Red Hat Virtualization Overview

A presentation at U.S. Intelligence Community Cloud Users Group in November 2011 in Chantilly, VA, USA by Shawn Wells

Slide 1

Slide 1

IC Cloud Users Group Meeting #1 Thurs 3-NOV-2011

Slide 2

Slide 2

AGENDA ● 1030-1045: Introductions ● 1045-1145: Virtualization Technology Update ● 1145-1230: Lunch & Panel ● 1230-1345: RHEV & KVM Update ● 1345-1415: Red Hat IC Activities ● 1415-1430: Q&A and Closing

Slide 3

Slide 3

Slide 4

Slide 4

GROUP INTRODUCTIONS ● ● Reminder: Lowest clearance in the room is Top Secret. What’s your name, what do you want to get out of today?

Slide 5

Slide 5

1045-1130: TECHNOLOGY UPDATE ● Technology Evolution (Xen—>KVM) ● sVirt & MLS Cloud ● libvirt, VDSM, REST APIs ● Performance

Slide 6

Slide 6

Col. John Boyd, USAF ● His energy-maneuverability theory says that agility is more important than how fast or how big a plane is. His OODA Loop (Observe-Orient-Decide-Act) transformed the DoD.

Slide 7

Slide 7

Slide 8

Slide 8

Slide 9

Slide 9

Slide 10

Slide 10

Virtualization Decision: Xen vs KVM ● ● Xen ● Rapidly was losing community traction ● Complicated security model ● Slow(er) KVM (Kernel Virtual Machine) ● Adopted by Linux community as standard ● Can play with SELinux natively ● Fast(er) ● Become foundation of Red Hat Enterprise Virtualization

Slide 11

Slide 11

KVM Timeline

Slide 12

Slide 12

Virtualization in a Shared Environment: sVirt ● Applies security label to all “files” on the system ● In actuality, applies it to the inode metadata through a field called “secmark” httpd apache_t DENY /etc/shadow shadow_t AL LO W ~/public_html httpd_sys_content_t

Slide 13

Slide 13

Virtualization in a Shared Environment: sVirt ● sVirt applies SELinux framework to Virtual Machines DENIED DENIED alpha_vm bravo_vm charlie_vm virt_machine_t:01 virt_machine_t:02 virt_machine_t:03 ALLOWED /dev/eth0 IE N DE D /dev/eth1

Slide 14

Slide 14

Slide 15

Slide 15

Slide 16

Slide 16

Slide 17

Slide 17

Slide 18

Slide 18

Slide 19

Slide 19

Slide 20

Slide 20

RHN Satellite redhat.com AIR AIRGAP GAP NIPR JWICS ENCLAVE

Slide 21

Slide 21

XM L- R PC Integrate User Access and Controls XM L- XM LR System Management PC R PC RHN Satellite Software and Configuration Management XM LR PC Reporting

Slide 22

Slide 22

Updates Automatically update systems with the latest security fixes Easily obtain security updates, patches, and new OS versions Remove undesired packages through the simple RHN web interface

Slide 23

Slide 23

Management Easily obtain security updates, patches, and new OS versions Manage groups of systems as easily as a single system Assign permissions to administrators for managing different groups or roles Remove undesired packages Schedule updates to occur during maintenance windows

Slide 24

Slide 24

Provisioning Provision existing or bare metal systems using profiles or system cloning Undo problematic changes with snapshots and rollback Improve consistency by using RHN to manage and deploy configuration files

Slide 25

Slide 25

Slide 26

Slide 26

Physical Layer (PL) CSDS_PL GDSS CSDS DMDC CFDB JOPES Classic FLIS NGA IDE/AV GSORTS GTN JOPES 4.0

Slide 27

Slide 27

Virtual Base Layer (VBL) CSDS_VBL Physical Layer (PL) CSDS_PL GDSS CSDS DMDC CFDB JOPES Classic FLIS NGA IDE/AV GSORTS GTN JOPES 4.0

Slide 28

Slide 28

Private Data and Metadata Virtual Mid Layer (VML) Plans_VML Facilities_VML Material_VML Virtual Base Layer (VBL) CSDS_VBL Physical Layer (PL) CSDS_PL GDSS CSDS DMDC CFDB JOPES Classic FLIS NGA IDE/AV GSORTS GTN JOPES 4.0

Slide 29

Slide 29

Public Data Virtual Query Layer (VQL) (Exposed Views) Material_VQL Plans_VQL Facilities_VQL Private Data and Metadata Virtual Mid Layer (VML) Plans_VML Facilities_VML Material_VML Virtual Base Layer (VBL) CSDS_VBL Physical Layer (PL) CSDS_PL GDSS CSDS DMDC CFDB JOPES Classic FLIS NGA IDE/AV GSORTS GTN JOPES 4.0

Slide 30

Slide 30

Lunch & Panel

Slide 31

Slide 31

Technology/Community Update ● What is happening now in open source virtualization? ● What is Red Hat’s focus? ● What can RHEV do? ● RHEV3 Technology Preview ● Future/ongoing open source technologies (Aeolus, CloudForms, etc)

Slide 32

Slide 32

WHAT IS HAPPENING NOW IN VIRTUALIZATION?

