Extra Materials Network Engineers Extras Bit Locker Virtualisation
Extra Materials Network Engineers
Extras Bit. Locker Virtualisation
Bit. Locker • Bit. Locker is a full volume encryption feature included with Microsoft Windows versions starting with Windows Vista • It is designed to protect data by providing encryption for entire volumes • By default, it uses the AES encryption algorithm in cipher block chaining or XTS mode with a 128 -bit or 256 -bit key.
Bit. Locker Commands - Manage-bde is a command-line tool that can be used for scripting Bit. Locker operations Manage-bde offers additional options not displayed in the Bit. Locker control panel Syntax manage-bde [-status] [–on] [–off] [–pause] [–resume] [–lock] [–unlock] [–autounlock] [–protectors] [–tpm] [–Set. Identifier] [-Force. Recovery] [–changepassword] [–changepin] [–changekey] [-Key. Package] [– upgrade] [-Wipe. Free. Space] [{-? |/? }] [{-help|-h}] See document on Wiki
An Introduction to Server Virtualisation
A loose definition Virtualisation is a framework or methodology of dividing the resources of a computer into multiple execution environments, by applying one or more concepts or technologies such as hardware and software partitioning, time-sharing, partial or complete machine simulation, emulation, quality of service, and many others.
Some history • An old concept – first virtual machines created on IBM mainframes in early ’ 60 s • Typically, IBM's virtual machines were identical "copies" of the underlying hardware. Each instance could run its own operating system. • Virtualisation formed the basis of “time sharing”
Some virtual machines you may know… • NT had Virtual DOS Machine (NTVDM) and Windows on Win 32 (WOW) • Windows 95 used virtual machines to run older (Windows 3. x and DOS) applications
The old model • A server for every application • Software and hardware tightly coupled • Underutilised resources introduce real cost into the infrastructure
The new model • Physical hardware is abstracted by a virtualisation layer, or hypervisor • Manage OS and application as a single unit by encapsulating them into virtual machines • Separate OS and hardware and break hardware dependencies • Optimise utilisation levels
Increased Hardware Utilisation • Before Virtualisation • After Virtualisation
Underutilisation of Resources • Most organisations over-provision • Multiple processors in each server • Memory requirements over-estimated • Aim to drive up CPU utilisation Actual DSS customer data – 120 servers monitored
Virtual Infrastructure • Virtual infrastructure brings uniformity to the data centre • Dynamically map computing resources to the business • Lower IT costs through increased efficiency, flexibility and responsiveness • Provision new services and change the amount of resources dedicated to a software service • Treat your data centre as a single pool of processing, storage and networking power
How is it implemented? • Typically, in order to virtualize, you would use a layer of software that provides the illusion of a "real" machine to multiple instances of "virtual machines". This layer is traditionally called the Virtual Machine Monitor (VMM) or “hypervisor”. • The hypervisor could run directly on the real hardware or it could run as an application on top of a host operating system.
Type 1 VMM IBM CP/CMS VMware ESX Windows Virtualisation (2008) Xen Virtual Iron Also called bare metal or native Guest VM VMM Hardware Guest VM
Type 2 VMM Also known as hosted hypervisors Guest VM VMWare Workstation Oracle Virtual. Box VMM Host OS Hardware Guest VM
Hybrid VMM MS Virtual Server MS Virtual PC Guest VM Host VM VMM Hardware Guest VM
Paravirtualisation Paravirtualization is a virtualization technique that presents a software interface to virtual machines that is similar but not identical to that of the underlying hardware. This requires operating systems to be explicitly ported to run on top of the virtual machine monitor (VMM)
Full Virtualisation • Provides a complete simulation of the underlying hardware • With binary translation, rewrites some x 86 instructions at run time that cannot be trapped and converts them into a series of instructions that can be trapped and virtualised • Capable of running existing legacy operating systems without modification
Native Virtualisation • Leverages hardware-assisted capabilities available in the latest processors from Intel (Intel VT – “Vanderpool”) and Advanced Micro Devices (AMD-V – “Pacifica”) to provide near-native performance. • Virtual Iron is one of the first companies to offer virtualization software to fully support Intel-VT and AMD-V hardware assisted virtualization.
