Virtuosity

Many folks reading this will be familiar with Sun's Virtualbox desktop hypervisor. With an install base of over 16M and more than 1M new downloads each month, this free (for personal use) Open Source Type 2 hypervisor is quickly becoming an attractive alternative to more established closed source offerings. VirtualBox is fast, extremely lightweight, runs on virtually all host operating environments and supports over 30 different guest OSes. The latest 3.0.6 release download for my Intel equipped MacBook Pro was just under 63 MBytes in size, significantly smaller than either Parallels or VMware Fusion.

Perhaps less well known is how Sun has combined VirtualBox with our Virtual Desktop Infrastructure (VDI) and stateless Sun Ray thin-client technologies to offer a highly integrated, low-cost virtual desktop solution. Sun showcased this technology at this year's JavaOne conference in San Francisco by hosting 21,000 virtual machines with the choice of Windows 7, Ubuntu Linux, or OpenSolaris desktop environments. Even more impressive is that Sun managed to support this entire environment with only 2 system administrators.

As enterprises embrace desktop virtualization as a way to improve security, lower administrative costs, decrease hardware footprints and increase server utilization, VirtualBox combined with Sun's VDI and Sun Ray technologies should be on the short list of candidates for those on a limited budget and especially for those interested in creating a Windows Desktop as a Service offering with support for remote clients attaching over the public Internet. VirtualBox's built-in RDP support allows remote RDP clients full access all the way down to each guest Virtual Machine's console. Sun's VDI infrastructure communicates with the client using RDP but talks to the Sun Ray Thin-client using the highly efficient ALP Sun Ray display protocol which greatly improves display performance over WAN distances. Together, these features provide unique advantages both for enterprises and for this emerging desktop service business model.

I've written recently about the virtues of Solaris Containers and it's certainly true that from my perspective Containers are often times the best choice when the goals are to increase server utilization and reduce system footprint. The fact remains however that Containers represent only one of many consolidation technology options available to systems administrators. In this article, I'll identify four basic technology categories and touch on some considerations when selecting the best technology for your specific use-case.

Virtualization Taxonomy

When it comes to consolidating multiple users and workloads onto a single system there is a wide range of options available depending on the server hardware architecture and host operating system selected. That said, most of the available options fall into two general categories or four specific sub-categories. In this next section I'll briefly discuss the architecture and characteristics of:

• Multiple Operating System approaches: Physical Domains and Bare Metal Hypervisors
• Single Operating System approaches: OS Virtualization and Resource Management

Physical Domains

Physical Domains are the most mature, high performance and highly available of the consolidation options. They are also the most expensive and least flexible option and are usually only available on mid-range and large-scale enterprise class servers. Server architectures which support this capability allow a server to be physically and electrically partitioned into some small number of individual servers with each partition having its own dedicated CPU, Memory and IO buses. Examples include Sun's M-Series Servers. Granularity is usually limited to a single CPU/Memory board and usually to a physical IO assembly. As a result and given the memory density and CPU performance of modern systems, each domain or partition is typically very powerful and will minimally contain 2-4 CPU sockets, 16GB of RAM and multiple PCI buses. Each partition then runs its own completely independent copy of an operating system which has full and direct control over its associated hardware resources resulting in maximum performance. Availability is optimized as most individual hardware events will be isolated to one partition and so won't impact other physical partitions or their workloads.

Bare Metal Hypervisors

Bare Metal also known as type 1 hypervisors are a newer technology which allow the creation of Logical (vs. Physical) Domains. Examples of type 1 hypervisors are VMware's ESX Server, Sun's LDom technology built-in to all CMT based systems, and Microsoft's Hyper-V. Hypervisors consist of firmware or software (sometimes small, sometimes not) that abstracts the underlying physical server hardware from guest operating systems. As with Physical Domains, each domain runs a fully independent version of the OS with each OS supporting different kernel patch levels. This virtualization approach provides more flexibility than Physical Domains and can be implemented at lower price-points, although there may be an additional license and support costs for the hypervisor. Unlike Physical Domains where there is a tight coupling of CPU, Memory and IO to a given partition, hypervisor enabled logical domains can bring together arbitrary combinations of CPU cores/threads, physical memory as well as disk and network IO. The result is that even a relatively modest 1-4 socket commodity server can host dozens of individual domains of all shapes and sizes each with their own complete and independent operating system.

In exchange for this increased flexibility there is a trade-off in overall performance and efficiency when compared with physical domains. The degree of impact varies depending on the guest OS, hypervisor implementation and especially on the IO demands of the individual workloads. Service availability can also be impacted, depending on the resiliency of the application architecture. Lower cost systems often lack high levels of hardware redundancy and specific hardware failure events or bugs in the hypervisor code may impact multiple logical domains, their OS instances and hosted workloads.