Slide 33

Slide 33

CUSTOMERS APPROACHING 50% VIRTUALIZATION

Slide 34

Slide 34

IBM Mainframes Proprietary UNIX Microsoft Windows VMware

Slide 35

Slide 35

YOU HAVE A CHOICE IN VIRTUALIZATION “Don’t just find a vendor, find a solution; 42% of organizations use multiple hypervisors to maximize features & minimize cost” — InfoTech Research Group, July 2011 “VMware vSphere still leads the pack… but the gap is closing fast. If there’s one obvious result of this test, it’s that there’s never been a better time to shop for a virtualization solution.” — Virtualization Shoot-out: Citrix, Microsoft, Red Hat and VMware, InfoWorld, April 2011 “If I were VMware, I wouldn’t worry most about Microsoft, with its tendency to subsume low-end, small business markets by including everything in the Windows operating system. That’s so 1990s. Rather, I’d worry that Red Hat and KVM already have a foot in the cloud.” — VMware Should Worry More About Red Hat, InformationWeek, September 2011

Slide 36

Slide 36

WHAT IS RED HAT ENTERPRISE VIRTUALIZATION?

Slide 37

Slide 37

RED HAT ENTERPRISE VIRTUALIZATION ● ● ● ● Enterprise grade, centralized management and hypervisor for server and desktop virtualization Industry leading performance, scalability and security infrastructure Ecosystem of thousands of hardware and software vendors 50–70% lower cost compared to other solutions

Slide 38

Slide 38

RHEV HYPERVISOR/KVM OVERVIEW SMALL FORM FACTOR, SCALABLE, HIGH PERFORMANCE ● ● ● ● ● Host: 160 logical CPU (4,096 theoretical max), 2TB RAM (64TB theoretical max) Guest: 64 vCPU, 2 TB RAM Supports latest silicon virtualization technology: SR-IOV, Based on the latest RHEL 6.2 kernel Microsoft SVVP

Slide 39

Slide 39

RHEV MANAGER FEATURES: ENTERPRISE VIRTUALIZATION MANAGEMENT ● High Availability ● Live Migration ● Self Service Portal ● Load Balancing (DRS) ● Power Saver (DPM) ● ● ● Templates, thin provisioning, snapshots Centralized storage and networking management Eco-system marketplace

Slide 40

Slide 40

INDEPENDENT REVIEWS SHOW RED HAT COMING ON STRONG Source: InfoWorld, Virtualization shoot-out: Citrix, Microsoft, Red Hat, and VMware, April 13, 2011 http://bit.ly/rhevshootout

Slide 41

Slide 41

TREMENDOUS MOMENTIUM AROUND RED HAT ENTERPRISE VIRTUALIZATION MORE AND MORE CUSTOMERS USE RED HAT ENTERPRISE VIRTUALIZATION … IBM Smart Business Test and Dev public cloud powered by RHEV New cloud computing service, BizHosting Basic runs on RHEV RHEV is the backbone for mission-critical service-oriented architecture World’s largest private chain of opticians runs strategic test/dev on RHEV China’s appliance leader runs business critical CRM applications on RHEV RHEV powers telecom service provider’s critical IT infrastructure Wireless leader runs RHEV as a strategic virtualization platform American financial services firm runs secure transaction cloud on RHEV RHEV supports research and clinical care for leading US cancer institute Strategic “Solution as a Service” infrastructure powered by RHEV

Slide 42

Slide 42

HOW DOES RED HAT ENTERPRISE VIRTUALIZATION HELP ORGANIZATIONS BUILD THEIR CLOUDS TODAY?

