Beruflich Dokumente
Kultur Dokumente
Introduction ................................................................................................................................... 2 Integrity Virtual Machines Architecture................................................................................................ 2 Virtual Machine Host System ......................................................................................................... 2 Virtual Machine Control............................................................................................................ 2 Scheduling Access to Physical Resources ..................................................................................... 3 Virtual Machines......................................................................................................................... 3 Virtual Machine Monitor............................................................................................................... 3 Virtual Ethernet Switches............................................................................................................... 4 Processor Virtualization ................................................................................................................... 4 Memory Virtualization ..................................................................................................................... 4 Storage Virtualization...................................................................................................................... 5 Virtual Networking.......................................................................................................................... 5 Virtual Ethernet Switches............................................................................................................... 5 Virtual Network Interface Cards..................................................................................................... 6 Virtual Machine Management........................................................................................................... 7 Command Line Interface............................................................................................................... 7 Graphical User Interface .............................................................................................................. 8 Customizable Roles for Access and Management ............................................................................. 8 General Security for the VM Host System ............................................................................................ 8 Conclusion .................................................................................................................................... 9 For more information....................................................................................................................... 9
Introduction
HP Integrity Virtual Machines (Integrity VM) is a soft partitioning and virtualization technology within HP's Virtual Server Environment, which enables you to create multiple virtual servers within a single HP Integrity server, hard partition, or blade. A single HP Integrity system running Integrity VM can support multiple virtual machines, each with its own separate guest operating system. As a result, each virtual machine (VM) can host its own applications in an isolated environment. Integrity VM shares the physical resources of the Integrity server amongst all of the virtual machines it hosts. You can define virtual machines as single-CPU or SMP servers with the flexibility to host many virtual CPUs on a single physical processor. The same is true for I/O a single I/O card can be shared by multiple virtual machines. HP enables both flexibility and scalability with its Integrity VM technology. You can create virtual servers with multiple virtual CPUs and I/O devices, each running a separate operating system instance with different OS versions, applications, and users. The result is a virtual machine technology that provides increased hardware utilization and flexibility in server provisioning with isolation, improved system availability, and higher capacity. Integrity VM development is performed using strict security guidelines and each product release undergoes a formal security review in the design phase.
Scheduling Access to Physical Resources One of the critical functions of the VM Host is managing VM access to physical resources processor resources in particular. Each virtual machine has a guaranteed resource entitlement associated with it. Leveraging the fair-share scheduler (FSS) functionality inherent in the HP-UX operating system, the VM Host system enforces processor resource allocation to virtual machines. The Integrity VM scheduler accomplishes this by assigning each VM to a unique FSS allocation group. These FSS groups are analogous to those found in HP Process Resource Manager. This functionality guarantees allocation of physical processor resources sufficient to meet the demand of a virtual machine until that allocation reaches the virtual machines entitlement. Once a virtual machine receives its entitled share of resources it will not receive any additional resources until all other virtual machines have their resource demands met in the same manner. The VM Host system enforces this allocation behavior regardless of the resource demand of other virtual machines hosted on that VM Host system. Integrity VM uses processor resources to emulate virtual I/O adapters configured for a virtual machine. As these virtual adapters are part of the virtual machine, their use is also subject to that virtual machines guaranteed processor entitlement. The FSS functionality is also applied to other entities running on the VM Host system, including virtual Ethernet switches, management tools and agents such as those used by HPs Global Workload Manager and Glance. The VM Host identifies any entity that is not part of the Integrity Virtual Machine environment and places it in an FSS group that collectively has a minimal guaranteed entitlement. This provides a minimal amount of processing resources necessary for management tools while protecting virtual machines from entities that may deliberately or inadvertently attempt to affect resource allocation to those virtual machines.
Virtual Machines
Integrity Virtual Machines presents a virtualization of an Integrity-based computer system by virtualizing computer system components such as processors, memory, storage, and network interfaces. Such a virtual machine is accessed through the Intel Extensible Firmware Interface (EFI) providing functionality analogous to that of a physical server. Operating systems are installed on the virtual machine using its firmware interface in the same way as they are with physical HP Integrity servers.