OS Virtualization

The two previous technologies use different approaches to enable a single server to host multiple independent operating systems. Another approach available in some Operating Systems is OS Virtualization. With OS virtualization users and applications are still left with the impression that they have their own individual server and OS yet there is actually only one physical copy of the kernel running. Solaris Containers fall into this category. As discussed in previous posts, some advantages to Solaris containers are: they are lightweight (no-overhead); require no additional license fees; don't negatively impact performance; run on both SPARC and x86 hardware; and don't require hardware resources to be carved up and mapped to specific Containers in advance. That said, Solaris Containers do support physical mapping and several types of policy based Resource Management to increase overall control and predictability. Some drawbacks to Containers are: all Containers must be halted when the kernel (global zone) is patched; some applications which require direct hardware control aren't supported; downtime associated with upgrading a system (with Containers) to the latest Solaris Update can be prohibitive unless using an alternate boot environment with Live Upgrade.

Since OS Virtualization provides a level of abstraction above the OS layer this approach can be combined with either of the two previous multi-OS technologies without incurring additional overhead. For example, this hybrid approach can be useful for consolidating multiple related workloads onto powerful Physical Domains to provide additional granularity and flexibility.

Resource Management

Resource Management is a fourth consolidation technology that receives less attention but is still important to consider. Like OS Virtualization, this technology works within a given OS instance and is used to provide lighweight policy control over individual user processes. In most cases where a single OS instance is sufficient, OS virtualization will usually be best. However, when there are no security benefits from isolating workloads or when IP addresses are scarce, Resource Management technologies like the Project mechanism and Fair Share Scheduler (FSS) can ensure that competing users and processes stay within resources limits and don't unfairly or inappropriately consume shared resources.

A good example of where Resource Management was the appropriate technology is a recent customer scenario where hundreds of individual engineers shared a low-end utility server running Solaris. The server didn't feature physical domains and using a hypervisor approach would have required considerable overhead and administrative setup. It also didn't make sense to provision a separate Container for each user and allocate a unique IP address, file system, name space, etc. when all that was needed was to make sure no one user could monopolize the entire server unless he or she was the only one using it. Using the Solaris Project mechanism, each user was assigned an equal share value so that, upon login, their child processes could utilize no more than a percentage of the machine equal to 1 / (the total number of users on the system) when the system was loaded.

Summary

So, which technology approach is best for a given use case? The answer is "it depends". It's important to carefully consider your workloads technical and operational requirements as well as your organization's technical depth and operational maturity. Prior to wide scale deployment of these technologies make sure your support organizations understand which group is responsible for managing this new technology layer and have the necessary training and hands-on expertise. It's also important that the organization has already made progress in establishing and reducing the number of standard operational environments prior to large-scale deployment as virtualization can easily cause an explosion in the number of managed OS instances and create considerable scale problems with support.

Some application or service requirements to consider when selecting the right technology and implementation are: availability, security, performance, amount of IO, Service Level Objective (SLOs), maintenance windows. Likewise, individual technologies should be evaluated and compared based upon: performance, Total Cost of Ownership (TCO), maturity, complexity, availability of management tools, adherence to open standards, and barriers to exit.

In my last posting I wrote about the advantages of combining multiple applications onto a single server using lightweight Solaris Containers (aka Local or Non-Global Zones) versus the hypervisor approach. I really like that I can provision a new virtual OS environment in a few minutes with negligible overhead and have confidence my applications will perform well. I also like that I don't have to install, license and manage multiple complete OS stacks especially if I don't need to support different OS types on a given server. For a Solaris shop, using zones to deploy applications is an attractive option for safely increasing server utilization and also helps System Administrators become more aware of specific application requirements, both from a technical resource and an SLA perspective. A solid understanding of both are important in multi-tenant, virtualized environments.

Although zones provide all standard Solaris interfaces and don't impose any new ABIs or APIs, there are instances where some applications wont run in a non-global zone. Examples include applications which: depend on being an NFS server; use any network interfaces below TCP/IP; configure network interfaces; access /dev/kmem, create or manipulate /dev entries, etc. These situations are rare but to be safe I recommend candidate applications go through a qualification process to identify potential installation or runtime issues, especially if root permission is needed to install or run the application.

The Solaris 10 OS introduced Process Rights Management. Process Rights Management extends the Solaris process model through the use of Privilege Sets which control process access to system resources and kernel services. Local zones operate with a reduced set of process privileges relative to the global zone. As a result, all processes running in a non-global zone also have reduced privilege and certain system calls may return errors. Again, for the vast majority of data center users, developers and applications this reduced privileged environment is not a problem. On the contrary, because non-global zones are somewhat less capable than the global zone they provide an extra measure of protection. A malicious individual or virus that exploits an application vulnerability or otherwise gains "root" access to the local zone will find they can do much less damage than they could with similar access to a non-restricted host environment.

