Cloud Computing Implementation Management and Security phần 5 ppsx

VMWare The VMware virtualization platform is built to virtualize hardwareresources found on an x86-based computer e.g., the CPU, RAM, harddisk, and network controller to create a fully f

98 Cloud Computing

the virtual operating system and all related resources that are managed by itrather than an actual, physical implementation of that operating system

vir-tualization layer must be installed on a machine to intercept file and registryoperations performed by a virtualized application, where it can transpar-ently redirect those operations to a virtualized destination The applicationthat performs file operations never knows that it is not directly accessing aphysical resource Using this approach, applications can be made portable

by redirecting their I/O tasks to a single physical file, and traditionallyincompatible applications can be executed side by side

Using application virtualization allows applications to run in native environments For example, Wine allows Linux users to runMicrosoft Windows applications from the Linux platform Virtualizationalso helps protect the operating system and isolate other applications frompoorly written or buggy code With application virtualization, physicalresources can be shared so an implementation uses fewer resources than aseparate virtual machine Simplified operating system migrations are possi-ble because administrators are able to maintain a standardized configuration

non-in the underlynon-ing operatnon-ing system and propagate that configuration acrossmultiple servers in an organization, regardless of whatever applications may

be used In the next few sections, we will take a look at some of the morepopular virtualization environments in use today

VMWare

The VMware virtualization platform is built to virtualize hardwareresources found on an x86-based computer (e.g., the CPU, RAM, harddisk, and network controller) to create a fully functional virtual machinethat can run its own operating system and applications just like a standardcomputer Each virtual machine is completely encapsulated in order toeliminate any potential conflicts VMware virtualization works by inserting

a thin layer of software directly on the computer hardware or on a hostoperating system This layer is actually a monitor called a Hypervisor, andits task is to allocate hardware resources dynamically and transparently.Multiple operating systems can run concurrently on a single computer andshare that computer’s hardware A virtual machine is completely compatiblewith all standard x86 operating systems, applications, and device drivers It

30 http://en.wikipedia.org/wiki/Application_virtualization, retrieved 11 Feb 2009.

31 Amir Husain, “How to Build an Application Virtualization Framework,” http://vdiworks.com/ wp/?p=15, retrieved 11 Feb 2009

Where Open Source Software Is Used 99

is possible to run several operating systems and applications simultaneously

on a single computer, and each operating system has access to the physicalresources it needs on demand

Readers interested in trying virtualization may consider using VMware

cre-ate virtual machines quickly and easily A menu-driven startup and matic configurations enable you to get virtual machines set up and running

auto-in mauto-inutes You can even import a virtual appliance usauto-ing the VMware tual Appliance Marketplace For more information on VMware, the reader

Vir-is encouraged to vVir-isit the official web site

Xen

Pratt at the University of Cambridge Xen was originally developed by theSystems Research Group at the University of Cambridge Computer Labo-ratory as part of the XenoServers project, funded by the UK-EPSRC.XenoServers aimed to provide a public infrastructure for global distributedcomputing Xen plays a key part in that, allowing one to efficiently parti-tion a single machine to enable multiple independent clients to run theiroperating systems and applications in an environment This environmentprovides protection, resource isolation, and accounting The project webpage contains further information as well as pointers to papers and techni-cal reports.34

Using Xen server virtualization, the Xen Hypervisor is installed directly

on the host hardware and exists as a thin layer between the hardware and theoperating system This abstraction layer allows the host device to run one ormore virtual servers It isolates hardware from the operating system and itsapplications Xen is licensed under the GNU General Public License(GPL2) and is available at no charge in both source and object format.According to the official web site, “Xen is, and always will be, open sourced,uniting the industry and the Xen ecosystem to speed the adoption of virtu-alization in the enterprise.”

The Xen Hypervisor supports a wide range of guest operating systemsincluding Windows, Linux, Solaris, and various versions of the BSD operat-ing systems The Xen Hypervisor has an exceptionally lean footprint TheXen Hypervisor offers a smaller code base, greater security, and up to 10

32 http://www.vmware.com.

33 http://www.xen.org.

34 http://www.cl.cam.ac.uk/xeno, retrieved 11 Feb 2009.

