YOURSTRATEGIC$VIRTUALIZATION$ ALTERNATIVE$...RED$HAT$ENTERPRISE$VIRTUALIZATION$3.0$ John%Rinehart,%ProductMarke3ng%Manager% Mark%St.%Laurent,%Senior%Solu3on%Architect Email: [email protected]%%%

RED  HAT  ENTERPRISE  VIRTUALIZATION  3.0  

John  Rinehart,  Product  Marke3ng  Manager  

Mark  St.  Laurent,  Senior  Solu3on  Architect  

Email:    [email protected]      

March  28,  2012  

YOUR  STRATEGIC  VIRTUALIZATION  ALTERNATIVE  

AGENDA  

-­‐  Market  Summary  

-­‐  Red  Hat  Enterprise  Virtualiza3on  

     Overview        Enterprise  Management                Kernel  Virtual  Machine  (KVM)  Hypervisor                Licensing  and  pricing        Architecture                  Performance                Security  

   Virtual  Desktop  Integra3on                Self  Service  Portal                Integra3on  and  automa3on  -­‐  Summary  and  Resources  

-­‐  Q&A  

RED  HAT  ENTERPRISE  VIRTUALIZATION    

MARKET  SUMMARY    

VIRTUALIZATION  OF  x86  WORKLOADS  APPROACHING  50%  

 Installed  base  is  expected  to  grow  five-­‐fold  from  2010  -­‐>  2015  

YOU  HAVE  A  CHOICE  IN  VIRTUALIZATION  

“Don’t  just  find  a  vendor,  find  a  solu3on;  42%  of  organizaTons  use  mulTple  hypervisors  to  maximize  features  &  minimize  cost”    —  InfoTech  Research  Group,  July  2011  

“38  percent  of  companies  using  virtualiza3on  for  tradi3onal  workloads  say  they  are  planning  to  change  their  hypervisor  during  the  next  year.”    —  Virtualiza3on  Market  faces  shake-­‐up,    The  Register,  November  2011    Source:  Veeam  Sobware  –  V-­‐index.com  

“If  I  were  VMware,  I  wouldn’t  worry  most  about  Microsob,  with  its  tendency  to  subsume  low-­‐end,  small  business  markets  by  including  everything  in  the  Windows  opera3ng  system.  That's  so  1990s.  Rather,  I'd  worry  that  Red  Hat  and  KVM  already  have  a  foot  in  the  cloud.”    —  VMware  Should  Worry  More  About  Red  Hat,  Informa3onWeek,  September  2011  

RED  HAT  ENTERPRISE  VIRTUALIZATION    

YOUR  STRATEGIC  ALTERNATIVE    

  Enterprise  grade,  centralized  management  and  hypervisor  for  server  and  desktop  virtualiza3on  

  Industry  leading  performance,  scalability  and  security  infrastructure  

  Ecosystem  of  thousands  of  hardware  and  sobware  vendors  

  50–70%  lower  cost  compared  to  other  solu3ons  

RED  HAT  ENTERPRISE  VIRTUALIZATION    

RHEV  IS  MATURE  AND  READY  FOR  LARGE  SCALE  VIRTUALIZATION  DEPLOYMENTS...  

THOUSANDS  OF  CUSTOMERS  WORLDWIDE  DEPLOY  RHEV  IN  PRODUCTION  TODAY  

• T1/  MISSION  CRITICAL  BUSINESS  APPLICATIONS  ARE  POWERED  BY  RHEV    

USE  CASE:  SERVER  CONSOLIDATION  

Power,  cooling  and  space  savings    

Infrastructure  up3me  advantage  

Flexibility  (live  migra3on,  load  balancing  etc.)  

Move  towards  private/hybrid  cloud  deployment  

Consolida3on  of  Oracle  Financials,  database  and  other  mission  cri3cal  applica3ons  on  RHEV  

RED  HAT  ENTERPRISE  VIRTUALIZATION  RHEV  MANAGER  

  High  Availability  

  Live  Migra3on    

  Self  Service  Portal  

  Load  Balancing  (DRS)  

  Power  Saver  (DPM)  

  Templates,  thin  provisioning,  snapshots    

  Centralized  storage  and  networking  management  

  Servers  and  Desktops  together  

RHEV  MANAGER  FEATURES:    ENTERPRISE  VIRTUALIZATION  MANAGEMENT  

  Host:  160  logical  CPU  (4,096  theore3cal  max),  2TB  RAM  (64TB  theore3cal  max)  

  Guest:  64  vCPU,  512GB  RAM  

  Supports  latest  silicon  virtualiza3on  technology:  SR-­‐IOV,  

  Based  on  the  latest  RHEL  6.2  kernel  

  Microsob  SVVP      

RHEV  HYPERVISOR/KVM  OVERVIEW  

SMALL  FORM  FACTOR,  SCALABLE,    HIGH  PERFORMANCE  

INDEPENDENT  REVIEWS  SHOW  RED  HAT  COMING  ON  STRONG  

Source:  InfoWorld,  VirtualizaKon  shoot-­‐out:  Citrix,  MicrosoP,  Red  Hat,  and  VMware,  April  13,  2011    

h_p://bit.ly/rhevshootout  

INDUSTRY  LEADING  VIRTUALIZATION  PERFORMANCE  

SPECvirt_sc2010:  As  of  January  1,  2012,  RHEV  claims  top  6  results  and  the  only  8  socket  server  scores  

