The Virtualization & VPS Server Handbook - Chapter 5

Chapter 5.1 - XEN

Now I guess the time has come for us to try and understand the most popular paravirtualization software of them all – XEN. Let's go a little deeper into the technological details of this software.

Xen originated as a research project at the University of Cambridge, led by Ian Pratt, senior lecturer at Cambridge and founder of XenSource Inc. This company now supports the development of the open source project and also sells enterprise versions of the software. The first public release of Xen was made available in 2003. XenSource Inc. was acquired by Citrix Systems in October 2007. XenSource's products have subsequently been renamed under the Citrix brand. XenExpress was renamed "XenServer Express Edition" and "XenServer OEM Edition" (embedded hypervisor) XenServer was renamed "XenServer Standard Edition". XenEnterprise was renamed "XenServer Enterprise Edition".
Xen Project Advisory Board (Xen AB) currently has members from Citrix, IBM, Intel, Hewlett-Packard, Novell, Red Hat and Sun Microsystems. The Xen AB is chartered with oversight of the project's code management procedures, and with development of a new trademark policy for the Xen mark, which Citrix intends to freely license to all vendors and projects that implement the Xen hypervisor. Licensing requirements will be solely the responsibility of the Xen AB.

A Xen system is structured with the Xen hypervisor as the lowest and most privileged layer. Above this layer are one or more guest operating systems, which the hypervisor schedules across the physical CPUs. The first guest operating system, called in Xen terminology "domain 0" (dom0), is booted automatically when the hypervisor boots and given special management privileges and direct access to the physical hardware. The system administrator logs into dom0 in order to start any further guest operating systems, called "domain U" (domU) in Xen terminology.

Modified versions of Linux, NetBSD and Solaris can be used as the dom0. Several modified Unix-like operating systems may be employed as guest operating systems (domU); on certain hardware, as of Xen version 3.0, unmodified versions of Microsoft Windows and other proprietary operating systems can also be used as guests if the CPU supports VT technology.
We have already come to know in Chapter 2 that Intel played a part in modifying Xen to support their VT-x (formerly Vanderpool) architecture extensions. Similarly AMD has also contributed support for their AMD-V extensions. These technologies, while differing quite substantially in their implementation and instruction sets, are managed by a common abstraction layer in Xen and enable unmodified guest operating systems to run within Xen virtual machines, starting with Xen 3.0.

Such hardware assisted virtualization offers new instructions to support direct calls by a paravirtualized guest/driver into the hypervisor and is typically used for I/O. It also provides additional execution modes: "root mode" and "non-root mode". Both of these modes have Rings 0-3; the Xen host operates in root mode and has access to the real hardware, while the unmodified guest operates in Rings 0-3 of non-root mode and its "hardware" accesses are under complete control of the hypervisor.

Xen-HVM has device emulation based on the QEMU project to provide I/O virtualization to the VMs. Hardware is emulated via a patched QEMU "device manager" (qemu-dm) daemon running as a backend in dom0. This means that the virtualized machines see as hardware: a PIIX3 IDE (with some rudimentary PIIX4 capabilities), Cirrus Logic or vanilla VGA emulated video, RTL8139 or NE2000 network emulation, PAE, and somewhat limited ACPI and APIC support and no SCSI emulation.

As of Xen 3.0.2, the list of supported unmodified guests is limited to certain versions of Windows (incl. XP) and Linux.
Xen under Linux currently runs on x86, with Pentium II or newer processors, x86-64 based systems, as well as on IA-64 and PowerPC. Xen supports up to 64-way symmetric multiprocessing machines. XenSource offers a live ISO CD running Debian GNU/Linux as well as other free Linux distributions, enabling users to try Xen on their system without installing it to the hard disk.

During the development of Xen 1.x, Microsoft Research, along with the University of Cambridge Operating System group, developed a port of Windows XP to Xen. This was possible due to Microsoft's Academic Licensing Program. The terms of this license do not allow this port to be published, although the experience is documented in the original Xen SOSP paper.
Xen can be delivered to market as a virtualization platform, such as Citrix XenServer Enterprise Edition (formerly XenSource's XenEnterprise), or embedded within the host operating system. An example of the latter configuration is the inclusion of Xen in Novell's SUSE Linux Enterprise 10 distribution, Red Hat's RHEL 5/Fedora 7, Sun Microsystems' Solaris, or Debian's Etch release. Ubuntu includes Xen packages since Ubuntu 6.10. The latest release, Gutsy, includes Xen version 3.1. Gentoo package exists for Xen in Portage. XenSource recently announced that Dell will incorporate Citrix XenServer OEM Edition as an embedded hypervisor installed in flash memory as an option on all Power Edge Servers, early in 2008.
XenSource is also developing a compatibility layer for Windows Server 2008 hypervisor, so that systems that have been modified to run as Xen guests will be able to function on the 2008 hypervisor.

We have already discussed in Chapter 2 about a number of third-party tools (known as Xen Management Consoles), developed to facilitate the common tasks of administering a Xen host, such as configuring, starting, monitoring and stopping of Xen guests. Now is the time to go deeper into these tools.

back to index

Chapter 5.1.1 - XEN opensource - SuSE YaST

You can set up a computer to be a virtualization host server during the installation of the SUSE Linux operating system or added to a computer already running SUSE Linux.

Virtualization software can be installed by using one of the following options:

• During the initial installation, change the Software category so it includes the Xen Virtual Machine Host Server selection. Complete the installation and restart the computer.
• On a computer already running SUSE Linux, run YaST+Virtualization+Install Hypervisor and Tools. Complete the on-screen instructions and restart the computer.
• On a computer already running SUSE Linux, enter yast2 xen from a command line interface. Complete the on-screen instructions and restart the computer.
• Copy the virtualization packages to the virtualization host server desktop and run the rpm -U package_name command. Restart the computer.

Please note the following while installing the virtualization software:

• If you use the rpm command, you can safely ignore any messages stating “Cannot determine dependencies of module”. The message might be repeated two or three times during installation.
• Only applications and processes required for virtualization should be installed on the virtualization host server.

Chapter 5.1.2 - XEN opensource - RedHat/CentOS Virtual Machine Manager (virt-manager)

The "Virtual Machine Manager" application is a desktop user interface for managing virtual machines developed from RedHat/fedora and also included in nearly all RedHat based distribution (redhat workstation, redhat enterprise, fedora core, CentOS,…). It presents a summary view of running domains and their live performance & resource utilization statistics. A detailed view presents graphs showing performance & utilization over time. It allows creation of new domains, and configuration & adjustment of a domain's resource allocation & virtual hardware. An embedded VNC client viewer presents a full graphical console to the guest domain.

Initially Xen was the primary platform supported, however, since libvirt 0.2.0 and virt-manager 0.3.1 it is possible to manage QEMU and KVM guests too. It is expected that support for additional hypervisors / virtualization products will expand even further over time as additional libvirt drivers are written.
"Virt Install" an easy way to provision operating systems into virtual machines. It also provides an API to the virt-manager application for its graphical VM creation wizard.
"Virt Image" allows installation of guest operating systems based on a pre-defined master image. The image provides metadata describing the requirements of the operating system, minimal resource allocations, and pre-installed disk.

