« Sun in America's... | Main | Debunking more IBM... »

Monday Feb 26, 2007

Response to: IBM, Sun and HP: Comparing UNIX Virtualization Offerings By Ken Milberg

IBM Systems Mag recently posted an article comparing Sun, HP and IBM virtualization offerings entitled, "IBM, Sun and HP: Comparing UNIX Virtualization Offerings" By Ken Milberg.

You can read the article at: 

http://www.ibmsystemsmag.com/ME2/Audiences/dirmod.asp?sid=&nm=&type=Publishing&mod=Publications%3A%3AArticle&mid=8F3A7027421841978F18BE895F87F791&AudID=1CE1C4C1B85E4DBD88C47DD63CCCB59C&tier=4&id=1678B712944D4E4480CCB81F2F563585

This article covers a variety of issues some accurate and some horribly inaccurate.  I will only address the Solaris portion of the article:

It took over a hundred commands and hours of architectural work, including partitioning drives and planning for replicas.

While I will admit that Solaris Volume Manager (aka DiskSuite) is not the easiest to set up via the command line, the Solaris Mgt. Console can be used to make this easier. Ken doesn't say exactly what he was trying to do but "hundreds of commands and hours of time" sounds to be a bit of an exaggeration. In addition, ZFS can create a mirrored storage pool in two commands and also supports an easy to use web GUI. In addition ZFS provides data integrity capabilities and nearly infinite storage capabilities.  ZFS is also open source and being ported to BSD variants including MacOS X.

this method requires all partitions have the same OS and patch levels. Their virtualization essentially virtualizes an OS environment more-so than hardware. In fact, they don't emulate any of the underlying hardware. The virtualized OS will make the calls to the hardware. That's where multiple partitions run on the same server, but with one kernel. To reiterate, every OS level must be exactly the same across all containers. One kernel fault will bring down every container.
This is true, however, as the author points out later in the article there is SIGNIFICANTLY less overhead in CPU, memory and disk space incurred in the Solaris Containers virtualization.  Logical Domains in the T2000 and Single CPU domains in the APL (due later this year) will alleviate this issue by allowing multiple, different OS versions to run.  The author fails to point out, however, that a single kernel is easier to manage and patch than multiple kernels.  In addition, we have taken significant steps to enhance the availability of the kernel (SMF, Predictive Self-healing.)
There's also limited security isolation as a result of a single kernel across containers. What that means is one breach will impact every container in the OS image.
Although a breach of the Global zone can impact every container, the global zone can be configured without an IP address making it impossible to attack without direct console access.  This is, in fact, the preferred configuration.  User applications and logins should not be allowed in the Global zone. The local zones themselves, if attacked, are completely isolated from the other zones via reduced privs.  They can be rebooted independently without affecting other zones.  Another benefit of a single kernel image is the ability to use Dynamic Tracing (DTrace) to diagnose problems across all the Solaris containers.  This is impossible using virtualization with separate OS instances.
From a licensing perspective, one must also be aware ISVs will charge on a per CPU basis across all containers in the single image, even though they may need only a part of the OS image capacity.
This varies by ISV.  Oracle, for instance, respects Sun CPU pools when set up in the global zone and attached to local zones for licensing purposes.  Most licensing system are based upon the Honor system.  Negotiate the best deal you can with your ISVs.
Sun containers also can't share I/O, which is not a good thing.
This is not true.  Containers can share ethernet ports, FCAL channels, devices, disk drives and even mounted file systems in read-only or read-write access modes.
You could use the Solaris Container Manager, though I suspect you may have similar problems that I had with the Solaris Management Console in configuring storage resources
You can also use webmin from webmin.com to manage containers, SMF, users, cron jobs and many other aspects of Solaris.  Webmin is an open source, lightweight, web based management interface.
When Red Hat came up with virtualization for RHEL5 (still in Beta), they decided not to go the container route, and will introduce version 3 of Xen's hpypervisor. The virtualization is a para-virtualized kernel, which virtualizes part of an OS operating environment and also selectively emulates hardware devices as well. It provides access to the native hardware. Of all the virtualization technologies out there, Xen most closely mirrors IBM's Advanced Power Virtualization (APV). But it's not yet available on the Sparc.
Sun is engaged with the Xen project at opensolaris.org and expects a Xen based distribution later in 2007 for the Intel/AMD platforms.  Logical Domains is a similar technology available for T1000/2000 today.
My Solaris buddies have informed me - with Sun's new line of T2000 servers - one can run Solaris, Unix and also Windows,

I'm not sure which Solaris buddies he is referring to but MS Windows does NOT run on the T2000.  Ubuntu Linux does.

