Podcast
Questions and Answers
A company develops warehouse management software with a core component and customer-specific modules. To minimize costs, which deployment model is most suitable?
A company develops warehouse management software with a core component and customer-specific modules. To minimize costs, which deployment model is most suitable?
- VMs running on the customer's on-premise servers.
- Software-as-a-Service (SaaS) model, delivered online. (correct)
- Containers running on the customer's on-premise servers.
- Virtual private cloud instance dedicated to the customer on a public cloud.
What is the primary characteristic of Common-Off-The-Shelf (COTS) hardware?
What is the primary characteristic of Common-Off-The-Shelf (COTS) hardware?
- Hardware suitable for on-premise data centers, but not hyperscalers.
- Hardware used only by individual customers, not cloud workloads.
- Standardized hardware bought in large quantities to reduce variety. (correct)
- Hardware that cannot be specialized with additional components.
A company wants to deploy its application using containers for better resource utilization and faster deployment. Which infrastructure setup would be the MOST appropriate?
A company wants to deploy its application using containers for better resource utilization and faster deployment. Which infrastructure setup would be the MOST appropriate?
- Utilizing a container orchestration platform like Kubernetes on a cluster of servers. (correct)
- Deploying containers on individual virtual machines.
- Running each container on a separate physical server to ensure isolation.
- Installing containers directly on bare metal servers without any orchestration.
A company wants to improve its disaster recovery strategy. Which cloud deployment model would be best suited for creating a highly available and fault-tolerant system?
A company wants to improve its disaster recovery strategy. Which cloud deployment model would be best suited for creating a highly available and fault-tolerant system?
A company is deciding between using virtual machines (VMs) and containers for deploying its applications. Which of the following scenarios would make containers a more suitable choice than VMs?
A company is deciding between using virtual machines (VMs) and containers for deploying its applications. Which of the following scenarios would make containers a more suitable choice than VMs?
Which task is NOT a typical responsibility of Kubernetes kubelet?
Which task is NOT a typical responsibility of Kubernetes kubelet?
Why is a Kubernetes Service crucial for application deployment?
Why is a Kubernetes Service crucial for application deployment?
What is the main role of the Kubernetes scheduler in resource management?
What is the main role of the Kubernetes scheduler in resource management?
When should Secrets be utilized in Kubernetes?
When should Secrets be utilized in Kubernetes?
How does a ReplicaSet contribute to maintaining application availability?
How does a ReplicaSet contribute to maintaining application availability?
Which of the following methods is used to emulate instructions that trigger a trap in a virtualized environment?
Which of the following methods is used to emulate instructions that trigger a trap in a virtualized environment?
What is the typical characteristic of modern CPUs regarding the execution of OS kernels?
What is the typical characteristic of modern CPUs regarding the execution of OS kernels?
In the context of virtualization, what does dynamic binary translation primarily refer to?
In the context of virtualization, what does dynamic binary translation primarily refer to?
In a virtualized system, what is the primary function of VMEntry and VMExit instructions?
In a virtualized system, what is the primary function of VMEntry and VMExit instructions?
Regarding I/O device emulation, what is a typical characteristic of a hypervisor?
Regarding I/O device emulation, what is a typical characteristic of a hypervisor?
What type of drivers are typically included in the image (ISO) of a modern operating system intended for use in a virtual machine?
What type of drivers are typically included in the image (ISO) of a modern operating system intended for use in a virtual machine?
What is the primary function of Libvirt?
What is the primary function of Libvirt?
In Linux, how do QEMU and KVM relate in terms of their execution context?
In Linux, how do QEMU and KVM relate in terms of their execution context?
When implementing hot migration of a VM to another server, what states must be moved?
When implementing hot migration of a VM to another server, what states must be moved?
In computing virtualization, what defines a 'sensitive instruction'?
In computing virtualization, what defines a 'sensitive instruction'?
Under what condition can an instruction executed at CPU ring 0 in VMX non-root mode generate a trap?
Under what condition can an instruction executed at CPU ring 0 in VMX non-root mode generate a trap?
How does a CPU that supports VMX root/non-root modes improve efficiency in virtualization?
How does a CPU that supports VMX root/non-root modes improve efficiency in virtualization?
When Trap-And-Emulate is used for a system call invoked by a userland program, what sequence of transitions occurs?
When Trap-And-Emulate is used for a system call invoked by a userland program, what sequence of transitions occurs?
In computing virtualization, what does direct assignment of I/O devices imply?
In computing virtualization, what does direct assignment of I/O devices imply?
How does a GuestOS typically detect devices during boot in a virtualized environment?
How does a GuestOS typically detect devices during boot in a virtualized environment?
What information is crucial for a successful hot migration of a VM to another server?
What information is crucial for a successful hot migration of a VM to another server?
What is the primary function of the Trap-And-Emulate approach in computing virtualization?
What is the primary function of the Trap-And-Emulate approach in computing virtualization?
How does CPU para-virtualization primarily work?
How does CPU para-virtualization primarily work?
For what purpose is a 'ClusterIP' service most commonly used in Kubernetes?
For what purpose is a 'ClusterIP' service most commonly used in Kubernetes?
What is a key characteristic of CPU rings in modern CPUs regarding operating system kernels?
What is a key characteristic of CPU rings in modern CPUs regarding operating system kernels?
What is the primary function of an Ingress controller in Kubernetes?
What is the primary function of an Ingress controller in Kubernetes?
To what instructions can dynamic binary translation refer in the context of virtualization?
To what instructions can dynamic binary translation refer in the context of virtualization?
Which Kubernetes service type should you choose if you need to create a service that is only accessible from inside the cluster?
Which Kubernetes service type should you choose if you need to create a service that is only accessible from inside the cluster?
What is the key functionality provided by VMEntry and VMExit instructions in a virtualized system?
What is the key functionality provided by VMEntry and VMExit instructions in a virtualized system?