The "Virtual Machine Viewer" is a lightweight interface for interacting with the graphical display of virtualized guest OS. It uses GTK-VNC as its display capability, and libvirt to lookup the VNC server details associated with the guest. It is intended as a replacement for the traditional vncviewer client, since the latter does not support SSL/TLS encryption of x509 certificate authentication.

back to index

Chapter 5.1.3 - XEN opensource - ConVirt

Project ConVirt is an active, open source project conceived with the goal of tackling the administrative and infrastructure management challenges that adoption of virtualization platforms presents to the traditional data center. The XenMan administrative console is Project ConVirt’s first release.

XenMan is an intuitive, graphical management tool aimed at operational lifecycle management for the Xen virtualization platform. With XenMan’s secure, multi-node administration, performance management and provisioning capabilities, administrators can safely manage their entire environment from a single, centralized console. Most common administrative tasks like starting, stopping, monitoring and provisioning virtual machines (Guest OSs) typically involve just a few mouse clicks with XenMan; as do server management operations like scanning OS configurations or acquiescing individual servers for maintenance.

Chapter 5.1.4 - XEN commercial solution - Enomalism

Enomalism is an open source web-based virtual infrastructure platform which is designed to answer the complexity of managing globally diverse virtual server environments. It helps to automate the transition to a virtualized environment by reducing an IT organization’s overall workload. The easy to use dashboard can help with issues including deployment planning, load balancing, automatic VM migration, configuration management, and capacity diagnosis.

Enomalism enables you to perform many virtual server management tasks from any computer with appropriate Internet or network access. You can manage Windows, Linux and UNIX servers all from one simple & secure web based interface. You can also manage system users across multiple virtual servers using a central LDAP user authentication system. You can assign and control system resource parameters and re-assign resources in real-time via a rich web-based interface.
Enomalism allows for Dynamic Real-time Virtual Server Management. Enomalism provides easy hard drive resizing using LVM. It can easily concatenate, stripe together or otherwise combine partitions into larger virtual ones that can be resized or moved on the fly turning virtual storage into a fluid resource that can be easily allocated.
A SSH Client provides a mechanism to easily access the consoles of various virtual machines with the click of a mouse. SSHTools is a suite of Java SSH applications providing a Java SSH API, SSH Terminal, SSH secured VNC client, SFTP client and SSH Daemon.

Enomalism features an Enomalism Virtual Appliance package management interface and a VMcasting system that automates the process of installing, upgrading, configuring, and removing software packages. VMcasting uses RSS feeds to deliver updates and release notes directly to Enomalism.

back to index

Chapter 5.1.5 - XEN commercial solution - Citrix XENserver (formals XENenterprise)

XenSource’s XenEnterprise is a robust and easy-to-use bare metal virtualization platform for running Windows and Linux virtual machines. XenEnterprise delivers the performance, security and openness of the Xen technology for x86 server virtualization, emphasizing ease of use, simple deployment, and the ability to install and manage multiple Windows and Linux virtual machines on the same server.
It is a complete virtualization platform providing businesses the ability to instantly become virtualized! It comes with a comprehensive management, monitoring and virtual machine deployment console and an affordable price tag to encourage rapid adoption of server virtualization. XenEnterprise 4.1 provides a full feature package to create and deploy a functional virtualized server infrastructure.

It is built to fully leverage Intel and AMD virtualization technology for near bare metal speed. Drivers provide high speed I/O for enhanced disk and network performance. It supports wide variety of local storage including IDE, SATA, SCSI, SAS and others. It also supports Fiber Channel based SANs with boot from SAN for diskless blades.

XenEnterprise increases server utilization leading to reduced IT costs and improved operational agility all in a robust and easy to use solution. It offers IT departments the ability to easily create, run, and manage virtual machines.

• Scalability and Performance
  • Increased number of simultaneous running VMs
  • real Fast Performance for Windows and Linux Guest systems (due special client drivers who enhances speed dramaticaly for Disk i/o and Network performance)
  • Enhanced nested page table (NPT) support for modern AMD processors
  • built in VLAN support
  • Nearly "bare-metal" performance on nearly all x86 servers
  • Improved Citrix Presentation Server performance and maximum number of user sessions
• Reliability and Manageability
  • Easy installation of XEN nodes (done in 15 minutes!)
  • Host NIC bonding for fail-over (configured via CLI)
  • Multi-Server and Multi-Pool Management (Create and manage resourcepools central from Citrix XENCenter windows application for many Servers and resource pools)
  • Centralized logging
  • Configuration of network management interfaces via the CLI
  • Update/patch management integrated in XenCenter
  • Powerful resource management (CPU, Disk and Network Resource Controls for Qos)
  • Broad Hardware Support
  • Java bindings for XenAPI in SDK
  • Full Supported by Citrix
• Storage
  • Various iSCSI, SAN and NAS systems are supported
  • Initial shared fibre channel storage support (via CLI only)
  • Enhanced support for NetApp filers, including snapshot and cloning
  • Windows guest Hot disk remove
  • native iSCSI integration with some ISCSI improvements
  • Support for hot-plugging USB storage as a storage repository
• built in and optimized drivers - Host System
  • Rolling pool upgrade support
  • NIC driver updates (e1000, BNX2, TG3)
  • Support several 10Gb network adapters (Mellanox/Chelsio)
  • Improved hardware support
• Guest Support
  • Red Hat Enterprise Linux 5 32-bit and CentOS 5 32-bit install from physical CD
  • Red Hat Enterprise Linux 5 x64 and CentOS 5 x64 guest support
  • Oracle Enterprise Linux 5 x86 and x64 guest support
  • Windows Vista x86 guest support

Chapter 5.1.6 - XEN commercial solution - VirtualIron

Virtual Iron provides enterprise-class software for server virtualization & virtual infrastructure management for just a fraction of the cost of established proprietary offerings.
By taking full advantage of industry standards and open source economics, Virtual Iron dramatically reduces the cost and complexity of virtualization and makes production-ready capabilities available to the mainstream market.



Virtual Iron enables server partitioning for single and multi-server configuration, no downtime virtual server migration, advanced management capabilities for rapid provisioning, high availability and disaster recovery and capacity management. With these advanced capabilities, users can:

• Virtualize enterprise-class workloads running on unmodified Windows and Linux operating systems.
• Improve the utilization of current systems and reduce power, space and cooling issues through server consolidation.
• Quickly set up development, test and production environments.
• Recover from failures quickly, reliably and cost-efficiently.
• Match resource capacity to workload demands automatically.
• Reduce human labor and errors via policy-based automation.

Virtual Iron is sold exclusively through a select group of authorized Virtual Iron Channel One Partners.

back to index

Chapter 5.2 - VMWARE

VMware, based in Palo Alto, California, is one of the leading companies in virtual infrastructure software for industry-standard systems. They have two free options available – VMware Server and VMware Player. It must be remembered that though they are available free of cost, they are proprietary software and by no means open source.

