Choosing tools for effective virtualization
Good tools are half the battle – even if you are just managing virtual machines. This month we take a practical look at virtualization, and we show you a new threat to watch for in the virtual future.
Servers are not human. They don't live and breathe. They just consume power and take up space. Do we really need so many? The virtualization revolution is about saving money, time, and floor space. Today's virtualization tools provide an efficient environment for testing, running, and managing applications – with lower electric bills and fewer hardware headaches. But is virtualization all good, or does it also open the door to new kinds of threats?
In this month's cover story, we examine the practical side of virtualization. We start with an introduction to some of the virtualization tools available for Linux. Then we take a closer look at a pair of popular open source virtualization alternatives: Xen and VirtualBox. Finally, we settle in for a look at the dark side of virtualization: the mysterious world of virtualizing rootkits.
Virtualization in Action
Amazon's S3 storage system lets customers store volatile data. Although this offering is still officially in the "Unlimited Beta" phase, some companies are already considering it for production use.
In November 2007, IBM announced that it would offer a similar service, Blue Cloud, based on Xen and IBM's own Power VM. Google also uses Xen: In a move that is atypical for the corporation, which tends not to reveal details of its IT systems, Google introduced the Ganeti management tool, which they have developed specially for this purpose.
Ganeti was released under the GPL in August 2007. The search giant uses the technology for its internal systems, but not for its search engine. Ganeti is best suited to systems with low resource requirements, said Google's Guido Trotter at the LISA 07 conference.
Lufthansa also uses Xen for test systems. Recently, both Oracle and Sun surprised the market with the Oracle VM and Sun xVM Xen variants.
The virtualization paradigm has come down to Earth, leaving the lofty heights of Mount Olympus for real-world concerns like stability, performance, and ease of management. A virtualization system that wants to fulfill all of these requirements must be ready for:
- Provisioning and deployment – creating the required number of virtual instances as quickly as possible and with minimal need for manual configuration.
- Migration – converting physical machines to virtual machines – and vice versa – if necessary. The ideal is online conversion across the network, requiring as little personal intervention as possible. Equally important is ensuring freedom of movement for virtual machines during operations. Live migration is the basis of load balancing solutions with virtual machines.
- Administration – one of the most important considerations for most networks. It starts with capacity planning for virtual instances, through staging of storage and network resources, to countless settings for virtual hardware, physical hardware, users, and privileges.
- Workload management – handling multiple virtual machines or physical hosts and replacing instances in case of failure.
- Monitoring – providing detailed, realtime information on the status and resource usage of individual virtual machines.
The best solution for your network depends on your needs and your budget. Table 1 introduces some of the more popular virtualization options for Linux environments.
Many distributors have gone to great lengths to facilitate virtualization for their customers. Both the Novell and Red Hat enterprise distributions integrate a tool known as Virtual Machine Manager (or Virt-Manager). On SUSE, the tool is integrated with YaST. Virt-Manager gives users the ability to set up a Xen instance in a couple of simple steps. Besides Linux (Novell, Red Hat), Solaris 8-10, and Netware 6, the tool also works with various Windows versions – provided the CPU has the required virtualization support.
Red Hat Enterprise Linux 5.1 also uses Virt-Manager for managing virtual machines. Red Hat also offers a tool on top of Enterprise Server, called Advanced Platform, which builds clusters of virtual machines and is capable of migrating guests across the borders of a physical host.
Fedora 8 gives a clue to where things are headed for Red Hat. The latest Fedora includes the new Xen 3.1, and the Virt-Manager version supports both Xen and QEMU. Additionally, Red Hat is looking to improve the security of the administration tool, something that has been a mere sideshow in the past.
Google also has a tool for virtual cluster management, Ganeti, which is released under the GPL. Installing Ganeti is complicated because the tool requires half a dozen Python modules, which Novell, for example, does not provide in a single package.
Ganeti does not offer the convenience of a GUI. This said, the text-based Ganeti commands lend themselves to scripting solutions, which provides a means for integrating the tool with other open source utilities.
Another tool for managing virtual machines is openQRM, a powerful utility that manages images for virtual and physical machines on the same interface. Another contender is Qumranet's Solid ICE, which focuses entirely on desktop virtualization using the KVM kernel hypervisor.
At the other end of the scale are various small command-line tools, such as xen-tools, a collection of scripts used on Debian for creating and configuring virtual instances.
What Runs Where?
A rule of thumb dictates that flexibility requires either more performance or special hardware. In hardware virtualization, the physical CPU handles most of the guest's instructions: The hypervisor only steps in to avoid conflict. If the hardware is unable to detect conflict directly, para-virtualization takes the role of manager. This technology is fairly advanced with respect to the main processor, whereas virtualization of I/O components is still at an early stage of development. Emulators simulate almost any scenario and architecture, but their performance is comparatively slow because everything is handled by the software.
All of the virtualization solutions we discuss in this issue support Linux as a guest system, although some require changes to the guest kernel. These changes can cause a problem with support for some applications, especially if the service provider requires a special kernel version. VMware and VirtualBox will basically run on any recent, unpatched kernel, as will the emulators.
Guest support for different versions may be limited. The current Windows versions, XP and Vista, are supported by all server virtualizations; operating system virtualization tools, such as OpenVZ or VServer, work on a different principle and cannot offer this feature.
In many cases, users do not need to simulate a full-fledged computer with a custom kernel for every one of the virtual guests. Professional hosters, who are simply concerned with keeping their customers' web offerings apart, are quite happy with a single kernel that the guests can share.
Virtualization solutions such as OpenVZ, Virtuozzo, and VServer use this approach to the virtualization problem, giving users an amazing application density on normal hardware, with low overhead.
Many professional hosters use the commercial Virtuozzo product to give customers who want to manage their own systems access to virtual consoles. SWsoft, the company behind OpenVZ and Virtuozzo, first acquired a majority shareholding in Parallels, the desktop virtualization company, early in 2007 and is now using the Parallels brand name. The OpenVZ virtualization tools are available with any major distribution.
Buy this article as PDF
VMware bids for a stake in the container industry with a bold effort to integrate containers with its classic virtualization system.
3ROS attack tool lowers the technical bar so anyone can be an intruder.
Mozilla's latest browser offers powerful new privacy feature
If attackers are on your system, saving your passwords in a password vault is no protection.
Faulty hash algorithm persists, despite efforts by experts to raise awareness.
Powerful man-in-the-middle attack is now targeting online shopping.
Another high-profile coder says the kernel team needs a kinder, gentler culture.
Bug database has a bug of its own that could allow an intruder to create an unauthorized account.
Report focuses federal resources on achieving universal Internet access.
Leading browser makers say “no” to porous encryption algorithm