Presentation on theme: "Xen , Linux Vserver , Planet Lab"— Presentation transcript:
1 Xen , Linux Vserver , Planet Lab VirtualizationXen , Linux Vserver , Planet Lab
2 PaperContainer-based Operating System Virtualization: A Scalable, High-performance Alternative to Hyper visors Stephen Soltesz, Herbert P¨otzl, Marc E. Fiuczynski, Andy Bavier, and Larry PetersonPrinceton UniversityPlanetLab Architecture: An Overview Larry Peterson*, Steve Muir*, Timothy Roscoey, Aaron Klingaman** Princeton University , Intel Research – Berkeley
3 What is virtualization ? Virtualization is a broad term which refers to many different aspects of computing. In essence has to be some sort of abstraction of resources.These resources could be computing power or storage.
4 Why is virtualization important ? The one server one application idea can be avoided. Multiple servers can coexist on the same physical machine bringing IT costs down. Also makes administration easier.
6 Why is virtualization important ? Data RecoveryOther areas include research areas such as Planet Lab , High Performance Clustering etc.
7 Basic ConceptsHost – The physical computer on which the virtual machine is loaded.Virtual Machine – It’s a software environment which appears to a guest OS as hardware. It consists of some computing power (CPU), Memory, NIC, and hard drive.Virtualization Layer – This is what is available as resources to the virtual machines. Also know as virtual machine monitor.
8 Different Virtualization Models Vmware ModelXen ModelLinux Vserver Model
9 VMware modelReference: Virtualization with VMware ESX Server By Al Muller, Seburn WilsonPublisher: Syngress
10 Full VirtualizationIt provides total abstraction of the underlying physical system and creates a complete virtual system in which the guest operating system can execute.No modification is required in the guest OS or application.Example VMware ESX server
11 Drawbacks of Full Virtualization X86 architecture is not meant for virtualization. This reduces performance and increases complexity.
13 Para virtualizationThis provides each VM with an abstraction of the hardware that is similar but not identical to the hardware.It requires modification to the guest OS that are run on the VM.No changes to the ABI are to be made, so applications remain the same.
14 Issues in Virtualization Efficiency Vs IsolationThe paper argues that isolation is dependant on the usage scenario. It sacrifices isolation partially in favour of performance.
15 Motivation for Container based OS Organizations run many copies of the same server software, operating system distribution and kernels in their mix of VMs.If this is the case then the same shared virtualized OS image can be used for all virtual machines.
17 Container Based OS VMMHosting platform consists of the shared OS image and the privileged host (VMHost). VMHost – This is the VM that the system admin uses to manage other VMs.
18 How does this differ from Xen ? Fault Isolation : Container based VMM cant provide fault isolation as they use a single shared kernel. So if the kernel fails, all the VMs are affected.Resource Isolation : VMM should be able to isolate one VM from accessing resources of another VM.Security Isolation: VMM should isolate access to logical objects such as files, memory addresses, user id’s and so on.
19 How does this differ from Xen ? Key Difference : Hypervisors can run multiple kernels while container based OS VMM cant do that.On the other hypervisor based systems cant have live update.
20 Security Isolation in container based VMM Contexts : Separation of namespacesFilters : Access Control ListsHardware virtualization
21 Resource Isolation CPU Isolation Token bucket filter runs on top of O(1) scheduler.Each VM has a bucket where it collects tokens at a specified rate.Tokens are charged on the basis of running processes per VM.
22 Resource Isolation Network Isolation Hierarchical Token bucket is used to provide bandwidth reservations.Each VM has a specified reservation and a share.Each packet has a context id tagged to it to map it to the VM.
23 Security IsolationProcesses belonging to different VMs are not allowed to interact with each other.
25 Planet Lab OverviewPlanet Lab is a geographically distributed platform for deploying, evaluating, and accessing planetary-scale net-work services.The internet has been a success and as a result has become ossified – that is it is resistant to change. Its difficult to introduce new ideas without trying them out.Reference :Planet Lab is a sort of a test bed or deployment platform of 1000 servers spread across more than 35 countries.
26 Planet Lab FeaturesDistributed Virtualization : The need is for a global platform that supports broad coverage services at multiple points of presence.Each service runs as a slice of Planet Lab’s global resources.What is a slice ?A slice is a network of virtual machines.
27 Virtual Machine Monitor (VMM) Planet Lab FeaturesNode : A physical machine capable of one or more virtual machines. It must have at least one non-shared IP address. Each unique node has a unique node Id.NodeMgrLocalAdminVM1VM2VMn…Virtual Machine Monitor (VMM)
28 Planet lab FeaturesNode Manager : It is a program running on each node that creates VMs on that node and controls the allocation of resources to those VMs.
31 SlicesThe individual VM’s that make up a slice contain no information about the other VMs in the set.The slice state is maintained by the Slice Authority. This task is done by the PLC for system wide slices.Creating a slice is a multistage process involving the node owner, slice creation service and a slice authority.