Living in a virtual world
By Simon Bisson
Simon Bisson unveils the mysteries of virtualisation and explores how virtual desktops, servers and applications can help you reduce risk and save money.
HardCopy Issue: 42 | Found In: Virtualisation | Published: 01/11/2008 | Last Revision: 06/07/2010
Virtualisation isn’t a new technology. Its roots go back to the mainframe where it was an answer to the problem of running many applications on multiple processing cores. The same trends have finally reached the world of the desktop PC and the commodity server where virtualisation offers simpler management and the chance to improve the utilisation of servers.
With a virtualised system there’s no need to worry about hardware compatibility. All applications get access to the same virtual devices, and only one operating system image is needed, so simplifying deployment and patch management.
Why virtualise?
One reason is to consolidate your servers. With the average server reaching only 30 per cent utilisation, virtualisation tools allow you to share one piece of hardware across several virtual servers. The resulting changes mean that there’s plenty of scope for simplifying the rest of your infrastructure, reducing network complexity and introducing virtualised network storage. Furthermore, a simpler infrastructure is a cheaper infrastructure, with lower running costs and reduced maintenance requirements.
A virtualised infrastructure lets you be more flexible. The latest virtualisation platforms let you treat computational resources as a utility, hot switching in more virtual cores or more memory as required, or moving virtual machines (VMs) from one physical server to another that’s less loaded. The same techniques help ensure that your applications stay available all the time.
The same is true for desktops where virtualisation simplifies both management and deployment, minimising system images as well as reducing the time needed to patch. Virtualised desktops can also be used to provide secure access to business resources for partners and consultants, as well as allowing developers to test code without having to deploy separate test hardware. The same software that runs desktop code will also run most servers and support multiple operating systems, letting you run Linux on Windows PCs and Windows on Apple’s OS X.
Application virtualisation takes a different approach, sandboxing applications so they don’t interact with other. Some may run on remote servers while others can be streamed to desktop PCs for online and offline use. There’s no need to test applications for compatibility with each other.
How does it work?
There are two approaches to building a virtual machine. The first, often thought of as true virtualisation, lets you run applications using a virtual processor that emulates an entire PC. There’s a lot to be said for this approach, which can even emulate machines running completely different processors and completely different architectures. Apple used it to bring PowerPC applications to the Intel world, and it’s the approach many mobile application developers will be familiar with as code is often tested on virtual ARM processors running on x86 hardware.
The second approach works with existing processors to share resources between different virtual machines, each operating in its own isolated memory space. A virtual machine manager or ‘hypervisor’ handles the scheduling, taking advantage of the virtualisation support built into the latest processors. Both Intel and AMD have their own hardware virtualisation methods, and while these currently allow hardware to share processing resources and memory, I/O devices are still managed using virtual device drivers. That said, virtualised I/O will soon be a standard feature of most hypervisors, allowing virtual machines direct access to video cards and other devices.
Para-virtualisation takes elements from both worlds but requires specially modified guest operating systems. Here the virtual machine runs against a thin emulation layer that mimics the underlying hardware, allowing thinner hypervisors with less resource requirements. This approach gives performance much closer to that of a stand-alone operating system, while using virtualisation tools to give hardware characteristics that it may not actually offer.
Desktop virtualisation
The original PC-based virtualisation tools were desktop-based virtualisation platforms. Intended to allow users to run more than one operating system at a time, they soon found favour with developers who need to test applications without affecting their standard development environments. Testing in virtualised environments is now a standard part of the development process as it allows full testing without the need to invest in dedicated test hardware.
The same techniques were also used by software companies to distribute test versions of their software. Microsoft provides VMs with various versions of Internet Explorer, running on time-limited Windows installs, so that Web developers can test sites against as many versions of IE as possible. Virtual machines are also used to distribute fully working environments of complex server software, allowing systems administrators to test applications without having to install entire test environments.
Virtualised desktops can also be used to allow users to run software that’s incompatible with their current desktop operating system or hardware. If a legacy application is a required part of day-to-day operations, it can be loaded in a virtual machine and distributed to staff as required. The same techniques have proven very popular with OS X users who use Windows virtual machines to run Windows software on Macintosh hardware.
The same approach can be used to run single function virtual appliances. These are often built using free and open source software, and offer desktop and home users a quick way of deploying high-grade services at little or no cost. Free desktop virtualisation tools make virtual appliances a low risk proposition.
Server virtualisation
Much like desktop virtualisation, server virtualisation takes commodity server hardware and lets you run multiple instances of one or more operating systems at the same time. This allows you to partition applications and services so that they don’t interfere with each other, and to utilise the hardware as efficiently as possible. Servers can run without displaying a user interface so there’s no need for a server virtualisation platform to emulate complex graphics hardware and the resulting platform can run with very little overhead, giving performance similar to that of a single OS server.