INDUSTRY  LEADERSHIP:  SIGNIFICANT  COST  ADVANTAGE  

  10  physical  hosts  (2x4HT,  64GB)    Same  density  across  both  

  10  physical  hosts  (2x8HT,  256GB)    Same  density  across  both  

RHEV  COSTS  1/7th  VS.  VMWARE  AND  1/3rd  OVER  3  YEARS.  SCALE  UP  COST  ADVANTAGE  EVEN  MORE  

RHEV  3.0  architecture  

RHEV-­‐Manager  is  now  a  Java  applica3on  running  on  JBoss  EAP  on  RHEL    

Backend  database  is  now  PostgreSQL  8.4  

New  user  portal,  REST  API,  Linux  CLI  

Support  for  mul3ple  external  authen3ca3on  sources  -­‐  Red  Hat  Iden3ty  Management  -­‐  Microsob  Ac3ve  Directory  

RHEV  inherits  the  security  features  of  Linux  and  RHEL  

  SELinux  security  policy  infrastructure  

  Provides  protec3on  and  isola3on  for  virtual  machines  and  host  

  Compromised  virtual  machine  cannot  access  other  VMs  or  host  

sVirt  Project  

  Sub-­‐project  of  NSA's  SELinux  community.  Provides  “hardened”  hypervisor.  

  Mul3-­‐level  security.  Isolate  guests  

  Contain  any  hypervisor  breaches  

ADVANCED  SECURITY  FOR  YOUR  VIRTUALIZATION  INFRASTRUCTURE  

Before SELinux...

Linux  Kernel  

Web   DNS   Mail  

Processes all have equal access to the system...

Linux  Kernel  

Web   DNS   Mail  

...if one is attacked...

Linux  Kernel  

Web   DNS   Mail  

...taken over due to vulnerability ...

Linux  Kernel  

Web   DNS   Mail  

...and gets a privilege escalation...

Linux  Kernel  

Web   DNS   Mail  

...the system is lost.

With SELinux...

Linux  Kernel  

Web   DNS   Mail  

Each process is confined in its own sandbox,

distinct from the others.

Linux  Kernel  

Web   DNS   Mail  

If a process is attacked...

Linux  Kernel  

Web   DNS   Mail  

...and compromised, there is far less exposure.

You lose the process, not the system.

With SELinux and

MLS /MCS...

Linux  Kernel  

Web  

Secret  

DNS  

Unclassified  

Mail  

Unclassified  

We can label the Sandboxes with a level of

sensitivity and categories.

...and now add

Virtualization...

...before virtualization...

Linux  Kernel  

Web   DNS   Mail  

Linux  Kernel  

Web   DNS   Mail  

Linux  Kernel  

Web   DNS   Mail  

Hypervisor  Vulnerabili3es  

Not  theore3cal  

Evolving  field  

Poten3ally  huge  payoffs  

Xen  already  compromised...  

Over  200  Security  Problems  found  in  Xen?  

Vmware  vulnerabili3es    

Google  returns  over  500,000  results    

3/29/12   35  

XEN  Vulnerability  htp://www.hacker-­‐sob.net/Sob/Sob_13289.htm  

The  Challenges  posed  by  SELinux  are  taken  into  considera3on.  

Linux  Kernel  

VM  1   VM  2   VM  3  

Virtual machine processes all have

equal access to the system...

Image1   Image2   Image3   ImageN  

Linux  Kernel  

VM  1  

Web  VM  2   VM  3  

...if application on virtual machine is attacked...

Image1   Image2   Image3   ImageN  

Linux  Kernel  

VM  1  VM  2   VM  3  

...compromised...

Web  

Image1   Image2   Image3   ImageN  

Linux  Kernel  

VM  1  VM  2   VM  3  

...and gets a privilege escalation...

Web  

Image1   Image2   Image3   ImageN  

Linux  Kernel  

VM  1  VM  2   VM  3  

.. and your machine has a Hypervisor

Vulnerability ...

Web  

Image1   Image2   Image3   ImageN  

Linux  Kernel  

VM  1  VM  2   VM  3  

.. But not just the running VM's and host,

but all images ...

Web  

Image1   Image2   Image3   ImageN  

Popular  Science  April  2011  

SELinux to the

Rescue

SELinux  is  all  about  labeling  

Processes  get  labels  

Virtual  machines  with  kvm  are  processes!!!  

Files/Devices  Get  Labels  

Virtual  images  are  stored  on  files/devices!!!!  

