Virtualization in computing, is the creation of a virtual (rather than actual) version of something, such as a hardware platform, operating system, a storage device or network resources. The virtualization of servers, networks and databases is all the rage these days, and we at Monitis feel that a good Q&A is in order to answer any questions that you might have. Here’s a list of some of the top questions most IT administrators have about virtualization — and of course, to go along with them, we’ve provided answers based on our extensive knowledge.
I heard that virtualization can bring many advantages to my organization, but I’m not sure if anyone can explain to me what this whole notion of virtualization is!
The very broad and accurate response is that virtualization is the process of creating virtual versions of actual objects (for example a whole operation system or a network or storage device).
Sorry. Still didn’t get that.
In one sentence, the definition for Virtual Machine (VM) the most popular case of virtualization, where we simulate the whole physical computer, is: Virtualization is a process of running one operation system inside another one.
OK. I guess it’s something new, otherwise everyone would be using it already.
Virtualization seems to be the new kid on the block of computing, but it has quite a long history — starting in an IBM lab in 1960s. You might also be surprised to know how many different areas of virtualization there are. The very long list can be found on the Wikipedia. But you are probably interested in current OS Virtualization development — especially on x86 platform, this area is indeed quite young. You might say it’s one of the first IT children of the 21st century.
Performance: Bare metal or virtual
Great, I learned some history. But I need a bit more practical information. What is the difference from the OS perspective?
The short answer can be ‘no difference.’ But if you want to, you can find some differences. The most important might be the performance effect. After all, one of the aims of virtualization is to allow hardware resource sharing using intermediate layers. This might have some effect.
What kind of effect. It doesn’t sound very encouraging?
The answer depends on the type of virtualization you want to talk about. Let take for example Type 1 hypervisors.
Wait a second. What does ‘Type 1’ and ‘hypervisor’ mean?
Hypervisor is a special program acting as a Virtual Machine Manager. Some smart people defined two types of hypervisors. Type 1 runs directly on hardware (VMWare ESXi, Microsoft Hyper-V as well as Citrix XenServer and other Xen derivatives or KVM), while Type 2 runs inside other OSs (the best example is Oracle VirtualBox). It’s safe to say that currently you will use a server host in which the CPU supports Virtualization (INTEL VT-x or AMD-V extension). Those extensions address difficult or inefficient methods of virtualizing aspects of x86 platform. So for Type 1 hypervisors, the performance penalty should be minimal.
Additionally every main player using paravirtualization — another technique allowing many tasks from a hypervisor to push directly to a guest VM — minimizes performance degradation.
Stop … stop. Paravirtualization? I have a headache — so many strange words. Are they really necessary?
I think we’re done with this academic background; so come back to performance. When people mention performance problems usually they mean disk I/O issues. Historically indeed it was the Achilles’ heel of virtualization. But all vendors tirelessly work on improvements here … and it’s not a fruitless effort. The difference between disk I/O on a bare metal in a VM is not so big. However, I would think twice and make some tests before putting a disk I/O-intensive workload (i.e. busy and big databases) on a virtual server.
Interesting… So why should I use virtualization?
Ask yourself this question: Are you sure that all your servers utilize more than 90% of server power? I don’t think so. You put only a limited number of services onto one server. There are many reason you don’t put all your eggs into one basket. It can be security, there are some services which need a lot of people to have access to, while others should only be accessible by a handful of well-checked system administrators. You can also try to avoid a single point of failure, replicating services onto many boxes. Usually it’s also easier to maintain a smaller number of services on a server. Finally, you might need to have your applications running on different operating systems. Thanks to virtualization, you can consolidate a big number of OSs onto a small amount of hardware. You not only reduce hardware and operation costs, but also the time necessary to deploy new services.
Can you give me an example?
Let’s say you have: a busy webserver critical for your small organization and you want some developers but not everyone to have access to it. You also have a less active database server with credit card numbers which has very restricted access and a development box that you don’t really bother with. So you need at least 3 boxes. With virtualization, you can put VMs with webserver and CC data on the same physical server and save a lot of money on servers. You can even put a development box on them, but you have to ensure that such a box would not eat all resources, and hypervisors allow you to do it. In the case of developers, virtualization has another advantage. You can make a copy of the development environment and allow your programs to play at will. When they break down, you can recreate it again. You can also create many VMs on the same server, so every developer has it’s own environment.
Not bad, but what about virtualization management?
It’s easy. Every vendor prepares a graphical interface. Moreover, there are a few third-party tools that allow you to control a virtualization product from different vendors in one place. If you prefer to use the command line, that’s no problem. You can use CLI even to control Microsoft Hyper-V! Finally you should remember, that every product has its API. So you can write your own software or plugin to your existent infrastructure.
