Size 64TB (VHDX) 2TB

Max Concurrent VM Migrations Unlimited 128/datastore

Max Concurrent Storage Migrations Unlimited 8/datastore, 2/host

Disaster recovery

Hyper-V Replica

Disaster Recovery Scenarios:

Planned, Unplanned and Test Failover

Pre-configuration for IP settings for primary/remote location

Key Features:

RPO/RTO in minutes

Seamless integration with Hyper-V and Clustering

Automatically handles all VM mobility scenarios (e.g. Live Migration)

Supports heterogonous storage between primary and recovery

Storage improvements

VHDX

Virtual Fiber Channel in the Guest (MPIO)

NFS Storage (SMB 2.2) with SMB2 direct (RDMA) support

Offloaded Date Transfer (ODX)

Native data deduplication

4k Native Disk Support

iSCSI Target

NTFS online scan/repair

VHDX

Supports up to 64TB size (VHDs had a 2TB limit)

Supports larger block file size

Improved performance and corruption resistance

Windows 8 only

Easy conversion

Data Deduplication High optimization savings

State of the art chunking and compression

Transparent to primary server workload

Minimal IO impact through scheduled and selective optimization

Minimal server impact through low resource use

Reliability and data integrity

Built-in insurance against natural risk of data reduction

Data integrity validation on all data and metadata

Redundancy for metadata and popular chunks

Storage & network optimization

Integration with BranchCache for faster file download times and reduced bandwidth consumption over WAN

0% 20% 40% 60% 80% 100%

User Home Folder (MyDocs)

General File Share

Software Deployment Share

VHD Library

Typical savings by workload

New migration scenarios

Increased VM Mobility

Live Migration with High Availability (already available now)

Live Migration with no clustering (using an SMB share)

Live Migration with no shared storage

Live Storage Migration (SMB 2.2)

Live Storage Migration Enables Storage

Load Balancing

No downtime servicing

Leverages Hyper-V Offloaded Data Transfer (ODX)

Hyper-V

Virtual Machine

Source Device Destination Device

VHD VHD

VHD Stack

1

2

3

45

Snapshots, backup & control

Online snapshot merge

Windows Server Backup support

Dynamic Memory improvements

VM Priority

Network improvements

NIC Teaming

Extensible Virtual Switch

Multi-tenant deployments

Bandwidth QoS

Dynamic Virtual Machine Queue (DVMQ)

Single Root I/O Virtualization (SR-IOV)

Receive Side Scaling (RSS)

Receive Side Coalescing (RSC)

IPSec Task Offload

Address Virtualization Generic Routed Encapsulation (GRE)

Address Rewrite

Bandwidth QoS

Root Partition

Hyper-V Switch

Physical NIC

Virtual Machine

Host NICVM NIC

Virtual Machine

VM NIC

Filtering Extensions

Forwarding Extension

WFP Extensions

Capture Extensions

Hyper-V Extensible Switch

Augment Hyper-V Virtual Switch capabilities

Monitoring

Traffic filtering / shaping

Forwarding algorithms

The Multi-Tenant Cloud

Secure Isolation Between Tenants

Dynamic Placement of Services

QoS and Resource Metering

Contoso Bank Woodgrove Bank

Multiple Customers on Shared Infrastructure

Hoster

Multi-Tenant Network Reqs

Tenant wants to easily move VMs to/from the cloud

Hoster wants to place VMs anywhere in the data center

Both want: Easy Onboarding, Flexibility & Isolation

Cloud Data CenterWoodgrove BankBlue 10.1.0.0/16

Contoso BankRed 10.1.0.0/16

One Solution: PVLAN

Isolation Scenario

Hoster wants to isolate all VMs from each other and allow internet connectivity

#1 Customer Ask from hosters

Community Scenario

Hoster wants tenant VMs to interact with each other but not with other tenant VMs

Requires a VLAN id for each community (limited scalability, only 4095 VLAN IDs)

u

Win 8 Host

Blue10.1.1.21

Red110.1.1.11

To Internet (10.1.1.1)

Hyper-V Switch

Red210.1.1.12

Green10.1.1.31

Isolated Isolated CommunityCommunity

Hyper-V Network Virtualization

Physical network

Physicalserver

Woodgrove VM Contoso VM Woodgrove network Contoso network

Hyper-V Machine Virtualization Run multiple virtual servers

on a physical server Each VM has illusion it is

running as a physical server

Hyper-V Network Virtualization Run multiple virtual networks on a physical network Each virtual network has illusion it is running as a

physical fabric

Generic Routing Encapsulation 1 Provider Address per HOST (shared by all VMs on the host)