100 Cloud Computing

times less overhead than alternative virtualization approaches That meansthat it has extremely low overhead and near-native performance for guests.Xen reuses existing device drivers (both closed and open source) from Linux,making device management easy Xen is robust to device driver failure andprotects both guests and the Hypervisor from faulty or malicious drivers.Virtual device monitors (which are also known as hypervisors) are oftenused on mainframes and large servers seen in data center architectures.Increasingly, they are being used by Internet service providers (ISPs) to pro-vide virtual dedicated servers to their customers Xen support for virtual-machine live migration from one host to another allows workload balancingand avoids system downtime Some of the main advantages of Xen servervirtualization are

vir-tual machine or moving a virvir-tual machine to a different hardwareplatform

same platform

sys-tem instances on the same computer

Xen may also be used on personal computers configured in a dual-bootconfiguration (e.g., those that run Linux but also have Windows installed).Traditionally, such systems provided the user the option of either runningWindows or Linux, but with Xen it is possible to start Windows and allow

it to run from in a separate Window on the Linux desktop, enabling theuser to run applications from both systems simultaneously

For operating system development tasks, virtualization has a cant additional benefit—running the new system as a guest avoids anyneed to reboot the computer whenever a bug is encountered This pro-tected or insulated environment is known as a “sandbox,” and such sand-boxed guest systems are useful in computer security research anddevelopment In order to study the effects of malware, viruses, and wormswithout compromising the host system, developers often prefer to use asandbox Hardware appliance vendors increasingly have begun to ship

signifi-Chapter Summary 101

their products preconfigured with several guest systems This allows them

to deliver complex solutions that are able to execute various softwareapplications running on different operating systems

Xen touts a para-virtualization technology that is widely acknowledged

as the fastest and most secure virtualization software in the industry virtualization takes full advantage of the latest Intel and AMD hardware vir-tualization advancements and has fundamentally altered the way virtualiza-tion technology is built Virtual servers and the Hypervisor cooperate toachieve very high performance for I/O, CPU, and memory virtualization

lay-ers, the lowest and most privileged of which is Xen itself Xen can host tiple guest operating systems Each operating system is run within a securevirtual machine environment known as a domain In order to make effec-tive use of the available physical CPUs, such domains are scheduled by Xen.Each guest operating system is responsible for managing its own applica-tions This management includes scheduling each application within thetime allotted by Xen to the virtual machine The primary domain, domain

mul-0, is created automatically when the system boots, and it has special agement privileges Domain 0 builds other domains and manages their vir-tual devices Domain 0 also performs administrative tasks such assuspending, resuming, and migrating other virtual machines Within

man-domain 0, a process called xend is responsible for managing virtual

machines and providing access to their consoles

3.9 Chapter Summary

In this chapter we discussed what it takes to build a cloud network, tion from the managed service provider model to cloud computing andSaaS and from single-purpose architectures to multipurpose architectures,the concept and design of data center virtualization, the role and impor-tance of collaboration, service-oriented architectures as an intermediary stepand the basic approach to data center-based SOAs, and the role of opensource software in data centers and where and how it is used in cloud archi-tecture Cloud computing provides an end-to-end, unified solution thatmaximizes the ability to address the performance, scalability, virtualization,and collaboration requirements being driven by today’s global business chal-lenges and opportunities It should be clear that a properly designed and

evolu-35 http://tx.downloads.xensource.com/downloads/docs/user/user.html, retrieved 11 Feb 2009.

102 Cloud Computing

implemented cloud infrastructure provides the benefit of substantially ering the total cost of ownership over the traditional hosting environmentthough the use of virtualization and the use of open source software Cloudinfrastructure maximizes the potential for creating value through collabora-tion In future chapters we will discuss the ability of cloud computing toprovide a solution to current challenges in presence and identity whileenhancing security and privacy First, however, we will give you a chance tosee for yourself the value and process in implementing and using cloudcomputing In the next chapter, we will give guide you through a practicum

low-on the how you can build a virtualized computing infrastructure using opensource software

Chap4.fm Page 103 Friday, May 22, 2009 11:25 AM

104 Cloud Computing

4.2 Downloading Sun xVM VirtualBox

This practicum will provide you with some guided hands-on experience andhelp you gain confidence in using virtualization technologies To begin, the

you need to open a browser and go to the web site

http://www.virtualbox.org/wiki/Downloads

where you will see this page:

Choose the type of download file that is most suitable to the operatingsystem you are using and download the product Save the file—in Microsoft

Security Warning dialog:

Chap4.fm Page 104 Friday, May 22, 2009 11:25 AM

Downloading Sun xVM VirtualBox 105

choose where you wish to save the downloaded file The dialog box shouldlook like this:

continue The download status dialog will appear:

Chap4.fm Page 105 Friday, May 22, 2009 11:25 AM

106 Cloud Computing

4.3 Installing Sun xVM VirtualBox

Once the download has completed, you must locate the file wherever yousaved it and execute the installer If you are not using a Microsoft operatingsystem, the procedure for executing the installer will be slightly differentthan what is shown here Regardless of which non-Microsoft operating sys-tem you may be using, launch the installer according to your specific oper-ating system’s instructions The VirtualBox installation can be started from aWindows environment by double-clicking on its Microsoft Installer archive(MSI file) or by entering this command from the prompt of a command-line interface:

Installing Sun xVM VirtualBox 107

Using just the standard settings, VirtualBox will be installed for allusers on the local system If this is not what you want, it is necessary toinvoke the installer from a command-line prompt as follows:

msiexec /i VirtualBox.msi ALLUSERS=2

Executing the installer in this fashion will install VirtualBox for the rent user only

cur-Once the installer begins executing, the first thing you will see is theinstallation welcome dialog, which looks like this:

(EULA), as shown below In order to proceed, you must accept this

Chap4.fm Page 107 Friday, May 22, 2009 11:25 AM

Vir-In addition to the VirtualBox application, the components for USB port and networking are available These packages contains special drivers foryour Windows host that VirtualBox requires to fully support networking andUSB devices in your virtual machine (VM) The networking package con-tains extra networking drivers for your Windows host that VirtualBox needs

sup-to support Host Interface Networking (sup-to make your VM’s virtual networkcards accessible from other machines on your physical network)

Depending on your Windows configuration, you may see warnings

warnings, because otherwise VirtualBox may not function correctly after

shown below

Chap4.fm Page 108 Friday, May 22, 2009 11:25 AM

Installing Sun xVM VirtualBox 109

or so for the installer to complete, depending on your system’s processor andmemory resources You will see an installation progress dialog, similar tothis one:

Installation dialog box shown below, warning you that the product you areinstalling has not passed Windows Logo testing to verify its compatibility

Chap4.fm Page 109 Friday, May 22, 2009 11:25 AM

110 Cloud Computing

You will be notified when the installation has completed, and given theopportunity to launch the application automatically Be sure the box in thefollowing dialog is checked:

VirtualBox Registration Dialog will appear:

Chap4.fm Page 110 Friday, May 22, 2009 11:25 AM

Installing Sun xVM VirtualBox 111

Registration is very simple, and it is recommended that you registeryour product Just fill in your name and an email address Once the registra-

choose to allow Sun to contact you or not by checking or unchecking the

kudos appear:

xVM VirtualBox product For Microsoft Windows-based systems, the

menu, which will allow you to launch the application and access its mentation If you choose later to uninstall this product, VirtualBox can be

Remove Programs applet in the Windows Control Panel. For dows operating systems, you must uninstall according to your system’s rec-ommended procedures However, let’s not do that yet! The followingChap4.fm Page 111 Friday, May 22, 2009 11:25 AM

non-Win-112 Cloud Computing

picture shows you what the opening screen looks like after you haveinstalled and filled out the product registration form:

4.4 Adding a Guest Operating System to VirtualBox

computer system, which is why it is called a “virtual machine.” The guestsystem will run in its VM environment just as if it were installed on a realcomputer It operates according to the VM settings you have specified (wewill talk about settings a bit more later in this chapter) All software thatyou choose to run on the guest system will operate just as it would on aphysical computer

With the options available, you have quite a bit of latitude in decidingwhat virtual hardware will be provided to the guest The virtual hardwareyou specify can be used to communicate with the host system or even withother guests For instance, if you provide VirtualBox with the image of aCD-ROM in the form of an ISO file, VirtualBox can make this image avail-able to a guest system just as if it were a physical CD-ROM You can alsogive a guest system access to the real network (and network shares) via itsvirtual network card It is even possible to give the host system, other guests,

or computers on the Internet access to the guest system

4.5 Downloading FreeDOS as a Guest OS

For our first guest, we will be adding an open source operating system calledFreeDOS to the host machine In order to do this, we must first go to theChap4.fm Page 112 Friday, May 22, 2009 11:25 AM

Downloading FreeDOS as a Guest OS 113

Internet and download FreeDOS Minimize the VirtualBox application fornow and open a web browser Go to

http://virtualbox.wordpress.com/images

When your browser has brought up the site, it should look similar tothe figure below You will see a list of virtual operating systems, with thesponsoring web site for each one in parentheses

Towards the bottom of the page, you will find the FreeDOS entry Thereader is encouraged to go to the web site of each operating system and

the download process When you click on any of the operating system links,you will be taken to that system’s download page There, you are given thechoice of which architecture (i.e., 32-bit or 64-bit) you want to install.What is important for almost every operating system displayed on this page

An example similar to what you will see is shown below:

FreeDOSThere are several FreeDOS images available

Chap4.fm Page 113 Friday, May 22, 2009 11:25 AM

4.6 Downloading the 7-Zip Archive Tool

Next, you will need to download an open source product called 7-zip (itworks on both Linux and Windows platforms), which can be accessed from

using the standard options

down-loaded previously

Machines and VDI. The virtualBox image for FreeDOS will be

in the VDI folder

Chap4.fm Page 114 Friday, May 22, 2009 11:25 AM