Rules  control  how  Process  Labels  Interact  with  Process/File  Labels.  

Kernel  Enforces  these  Rules.  

Linux  Kernel  

VM  1  VM  2   VM  3  

Compromised Virtual Machine confined despite hypervisor vulnerability

Web  

Unclassified   TS/SCI   TS/SCI  

Image1   Image2   Image3   ImageN  

Linux  Kernel  

Web  

Secret  

Guard  1  

Unclass  

VM  

TS/SCI  

Guard  2  

Unclass  

VM  

TS/SCI  

KVM  

KVM guests are processes,

so we can confine them like processes.

Guard  2  

Linux  Kernel  

Web  

Secret  

Guard  1  

VM  

Unclass  

VM  

TS/SCI   Unclass  TS/SCI  

KVM  

And of course the guest operating system can also run SELinux

Linux  Kernel  

Web   DNS   Mail  

htp://peoc3t.monmouth.army.mil/vcb2/vcb2.html  

  Complete  Virtual  Desktop  Infrastructure  solu3on  

  Windows  &  Linux  desktops  

  Full  featured  VDI:  Integrated  connec3on  broker,  pooling,  templates,  thin  provisioning,  memory  overcommit,  system  scheduler,  &  more  

RED  HAT  ENTERPRISE  VIRTUALIZATION    FOR  DESKTOPS  

COMPLETE  VIRTUAL  DESKTOP  INFRASTRUCTURE  SOLUTION  

RED  HAT  ENTERPRISE  VIRTUALIZATION  RHEV  3.0  -­‐  SELF  SERVICE  PORTAL  

  Create,  edit  and  remove  virtual  machines  

  Manage  virtual  disks  and  network  interfaces  

  Assign  user  permissions  to  virtual  machines  

  Create  and  use  templates  to  rapidly  deploy  virtual  machines  

  Monitor  resource  usage  and  high-­‐severity  events  

  Create  and  use  snapshots  to  restore  virtual  machines  to  a  previous  state    

User  Portal  -­‐  Advanced  view    

User  Portal  -­‐  Basic  View  

RED  HAT  ENTERPRISE  VIRTUALIZATION  RHEV  3.0  -­‐  USER  PORTAL  

  Create,  edit  and  remove  virtual  machines  

  Manage  virtual  disks  and  network  interfaces  

  Assign  user  permissions  to  virtual  machines  

  Create  and  use  templates  to  rapidly  deploy  virtual  machines  

  Monitor  resource  usage  and  high-­‐severity  events  

  Create  and  use  snapshots  to  restore  virtual  machines  to  a  previous  state    

RED  HAT  ENTERPRISE  VIRTUALIZATION  RHEV  3.0  REPORTING    

  Historical  usage,  trending,  quality  of  service  

  Integrated  repor3ng  engine  based  on  Jasper  reports  

  Over  25  prebuilt  reports  and  dashboards  included      

  Ability  to  create  and  customize  

reports  and  templates    

  Integra3on  

  New  RESTful  API  for  integra3on  with  RHEV  Manager  

  Super  set  of  RHEV  management  func3onality  

  Automa3on  

  Linux  command  line  interface  for  scrip3ng  and  automa3on  

  HOOKS  mechanism  allows  custom  scripts  to  modify  VM  opera3ons    

RED  HAT  ENTERPRISE  VIRTUALIZATION  3.0  INTEGRATION  &  AUTOMATION  

Cer3fica3on  status  htp://www.redhat.com/solu3ons/industry/government/cer3fica3ons.html  

INDUSTRY  LEADERSHIP:  THE  ONLY  END-­‐TO-­‐END  OPEN  VIRTUALIZATION  INFRASTRUCTURE  

INDUSTRY  LEADERS  IN  INFRASTRUCTURE,  NETWORKING,  STORAGE  ARE  BACKING  RHEV  

CISCO  AND  RED  HAT  RELATIONSHIP  

.  

InnovaTon  Propelled  by  the  Momentum  of  the  Open  Source  Community    

  Integrated:  Cisco  and  Red  Hat  together  have  integrated  Cisco  UCS  innova3ons  with  KVM.  

  Open:    Cisco  and  Red  Hat  have  collaborated  and  made  significant  contribu3ons  to  the  open  source  KVM  hypervisor  and  the  Linux  community  in  general.  

  Tuned:    The  limitless  imagina3on  of  the  open  source  community  increases  performance,  resolves  issues,  and  integrates  a  broad  source  of  enhancements  

TRY  IT  YOURSELF!  

redhat.com/promo/rhev3  

RHEV  3.0  RESOURCES  

  More  informa3on  or  download  free  trial  

   redhat.com/promo/rhev  

  Watch  the  virtual  event  on-­‐demand  

redhat.com/virtual  

  RHEV  webinars  on-­‐demand  

redhat.com/webinars/virtualizaTon  

QUESTIONS  ?  

redhat.com/promo/rhev3  

John  Rinehart:    [email protected]  

Mark  St  Laurent:    [email protected]