Embed Tenant Network ID in the GRE header Key field

10.1.1.11 10.1.1.11 10.1.1.12 10.1.1.12

192.168.2.22 192.168.5.55

192.168.2.22192.168.5.55

10.1.1.1110.1.1.12 10.1.1.1110.1.1.1210.1.1.1110.1.1.12 10.1.1.1110.1.1.12

1:N

10.1.1.1110.1.1.12

10.1.1.1110.1.1.12

GRE Key=20

GRE Key=30

MAC

MAC192.168.2.22192.168.5.55

Address Rewrite Each VM IP (CA) is mapped to a unique Provider Address (PA)

Regular TCP/IP packets on the wire

10.1.1.11 10.1.1.11

10.1.1.12 10.1.1.12

192.168.2.22 192.168.2.23

192.168.5.55 192.168.5.56

10.1.1.1110.1.1.12

192.168.2.22192.168.5.55

10.1.1.1110.1.1.12

10.1.1.1110.1.1.12

10.1.1.1110.1.1.12

192.168.2.23192.168.5.56

Address Virtualization Summary

IP RewritePerformance and

Compatibility

No need to upgrade existing NICs, existing switches, and existing network appliances

Immediately and incrementally deployable today without sacrificing performance

GRE EncapsulationDeeper Multi-Tenancy

Integration

Standards based RFCs 2784 & 2890

As few as one IP address per host lowering burden on the switches

Full MAC headers and explicit Tenant Network ID marking supports for traffic analysis, metering and control

Any encapsulation will break stateless offloads in the host server (LSO, Checksum, RSC, RSS, VMQ)

VDI improvements

RemoteFX for WAN (rich desktop over various networks)

RemoteFX adaptive graphics (remoting of experiences adapting to network types)

RemoteFX media remoting (high performance media remoting)

RemoteFX multi-touch (consistent touch interface, even when remoting to RDS)

RemoteFX USB redirection

Metro-style Remote Desktop App

Choice of software or physical GPU

No requirement for hardware GPU

Available for sessions, VMs, and physical machines

Broad range of clients (ubiquitous access)

DX11 video support

The power of PowerShell

PowerShell support

Fast & Intuitive

~150 new Hyper-V cmdlets

All Hyper-V Manager UI capability can be scripted

Perfect for automation

In-box metering

Hyper-V Resource Meters

Network Incoming & Outgoing

Traffic per IP Address Range

Storage High Water-Mark Disk

AllocationMemory Low & High Water-Mark

Memory Utilization Average Memory

UtilizationCPU Average CPU Utilization

Historic Resource utilization information, persistent through live migrations

SUITA SYSTEM CENTER

Instrumente de management

System Center

Surs: TechEd Europe MGT206

SCVMM 2012

SCVMM 2012 - Fabric ManagementPhysical Server

Manage multiple hypervisors Hyper-V, VMware, Xen

Server hardware management IPMI, DCMI, SMASH, Custom via Provider

Host provisioning from baremetal to Hyper-V to Cluster provisioning

Network

Define Logical Networks using VLANs and Subnets per datacenter location

Address management for Static IPs, Load Balancer VIPs and MAC addresses

Automated provisioning of Load Balancers via Provider

Storage

Storage Management using SMI-S

Discover storage arrays and pools

Classify storage based on throughput and capabilities

Discover or configure LUNs and assign to hosts and clusters

Rapid provisioning of VMs using snap cloning of LUNs

SCVMM 2012 - Fabric ManagementUpdate Management of Fabric Servers

Update operation control (On-demand scan and on-demand remediation)

Updating a Hyper-V cluster is fully automated

Integrated with Windows Server Update Server

Dynamic Optimization (DO)

Cluster level workload balancing scheme to optimize for VM performance

Leverages live migration to move workloads

Power Optimization (PO)

Leverages live migration to pack more VMs per host

Powers down servers to optimize for power utilization

Enhanced Placement

Over 100 placement checks/validation

Support for custom placement rules

Multi-VM deployment for Services

SCVMM 2012 - Service Lifecycle

Service Templates

Used to model a multi-tier application

Source of truth for deployed service configuration

Applications

Built-in support for Web deploy, Server App-V, SQL DAC

Custom command execution for other application packages

Image-based

OS separated from apps

Composed during deployment

Servicing

Change the template and then apply that change to deployed instances

Upgrade domains ensures application availability during servicing

INTEROPERABILITATE

Suport pentru medii eterogene

How does it work?