When using a command like htop
inside a Docker container to view available resources, what information is typically displayed?
When using a command like htop
inside a Docker container to view available resources, what information is typically displayed?
Why is a Kubernetes Service (e.g., ClusterIP) preferred over directly routing traffic to a pod's IP address?
Why is a Kubernetes Service (e.g., ClusterIP) preferred over directly routing traffic to a pod's IP address?
How does a hypervisor typically handle the emulation of physical devices in computing virtualization?
How does a hypervisor typically handle the emulation of physical devices in computing virtualization?
What is the primary purpose of a Dockerfile?
What is the primary purpose of a Dockerfile?
What types of drivers are typically included in a modern operating system image used to start a VM?
What types of drivers are typically included in a modern operating system image used to start a VM?
Theoretically, how do the memory requirements compare for an application running on bare metal, in a VM, and in a Docker container?
Theoretically, how do the memory requirements compare for an application running on bare metal, in a VM, and in a Docker container?
In Kubernetes, what is the typical use case for a 'DaemonSet'?
In Kubernetes, what is the typical use case for a 'DaemonSet'?
Consider an e-commerce site deployed in a Kubernetes cluster using a 'ClusterIP' service for the web frontend. What can be said about its reachability from the internet?
Consider an e-commerce site deployed in a Kubernetes cluster using a 'ClusterIP' service for the web frontend. What can be said about its reachability from the internet?
Theoretically, assuming no layered filesystem advantages, how do the disk requirements compare for an application running on bare metal, in a VM, and in a Docker container?
Theoretically, assuming no layered filesystem advantages, how do the disk requirements compare for an application running on bare metal, in a VM, and in a Docker container?
What is the primary purpose of Libvirt in virtualization management?
What is the primary purpose of Libvirt in virtualization management?
What is the primary role of the 'control loop' concept in Kubernetes?
What is the primary role of the 'control loop' concept in Kubernetes?
Under what circumstance will a sensitive instruction NOT generate a trap when executed?
Under what circumstance will a sensitive instruction NOT generate a trap when executed?
Which platform is most suitable for creating a web server that can effortlessly scale to handle unpredictable traffic spikes?
Which platform is most suitable for creating a web server that can effortlessly scale to handle unpredictable traffic spikes?
In Linux-based virtualization, where do QEMU and KVM operate?
In Linux-based virtualization, where do QEMU and KVM operate?
What is the main role of a hypervisor in a virtualized environment?
What is the main role of a hypervisor in a virtualized environment?
Which of the following capabilities typically requires a service mesh, rather than being provided by a standard Kubernetes service?
Which of the following capabilities typically requires a service mesh, rather than being provided by a standard Kubernetes service?
What is the purpose of a Custom Resource in Kubernetes?
What is the purpose of a Custom Resource in Kubernetes?
Which component is responsible for emulating privileged CPU instructions when they are executed at the wrong privilege level in a virtualized environment?
Which component is responsible for emulating privileged CPU instructions when they are executed at the wrong privilege level in a virtualized environment?
What action does CPU para-virtualization take to optimize the guest operating system's performance?
What action does CPU para-virtualization take to optimize the guest operating system's performance?
What is the function of the Virtual Machine Control Structure (VMCS) in hardware-assisted virtualization?
What is the function of the Virtual Machine Control Structure (VMCS) in hardware-assisted virtualization?
A university with campuses in different countries needs to set up real-time videoconferencing. Which is the BEST option?
A university with campuses in different countries needs to set up real-time videoconferencing. Which is the BEST option?
If you connect a set of VMs/Dockers to a software bridge, what can you guarantee regarding network connectivity?
If you connect a set of VMs/Dockers to a software bridge, what can you guarantee regarding network connectivity?
Which tool is most commonly used to connect to a remote server from the management host using a secure, encrypted connection?
Which tool is most commonly used to connect to a remote server from the management host using a secure, encrypted connection?
If a Docker container attempts to modify its filesystem by writing a file, where is the file stored?
If a Docker container attempts to modify its filesystem by writing a file, where is the file stored?
What is the primary consideration when selecting servers for a new datacenter?
What is the primary consideration when selecting servers for a new datacenter?
How many CPU rings are typically allocated for executing OS kernels in modern CPUs?
How many CPU rings are typically allocated for executing OS kernels in modern CPUs?
Which type of hypervisor runs directly on bare metal, offering better performance by directly managing hardware resources?
Which type of hypervisor runs directly on bare metal, offering better performance by directly managing hardware resources?
You are setting up a database-as-a-service from a cloud provider in 'high-availability' for an e-commerce site. Which deployment strategy is most appropriate?
You are setting up a database-as-a-service from a cloud provider in 'high-availability' for an e-commerce site. Which deployment strategy is most appropriate?
What type of instructions can dynamic binary translation apply to?
What type of instructions can dynamic binary translation apply to?
In a Docker layered filesystem, when is a new layer created?
In a Docker layered filesystem, when is a new layer created?
What functionality do VMEntry and VMExit instructions facilitate in a virtualized system?
What functionality do VMEntry and VMExit instructions facilitate in a virtualized system?
A Docker container is running on a server with 2 CPUs (52 cores each) and 512 GB RAM. How can this container utilize the underlying compute resources?
A Docker container is running on a server with 2 CPUs (52 cores each) and 512 GB RAM. How can this container utilize the underlying compute resources?
What is the primary disadvantage of using Dynamic Binary Translation (DBT) in virtualization?
What is the primary disadvantage of using Dynamic Binary Translation (DBT) in virtualization?
When deploying an application like an e-commerce site on a public cloud cluster, what is your responsibility regarding service reliability?
When deploying an application like an e-commerce site on a public cloud cluster, what is your responsibility regarding service reliability?
Which virtualization technique, pioneered by VMware, translates non-virtualizable x86 instructions at runtime to enable virtualization on standard hardware?
