Virtualization Overview PDF

Module 2-2. Virtualization Overview OBJECTIVE 2a. Identify relationship of basic facts and state general principles of virtualization - Concepts - Virtualization Environment - Server Virtualization - Client Virtualization **CONCEPTS** As budget constraints continue to tighten, many organizations are turning to virtualization as a cost effective way to achieve organizational goals. It has been found improving server utilization as well as management of the server's residing applications reduces personnel time required for performing the tasks involved in Information Technology (IT) management. Virtualization also enables organizations to have better continuity of their IT environment. This objective covers the basic concepts, types, and benefits of virtualization as well as virtualization security. We begin by learning basic facts and terminology commonly heard while working as a 3D0X2. In order to correlate the topics presented later in this objective, it is very important to first understand the underlying foundational concepts. **Virtualization** simply separates hardware from the software. A **virtual machine (VM)** is not a real machine just as virtual reality is not reality. Rather it is a combination of software application(s) and an operating system tricked into thinking it has its own dedicated hardware. However, the hardware may actually be shared with several other VMs. This offers a much better utilization rate of server hardware while still isolating applications. When implemented properly, many VMs can run on one piece of hardware. This translates into savings on hardware and associated maintenance contracts as well as minimizing electricity needed to run the hardware and cooling systems in the data center. VMs mimic physical machines. They have Basic Input/Output System (BIOS), hard disks, memory, Central Processing Units (CPUs), operating systems (OS), and applications. Virtualization is intended as a way for multiple software products to share a single hardware resource; each software product can operate as though it has complete control of the system's resources. **VIRTUALIZATION ENVIRONMENT** A key component of virtualization is the **hypervisor**, which is software that runs the virtual machines. It controls the interaction between the virtual machines and the hardware that is in the physical device. The hypervisor grants the ability to install or run multiple virtual machines, which can in turn run different operating systems, each running their own respective applications. The hypervisor is responsible for granting the VMs access to the host's physical resources. A hypervisor is also referred to as a Virtual Machine Monitor (VMM) or a Virtualization Manager. A hypervisor provides all of the components to manage virtualization: automating policy, virtual hard disks, and real time resource allocation. It also manages processor resources, memory, and other system resources. There are two main types of hypervisor, as well as several other technologies that let your further tailor VMs to your organization's needs. **Type 1 (aka Bare Metal)** Type one, or bare metal, runs directly on top of the system hardware. Some examples include XenServer, Microsoft Hyper-V, and VMware\'s ESXi. **Type 2 (aka Hosted)** Type two is referred to as hosted, which runs on a hosted operating system that provides the virtualization services like input/output, device support, memory management, etc. Type two hypervisors are typically used on client systems which don\'t require the high level of efficiency or security. These include Oracle\'s VirtualBox and VMWare's Workstation. **Application Cells & Containers** Virtual machines can also be broken down application cells and containers. This is usually done to create a sandbox for applications. This provides portability of the application as well as isolation from the OS. These have less overhead than a standard virtual machine. **Virtual Trusted Platform Module (vTPM)** Another important technology is the Virtual Trusted Platform Module (vTPM). It is used with a virtual operating system to provide a high degree of security. A vTPM allows programs to interact with a trusted platform module in a virtual system in the same way they would interact with one on a physical system. The TPM\'s secure storage functionality and its underlying cryptographic methods are available to operating systems and applications that are running in virtual machines. vTPM supports higher level of services to establish trust in virtualized environments. For example, where you have a high need for remote attestation of your application or software integrity from a development standpoint. Each guest will get its own unique emulated software TPM, but each of the vTPM secret keys, the NVRAM information is managed by vTPM manager domain. **SERVER VIRTUALIZATION** Server virtualization is the most common type of virtualization. It is the partitioning of a physical server into smaller virtual servers. This partitioning hides the server's hardware resources such as the number and identity of individual host servers, processors, and operating systems from users. Server virtualization is accomplished using software like VMware (the current industry leader), Citrix XenServer, or Microsoft® Hyper-VTM. These virtual machines interact with other servers, applications, and client devices just as physical servers would. Virtualizing servers is basically separating the operating system and its associated applications from the physical hardware underneath. The intention is to spare the user from having to understand and manage complicated details of server resources while increasing resource sharing and utilization and maintaining the capacity to expand later. **Host Server Operating System** A host server operating system is the original operating system installed on a computer. Multiple operating systems installed on VMs can reside on the same host server. These operating systems are called guest operating systems. In some cases the host operating system and the guest operating system are completely different. **Host Server