Storage & Backups
This sound good, but I heard that you need to spend a lot for storage and making backups are not so easy.
What? Making backups are not easy? You are kidding. First of all, you can carry on with all tools you use with the OS on normal hardware because hypervisor is ‘transparent’ for an OS. On the other hand,you can use hypervisor ability to make non-disruptive copy by taking a backup of the whole VM. During this process you take a VM snapshots, which is then passed to backup software. All the software in the VM can work without stop and right on through any negative performance effect. Imagine how it helps in a disaster recovery situation. One click, a few minutes, and you have a fully functional system running.
What about storage?
Oh yes, this part might be expensive, but you don’t need to use it. You can store your VMs on local disks. However, you will miss one of the great advantages of server virtualization — the ability to move OSs between different physical servers in a one-server pool. Imagine that you don’t need to stop your service to update a hardware! This is something very useful.
Networking & Security
What about networking?
Nothing special – works fine. Think about Amazon Web Services or Rackspace hosting, both using Xen virtualization and both work perfect in the internet. Moreover, a very nice feature of virtualization is that a hypervisor creates an internal network for all machines in the server pool. Of course you can connect virtual machine to the external world, but you don’t have to and you can mix VMs exposed to the internet and ones using only an internal switch. Such ability increases security.
Oh, good, you reminded me of a question I wanted to ask you. Is virtualization secure?
We touched on that subject in my example of virtualization usage, but let me talk about it some more. The deployment of an OS is much easier, so it’s much easier to apply access control because you can assign OS per task. So this is definitely a plus. However, hypervisors are software and, as any other software, have vulnerabilities. And of course you should apply all provided security patches. This suggestion applies not only for the host, but also for all guests. You also have to ensure proper architecture of your system. This is not a big problem, because you will find plenty of suggestion from vendors, as well as organizations such as NSA.
Another concern is communications. Vendors apply security protocols (such as SSH, SSL or IPSec) in communications between the host and the controlling software (i.e. VMware’s vCenter or Citrix XenCenter). The host platform acts as a level 2 switch, in what can be a security advantage–because you can limit access to some VMs (as I said above). On the other hand, it might be harder to monitor traffic between VMs. Finally, there is some concern on communication between the host and guest. There could be a possible ‘VM escape’ when a code is able to break from a guest to the host. In summary, virtualization won’t fix all security problems, but thanks to easy OS deployment, it might make security more accessible.
Troubleshooting & possible monitoring.
I’m starting to be convinced, but what should I do in the case of a problem? I feel like an additional level of software means more places to check what could go wrong.
You are right, with more software – there are more logs, but don’t exaggerate the problem. On the one hand all guests can be considered working on a normal OS with standard logs. On the other hand, all hypervisor vendors try very hard to provide the best tools for troubleshooting. Usually you can use their specific GUI or CLI command to obtain all necessary information about a crash or other problem.
Well, a crash would be horrible, but what about smaller issues, such as a drop in performance or VM instability?
You mean monitoring?
You shouldn’t be surprise that my response will be similar to the one above. Your VM is a normal OS, and you can use the same tools you have already been using. Monitis is great for monitoring servers in bare metal as well as in virtualization. Moreover, Monitis already has a plugin for Hyper-V and might soon provide tools for another platforms.
On the other hand, hypervisor vendors have their own dedicated monitoring tools. Moreover, there are some tools prepared by a third-party solution that integrates virtualization monitoring. This is especially true for VMWare products. Finally, all hypervisors can use SNMP to communicate with standard monitoring programs.
Great, I’m in. Just tell me which product I should use?
This is a tricky question and I don’t have a straight answer. Many will tell you to use VMWare, because it is the market leader. This choice has many advantages, for example there are many third-party tools and various programs with VMWare plugins. The hardware support is very extensive. But this might be a very costly option. Therefore, remember to check alternatives, which might save you a lot of money. If you are a Windows-based environment, Hyper-V is a good choice. On the other hand, for Linux KVM or one of the Xen derivatives should be a very good option. If you are interested in desktop virtualization (yes, yes there is more than only server virtualization) you especially should take XenServer into account. Finally, remember that Type 1 virtualization is not the end of the world. In the UNIX environment, you can use containers, for example, VServer or OpenVZ for Linux and Zones for Solaris.
One more question. Can I use virtualization on the Cloud?
On the Cloud? The Cloud exists thanks to virtualization, for example both market leaders (Amazon and Rackspace) as well as many others are providers, using Xen and/or XenServer in their services. The short answer then is ‘yes.’
Thank you. It was very helpful.
Please remember: for more information and other articles about virtualization, see Monitis’s blog!