VSP (virtualization service provider)

Hyper-V component in theparent partition

Communicates with the hardware drivers

Gives access to the host resources

VSC (virtualization service client)

Drivers forsynthetic devices installed in the enlightened guest OS

Exposes every virtual device and translates I/O requests

Theres always a VSP/VSC pair

VMBus (virtual machine bus)

A high-speed point-to-point in-memory bus

Allows the communication between VSPs and VSCs through Hyper-V

For Linux, every VSC has a DIM (Driver Interface Mapper)

DIMs interact with the Linux Kernel like any other driver

Theres also a VSC core based on each existing VSP

Emulated vs. enlightened Emulated drivers

Drivers are emulated

All requests targeting the hardware (HDD, network, etc) are not direct

Translated in both directions (VM-hw, hw-VM) by the hypervisor

They bring in a performance overhead

The emulated drivers are pretty similar to what we had in Virtual Server:

Video = S3 Trio64+ SVGA (VESA)

Network = Intel/DEC Tulip 21x4x

IDE = Intel 440BX chipset MB

Enlightened drivers

Also known as synthetic drivers

These make the VM hypervisor aware

Written especially for virtualized environments => paravirtualization

Theyre basically just pointers to the drivers in the parent partition

Huge performance boost!

Whats been done so far?

July 2009 Microsoft contributes with over 20.000 lines of code in the Linux kernel

December 2009 The drivers (in staging) are included in the 2.6.32 Kernel

July 1st 2010 Microsoft presents at the Red Hat Summit

Official support list:

http://technet.microsoft.com/en-us/library/cc794868(WS.10).aspx

Linux Integration Services 2.1 RTM (July 2010)

SUSE Linux Enterprise Server (10 SP1/SP2/SP3, 11)

Red Hat Enterprise Linux (5.2, 5.3, 5.4, 5.5)

Linux Integration Services 3.4 RTM (September 2012)

Red Hat Enterprise Linux 5.5-5.9 & 6.0-6.3 x86 and x64 (Up to 4 vCPU)

CentOS 5.5-5.8 & 6.0-6.3 x86 and x64 (Up to 4 vCPU)

SUSE Linux Enterprise Server 10 SP4 & 11 SP1/SP2

The story so far

Driver support for synthetic devices (v1 original distro code, created by Citrix) Synthetic network controller & Synthetic storage controller (IDE/SCSI)

Fastpath Boot Support for Hyper-V (v2.0 December 2009) Block VSC increased boot performance

Timesync (v2.1 July 2010) The clock inside the virtual machine will remain synchronized with the clock on the host

Integrated Shutdown (v2.1 July 2010) VMs can be cleanly shut down from Hyper-V

Symmetric Multi-Processing (SMP) Support (v2.1 July 2010) Supported Linux distributions can use up to 4 virtual processors (VP) per virtual machine

Heartbeat (v2.1 July 2010) Allows the host to detect whether the guest is running and responsive

Pluggable Time Source (v2.1 July 2010) A pluggable clock source module is included to provide a more accurate time source to the guest.

KVP (Key Value Pair) Exchange (v3.1 July 2011) Information about the running Linux VM can be obtained by using the Key Value Pair exchange functionality on the host (FQDN,

Linux IS version, IP addresses, OS version/distro/kernel, CPU architecture x86/x64)

Integrated Mouse Support (v3.2 January 2012) The cursor is no longer bound to the VMConnect window when used with the Linux Graphical User Interface

SMP 32 vCPU support (v3.3 June 2012) Support for up to 32 vCPUs on certain distros

Live Migration (v3.4 September 2012) Linux virtual machines can undergo live migration for load balancing purposes

Jumbo Frames (v3.4 September 2012) Linux virtual machines can be configured to use Ethernet frames with more than 1500 bytes of payload

The road to enlightment

Comparing to IS on Windows Synthetic Drivers

IDE driver

SCSI driver

Network Drive

Mouse Integration

Video

Integration Services

Operating System Shutdown

Time Synchronization

Heartbeat

Data Exchange

Backup (VSS)

