virtualization.info Editors

Vendors such as Microsoft and SWsoft and the open source virtualisation project Xen are offering alternatives to VMware as interest in the technology grows. In addition, start-up companies, such as Qlusters and Akimbi Systems, are attacking other areas of virtualisation with tools to create high-availability clusters or to enhance applications running on top of virtualised environments.

As x86 processors become increasingly powerful, customers are looking for ways to get more out of the low-cost, standards-based platforms they have, analysts say. Virtual machine technology, which creates isolated software containers that include an operating system and applications, is one way to do that.

Interest in virtual machine technology has been growing. IDC says the market reached more than $300 million in 2004 and is on pace to grow at a rate of about 18 per cent over the next few years.

“It’s been one of the faster growing technologies that we’ve encountered,” says Galen Schreck, a senior analyst at Forrester Research. “It quickly went from ‘You want me to do what?’ to ‘Hey, that sounds like a really good idea.’ The people I speak with at this point are convinced of the technology and convinced of the solidity of the idea.”

The growing interest is resulting in a surge in the number of companies rolling out virtualisation technologies, says Dan Kusnetzky, a vice president at IDC.

“Expect to see some interesting twists on [virtual machine] technology,” he says. “Right now, you could think of this technology as starting at the hardware and looking up – how you encapsulate the operating system and all the software above it. That’s not the only way of thinking about it.”

Akimbi is building an enterprise application that will leverage virtualisation platforms. According to the company’s Web site, it appears the product would include management tools that interface with VMware, Microsoft Virtual Server and Solaris partitions.

“We’re solving a business problem and it just so happens that we can use virtualisation technology as part of our toolkit,” says James Phillips, Akimbi president and CEO. “We’re really solving business problems by building applications that make clever use of virtualisation technology because it’s available and it’s affordable and it works.”

Enterprise users can expect a product from Akimbi, which recently got funding from Hummer Winblad Venture Partners, Partech International and Stanford University, by year-end, he says.

Meanwhile, Xensource, a company founded to provide support and maintenance for the open source Xen virtualisation technology, also recently received funding when Sevin Rosen and Kleiner-Perkins added $6 million to the organization’s coffers.

“Open source and virtualisation marry two fairly powerful trends and Xen is a tour-de-force piece of technology,” says Nick Sturiale, general partner for Sevin Rosen.

Heavy mob wades in
IBM, HP, Intel and Red Hat are among those working with Xen to improve the open source virtual machine technology.

Rolf Neugebauer, a researcher at Intel Research Cambridge, says the chipmaker has been involved in the Xen project for more than two years. One of the focuses of Intel’s work with Xen is to enhance security around the Xen virtual machines, he says.

“Our aim is to support multi-level secure systems, and we plan to extend Xen in a similar way as” Security-Enhanced Linux,” Neugebauer says. SELinux is a project backed by the National Security Agency that adds access controls to the Linux kernel.

Xen takes a similar approach to VMware, but analysts say it has a ways to go before it will be a serious contender when it comes to enterprise virtualisation. One main hurdle is that Xen requires a modification to the Linux kernel. XenSource CEO Nick Gault says his organisation is talking with Red Hat and Novell, which have shown interest in incorporating Xen virtualisation into their distributions. However, analysts suspect it will be many months before the commercial distributions include the Xen technology.

“Of course, companies want to keep their eye on technologies that are on the horizon, but realistically open source virtual machines are not something that the average enterprise should be spending a whole lot of time on in 2005,” says Gordon Haff, an analyst at Illuminata. “Strictly speaking in the x86 space for the highest end, most efficient, native virtualisation, VMware ESX server continues to be the only game in town.”

Not that companies such as Microsoft and SWsoft should be discounted. Microsoft recently began shipping Virtual Server 2005, technology the company acquired with its purchase of Connectix in 2003. Virtual Server effectively divvies up the hardware so that multiple virtual machines can run on a single CPU. It’s most similar to VMware’s lightweight GSX server.

