Year: 2005

Red Hat and Novell will not add server virtualisation tools to the current versions of their enterprise Linux server products, but are working to include them in the next versions, due in about 12 months.

Server virtualisation tools enable a single server to run multiple operating systems. They also improve server management – for example, by enabling systems to be backed up or moved to new hardware without shutting them down or interrupting services. Experts predict that within five years 95 percent of Wintel server deployments will use virtualised hardware. With at least three open-source server virtualisation projects under way, the developer community already seems convinced about the usefulness of such tools. And Open-source giant Novell has promised “significant announcements” about open-source server virtualisation.

Also, Red Hat’s Fedora Linux distribution already supports Cambridge University’s Xen open-source virtual machine monitor (VMM) tool; and Microsoft launched its Virtual Server 2005 late last year. Red Hat spokesman Nick Carr said, “It’s an area of great excitement and buzz in the open-source community. We have customers looking forward to this technology. It will allow them to increase the utilisation of the very powerful dual-core and HyperThreaded servers that will be coming to market later this year.” Both AMD and Intel are expected to launch dual-core versions of their respective Opteron and Xeon processors later this year.

Carr said that Red Hat supports its enterprise server software for seven years after release, so its focus is on software stability good management infrastructure.

Unfortunately for proponents of purely open-source systems, it seems the Xen project supports fewer operating systems than the commercial alternatives like those from virtualisation specialist VMware or Microsoft. Xen can only be used to host virtual machines running a few specially honed versions of Linux.

Both IBM want to harden Xen so it can be used in commercial environments where security and stability are a given. IBM Research is contributing a security architecture called sHype and some code that it created for a home-grown X86 virtualization engine. HP is offering some code based loosely on ideas from its vPar virtual partitions for its HP-UX platform to help Xen better manage and secure Xeon partitions.

Novell’s contributions to the project are unclear, but the company definitely wants to use Xen as a differentiator for its SUSE Linux distributions. Patrick said yesterday that Novell was putting software engineers on the Xen project and would be integrating it into the future SUSE Linux Professional 9.3 desktop. Patrick said that Novel tends to ship a new release of SUSE Linux Professional every six months or so, since it is the version of its Linux distribution that has all the latest-greatest features.

SUSE Linux Professional 9.2 started shipping at the end of 2004, which means the 9.3 release is probably due mid-year or so. Patrick said that Novell is demonstrating Xen running on the LinuxWorld expo floor on SUSE Linux Enterprise Server 9, the current Linux 2.6 kernel version, and that Xen would be integrated fully into the future SUSE Linux Enterprise Server 10.

AMD also announced that it would be porting Xen to work with its Opteron processors and said further that it would have a commercialized version of the product available in the first half of 2005. Because of the direct memory architecture of the Opteron design, AMD believes that it will be able to do a better implementation of Xen.

Moreover, AMD is counting on the “Pacifica” hardware virtualization features in future single-core and dual-core Opterons to help Xen run even better on the chips. Intel is creating a version of its “Vanderpool” virtualization hardware features for Pentium 4 processors, called “Silvervale,” which will provide hardware-assist for virtual machine partitioning like that offered by Xen

VMware ACE lets IT managers create what the company calls an “assured computing environment” on Windows-based desktop systems in isolated or remote settings, and it controls these systems using predefined policies.

VMware ACE, released in December, leverages VM (virtual machine) technology to create a secure Windows PC environment. Using VMware ACE Manager (the management interface in VMware ACE), IT managers can apply custom policies to VMs preinstalled with guest operating systems, applications and data, and then easily deploy them via network shares, CD or DVD.

VMware ACE Manager is priced at $795 per license. The end-user VMware ACE license is priced at $99 per PC. A $995 VMware ACE Starter Kit includes a single VMware ACE Manager license and four VMware ACE end-user PC licenses.

VMware ACE is not designed to replace corporate desktops. However, our tests show the product would be a good fit in extended enterprise desktop infrastructures such as remote access sites and guest PC systems.

We’ve seen no other VM software that provides such a high level of policy management in the desktop environment. Competitors such as Leostream Corp. and PlateSpin Ltd. offer products for converting standard operating systems into VMs, as well as a centralized management platform. However, these systems mostly target server farms and data centers. Further, Microsoft Corp. has yet to include policy management in Virtual Server 2005, its stand-alone server virtualization software.

VMware ACE supports a wide range of guest operating systems, including Windows, Linux and Solaris, but the host operating system is Windows-only. We tested VMware ACE using Windows Server 2003 as the host and Windows XP Professional as the guest client.

VMware ACE Manager provides comprehensive and granular rule sets for governing VM usage. Its version-based network access policies let administrators restrict network access and limit guest systems to only assigned resources.