Virtual servers need to be managed, so a server hypervisor should be able to deliver management information about its client operating systems, and about the host hardware. Hypervisors can also help with disaster recovery by saving regular snapshots of an operating image which can be used to recreate your server on replacement hardware. Virtual disks can be shared between servers using virtualised storage fabrics, often taking advantage of new network attached storage technologies like iSCSI.
There’s a new generation of system management tools that are able to work with virtual infrastructures, giving you a single place from which to set virtual server policies. A well-designed management tool allows you to move virtual servers between physical hardware seamlessly, as well as helping plan physical to virtual migrations. Virtual servers can be controlled by centrally administered policies, and these allow you to automate many management functions.
Application virtualisation
Application virtualisation software, sometimes referred to as ‘thin applications’, allows users to keep their own desktops while applications are delivered on-demand and follow users around the network, no matter what hardware they’re using. Virtualised applications are installed on a central server and delivered to sandboxes running on local machines. This approach keeps applications from interacting with the desktop environment, or each other, and helps keep critical applications secure.
This is a very different approach to hardware virtualisation and is a lot closer in concept to using a thin client system. However applications have access to local resources and run using the client’s own processor and memory.
One advantage of application virtualisation is that it gives you the tools to manage licenses more effectively. You can use management tools to know exactly who is using what and where.
Disaster recovery
One side effect of virtualisation is that it makes disaster recovery much simpler. Virtual machines are stored in virtual disks which are relatively easy to copy between sites and machines. Offsite copies of all your virtual servers can quickly bring your business back to life after a major outage, as can backed up copies of any virtualised storage. Not only can offline virtual disks be copied to recovery sites, but the built in snapshot tools in modern virtual machine software make it possible to transfer snapshots of live machines and live data.
If you need to run your business from a disaster recovery site, then you can use an asymmetric approach to recovery. This allows you to run your VMs on constrained hardware, either with fewer servers running more virtual machines or on less powerful hardware than your day-to-day data centre.
This approach reduces the cost of disaster recovery as you don’t have to duplicate your entire infrastructure. It also allows you to share much of the infrastructure of a disaster recovery site with other companies, reducing costs still further.
Virtualisation for security
Virtualisation is an effective security tool as it allows you to sandbox virtual machines from each other, so preventing interaction and isolating any problems. Risk can be managed by using a virtual machine to handle any high-risk activities, so protecting the host system. Such a sacrificial VM can be deleted once it’s no longer needed, making sure that any possible malware payload is lost. You can download virtual appliances to handle this already, including versions based on secured Linux distributions that use hardened browsers and secure networking tools.
One option demonstrated by Intel is the use of a separate security partition where a high priority VM is used to host a hardened OS and appropriate security tools. This can then be used to handle network traffic for the rest of the system, and at the same time monitor your other virtual machines for signs of malware. It’s a model similar to that employed by Yoggie Security Systems but without requiring additional hardware.
Licensing and virtualisation
Virtualisation isn’t the panacea for all your computing woes. For one thing, it can cause considerable licensing confusion, especially where vendors have opted for a per-CPU licence. Microsoft has taken a looser approach than many vendors, providing per-running instance licences. This means that stored images don’t count against your licences, so disaster recovery images don’t require extra licences.
If you’re running a virtualised server infrastructure, Microsoft now provides four instance licences with each copy of Windows Server 2008 Enterprise, along with unlimited instances if you’ve invested in the high end Data Center edition. Similar licensing schemes are available for Small Business Server 2008, although here Microsoft will only be offering a ‘one-plus-licence’, letting you run SBS on a virtual server to simplify disaster recovery and backup.
While that may seem straightforward, there are also issues with licensing when applications and servers are being dynamically managed. Instantiating a new copy of a server will count against your licences, so you’ll need to take account of available and issued licences in any management rules you use.
The future of virtualisation
VMware's High Availability technology means that virtual machines can be seamlessly moved to other hardware if you need to take a server down for any reason.
Virtualisation has a rosy future. It can help businesses consolidate data centres and improve server efficiencies. Machine images can also improve disaster recover, and give virtual infrastructures flexibility beyond that of purely physical systems.
With a new generation of multi-core hardware, it can also help businesses take advantage of increased processing power, spreading operations across multiple CPU cores. Future virtual machine hypervisors will allow IT departments to completely separate hardware and software, providing a common abstraction layer that will allow any operating system to run as a guest on any hardware.
Virtualisation solutions
The big name in virtualisation is VMware with a wide range of solutions. Microsoft’s Hyper-V technology is of course significant, and there are a number of other players.
Desktop Virtualisation
While tools like Microsoft’s Virtual PC, Sun’s Virtual Box and VMware’s Player are free, they don’t offer the management features that an enterprise desktop environment requires.
VMware has been the virtualisation market leader for some time and offers a wide selection of tools for working with and managing desktop virtualisation. VMware Workstation is probably the best known and supports many of the features users have come to expect with standard desktop hardware, including USB memory sticks and multiple monitors. It’s also a useful tool for building virtual machine images that can be delivered to virtual servers. You can use it to take snapshots of your environment before you make any major changes, or build entire virtual networks on a single desktop, allowing complex environments to be emulated and tested.
