 |
» |
|
|
|
HP TechBriefs |
|
|
| |
  |
Introduction to Linux Virtualization Solutions
by Risto Haukioja and Neil Dunbar |
|
|
This TechBrief by Risto Haukioja and Neil Dunbar provides a high level overview of three different methods of virtualization - Full Virtualization, Paravirtualization, and Soft Partitioning.
Introduction
Virtualization is a hot topic that enables new ways of using both servers and desktops. Linux and server virtualization in the data center has already been covered in many articles. However, desktop virtualization has not been as widely described, even though virtualization on the desktop can be a very effective and useful tool.
This TechBrief provides a high level overview of three different methods of virtualization. We will introduce the basics of the following virtualization technologies:
- Full Virtualization
- Paravirtualization
- Soft Partitioning
We compare the main differences between these virtualization techniques and provide suggestions on how solutions from each of the categories could be used.
The solutions introduced briefly in this TechBrief include VMware Player Beta 2, VMware Workstation 5.5, Xen Virtual Machine Monitor and Linux VServers.
General Introduction to Virtualization Tools
In this section we provide a short introduction to Full Virtualization, Paravirtualization and Soft Partitioning. The technologies are then summarized in Table 1.
Method 1: Full Virtualization
Full virtualization is the most popular virtualization method, and is commercially supported by VMware and Microsoft (Virtual PC). For desktops, this means running a regular operating system, such as Linux or Microsoft, and running the virtual machine application on top of this full operating system. Inside the virtual machine application (such as VMware Workstation) a user can create different virtual machine configurations (guests). Each of the guests can have their own virtual devices, including drives, hardware and peripherals - such as connections to USB devices.
Users can install an operating system and applications onto each of the virtual machines created inside the full virtualization solution. Each of the virtual machine guests operates in isolation from other guests. Thus, each guest can only see the devices allocated to them and interact with the outside world through those devices. The VMware workstation product provides virtual device interfaces to the guest operating system, which means that all the I/O between the guest operating system and even the physical devices goes through the VMware provided hardware virtualization layer and the host operating system. The size of these virtualized operating systems can easily reach hundreds of megabytes.
Administering one of the guests is just like administering a single operating system. See Table 1 for a comparison of the different virtualization methods.
Method 2: Paravirtualization
Unlike full virtualization products like VMware Workstation, paravirtualization solutions, such as the Xen Virtual Machine Monitor, require a special operating system installation. For Linux this is simply a customized kernel and management software piece. This method, like full virtualization, provides secure isolation between the virtual machines. Paravirtualization solutions, like Xen, require the installation of a Xen-capable Linux kernel that can act as the control operating system, controlling the paravirtualization layer that resides between physical devices and guest operating systems. The main technical difference between this method and full virtualization comes in the paravirtualization layer, which brokers the device I/O between different guests and provides direct driver access to the guests.
Paravirtualization layers can provide access to direct hardware resources, such as USB2, while full virtualization solutions provide access to virtualized device drivers, thus lacking the support to some of the latest hardware features. Paravirtualization can also be used to provide device access to operating systems that might not have the native drivers for these devices available. See Table 1 for a comparison between the different virtualization methods. Each of the guest operating system installations are full Linux installations with their own devices, file and storage requirements etc. Administering one of the guests is just like administering a single operating system. The size of these virtualized operating systems can easily reach hundreds of megabytes.
Method 3: Soft Partitioning
Soft partitioning solutions, such as Linux VServer, include running several operating system environments within the same hardware resources. In a simplistic view, one of the guest virtual machines is just a directory with its own file system structure, user accounts and internal process table. These virtual machines are often referred to as contexts. The user space is divided into a distinct unit and within soft partitions processes look like they only belong to one single system.
The most common Linux version of soft partitioning runs a main kernel patched with the VServer patch. VServers running under the patched kernel have their own process space that they control. The VServer patch is easily available on most Enterprise Linux distributions.
