RED HAT ENTERPRISE VIRTUALIZATION 3.0 YOUR STRATEGIC VIRTUALIZATION ALTERNATIVE John Rinehart, Product Marke3ng Manager Mark St. Laurent, Senior Solu3on Architect Email: msl@redhat.com March 28, 2012
AGENDA - Market Summary - Red Hat Enterprise Virtualiza3on Overview Enterprise Management Kernel Virtual Machine (KVM) Hypervisor Licensing and pricing Architecture Performance Security Virtual Desktop Integra3on Self Service Portal Integra3on and automa3on - Summary and Resources - Q&A
RED HAT ENTERPRISE VIRTUALIZATION MARKET SUMMARY
VIRTUALIZATION OF x86 WORKLOADS APPROACHING 50% Installed base is expected to grow five- fold from 2010 - > 2015
YOU HAVE A CHOICE IN VIRTUALIZATION Don t just find a vendor, find a solu3on; 42% of organizatons use multple hypervisors to maximize features & minimize cost InfoTech Research Group, July 2011 38 percent of companies using virtualiza3on for tradi3onal workloads say they are planning to change their hypervisor during the next year. Virtualiza3on Market faces shake- up, The Register, November 2011 Source: Veeam Sobware V- index.com If I were VMware, I wouldn t worry most about Microsob, with its tendency to subsume low- end, small business markets by including everything in the Windows opera3ng system. That's so 1990s. Rather, I'd worry that Red Hat and KVM already have a foot in the cloud. VMware Should Worry More About Red Hat, Informa3onWeek, September 2011
RED HAT ENTERPRISE VIRTUALIZATION YOUR STRATEGIC ALTERNATIVE
RED HAT ENTERPRISE VIRTUALIZATION Enterprise grade, centralized management and hypervisor for server and desktop virtualiza3on Industry leading performance, scalability and security infrastructure Ecosystem of thousands of hardware and sobware vendors 50 70% lower cost compared to other solu3ons
RHEV IS MATURE AND READY FOR LARGE SCALE VIRTUALIZATION DEPLOYMENTS...
THOUSANDS OF CUSTOMERS WORLDWIDE DEPLOY RHEV IN PRODUCTION TODAY T1/ MISSION CRITICAL BUSINESS APPLICATIONS ARE POWERED BY RHEV
USE CASE: SERVER CONSOLIDATION Consolida3on of Oracle Financials, database and other mission cri3cal applica3ons on RHEV Power, cooling and space savings Infrastructure up3me advantage Flexibility (live migra3on, load balancing etc.) Move towards private/ hybrid cloud deployment
RED HAT ENTERPRISE VIRTUALIZATION RHEV MANAGER
RHEV MANAGER FEATURES: ENTERPRISE VIRTUALIZATION MANAGEMENT High Availability Live Migra3on Self Service Portal Load Balancing (DRS) Power Saver (DPM) Templates, thin provisioning, snapshots Centralized storage and networking management Servers and Desktops together
RHEV HYPERVISOR/KVM OVERVIEW SMALL FORM FACTOR, SCALABLE, HIGH PERFORMANCE Host: 160 logical CPU (4,096 theore3cal max), 2TB RAM (64TB theore3cal max) Guest: 64 vcpu, 512GB RAM Supports latest silicon virtualiza3on technology: SR- IOV, Based on the latest RHEL 6.2 kernel Microsob SVVP
INDEPENDENT REVIEWS SHOW RED HAT COMING ON STRONG Source: InfoWorld, VirtualizaKon shoot- out: Citrix, MicrosoP, Red Hat, and VMware, April 13, 2011 h_p://bit.ly/rhevshootout
INDUSTRY LEADING VIRTUALIZATION PERFORMANCE SPECvirt_sc2010: As of January 1, 2012, RHEV claims top 6 results and the only 8 socket server scores
INDUSTRY LEADERSHIP: SIGNIFICANT COST ADVANTAGE 10 physical hosts (2x4HT, 64GB) Same density across both 10 physical hosts (2x8HT, 256GB) Same density across both RHEV COSTS 1/7 th VS. VMWARE AND 1/3 rd OVER 3 YEARS. SCALE UP COST ADVANTAGE EVEN MORE
RHEV 3.0 architecture RHEV- Manager is now a Java applica3on running on JBoss EAP on RHEL Backend database is now PostgreSQL 8.4 New user portal, REST API, Linux CLI Support for mul3ple external authen3ca3on sources - Red Hat Iden3ty Management - Microsob Ac3ve Directory
ADVANCED SECURITY FOR YOUR VIRTUALIZATION INFRASTRUCTURE RHEV inherits the security features of Linux and RHEL SELinux security policy infrastructure Provides protec3on and isola3on for virtual machines and host Compromised virtual machine cannot access other VMs or host svirt Project Sub- project of NSA's SELinux community. Provides hardened hypervisor. Mul3- level security. Isolate guests Contain any hypervisor breaches
Before SELinux...
Web DNS Mail Linux Kernel Processes all have equal access to the system...
Web DNS Mail Linux Kernel...if one is attacked...
Web DNS Mail Linux Kernel...taken over due to vulnerability...
Web DNS Mail Linux Kernel...and gets a privilege escalation...
Web DNS Mail Linux Kernel...the system is lost.
With SELinux...
Web DNS Mail Linux Kernel Each process is confined in its own sandbox, distinct from the others.