Which virtualization technique, pioneered by VMware, translates non-virtualizable x86 instructions at runtime to enable virtualization on standard hardware?
In what scenarios is deploying cloud computing technologies at the edge of the network particularly beneficial?
In what scenarios is deploying cloud computing technologies at the edge of the network particularly beneficial?
The University IT manager wants to move to cloud. The main goal is to be future proof and cost effective at the same time. Which is the best approach?
The University IT manager wants to move to cloud. The main goal is to be future proof and cost effective at the same time. Which is the best approach?
What is a key characteristic of technologies for computing virtualization regarding isolation?
What is a key characteristic of technologies for computing virtualization regarding isolation?
Which technique optimizes memory usage in virtual machines by dynamically adjusting the amount of memory allocated based on the VM's current demand?
Which technique optimizes memory usage in virtual machines by dynamically adjusting the amount of memory allocated based on the VM's current demand?
A company runs an application that needs to store files. Some files are accessed every second, while others are only accessed every year. How would optimize costs?
A company runs an application that needs to store files. Some files are accessed every second, while others are only accessed every year. How would optimize costs?
A developer is encountering issues with their application failing due to insufficient memory. How can they monitor how much memory is actually used by the application?
A developer is encountering issues with their application failing due to insufficient memory. How can they monitor how much memory is actually used by the application?
Which virtualization technique allows a guest OS to run without modification by virtualizing all hardware interfaces?
Which virtualization technique allows a guest OS to run without modification by virtualizing all hardware interfaces?
How is the filesystem within a Docker container initially related to the filesystem of the host machine?
How is the filesystem within a Docker container initially related to the filesystem of the host machine?
A Docker is running on a server that has 2 CPUs with 52 cores each. How many cores are available for this Docker?
A Docker is running on a server that has 2 CPUs with 52 cores each. How many cores are available for this Docker?
What is a key advantage of using hardware-assisted virtualization (HVM)?
What is a key advantage of using hardware-assisted virtualization (HVM)?
Which of the following is a valid use for Kubernetes?
Which of the following is a valid use for Kubernetes?
Which feature allows the hypervisor to share a single physical I/O device among multiple VMs, enhancing I/O performance and resource utilization?
Which feature allows the hypervisor to share a single physical I/O device among multiple VMs, enhancing I/O performance and resource utilization?
A Docker container is running on a server with two CPUs, each having 52 cores. An application within the Docker container attempts to maximize performance by creating a thread for each available CPU core. How many threads will the application create?
A Docker container is running on a server with two CPUs, each having 52 cores. An application within the Docker container attempts to maximize performance by creating a thread for each available CPU core. How many threads will the application create?
What does the Extended Page Table (EPT) feature in Intel processors primarily aim to improve in a virtualized environment?
What does the Extended Page Table (EPT) feature in Intel processors primarily aim to improve in a virtualized environment?
In which virtualization technique does the guest OS need to be modified to work effectively with the hypervisor?
In which virtualization technique does the guest OS need to be modified to work effectively with the hypervisor?
What is required for a virtual machine (VM) running in OpenStack to be reachable from a customer connected to the Internet?
What is required for a virtual machine (VM) running in OpenStack to be reachable from a customer connected to the Internet?
A pod, along with its associated service, runs in a Kubernetes datacenter and is exposed to the outside world through an Ingress controller. When a client on the Internet establishes a TCP connection to this pod/service, what happens with the network packets?
A pod, along with its associated service, runs in a Kubernetes datacenter and is exposed to the outside world through an Ingress controller. When a client on the Internet establishes a TCP connection to this pod/service, what happens with the network packets?
What is the primary role of cgroups in Linux?
What is the primary role of cgroups in Linux?
In a service mesh architecture, what addition is typically made to each microservice to integrate it into the mesh?
In a service mesh architecture, what addition is typically made to each microservice to integrate it into the mesh?
Which of the following features is NOT provided by Linux cgroups?
Which of the following features is NOT provided by Linux cgroups?
When setting up servers in a new datacenter, what is the most common approach to selecting hardware?
When setting up servers in a new datacenter, what is the most common approach to selecting hardware?
An e-commerce site utilizes a database-as-a-service from a cloud provider and needs to run in 'high-availability' mode. Which setup would you choose?
An e-commerce site utilizes a database-as-a-service from a cloud provider and needs to run in 'high-availability' mode. Which setup would you choose?
When deploying an application on a cluster in a public cloud and aiming for a reliable service, what is the most accurate consideration?
When deploying an application on a cluster in a public cloud and aiming for a reliable service, what is the most accurate consideration?
In what scenarios is the deployment of cloud computing technologies at the edge of the network most beneficial?
In what scenarios is the deployment of cloud computing technologies at the edge of the network most beneficial?
When is computing virtualization most applicable?
When is computing virtualization most applicable?
How does the filesystem in a Docker container relate to the filesystem on the host machine?
How does the filesystem in a Docker container relate to the filesystem on the host machine?
When Linux leverages the KVM hypervisor, what are the ring levels at which QEMU and the GuestOS operate?
When Linux leverages the KVM hypervisor, what are the ring levels at which QEMU and the GuestOS operate?
A Docker container is running on a server with 2 CPUs (52 cores each). If, inside the Docker, we execute an application that maximizes its performance by creating a number of threads equal to the number of CPU cores available, it will create the following number of threads:
A Docker container is running on a server with 2 CPUs (52 cores each). If, inside the Docker, we execute an application that maximizes its performance by creating a number of threads equal to the number of CPU cores available, it will create the following number of threads:
What is primarily needed for a VM in OpenStack to be reachable from the Internet?
What is primarily needed for a VM in OpenStack to be reachable from the Internet?
In computing virtualization, which statement best characterizes a 'sensitive instruction'?
In computing virtualization, which statement best characterizes a 'sensitive instruction'?
When Trap-And-Emulate is used to handle a system call invoked by a userland program within a VM, what sequence of transitions is typically observed?