Native Virtualisation • Dell • • Precision 380 Power. Edge 430 Power. Edge 440 Power. Edge 1435 Power. Edge 1950 Power. Edge 1955 Power. Edge 2950 Intel Pentium D Intel Xeon 3 xxx AMD Opteron 22 x Intel Xeon 5 xxx • • Pro. Liant DL 140 G 3 Pro. Liant DL 320 G 4 Pro. Liant DL 360 G 5 Pro. Liant DL 365 Pro. Liant DL 380 G 5 Pro. Liant DL 385 G 2 Pro. Liant DL 580 G 4 Pro. Liant DL 585 G 2 Intel Xeon 5 xxx AMD Opteron 22 xx Intel Xeon 7 xxx AMD Opteron 82 xx • • • x. Series 100 System x 3455 System x 3550 System x 3850 LS 21 Intel Pentium-D AMD Opteron 22 xx Intel Xeon 5 xxx Intel Xeon 7 xxx HS 21 Intel Xeon 5 xxx AMD Opteron 22 xx • HP • IBM
What’s in a Virtual Machine?
What’s in a Virtual Machine - BIOS • VM has its own BIOS • Has everything you would expect to see in a real BIOS • Boot options may include floppy, CD-ROM, disk drive and PXE.
What’s in a Virtual Machine - Networking • Each VM has a virtual NIC • Virtual NICs are connected to virtual switches implemented in the virtualisation layer • VMware – v. Switches • Microsoft -. vnc-files • Virtual switches have uplink connections to physical NICs on the host
Combining internal and external virtual switches • Virtual switch with one outbound adapter acts as a DMZ • Backend applications are secured behind the firewall using internalonly switches
What’s in a Virtual Machine - Storage • To the applications and guest operating systems inside each virtual machine, the storage subsystem is a simple virtual SCSI host bus adapter connected to one or more virtual SCSI disks • Virtual disks are files kept on physical storage. • VMware – VMDK files • Microsoft – VDF files • Virtual disk represents a local drive on a virtual server, such as a C or D drive in Windows • Physical storage could be • Direct attached SCSI • SAN attached • i. SCSI • NAS
Licensing Considerations • On host • Host OS? • Virtualisation technology? • On Guest • Guest OS? • Guest Applications
Support Considerations • Two meanings • Is it technically possible? • Will the vendor support a virtual environment? • The Microsoft position • “For Microsoft customers who do not have a Premier-level support agreement, Microsoft will require the issue to be reproduced independently from the non-Microsoft hardware virtualization software. ” • “Microsoft supports Windows Server System software running within a Microsoft Virtual Server environment subject to the Microsoft Support Lifecycle policy. . . “
Usage Scenarios for Virtualization Consolidation Business Continuity Management Workload Mobility Development and Test
Usage Scenario Production server consolidation Gartner definition 1. Logical 2. Physical 3. Rational
Usage Scenario Production server consolidation • Consolidate workloads • • Infrastructure applications Low-utilization workloads Branch office and datacenter workloads Efficient use of available hardware resources • Re-host legacy OS and applications • NT 4 guest applications on virtual platform • Run on current hardware and current OS • No application updates required • Partition resources • Limit CPU resource per VM
Usage Scenario Business continuity management • Disaster Recovery • Maintain DR systems as virtual machines • Eliminate traditional problems associated with bare metal restores • OS and application patching • Deploy and test patches off-production, and swap • Eliminate scheduled downtime • Isolation / sandboxing • Isolate OS environments for untrusted applications • Prevent malicious code from affecting others
Usage Scenario Dynamic datacenter • Workload mobility • Package up entire OS environment and move to other location • Flexible deployment of workloads
Usage Scenario Development and test • Rapid provisioning of virtual machines • Create arbitrary test scenarios • Wider test range for niche scenarios
Application + OS: Now A Data File Entire server – OS, apps, data, devices, and state – is now simply a file. • Server provisioning is similar to copying a file • Server migration is now similar to data migration • Data management techniques can be used for server management • Server cloning/copying • • • Versioning Server archival Remote mirroring
The Role of Shared Storage • Virtual Machine files are centrally located. • Multiple access. • Virtual Machines can be moved for DR purposes, system repair/upgrade, etc. • Can take advantage of advanced SAN features such as snapshots, clones and replication.