Chapter 5.2.1 - FREE - VMware Player

VMware Player is a FREE product that enables the user to run, evaluate and share software in a virtual machine. It is ideal for safely running pre-installed, pre-configured applications and beta software, Player runs any virtual machines created by other VMware products but it cannot itself create new virtual machines.
VMware Player provides:

• Safe software distribution without installation or configuration issues by distributing pre-configured virtual machines
• Ability to create secure, portable personal computing environments
• An extensible and redistributable platform that can be customized by developers

The user can run virtual machines on Windows or Linux PC with VMware Player 2.0. This free desktop virtualization software application makes it easy to operate any virtual machine created by VMware Workstation, VMware Server or VMware ESX Server, as well as Microsoft virtual machines and Symantec LiveState Recovery disks. The user can:

• Run multiple operating systems simultaneously on a single PC
• Experience the benefits of preconfigured products without any installation or configuration hassles
• Share data between host computer and virtual machine

VMware Player makes it simple to quickly evaluate one of the many virtual appliances available through the VMware Virtual Appliance Marketplace. A virtual appliance is a pre-built, pre-configured and ready-to-use enterprise software application on a virtual machine. With VMware Player, anyone can quickly and easily experience the benefits of preconfigured products without any installation or configuration hassles.

VMware Player installing Windows XP Professional under Windows XP

Chapter 5.2.2 - FREE - VMware Server (formerly GSX Server)

VMware Server (formerly GSX Server) is an entry-level server virtualization software suite. VMware Server can create, edit, and play virtual machines. It uses a client-server model, allowing remote access to virtual machines, at the cost of some graphical performance (and 3D support). In addition to the ability to run virtual machines created by other VMware products, it can also run virtual machines created by Microsoft Virtual PC, but it cannot create new virtual machines by itself. VMware, Inc. makes Server freely available in the hope that users will eventually upgrade to VMware ESX Server.

Users of VMware Server's internal utilities can preserve (and revert to) a single snapshot copy of each separate virtual machine within their VMware Server environment. As already stated, the product does not have a specific interface for cloning virtual machines, unlike VMware Workstation.
At present, with regards to Windows Vista as a Guest-OS, VMware Server only supports the 32-bit version. The kernel-mode drivers for the 64-bit version do not have digital signatures, so 64-bit editions of Windows Vista and Windows Server 2008 prevent their installation.
There are certain known limitations of VMware Server which are discussed below:

Hardware support limitations:

OS support limitations:
64-Bit Solaris 10 1/06 (Update 1) and Solaris 10 6/06 (Update 2) fail with a triple fault on Intel Pentium M-based systems Merom, Woodcrest, and Conroe. A Sun Microsystems blog has published a workaround for this issue.

Network protocols limitations:
Attempting to mount an NFS share from a NAT'ed instance of VMware Server may result in a permission-denied error. To fix the problem, the user has to switch the VMware instance to use bridged networking rather than network address translation (NAT). Bridged networking implies adding another device on a network, while NAT uses the VMware server to assign the instance an IP address, either through DHCP or through a static IP configuration. Another method of dealing with the permission-denied error involves using port forwarding, but this option results in more complexity.
VMware Server can swallow CPU interrupts, making maintenance of accurate time difficult. Network Time Protocol (NTP) servers should not run under VMware.
Whatever may be the case; there are certain undeniable benefits of VMware Server. With this tool one can:

One of the interesting uses with any virtual setting is the level of security. Malware testers use it all the time to infect virtual systems to discover how the threats work. This is deemed safe; because the only danger would come if an application could leave the virtual setting and gain access to the host. While this has been debated, tested, and rumored to be successful in the past, no one has proven it.

The security advisory from Core and VMware Inc. warns that there is a way to access the host machine from the virtual environment. "A vulnerability was found in VMware's shared folders mechanism that grants users of a guest system read and write access to any portion of the host's file system including the system folder and other security-sensitive files. Exploitation of this vulnerability allows attackers to break out of an isolated Guest system to compromise the underlying Host system that controls it,” the advisory report reads.
Any version of VMware that includes the shared folder option is vulnerable. Until a patch is made available, VMware has suggested the following workaround:
To disable shared folders in the Global settings:

To disable shared folders for the individual virtual machine settings:

• From the VMware product's menu, choose VM and then Settings.
• In the Options tab, select Shared Folders and Disable.

 


back to index

Chapter 5.2.3 - commercial - VMware Workstation

A virtual machine, as the name suggests, is a fully functional computer whose very existence is virtual. One host computer running VW6 can support any number of virtual machines, limited only by available disk space. The host can run multiple VMs simultaneously, as long as it has sufficient RAM for them all, and the VMs can even communicate with each other over a virtual network. With virtual machine software, help desk technicians can bring up the precise OS version used by the caller; software developers can quickly test new builds under different OSs; malware researchers can analyze a new threat without risking damage to the physical machine; and the ordinary user can run legacy programs that require an older OS.  All of this and something more can be had in a VMware Workstation.

VMware Workstation is a software which allows one physical machine to run multiple operating systems simultaneously. It can also simulate some hardware units and can mount an ISO file as a CD-ROM, and .vmdk files as hard disks; and can configure its network adapter driver to use network address translation (NAT) through the host-machine rather than bridging through it (which would require an IP address for each guest-machine on the host network).

The beauty of VMware Workstation is it also allows the testing of Live CDs without first burning them onto physical discs or rebooting the computer.This is not all. The user can also take multiple successive snapshots of an operating system running under VMware Workstation. Each snapshot allows a roll back of the virtual machine to the saved status at any time. The ability to use multiple snapshots makes VMware Workstation useful as a tool for sales-people demonstrating complex software products, and for developers setting up virtual development-environments and virtual test-environments. This feature is used by many developers while testing antispyware utilities. They restore a specific "infested" snapshot, run the antispyware, and save a snapshot after the cleanup is finished.

Cloning an existing VM to create a new one is a snap too. The user has the option to either choose a fully independent new VM or a space-saving linked clone that stores only the differences from the base.

It is worth mentioning that Microsoft Virtual PC 2007 and Parallels Workstation can also handle basic virtual machine tasks but can take only a single snapshot of the machine’s state and thus is not that useful to developers or sales-people as VMware Workstation is.

Previous VMware versions have included the ability to open VMs created by certain other VM products, among them VPC 2007 and Symantec LiveState Recovery. VMware Workstation version 6.0 version adds a more powerful Import function based on the separate VMware Converter product. It can import a physical machine on the network, creating a virtual machine copy, and can also import VMs from Virtual PC, Microsoft 's virtual server. It can even import drive images from Ghost 9.x or later. This is a very cool capability that lets you turn Ghost images into VMs. The import process differs from simply opening the foreign VM in that it can include additional configuration steps such as installing VMware Tools in the guest operating system.
Version 6 also lifts limitations on RAM usage by virtual machines. Previously, the total amount of RAM assigned to virtual machines couldn't go above 4GB, and for a single VM, not above 3.6GB. Now an individual VM can use up to 8GB, and the total RAM usage is limited only by the host system's combined physical and virtual RAM. Other enhancements include drag-and-drop transfer of files between Windows and Linux VMs, remote access and control through VNC (Virtual Network Computing), and support for the VIX scripting API for automating VM tasks.

