WIXLIB

5OpenVirtualizaIonAlliance1

Agenda ckArchitectureKVMandOpenStackCaseStudies– NTTCom– CERN– IntelIT 2

ABriefHistoryofVirtualizaIonLXC / DockerKVM hypervisorx86 hardware virtualizationXen hypervisor for x86VMware hypervisor for x86Virtualization on Unix systemsVirtualization on aIonAlliance2010s20153

ConceptualFrameworkUser InterfaceApplicationsManagement eNetworking4

IntroducIontoKVMUser InterfaceApplicationsManagement nVirtualizaIonAllianceNetworking5

KVMArchitectureOpen source hypervisor based on OtherApplicationsLinuxGuest OSOtherGuest OSQEMUKVMQEMUKVM Kernel module that turns Linux into a VirtualMachine Monitor Merged into the Linux kernelLinuxApplicationsLinuxx86, POWER, z Systems, ARM17Aug15QEMU Emulator used for I/O device virtualizationProcessors supported x86 with virtualization extensions Intel VT-x AMD (AMD-V) POWER8 IBM z Systems ARM64OpenVirtualizaIonAlliance6

KVMPerformanceSource: SPECvirt 2013 Published Results - http://www.spec.org/virt sc2013/results/specvirt sc2013 perf.html17Aug15OpenVirtualizaIonAlliance7

ationsOtherApplicationsLinuxGuest OSOtherGuest OSQEMUKVMQEMUSELinux Mandatory Access Control (MAC)integrated into Linux Provides “need to know” securitybetween processesLinuxApplicationsLinuxx86, POWER, z Systems, ARM17Aug15sVirt Combines SELinux and KVM Delivers “need to know” securitybetween virtual machinesCertifications EAL4 certification for KVM in RHEL 6and SLES 11 SP 2 on various x86 64-bitIntel and AMD64-based hardware fromDell, HP, IBM and SGIOpenVirtualizaIonAlliance8

KVMManagement- ‐libvirtUser rary Open Source project Manages multiple hypervisorsCommand Line Powerful Complex to useNetwork Daemon Enables remote managementKVMXenLXC .Compute17Aug15RemoteManagementBase for other management tools virt-manager, Kimchi, oVirt OpenStackOpenVirtualizaIonAlliance9

KVMManagement- ‐KimchiUser InterfaceHTML5WebBrowserDaemonKimchilibvirtKimchi Open Source project Manages KVM on x86, PowerUser Interface Easy to use Access from HTML5 web browserServers managed Single digitsKVMCompute17Aug15OpenVirtualizaIonAlliance10

KVMFutures ystemzGPUs NetworkFuncIonVirtualizaIon AddiIonalPerformanceImprovements– Minimizinglocks– MulI- ‐threadeddevicemodel NestedVirtualizaIon nAlliance11

BuildingOpenClouds irtualizaIonAlliance12

IntroducIontoOpenStackUser InterfaceHorizonApplicationsCommandLineManagement rtualizaIonAllianceNetworking13

OpenStackDesignPrinciples Open– OpenDevelopmentModel– OpenDesignProcess– OpenCommunity GeneralPurpose– BalancingCompute,Storage,Network MassivelyScalable MulI- ‐site iance14

Nova–ComputeServiceManages VM lifecycle Starting and stopping VMs Scheduling and monitoring entication KeystoneChoiceofhypervisorStorage17Aug15GlanceKey Components API Database Scheduler Compute node and plug-insComputeAccess to VM images Glance SwiftOpenVirtualizaIonAlliance15

OpenStackandHypervisorUsageSource: OpenStack User Survey May 2015 - penVirtualizaIonAlliance16

ystone17Aug15Manages security Service for all other modules Authentication AuthorizationKey components API Backends Token Catalog Policy IdentityOpenVirtualizaIonAlliance17

toneCinderChoiceof BlockStorageManages persistent block storage Provides volumes to running instances Pluggable driver architecture High AvailabilityKey components API Queue Database Scheduler Storage plug-insAuthentication KeystoneStorage17Aug15OpenVirtualizaIonAlliance18

oneNeutronChoiceofNetworkManages networking connectivity Provides volumes to running instances Pluggable driver architecture Support for range of networking technologiesKey components API Queue Database Scheduler Agent Networking plug-insAuthentication 19

Glance–ImageServiceHorizonManages VM images Catalog of images Search and registration Fetch and deliveryCommandLineKeystoneSwiftAuthentication KeystoneVMImagesStorage17Aug15GlanceKey components API Registry DatabaseStorage of VM images Swift Local file systemOpenVirtualizaIonAlliance20

neSwiftObjectStorageManages unstructured object storage Highly scalable Durable – three times replication DistributedKey components Proxy / API Rings Accounts Containers Objects Data storesAuthentication KeystoneStorage17Aug15OpenVirtualizaIonAlliance21

ProvisioningaVMUser InterfaceHorizonApplicationsCommandLine12, 10Cinder76KeystoneSwift9Storage17Aug15Management Neutron5Networking22

OpenStackNewFeatures–Kilo Horizon– Updateduserinterface Glance– AddiIonalarIfactsbeyondjustimages Ironic– BareMetalProvisioning Zaqar– lliance23

KVMandOpenStack CostScale&PerformanceSecurityInteroperability DevelopmentAffinity– Bothopensourceprojects– KVMisdefaulthypervisorforOpenStackdevelopment DeploymentAffinity– KVMisbestsupported,easiesttodeploy,withmostfull- 4

