VIRTUALIZATION FOR DATA-CENTER AUTOMATION

3.5.1 Server Consolidation in Data Centers

3.5.2 Virtual Storage Management
3.5.3 Cloud OS for Virtualized Data Centers
3.5.4 Trust Management in Virtualized Data Centers
3.5.4.1 VM-Based Intrusion Detection

3.5 VIRTUALIZATION FOR DATA-CENTER AUTOMATION

 Data centers have grown rapidly in recent years.

 Data-center automation means that huge volumes of hardware, software, and database
resources in these data centers can be allocated dynamically to millions of Internet
users simultaneously, with guaranteed QoS and cost-effectiveness.
 This automation process is triggered by the growth of virtualization products and
cloud computing services.

 Virtualization is moving towards

o enhancing mobility,
o reducing planned downtime (for maintenance), and
o increasing the number of virtual clients.
The latest virtualization development highlights
o high availability (HA),
o backup services,
o workload balancing,
o utility computing,
o production consolidation and
o further increases in client bases.

 This chapter – discuss server consolidation, virtual storage, OS support, and trust
management in automated data-center designs.
3.5.1 Server Consolidation in Data Centers

 In data centers, a large number of heterogeneous workloads can run on servers at

various times.
 These heterogeneous workloads can be roughly divided into two categories:
 chatty workloads and
o Chatty workloads may burst at some point and return to a silent state at some
other point.
 noninteractive workloads.
o Noninteractive workloads do not require people’s efforts to make progress
after they are submitted.

 At various stages, the requirements for resources of these workloads are dramatically
different.
 However, to guarantee that a workload will always be able to cope with all demand
levels, the workload is statically allocated enough resources so that peak demand is
satisfied.
o (resource optimization is focused on the CPU, memory, and network
interfaces).
Therefore, it is common that most servers in data centers are underutilized.
 A large amount of hardware, space, power, and management cost of these servers is
wasted.

 Virtualization-based Server consolidation is an approach to improve the low utility

ratio of hardware resources by reducing the number of physical servers.

Data centers need to optimize their resource management.

 Server virtualization enables smaller resource allocation than a physical machine.
 In general, the use of VMs increases resource management complexity.
 This causes a challenge in terms of how to improve resource utilization as well as
guarantee QoS in data centers.
  In detail, server virtualization has the following side effects:
o Consolidation enhances hardware utilization.
 Many underutilized servers are consolidated into fewer servers to
enhance resource utilization. Consolidation also facilitates backup
services and disaster recovery.
o This approach enables more agile provisioning and deployment of resources.
 In a virtual environment, the images of the guest OSes and their
applications are readily cloned and reused.
o The total cost of ownership is reduced.
 In this sense, server virtualization causes deferred purchases of new
servers, a smaller data-center footprint, lower maintenance costs, and
lower power, cooling, and cabling requirements.
o This approach improves availability and business continuity.
 The crash of a guest OS has no effect on the host OS or any other guest
OS. It becomes easier to transfer a VM from one server to another,
because virtual servers are unaware of the underlying hardware.

To automate data-center operations, one must consider

o resource scheduling,
o architectural support,
o power management,
o resource management,
o performance of analytical models, and so on.

 to improve resource utilization – need an efficient, on-demand, fine-grained scheduler.

 Scheduling and reallocations can be done either at the VM level or server level or
data-center level.
 Allocation is based on VM utilization and application-level QoS metrics.

3.5.2 Virtual Storage Management

 Virtual storage includes the storage managed by VMMs and guest OSes.
 Generally, the data stored in this environment can be classified into two categories:
 o VM images and
o Application data.

 The VM images are special to the virtual environment, while application data includes
all other data which is the same as the data in traditional OS environments.

 The most important aspects of system virtualization are

o encapsulation and
o isolation

 Traditional operating systems and applications running on them can be encapsulated

in VMs.
 Only one operating system runs in a virtualization – while many applications run in
the operating system.
 System virtualization allows multiple VMs to run on a physical machine and the VMs
are completely isolated.

However – In virtualization environments, a virtualization layer is inserted between the

hardware and traditional operating systems or a traditional operating system is modified to
support virtualization.
 This procedure complicates storage operations.
On the one hand, storage management of the guest OS performs as though it is operating in a
real hard disk while the guest OSes cannot access the hard disk directly.
 On the other hand, many guest OSes contest the hard disk when many VMs are
running on a single physical machine.
Therefore, storage management of the underlying VMM is much more complex than that of
guest OSes (traditional OSes).
In data centers, there are often thousands of VMs, which cause the VM images to become
flooded.
 Many researchers tried to solve these problems in virtual storage management.
 The main purposes of their research are to make management easy while enhancing
performance and reducing the amount of storage occupied by the VM images.
3.5.3 Cloud OS for Virtualized Data Centers

 Data centers must be virtualized to serve as cloud providers.

 Table 3.6 summarizes four virtual infrastructure (VI) managers and OSes.
 These VI managers and OSes are specially tailored for virtualizing data centers which
often own a large number of servers in clusters.
 Nimbus, Eucalyptus, and OpenNebula are all open source software available to the
general public.
 Only vSphere 4 is a proprietary OS for cloud resource virtualization and management
over data centers.
 These VI managers are used to create VMs and aggregate them into virtual clusters as
elastic resources.
 Nimbus and Eucalyptus support essentially virtual networks.
 OpenNebula has additional features to provision dynamic resources and make
advance reservations.
 All three public VI managers apply Xen and KVM for virtualization.
 vSphere 4 uses the hypervisors ESX and ESXi from VMware.
 Only vSphere 4 supports virtual storage in addition to virtual networking and data
protection.