VMware Workstation version 6.0 virtual machines have also provided the much needed support for USB 2.0. In earlier versions, USB 2.0 was visible to the guest operating-system as USB 1.1.  However, five-button mouse still remain unsupported. Only three-button mouse works within the guest OS.
Another issue that seems to bother VMware Workstation is 64-Bit Solaris 10 1/06 (Update 1) and Solaris 10 6/06 (Update 2) fail with a triple fault on Core 2 generation processors. Sun Microsystems it seems has found a way around this problem.

Those having older versions of VMware Workstation have been unable to run newer versions of Linux. The latest versions of the 2.6.x kernel require a patch to use all the VMware features — even when using VMware Workstation 5.0 or 5.5. These patches are however, freely available and come via Czech Technical University.

It has also been observed that VMware Workstation at times swallows CPU interrupts, thus making maintenance of accurate time difficult. So, Network Time Protocol servers should not be run under VMware.

Around a month back some vulnerability was discovered in shared folders zone of VMware. A user logged onto a guest VM running in VMware Workstation can gain read/write access to the host system by specifying a pathname with the ".." substring. But, the host is only vulnerable if the shared folders are turned on and at least one host folder is set for sharing. VMware has issued an advisory to users to either disable or limit shared folder access between the guest and the host systems until patches are released.
The good thing about VMware Workstation which has made many a user enthusiastic about it is its compatibility with Windows Vista.

But this compatibility has to be viewed from two aspects. What is the performance of Vista as the host operating system and what is its performance as a guest operating system. This comparison of course has to be done vis-à-vis XP to get a really conclusive answer. It was generally found that as a host operating system Vista performs equally well as XP. The only problem is Vista consumes more memory than XP. This implies Vista leaves less memory for the use of VMs than XP.  But while comparing the performance of a Vista VM as against a XP VM on a XP host it was found Vista in some situations fell behind XP. Further investigation indicated VMware Workstation hasn’t introduced any vista-specific overheads, thus the relative performance of Vista is almost the same as that of XP.

Some people, it seems, are not very clear about the two offerings from VMware – VMware Workstation and VMware Server and often tend to consider one as a substitute for the other. So, it would be proper if some of these queries are answered and doubts cleared here and now.

VMware Workstation is a user-mode program. It runs while you are logged on, and it won't run when you are logged off. So, it isn't well suited to long-running applications. It isn't appropriate (or even allowed by the licensing) to run Web or application servers in a Workstation session. By comparison, VMware Server runs as a service independent of any particular user login. You connect a client GUI to a running session as required, and you can connect to sessions on remote Server machines as well.

It has already been discussed in detail in the preceding paragraphs VMware Workstation is a more appropriate choice if you are primarily engaged in software testing. The facility of creating snapshots of the system and the scope of reverting to any of the “snapshotted” state saves a lot of time than having to do a from-scratch system setup for each part of the testing.

So, in summary, VMware Workstation is better for software testing, VMware Server is the choice for actually doing real work.  Then there is VMware ESX, which plays the role of operating system as well. It require neither Linux nor Windows as a host operating system, and it's the one to choose for big multi-processor systems where you want the horsepower to be available on demand across many VMware sessions.

However, if you run VMware on a laptop, you face the issue of what happens to your VMware sessions when the host's battery runs out of power, and the host wants to shut down. Neither Workstation nor Server does a perfect job of shutting down the guest sessions cleanly before the host shuts down, not in my experience, but Server definitely does a better job.

In case you are once again confused, let me try just one more time and see whether I am able to draw a final conclusion. It may be said that if you have a single user desktop system, you will choose the Workstation version of VMware. If you are a medium sized business, you will probably choose VMware Server for all virtualized server applications. If you are one of those larger businesses, you should be interested in the ESX server and the management tools available in the VMware Infrastructure Suite of products.
You must have by now gathered enough information about VMware Workstation. Not only that, some nagging doubts which might have plagued your mind about various VMware products and how best to use them must also have been cleared after going through this article.

Chapter 5.2.4 - commercial - VMware ESX Server

Let us now take a look at the commercial VMware solutions.
VMware markets two virtualization products for servers: VMware ESX Server and VMware Server (formerly called "GSX Server"). Out of these VMware Server is a free tool. It has been discussed in detail in the previous section.
ESX Server, an enterprise-level product, can deliver greater performance than the freeware VMware Server, due to lower system overhead. In addition, ESX Server integrates into VMware Virtual Infrastructure, which offers extra services to enhance the reliability and manageability of a server deployment. The VMware Server product offers a user interface with a similar look-and-feel to VMware Workstation.
The basic server requires some form of persistent storage - typically an array of hard disk drives - for storing the virtualization kernel and support files. A variant of this design, called ESX Server 3i, does away with the first requirement by moving the server kernel into a dedicated hardware device. Both variants support the services offered by Virtual Infrastructure.
The ESX Server product runs on "bare metal". In contrast to other VMware products, it does not run atop an operating system, but instead includes its own kernel. In ESX version 3 and older, a Linux kernel is started first and used to load a variety of specialized virtualization components), including VMware's 'vmkernel' component. (VMware refers to the hypervisor used by VMware ESX Server as 'vmkernel').
The vmkernel itself a microkernel, has three interfaces to the outside world:

Access to other hardware (such as network or storage devices) takes place using modules. At least some of the modules derive from modules used in the Linux kernel. To access these modules, an additional module called ‘vmklinux’ implements the Linux module interface.
The vmkernel offers an interface to guest systems which simulates hardware. This takes place in such a way that a guest system itself can run unmodified atop the hypervisor. Because using unmodified drivers in the guest system uses up some system resources, VMware offers special drivers for different operating systems to increase performance.
The Service Console is a vestigial general purpose operating system most significantly used as the bootstrap for the VMware kernel, vmkernel, and secondarily used as a management interface. The Service Console is derived from a modified version of Red Hat Linux, (Red Hat 7.2 for ESX 2.x and Red Hat Enterprise Linux 3 for ESX 3.x). In general, this Service Console provides management interfaces (CLI, webpage MUI, Remote Console). This approach provides lower overhead and better control and granularity for allocating resources (CPU-time, disk-bandwidth, network-bandwidth, and memory-utilization) to virtual machines. It also increases security, thus positioning ESX as an enterprise-grade product.