Mr Milberg summarizes with:

    • A 39 year history of virtualization, offering a very mature technology.
  • Certainly AIX doesn't have a 39 year history!
    • Capped and uncapped partitions. Allowing users to take advantage of unused clock cycles via a shared processor pool is an innovation that no one else has. HP requires a workload manager system similar to PLM, while Sun has nothing.
  • Sun has NOTHING?  We have dynamic resource pools, CPU pools, fair share based scheduling for Zones, projects and users.  You choose!
    • SMT - Only IBM has it
  • And your point is.....?
    • Dedicated or Shared I/O on a virtual partition - Only IBM has it
  • Solarix containers allow shared I/O for disks, networks and devices.
    • IBM has only one virtualization strategy (APV)
  • Sun has several providing the choice of hardware, software or VMware based partitioning to meet a wide variety of needs.
    • One hardware platform for AIX and Linux partitions (POWER5).
  • And thats a good thing?  Solaris provides you the choice of platforms ranging from an Acer Ferrari laptop (on which I'm now typing this) to a 1 TB of RAM, 144 processor super server with identical adminstrative tools and commands.
    • IBM has the most bang for the buck
  • I suppose its hard to calculate "bang for the buck" on Solaris because the "buck" value is zero. (Solaris is free)

Solaris containers are NOT a virtualization technology for everyone. Containers, however, solve both the "server sprawl" as well as the "operating system sprawl" problem that exists in many data centers today.  There are a wide variety of customers (commercial and government) using Solaris containers in production today.  Sun offers now a number of virtualization choices including:

  • Logical domains (CMT chips)
  • VMware (Intel/AMD chips)
  • Hardware Domains (UltraSparce data center servers)
  • Solaris containers (all chips, small to large platforms)
and is working on more solutions to come
Per CPU virtualization (APL)
 Xen for Solaris 10  (Intel/AMD)

You can find much more on the architecture and implementation of Solaris Containers at our Sun Blueprints web site (perhaps Mr. Milberg was unaware of this resources).  There is also a Solaris Zones FAQ available in the OpenSolaris Communities.  I highly suggest that you (and Ken) review the Solaris Containers Technology Architecture Guide

To summarize, Solaris is the high volume Unix based OS that runs on more platforms, has more applications and the most advanced technology in the world.  Compared to AIX and Red Hat Enterprise Linux 4, Solaris 10:

  • Does more
  • Costs less
  • Runs on more platforms
  • Is developed as an open source product

Download Solaris 10 for free (Sparc or X64) and try it out for yourself. 

Why should you care?

We believe that you should have the most accurate information available when choosing a platform to deploy your mission critical applications. 

Posted at 01:56PM Feb 26, 2007 by jimlaurent in Solaris tips | Comments[9] | Permalink

Comments:

Great response.

Milberg claims "IBM has only one virtualization strategy (APV)". This is incorrect. APV is a layered, separate product which includes Micropartitions and Virtual I/O. Standard IBM pSeries LPARs are not part of APV. Also, IBM has different virtualization strategies for zSeries, iSeries, and x86.

However, taking Milberg at face value, he seems to think the best solution is a "one size fits all" approach. The truth is, these various virtualization/partitioning solutions (containers/virtual private servers, virtual machines, hypervisor/logical partitions, and hardware partitions) are complementary.

Yes, Solaris Containers require a common kernel patch level. This is a hindrance in some use cases. But in others (i.e., web hosting service providers with standardized software stack offerings) it is an advantage. That is why a company like SWsoft and a project like OpenVZ exist.

Indeed, AIX is adding a container function through its acquisition of Meiosys and the implementation of "corrals" technology into AIX. HP has added a container function with its "Secure Resource Partitions" technology. Novell has a container function with its "AppArmor" technology.

Perhaps this article was intended as a defense of Advanced POWER Virtualization against the success of container technologies. I would not be surprised if some customers see the advantage rationalizing and reducing the number of different patch levels in an organization reduces TCO.

I think the bloom is off of the IBM pSeries rose. Linux on POWER is a failure. In the low-end, it makes more sense to run Linux on x86, and virtualize using VMware. AIX on POWER on the low-end, for those customers who prefer an enterprise UNIX OS, has been usurped by Solaris on Niagara and Solaris on x86. On the commercial high-end, HP-UX on Itanium Montecito (regardless of what you think of Itanium) on the latest Superdome is a strong competitor, and US-IV+ has strengthened Sun's high-end. In the technical high-end, pSeries (along with SGI's Altix) is chasing a shrinking market, as the world increasingly moves to x86 clusters.