3.5.4 Trust Management in Virtualized Data Centers

 A VMM changes the computer architecture.

 It provides a layer of software between the operating systems and system hardware to
create one or more VMs on a single physical platform.
 A VM entirely encapsulates the state of the guest operating system running inside it.
 Encapsulated machine state can be copied and shared over the network and removed
like a normal file, which proposes a challenge to VM security.

3.5.4.1 VM-Based Intrusion Detection

 Intrusions are unauthorized access to a certain computer from local or network users
and intrusion detection is used to recognize the unauthorized access.
  An intrusion detection system (IDS) is built on operating systems, and is based on the
characteristics of intrusion actions.
 Depending on the data source – a typical IDS can be classified as
o a host-based IDS (HIDS) or
o a network-based IDS (NIDS).

HIDS:
 A HIDS can be implemented on the monitored system.
 When the monitored system is attacked by hackers, the HIDS also faces the risk of
being attacked.
 A NIDS is based on the flow of network traffic which can’t detect fake actions.

Virtualization-based intrusion detection

 Virtualization-based intrusion detection can isolate guest VMs on the same hardware
platform.
 Advantage of this approach is
o Even if some are VMs invaded successfully – they never influence other VMs.
o A VMM monitors and audits access requests for hardware and system
software. This can avoid fake actions and possess the merit of a HIDS.

There are two different methods for implementing a VM-based IDS:

o Either the IDS is an independent process in each VM or a high-privileged VM
on the VMM; or
o the IDS is integrated into the VMM and has the same privilege to access the
hardware as well as the VMM.
Garfinkel and Rosenblum have proposed an IDS to run on a VMM as a high-privileged VM.
Figure 3.29 illustrates the concept.

The VM-based IDS contains a policy engine and a policy module.

o The policy framework can monitor events in different guest VMs by operating
system interface library and
o PTrace indicates trace to secure policy of monitored host.
It’s difficult to predict and prevent all intrusions without delay.
 Therefore, an analysis of the intrusion action is extremely important after an intrusion
occurs.
 Most computer systems use logs to analyze attack actions

Besides IDS, honeypots and honeynets are also prevalent in intrusion detection.
 A honeypot is a purposely defective system that simulates an operating system to
cheat and monitor the actions of an attacker.
 They attract and provide a fake system view to attackers in order to protect the real
system.
 In addition, the attack action can be analyzed, and a secure IDS can be built.

What Is Data Center Virtualization?

GeorgeUpdated at Mar 4th 20224 min read

Over the last decade, developments in cloud computing and an increased demand for
flexible IT solutions have led to new technologies that literally transform the traditional
data center. Many businesses have moved from physical on-site data centers to virtualized
data center solutions as server virtualization has become a common practice.

What Is Data Center Virtualization and How Does it Work?

Data center virtualization is the transfer of physical data centers into digital data centers
using a cloud software platform, so that companies can remotely access information and
applications.

In a virtualized data center, a virtual server, also called a software-defined data center
(SDDC) is created from traditional, physical servers. This process abstracts physical
hardware by imitating its processors, operating system, and other resources with help
from a hypervisor. A hypervisor (or virtual machine monitor, VMM, virtualizer) is a
software that creates and manages a virtual machine. It treats resources such as CPU,
memory, and storage as a pool that can be easily reallocated between existing virtual
machines or to new ones.
Benefits of Data Center Virtualization

Data center virtualization offers a range of strategic and technological benefits to

businesses looking for increased profitability or greater scalability. Here we’ll discuss
some of these benefits.

Scalability

Compared to physical servers, which require extensive and sometimes expensive sourcing
and time management, virtual data centers are relatively simpler, quicker, and more
economical to set up. Any company that experiences high levels of growth might want to
consider implementing a virtualized data center.

It’s also a good fit for companies experiencing seasonal increases in business activity.
During peak times, virtualized memory, processing power, and storage can be added at a
lesser cost and in a faster timeframe than purchasing and installing components on a
physical machine. Likewise, when demand slows, virtual resources can be scaled down to
remove unnecessary expenses. All of these are not possible with metal servers.
Data Mobility

Before virtualization, everything from common tasks and daily interactions to in-depth
analytics and data storage happened at the server level, meaning they could only be
accessed from one location. With a strong enough Internet connection, virtualized
resources can be accessed when and where they are needed. For example, employees can
access data, applications, and services from remote locations, greatly improving
productivity outside the office.

Moreover, with help of cloud-based applications such as video conferencing, word

processing, and other content creation tools, virtualized servers make versatile
collaboration possible and create more sharing opportunities.

Cost Savings

Typically outsourced to third-party providers, physical servers are always associated with
high management and maintenance. But they will not be a problem in a virtual data
center. Unlike their physical counterparts, virtual servers are often offered as pay-as-you-
go subscriptions, meaning companies only pay for what they use. By contrast, whether
physical servers are used or not, companies still have to shoulder the costs for their
management and maintenance. As a plus, the additional functionality that virtualized data
centers offer can reduce other business expenses like travel costs.