In a soft partitioning setup, several Linux distributions can be installed and run efficiently under a single physical machine. This avoids the overhead of running several kernels in parallel. Also, because the contexts live and breathe under a single master system, the soft partitioning technology allows tighter automation and sharing of files (such as software binaries) between the installed distributions, thus helping to minimize the need for disk space for each of the contexts. Typically, installing a new system instance takes only between 40-100 MB of storage space under this model, assuming that file system links between the root and sub-root contexts are allowed.
 |
 |
 |
| Method 1: Full Virtualization |
Method 2: Paravirtualization |
Method 3: Soft Partitioning |
| |
| Figure 1: Virtualization Technologies |
| |
Table 1: Virtualization Technology Comparison Summary |
Introduction to Virtualization Solutions
- VMware Player
VMware came out with the free VMware Player product in fall 2005. This solution offers the easiest way to get started with virtualization, whether the user is starting from a Microsoft Windows host or a Linux host. VMware Player is a full virtualization solution that enables users to run one virtual operating system at a time on top of their regular operating systems. You run VMware Player as an application on top of your existing Linux or Windows operating system. You can open up a virtual machine using the player as an independent operating system running on top of your own environment. VMware Player can be downloaded freely from VMware.com. VMware also offers a test virtual machine that can be downloaded and tested on the VMware player solution free of charge. You can install the VMware Player, and test out your first virtualization environment in a matter of minutes after downloading the VMware Player and the sample Virtual Machine configuration. VMware Player will probably take market share from VMware Workstation and will best fit the needs of the majority of the users who only want to occasionally test and run virtualized environments.
Main Limitations
• Can only run one virtual operating system at a time
• Unable to create new virtual machines or modify existing virtual machine parameters easily
Benefits
• Easy to install
• Free of charge
Usage Tips
• You can modify the .vmw files in a text editor to change the parameters of your virtual machine file
• You can mount a CDrom to a virtual machine that has been created earlier and do a fresh install on top of an older virtual machine installation
Usage Case
Crash and burn software testing environments: when you want to easily test software configurations on different operating systems without destroying your native production environment. Effectively eliminates the need for additional desktop PC's that are often used for this kind of occasional software testing.
- VMware Workstation
VMware Workstation has been around for many years now and is the most popular virtualization solution today. VMware workstation has many enhanced features over the VMware Player product, but these come with at a cost. As of November 2005, VMware Workstation 5.5 has features that allow you to run several virtual machines in parallel, easily modify virtual machine configurations, and set up network rules between the different virtual machines.
Limitations
• Expensive to use compared to other virtualization solutions
• Limited Device support capability (e.g. no USB2 support)
• Performance limitations compared to paravirtualization and soft partitioning solutions
Benefits
• Easy to install
• Easy to use and change virtual system parameters
Usage Tips
You can take easily take snapshots from your virtual machine, apply modifications to the snapshot and fall back to the original if something went wrong with your changes.
Usage Case
Crash and burn environments: when you need more than one test environment running in parallel when trying out operating systems or software testing. The main benefit over the VMware player is for users that want to test several machines in parallel and test out configurations between these machines.
- Xen
The Xen Virtual Machine Monitor has been around for a couple of years. Xen VMM is an open source virtualization solution that's supported by XenSource. The two main Linux vendors, RedHat and Novell have both also announced support for Xen in future releases of their solutions. This will significantly add to the importance of Xen in the future. Today, users can download Xen for free via http://www.xensource.com/downloads/, install and use it.
However, if you want support for your virtualization solution you have to buy that from a provider, in this case from Xensource. Xen Virtualization solution is best suited for a server area today; however, it is also useful in a desktop environment. More significantly, Xen has made the virtualization market more competitive, preventing it from being dominated by VMware. Typically, if you're doing custom software development and you need access to different hardware resources, such as USB 2 from one device, Xen is a good choice. Also, if you want to test complete Linux installations you can take a copy of the full Linux or OpenBSD virtual machine and apply and test your changes without destroying your one and only test setup.
The easiest way to get started with Xen is to download a Xen Live CD, which is available from their website. This lets you boot up any machine from a Live CD with Xen and test starting and monitoring different operating systems running under Xen virtual machine.
Limitations
• Today, both host and guest operating systems have to have a modified kernel (this will change in future processor families)
• Installation is still a somewhat difficult process
Benefits
• Performance is better than full virtualization solutions. You can easily run a guest OS for a single purpose with 64MB of memory allocation for testing purposes.
• Free of charge
• Based on open source code
Usage Tips
We recommended running a Xen Installation on top of Logical Volume Manager (LVM), this will enable you to modify your virtual machine partition disk sizes if you run short later on.
Usage Case
Crash and burn or software development environments: when you need to run more than one test environment in parallel. Xen allows you to easily clone your base virtual system and apply further modifications to the new virtual machine guest.