ESX Server uses a Linux kernel to manage the vmkernel. Linux kernel runs before any other software on an ESX host. After the Linux kernel has loaded, the S90vmware script loads the vmkernel. VMware Inc states that vmkernel does not derive from Linux, but acknowledges that it has adapted certain device-drivers from Linux device drivers. The Linux kernel continues running, under the control of the vmkernel, providing functions including the proc file system used by the ESX and an environment to run support applications. ESX version 3, however, loads the vmkernel from the Linux initrd, thus much earlier in the boot-sequence than in earlier ESX versions.
Actually in traditional systems, a given operating system runs a single kernel. ESX has both a Linux 2.4 kernel and vmkernel — hence there is some confusion over whether ESX has a Linux base. An ESX system starts a Linux kernel first, but it loads vmkernel which wraps around the Linux kernel and vmkernel is not derived from Linux.
A further detail which differentiates the ESX from other VMware virtualization products is that ESX supports the VMware proprietary cluster file system VMFS. VMFS enables multiple hosts to access the same SAN LUNs simultaneously, while file-level locking provides simple protection to file-system integrity.
There are certain known limitations of ESX server. They are:
Infrastructure limitations

Performance limitations
In terms of performance, virtualization imposes a cost in the additional work the CPU has to perform to virtualize the underlying hardware. Instructions that perform this extra work, and other activities that require virtualization, tend to lie in operating system calls. In an unmodified operating system, OS calls introduce the greatest portion of virtualization overhead.
Paravirtualization or other virtualization techniques may help with these issues. VMware and XenSource invented the Virtual Machine Interface for this purpose, and selected operating systems currently support this.

back to index

Chapter 5.2.5 - commercial - VMware virtual Infrastructure

The VMware approach to virtualization inserts a thin layer of software directly on the computer hardware or on a host operating system. This software layer creates virtual machines and contains a virtual machine monitor or “hypervisor” that allocates hardware resources dynamically and transparently so that multiple operating systems can run concurrently on a single physical computer without even knowing it.
However, virtualizing a single physical computer is just the beginning. VMware offers a robust virtualization platform that can scale across hundreds of interconnected physical computers and storage devices to form an entire virtual infrastructure.
In essence, a virtual infrastructure is a dynamic mapping of physical resources to business needs. While a virtual machine represents the physical resources of a single computer, a virtual infrastructure represents the physical resources of the entire IT environment, aggregating x86 computers and their attached network and storage into a unified pool of IT resources.
Structurally, a virtual infrastructure consists of the following components:

By decoupling the entire software environment from its underlying hardware infrastructure, virtualization enables the aggregation of multiple servers, storage infrastructure and networks into shared pools of resources that can be delivered dynamically, securely and reliably to applications as needed. This pioneering approach enables organizations to build a computing infrastructure with high levels of utilization, availability, automation and flexibility using building blocks of inexpensive industry-standard servers.
VMware virtual infrastructure solutions are ideal for production environments in part because they run on industry-standard servers and desktops and support a wide range of operating system and application environments, as well as networking and storage infrastructure. The solutions are designed to function independently of the hardware and operating system to provide users with a broad platform choice. As a result, these solutions provide a key integration point for hardware and infrastructure management vendors to deliver differentiated value that can be applied uniformly across all application and operating system environments.
A hypervisor provides the virtualization abstraction of the underlying computer system. In full virtualization, a guest operating system runs unmodified on a hypervisor. However, improved performance and efficiency is achieved by having the guest operating system communicate with the hypervisor. By allowing the guest operating system to indicate its intent to the hypervisor, each can cooperate to obtain better performance when running in a virtual machine. This type of communication is referred to as paravirtualization. Transparent paravirtualization allows a single binary version of the operating system to run either on native hardware or on a hypervisor in paravirtualized mode.
VMware ESX Server incorporates a VMware hypervisor as one of its basic functional elements to achieve transparent paravirtualization.

As virtualization technology evolves and underlying hardware improves, basic hypervisor functionality could reside in a stand-alone software layer, in hardware or in software associated with a particular operating system. An open hypervisor framework will benefit users by enabling an ecosystem of interoperable virtualization vendors and solutions to exploit the hypervisor functionality.
An open approach to licensing, APIs, and formats gives user the opportunity to choose the technologies that work best in specific environments. Open APIs also contribute to better product interoperability, allowing the user more choices and more flexibility. It must be noted that some vendors are developing proprietary APIs and following restrictive licensing policies.
VMware virtual infrastructure also boasts of Virtual Machine Disk Format (VMDK)
A virtual machine encapsulates an entire server or desktop environment in a file. The virtual machine disk format specification describes and documents the virtual machine environment and how it is stored. The virtual machine disk format specification is critical to how virtual environments are provisioned, manipulated, patched, updated, scanned and backed up.
Interoperable formats for virtual machine disks across implementations benefit users in multiple ways:

VMware virtual infrastructure also supports the OVF (Open Virtual Machine Format) which is intended to be an open, industry-standard format for virtual appliances and is secure, portable, efficient and extensible. OVF was created by Dell, HP, IBM, Microsoft, VMware and XenSource and has been accepted by the Distributed Management Task Force, DMTF, as a draft specification.
Management interfaces enable management software (such as those provided by HP, IBM, VMware, CA, BMC, and others) to deploy, control, and monitor virtual machines running in different virtualization environments. These tools can automatically execute many of the daily tasks in the data center, decreasing costs and increasing reliability. VMware supports a rich set of additional interfaces that allow users to realize the full potential of virtualization.
Now an user can virtualize even the most processor-intensive enterprise applications. VMware Virtual SMP allows a single virtual machine to use up to four physical processors simultaneously. Now scaling virtual infrastructure has become much easier with multiple processors working in parallel in a single virtual machine. Only VMware provides symmetric multiprocessing for industry-standard virtual machines.

VMware Virtual SMP is based on the company’s patented virtual machine technology that transforms physical computers into a pool of computing resources. VMware Virtual SMP runs resource-intensive applications and tasks with multiple processors sharing the workload. Virtual SMP moves processing tasks between available processors to balance the workload and more fully utilize all processing power while built-in controls minimize system overhead.
VMware HA (High Availability) provides pervasive, cost-effective failover protection within your virtualized IT environment.

VMware HA provides protection regardless of operating system or underlying hardware configuration. VMware HA eliminates the need for dedicated stand-by hardware and additional software.

It is a feature-rich product that continuously monitors all physical servers in a resource pool and restarts virtual machines affected by server failure.

VMware HA is included in VMware Infrastructure Standard and Enterprise editions.
VMware DRS (Distributed Resource Scheduler) continuously balances computing capacity in resource pools to deliver the performance, scalability and availability not possible with physical infrastructure. VMware DRS allows the user to:

There are some constraints associated with DRS, and the big one is the standard Vmotion constraints. If you cannot Vmotion then you cannot use DRS. (We have already discussed in detail Vmotion technology in Chapter 2 – if you feel slightly lost, quickly go over to chapter 2 for a swift recap!).
DRS takes into account processor affinity which include affinity rules and anti-affinity rules. The anti-affinity rules take into account high availability and clustering while the affinity rules take into account performance. The dynamic balancing component of DRS (i.e. Automatic Vmotion) is adjusted based on the Virtual Machines’ resource requirement at any given time. The DRS balancing component is re-evaluated every few minutes based on millisecond performance evaluation over that period of time across the whole resource pool. A balancing re-evaluation is also done when the pool settings change, this includes resource entitlements or VM pool assignments. If the imbalance in the resource pool is high then the balancing component will be more aggressive than if the imbalance is low.
The rules also suggest that virtual machines will be allocated resources fairly, based on the pool and virtual machine resource settings. Possible Vmotion(s) are evaluated based on the final effect of the migration on the destination host and the migration cost.
The list price of DRS is $2000 but I have a strong feeling that an intense discussion with the reseller is bound to fetch you a reasonable discount. Though if you have the Enterprise Edition of 3i then you get it included in your package!

