RED HAT ENTERPRISE VIRTUALIZATION 3.0 John Rinehart, Product Marke3ng Manager Mark St. Laurent, Senior Solu3on Architect Email: [email protected] March 28, 2012 YOUR STRATEGIC VIRTUALIZATION ALTERNATIVE
Aug 24, 2020
RED HAT ENTERPRISE VIRTUALIZATION 3.0
John Rinehart, Product Marke3ng Manager
Mark St. Laurent, Senior Solu3on Architect
Email: [email protected]
March 28, 2012
YOUR STRATEGIC VIRTUALIZATION ALTERNATIVE
AGENDA
-‐ Market Summary
-‐ Red Hat Enterprise Virtualiza3on
Overview Enterprise Management Kernel Virtual Machine (KVM) Hypervisor Licensing and pricing Architecture Performance Security
Virtual Desktop Integra3on Self Service Portal Integra3on and automa3on -‐ Summary and Resources
-‐ Q&A
RED HAT ENTERPRISE VIRTUALIZATION
MARKET SUMMARY
VIRTUALIZATION OF x86 WORKLOADS APPROACHING 50%
Installed base is expected to grow five-‐fold from 2010 -‐> 2015
YOU HAVE A CHOICE IN VIRTUALIZATION
“Don’t just find a vendor, find a solu3on; 42% of organizaTons use mulTple hypervisors to maximize features & minimize cost” — InfoTech Research Group, July 2011
“38 percent of companies using virtualiza3on for tradi3onal workloads say they are planning to change their hypervisor during the next year.” — Virtualiza3on Market faces shake-‐up, The Register, November 2011 Source: Veeam Sobware – V-‐index.com
“If I were VMware, I wouldn’t worry most about Microsob, with its tendency to subsume low-‐end, small business markets by including everything in the Windows opera3ng system. That's so 1990s. Rather, I'd worry that Red Hat and KVM already have a foot in the cloud.” — VMware Should Worry More About Red Hat, Informa3onWeek, September 2011
RED HAT ENTERPRISE VIRTUALIZATION
YOUR STRATEGIC ALTERNATIVE
Enterprise grade, centralized management and hypervisor for server and desktop virtualiza3on
Industry leading performance, scalability and security infrastructure
Ecosystem of thousands of hardware and sobware vendors
50–70% lower cost compared to other solu3ons
RED HAT ENTERPRISE VIRTUALIZATION
RHEV IS MATURE AND READY FOR LARGE SCALE VIRTUALIZATION DEPLOYMENTS...
THOUSANDS OF CUSTOMERS WORLDWIDE DEPLOY RHEV IN PRODUCTION TODAY
• T1/ MISSION CRITICAL BUSINESS APPLICATIONS ARE POWERED BY RHEV
USE CASE: SERVER CONSOLIDATION
Power, cooling and space savings
Infrastructure up3me advantage
Flexibility (live migra3on, load balancing etc.)