You can use VMware’s Virtual desktop manager to manage virtual desktops across a site or an entire IT infrastructure. This allows you to load desktop images from central servers and to patch client operating systems using a single master image.
You can also use VMware Workstation to build environments that can be delivered using VMware ACE, providing secure, locked-down environments for users and visitors which can be delivered using various tools, including flash drives. ACE’s management tools are able to enforce policies, including updating virtual machines from a central location.
While VMware Workstation is hosted by Windows and Linux, VMware also offers a similar OS X solution for Apple Macintoshes. VMware Fusion lets Windows and other PC operating systems run inside OS X, and include support for 3D graphics.
Another option for OS X users is Parallels whose Desktop blends OS X and other operating systems. Parallels supports a Coherence mode that hides the Windows desktop, allowing hosted applications to look as if they are running natively under OS X.
Server Virtualisation
As with desktop virtualisation, server hypervisors have become commodities and cost little or nothing. You can download Microsoft’s Hyper-V and Virtual Server for free, as well as VMware’s Server and ESX enterprise hypervisor. That’s only part of the story, though. The real value comes from building an effective virtual infrastructure, and for that you’re going to need tools to take a physical infrastructure to virtual, and to manage the virtual environment once it’s in place.
There are alternatives in the shape of virtual server platforms such as Virtual Iron. Built on an open source hypervisor, Virtual Iron provides a single management interface for all your virtual machines, while the extended Enterprise Edition comes with tools to handle physical to virtual migration.
Microsoft’s System Center Virtual Machine Manager provides Windows administrators with various management tools for Microsoft’s virtualisation solutions. There’s also support for third party services, allowing you to manage all your virtual machines from one familiar interface.
The Red Hat Network management tools allow you to monitor and manage the operation of your virtual machines.
VMware’s Virtual Infrastructure is its flagship product, bringing together a selection of tools to manage and control ESX-hypervisor-based systems. You can use the VI tools to optimise your virtual infrastructure, handle performance and manage server provisioning and migration. Rules govern just how virtual machines operate, and you can build sets of machines and define them as hosts for a specific application or business service, making it easier to monitor just how your applications are operating once virtualised.
Smaller scale virtual data centres can be managed using VMware’s Virtual Center. This works with the free VMware Server hypervisor and provides a one-stop shop for provisioning and managing virtual server images. You can use the console-based management tools to work with a set of virtualised servers, monitoring operations and manually provisioning new servers as required.
Third-party virtualisation management specialists Vizioncore provide tools for working with small and medium-sized virtual networks. Its vOptimizer product tunes the virtual hard drives used by your virtual servers. Running this process regularly makes it easier to ship images across a network, speeding up virtual machine backup and helping you get the most from your hardware.
If you’re planning to use virtualisation as part of your disaster recovery strategy, Vizioncore’s vReplicator simplifies the process of making copies of active virtual machines and handling server prioritisation, using a mix of snapshots and differential replication. Writes are targeted at an open snapshot, while alternate snapshots are delivered to target servers, either in or outside your LAN.
The PowerConvert tools from Platespin can help with managing a server consolidation, including the physical to virtual transition. Platespin offers per-conversion licenses as well as perpetual licenses that can handle ongoing virtualisation schemes. If you’re planning a migration, another tool from Platespin helps build inventories of servers and desktops, and plan the migration of your existing physical infrastructure to a virtual environment.
Red Hat Enterprise Linux 5 has support for virtualisation built in, using para-virtualisation techniques to allow optimised guest operating systems to share kernel components while running in separate memory partitions. This approach reduces memory requirements and speeds up operations, as well as allowing direct access to external hardware without new drivers. Operating systems from other vendors can be supported using traditional virtualisation techniques thanks to Linux’s libvirt virtualisation library. Red Hat Network management tools also include tools for managing virtual systems.
Application virtualisation
While server virtualisation has had most of the publicity, application virtualisation has become an alternate route to getting the most from virtualisation without disrupting existing infrastructure.
Microsoft’s SoftGrid offers one route to application virtualisation, sandboxing applications so they don’t interact with each other while allowing them to be streamed from central distribution servers. Management tools monitor usage and allow licenses to be managed centrally.
Microsoft’s SoftGrid is a fully managed solution for streaming applications to desktops and thin clients.
VMware’s ThinApp offers a similar approach, with application isolation that allows code from different application generations to run safely on the same machine. By downloading applications block by block, ThinApp lets applications start running before they’re completely downloaded: a copy of Microsoft Office will run with just 10 per cent downloaded, for example, speeding up launch times. There’s no need to install applications on the desktop PCs which means you can treat them as thin clients and reduce their capability and cost. The requisite application packaging tools come as part of the package and allow you to link groups of applications together, helping distribute workflow-specific applications to users.