Chapter 5.3 - Sun solaris virtualization

We will now discuss about Solaris Containers.
With the escalating costs of managing vast networks of servers and software components, companies today are looking for new ways to reduce their IT infrastructure costs and better manage service levels. Consolidating multiple applications onto a single system means changing the way applications deployed. This can be a very expensive solution. And that's where virtualization and the Solaris Operating System come in.

Solaris Containers and Logical Domains (LDoms) are part of Sun's comprehensive offering of virtualization technologies. Solaris Containers use virtualization to enable you to maintain the one-application-per-server deployment model, while at the same time sharing hardware resources. LDoms, in conjunction with the CoolThreads technology in Sun Fire UltraSPARC T1 servers, work at a systems virtualization level, allowing multiple operating systems to run simultaneously.

As an integral part of the Solaris 10 OS, Solaris Containers isolate software applications and services using flexible, software-defined boundaries. This approach represents a breakthrough approach to virtualization and software partitioning, allowing many private execution environments to be created within a single instance of the Solaris 10 OS. Each environment has its own identity, separate from the underlying hardware, so it behaves as if it's running on its own system — making consolidation simple, safe, and secure.
Since each application runs in its own private environment — without dedicating new systems or operating systems — many application resources can be tested and deployed on a single server without impacting one another. So, system and network resources can be allocated and controlled on a fine-grained basis, helping to simplify computing infrastructures and improve resource utilization. As a result, the user can better consolidate applications onto fewer servers without concern for resource constraints, fault propagation, or security breaches.
No two organizations have the same type of workload or employ system resources in the same manner. Regardless of how a data center is arranged, a vast amount of computing capacity often remains untapped due to improper resource allocation.

Solaris Containers give users the ability to prioritize applications and control resource usage. Computing resources — CPUs, physical memory, network bandwidth, and more — can be dedicated to a single application, then shared with others in an instant, without moving applications or rebooting the system.
For example, a database, Web server, and batch application, each running on its own system, can be consolidated onto a single server configured to give each access to one-third of the available system resources. That same server can be automatically reconfigured so that the Web server receives 75 percent of network bandwidth during peak-load conditions. With the ability to dynamically allocate resources where they're needed most and the increased observability provided by DTrace integration, Solaris Containers help increase utilization of resources at the command of the user while ensuring that service-level agreements are adequately met.

Because resources are isolated and dedicated to a Solaris Container and its applications rather than a complete system, highly efficient application consolidation is now possible. For example, Web servers typically listen to network port 80, which requires root privileges and presents a high security risk. To reduce this risk and run multiple Web servers per system, each Web server can run in a Solaris Container, listen to its own unique port 80, and have its own root user, operating in an isolated and secure manner.
Indeed, even a single service can benefit from the isolation that Solaris Containers provide. To continue with the Web server example, it is possible to use Solaris Containers to help address the common issue of Web server security and Web page defacement by separating Web server administration and Web page maintenance from each other.
With Solaris Containers, user can create environments on multiple systems and start them where they're needed. Applications can be modified and tested in one Solaris Container and later deployed to an online area by using the migration feature (attach, detach and clone) without impacting other users. Multiple deployment scenarios can be tested with ease. And there is always the option of rolling back to previous settings and configurations if necessary. Since application testing no longer requires dedicated systems that sit idle most of the time, less time — and money — is spent in getting services up and running.

Maintaining flexibility and improving manageability are essential to effective cost-cutting strategies. Solaris Containers help the user to organize resources and gain a better understanding of how they're being used. With the ability to securely and dynamically manage and tune Solaris Containers multiple applications can be hosted on one system and expensive resources can be used to a greater effect. In addition, Solaris Containers gather workload-based usage data rather than system data, making it easier to more accurately charge for resources used. System-related administrative tasks are performed for the entire system instead of each application environment independently, saving time and money.
Solaris Containers take advantage of other technologies built into the Solaris OS to make the environment even more cost effective and observable. The integration with ZFS, for example, allows multiple Solaris Containers to consume a minimal disk footprint by utilizing ZFS snapshots. The global administrator can also hand off ZFS disk sets to the Container administrator, for example, enabling them to create their own snapshots and clones.

In addition, by taking advantage of the observability provided by DTrace within a Container, application developers are able to probe their applications, enabling them to debug systemic problems that are typically difficult to diagnose using traditional debugging tools.
Solaris Containers also enable users to more accurately re-create the physical system in the virtualized world by allowing simple, easy to configure CPU and memory resource management together with a specific network configuration. This makes the definition of a Container easy and allows rapid definition and deployment of new Containers without the need to go through a time-consuming hardware purchase cycle.

An example of this flexibility is IP instances, which allow the option to dedicate a network port to a Container. The Container administrator now has control over the network port and can allow configuration within the Container of such things as IP address, routing table, and network device settings.
Users can also take advantage of Trusted Extensions, an advanced security feature that implements labels to protect data and applications based on their sensitivity level, not just on who owns or runs them. Credit card information, classified data, and personal records remain secure and can't be accessed by or written to unauthorized sources.
Solaris Containers for Linux Applications allow Linux applications to run unmodified on the Solaris 10 OS. This enables maximum consolidation of available IT environments by allowing Linux and Solaris software to coexist, increases flexibility by lowering the barrier to migrate, removes dependencies on unpredictable schedules and source code availability, and boosts cross-platform development by extending the observability features of the Solaris 10 OS to the Linux platform.

Chapter 5.4 - Linux UserModeLinux (UML)

Let's discuss User-Mode Linux.
It's a safe, secure way of running Linux versions and Linux processes. You can run buggy software, experiment with new Linux kernels or distributions, and poke around in the internals of Linux, all without risking your main Linux setup.

User-Mode Linux gives you a virtual machine that may have more hardware and software virtual resources than your actual, physical computer. Disk storage for the virtual machine is entirely contained inside a single file on your physical machine. You can assign your virtual machine only the hardware access you want it to have. With properly limited access, nothing you do on the virtual machine can change or damage your real computer, or its software.

User-Mode Linux, or simply UML, is a port of the Linux kernel to the abstract um architecture. In other words, UML is the Linux kernel ported to run on itself, that is, the system call interface. UML runs on Linux as a set of Linux user processes, which run normally until they trap to the kernel.
UML originally ran in what is now referred to as the tt (trace thread) mode. In this mode, a special trace thread ptraces UML threads, gets notified upon system call entry/exit, nullifies the original call (say, to getpid()), and notifies the UML kernel to execute the intended system call. Since the UML kernel and its processes both are in the "real" user space, the processes can read from and write to the kernel's memory. UML makes the relevant memory read-only temporarily, which hampers performance greatly. Modifications to the Linux kernel exist (the skas mode, for "Separate Kernel Address Space") that address many of these issues.
You can even compile a version of UML that can be nested inside another UML.

UMLinux is a framework for evaluating the behavior of networked Linux machines in the presence of faults. The faults themselves are injected via software in various locations such as the memory, CPU registers, block devices, and network interfaces. UMLinux is similar to User-Mode Linux (UML), but since the emphasis was on studying dependability behavior, UMLinux had memory protection of the user mode kernel (which UML did not, initially). Furthermore, UMLinux (the virtual machine, the "guest" kernel, and all the guest processes) is implemented as a single process on the host system.