NTTCom’sOpenStackDeployment NTTCom– LeadingglobalcarrierheadquarteredinJapan– EarlyadopterofbothKVMandOpenStack– VM NTTinvolvement– AcIvelyinvolvedwiththeOpenStackandKVMcommuniIes– ,withanemphasisonthecloudserviceproviderusecase UseofOpenStack– Flexibleplug- thcompuIngandnetworkingresources– Integrateso ware- ‐defined- ‐networking(SDN)- alones– APIsSource: IDC white paper – “KVM – Open Source Virtualization for the Enterprise and OpenStack Clouds” on OVA website25OpenVirtualizaIonAlliance17Aug15

CERNPrivateCloud CERN– FundamentalresearchintoparIclephysics– LargeHadronColliderseekingtofindnewparIcles– MassiveneedforscalablecompuIngresourceondemand CERNPrivateCloud– ndRabbitMQ– Currently3,200hypervisorswith83,000cores– Expectedtoreachover100,000coresby2Q2015 KeyRequirements– Scale– TechnologyandDeveloperecosystem– InteracIonwithexisIngITservicesSource: CERN OpenStack public reference on 6

Intel IT’s Cloud Goals80% EffectiveUtilizationEfficiency through federationVelocity Increase17Aug15 Pervasive virtualization ( 75%) 90% new land in cloud Enterprise app virtualization Secure virtualization Larger pools in fewer data centersAgility through automation & selfservice Zero Business Impact Reduce MTTR App design for failure Increase availabilityOpenVirtualizaIonAllianceOn-demand self-service the normProvision VMs within minutesInnovative idea to production dayExternal cloud for burst demand27

Intel IT & OpenStack*/KVMDeployment HistoryPublicPublicInitial Deployment – 2012 OpenStackEssex 1000virtualinstancesforexternalservices qemu- ‐system- ‐x86 641.017Aug15Today OpenStackHavana(Junoupgradesoon) 4000instancesformulIpleservices( 70:1, 100vCPU) qemu- ‐system- ‐x86 641.4.2OpenVirtualizaIonAlliance28

Intel IT & OpenStack*/KVMKVMBenefitsPerformanceStability 2012Studyon‘standard’cloudworkloads(database) OpenSource,IghtOpenStackandLinuxkernelintegraIon Parorbeqervs.marketplace Hypervisorefficiency HVrealmisseeminglynear- ‐stableonstraightperformance Drinkingourownchampagne- ‐we’vegotafewKVMdevs:- ‐)KVMLessonsLearnedPerformanceStability Checkflags–lotsoffeatures/opIons Windowsguestupdates Keepyourimagescurrent Oversubscribing&bigmulI- ‐vCPUinstances WindowsguestcanbesensiIveIOinterrupIons ualizaIonAlliance29

OpenStack* intelligent workload schedulingOpenStack* VMs have a greater awareness of the capabilities of the hardware er 0

OpenStack* intelligent workload schedulingIntelligent VM placement based on monitoring of resource PerformanceLocationPower nVirtualizaIonAlliance31

OpenStack* intelligent workload schedulingOpenStack* VMs have a greater awareness of the capabilities of the hardware rformanceLocationPower t VM scheduling based on monitoring of resource utilization, power and thermals17Aug15OpenVirtualizaIonAlliance32

�� Thegrammaris:novaflavor- ‐create name flavorID raminMB diskinGB numberofvCPU – Theword“auto”fortheflavorIDwillauto- ‐generatetheID nova flavor-create m1.avx auto 1024 10 12.AddtheextraproperIestotheflavorwecreated– Thegrammaris:novaflavor- ‐key name set key value – Thevalue“ in – Usethecommandnovaflavor- ‐listtolookupflavorkeys nova flavor-key id of flavor set capabilities:cpu info:features " in avx"17Aug15OpenVirtualizaIonAlliance33

Intel&OpenStack/KVMFutureDirecIonIT– It’snotjustthehypervisor it’showtheyaremanagedwithinthestack– Choiceinmanagingthecloud � edulers– EG:CacheQoSmonitoring,chipsetfeatures(AVX2,Intel AES- OpenVirtualizaIonAlliance

ClearLinuxProjectForIntel ArchitectureWITHMEMORYOVERHEAD OF18-20 MEGABYTES(PER EACH INCREMENTAL CONTAINER)RUN 3,500 CONTAINERIZED APPSON A SERVER USING JUSTLAUNCH A SECURED CONTAINERWITHIN MULTI-TENANTENVIRONMENTSIN UNDER 150 MILLISECONDSSecurity & isolationof traditional VMs17Aug15Deploymentspeedofcontainerizedapps128 GB OF ntel 30AMandseeitinacIonatourbooth(#321)

AddiIonalResources OpenVirtualizaIonAlliance– �� dOpenStackClouds”LinuxFoundaIonTrainingCourse– ust19- ‐21– hqp://events.linuxfoundaIon.org/events/kvm- ‐forumOpenStackFoundaIon– r– lter scheduler.html17Aug15OpenVirtualizaIonAlliance36

Open source hypervisor based on Linux KVM Kernel module that turns Linux into a Virtual Machine Monitor Merged into the Linux kernel QEMU Emulator used for I/O device virtualization Processors supported x86 with virtualization extensions Intel VT-x AMD (AMD-V) POWER8 IBM z Systems ARM64 17Aug15