When Trap-And-Emulate is used to handle a system call invoked by a userland program within a VM, what sequence of transitions is typically observed?
A pod (and it associated service) is running in a Kubernetes datacenter and is reachable from the outside world through an Ingress controller. When a client (on the Internet) establishes a TCP connection toward the pod/service:
A pod (and it associated service) is running in a Kubernetes datacenter and is reachable from the outside world through an Ingress controller. When a client (on the Internet) establishes a TCP connection toward the pod/service:
What constitutes the state of a VM that is essential for enabling a hot migration?
What constitutes the state of a VM that is essential for enabling a hot migration?
In a service mesh, how is each micro-service typically augmented to participate in the mesh?
In a service mesh, how is each micro-service typically augmented to participate in the mesh?
Under what conditions will an instruction executed at CPU ring 0 (VMX non-root mode) generate a trap?
Under what conditions will an instruction executed at CPU ring 0 (VMX non-root mode) generate a trap?
In computing virtualization, what best describes the use of the Trap-And-Emulate approach?
In computing virtualization, what best describes the use of the Trap-And-Emulate approach?
How does a CPU that supports VMX root/non-root modes improve system call processing?
How does a CPU that supports VMX root/non-root modes improve system call processing?
In computing virtualization, what does 'direct assignment for I/O devices' signify?
In computing virtualization, what does 'direct assignment for I/O devices' signify?
When a GuestOS boots in a virtualized environment, what type of devices does it typically detect?
When a GuestOS boots in a virtualized environment, what type of devices does it typically detect?
How does a VIRTIO driver running in a GuestOS primarily interact with the host system to send and receive data?
How does a VIRTIO driver running in a GuestOS primarily interact with the host system to send and receive data?
In Linux, what is the primary function of tools like virsh
and virt-manager
?
In Linux, what is the primary function of tools like virsh
and virt-manager
?
What does the term 'nested virtualization' refer to?
What does the term 'nested virtualization' refer to?
Which of the following statements best describes a Virtual Machine Monitor (VMM)?
Which of the following statements best describes a Virtual Machine Monitor (VMM)?
What is the primary purpose of the management host?
What is the primary purpose of the management host?
Which of the following is a challenge with the x86 architecture in virtualization?
Which of the following is a challenge with the x86 architecture in virtualization?
When the Trap-And-Emulate is used to handle a userland program invoking a system call, what sequence of transitions is typically observed?
When the Trap-And-Emulate is used to handle a userland program invoking a system call, what sequence of transitions is typically observed?
In a typical virtualized environment, what type of device drivers are predominantly included within the GuestOS kernel?
In a typical virtualized environment, what type of device drivers are predominantly included within the GuestOS kernel?
Libvirt's primary function is to:
Libvirt's primary function is to:
In the Linux operating system, how do QEMU and KVM interact in a virtualized environment?
In the Linux operating system, how do QEMU and KVM interact in a virtualized environment?
What specific condition triggers the Trap-And-Emulate approach in computing virtualization?
What specific condition triggers the Trap-And-Emulate approach in computing virtualization?
A hot migration of a virtual machine from one server to another necessitates the transfer of:
A hot migration of a virtual machine from one server to another necessitates the transfer of:
In a virtualized setting, what is the role of VMEntry and VMExit instructions?
In a virtualized setting, what is the role of VMEntry and VMExit instructions?
How does Docker networking compare to traditional virtualized networking environments?
How does Docker networking compare to traditional virtualized networking environments?
If a Docker container, Docker1, needs to connect to another Docker container, Docker2, running on a different server, what network address and port should Docker1 use?
If a Docker container, Docker1, needs to connect to another Docker container, Docker2, running on a different server, what network address and port should Docker1 use?
What network components are typically included in the standard network created by Docker on a server?
What network components are typically included in the standard network created by Docker on a server?
How does a Docker container obtain its IP address within the Docker network?
How does a Docker container obtain its IP address within the Docker network?
If Docker1 and Docker2 are running on the same server, how does Docker1 establish a network connection to Docker2?
If Docker1 and Docker2 are running on the same server, how does Docker1 establish a network connection to Docker2?
What happens if an instruction, executed at CPU ring 0 in VMX non-root mode, is either sensitive or privileged?
What happens if an instruction, executed at CPU ring 0 in VMX non-root mode, is either sensitive or privileged?
How does a CPU that supports VMX root/non-root modes improve virtualization efficiency?
How does a CPU that supports VMX root/non-root modes improve virtualization efficiency?
In computing virtualization, what does the term 'direct assignment' refer to regarding I/O devices?
In computing virtualization, what does the term 'direct assignment' refer to regarding I/O devices?
When a GuestOS boots within a virtualized environment, what kind of hardware devices does it typically detect?
When a GuestOS boots within a virtualized environment, what kind of hardware devices does it typically detect?
How does Libvirt enhance the management of virtual machines?
How does Libvirt enhance the management of virtual machines?
In the Linux environment, how do QEMU and KVM interact regarding their execution space?
In the Linux environment, how do QEMU and KVM interact regarding their execution space?
What is the minimal state that must be moved during a hot migration of a virtual machine to ensure continuous operation?
What is the minimal state that must be moved during a hot migration of a virtual machine to ensure continuous operation?
When a CPU executes an instruction at ring 0 in VMX non-root mode, under what circumstances will a trap be generated?
When a CPU executes an instruction at ring 0 in VMX non-root mode, under what circumstances will a trap be generated?
How does a CPU that supports VMX root/non-root modes improve the handling of privileged instructions?
How does a CPU that supports VMX root/non-root modes improve the handling of privileged instructions?
In computing virtualization, what does direct assignment for I/O devices imply regarding device control?
In computing virtualization, what does direct assignment for I/O devices imply regarding device control?
How does a VIRTIO driver within a GuestOS primarily communicate with its counterpart backend driver?
How does a VIRTIO driver within a GuestOS primarily communicate with its counterpart backend driver?