Posted by Mark on February 26, 2007 at 03:35 PM EST #

[Trackback] Ken Milberg compares virtualization offerings from IBM, HP and Sun in his article for IBM Systems Magazine . I was beginning to get into details in this post, when I realized Jim Laurent has already done so here . I restrict myself therefore to the S...

Posted by Waiting for I/O on February 26, 2007 at 04:04 PM EST #

webmin ships with Solaris, too!
-- richard

Posted by Richard Elling on February 26, 2007 at 07:22 PM EST #

[Trackback] In IBM Systems Magazine you will find a comparision about

Posted by c0t0d0s0.org on February 27, 2007 at 06:32 AM EST #

In reference to Richard's comment: Although webmin ships with Solaris 10 (and is supported by Sun), the version that ships currently does not include the Zone manager module. Downloading the latest version gets you Zone and SMF management.

Posted by Jim Laurent on February 27, 2007 at 08:16 AM EST #

"hundreds of commands....":

Calling this an exaggeration is gross understatement. We configure medium to large storage scenarios on a regular basis, with SVM or otherwise. If you know what you're doing, this is a simple job of 15 minutes, independent of the number of LUNs you have. If it takes you hundreds of commands and hours of time, you should swap the commandline with a Sun Edu training course!

Zones/Containers:

Although at the end of you blog (and others in the comments section) you mention that Containers are just one virtualization solution, Sun should take care not to respond to FUD like this by claiming that Sun can do all the things IBM claims they can do better. Sun should rather rationalize and remind everyone about the motivation for virtualization and which of their offerings fits best to which use case. With these, Sun can drive IBM - but only if Sun doesn't let IBM push them into a defensive role.

Posted by Stefan on February 28, 2007 at 08:37 AM EST #

Thanks for the post. I work in a mixed AIX/Windows environment. I've been building my test/dev (Win2k3) environments in VMware at work. I've been very interested in some of Sun's technology (in the heatlhcare environment where I work the Sunray would be a brilliant stroke) and since I'm currently working with virtualization I was interested in Sun's Zones/Containers concept. I appreciate your pointing out the resources so I can dig into this further. One of the issues that is very salient for me is that some of the applications I work with cannot co-exist on the same server. We've previously had multiple servers each running a single app. I jumped on the VMWare train as a way to bring down costs for what seemed an unnecessarily large expenditure. The Containers concept would be even more efficient in this context since you wouldn't have to deal with the license and resource costs associated for running one application with a small user load in a test environment. I recently purchased an Ultra 20 for home use and am building a home network for some projects. I'm looking at continuing on Sun hardware and software since it will allow me to familiarize myself with the technology. We're going through huge growth at work and will be seeing more mixed OS technology coming into play. I'm thinking that we could do things more efficiently and likely even cheaper going with Sun for some of our upcoming projects. I appreciate the well thought out information.

Posted by Chris on March 17, 2007 at 02:52 AM EDT #

Thanks for an interesting response. I've been working with Xen-based Linux virtualisation for the past 6 months or so and, being new to Solaris Containers, I'm finding them quite refreshing. In particular, the fact that installing packages, or patches, in the global zone appears to automatically sort things out in every zone makes my life a whole lot easier for management. Suddenly an extra zone isn't an extra server to manage. Add ZFS into the mix for managing storage in the zones and life gets even more straightforward!

Posted by Graeme Mathieson on May 27, 2007 at 08:26 AM EDT #

Now I'm looking for a replacement, inexpensive NAS device that I can put in my closet to act as a backup server for my family of Macs in the house. If anyone has any favorites, post a comment.
http://www.watchrolexshop.com
http://www.gamegoldme.com
http://www.cheap-lotrogold.com
http://www.globalsale.me/Aion-gold-083.aspx
http://www.cheap-gamegold.org
http://www.gamegoldvip.org

Posted by lotro gold on June 24, 2009 at 11:14 PM EDT #

Post a Comment:
  • HTML Syntax: NOT allowed

About This Weblog

Author: James Laurent

Archives

« November 2009
SunMonTueWedThuFriSat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
     
       
Today

Feeds

Search

Bookmarks

Other Blog Links

Today's Page Hits: 439