Analysts expect Microsoft to enhance Virtual Server, but say that VMware — which already has rolled out management tools such as Virtual Center to streamline provisioning and configuration and VMotion, which lets users move live virtual machines from one physical server to another — is far ahead of the game.

SWsoft takes a different approach to virtualising servers. It virtualises the operating system so that multiple instances of the operating system can be created from one installed version.

“There are advantages and disadvantages with each approach [to virtualising servers]. There’s no one best way. If you provide virtualisation like SWsoft, you may or may not be able to run more than one operating system on that server,” says Scott Donahue, vice president of Tier One Research. “But SWsoft can create a lot of different virtual servers using one host [operating system] and the cost savings are greater because you are only licensing one [operating system] per server rather than multiple [operating systems] per server.”

That’s what attracted Justin Schumacher, software and systems design engineer for industrial sensor product company Adaptive Instruments in Hudson, Mass., to SWsoft.

“We found with Xen and VMware that it did help isolate your software from your hardware and helped it make it a little easier to manage, but they didn’t help the cost of hardware or software,” he says.

Schumacher is testing SWsoft’s Virtuozzo product and plans to put it in production when the Windows version is available in the first half of the year. Today, Virtuozzo is supported only in Linux environments.

“To use Microsoft Virtual Server, you have to buy one copy of Windows for the host machine and one copy of Windows for each virtual machine. You don’t save a lot on hardware costs because you still need to pre-allocate RAM to each virtual machine, whether the virtual machine is using it or not,” Schumacher says. “With SWsoft you only have to buy one copy of Windows, each virtual machine is using that copy. You also save hardware costs because RAM doesn’t need to be pre-allocated.”

For enterprise users faced with a growing number of virtualisation options, the most important task is to understand exactly how they want to benefit from the technology, experts say.

HP servers that use Intel’s Itanium processor can be partitioned to run multiple tasks using a hardware-based method, but the line lacks the software-based capability of a top competitor. By the end of the year, HP plans to put both partitioning methods into the servers, promising more flexibility. That dual capacity also is found in the HP 9000 Unix server line the company is phasing out in favour of the Itanium-based Integrity line.

Partitioning technology — letting customers run multiple jobs on the same server — takes advantage of the fact that some processes are idle while others are busy. Partitioning initially was popularised on mainframe computers decades ago, but now has arrived in Unix servers and is making its way to lower-end machines.

HP’s hardware-based partitioning technology for Unix servers, nPar, divides hardware into independent sections, and software-based vPar creates higher-level software partitions that can share the same hardware. While the old server line has both capabilities, the Itanium-based line lacks the vPar technology.

That limitation will change by June, Nick van der Zweep, HP’s director of virtualisation and utility computing, said in an online discussion in which HP executives answered questions about the new Itanium servers.

Initially, the minimum size of a partition using the vPar technology will be one processor, van der Zweep said. By the end of 2005, multiple vPars will fit on a single processor, and they’ll be able to run more operating systems than just HP-UX, he added. (Integrity servers can run Windows, Linux, HP-UX and OpenVMS.)

The move will help keep HP competitive with its main rivals. IBM already supports sub-processor partitions on its Power5-based servers that can run Linux and IBM’s version of Unix. However, Big Blue doesn’t employ full-on hardware partitions, though its technology employs some hardware features.

Sun, which pioneered hardware partitions on Unix servers, is adding a technology called Solaris Containers to version 10 of its operating system. Containers are similar to software partitions, making a single operating system look like many. That feature will work on computers using its own UltraSparc processors and on those using x86 processors such as Intel’s Xeon and AMD’s Opteron.

The features behind the features
The prevailing method for creating partitions on x86 servers today is use of VMware’s virtual machine software. But hardware features called Vanderpool and Silvervale coming in Intel chips should make partitioning easier.