VMware ACE Manager’s user interface provides intuitive wizards for configuration settings. The end-user client’s new VM UI behaves like a normal Windows application; for example, we could resize or minimize the UI window. The VMware ACE application, which runs on a separate virtualization layer independent of the host operating system, is governed by predefined policies.

The VMware ACE client can suspend the VM application by default upon exit. This is a useful feature that enables users to save their work by suspending the VMware ACE application and logging back on at a later time.

We used VMware ACE Manager’s Virtual Rights Management capabilities to apply different policies to govern VM usage for test clients. After we set up an IIS (Internet Information Services) Web server to host the network policy, the VMware ACE client connected to the policy server during startup to download the configuration settings. We also used the policy server to update configurations.

We could restrict the VM client’s access to the network based on IP addresses or subnets; we could also restrict users’ Internet access.

We encrypted data and configuration files on VMs when they were installed. This capability is useful because it prevents users from tampering with the VM’s files.

Of the two, Vanderpool promises the biggest shift in the way desktop computers are operated, but it could turn out to be a nightmare for IT managers.

On the plus side, Vanderpool could enable more secure home working, allowing staff to access corporate applications through a locked-down virtual machine that connects to the office via a virtual private network (VPN). On the other hand, administrators will need some way of managing all those virtual machines.

Current virtualisation technologies such as VMware run on top of a host operating system. With Windows XP, for example, VMware can be used to create one or more virtual PCs running Linux or an older version of Windows, but the host Windows XP still has ultimate control over the physical system resources.

Intel’s Vanderpool technology introduces a software layer, the virtual machine monitor (VMM), and this has control over the system hardware, according to the firm. While details of the architecture are still vague, it looks from Intel’s preliminary documentation that the VMM takes the place of the host operating system, relegating Windows, Linux, and every other operating system on the PC to the position of “guests” running inside virtual machines.

However, Intel may find that Vanderpool creates as many problems as it solves for IT departments. For one thing, it has the potential to render many of the most widely used management tools almost useless. Imagine trying to do a network audit of the systems in your company with the management agent on each system running inside a virtual Windows PC. The agent will only report the virtual hardware that Windows thinks it is running on, which might not be the same as the real hardware.

Perhaps it is no coincidence that Intel is working on another technology to let administrators remotely manage PC systems, even if the operating system on the box in question isn’t working. Intel’s Active Management Technology (IAMT) promises out-of-band (read “outside of Windows”) diagnostic and recovery capabilities to remotely patch and restore systems. Whether this will also enable the deployment and control of virtual machines is not clear at the moment.

If the deployment issue can be addressed, virtualisation has the potential to revolutionise desktop support. It could enable administrators to apply the latest Windows service pack update just once to one virtual machine, for example, and then deploy copies of that across the LAN, rather than patch every system individually.

Xen is an open source server virtualization architecture that allows users to run multiple Virtual Machines (VMs) simultaneously on the same physical server. Each VM gets a portion of the server CPU, memory and I/O from Xen, which dynamically assigns resources to virtual machines or migrates virtual machines to other servers, if needed. Through integration with Voltaire InfiniBand interconnect, Xen benefits from multi-channel hardware and OS bypass to enable full isolation between virtual machines, greater performance and scalability.

The combined solution, which includes Voltaire network and storage virtualization technology, will improve the efficiency of enterprise data centers by providing the full flexibility to choose any application to run on any virtual server, and dynamically allocate compute, network, and storage resources. In addition, financial institutions required to comply with recent SEC regulations for data protection will have better flexibility to reassign applications geographically.

Voltaire is collaborating with Cambridge, U.K.-based XenSource and the open source Linux community to deliver the solution. InfiniBand and Xen drivers were recently added to the Linux kernel. Both drivers are in Kernel.org 2.6.11rc.

“Voltaire’s InfiniBand solutions are well-positioned to serve as the underlying infrastructure for Xen-based virtualized data centers,” said Moshe Bar, CTO of XenSource, a company founded by the creators of Xen to deliver enterprise class virtualization solutions. “The combination of RDMA transport standard protocols such as iSER and SDP and Voltaire’s multiprotocol switches fits well with the Xen virtualization architecture.”

“The combination of 10 Gbps InfiniBand architecture, Voltaire’s unique high-speed network and storage virtualization capabilities, and Xen server virtualization technology provides the most comprehensive, scalable and high-performance virtualization solution in the market,” said Yaron Haviv, CTO, Voltaire. “We look forward to delivering a powerful solution that makes true grid computing a reality in enterprise data centers.”

Voltaire interconnect solutions consist of layer 2-7 multiprotocol switches with integrated InfiniBand, GbE and Fibre Channel connectivity, grid management and virtualization software, adapters and software that enable high performance applications to run on commodity server and storage resources that can be virtualized into supercomputers. Voltaire switches are the fastest in the industry and are deployed successfully in the world’s largest production supercomputer and many other large grids.