In Linux, what primary function do tools like virsh
and virt-manager
serve in the context of virtualization?
In Linux, what primary function do tools like virsh
and virt-manager
serve in the context of virtualization?
When leveraging KVM in Linux, at which CPU ring levels do QEMU and the GuestOS operate?
When leveraging KVM in Linux, at which CPU ring levels do QEMU and the GuestOS operate?
In computing virtualization, what is the primary characteristic of a 'sensitive instruction'?
In computing virtualization, what is the primary characteristic of a 'sensitive instruction'?
When Trap-And-Emulate is used for a system call invoked by a program in userland, what sequence of transitions occurs?
When Trap-And-Emulate is used for a system call invoked by a program in userland, what sequence of transitions occurs?
To implement a hot migration successfully, what information about the VM's state is essential?
To implement a hot migration successfully, what information about the VM's state is essential?
What is the main mechanism involved in CPU para-virtualization?
What is the main mechanism involved in CPU para-virtualization?
How are CPU rings structured in modern CPUs, particularly concerning OS kernel execution?
How are CPU rings structured in modern CPUs, particularly concerning OS kernel execution?
Flashcards
SaaS (Software-as-a-Service)
SaaS (Software-as-a-Service)
Delivering software online, customers access it over the internet.
COTS Hardware
COTS Hardware
Standardized hardware purchased in bulk to reduce variety in a data center.
VMs on-premise
VMs on-premise
Running software in virtualized environments on the customer's premises.
Containers on-premise
Containers on-premise
Signup and view all the flashcards
Virtual Private Cloud
Virtual Private Cloud
Signup and view all the flashcards
Kubernetes ClusterIP Service
Kubernetes ClusterIP Service
Signup and view all the flashcards
Ingress Controller Use
Ingress Controller Use
Signup and view all the flashcards
Internal-Only Service
Internal-Only Service
Signup and view all the flashcards
Why Use a Kubernetes Service?
Why Use a Kubernetes Service?
Signup and view all the flashcards
Memory Usage: VM vs. Docker
Memory Usage: VM vs. Docker
Signup and view all the flashcards
Disk Usage: VM vs. Docker
Disk Usage: VM vs. Docker
Signup and view all the flashcards
Endless Web Server Scaling
Endless Web Server Scaling
Signup and view all the flashcards
Service Mesh Necessity
Service Mesh Necessity
Signup and view all the flashcards
Videoconferencing Solution
Videoconferencing Solution
Signup and view all the flashcards
Docker File System Changes
Docker File System Changes
Signup and view all the flashcards
Docker Layer Creation
Docker Layer Creation
Signup and view all the flashcards
Docker Resource Reporting
Docker Resource Reporting
Signup and view all the flashcards
Dockerfile Purpose
Dockerfile Purpose
Signup and view all the flashcards
Daemonset Usage
Daemonset Usage
Signup and view all the flashcards
ClusterIP Reachability
ClusterIP Reachability
Signup and view all the flashcards
Control Loop in Kubernetes
Control Loop in Kubernetes
Signup and view all the flashcards
Custom Resource in Kubernetes
Custom Resource in Kubernetes
Signup and view all the flashcards
Software Bridge Connectivity
Software Bridge Connectivity
Signup and view all the flashcards
New Datacenter Servers
New Datacenter Servers
Signup and view all the flashcards
Database-as-a-Service High Availability
Database-as-a-Service High Availability
Signup and view all the flashcards
Application Reliability in Public Cloud
Application Reliability in Public Cloud
Signup and view all the flashcards
Edge Computing Usefulness
Edge Computing Usefulness
Signup and view all the flashcards
Technologies for Computing Virtualization
Technologies for Computing Virtualization
Signup and view all the flashcards
Filesystem in a Docker
Filesystem in a Docker
Signup and view all the flashcards
CPU Para-virtualization
CPU Para-virtualization
Signup and view all the flashcards
GuestOS Kernel Replacement
GuestOS Kernel Replacement
Signup and view all the flashcards
CPU Rings
CPU Rings
Signup and view all the flashcards
Dynamic Binary Translation
Dynamic Binary Translation
Signup and view all the flashcards
VMEntry/VMExit Instructions
VMEntry/VMExit Instructions
Signup and view all the flashcards
Hypervisor
Hypervisor
Signup and view all the flashcards
ISO of Modern OS in VM
ISO of Modern OS in VM
Signup and view all the flashcards
Libvirt
Libvirt
Signup and view all the flashcards
QEMU and KVM in Linux
QEMU and KVM in Linux
Signup and view all the flashcards
Hot VM Migration
Hot VM Migration
Signup and view all the flashcards
Sensitive Instruction
Sensitive Instruction
Signup and view all the flashcards
Instruction at CPU ring 0
Instruction at CPU ring 0
Signup and view all the flashcards
CPU with VMX Modes
CPU with VMX Modes
Signup and view all the flashcards
Trap-And-Emulate Transitions
Trap-And-Emulate Transitions
Signup and view all the flashcards
Direct Assignment I/O
Direct Assignment I/O
Signup and view all the flashcards
Docker CPU Thread Count
Docker CPU Thread Count
Signup and view all the flashcards
OpenStack VM Reachability
OpenStack VM Reachability
Signup and view all the flashcards
Kubernetes Ingress TCP Connection
Kubernetes Ingress TCP Connection
Signup and view all the flashcards
Service Mesh Sidecar
Service Mesh Sidecar
Signup and view all the flashcards
Datacenter Server Standardization
Datacenter Server Standardization
Signup and view all the flashcards
High-Availability DBaaS
High-Availability DBaaS
Signup and view all the flashcards
Cloud Application Reliability
Cloud Application Reliability
Signup and view all the flashcards
Edge Computing Use Cases
Edge Computing Use Cases
Signup and view all the flashcards