Under an accelerated schedule, Intel will release Vanderpool in 2005 in desktop chips. IBM, too, is adding better partitioning abilities to a next-generation PowerPC processor, the chip also used in Apple’s machines.

Also during the online chat, HP said its current systems could be upgraded with the next Itanium processor, code-named Montecito and due at the end of the year. “HP intends to enhance Integrity Servers with future Itanium 2 microprocessors, such as Montecito, by means of simple in-box upgrades,” said Brian Cox, product line manager for HP’s business critical systems group.

Limitations :
1. This script can take backup of VM powered on only.
2. The Non-RDM persistent disks are only backed.

Refer to manpage for more details.

vmres.pl :
This program will perform a restore of a VM, backed up with the vmsnap
script, on an ESX Server. The backups are restored from vmdk form to
dsk format after transfer from the Archive Server or Hot Standby
Server.

Vanderpool essentially divides the resources inside a single PC or server so that it can function like two or more independent machines. Virtualization technology like this is already common in the server market, and Intel had plans to bring it to its Itanium chip this year.

Initially, Vanderpool wasn’t slated to come to desktops until 2006. Now, it will come out in desktop chipsets and processors in 2005. The company also released a preliminary specification on Thursday.

Intel will also release dual-core processors later this year. Vanderpool dovetails with these types of chips. Dual-core processors are made to perform two separate functions at once: Virtualization software can help balance the computing needs of each processing core with the software and other hardware inside the box.

Vanderpool is part of a family of enhancements Intel has been adding to its chips to improve overall computing performance or versatility without necessarily increasing power consumption.

John Thibault, a longtime telecommunications technology executive who unsuccessfully ran for the Massachusetts Senate, took over as CEO on Jan. 17. Co-founder and former CEO Scott Davis now is chief technology officer, Thibault said.

The Acton, Mass., company had planned to rename itself VirtuOS Computing, but instead has chosen Virtual Iron, Thibault confirmed in an interview. “VirtuOS is a name no one relates to,” he said.

The name Virtual Iron refers to the approach the company uses to make powerful “big iron” servers out of inexpensive lower-end servers linked with the InfiniBand high-speed networking technology. With Virtual Iron’s software, a single copy of the Linux operating system can span several machines, the company says.

Key to the approach is the idea of virtualization, which breaks the tight link between software and the physical hardware it runs. By making software run on an abstracted, virtual version of the hardware, changes to the real hardware can be made without ruffling the software’s feathers.

Virtual Iron believes the approach will let companies run a host of software tasks on a large group of servers, with different tasks expanding or shrinking as computing demands change–letting hardware be used more efficiently. However, Virtual Iron’s approach is one that established server companies such as Dell have explored but so far not offered.

Thibault’s priorities will be to get the company’s products into the marketplace, secure customer references and round out management, he said.

The new name and CEO aren’t the only changes at the company. Virtual Iron also replaced its vice president of marketing and business development, William Ledingham, with Bob Guilbert. Guilbert previously held the same post at storage specialist NSI Software.

Thibault has led several telecommunications technology groups at Wang and Cisco Systems. He also ran start-ups Coral Networks, GeoTel and, most recently, Convergent Networks. When the dot-com bubble burst in 2001, he left Convergent and took time out to run for office.

In his short-lived political career, he finds a silver lining. “It was a very humbling experience. I came out a better person,” he said. And his personality wasn’t cut out for a career in politics anyway, he added.

Running start-ups today is different. Not surprisingly, new ventures today must be much more conservative with cash compared with start-ups of the 1990s. “There is much more work being done today with less money to go around,” he said.

But start-ups also are different from more conservative eras because of scandals and poor management troubles at companies such as Enron and WorldCom, he said.

“All the regulatory changes that have been put in place take some of the flexibility that we had in the early 1990s out of building a company. Revenue recognition is much more defined and more rigorous. The types of investments you make in capital changed,” he said. “And the customers are smarter. They aren’t buying technology for technology’s sake or to try it out. You have to come to market with technology that will solve a problem that is definable or understandable.”