Live Migration • Move running virtual machines from one physical system to another with no downtime • Zero downtime maintenance • Balance resource utilisation across infrastructure
Hardware Infrastructure – Scale Up or Scale Out? • Scaling up means fewer, larger systems • Advantages • Fewer ESX Server images to manage • Lower infrastructure costs (Ethernet/SAN switches) • Disadvantages • • • Higher hardware costs (servers) Big H. A. impact in case of failure of a node Fewer CPUs supported "per rack“ Headroom required for HA is expensive Servers may go obsolete Locked into server architecture • Scaling out means more, smaller systems − Advantages • • • Lower hardware costs (servers) Low H. A. impact in case of failure of a node More CPUs supported "per rack“ Headroom required for HA is less expensive Not locked into obsolete hardware More flexible − Disadvantages • Many hypervisor (ESX) images to maintain • Higher infrastructure costs (Ethernet/SAN switches)
What should an enterprise ready virtualisation platform offer? • • Efficient server partitioning SMP support in guest VMs Scalable memory in guest VMs Fault isolation – a crash in one virtual machine should not impact other virtual machines Security isolation – a virtual machine should never access the memory or I/O operations of another virtual machine Resource isolation – runaway applications in one virtual machine should not “starve” others virtual machines. Non-disruptive addition of capacity Scalable management tools
VMware Workstation • Desktop Virtualisation • Run multiple operating systems simultaneously on a single PC • Supports Windows, Linux, Net. Ware, Solaris • Software development/test • Training
VMware Server Free virtualisation platform Type 2 “hosted” VMM Runs on any standard x 86 hardware Runs on a wide variety of Linux and Windows host and guest operating systems • Intended as a “step up” to Type 1 hypervisor products. • •
VMware Infrastructure 3 • VMware ESX Server 3. 0 - Type 1 VMM • VMware Virtual. Center 2. 0 • 4 -way v. SMP / 16 GB Virtual RAM support • VMware VMotion • VMware HA • VMware Distributed Resource Scheduling • VMware Consolidated Backup
Non-disruptive capacity on demand
Automate resource assurance for critical applications DRS Dynamic Balancing Continuous Optimization
Automatic availability for all applications VMWARE HA X
Backup anytime VMWARE CONSOLIDATED BACKUP Decouple backup from production VMs 20 -40% better resource utilization Pre-integrated with 3 rd party backup products
Microsoft Virtualisation Products • Hyper-V • Virtual PC • Microsoft Virtual Server 2005 R 2 • Virtual Machine Manager (in Beta but available for download) • Windows Virtualisation (to be released after Longhorn)
Hyper-V Description • Type 1 Hypervisor based virtualization platform • Windows Server 2008 x 64 Edition technology • Standard, Enterprise and Datacenter Editions • Role on Windows 2008 R 2 in both Core and full Version
Architecture
Hardware Requirements • x 64 server with hardware assisted virtualization • AMD-V or Intel VT • Hardware enabled Data Execution Prevention (DEP) required • AMD (NX no execute bit) • Intel (XD execute disable) Note: Enabling these BIOS features requires powering down (not rebooting) the server to take effect
Hyper-V • Capabilities • • • 32 -bit (x 86) & 64 -bit (x 64) VMs Large memory support (64 GB) per VM SMP VMs (up to 4 cores) Integrated cluster support for HA & Quick Migration Bit. Locker: Seamless, secure data encryption Live Backup: Volume Shadow Service integration Pass-through disk access for VMs Virtual Machine snapshots New hardware sharing architecture (VSP/VSC/VMBus) • Disk, networking, input, video • Robust networking: VLANs and NLB • DMTF standard for WMI management interface • Support for Full or Server Core installations
Windows Server 2008 R 2 - Hyper-V • Better flexibility • • Live Migration Cluster Shared Volumes Hot Add/remove of Storage Processor compatibility mode for live migration • Improved performance • • • Improved memory management TCP Offload support Virtual Machine Queue (VMQ) Support Improved Networking Second Level Address Translation • Greater Scalability • At 64 logical processor support • Enhance Green IT with Core Parking