Computing Virtualization Use
Computing Virtualization Use
Signup and view all the flashcards
Docker Filesystem Independence
Docker Filesystem Independence
Signup and view all the flashcards
OpenStack VM External Access
OpenStack VM External Access
Signup and view all the flashcards
Virtualization Isolation
Virtualization Isolation
Signup and view all the flashcards
Service Mesh Implementation
Service Mesh Implementation
Signup and view all the flashcards
Trap-And-Emulate in Virtualization
Trap-And-Emulate in Virtualization
Signup and view all the flashcards
Kubelet Main Function
Kubelet Main Function
Signup and view all the flashcards
Kubernetes Pod
Kubernetes Pod
Signup and view all the flashcards
Kubernetes Service
Kubernetes Service
Signup and view all the flashcards
Kubernetes ReplicaSet
Kubernetes ReplicaSet
Signup and view all the flashcards
Kubernetes Scheduler
Kubernetes Scheduler
Signup and view all the flashcards
Trap-And-Emulate
Trap-And-Emulate
Signup and view all the flashcards
Modern CPU Rings
Modern CPU Rings
Signup and view all the flashcards
VMEntry/VMExit
VMEntry/VMExit
Signup and view all the flashcards
Modern OS Image
Modern OS Image
Signup and view all the flashcards
QEMU vs KVM in Linux
QEMU vs KVM in Linux
Signup and view all the flashcards
VM Hot Migration
VM Hot Migration
Signup and view all the flashcards
Moved state
Moved state
Signup and view all the flashcards
VMEntry and VMExit instructions
VMEntry and VMExit instructions
Signup and view all the flashcards
Hypervisor in virtualization
Hypervisor in virtualization
Signup and view all the flashcards
Modern Operating system
Modern Operating system
Signup and view all the flashcards
Hot Migration Requirements
Hot Migration Requirements
Signup and view all the flashcards
VMX non-root mode trap
VMX non-root mode trap
Signup and view all the flashcards
Direct assignment for I/O devices
Direct assignment for I/O devices
Signup and view all the flashcards
GuestOS in virtualized environment
GuestOS in virtualized environment
Signup and view all the flashcards
VIRTIO driver
VIRTIO driver
Signup and view all the flashcards
virsh and virt-manager
virsh and virt-manager
Signup and view all the flashcards
KVM Hypervisor Rings
KVM Hypervisor Rings
Signup and view all the flashcards
Trap-And-Emulate syscall
Trap-And-Emulate syscall
Signup and view all the flashcards
VM State for Hot Migration
VM State for Hot Migration
Signup and view all the flashcards
Paravirtualized Device Drivers
Paravirtualized Device Drivers
Signup and view all the flashcards
Libvirt's Role
Libvirt's Role
Signup and view all the flashcards
Docker Network Features
Docker Network Features
Signup and view all the flashcards
Docker Networking Across Servers
Docker Networking Across Servers
Signup and view all the flashcards
Standard Docker Network
Standard Docker Network
Signup and view all the flashcards
Docker IP Assignment
Docker IP Assignment
Signup and view all the flashcards
Docker Networking on Same Server
Docker Networking on Same Server
Signup and view all the flashcards
VMX non-root mode instruction
VMX non-root mode instruction
Signup and view all the flashcards
CPU with VMX root/non-root
CPU with VMX root/non-root
Signup and view all the flashcards
Direct Assignment for I/O
Direct Assignment for I/O
Signup and view all the flashcards
GuestOS Device Detection
GuestOS Device Detection
Signup and view all the flashcards
Hypervisor's Main Role
Hypervisor's Main Role
Signup and view all the flashcards
VMCS Function
VMCS Function
Signup and view all the flashcards
Connecting to Remote Server
Connecting to Remote Server
Signup and view all the flashcards
Type-1 Hypervisor
Type-1 Hypervisor
Signup and view all the flashcards
DBT Disadvantage
DBT Disadvantage
Signup and view all the flashcards
Dynamic Binary Translation (DBT)
Dynamic Binary Translation (DBT)
Signup and view all the flashcards
Memory Ballooning
Memory Ballooning
Signup and view all the flashcards
Full Virtualization
Full Virtualization
Signup and view all the flashcards
HVM Advantage
HVM Advantage
Signup and view all the flashcards
SR-IOV Feature
SR-IOV Feature
Signup and view all the flashcards
EPT Feature Goal
EPT Feature Goal
Signup and view all the flashcards
Paravirtualization
Paravirtualization
Signup and view all the flashcards
Cgroups Primary Role
Cgroups Primary Role
Signup and view all the flashcards
Docker's Layered File System
Docker's Layered File System
Signup and view all the flashcards
API Server in Kubernetes
API Server in Kubernetes
Signup and view all the flashcards
KVM's Ring Levels
KVM's Ring Levels
Signup and view all the flashcards
VM State Contents
VM State Contents
Signup and view all the flashcards
Ring 0 Instruction Trap
Ring 0 Instruction Trap
Signup and view all the flashcards
VMX Efficiency
VMX Efficiency
Signup and view all the flashcards
Direct Assignment
Direct Assignment
Signup and view all the flashcards
VIRTIO Data Transfer
VIRTIO Data Transfer
Signup and view all the flashcards
Nested virtualization
Nested virtualization
Signup and view all the flashcards
Virtual Machine Monitor (VMM)
Virtual Machine Monitor (VMM)
Signup and view all the flashcards
Management host (Client VM)
Management host (Client VM)
Signup and view all the flashcards
Workload Virtualization
Workload Virtualization
Signup and view all the flashcards
x86 Challenges
x86 Challenges
Signup and view all the flashcards
Study Notes
- Below are study notes based on the text:
Software Deployment Options
- A company with a new warehouse management product prefers to deliver it as a Software-as-a-Service (SaaS) model, which is not known by the customer, to minimize costs.
Common-Off-The-Shelf (COTS) Hardware
- COTS hardware refers to standardized hardware bought in large quantities, reducing the variety of hardware in a datacenter.
