4.2 Summarize aspects of client-side virtualization.

  • Purpose of Virtual Machines
    • Sandbox
    • Test Development
    • Application Virtualization
      • Legacy Software / OS
      • Cross Platform Virtualization
  • Resource Requirements
  • Security Requirements

Why do we need virtual machines?

What is a virtual machine?  The idea is that we want to have several servers but do not want to pay for the hardware.  So, we buy one big server and trick it into thinking that it is several smaller servers.  How?

  • We start with a blank server

  • We turn on virtualization support in the BIOS

  • We install a special operating system called a hypervisor.  The hypervisor can be part of the Windows Server operating system, or it can be an independent application like VMWare

  • We log in to the hypervisor and create virtual servers.  We specify the type of hardware that we want to have in each virtual server.  The total hardware of all our virtual servers can be larger than the total hardware in the physical server.

  • We install an operating system inside each virtual server.

  • The operating system does not talk to the physical hardware.  It talks to the hypervisor, and the hypervisor talks to the physical hardware.  Thus, the operating system runs inside a container, and the hypervisor can trick it into thinking that it has any hardware that we want it to have.

  • We can take this a step further and create virtual network interfaces between the virtual servers and the physical network

There are several benefits of server virtualization

  • Run multiple operating systems on the same physical server at the same time.  For example, we can run Windows and Unix on the same physical server at the same time.  We can reduce the number of physical servers (and therefore the expense) that we have.

  • Run multiple virtual servers on the same physical server at the same time.
     
  • Reduce resource consumption.  Consider an example where our organization requires a file server, an e-mail server, and a web server.  If we purchase a separate physical server for each function, we will require three servers, even if each service does not utilize its server to its maximum capacity.  We could do the following instead:

    • Obtain one physical server
    • Create three virtual servers on the physical server
    • Install a file server function on one virtual server, an e-mail server on the second, and a web server on the third
    • The server would operate at a higher capacity, and would therefore be more efficient

  • Desktop virtualization.  Desktop virtualization allows users to connect to the machine via a remote desktop protocol.  It reduces the total amount of computing resources because a single server can host many user desktops at the same time.  It also centralizes the location of user data, allowing easy back ups.

  • Sandbox.  A sandbox is an area where we can run programs in isolation.  We do this when we are testing new applications and do not know if they contain security risks.

  • Test Development.  We can test a new application under multiple conditions including different combinations of hardware and operating systems, without having to set up hundreds of different computer systems.  This allows us to discover bugs that may not come up during ordinary user testing.

  • Application Virtualization

    • Legacy Software.  Remember that we might have a legacy software application, which runs only on a specific set of hardware or operating system.

      • If the hardware no longer exists, but we still need the software, then we can create a virtual set of hardware to run the program.

      • If the operating system has security risks due to its age, we can put it inside a virtual machine and install the legacy software on it.  It is easier to protect the virtual machine because the operating system does not have access to any physical hardware.

    • Cross Platform Virtualization.  We can run a Windows-based application on a UNIX or Apple operating system.  We can run a UNIX-based application on a Windows or Apple operating system.  In other words, anybody can run any application without having to worry about the type of operating system on their computer.

Emulator vs Hypervisor?

A hypervisor works with the CPU’s virtualization technology.  It is a bare metal approach in that it runs directly on the server as the base operating systems.  All virtual machine operating systems run on top of the hypervisor.

An emulator is a software program that mimics the specific hardware properties.  It does not rely on the CPU.  It runs as a guest inside a host operating system.  The emulator tricks the guest operating system into thinking that the computer has a specific combination of compatible hardware.

Resource Requirements

How much resources does a virtualized server require?

  • CPU.    The server will be running many tasks at the same time.  We should have multiple CPUs with multiple cores. 

    The number of CPU cores is more important than the clock speed unless we are running intense applications.

  • Memory.  We should have lots of memory and take advantage of multiple channels.  The amount of memory depends on the quantity and type of applications that will operate across all the servers.

  • Hard Disk.  We should have adequate hard disk capacity for the server.  The hard disk drives should be set up in a RAID configuration.  We should use solid state SAS drives for better performance.

  • Network.  Each virtual machine will have one or more virtual network interfaces, each with a virtual MAC address.  The network interfaces will be established through the software defined network.  The hardware ethernet port(s) on the server will connect to the physical network and must be shared by the virtual servers. 

    It is possible to create a virtual (software-defined) network that connects the virtual machines and route traffic to the physical network.  The hardware ethernet port(s) therefore act as a switch, where the virtual servers are considered connected devices.

    The physical network capacity should be adequate for the traffic passing through.  It may be 1 Gbps, 10 Gbps, multiple 10 Gbps connections.

  • Other considerations.  The server will support many users and applications. It should have redundant power supplies.

Security?

Hypervisor software is robust and secure, but there are always bugs and software flaws that could be discovered later.  The biggest concern is that data could leak from one virtual server to another (either through the RAM, processor, or hard disk drive).

It is important to

  • Apply software updates when they become available
  • Keep the server physically secure
  • Secure the management interface for the hypervisor
  • Disable unnecessary services
  • Avoid running sensitive applications on shared servers