Chapter 5.5 - Microsoft Virtual Server

Microsoft Virtual Server is a virtualization solution that facilitates the creation of virtual machines on the Windows XP and Windows Server 2003 operating systems. Originally developed by Connectix, it was acquired by Microsoft prior to release. Virtual PC is Microsoft's related desktop virtualization software package.

Virtual machines are created and managed through an IIS web-based interface or through a Windows client application tool called VMRCplus.
The current version is Microsoft Virtual Server 2005 R2 SP1. New features in R2 SP1 include Linux guest operating system support, Virtual Disk Precompactor, SMP (but not for the Guest OS), x64 Host OS support (but not Guest OS support), the ability to mount virtual hard drives on the host OS and additional operating systems including Windows Vista. It also provides a Volume Shadow Copy writer which enables live backups of the Guest OS on a Windows Server 2003 or Windows Server 2008 Host. A utility to mount VHD images is also included since SP1.
Known limitations of Virtual Server, as of September 2007, include the following:

The involvement of Microsoft over the years in virtualization space has been discussed in Chapter 1. In case your awareness about the details needs some dusting, quickly go over to Chapter 1 and get updated.

Chapter 5.6 - openVZ

Now is the time to discuss OpenVZ.
We’ve already discussed some details about OpenVZ in Chapter 2. We will get into a little more detail now.
OpenVZ is an operating system-level virtualization technology based on the Linux kernel and operating system. The modified kernel provides virtualization, isolation, resource management, and checkpointing. It allows a physical server to run multiple isolated operating system instances, known as containers, Virtual Private Servers (VPSs), or Virtual Environments (VEs).
As compared to virtual machines such as VMware and paravirtualization technologies like Xen, OpenVZ is limited in that it requires both the host and guest OS to be Linux (although Linux distributions can be different in different containers). However, OpenVZ claims a performance advantage; according to its website, there is only a 1-3% performance penalty for OpenVZ as compared to using a standalone server. An independent performance evaluation confirms this.
OpenVZ is a basis of Parallels Virtuozzo Containers, a proprietary software product provided by Parallels, Inc. OpenVZ is licensed under the GPL version 2.

Each container is a separate entity, and behaves largely as a physical server would. Each has its own:

If needed, any container can be granted access to real devices like network interfaces, serial ports, disk partitions, etc.
OpenVZ resource management consists of three components: two-level disk quota, fair CPU scheduler, and user beancounters. These resources can be changed during container runtime, eliminating the need to reboot.
Each container can have its own disk quotas, measured in terms of disk blocks and inodes (roughly number of files). Within the container, it is possible to use standard tools to set UNIX per-user and per-group disk quotas.
The CPU scheduler in OpenVZ is a two-level implementation of fair-share scheduling strategy.
On the first level, the scheduler decides which container it is to give the CPU time slice to, based on per-container CPUUNITS values. On the second level the standard Linux scheduler decides which process to run in that container, using standard Linux process priorities and such.
It is possible to set different values for the CPUs in each container. Real CPU time will be distributed proportionally to these values. Strict limits, such as 10% of total CPU time, are also possible.
Similar to the CPU scheduler, I/O scheduler in OpenVZ is also two-level, utilizing Jens Axboe's CFQ I/O scheduler on its second level.
Each container is assigned an I/O priority, and the scheduler distributes the available I/O bandwidth according to the priorities assigned. Thus no single container can saturate an I/O channel.
User Beancounters is a set of per-container counters, limits, and guarantees. There is a set of about 20 parameters which is meant to control all the aspects of container operation. This is meant to prevent a single container from monopolizing system resources.
These resources primarily consist of memory and various in-kernel objects such as IPC shared memory segments, and network buffers. Each resource can be seen from /proc/user beancounters and has five values associated with it:

If any resource hits the limit, the fail counter for it is increased. This allows the owner to detect problems by monitoring /proc/user beancounters in the container.
A live migration and checkpointing feature was released for OpenVZ in the middle of April 2006. This makes it possible to move a container from one physical server to another without shutting down the container. The process is known as checkpointing: a container is frozen and its whole state is saved to a file on disk. This file can then be transferred to another machine and a container can be unfrozen (restored) there; the delay is roughly a few seconds. Because state is usually preserved completely, this pause may appear to be an ordinary computational delay.

As OpenVZ is as scalable as the 2.6 Linux kernel; i.e., it supports up to 64 CPUs and up to 64 GB of RAM. A single container can scale up to the whole physical box, i.e. use all the CPUs and all the RAM. OpenVZ is able to host hundreds of containers on a decent hardware (the main limitations are RAM and CPU).

The graph shows relation of container's Apache web server response time on the number of containers. Measurements were done on a machine with 768 MB of RAM; each container was running usual set of processes: init, syslogd, crond, sshd and Apache. Apache daemons were serving static pages, and the first response time was measured. It can be observed, as the number of containers grow, response time becomes higher because of RAM shortage and excessive swapping.
In this scenario it is possible to run up to 120 such containers on a 768 MB of RAM. It extrapolates in a linear fashion, so it is possible to run up to about 320 such containers on a box with 2 GB of RAM.
An administrator of an OpenVZ physical server can see all the running processes and files of all the containers on the system. That makes mass management scenarios possible.

Chapter 5.7 - SWsoft/Paralels Virtuozzo Linux / Virtuozzo Windows

We are nearing the end of our handbook and have covered almost all the major issues. When we complete our discussion on Virtuozzo for Linux and Virtuozzo for Windows we can safely tell ourselves that all bases have been touched.
Unlike some virtualization solutions, Virtuozzo doesn't present a software virtual machine to an operating system to run multiple OSs on the same system. Instead, Virtuozzo uses OS-level virtualization to partition the system into separate Virtual Private Servers (VPS) – similar to Solaris Zones or Linux-VServer.
This means that Virtuozzo for Linux can run several Linux VPSs, but unlike VMware, it doesn't run multiple OSs on the same server. That might seem to limit your choices somewhat, but many organizations have no interest in running different OSs in virtual containers – they just need a way to improve hardware utilization through server consolidation, and make system management easier. Virtuozzo does do that very well.
Each Virtuozzo VPS has its own filesystem, root user, and configurations. For all intents and purposes, each VPS is its own separate system.