Move towards private/hybrid cloud deployment
Consolida3on of Oracle Financials, database and other mission cri3cal applica3ons on RHEV
RED HAT ENTERPRISE VIRTUALIZATION RHEV MANAGER
High Availability
Live Migra3on
Self Service Portal
Load Balancing (DRS)
Power Saver (DPM)
Templates, thin provisioning, snapshots
Centralized storage and networking management
Servers and Desktops together
RHEV MANAGER FEATURES: ENTERPRISE VIRTUALIZATION MANAGEMENT
Host: 160 logical CPU (4,096 theore3cal max), 2TB RAM (64TB theore3cal max)
Guest: 64 vCPU, 512GB RAM
Supports latest silicon virtualiza3on technology: SR-‐IOV,
Based on the latest RHEL 6.2 kernel
Microsob SVVP
RHEV HYPERVISOR/KVM OVERVIEW
SMALL FORM FACTOR, SCALABLE, HIGH PERFORMANCE
INDEPENDENT REVIEWS SHOW RED HAT COMING ON STRONG
Source: InfoWorld, VirtualizaKon shoot-‐out: Citrix, MicrosoP, Red Hat, and VMware, April 13, 2011
h_p://bit.ly/rhevshootout
INDUSTRY LEADING VIRTUALIZATION PERFORMANCE
SPECvirt_sc2010: As of January 1, 2012, RHEV claims top 6 results and the only 8 socket server scores
INDUSTRY LEADERSHIP: SIGNIFICANT COST ADVANTAGE
10 physical hosts (2x4HT, 64GB) Same density across both
10 physical hosts (2x8HT, 256GB) Same density across both
RHEV COSTS 1/7th VS. VMWARE AND 1/3rd OVER 3 YEARS. SCALE UP COST ADVANTAGE EVEN MORE
RHEV 3.0 architecture
RHEV-‐Manager is now a Java applica3on running on JBoss EAP on RHEL
Backend database is now PostgreSQL 8.4
New user portal, REST API, Linux CLI
Support for mul3ple external authen3ca3on sources -‐ Red Hat Iden3ty Management -‐ Microsob Ac3ve Directory
RHEV inherits the security features of Linux and RHEL
SELinux security policy infrastructure
Provides protec3on and isola3on for virtual machines and host
Compromised virtual machine cannot access other VMs or host
sVirt Project
Sub-‐project of NSA's SELinux community. Provides “hardened” hypervisor.
Mul3-‐level security. Isolate guests
Contain any hypervisor breaches
ADVANCED SECURITY FOR YOUR VIRTUALIZATION INFRASTRUCTURE
Before SELinux...
Linux Kernel
Web DNS Mail
Processes all have equal access to the system...
Linux Kernel
Web DNS Mail
...if one is attacked...
Linux Kernel
Web DNS Mail
...taken over due to vulnerability ...
Linux Kernel
Web DNS Mail
...and gets a privilege escalation...
Linux Kernel
Web DNS Mail
...the system is lost.
With SELinux...
Linux Kernel
Web DNS Mail
Each process is confined in its own sandbox,
distinct from the others.
Linux Kernel
Web DNS Mail
If a process is attacked...
Linux Kernel
Web DNS Mail
...and compromised, there is far less exposure.
You lose the process, not the system.
With SELinux and
MLS /MCS...
Linux Kernel
Web
Secret
DNS
Unclassified
Unclassified
We can label the Sandboxes with a level of
sensitivity and categories.
...and now add
Virtualization...
...before virtualization...
Linux Kernel
Web DNS Mail
Linux Kernel
Web DNS Mail
Linux Kernel
Web DNS Mail
Hypervisor Vulnerabili3es
Not theore3cal
Evolving field
Poten3ally huge payoffs
Xen already compromised...
Over 200 Security Problems found in Xen?
Vmware vulnerabili3es
Google returns over 500,000 results
3/29/12 35
XEN Vulnerability htp://www.hacker-‐sob.net/Sob/Sob_13289.htm
The Challenges posed by SELinux are taken into considera3on.
Linux Kernel
VM 1 VM 2 VM 3
Virtual machine processes all have
equal access to the system...
Image1 Image2 Image3 ImageN
Linux Kernel
VM 1
Web VM 2 VM 3
...if application on virtual machine is attacked...
Image1 Image2 Image3 ImageN
Linux Kernel
VM 1 VM 2 VM 3
...compromised...
Web
Image1 Image2 Image3 ImageN
Linux Kernel
VM 1 VM 2 VM 3
...and gets a privilege escalation...
Web
Image1 Image2 Image3 ImageN
Linux Kernel
VM 1 VM 2 VM 3
.. and your machine has a Hypervisor
Vulnerability ...
Web
Image1 Image2 Image3 ImageN
Linux Kernel
VM 1 VM 2 VM 3
.. But not just the running VM's and host,
but all images ...
Web
Image1 Image2 Image3 ImageN
Popular Science April 2011
SELinux to the
Rescue
SELinux is all about labeling
Processes get labels
Virtual machines with kvm are processes!!!
