virtual amt for unified management of physical and virtual desktops kenichi kourai kouki oozono...
TRANSCRIPT
Virtual AMT forUnified Management of
Physical and Virtual Desktops
Kenichi KouraiKouki Oozono
Kyushu Institute of Technology
Desktop ManagementThe number of desktop PCs becomes
enormousAdmins manage them remotelyAgent software is installed in desktops
Agent-based management tools cannot access turned-off desktopsOr desktops under system failures or attacks
agent agent
managementtool
... ...
PC PC
Intel AMTWhat is Active Management Technology
(AMT)?Embedded processor separated from main CPUs
Enable agentless remote management of turned-off desktopsProvide hardware informationReboot desktopsProvide remote GUI controlRestrict network access
AMT
managementtool
Z z z
PC
Virtual DesktopsRun as virtual machines (VMs) in servers
Users access them remotelyDesktop as a Service (DaaS)
Enable consolidating desktops in serversAdmins can maintain desktops more easily
Software installation/update
VM VM...
servervirtual desktop
screen
keyboard/mouse
Physical and Virtual DesktopsTwo types of desktops are mixed
The transition is in progressDifficult to use virtual desktops in laptop PCs
Admins have to use two management toolsFor AMT and for VMsIncrease the burden of desktop
management
VMAMT VM
virtual desktop
...
...
...
toolfor PCs
toolfor VMs
PC
AMT
Virtual AMT (vAMT)Enable managing virtual desktops like
physical onesProvide the same interfaces as AMTAbsorb differences from physical desktops
Admins can perform unified management using AMT and vAMT
AMTVM
vAMT
AMTVM
vAMT
...
...
...
PC
virtualdesktop
managementtool
server
(v)AMT InterfacesWS-Management
Allow remote management with CIMCIM provides a definition of management
informationSOAP
Allow remote management with Web servicesDeprecated from AMT 6.0 but still used
Keyboard/Video/Mouse (KVM)Allow out-of-band remote GUI control with VNC
Monitoring Virtual DesktopsvAMT returns hardware information on a
VMObtain information of all elements or a specific
elementE.g., virtual CPUs, memory, power state
vAMT emulates non-existent hardware as necessaryE.g., temperature, voltage, manufacturer
vAMT
managementtool
EnumerateInstances
information on CPUs
VM
Controlling Virtual DesktopsvAMT changes hardware state of a VM
Invoke methods defined in CIME.g., power on/off, CPU enabling/disabling
vAMT ignores requests of state changes to non-existent hardwareE.g., fan speed, WiFi state
vAMT
managementtool
RequestPowerStateChange()
Success
rebootVM
Out-of-band Remote ControlvAMT provides a VNC server for a VM
Obtain the screen of a VMInject keyboard/mouse inputs to a VM
This remote control does not depend on a VMUseful at boot timeAvailable even if network failure occurs inside a
VMVNC
server
vAMTmanagement
tool
VNCVM
How to Access Turned-off VMs?PCs always exist as concrete hardware
AMT can access hardware without regard to its power stateE.g., power management, VNC connections
VMs are destroyed after power offThe virtualized system can manage only running
VMsvAMT cannot access turned-off VMs
VM VM
power offpower on/off
PC
Accessing Turned-off VMs (1/2)vAMT accesses a turned-off VM through its
config fileObtain hardware information written in the
config fileE.g., virtual CPUs, memory
Create a VM from the config file when power onvAMT integrates information from a
running VM and a config file seamlessly
vAMT
configfile
managementtool
VM
Accessing Turned-off VMs (2/2)vAMT uses a VNC proxy to access a VM
The VNC proxy handles access to a turned-off VMReturn a dummy black screenIgnore keyboard/mount inputs
It redirects requests to a VNC server for a running VM
vAMT switches emulation and redirection automatically VNC
proxyVNC
server
vAMTmanagement
tool
VM
How to Manage Migrated VMs?A VM can be migrated to another host