Voltaire switches are centrally controlled and virtualized through embedded VoltaireVision Grid Interconnect Management software. VoltaireVision uses industry-standard interfaces to enterprise management platforms and can be provisioned by automation and policy platforms such as IBM Tivoli Intelligent Orchestrator and others. The integration of provisioning management tools, server virtualization software and intelligent grid interconnect solutions is the foundation of the next generation data center.

XenSource was formed to market and co-develop the Xen virtualization software, which was originally developed at the University of Cambridge in the U.K. The software, like its VMware competitor, runs on Linux and allows servers to be divided up into partitions for better utilization and workload management. Xen can run multiple operating systems in those isolated, secure partitions.

AMD and Intel have both committed to developing hardware virtualization technologies in future processors. AMD’s Pacifica will provide support for virtualization software such as Xen. Neither vendor would specify how Pacifica or Intel’s Vanderpoole would affect either the Xen software or VMware Inc.’s ESX Server.

David Derlind: What’s the latest update on VMware?

Raghu Raghuram: Our underlying strategy has broadened significantly from virtualizing a single machine. In late 2003, we introduced a suite called Virtual Infrastructure. It uses a hypervisor layer of software on each system and then we can put a collection of systems together, each with ESX Server, and the entire thing relies on our VirtualCenter management tools (allows you to create and manage virtual machines across your entire server farm). The killer technology though is Vmotion. The way this works is that while a virtual machine is running, you can move it from one physical server to another with zero down time and no disruption. Also, one of the key benefits of VMware is that it takes hardware dependencies out of the equation. So, this movement can happen regardless of whether the system configurations are different. Without our software, doing this would require complete reconfiguration of the operating system to work with the new hardware.

DD: Who needs something like that?

RR: There are four reasons why you’d do this. First, any sort of planned maintenance of the hardware such as changing a board. Before a technology like ours, you had to bring down the users and the system. Now, you can move it on the fly to another box. The second reason is for resource allocation. Based on the application it’s running, a single virtual machine could suddenly need more resources and they might not be available depending on what resources have been allocated to the other virtual machines on that box. With Vmotion, you can move that virtual machine to another system that has the spare resources to support the application. The third reason is a scheduled version of number two. So, for example, to account for end of the month activity or any planned peaks, you can schedule virtual machines to automatically move The last one, done in conjunction with server vendors who monitor things like fan speeds and temperature sensors on the box in hopes of anticipating a failure, if those algorithims sense a failure coming, using a Web services interface, their management software (ie: IBM Director, Insight Manager, or OpenManage) notifies VirtualCenter and VirtualCenter dynamically moves the paritition.

DD: And, compared to Vanderpool?

RR: Vanderpool — at least the first generation of it — virtualizes the chips instruction set. But it doesn’t do some of the things that VMware does such as virtualizing of the memory or I/O systems. Also, there’s no management component like VirtualCenter nor can the virtualization work across systems the way we’re doing it. That said, we are collaborating with AMD and Intel. So, by using their virtualization technology in combination with ours, we’ll be able to decrease the time it takes to virtualize systems.

DD: Your products are priced by CPU. Will VMware change models when multi-core processors come out?

RR: No. Pricing will be by the core. So a dual core or four core CPU will be treated as two or four CPUs.

DD: What about Xensource’s virtualization technology. It has a lot of buzz and apparently a lot of support from the vendor community as well (including some of your partners).

RR: Our solution is cross platform and Xen is only for Linux. We do a lot of business on Windows and a lot on Linux. Also, Solaris is supported on an experimental basis in our GSX and Workstation products. Experimental status is how we introduce support for new operating systems and the over time, we may support it. And with BSD, we have supported that right from the getgo. We work with all major versions of Linux. Our ESXServer is certified to run on Red Hat and SuSE. To run Linux on Xen, you must make modifactions to kernel. That may make Linux able to run on Xen, but necessarily on all hardware and vice versa. Take regular Red Hat Enterprise Linux 3. You cannot run it on Xen.

DD: But surely, with all the support Xen looks like it will be getting from major industry players, those problems will get worked out and Xen will be way more viable than it is right now.

RR: It still isn’t cross platform. We believe in an operating system independent model which means that the virtual machine layer stands separate from the OS. You can run legacy old versions of Windows, old versions of Linux,.. it doesn’t matter. No datacenter will be on the latest and greatest version of a particular operating system.

DD: But for shops running Linux, Xen’s open source nature gives it a cost advantage as well doesn’t it?

RR: I don’t know what the cost will be but there will be some cost. Xen, by virtue of the fact that its open source technology, is good for people who are attracted to open source technologies. Value of virtualization is severely curtailed however once you realize that it’s purely for Linux.

DD: You keep emphasizing the multiplatform support. Linux is fairing pretty well against Windows in the datacenter. Is it safe to say that your strategy depends on ongoing OS heterogeneity in the datacenter?