Virtual PC • Suited to use in testing on a desktop environment • Not recommended for production servers • • Single CPU support only No remote management possible No SCSI support Starts as an application not as a service • Shares disk format with Virtual Server
Virtual Server 2005 R 2 SP 1 • Microsoft’s current offering for virtualisation in production environments • Shares underlying technology with Microsoft Virtual PC • Web based management portal • Guests supported include: • Windows (up to Vista with SP 1) • Linux
Clustering in Virtual Server 2005 R 2 SP 1 Guest to Guest Host to Host i. SCSI connection Cluster storage SAN or i. SCSI connection Cluster storage
Virtual Server 2005 R 2 SP 1 • VM Additions • VM additions provide enhanced performance and additional functionality to the guest OS • Additions available for XP, Windows 2003, Vista and Linux • Windows additions provide: • Allow for direct mode kernel execution (faster processing of some commands) • Linux additions provide: • • Time sync Shutdown support SCSI disk Does not allow for direct mode kernel execution • Important to update for each new release to maximise performance benefits
Windows Virtualisation • To be released within 180 days after the Longhorn release (no Beta available as yet) • Requires Intel VT or AMD Virtualisation hardware • Uses Hypervisor (a thin layer of software under the “Host OS”) Guest 1 (“Host OS”) VMM (Hypervisor) Hardware Guest 2
Virtual Machine Manager
Centralized Management: Reports Full set of reports, integration with MOM database Actions one click away in context sensitive Actions Pane January 16, 2022 59
Self Service Portal Ability to control owned virtual machines Thumbnails of all owned virtual machines January 16, 2022 60
Self-Service Portal Provisioning User selects from list of templates Administrator has associated with that user
Self-Service Portal Provisioning New virtual machine ready for use, Terminal Services connection information automatically emailed to user.
Virtual Server 2005 vs Windows Server Virtualization Virtual Server 2005 R 2 Windows Server Virtualization 32 -bit VMs? Yes 64 -bit VMs? No Yes Multi-processor VMs? No Yes, up to 8 processor VMs VM memory support? 3. 6 GB per VM More than 32 GB per VM Hot add memory/processors? No Yes Hot add storage/networking? No Yes Can be managed by System Center Virtual Machine Manager? Yes Microsoft Cluster support? Yes Yes, COM Yes, WMI 64 More than 64. As many as hardware will allow. Web Interface MMC 3. 0 Interface Scriptable / Extensible? Number of running VMs? User interface
Xen • Open source hypervisor solution • Installs on bare-metal • Linux VMs fully supported • Red Hat • Debian • Suse • Windows VMs require Intel VT or AMD-V processor • Microsoft Windows Server 2000 • Microsoft Windows Server 2003 • Microsoft Windows XP SP 2
Xen. Source
Xen. Source Products User Profile Enterprise IT, system integrators Windows IT professionals Developers, testers, support, IT enthusiasts Windows guest support Windows Server 2003; Windows XP; Windows 2000 Server Linux guest support Red Hat EL 3. 6, 3. 7, 3. 8, 4. 1, 4. 2, 4. 3, 4. 4, 5. 0; SUSE SLES 9. 2, 9. 3, 10. 1; Debian Sarge N/A (Windows guests support only) Red Hat EL 3. 6, 3. 7, 3. 8, 4. 1, 4. 2, 4. 3, 4. 4, 5. 0; SUSE SLES 9. 2, 9. 3, 10. 1; Debian Sarge Live Migration Mid-2007 N/A Shared storage Mid-2007 N/A
Virtual Iron • An enterprise ready native virtualisation platform • Uses hardware-assisted virtualisation technologies of Intel VT and AMD-V processors • Based on an open source hypervisor derived from the Xen open source project • No software need be installed on physical hardware
Virtual Iron Components Component License Function Hypervisor GPL First software loaded when physical server boots. Manages all hardware resources Service Partition GPL Second software loaded when physical server boots. Manages virtual server creation and configuration and all I/O. Virtualisation Manager Commercial Controls virtual servers through an agent in the service partition Guest operating systems Varies Operating systems that are fully virtualised on a physical server
Virtualization Manager • Java-based application • Allows for central management of virtualized servers • A physical server can have many virtualized servers, which are run as unmodified guest operating systems.
