symantec rhev 31-update by syed m shaaf

RED HAT ENTERPRISE VIRTUALIZATION Update | Syed M Shaaf1

Red Hat Enterprise VirtualizationSymantec Technology Days

Syed M ShaafSolutions ArchitectRed HatFebruary 2013


RHEV Overview


● High Availability● Live Migration● Storage Live Migration*● Live Snapshots ● Load Balancing (DRS)● Power Saver (DPM)● Hot-plug disk and NIC● Storage on local disk, FC,

iSCSI, NFS, Red Hat Storage, IBM GPFS, POSIX or Direct LUN

● Self Service Portal with Quotas

● Eco-system marketplace

* Tech Preview at GA

RHEV MANAGER FEATURES


● Host: 160 logical CPU (4,096 theoretical max), 2 TB RAM (64TB theoretical max)

● Guest: 64 vCPU, 512 GB RAM

● Supports latest silicon virtualization technology

● Based on the latest RHEL 6 kernel

● Microsoft SVVP certified

RHEV HYPERVISOR/KVM OVERVIEWSCALABILITY

SMALL FORM FACTOR, SCALABLE, HIGH PERFORMANCE


SPICE: EXCEPTIONAL USER EXPERIENCE

User experience comparable to a local desktop PC

Bi-directional audio & video

VoIP & video conferencing

HD quality video

Hi resolution 2560x1600 (each)

Up to 4 monitors

USB redirection for nearly any

device

Smart Card/CAC authentication

Copy & paste


SPICE: BUILT FOR VIRTUAL DESKTOPS

Adaptive Protocol Dynamically chooses optimal point to

process graphics Renders locally on client or falls back

to server or VM Improved network support for WAN

Enhanced bandwidth and latency tolerance

Optional SSL encryption Highest server density levels


RHEV 3.1 REPORTING

Historical usage, trending, quality of service

Integrated reporting engine based on Jasper reports

Over 25 prebuilt reports and dashboards included

Ability to create and customize reports and templates


● Integrated through the RHEV API

● Certified by Red Hat to work with RHEV

● Free trials available via the RHEV Marketplace

● Visit our ISV partners at the Partner Pavillion and RHEV Campgrounds

Capacity & Performance Management

OperationsMonitoring

Security

Backup & Disaster

Recovery

ApplicationDelivery

VDI

Capacity Planning &

P2V, V2V

RED HAT ENTERPRISE VIRTUALIZATIONISV PARTNERS

http://marketplace.redhat.com


INDUSTRY LEADING VIRTUALIZATION PERFORMANCE

● SPECvirt_sc2010: As of September 1, 2012, RHEV claims top 7 results and the only 8-socket server scores

Red Hat

VMware


RED HAT ENTERPRISE VIRTUALIZATIONHYPERVISOR

● Standalone hypervisor● Small footprint

● Customized 'spin' of RHEL + KVM● 'Just enough' RHEL to run virtual

machines● Security hardened image● Runs on all RHEL hardware ● with Intel VT/AMD-V CPUs

● Easy to install, configure and upgrade

● PXE boot, USB boot, CD or Hard drive


RHEV inherits the security features of Linux and RHEL

● Red Hat Enterprise Linux 6, the basis of the RHEV 3.x Hypervisor, achieved Common Criteria Certification at Evaluation Assurance Level (EAL) 4+ on 10/29/2012

● SELinux security policy infrastructure● Provides protection and isolation for

virtual machines and host● Compromised virtual machine cannot

access other VMs or host

sVirt Project● Sub-project of NSA's SELinux

community. Provides “hardened” hypervisor.

● Multi-level security. Isolate guests● Contain hypervisor breaches

SECURITY


Security - SELinux to the rescue

SELinux is all about labeling

● Processes get labels – virtual machines with KVM are processes

● Files and devices get labels – virtual images are stored on files and devices

● Rules control how process labels interact with file labels and other process labels

● The kernel enforces these rules


KVM guests are processes, so we can confine them like processes


Compromised virtual machine guest confined, despite its vulnerability


And of course, the guest operating system can also run SELinux


RHEV ARCHITECTURE


RHEV 3.1 - Integration

● Hook scripts are called at specific VM lifecycle events● VDSM (management agent) Start● Before VM start● After VM start● Before VM migration in/out● After VM migration in/out● Before and After VM Pause● Before and After VM Continue● Before and After VM Hibernate● Before and After VM resume from hibernate● On VM stop● On VDSM Stop

➔Hooks can modify a virtual machines XML definition before VM start➔Hooks can run system commands – e.g.. Apply firewall rule to VM


SIGNIFICANT COST ADVANTAGE FOR RED HAT

● 10 physical hosts (2 sockets) ● Same density across both

● Simple subscription pricing ($499/ $749) per socket per year

● Single comprehensive edition with all features

● Lower acquisition cost accelerates ROI

● New releases can be immediately incorporated at no additional cost


● Improve performance relative to legacy UNIX hardware

● Tremendous cost savings by moving from proprietary stack to commodity/x86 based RHEL/RHEV stack

● Improved isolation, manageability and flexibility

UNIX TO LINUX MIGRATION

Financial trading/ on-line banking system that supports 1 million customers per day


MISSION CRITICAL APPLICATIONS

● Virtualize mission critical applications without sacrificing performance

● Monster VM sizes enable better virtualized performance on RHEV

● ISV certifications on RHEL transfer to RHEL on RHEV

Consolidation of Oracle Financials, database and other mission critical applications on RHEV


● Provide self-service for test/dev environments with Power User Portal

● Quotas and permissions for effective resource management

● Linux CLI, advanced REST-API, session support for customization and extension

TEST/DEV ENVIRONMENTS

Private cloud for Linux application development and hosting


PHYSICAL TO VIRTUAL TO CLOUD


References

● Red Hat Enterprise Virtualization - http://www.redhat.com/products/virtualization/

● Part of the presentation on KVM was first delivered (and video recorded) at the June 2012 Red Hat Summit

● http://www.youtube.com/watch?v=yhQIVXrCd68 ● Acknowledgements the original contribution presentation – Dor Laor

http://www.redhat.com/products/virtualization/

http://www.youtube.com/watch?v=yhQIVXrCd68


Thank you

symantec rhev 31-update by syed m shaaf

Documents

red hat storage

rhel red hat enterprise

security rhev

red hatsecurity capacity

vm resume

rhev campgroundshttp

rhev apioperationsmonitoring

vm migration inout