TechEd 2010 - WSV305

IS on Windows


Wrap-up: Linux IS components

hv_vmbus communication with the host

hv_storvsc storage VSC

hv_netvsc network VSC

hv_timesource pluggable time source

hv_mouse enlightened mouse

hv_utils graceful shutdown, timesync, heartbeat

LINUX IN AZURE

VM Depothttp://msopentech.com/blog/project-categories/virtual-machine-depot/

CONVERSII P2V PENTRU LINUX

Se folosesc DD i VHD tool

DD funcioneaz att sub Windows ct i sub Linux

Ex. se ia HDD-ul cu Linux, se ataeaz unui sistem Windows

Conversii P2V Linuxhttp://blogs.technet.com/b/enterprise_admin/archive/2010/05/13/linux-p2v-with-dd-and-vhdtool-easy-and-cheap.aspx


Din linie de comand, se realizeaz conversia HDD-ului n format RAW (.img) dd if=\\?\Device\Harddisk1\DR2 of=D:\rhel54.img bs=1M --progress

Conversii P2V Linux (continuare)


Instrument command line, open source

Include funcii de manipulare a fiierelor VHD (create, convert, extend, repair)

E un tool excelent de conversie P2V pentru maini Linux

Conversia se face din format RAW n VHD

VHD toolhttp://code.msdn.microsoft.com/vhdtool


POWERSHELL

Soluii de scripting

Powershell v1.0 Command Line Interpreter CLI

Script Execution Engine

Help online vast

Comenzi build-in (cmdlets), extensibile

Suport WMI, COM, CMD, etc.

Construit peste .NET Framework 2.0

Suport pentru: Windows Server, Exchange, SQL, SCOM, SCVMM, SCDPM,

Compute Cluster, OpenXML, IBM WebSphere MQ, Active Directory, Lotus Domino, VMWare Infrastructure, Windows 7, WDK, NetApp Data ONTAP

PowerShell before & after

INAINTE ACUM

GUI MMCGUI-uri bazatepe PowerShell

Shell interactiv CMD PowerShell

Scripting BAT n CMD PowerShell

COM WMI (VBScript) PowerShell

Securitate n PowerShell

Secure by design & by default

Fisierele script sunt asociate cu Notepad Scripturile nu vor rula

CLI cere permisiunea de executare pentruscripturi neverificate

Execuia PS se face: Prin 'cmdlets', (programe .NET, scrise de un developer, compilate ntr-un

DLL i ncrcate de un script PowerShell)

Script-uri PowerShell ('.ps1')

Funcii PowerShell

Programe executabile

PowerShell v2.0 Control Remote (PowerShell Remoting)

mbuntiri ale engine-ului (cmdlets, operators, debugging)

Try-Catch-Finally

GUI pentru PowerShell (PowerShell ISE)

Hosting- Run-space restricionat

- Delegare drepturi

Background Jobs

Operaii tranzacionale

Eventing

Network File Transfer

API-uri noi

PowerShell v3.0 New commandlets

$Pv3 = Get-Command *

$Pv3.count

PowerShell ISE Single Command Pane

IntelliSense

Snippets

Collapsible regions

Updatable Help Update-Help

Windows PowerShell Workflows

Parallel, Sequence & InlineScript keywords

Remote Get-Module Get-Module implicit remoting

Windows PowerShell resurse/comuniti Team blog: http://blogs.msdn.com/PowerShell

PowerShell Community: http://www.powershellcommunity.org

PowerShell Forum: http://social.technet.microsoft.com/Forums/en-US/winserverpowershell/threads

Channel 9: http://channel9.msdn.com/tags/PowerShell

Wiki: http://channel9.msdn.com/wiki/default.aspx/Channel9.WindowsPowerShellWiki

Script Center: http://www.microsoft.com/technet/scriptcenter/hubs/msh.mspx

CodePlex: http://codeplex.com/Project/ProjectDirectory.aspx?TagName=powershell

Cri

PowerShell in Action by Bruce Payettehttp://manning.com/powershell

Windows PowerShell Cookbook by Lee Holmes http://www.oreilly.com/catalog/9780596528492/index.html

Professional Windows PowerShell Programming http://www.wrox.com/WileyCDA/WroxTitle/productCd-0470173939.html

www.itspark.ro

www.codecamp.ro

www.itcamp.ro

www.vimeo.com/channels/itcamp

Thanks!

Documents

Tudy Virtualizare Si Private Cloud 2014