Again, 99% of Solaris applications, even older binaries built on previous Solaris releases, will run just fine in non-global zones but it pays to take the time to fully qualify new or migrating services before attempting a production deployment. Rather than replicate some excellent work on these topics I've provided some resources that will come in handy for ISVs and System Admins wanting to take a conservative approach to deploying their applications into Solaris zones:

• Bringing your Application into the Zone
• Qualification Best Practices for Application Support in Non-Global Zones
• System Administration Guide: Solaris Containers-Resource Management and Solaris Zones
• Zones and Containers FAQ at OpenSolaris.org
• Virtualization Blueprints at wikis.sun.com
• Wikipedia: Solaris Containers

As microprocessors become more powerful, IT organizations looking to increase the efficiency of underutilized servers and simplify administration are starting to explore server virtualization technology. When most people think of server virtualization they think of Type-1 hypervisors popularized by VMware ESX Server. We're also starting to hear more about Xen derived hypervisors that add virtualization capabilities to various Linux distros, NetBSD and Open Solaris. Sun will introduce an Enterprise Class bare-metal hypervisor called xVM Server later this year. These technologies allow individual servers to safely host multiple independent workloads along with complete copies of their host operating systems. Type-1 hypervisors certainly offer a great deal of flexibility and isolation and have the added benefit of supporting diverse guest operating systems e.g Solaris, Linux and Windows simultaneously. However this functionality comes with a cost. The hypervisor software layer itself usually has an associated acquisition and support cost and performance may be degraded compared to running the OS directly on native hardware, especially if the workload is IO intensive. Then there's the administrative and potential licensing costs associated with provisioning, monitoring and maintaining multiple copies of complete operating systems.



Fortunately for Solaris administrators on SPARC and x86 systems there's an alternative - Solaris Containers which were first introduced with Solaris 10's debut in March of 2005. Solaris Containers (a.k.a Zones) are lightweight virtual Solaris instances that look and feel in most respects just like a full Solaris OS instance but which share a single Solaris kernel. Since there is only one real Solaris instance there is only one copy of the Solaris kernel to maintain. Users given shell access to a Solaris Container on the network believe they are running on their own independent server with a unique IP address, independent process address space and their own file system(s) yet may in fact be sharing this same server and a read-only link to common files and directories with dozens or even hundreds of other Solaris Containers. Solaris 10 supports up to 8000 Containers on a single server but this is not a limit I would recommend testing out on your dual-core laptop. In addition, individual Containers can take on a Solaris 8, Solaris 9 or even a Linux personality which simplifies migrating workloads with OS dependencies to Solaris 10.

Solaris Containers are easy to provision, require only a small amount of incremental disk space, and can be rebooted as needed in seconds. Containers can also be cloned, detached, moved and reattached which makes replicating and rehosting Containers onto different physical systems straighforward. Since Containers take advantage of Solaris 10's fine grained privilege features, users or workloads running inside a Container don't have access to the full array of "root" features that might otherwise allow for undesired mischief on a shared production resource. This feature alone makes Containers an interesting production deployment choice even for servers with only a single workload. Should the host Container be compromised an attacker can't for example put a NIC into promiscuous mode or write into kernel address space.

We are already starting to see innovative hosting services take advantage of the low-cost, scalability and security advantages of Solaris 10 by offering Container based Solaris virtual machines. Sun partner Joyent offers a virtual computing infrastructure for Web 2.0 applications starting at just $45 / month. Sun also recently introduced a Solaris on Demand service which enables traditional enterprise ISVs to take their software to market as an Internet based service without the hassle of re-architecting their application for multi-tenant use. Using Solaris Containers these ISVs can securely host various layers of their existing architecture onto one or more SPARC or x86 based servers and then scale their service by adding Containers as new customers come online.

For more information on Solaris Containers, visit Sun.com or use the following Google Search. At last count the search returns about 140,000 pages. I also highly recommend the following Sun Blueprint: Solaris Containers: Virtualization in the Solaris Operating System

Today was a good day. I successfully got both WinXP and OpenSolaris 2008.05 running, and talking, under the recently released VirtualBox 1.6 on my (Intel based) MacBook Pro. I had installed both OSes earlier in the week and was pleasantly surprised with the ease of use and overall performance but was having trouble getting both XP and OpenSolaris to "talk" on my home network and to the Internet via my Linksys (WRT54G) Broadband Router. Btw, I still can't believe the VirtualBox 1.6 .dmg file is only 26.3MB.

So, it turns out that for some reason the default DNS IP address (10.0.2.3) provided by VirtualBox internal DHCP server was not properly resolving names for me. I'm still not sure why this doesn't work out of the box (stay tuned for a follow-up entry) but what did work was to provide my own DNS server address in /etc/resolv.conf on Solaris and for the emulated AMD NIC interface under XP and DNS started working as expected. Note that since only NAT networking is supported at this time you can't use ping to troubleshoot connectivity. I used telnet and Firefox to test IP communications.

Before I continue I should credit Dana's Weblog entry for helping me to get Solaris talking:

• Running OpenSolaris 2008.05 under VirtualBox on OS X Leopard

From her blog I learned that I needed to use the "Intel PRO/1000 MT Desktop (NAT)" NIC instead of the default AMD PCnet interface. Once I made the change and restarted the virtual machine, the OpenSolaris Network Auto-Magic Service was successfully able to find and plumb the e1000g interface and life was good.

Here's are screen shots of both my WinXP and OpenSolaris Virtual Machine settings:

WinXP

OpenSolaris