You should install Virtuozzo on a fresh install of Red Hat Enterprise Linux, CentOS, or another supported distribution. A stock install of CentOS 4.2 and the rpm-build package are all that's required. You'll also need a separate vz partition, where the virtual hosts will live. Allocate as much space to this partition as possible.
Installation takes about 20 minutes, and it's a pretty simple procedure – start the installer, answer a few questions, and reboot. After that, install the license keys and then start setting up virtual servers. You can also run the installation in unattended mode – which means that Virtuozzo is installed with the default options or with options passed to it on the command line, without requiring an administrator to sit at the console and specify the IP address for the control node, admin password, and so forth. This is something you might want to do if you use Virtuozzo on a large number of systems.
After Virtuozzo is installed, it's time to start setting up your virtual host or hosts. Virtuozzo offers GUI and command-line utilities to manage your hardware and virtual nodes.
SWSoft offers a few GUI utilities. The first, the Virtuozzo Management Console (VZMC), is the method you'll probably want to use most of the time. Virtuozzo operations like creating a new node, copying a virtual node to a different hardware node, or moving templates from one node to another are as simple as point and click.
For Web-based management, SWSoft provides the Virtuozzo Control Center (VZCC) and Virtuozzo Power Panel (VZPP). VZCC is for administering the hardware node and its VPSs, while VZPP is only for managing private servers – which means VZPP can be used by customers in hosting environments, where you want to provide a customer with management capabilities for his own server, but limit access otherwise. It's also good for corporate environments where you might have VPSs for different departments residing in the same hardware pool, or where one administrator may be responsible for a couple of VPSs for accounting and another responsible for VPSs for marketing.
The first thing you'll need to do after creating a Virtuozzo hardware node is to load the OS templates on the system. Installing a CentOS 4 VPS on Virtuozzo takes less than five minutes, and most of that time is simply waiting for Virtuozzo to finish copying files behind the scenes.
Managing the virtual nodes once they're installed is easy as well. You can manage and monitor services on the nodes without even logging into them directly by using VZMC or using the command-line utilities. For example, if you want to stop and restart Apache on a virtual node, all you need to do is go to that node's services and click stop or restart service. Not only can you stop and restart services, you can also restart VPSs without affecting any of the other systems on the hardware node.
You can also use VZMC to create virtual hosts under Apache on virtual nodes, manage users and groups, configure the virtual hosts' firewalls, and manage mail. VZMC also shows detailed information about the health of each virtual node, how much traffic it receives, memory usage, disk usage, CPU usage, and other vital stats.
From the user's perspective, a Virtuozzo VPS looks and acts like a regular server most of the time. The only real difference is that you can't set the date – that can only be done on the hardware node. Obviously this is because Virtuozzo only has one system clock to work with.
Virtuozzo allows the administrator to tweak a number of resource management parameters. You can limit the amount of disk space, network bandwidth, and CPU time, as well as number of Netfilter entries, size of TCP, UDP, or Unix buffers and similar things.
If you have a Virtuozzo VPS that's outgrowing its resources, it's very easy to move that host to new hardware when it's time to upgrade. Using VZMC, just click on the VPS you want to migrate, select Tasks -> Migrate to another hardware node. VZMC walks you through a short wizard that asks a few simple questions and then copies over the VPS.
You may not be able to maintain the VPS uptime if hardware fails, but Virtuozzo provides the ability to restore VPSs from backups. Backing up a VPS using VZMC is a one-click operation. If you have multiple hardware nodes, you can opt to back up the VPS to a different server, so that the VPS backup is safely tucked away on separate hardware. If the original hardware node dies, it's easy to bring up the backup and get it running on a different machine.
Virtuozzo is not the same type of solution as VMware Server or ESX. Since Virtuozzo approaches virtualization differently, you don't have the same operating system flexibility that you'd have with VMware Server – want to run FreeBSD, Linux, and Windows on the same machines? Then Virtuozzo isn't the offering for you. Want to use a virtualization solution that helps partition servers into multiple Linux VPSs, and makes things much easier to manage? Then Virtuozzo is probably the strongest contender for your attention.

Virtuozzo 3.5.1 for Windows at present just supports Windows Server 2003 platforms (x32 and x64 architectures) so we can only have multiple Win2003 Virtual Private Servers. The installation process is pretty fast and automatically invokes an Internet update to check new patches availability (highly recommended since SWSoft support team release fixes very often). In any moment to verify your installed version just type on command prompt:
C:\> vzctl --version
Immediately after a configuration wizard starts to help you configuring your HN it will ask you the Windows installation CD to include several components (like IIS) you probably left out in your fresh plain installation: they will need to be available for VPSs requests. Then the wizard will ask you to define network properties of the Service VPS, which is a special VPS needed to handle remote management requests by the Win32 console (Virtuozzo Management Console) or the web console (Virtuozzo Power Panel).

The whole Virtuozzo philosophy runs around the templates concept. While the OS template is just one, for Windows Server 2003, there are several Application templates available out of the box. A template is a pre-installed set of applications, layered above operating system, which Virtuozzo can apply to any VPS in a moment. You can always manually add a new application to any VPS like in physical machines, but if you need to recurrently install a predefined amount of software inside your VPS, better use a defined template. So, for example, creating 2 new SharePoint servers is simply matter of deploying a new Win2003 OS template with a SharePoint Application template, specifying 2 copies.
During the creation process Virtuozzo will ask some critical details to customize your new VPS such as, hostname and administrator password, IP address, subnet mask and DNS settings, on which physical interface the new VPS will be bound as well as physical CPU quota, disk space and assigned memory size.
Virtuozzo also permits you to define VPS automatic startup, offline management (using web console Virtuozzo Power Panels), network broadcasts allowance or Windows QOS packet scheduler activation. Creating a new VPS should not take more than a few minutes on a standard Intel Pentium 4 3.06 GHz test machine.
Central management of all VPSs is granted by the Virtuozzo Management Console. From here you can start, stop, and restart all your virtual servers. But, the most important thing, from here you have the complete control over every VPS. For any you can: upload local files (specifying destination directory), browse disks, mount Hardware Node folders, recall performance monitor, administer services and users, check event logs and connect via Remote Desktop.

For every VPS you can also invoke a special monitor, reporting live details about virtual CPU, memory and network usage. For the last one there is also a handful historical archive.
SWSoft has provided a very useful templates creation wizard in case the default provided templates aren't enough. The wizard will offer you 2 ways to define applications to include in your template. The first method is called From manually selected data, and will require you to define every single file and registry key to add inside the template. It's a really powerful option but is complex and could be difficult work with it, since you have to perfectly know how the application works. The second method is called From application, and is a lot simpler: Virtuozzo will ask you to create a temporary VPS where to install your wanted application, then applying a differentiate operation will extrapolate what changed inside the environment, putting this changes inside your custom template. At the end, the temporary VPS will be destroyed. After the process is over you need to manually add your new template on the Hardware Node with a command line utility, and then it will appear in templates library, ready to be deployed on any VPS you like.
Virtuozzo also offers a VPS migration facility if you have multiple Hardware Nodes, but the operation will lead to downtime (SWSoft reports under 1 minute on average).
The last feature of web management console which is really interesting is called Power Panels.
Power Panels is a clean and intuitive interface to monitor what's happening on your VPS. It can start and stop existing VPSs and has some basic monitoring features like verifying resources usage, checking running processes, browsing files, parsing logs. But it lacks of enhanced monitoring and modification capabilities, so you won't able to create new VPS or install new Application templates from here. The whole Power Panels site is available out of the box in several languages (Italian included!). It's totally customizable and SWSoft provides explanations on how to modify a single page or the entire layout. This feature is particularly welcome for companies (e.g.: ISP) in need of providing a branded service to outside customers.
This brings us to the end of our review of the technical details which are absolutely essential for starting a VPS hosting setup.

<- CHAPTER 4