Kubernetes "ClusterIP" Service
- It is typically used for a service that has to be reachable only inside the cluster, like a backend database service consumed by a web server frontend.
Kubernetes Ingress Controller
- It mainly enables multiple HTTP/HTTPS services to be delivered on a single TCP port through service multiplexing.
Accessing Services within Kubernetes
- A Kubernetes "ClusterIP" should be used to create a service only reachable from inside a Kubernetes cluster.
Kubernetes Service vs. Pod IP Address
- A Kubernetes Service (e.g., Cluster IP) is used instead of sending traffic to the pod IP address to handle multiple replicas and pod respawning.
Memory Requirements for Applications
- Comparing memory requirements: Memory(VM) > Memory(Docker) = Memory(bare hardware).
Disk Requirements for Applications
- Comparing disk requirements: Disk(VM) = Disk(Docker) > Disk(bare hardware), assuming no layered file system advantages.
Scalable Web Server
- To create a web server that scales endlessly, Kubernetes on a public cloud is the preferred choice.
Service Mesh vs. Kubernetes Service
- A Kubernetes "service" cannot provide load balancing of incoming HTTP/HTTPS connections to different service instances based on application-level information and a "service mesh" software is required instead.
Setting Up a Videoconferencing Service
- For a real-time videoconferencing service between two campuses in different countries, buying a managed service (e.g., Zoom) running in multiple cloud locations is the best option.
Docker Filesystem Modification
- If a Docker running in a server tries to modify its filesystem, the file will be written in the file system of the running Docker.
Docker Layered Filesystem
- The layered file system in Docker builds a new layer each time the Dockerfile executes a command that modifies the current filesystem.
Docker Resource Availability
- A Docker running on a server with 2 CPUs (52 cores each) and 512 GB RAM will report 104 CPU cores and 512 GB RAM when a command to show available resources is typed inside the Docker.
Dockerfile Purpose
- The main purpose is to define a sort of “recipe” listing the steps required to re-create the container from scratch.
Kubernetes Daemonset
- It is typically used for a pod that must always be running on each Kubernetes node to provide network services.
Kubernetes E-commerce Site and Reachability
- The e-commerce site may be reachable from the Internet depending upon the configuration of the Ingress controller if the web frontend is configured as a “ClusterIP” service.
Kubernetes Control Loop Concept
- It is implemented by controllers, which watch the state of the resources in your cluster, then make or request changes where needed.
Kubernetes Custom Resource
- It enables the definition of generic objects, even not related to any Kubernetes workflow.
Software Bridge Connectivity
- By connecting a set of VMs/Dockers to a software bridge, full network connectivity is not guaranteed to the services running within the VMs/Dockers.
Datacenter Servers
- In a new datacenter servers are usually all equal in terms of CPU, memory, disks, etc.
E-commerce Site High-Availability
- You would choose to setup the service in multiple replicas across different Regions when an e-commerce site leverages a database-as-a-service from the cloud provider to run in "high-availability".
Application Deployment in Public Cloud
- Care about reliability, which is not completely guaranteed by the cloud provider when you deploy an application (e.g., e-commerce site) on a cluster in public cloud and you want to have a reliable service:.
Cloud Computing at the Edge of the Network
- It is useful with applications that cannot afford network problems (e.g., outages, limited bandwidth, etc.), require very low latency, and need to keep some data local, or that need to reduce the data volume before sending it to the cloud.
Technologies for Computing Virtualization
- They are used whenever strong computing isolation is required.
Docker Filesystem
- It is logically independent from the one present on the hosting machine; however, some physical characteristics of the hosting machine (e.g., free disk space) can affect the behavior of the Docker file system as well.
Docker CPU Cores
- If we execute an application that maximizes its performance by creating a number of threads equal to the number of CPU cores available, it will create 104 threads if A Docker is running on a server that has 2 CPUs (52 cores each).
VM Reachability in OpenStack
- Its reachability Must be explicitly enabled in the OpenStack configuration of the VM from a customer connected to the Internet.
Kubernetes Pod/Service Reachability Through Ingress Controller
- Two cascading TCP connections must be established to allow the client to connect to the pod when a client (on the Internet) establishes a TCP connection toward the pod/service.
Micro-Service in a Service Mesh
- Is automatically started with a sidecar that implements the service mesh.
Computing Virtualization: Trap-And-Emulate
- It can be used to emulate all the instructions that generate a trap.
CPU Para-Virtualization
- Replaces some source code of the GuestOS kernel with the proper equivalent function in the HostOS kernel.
Modern CPUs
- Have many CPU rings, and 2 of them are intended for executing OS kernels.
Dynamic Binary Translation
- Can refer to an instruction executed by GuestOS kernel.
Virtualized Systems: VMEntry and VMExit Instructions
- Enable fast transitions between GuestOS and HostOS kernels.
Computing Virtualization: Hypervisor
- It is usually able to emulate a very small number of physical devices.
Operating System ISO Image in a VM
- Usually includes drivers for many physical devices (e.g., Intel NIC), and a few para-virtualized devices (eg., VIRTIO).
Libvirt
- Simplifies the interaction with VMs running on different hypervisors (KVM, Vmware, etc).
Linux and Virtualization
- QEMU runs in user space, KVM runs in kernel space.
Implementing Hot Migration of a VM
- It requires moving the entire VM (i.e., applications and GuestOS kernel), plus some additional data kept in the hypervisor.
Computing Virtualization: Sensitive Instruction
- Is an instruction that may leak information about the current OS kernel context or actual hardware configuration.
CPU Instruction at Ring 0 (VMX Non-Root Mode)
- Will generate a trap if it is either a sensitive or privileged instruction.
CPU Supporting VMX Root/Non-Root Modes
- It is more efficient when handling system calls.
Trap-And-Emulate for Userland Programs
- It experience at least two transitions: User space --> HostOS kernel --> GuestOS kernel.