Processor Virtualization
Virtual machines can have one or more virtual processors. These virtual processors are effectively singe-core and single-threaded. Each virtual processor or virtual CPU (vCPU) is manifested as a single thread executing on the VM Host system. Integrity VM forces these threads to execute on separate physical processor cores while allowing them to begin execution at the same time. As a result, virtual SMPs are protected from processing sluggishness caused by non-synchronous execution of their virtual CPUs. At the same time, these virtual SMPs enjoy the benefits of the fair-share scheduling functionality, precluding denial of service attacks. Hyperthreading allows threads to share memory and state on a single processor and, as a result, may provide opportunities for other software or virtual machines to monitor the execution and state of another virtual machine. Integrity VM disables hyperthreading in the VM Host as well as inside the virtual machines themselves, eliminating the potential for such security breaches.
Memory Virtualization
When a virtual machine is started, the virtual machine monitor allocates memory on the VM Host system and presents that memory to the virtual machine as if it were private, physical memory. Each virtual machine is provided with a virtualized physical address spaced called guest physical memory. The guest operating system manages this guest-physical memory in exactly the same way the operating system manages physical memory on a physical computer system. The VMM manages the mapping of guest-physical memory to real-physical memory on the VM Host system. Any interaction of the guest operating system with its memory management entities such as page tables and translation look-aside buffers are intercepted by the VMM, controlling access to physical memory management structures. If the guest operating system or its applications attempt to access memory other than what has been allocated by the VMM, then Integrity VM delivers a fault to the guest operating system preventing such behavior sometimes referred to as hyperspacing. Integrity VM fills memory allocated initially to a virtual machine with zeros. Whenever a virtual machine uses dynamic memory control to acquire guest-physical memory, that memory is also zero filled before the VMM allows the virtual machine access. Hence, at any given point in time, a virtual machine has exclusive access to memory and the contents of that memory cannot contain data from any other virtual machine or process.
Storage Virtualization
Integrity VM virtualizes the memory-mapped I/O architecture of the Itanium processor family. It intercepts loads and store to memory addresses that would represent physical devices in a real computer, and emulates the behavior of the corresponding devices. To allow guest operating systems to control I/O devices with complete isolation and flexibility and without adding virtualization-aware drivers, Integrity VM provides register-level emulation of I/O devices. Register-level emulation is accomplished by emulating the semantics of a device such that the existing device drivers in an operating system can communicate with the virtual device. The VMM contains device emulators that intercept memory accesses and take appropriate action. In most cases, these emulators format an I/O request message that is then sent on to the VM Host operating system. The VM Host operating system then sends the I/O request to its own device driver stack where it ultimately accesses the physical device. Upon completion of the I/O request, the real hardware delivers an external interrupt serviced by the VM Host, which causes the VMM to trigger the delivery of a virtual interrupt in the guest operating system. This interrupt signals to the guest operating system that its I/O transaction has completed. When the VMM intercepts I/O requests from the virtual machine, it validates I/O space addresses and ports, as well as data address ranges so that, for example, attempts to write to invalid media are prevented. Similarly, the VMM intercepts invalid instruction sequences resulting in faults delivered to the guest operating system delivering them. Integrity Virtual Machines also provides accelerated virtual I/O (AVIO) devices that deliver higher performance while still providing connectivity to logical storage and virtual switches. This functionality requires AVIO modules on both the VM Host system as well as the guest operating systems. The VM Hosts AVIO module performs all address validation and translation of I/O requests before forwarding them on to the physical I/O device. This will ensure that virtual machines are not able to accidentally or maliciously corrupt memory on other virtual machines or the VM Host.
Virtual Networking
With Integrity VM, the virtual networking functionality is manifested as a combination of virtual network interface adapters on virtual machines, virtual Ethernet switches, the network stack on the VM Host system and, optionally, network ports on the VM Host.
Conclusion
By leveraging its long history of providing secure hardware and software products, HP provides an extremely secure environment for virtualization of computer resources with Integrity Virtual Machines. Integrity VM reduces risk from threats while simplifying access control in a virtual environment, providing you with the confidence you need to securely execute your most business-critical applications while getting the most out of your computer system hardware investment.
2007 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Itanium is a trademark or registered trademark of Intel Corporation or its subsidiaries in the United States and other countries. V1.0, October 2007