Files/Devices Get Labels
Virtual images are stored on files/devices!!!!
Rules control how Process Labels Interact with Process/File Labels.
Kernel Enforces these Rules.
Linux Kernel
VM 1 VM 2 VM 3
Compromised Virtual Machine confined despite hypervisor vulnerability
Web
Unclassified TS/SCI TS/SCI
Image1 Image2 Image3 ImageN
Linux Kernel
Web
Secret
Guard 1
Unclass
VM
TS/SCI
Guard 2
Unclass
VM
TS/SCI
KVM
KVM guests are processes,
so we can confine them like processes.
Guard 2
Linux Kernel
Web
Secret
Guard 1
VM
Unclass
VM
TS/SCI Unclass TS/SCI
KVM
And of course the guest operating system can also run SELinux
Linux Kernel
Web DNS Mail
htp://peoc3t.monmouth.army.mil/vcb2/vcb2.html
Complete Virtual Desktop Infrastructure solu3on
Windows & Linux desktops
Full featured VDI: Integrated connec3on broker, pooling, templates, thin provisioning, memory overcommit, system scheduler, & more
RED HAT ENTERPRISE VIRTUALIZATION FOR DESKTOPS
COMPLETE VIRTUAL DESKTOP INFRASTRUCTURE SOLUTION
RED HAT ENTERPRISE VIRTUALIZATION RHEV 3.0 -‐ SELF SERVICE PORTAL
Create, edit and remove virtual machines
Manage virtual disks and network interfaces
Assign user permissions to virtual machines
Create and use templates to rapidly deploy virtual machines
Monitor resource usage and high-‐severity events
Create and use snapshots to restore virtual machines to a previous state
User Portal -‐ Advanced view
User Portal -‐ Basic View
RED HAT ENTERPRISE VIRTUALIZATION RHEV 3.0 -‐ USER PORTAL
Create, edit and remove virtual machines
Manage virtual disks and network interfaces
Assign user permissions to virtual machines
Create and use templates to rapidly deploy virtual machines
Monitor resource usage and high-‐severity events
Create and use snapshots to restore virtual machines to a previous state
RED HAT ENTERPRISE VIRTUALIZATION RHEV 3.0 REPORTING
Historical usage, trending, quality of service
Integrated repor3ng engine based on Jasper reports
Over 25 prebuilt reports and dashboards included
Ability to create and customize
reports and templates
Integra3on
New RESTful API for integra3on with RHEV Manager
Super set of RHEV management func3onality
Automa3on
Linux command line interface for scrip3ng and automa3on
HOOKS mechanism allows custom scripts to modify VM opera3ons
RED HAT ENTERPRISE VIRTUALIZATION 3.0 INTEGRATION & AUTOMATION
Cer3fica3on status htp://www.redhat.com/solu3ons/industry/government/cer3fica3ons.html
INDUSTRY LEADERSHIP: THE ONLY END-‐TO-‐END OPEN VIRTUALIZATION INFRASTRUCTURE
INDUSTRY LEADERS IN INFRASTRUCTURE, NETWORKING, STORAGE ARE BACKING RHEV
CISCO AND RED HAT RELATIONSHIP
.
InnovaTon Propelled by the Momentum of the Open Source Community
Integrated: Cisco and Red Hat together have integrated Cisco UCS innova3ons with KVM.
Open: Cisco and Red Hat have collaborated and made significant contribu3ons to the open source KVM hypervisor and the Linux community in general.
Tuned: The limitless imagina3on of the open source community increases performance, resolves issues, and integrates a broad source of enhancements
TRY IT YOURSELF!
redhat.com/promo/rhev3
RHEV 3.0 RESOURCES
More informa3on or download free trial
redhat.com/promo/rhev
Watch the virtual event on-‐demand
redhat.com/virtual
RHEV webinars on-‐demand
redhat.com/webinars/virtualizaTon
QUESTIONS ?
redhat.com/promo/rhev3
John Rinehart: [email protected]
Mark St Laurent: [email protected]