- Linux VServer
Linux VServers should be considered when the need for speed is at its highest, and where access to the direct hardware of a host is required. If there is a requirement for very fast, easily segmented virtual contexts with controlled access between them, then VServers are a solid architectural choice.
A convenient metaphor for VServers would be "chroot() on steroids". Like BSD's jail capability, a VServer context is a complete environment from which no in-context process can escape. The root context, can dip in and out of sub-root contexts at will. Thus, it takes no great intelligence to see that only the minimum amount of work should be performed in a root context. Network setup, firewalling, system logging and so on are good candidates. The actual system work should be done in a sub-root context if possible for maximum containment.
Limitations
• All contexts run under a shared kernel, meaning that if a context requires a particular kernel feature that carries a greater security risk, then all contexts must share that risk, regardless of the context sensitivity.
• It's necessary to limit the capabilities of non-root contexts so that the shared files cannot damage other contexts. This means that the immutable flag should be used for system critical files, and CAP_SYS_IMMUTABLE is removed from the capability set.
• Can be tricky to configure per-context network configurations.
• Depending on the file system used and how modern the VServer version within the kernel, care must be taken in very large user environments to ensure proper operation. Typically, the UID namespace is split into an 8 bit context ID and a 24 bit user ID, rather than the flat 32-bit uid space which Linux normally uses.
Benefits
• Extremely low performance overhead
• Free of charge - and installed as standard in most Enterprise Linux distributions
• Potentially very low per-context file system overhead - for similar distributions, it can be as low as 700 kB with the appropriate hard links
• The root context can examine the operation of subcontexts easily - which can be trickier under full virtualization methods
Usage Tips
• Use the following scriptlet to create a hard linked copy of a directory (for use in another context):
find src -type d -exec mkdir -P dest/{} \;
find src -type l -exec ln -s {} dest/{} \;
|
• Force a file to be read-only (even for the root user in a subcontext) using the command
Usage Case
Where multiple services are to be run on a single system, VServer allows for very strong isolation between the services. Even services which depend on one another (for example, Cyrus or Postfix email services) can be isolated into separate contexts communicating via local TCP/IP connections, or Unix domain sockets within a shared file system. (Recommended distributions: Red Hat Enterprise Linux.)
Another usage case would be a building/testing environment for software which needs to operate across several Linux distributions. The util-vserver toolset allows for the installation of multiple distributions within VServer contexts. These can be run as if they were physically distinct computers. This allows for far cheaper software build and test environments. (Recommended distributions: Gentoo Linux for the skeleton root context, with the appropriate non-root contexts being filled with Red Hat, Novell, Debian, etc.)
Conclusion
Virtualization is a great tool for any technical person testing applications or developing on different operating systems on the desktop platform. Today, probably the easiest way for a user to get started is to install and test out the VMware Player solution or download a Live Linux CD with Xen preinstalled. This TechBrief covers the main virtualization methods and introduces technical solutions that are available on each of these areas.
While we covered the most popular desktop virtualization solutions in this TechBrief, there are a number of other solutions, including QEMU, Usermode Linux, Integrity Virtual Machine from HP and others. For those interested in these other virtualization solutions we recommend an article about Virtualization on Wikipedia.
Acknowledgement
We'd like to thank the members of HP's Open Source and Linux Profession who always introduce interesting technical solutions in the area of Linux and open source. Also we'd like to thank Wylie Swanson, Justin Chen and Harry Sutton for their review while preparing this TechBrief.
Risto Haukioja is an IT Architect in the HP Services Flexible Computing Services department. Risto enjoys working on different technologies across HP Services and he's part of the Open Source and Linux Profession leadership team which helps to build HP's technical expertise around Linux and open source technologies. Risto is based in Palo Alto, California.
Neil Dunbar is a master level technologist within the Trusted Systems lab of HP-Labs. He has worked on Linux technologies for about 10 years, with a focus on security technologies. Neil leads the HP Services Open Source and Linux Profession Security working group. Neil is based in Bristol, in the UK.
References
VMware Website: http://www.vmware.com
XenSource Website: http://www.xensource.com
Linux V-Server Website: http://linux-vserver.org
Usermode Linux http://usermodelinux.org
OpenVZ website: http://openvz.org
Wikipedia on virtualization: http://en.wikipedia.org/wiki/Comparison_of_virtual_machines
Was this article useful? Tell us what you think!
|
|
|
|
|
Printable version
