Tip:
Highlight text to annotate it
X
So let me give you some practical notes on using virtualization.
This is from my own experience making this stuff work.
On Linux there's a great tool called virt-manager.
I'll show you a screenshot from it in a minute.
It used to be pretty rudimentary, and now it's a lot better.
In virt-manager you can set it up, you can give it a DVD image,
download it from an archive and start loading a VM.
When you use this, the images are usually stored in var/lib/libvirt,
so when you start creating more than a few VMs,
you'll usually run out of space in /var, so you want to be sure
you move that over to a different space.
Virsh, you can actually use to change that default space,
which you'll have to do a lot. And also, like I said,
networking can be complicated due to the use of virtual network bridges in Linux,
so you have to be prepared to work on it to make it work.
You'll learn something about it, it's kind of a complicated issue.
The simplest thing to do is start with the network address translation,
or NAT, to get the VM working on your network.
And be cautious about computer security. So if I have a single server running...
in my lab, I can use iptables to control it, right?
So I've got my single server running ESAX, and I went and created twenty VMs on it.
I now have twenty places for someone to break into
if I don't use some kind of protection, okay?
So security problems explode if you use unprotected, unpatched servers as VMs.
So, beware. That's going back to Maslow's Needs hierarchy too.
So here's an example of using virt-manager. So I've started up
virt-manager here in a window. Actually, what I'm doing here is,
I've got a pfSense firewall running in my lab, which is...
pfSense is an open source firewall software, it works really well.
It's really cheap. It's a... use it in your lab if you don't have it
cuz you can increase your security immensely.
Basically it's a PC with pfSense installed on a USB stick.
It boots and runs off of that, I can go to a web interface,
and I can set up my account for myself, for my students,
so we can VPN into my pfSense firewall.
When I do that I get on a 192 network,
so I'm completely separated from all the outside.
Nobody can break into my systems cuz they can't get through the firewall, okay?
So basically at the expense of an old PC and a USB drive
and a couple network interfaces, it'll really increase the security of your system.
So what I've got is I've got a pile of PCs running virtualization,
I pfSense... set up my pfSense firewall,
I've made a VPN connection from my laptop through to my pile of systems,
and I've used VNC here to bring up a remote console below the screen,
and I'm running virt-manager, and what you see here is actually a few systems...
This is just one physical machine here running OpenSees VM,
another test VM. I got a Windows 7, I gotta shut down right now.
This is... so I can actually manage, using virt-manager,
a collection of machines, works pretty well for that.
Live migration... maybe not. It's not there yet.
But it works really well for basic Linux administration KVM virtual machines.
Now, this is... when I open up one of the VMs,
I can actually get a console on it. So this actually...
what you see here is a console on a virtual machine that's running.
So I'm actually talking to a virtual machine. Works really well for that.
Now if I want to create a new virtual machine in virt-manager,
I say, 'Create a new virtual machine.' I can then
select 'Local install media', like a DVD or CD-ROM.
So when you want to create a new virtual machine
you basically downloaded a DVD image of Thor or Windows
or Red Hat or whatever you want to use.
And you tell the virtualization system, 'Pull your boot from that.'
What'll happen is, it's got a virtual BIOS in it just like a regular PC,
it'll actually boot, go to the virtual CD image, start loading it....
So it's pretty straightforward now, used to be a lot more work, but it works a lot better now.
So like I've said, managing a network can be tricky.
This bridge-utils package is what VRCTL is included in.
And also the external... getting external interface
working on the virtual switch can take some work,
so just be aware of that when you try doing this.
So virt-manager can let you use these virtual switches
but you have to set it up underneath correctly in the first place.
So here's an example here of virt-manager.
I'm... for a VM, I'm selecting a virtual network to connect to.
So some... if you're gonna do anything on Linux for virtualization,
you're really good learning virsh. Virsh shell.
And it looks pretty daunting at first.
Once you learn it, it's great. Cuz it works really well.
And that's kind of what seems to really control what's going on.
That's really the power behind the GUIs for these things.
And Libvirt is supposed to be able to control Xen and KV...
Has anyone ever used libvirt to control Xen?
Anybody here? I never tried it, but it's supposed to.
It's supposed to run VMware too, but I've never tried that either.
[pause]
So in terms of an IAS controller, VMware vSphere is a commercial version of it.
It works really well, it's very stable, you can start, stop,
migrate, shut down, everything. And it's got a great, great GUI,
you can manage a network of virtual switches on it, and it works really well.
I want to show you an example here of... this is my VMware in my lab.
Just to give you a sense, this is one physical server, okay?
And picture in your mind a little NIC to your switch, okay?
And in this virtual server I've got 1,2,3, virtual network switches
on that one physical server, okay? So what I've got here is...
I've got one of the network interfaces, a Gigabit, connected to
the virtual network switch and it goes to the outside network.
This one I've got... the second NIC on the server
connected to the second virtual switch, okay?
So what I've got then is each VM has a virtual NIC, or more than one,
and so, for example, this perfSonar VM has got a...
its virtual NIC is plugged into this virtual switch, okay?
That's how it works. On the ground. Now what's cool is...
Let's say that I got... I've done this for NEES.
I buy a ten Gigabit adapter and I plug it into my server,
and I want to have my VMs have ten Gigabit access.
You can do that. You create a ten Gigabit virtual switch,
you plug your 10 Gig adapter into the 10 Gig virtual switch,
you create virtual 10 Gig NICs, and you plug 'em in.
And it just works. So I can have, like, five VMs all with their own personal
10 Gig connection,10 Gig switch, on the server out to the interface
to the 10 Gig outside network. We do that for NEES, it works really well.
Something else we've done that's kind of cool is...
in VMware you can actually do port mirroring.
So we have some intrusion detection software running,
we have a mesh of virtual network switches, it's replicating all the packets
on this kind of background network, we're running SNORT and [unknown] on it
to watch for intruding protection. It's all virtualized. Works really well.
So Linux-based Cloud computing systems,
there's Nimbus, Eucalyptus, OpenNebula and OpenStack.
My personal experience is OpenNebula is the most straightforward system to set up and use.
It's easy to debug, it uses standard Linux facility. It seems to work pretty well.
And this right here is a screenshot of my system running OpenNebula.
So this is showing the physical host, one host list.
Basically it [unknown] each physical host and it picks up
information on the processor and available memory.
And this is the list of VMs that are running on those right now.
So when I say... when I want to create a VM I say to OpenNebula,
'Here's an instance of a VM, go find a place to run it.'
OpenNebula finds a machine, puts it over there and brings it up.
And I can see it from this list, it's like I control these systems through this interface.