Another change is that companies must plan their future beyond an initial public offering or acquisition by a larger company. At Virtual Iron, his goal is to “build a substantial company, take it public and continue to grow it,” he said.

The company has shared some details of its technology but plans to demonstrate and fully discuss the technology at the LinuxWorld and Demo shows in February, Thibault said.

The Kalaya™ utility makes some of the most complex operations in VMware ESX simple and quick.
Using Kalaya™ Software users of VMware ESX Server can avoid using the cumbersome, time consuming, and sometimes not well documented, command line interface (CLI) for supported tasks. No advanced knowledge of VMware ESX, Virtualization concepts or the Linux kernel is required. In addition, The Kalaya™ utility is fast, accessed thought a secure text interface, offering a quick response time and ease of use.

Kalaya™ Software is installed and accessible from the ESX Kernel. Access to the menu interface is secured through an SSH connection. Kalaya™ is installed in the user directory, with no impact on the ESX kernel itself. The utilities included in Kalaya™ Software are accessible through a menu driven interface and organized by modules such as Back up and File management.

Seven years ago, Ian Pratt joined the senior faculty at the University of Cambridge in the United Kingdom, and after being on the staff for two years, he came up with a schematic for a futuristic, distributed computing platform for wide area network computing called Xenoserver. The idea behind the Xenoserver project is one that now sounds familiar, at least in concept, but sounded pretty sci-fi seven years ago: hundreds of millions of virtual machines running on tens of millions of servers, connected by the Internet, and delivering virtualized computing resources on utility basis where people are charged for the computing they use. The Xenoserver project consisted of the Xen virtual machine monitor and hypervisor abstraction layer, which allows multiple operating systems to logically share the hardware on a single physical server, the Xenoserver Open Platform for connecting virtual machines to distributed storage and networks, and the Xenoboot remote boot and management system for controlling servers and their virtual machines over the Internet.

Work on the Xen hypervisor began in 1999 at Cambridge, where Pratt was irreverently called the XenMaster by project staff and students. During that first year, Pratt and his project team identified how to do secure partitioning on 32-bit X86 servers using a hypervisor and worked out a means for shuttling active virtual machine partitions around a network of machines. This is more or less what VMware does with its ESX Server partitioning software and its VMotion add-on to that product. About 15 months ago, after years of coding the hypervisor in C and the interface in Python, the Xen portion of the Xenoserver project was released as Xen 1.0. According to Pratt, it had tens of thousands of downloads. This provided the open source developers working on Xen with a lot of feedback, which was used to create Xen 2.0, which started shipping last year. With the 2.0 release, the Xen project added the Live Migration feature for moving virtual machines between physical machines, and then added some tweaks to make the code more robust.

At this point, companies on the bleeding edge in high-performance computing and financial services told Pratt that what he really needed to do was set up a company to offer full support for the product, like Linux, MySQL, JBoss, and other popular open source programs have. So Pratt incorporated XenSource in Palo Alto, California, and hired Nick Gault, founder of a company called Network Physics, a company that sells network management software. “Great open source software becomes a commercial product,” explained Gault, “whether the project founders want it to or not. Eventually, the companies actually using the software start demanding real tech support and services.” And to make that happen, XenSource needed money.

Luckily, Kleiner Perkins Caufield & Byers and Sevin Rosen Funds, two of the big names in venture capital backing of IT firms, have lots of money and are always looking for a way to strike it big. With VMware now a subsidiary of disk maker and wannabe software powerhouse EMC after forgoing an initial public offering last year and now selling its software to the tune of $250 million a year and doubling each year, Kleiner Perkins and Seven Rosen smell a hot prospect when they see one. And so they just kicked $6 million to XenSource.