Attached vAMT is not migrated togetherPossible approaches
Restart vAMT at the destination hostExisting network connections to vAMT are tore
downvAMT remotely accesses a migrated VM
The source host cannot be shut down forever
vAMT
source host destination host
VM
Managing Migrated VMsRun vAMT in another VM and co-migrate
vAMT with a target VMNetwork connections to vAMT are maintainedThe source host can be shut down
D-MORE [Kawahara et al.'14] enables synchronized co-migration of two VMsSolve timing issues
source host destination host
VMvAMT
System Architecture
libvirtd
QEMU-KVM
vAMT
VM
Apacheweb
server
WS-Manserver
CIMOM
CIM provider
s
Axis2
Webservices
OpenPegasus
Tomcat
rfbproxy
CIM ProvidersCIMPLE generates templates of CIM
providers from MOF filesThe MOF files are provided by Intel
Include the definitions of CIM classes
We have implemented 39/264 providersCIM providers access a VM using libvirt
class CIM_Processor : CIM_LogicalDevice { uint16 CPUStatus; uint32 EnableDevice(boolean Enabled); ...};
CIMProvider
CIMPLE
implement
Types of CIM ProvidersInstance provider
Manage multiple instances with different properties for a CIM class
Association providerManage the relationship between instances of
different CIM classes
CIM_Processor provider
CPU 0
CPU 1
CIM_Chip provider
instances
Chip 0
Chip 1
instances
CIM_Realizes provider
Web ServicesWSDL2Java generates templates of Web
services from WSDL filesThe WSDL files are also provided by Intel
We have implemented20/522 operationsWeb services access a VM
using libvirt-javaThey returns responses with
complex data structure
ExperimentsObjectives
Confirm that tools for AMT can be used for vAMTCompare the performance of vAMT with that of
AMT
managementtool
AMT
AMT 7.1.4Intel Core i7
(3.4 GHz)2 GB memory
Intel Core i7 (2.93 GHz)
4 GB memory
vAMT
VM
1 vCPU1 GB memory
Xeon W3550 (3.06 GHz)
6 GB memory
Connection: 97 requests of 26 CIM classes and 5 Web services to vAMT
Obtaining the AMT VersionWinRM sent a request for one CIM class
> winrm g cimv2/CIM_SoftwareIdentity?InstanceID=AMT -r:http://192.168.0.173:16992/wsman
CIM_SoftwareIdentity InstanceID = AMT IsEntity = true VersionString = 7.1.4
GetInstancewhere InstanceID=AMTWinRM
vAMT
Version=...
Performance ResultsPhysical desktop with AMT
More than 2 seconds in a turned-off PCAMT was in the sleep mode
Virtual desktop with vAMTvAMT was always faster than AMT
The host CPU was faster than the AMT chip
0.0
0.5
1.0
1.5
2.0
2.5 2.1
0.4 0.1 0.06
AMT (power off, 1st)
AMT (power off, 2nd)
AMT (power on)
vAMT
tim
e (
sec)
Complex OperationsAssetDisplay sent multiple requests for
each operationCPU information, power off
> AssetDisplay -processor -host 192.168.0.173
Device ID: CPU 0Stepping: 7Max Clock Speed: 2930CPUStatus: CPU EnabledRole: CentralFamily: 198Upgrade Method: OtherManufacturer: Intel Corp.Version: Intel(R) Core(TM) i7 CPU @ 2.93GHPhysical Position: CPU 1
Performance ResultsObtaining CPU information
AMT was 1.9 times slower than vAMTDue to searching association information
Turning the power offvAMT was faster than AMT
Performance difference was small
CPU info Power off0.0
0.5
1.0
1.5
AMT
vAMT
tim
e (
sec)
Related WorkOpenIPMI lanserv simulator [Minyard]
Communicate with a virtual IPMI device of QEMU-KVM
Used for testing management tools for IPMICIM extension for virtualization [DMTF'07]
Enable managing both physical and virtual desktops
Still require differentiating themVMware Horizon View, Microsoft SCCM
Support both physical and virtual desktopsProvide only agent-based management
ConclusionvAMT for managing virtual desktops
Provide the same interfaces as AMT for physical desktops
Enable unified desktop managementWorked well with existing management tools for
AMT
Future workImplement all the CIM providers and Web
servicesE.g., packet filtering
Implement unsupported interfacesE.g., serial over LAN (SOL)