Computing Virtualization: Direct Assignment for I/O Devices
- A real device that is completely controlled by the GuestOS.
GuestOS Booting in a Virtualized Environment
- It usually detects a set of virtual devices presented to it by the hypervisor.
VIRTIO Driver
- Uses mainly bi-directional queues shared with the companion backend driver to send/receive data.
Linux Leveraging KVM Hypervisor
- QEMU runs at ring 3 (VMX root), the GuestOS runs at ring 0 (VMX non-root).
Linux Tools: virsh and virt-manager
- Enable users to interact with VMs (e.g., KVM-based) in a user-friendly way.
VM State
- Can be found in / consists in the content of the entire memory allocated to the VM plus some additional information stored in the hypervisor.
Nested Virtualization
- Refers to running a VM inside another VM.
Virtual Machine Monitor (VMM)
- Is software responsible for emulating and managing virtual hardware.
Management Host (Client VM)
- The primary purpose is to control the remote hypervisor.
Challenges with x86 Architecture in Virtualization
- Some sensitive instructions do not trap when executed in an unprivileged mode.
Role of Hypervisor in Virtualized Environment
- It virtualizes hardware resources and manages the execution of virtual machines.
Virtual Machine Control Structure (VMCS)
- It manages the transitions between guest and hypervisor in hardware-assisted virtualization.
Connecting to Remote Server
- SSH tool is used to connect to the remote server from the management host.
Type-1 Hypervisor
- Type-1 Hypervisor runs directly on bare metal and usually offers better performance.
Disadvantage of Using Dynamic Binary Translation (DBT)
- It introduces performance overhead due to the need for continuous translation of non-virtualizable instructions.
Dynamic Binary Translation (DBT) Introduced by VMware
- VMware is used to dynamically translates non-virtualizable x86 instructions at runtime.
Memory Ballooning
- Technique used to optimize memory usage in virtual machines by dynamically allocating memory based on current usage.
Full Virtualization
- Technique allows the guest OS to interact with virtual hardware without needing to be modified.
Advantage of Hardware-Assisted Virtualization (HVM)
- It enables faster execution of guest OS code by minimizing VM exits.
Single-Root I/O Virtualization (SR-IOV)
- The hypervisor is allowed to share one physical device among multiple VMs in virtualization via this feature.
Extended Page Table (EPT)
- In Intel processors it aims to improve memory address translation efficiency.
Paravirtualization
- The technique in which guest OS needs to be modified to work efficiently in the virtual environment.
Cgroups in Linux
- The feature primarily roles to limit and account for resource usage by processes in Linux.
Features Provided by Linux Cgroups
- Network isolation is NOT one of the features that is provieded by Linux cgroups in addition to CPU quotas; process freezing; memory limiting.
Docker Resource Isolation
- Docker uses Cgroups and namespaces to isolate resources such as CPU and memory.
Docker Filesystem Technology
- Docker primarily uses the Union File System for its file system.
Advantage of Docker's Layered Filesystem
- Only differences between layers are stored, reducing disk usage.
Namespace Isolating Filesystem Visibility
- Mount namespace isolates the visibility of the filesystem across processes.
Limitations of LXC Compared to Docker
- Docker has better integration with orchestration tools like Kubernetes.
Namespace NOT Provided by Linux Kernel
- Memory Namespace is NOT provided by Linux Kernel, Mount Namespace, Processs ID (PID) Namespace and Network Namespace are.
Network Namespace Connection
- Virtual Ethernet (veth) pair is a type of virtual interface connects two namespaces while in network namespaces
Primary Use of Docker
- To creating lightweight, portable, and self-contained containers.
OpenStack for Large Datasets: Swift
- Swift is the OpenStack used to store and retrieve large datasets and backups module.
Main Purpose of Keystone Module in OpenStack
- Manage and authorize user access to OpenStack services.
OpenStack Networking Through Neutron
- It provides Network as a Service (NaaS) for virtual network connectivity.
Non-Core Module in OpenStack
- Docker is NOT a core module in OpenStack, Horizon, Glance, Cinder are.
OpenStack Module Responsible for Managing VMs: Nova
- Nova is responsible for managing virtual machines (compute resources).
Non-Kubernetes Service Type
- NodeIP is NOT Kubernetes service, ExternalName, Loadbalancer, ClusterIP are.
API Server in Kubernetes
- Exposes Kubernetes APIs for scheduling and managing resources.
Purpose of Horizontal Pod Autoscaler (HPA)
- To automatically scale pods based on metrics like CPU usage.
Main Function Of Kubelet in Kubernetes
- Monitor and ensure the containers in the pod are running as expected.
Kubernetes Pod
- The smallest unit of execution in Kubernetes.
Kubernetes Stable Access Point
- Service resources provides a stable access point to a set of pods in Kubernetes.
Object Ensures Correct Number of Pod Replicas
- ReplicaSet object ensures that the correct number of pod replicas are running in Kubernetes.
Role of Kubernetes Scheduler
- To assign pods to nodes.
Data Stored in Kubernetes Secrets
- Sensitive information like passwords and keys.
Docker Network Behavior
- It provides a default (simplified) network behavior, but it can also offer high flexibility and customizations such as in a traditional virtualized environment (e.g., KVM).
Establishing Network Connection Between Dockers on Different Servers
- Docker1 must use the IP address of the server, and the public TCP/UDP port published by Docker2, when tryng to establish a network connection to Docker2 if they are running on two different servers.
Standard Network Created by Docker
- It includes a software bridge, plus routing and NAT functions operating on all the traffic generated by the containers and directed outside of the server.
IP Address Acquired by a Docker
- It is "manually" assigned by the Docker framework to the running container.
Establishing Network Connection Between Dockers on the Same Server
- Docker1 Must use the IP address of Docker2, and the actual TCP/UDP port used by the application running in Docker2 if it would like to establish a network connection to Docker2, if both are running on the same server.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.