Gault says that XenSource will keep its development team in Cambridge, and that the $6 in Series A funding will be used to beef up Xen 3.0, due in the second quarter of 2005, with support for 64-bit Xeon and Opteron processors. That money will also be used for marketing and for packaging up Xen in different ways for different customer sets. Xen 4.0 is due to be released in the second half of 2005, and it will have better tools for provisioning and managing partitions. As Pratt puts it, the technology in Xen is solid, but it is not currently the easiest thing in the world to use. That sounds a lot like open source software.

While Xen will present an interesting challenge to VMware in the open source community, it appears to have a major architectural difference. VMware’s hypervisor layer completely abstracts the X86 system, which means any operating system supported on X86 processors can be loaded into a virtual machine partition. This, says Pratt, puts tremendous overhead on the systems. Xen was designed from the get-go with an architecture focused on running virtual machines in a lean and mean fashion, and Xen does this by having versions of open source operating systems tweaked to run on the Xen hypervisor. That is why Xen 2.0 only supports Linux 2.4, Linux 2.6, FreeBSD 4.9 and 5.2, and NetBSD 2.0 at the moment; special tweaks of NetBSD and Plan 9 are in the works, and with Solaris 10 soon to be open-source, that will be available as well. With Xen 1.0, Pratt had access to the source code to Windows XP from Microsoft, which allowed the Xen team to put Windows XP inside Xen partitions. However, now that Microsoft has acquired Connectix to roll out Virtual Server 2005, it seems doubtful that Microsoft will work with XenSource to make Xen-compatible versions of Windows.

When Intel and AMD put virtualizing hardware (Intel’s is called Vanderpool Technology) inside their respective X86 processors, Pratt says that it will be possible to run native Windows inside Xen partitions without having a tweaked version of the Windows code. What is true for Windows will be true for all operating systems, presumably, and that means any closed-source OS that runs on X86, Opteron, or Itanium will be able to run inside Xen partitions right out of the box, provided those chips have the virtualization features.

Pratt says that eventually, Xen will support Itanium platforms, and there is talk about putting it on Power-based servers from IBM as well. The software is not tied to the X86 hardware as tightly as VMware seems to be with ESX Server.

I am a member of the Secure Systems Department at IBM”s TJ Watson Research Center (http://www.research.ibm.com/secure_systems_department/).

Our group has designed and developed a security architecture for hypervisors (called sHype). We have implemented it on an x86-based IBM research hypervisor. We now plan to contribute this to Xen by integrating our security architecture into it.

sHype is based on mandatory access controls (MAC). This allows Xen to use access rules (formal policy) to control both the sharing of virtual resources as well as the information flow between domains. The Xen port of sHype will leverage the existing Xen interdomain communication mechanism and we expect near-zero performance overhead on the performance-critical paths (e.g., sending or receiving packets on a virtual network, or writing or reading shared memory). The sHype access control architecture separates policy decisions from policy enforcement. It is modeled after the Flask security architecture as implemented in SELinux (http://www.cs.utah.edu/flux/fluke/html/flask.html). Our design is targeted at a flexible medium-assurance architecture that can support anything from simple security domains to multilevel security (MLS) and Chinese Wall policies.

Merging the sHype access control architecture with Xen is the first step toward our goal of hardening Xen to support enterprise-class applications and security requirements. We are working on the following items to achieve this goal (which we intend to contribute spread out over this year):

* Port sHype to Xen

* Add stronger security/isolation guarantees (confinement) to what is currently available through Xen”s (and other hypervisors”) address space separation mechanisms, e.g., to enable information flow Control in Xen

* Enhance Xen to support trusted computing under Linux using TCG/TPM-based attestation mechanisms

* Enhance Xen to support secure resource metering, verification, and control.

* Apply our experience in automated security analysis to Xen to make it more robust

* Make Xen suitable for Common Criteria evaluation

We are confident that our work will significantly contribute to Xen in the security space and that it is a good fit with the Xen roadmap. We look forward to interacting with the Xen community on the design and implementation of our architecture.