Hardware** Host server hardware varies depending on the intended use of the server. Most servers run for long periods of time without interruption. Availability for these systems must often be very high making hardware reliability and durability extremely important. Servers are ideally very fault tolerant using specialized hardware with low failure rates in order to maximize uptime. Even a short-term failure can cost more than the purchase and installation price of the system. These components offer higher performance and reliability at a correspondingly higher price. Hardware redundancy (installing more than one instance of a module such as power supplies and hard disks arranged so if one fails another is automatically available) is widely used. Servers incorporate: \- Faster and higher-capacity hard drives \- Larger computer fans or water cooling to help remove heat \- Uninterruptible Power Supplies (UPS) to ensure the servers continue to function in the event of a power failure. To further increase reliability, most servers use memory with error detection and correction. As servers are usually administered by qualified system administrators, their operating systems are also more tuned for stability and performance than for user friendliness and ease of use. **Virtualization for Server Consolidation** Server consolidation is one of the most common applications of virtualization. Technology is moving away from the "one server, one application" model because servers were not being utilized to their full potential. Virtualization allows us to condense multiple physical servers into one server running many virtual machines. This permits that physical server to run at a much higher rate of utilization. A measure of consolidation is called the consolidation ratio and is calculated by counting the number of virtual machines on a server **Server Virtualization Main Types:** **Operating-system-level Virtualization** Operating-system-level virtualization, also called container virtualization, uses a single shared OS to host many users simultaneously. Each user is unaware of how many others are sharing the same host because each exists within their own user- space or container. The benefit of operating-system-level virtualization is its efficiency. Rather than running a number of complete guest OSs so software applications can each have access to dedicated operating resources; operating-system-level virtualization uses a set of files and folders to provide operating system functionality and file-mapping services. Operating-system-level virtualization is quite efficient, enabling high performance for the overall system. The main drawback of operating-system-level virtualization is a lack of flexibility. Since each OS version would require their own library of files and folders, only one shared OS can be installed per host server. **Hardware Emulation** Hardware emulation is a very well-established form of virtualization. The virtualization software presents a software representation of the underlying hardware an operating system would typically interact with. In this method, the hypervisor manages a virtual machine by emulating an entire hardware environment; that is a piece of software pretending to be a piece of hardware. The operating system loaded into a virtual machine is a standard unmodified product. As it makes calls for system resources, the hardware emulation software catches the system call and redirects it to manipulate data structures provided by the hypervisor. The hypervisor itself makes calls to the actual physical hardware underlying all the software **CLIENT VIRTUALIZATION** Virtualization technology can be applied to more than just server hosting; it can also be applied to client hosting. Client virtualization is defined as a virtualization technology used to separate a desktop computer environment from the physical device used to access it. Client virtualization is a great tool that lets multiple end users simultaneously make use of a single host device. Administrators easily maintain a centralized service/device rather than being concerned with individual computers spread around the base. It is often used to move workloads into isolated environments to reduce system administration requirements. Client virtualization is similar in some respects to server virtualization as both make use of a host server, hypervisor and guest OS. Client virtualization is defined as a virtualization technology used to separate a desktop computer environment from the physical device used to access it. This virtualization is considered a type of client-server computing model because the virtualized desktop is stored on a centralized, or remote server. Client virtualization \"virtualizes desktop computers.\" These virtual desktop environments are \"served\" to users on the network. Users interact with a virtual desktop in the same way a physical desktop is accessed and used. A benefit of client virtualization is that it supports remote logon access to a specific desktop from any location with a network connection. One of the most popular uses of desktop virtualization consists of offering personalized desktop images for each network user; all hosted on data center servers. Virtual desktops are traditionally accessed through the use of thin clients. Many of today's thin clients are more reliable and less expensive than your basic personal computer. A thin client (sometimes called a lean client) is a low-cost, centrally-managed computer devoid of Compact Disc-Read Only Memory (CD-ROM) players, diskette drives, hard-drives, and expansion slots. It relies heavily on the server to accomplish most of its processing as opposed to a personal computer (PC) which does most of its own processing and operates independently of a server. Thin clients have life spans of 7 to 10 years which saves money by easily doubling the lifecycle of a traditional desktop computer. The main benefit of having thin clients is they allow for all personal/sensitive information to be maintained on a server thereby reducing the chance of any security issues. **Architectures of Client Virtualization** Client