Slide 43

Slide 43

CASE: WIRELESS COMPANY BUILDS INTERNAL CLOUD BASED ON RHEV

Slide 44

Slide 44

CASE: WIRELESS COMPANY BUILDS INTERNAL CLOUD BASED ON RHEV

Slide 45

Slide 45

ADVANCED SECURITY FOR YOUR VIRTUALIZATION INFRASTRUCTURE RHEV inherits the security features of Linux and RHEL ● ● ● SELinux security policy infrastructure Provides protection and isolation for virtual machines and host Compromised virtual machine cannot access other VMs or host sVirt Project ● Sub-project of NSA’s SELinux community. Provides “hardened” hypervisor. ● Multi-level security. Isolate guests ● Contain any hypervisor breaches

Slide 46

Slide 46

OUTSTANDING PERFORMANCE ON OPEN INDUSTRY BENCHMARKS SPECvirt: RHEV claims top 4 results, delivers over 2x scale-up and nearly 2x single hypervisor performance of VMware

Slide 47

Slide 47

VIRTUALIZATION BY SUBSCRIPTION

Slide 48

Slide 48

WIRELESS COMPANY RESULTS ● ● ● ● ● Accelerated server provisioning to developer community with self-service portal while reducing demands on IT staff Significantly reduced their virtualization costs with Red Hat’s subscription model pricing and resulting lower TCO Reduced OS licensing costs for virtual servers by concentrating all RHEL workloads to RHEV and all Window workloads to VMware Improved infrastructure productivity with increased VM density of 38% more VMs/host for RHEV versus VMware Server consolidation has resulted in higher ROI from better space utilization and savings on space and power

Slide 49

Slide 49

HOW WILL RED HAT ENTERPRISE VIRTUALIZATION 3 ACCELERATE YOUR CLOUD STRATEGY?

Slide 50

Slide 50

RED HAT ENTERPRISE VIRTUALIZATION 3 ● Currently in Beta ● Cloud-ready features for private cloud include ● ● Power User Portal ● Historical Database and Reporting Engine ● REST API integration Integrated with CloudForms for multi-vendor private and hybrid clouds

Slide 51

Slide 51

RED HAT ENTERPRISE VIRTUALIZATION RHEV 3.0 - SELF SERVICE PORTAL ✔ ✔ ✔ ✔ ✔ ✔ Create, edit and remove virtual machines Manage virtual disks and network interfaces Assign user permissions to virtual machines Create and use templates to rapidly deploy virtual machines Monitor resource usage and highseverity events Create and use snapshots to restore virtual machines to a previous state

Slide 52

Slide 52

RED HAT ENTERPRISE VIRTUALIZATION RHEV 3.0 - USER PORTAL User Portal - Advanced view ✔ ✔ ✔ ✔ User Portal - Basic View ✔ ✔ Create, edit and remove virtual machines Manage virtual disks and network interfaces Assign user permissions to virtual machines Create and use templates to rapidly deploy virtual machines Monitor resource usage and highseverity events Create and use snapshots to restore virtual machines to a previous state

Slide 53

Slide 53

RED HAT ENTERPRISE VIRTUALIZATION RHEV 3.0 REPORTING ● ● ● ● Historical usage, trending, quality of service Integrated reporting engine based on Jasper reports Over 25 prebuilt reports and dashboards included Ability to create and customize reports and templates

Slide 54

Slide 54

RED HAT ENTERPRISE VIRTUALIZATION 3.0 INTEGRATION & AUTOMATION ● Integration ● ● ● New RESTful API for integration with RHEV Manager Super set of RHEV management functionality Automation ● ● Linux command line interface for scripting and automation Developed in upstream RHEV-M API project

Slide 55

Slide 55

RELY ON RED HAT TO BUILD YOUR SECURE AND COST EFFECTIVE CLOUD TODAY ● ● ● SELinux and sVirt provide cloud-ready security ● Built for multi-tenancy, multi-cloud environments ● Integrated into KVM, Linux kernel Red Hat Enterprise Virtualization subscription model ● Reduce your acquisition costs – do more today ● Accelerate ROI and break-even – do the next project sooner RHEV 3 features enhance cloud capabilities ● ● Self service, integration, and reporting features built in Integrate with CloudForms for multi-hypervisor cloud use cases

Slide 56

Slide 56

HOW WILL OPEN SOURCE ACCELERATE THE EVOLUTION OF THE CLOUD?

Slide 57

Slide 57

OPEN SOURCE VIRTUALIZATION TIMELINE

Slide 58

Slide 58

● ● Open source virtualization community project ● Deliver an open virtualization management platform ● Hypervisor, Management engine, GUI and API http://www.ovirt.org

Slide 59

Slide 59

● Fostering KVM adoption and interoperability ● http://www.openvirtualizationalliance.org

Slide 60

Slide 60

RED HAT IC & DOD ACTIVITIES

Slide 61

Slide 61

Misc IC Activities ● OpenSCAP ● Common Criteria for Virtualization ● scap-security-guide project ● USGCB ● Others?