Virtual Manager Policy-based Automation • Live. Migration – moves a running virtual server from one physical server without pausing or impacting running applications • Live. Capacity – monitors virtual server CPU utilisation or other application needs to determine when a workload needs additional capacity. When a user-defined threshold is met, the virtual server is Live. Migrated to a physical server that has the necessary resources • Live. Recovery – monitors the status of physical resources and moves virtual servers to maintain uptime in the event of a hardware failure • Live. Maintenance – moves virtual servers to alternative locations without downtime when a physical server is taken offline for maintenance
Virtual Iron Architecture
Supported Configurations Feature Support Operating systems 32 and 64 -bit Red Hat Enterprise Linux 4 32 and 64 -bit SUSE Linux Enterprise Server 9 32 -bit Windows XP 32 -bit Windows 2003 Processors Intel Xeon with Intel VT AMD Opteron with AMD-V Virtualised Nodes 100 s per virtual data centre Processors per virtual Server Up to 8 RAM per Physical Server Up to 96 GB Virtual servers per physical server CPU Up to 5 Virtual NIC adapters per virtual server Up to 5 Virtual disks per virtual server Up to 16
Virtuozzo • Operating System–Level Virtualisation • Creates multiple, isolated virtual environments (VEs) • Whereas VMs attempt to virtualize "a complete set of hardware, " VEs represent a "lighter" abstraction, virtualizing instead "an operating system instance"
Parallels Workstation • Test/Development solution aimed at desktop market • Uses hypervisor technology • Wide guest OS support • Entire Windows family - 3. 1, 3. 11, 95, 98, Me, 2000, XP and 2003 • Linux distributions Red Hat, Su. SE, Mandriva, Debian and Fedora Core • Free. BSD • “Legacy” operating systems e. g. OS/2, e. Com. Station and MS-DOS. January 16, 2022 74
HP Virtual Server Environment • Implemented on HP Integrity and HP 9000 systems January 16, 2022 75
Physical to Virtual (P 2 V) • P 2 V is the term used to describe the process of converting physical servers into virtual machines • Can be performed while server is live • Some operating systems require cold migration • Process: • • Analyse source Create a target VM Transfer data from physical source to virtual target Transform VM
VMware Converter • Replaces P 2 V Assistant • Wizard based conversion process • Can convert physical machines, virtual machines or third party system images (e. g. Symantec Ghost, Backup Exec Live. State Recovery) • Source physical machines: • • • 64 -bit Windows XP/2003 Win. NT SP 4+ Windows 2000 Windows XP Windows 2003
Platespin Power. Convert • “Anywhere to anywhere” conversion • Peer-to-Peer • • Physical to Virtual (P 2 V) Virtual to Virtual (V 2 V) Virtual to Physical (V 2 P) Physical to Physical (P 2 P) • Image Capture • Physical to Image (P 2 I) • Virtual to Image (V 2 I) • Image Deployment • Image to Virtual (I 2 V) • Image to Physical (I 2 P) • Disaster Recovery • Physical to Virtual (P 2 V) • Virtual to Virtual (V 2 V) • Windows and Linux sources can be converted
Platespin Power. Convert
Portlock Storage Manager • Third-party Net. Ware data management product • Can be used for P 2 V conversions of Net. Ware servers • Requires some manual reconfiguration of VM
Capacity Planning • Important first step in any server consolidation project • Aims: • Understand server performance and utilization rates of a group of servers • Identifying servers that are good candidates to be migrated into virtual machines • Size virtual environment accurately • Statistics are gathered and processed • What-if scenarios can be run to examine different possible approaches
VMware Capacity Planner
Platespin Power. Recon • Onsite data collection and analysis • Scenario modelling (what-if) • Agentless operation Inventory Workload Data Collection Analyse Recommend
Best Practice Recommendations • • • Explore your options. Evaluate your applications for potential consolidation. Understand the differences between various virtualization solutions. Look closely at the licensing and support policies of your software vendors. Start small.
Best Practice Recommendations • • • Manage expectations. Beware of “virtual sprawl. ” Consider blades as a complementary consolidation strategy. Integrate server consolidation with a broader consolidation strategy. Develop a framework for continuous consolidation.
- Slides: 85