virtualization architectures fall into five main groups, broadly categorized by three main characteristics: \- Where the processing takes place (either on the desktop/device or in the data center) \- What is delivered to the user (individual applications or an entire desktop environment) \- How user specific settings (user profiles) are manage Of the five main groups of Client Virtualization, you are most likely to work with the following four: **Presentation virtualization** Presentation Virtualization, also referred to as Terminal Services or Remote Desktop Services, is the most mature and most widely used client virtualization architecture. In a presentation virtualization environment, applications run on shared Windows® servers hosted in a remote data center with only the application's user interface presented on the user's desktop (Ref. Figure 2-1). User input is redirected over the network to the server using a dedicated remote- display protocol. The client can be a dedicated hardware device, a thin client, or a software client running on a converted PC, tablet, or smartphone. **Virtual Desktop Infrastructure (VDI)** A virtual desktop infrastructure (Ref. Figure 2-2), also referred to as Server-Hosted Virtual Desktops, is an evolutionary step beyond presentation virtualization. Like presentation virtualization, VDI runs on a shared infrastructure hosted in a central data center and uses the same thin client remote display technology. But whereas presentation virtualization utilizes a shared-server operating system to deliver individual applications, VDI uses a standard desktop operating system running on a hypervisor. **Intelligent Desktop Virtualization (IDV)** Intelligent desktop virtualization, also referred to as Distributed-Desktop Virtualization, is the reverse of VDI. VDI replaces a conventional desktop PC with a thin client or tablet and hosts the desktop OS on a server hypervisor in the data center. On the other hand, IDV implementations retain a conventional desktop PC at the endpoint running a locally installed client hypervisor to host the desktop environment. The IDV approach is potentially less disruptive than VDI since it does not require a large data center investment. Because all the applications are installed locally, it allows for offline operation. At the same time however, IDV requires greater security especially when used with mobile PCs because data is stored locally on that PC. **Application Virtualization/Streaming** Application virtualization and application streaming are closely related technologies forming the basis of a complete client virtualization solution (Ref. Figure 2-3). They may also be used in conjunction with both presentation virtualization and VDI. With application virtualization, applications run locally on the computing device but they are not installed on the device in the conventional sense. Instead, applications are packaged so they run inside a virtualization layer controlling access to the underlying operating system. This removes many operating system-specific dependencies and permits applications to run in environments that would otherwise cause compatibility problems. Application streaming extends application virtualization to the data center by optimizing the package so the components needed to launch the application get delivered first. The rest of the package components are delivered on an as-needed basis. This allows organizations to house applications in a central location and stream them to the desktop at runtime instead of loading them on a desktop or other computing device in advance. Both application virtualization and application streaming can be used in conjunction with presentation virtualization and VDI to simplify operational management challenges since reducing the number of applications installed directly into the operating system. This reduces both application compatibility issues and the amount of regression testing needed following application or operating system changes. It is also beneficial in environments where VDI is used in conjunction with conventional or IDV desktops. A single application virtualization package can be used across presentation virtualization, VDI, IDV and conventional desktops. This eliminates duplicating efforts. **BENEFITS OF CLIENT VIRTUALIZATION** Client virtualization offers several benefits compared with traditional desktop management. \- Virtual desktops reduce overall IT operational costs --- from prolonging hardware replacement cycles to reducing desktop maintenance and service time \- IT administrators can centrally manage all virtual desktops in the data center environment thus improving efficiency \- Administrators can quickly set up new virtual machines ensuring virtually zero downtime \- Virtual machines can be quickly deployed on most PC hardware which can be factored into organizational continuity planning allowing enterprises to return to operation quickly after disasters. \- Virtual machines allow for policies removing physical connections (such as Universal Serial Bus (USB drives)) therefore improving overall enterprise network security \- When end users connect to a virtual or session-based desktop hosted in the data center, the applications and data associated with that desktop never leave the data center. This helps organizations keep intellectual property secure and simplifies regulatory compliance. \- Since virtual machines run on virtualized hardware independent of whatever physical device a client uses to interact with them, there is little concern for hardware compatibility or device driver issues. **Client Virtualization Security** There are steps anyone can use to improve the security of their virtual environment: \- Deploy security monitoring tools to check communications among virtual machines. \- Make access rules consistent across physical servers and guest operating systems. \- Establish policies to audit configuration/deployment of virtual systems and applications. -Group together servers that require a similar level of security.

Virtualization Overview PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue