Sunday, March 27, 2016

Hypervisor

       A hypervisor or virtual machine monitor (VMM) is a piece of computer software, firmware or hardware that creates and runs virtual machines.

        A computer on which a hypervisor is running one or more virtual machines is defined as a host machine. Each virtual machine is called a guest machine. The hypervisor presents the guest operating systems with a virtual operating platform and manages the execution of the guest operating systems. Multiple instances of a variety of operating systems may share the virtualized hardware resources.

Classification

       In their 1974 article "Formal Requirements for Virtualizable Third Generation Architectures" Gerald J. Popek and Robert P. Goldberg classified two types of hypervisor:

Type-1, native or bare-metal hypervisors

       These hypervisors run directly on the host's hardware to control the hardware and to manage guest operating systems. For this reason, they are sometimes called bare metal hypervisors. A guest operating system runs as a process on the host. The first hypervisors, which IBM developed in the 1960s, were native hypervisors. These included the test software SIMMON and the CP/CMS operating system (the predecessor of IBM's z/VM). Modern equivalents include Oracle VM Server for SPARC, Oracle VM Server for x86, the Citrix XenServer, VMware ESX/ESXi and Microsoft Hyper-V 2008/2012.

Type-2 or hosted hypervisors

      These hypervisors run on a conventional operating system just as other computer programs do. Type-2 hypervisors abstract guest operating systems from the host operating system. VMware Workstation, VMware Player, VirtualBox and QEMU are examples of type-2 hypervisors.

     However, the distinction between these two types is not necessarily clear. Linux's Kernel-based Virtual Machine (KVM) and FreeBSD's bhyve are kernel modules that effectively convert the host operating system to a type-1 hypervisor.Nevertheless, since Linux distributions and FreeBSD are still general-purpose operating systems, with other applications competing for VM resources, KVM and bhyve can also be categorized as type-2 hypervisors.

      Microsoft's Hyper-V is often run on top of Windows Server full installation. This would make it type-2 in this scenario.

    In 2012, a US software development company called LynuxWorks proposed a type-0 (zero) hypervisor one with no kernel or operating system whatsoeverwhich might not be entirely possible.

Thursday, March 24, 2016

Logical partition

A logical partition, commonly called an LPAR, is a subset of computer's hardware resources, virtualized as a separate computer. In effect, a physical machine can be partitioned into multiple logical partitions, each hosting a separate operating system.

History

IBM developed the concept of hypervisors (virtual machines in CP-40 and CP-67) and in 1972 provided it for the S/370 as Virtual Machine Facility/370. IBM introduced the Start Interpretive Execution (SIE) instruction (designed specifically for the execution of virtual machines) as part of 370-XA architecture on the 3081, as well as VM/XA versions of VM to exploit it. PR/SM is a type-1 Hypervisor based on the CP component of VM/XA that runs directly on the machine level and allocates system resources across LPARs to share physical resources. It is a standard feature on IBM System z, System p, and System i machines.

The terms PR/SM and LPAR are often used interchangeably, including in IBM documentation. Formally, LPAR designates the logical partitioning function and mode of operation, whereas PR/SM is the commercial designation of the feature.

This technology was later developed separately by Amdahl, and Hitachi Data Systems for their implementations of the ESA/390 architecture in the mid 1980s; and continued by IBM for the System z and System i architectures. LPAR and PR/SM reconfigurations can be made without rebooting the computer, i.e., while some LPARs remain active. Reconfigurations can include changing channel path definitions and device definitions.

z/VM supports the z/Architecture HiperSockets function for high-speed TCP/IP communication among virtual machines and logical partitions (LPARs) within the same IBM zSeries server. This function uses an adaptation of the Queued-Direct Input/Output (QDIO) high-speed I/O protocol.

IBM later introduced LPARs to their midrange iSeries and pSeries servers in 1999 and 2001, respectively, albeit with varying technical specifications. Multiple operating systems are compatible with LPARs, including z/OS, z/VM, z/VSE, z/TPF, AIX, Linux, and i/OS. In storage systems, such as the IBM TotalStorage DS8000, LPARs allow for multiple virtual instances of a storage array to exist within a single physical array.

In first part of 2010 year, Fujitsu announced availability of its x86 64 PRIMEQUEST line of servers, which support LPARs.

In second part of 2011 year, Hitachi has announced availability of CB2000 and CB320 blade systems,which support LPAR on x86 64 hardware.

Monday, March 21, 2016

Oracle VM Server for SPARC

          Logical Domains (LDoms or LDOM) is the server virtualization and partitioning technology for SPARC V9 processors. It was first released by Sun Microsystems in April 2007. After the Oracle acquisition of Sun in January 2010, the product has been re-branded as Oracle VM Server for SPARC from version 2.0 onwards.

         Each domain is a full virtual machine with a reconfigurable subset of hardware resources. Domains can be securely live migrated between servers while running. Operating systems running inside Logical Domains can be started, stopped, and rebooted independently. A running domain can be dynamically reconfigured to add or remove CPUs, RAM, or I/O devices without requiring a reboot.

Thursday, March 17, 2016

Secure Shell

          Secure Shell, or SSH, is a cryptographic (encrypted) network protocol to allow remote login and other network services to operate securely over an unsecured network.

        SSH provides a secure channel over an unsecured network in a client-server architecture, connecting an SSH client application with an SSH server. Common applications include remote command-line login and remote command execution, but any network service can be secured with SSH. The protocol specification distinguishes between two major versions, referred to as SSH-1 and SSH-2.

         The most visible application of the protocol is for access to shell accounts on Unix-like operating systems, but it sees some limited use on Windows as well. In 2015, Microsoft announced that they would include native support for SSH in a future release.

               SSH was designed as a replacement for Telnet and for unsecured remote shell protocols such as the Berkeley rlogin, rsh, and rexec protocols. Those protocols send information, notably passwords, in plaintext, rendering them susceptible to interception and disclosure using packet analysis.The encryption used by SSH is intended to provide confidentiality and integrity of data over an unsecured network, such as the Internet, although files leaked by Edward Snowden indicate that the National Security Agency can sometimes decrypt SSH, allowing them to read the content of SSH sessions.

Key management

          On Unix-like systems, the list of authorized public keys is typically stored in the home directory of the user that is allowed to log in remotely, in the file ~/.ssh/authorized_keys.This file is respected by SSH only if it is not writable by anything apart from the owner and root. When the public key is present on the remote end and the matching private key is present on the local end, typing in the password is no longer required (some software like Message Passing Interface (MPI) stack may need this password-less access to run properly). However, for additional security the private key itself can be locked with a passphrase.

            The private key can also be looked for in standard places, and its full path can be specified as a command line setting (the option -i for ssh). The ssh-keygen utility produces the public and private keys, always in pairs.

           SSH also supports password-based authentication that is encrypted by automatically generated keys. In this case the attacker could imitate the legitimate server side, ask for the password, and obtain it (man-in-the-middle attack). However, this is possible only if the two sides have never authenticated before, as SSH remembers the key that the server side previously used. The SSH client raises a warning before accepting the key of a new, previously unknown server. Password authentication can be disabled.

Monday, March 14, 2016

Remote Desktop Protocol

        Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, which provides a user with a graphical interface to connect to another computer over a network connection. The user employs RDP client software for this purpose, while the other computer must run RDP server software.

        Clients exist for most versions of Microsoft Windows (including Windows Mobile), Linux, Unix, OS X, iOS, Android, and other operating systems. RDP servers are built into Windows operating systems; an RDP server for Unix and OS X also exists. By default, the server listens on TCP port 3389 and UDP port 3389.

          Microsoft currently refers to their official RDP server software as Remote Desktop Connection, formerly "Terminal Services Client".

          The protocol is an extension of the ITU-T T.128 application sharing protocol.

Friday, March 11, 2016

Paravirtualization

        In computing, paravirtualization is a virtualization technique that presents a software interface to virtual machines that is similar, but not identical to that of the underlying hardware.

      The intent of the modified interface is to reduce the portion of the guest's execution time spent performing operations which are substantially more difficult to run in a virtual environment compared to a non-virtualized environment. The paravirtualization provides specially defined 'hooks' to allow the guest(s) and host to request and acknowledge these tasks, which would otherwise be executed in the virtual domain (where execution performance is worse). A successful paravirtualized platform may allow the virtual machine monitor (VMM) to be simpler (by relocating execution of critical tasks from the virtual domain to the host domain), and/or reduce the overall performance degradation of machine-execution inside the virtual-guest.

        Paravirtualization requires the guest operating system to be explicitly ported for the para-API a conventional OS distribution that is not paravirtualization-aware cannot be run on top of a paravirtualizing VMM. However, even in cases where the operating system cannot be modified, components may be available that enable many of the significant performance advantages of paravirtualization. For example, the Xen Windows GPLPV project provides a kit of paravirtualization-aware device drivers, licensed under the terms of the GPL, that are intended to be installed into a Microsoft Windows virtual-guest running on the Xen hypervisor.

Linux paravirtualization support

         At the USENIX conference in 2006 in Boston, Massachusetts, a number of Linux development vendors (including IBM, VMware, Xen, and Red Hat) collaborated on an alternative form of paravirtualization, initially developed by the Xen group, called "paravirt-ops". The paravirt-ops code (often shortened to pv-ops) was included in the mainline Linux kernel as of the 2.6.23 version, and provides a hypervisor-agnostic interface between the hypervisor and guest kernels. Distribution support for pv-ops guest kernels appeared starting with Ubuntu 7.04 and RedHat 9. Xen hypervisors based on any 2.6.24 or later kernel support pv-ops guests, as does VMware's Workstation product beginning with version 6

Monday, March 7, 2016

Operating-system-level virtualization,Flexibility

Operating-system-level virtualization is a server-virtualization method where the kernel of an operating system allows for multiple isolated user-space instances, instead of just one. Such instances (sometimes called containers, software containers, virtualization engines (VE), virtual private servers (VPS), or jails) may look and feel like a real server from the point of view of its owners and users.

On Unix-like operating systems, one can see this technology as an advanced implementation of the standard chroot mechanism. In addition to isolation mechanisms, the kernel often provides resource-management features to limit the impact of one container's activities on other containers.

Uses

Operating-system-level virtualization is commonly used in virtual hosting environments, where it is useful for securely allocating finite hardware resources amongst a large number of mutually-distrusting users. System administrators may also use it, to a lesser extent, for consolidating server hardware by moving services on separate hosts into containers on the one server.

Other typical scenarios include separating several applications to separate containers for improved security, hardware independence, and added resource management features. The improved security provided by the use of a chroot mechanism, however, is nowhere near ironclad. Operating-system-level virtualization implementations capable of live migration can also be used for dynamic load balancing of containers between nodes in a cluster.

Flexibility

Operating-system-level virtualization is not as flexible as other virtualization approaches since it cannot host a guest operating system different from the host one, or a different guest kernel. For example, with Linux, different distributions are fine, but other operating systems such as Windows cannot be hosted.

Solaris partially overcomes the above described limitation with its branded zones feature, which provides the ability to run an environment within a container that emulates an older Solaris 8 or 9 version in a Solaris 10 host. Linux branded zones (referred to as "lx" branded zones) are also available on x86-based Solaris systems, providing a complete Linux userspace and support for the execution of Linux applications; additionally, Solaris provides utilities needed to install Red Hat Enterprise Linux 3.x or CentOS 3.x Linux distributions inside "lx" zones. However, in 2010 Linux branded zones were removed from Solaris; in 2014 they were reintroduced in Illumos, which is the open source Solaris fork, supporting 32-bit Linux kernels.

Friday, March 4, 2016

Linux-VServer

      Linux-VServer is a virtual private server implementation that was created by adding operating system-level virtualization capabilities to the Linux kernel. It is developed and distributed as open-source software.

        The project was started by Jacques Gélinas. It is now maintained by Herbert Pötzl of Austria and is not related to the Linux Virtual Server project, which implements network load balancing.

       Linux-VServer is a jail mechanism in that it can be used to securely partition resources on a computer system (such as the file system, CPU time, network addresses and memory) in such a way that processes cannot mount a denial-of-service attack on anything outside their partition.

        Each partition is called a security context, and the virtualized system within it is the virtual private server. A chroot-like utility for descending into security contexts is provided. Booting a virtual private server is then simply a matter of kickstarting init in a new security context; likewise, shutting it down simply entails killing all processes with that security context. The contexts themselves are robust enough to boot many Linux distributions unmodified, including Debian and Fedora.

          Virtual private servers are commonly used in web hosting services, where they are useful for segregating customer accounts, pooling resources and containing any potential security breaches. To save space on such installations, each virtual server's file system can be created as a tree of copy-on-write hard links to a "template" file system. The hard link is marked with a special filesystem attribute and when modified, is securely and transparently replaced with a real copy of the file.

            Linux-VServer provides two branches, stable (2.2.x), and devel (2.3.x) for 2.6-series kernels and a single stable branch for 2.4-series. A separate stable branch integrating the grsecurity patch set is also available.

Advantages
  • Virtual servers share the same system call interface and do not have any emulation overhead.
  • Virtual servers do not have to be backed by opaque disk images, but can share a common file system and common sets of files (through copy-on-write hard links). This makes it easier to back up a system and to pool disk space amongst virtual servers.
  • Processes within the virtual server run as regular processes on the host system. This is somewhat more memory-efficient and I/O-efficient than whole-system emulation, which cannot return "unused" memory or share a disk cache with the host and other virtual servers.
  • Processes within the virtual server are queued on the same scheduler as on the host, allowing guests processes to run concurrently on SMP systems. This is not trivial to implement with whole-system emulation.
  • Networking is based on isolation rather than virtualization, so there is no additional overhead for packets.
  • Smaller plane for security bugs. Only one kernel with small additional code-base compared to 2+ kernels and large interfaces between them.
  • Rich Linux scheduling features such as real-time priorities.


Tuesday, March 1, 2016

Hybrid server

          A hybrid hosting service or hybrid server is a type of Internet hosting which is a combination of a physically-hosted server with virtualization technology.

          A hybrid server is a new kind of dedicated server that offers both the power of a classic dedicated server and the flexibility of cloud computing. On hybrid dedicated servers hardware are 100% allocated to user. The price is lower than for dedicated servers.

         The server is separated into hybrid server environments using Red Hat KVM or any other virtualization. Each hybrid environment is securely isolated and has guaranteed resources available to it which ensures a high level of performance and responsiveness. A hybrid server combines all of the benefits of virtualization technology with the performance of a full dedicated server. So, an administrator can use automation to suspend, restart, or reinstall the operating system. One large server is split into a few (normally two) Hybrid servers.