Web DNS Mail Linux Kernel If a process is attacked...
Web DNS Mail Linux Kernel...and compromised, there is far less exposure. You lose the process, not the system.
With SELinux and MLS /MCS...
Web Secret DNS Unclassified Mail Unclassified Linux Kernel We can label the Sandboxes with a level of sensitivity and categories.
...and now add Virtualization...
Web DNS Mail Web DNS Mail Linux Kernel Linux Kernel...before virtualization...
Hypervisor Vulnerabili3es Not theore3cal Evolving field Poten3ally huge payoffs Xen already compromised... Over 200 Security Problems found in Xen? Vmware vulnerabili3es Google returns over 500,000 results
XEN Vulnerability htp://www.hacker- sob.net/sob/sob_13289.htm The Challenges posed by SELinux are taken into considera3on. 3/29/12 35
VM 1 VM 2 VM 3 Linux Kernel Image1 Image2 Image3 ImageN Virtual machine processes all have equal access to the system...
Web VM 1 VM 2 VM 3 Linux Kernel Image1 Image2 Image3 ImageN...if application on virtual machine is attacked...
Web VM 1 VM 2 VM 3 Linux Kernel Image1 Image2 Image3 ImageN...compromised...
Web VM 1 VM 2 VM 3 Linux Kernel Image1 Image2 Image3 ImageN...and gets a privilege escalation...
Web VM 1 VM 2 VM 3 Linux Kernel Image1 Image2 Image3 ImageN.. and your machine has a Hypervisor Vulnerability...
Web VM 1 VM 2 VM 3 Linux Kernel Image1 Image2 Image3 ImageN.. But not just the running VM's and host, but all images...
Popular Science April 2011
SELinux to the Rescue
SELinux is all about labeling Processes get labels Virtual machines with kvm are processes!!! Files/Devices Get Labels Virtual images are stored on files/devices!!!! Rules control how Process Labels Interact with Process/File Labels. Kernel Enforces these Rules.
Web VM 2 VM 3 VM 1 Unclassified TS/SCI TS/SCI Linux Kernel Image1 Image2 Image3 ImageN Compromised Virtual Machine confined despite hypervisor vulnerability
Web Secret Guard 1 Unclass VM TS/SCI Guard 2 Unclass VM TS/SCI Linux Kernel KVM KVM guests are processes, so we can confine them like processes.
Web DNS Mail Linux Kernel Web Secret Guard 1 TS/SCI VM TS/SCI Guard 2 Unclass VM Unclass Linux Kernel KVM And of course the guest operating system can also run SELinux
htp://peoc3t.monmouth.army.mil/vcb2/vcb2.html
RED HAT ENTERPRISE VIRTUALIZATION FOR DESKTOPS COMPLETE VIRTUAL DESKTOP INFRASTRUCTURE SOLUTION Complete Virtual Desktop Infrastructure solu3on Windows & Linux desktops Full featured VDI: Integrated connec3on broker, pooling, templates, thin provisioning, memory overcommit, system scheduler, & more
RED HAT ENTERPRISE VIRTUALIZATION RHEV 3.0 - SELF SERVICE PORTAL Create, edit and remove virtual machines Manage virtual disks and network interfaces Assign user permissions to virtual machines Create and use templates to rapidly deploy virtual machines Monitor resource usage and high- severity events Create and use snapshots to restore virtual machines to a previous state
RED HAT ENTERPRISE VIRTUALIZATION RHEV 3.0 - USER PORTAL User Portal - Advanced view User Portal - Basic View Create, edit and remove virtual machines Manage virtual disks and network interfaces Assign user permissions to virtual machines Create and use templates to rapidly deploy virtual machines Monitor resource usage and high- severity events Create and use snapshots to restore virtual machines to a previous state
RED HAT ENTERPRISE VIRTUALIZATION RHEV 3.0 REPORTING Historical usage, trending, quality of service Integrated repor3ng engine based on Jasper reports Over 25 prebuilt reports and dashboards included Ability to create and customize reports and templates
RED HAT ENTERPRISE VIRTUALIZATION 3.0 INTEGRATION & AUTOMATION Integra3on New RESTful API for integra3on with RHEV Manager Super set of RHEV management func3onality Automa3on Linux command line interface for scrip3ng and automa3on HOOKS mechanism allows custom scripts to modify VM opera3ons
Cer3fica3on status htp://www.redhat.com/solu3ons/industry/government/cer3fica3ons.html
INDUSTRY LEADERSHIP: THE ONLY END- TO- END OPEN VIRTUALIZATION INFRASTRUCTURE INDUSTRY LEADERS IN INFRASTRUCTURE, NETWORKING, STORAGE ARE BACKING RHEV
CISCO AND RED HAT RELATIONSHIP InnovaTon Propelled by the Momentum of the Open Source Community. Integrated: Cisco and Red Hat together have integrated Cisco UCS innova3ons with KVM. Open: Cisco and Red Hat have collaborated and made significant contribu3ons to the open source KVM hypervisor and the Linux community in general. Tuned: The limitless imagina3on of the open source community increases performance, resolves issues, and integrates a broad source of enhancements
TRY IT YOURSELF! redhat.com/promo/rhev3
RHEV 3.0 RESOURCES More informa3on or download free trial redhat.com/promo/rhev Watch the virtual event on- demand redhat.com/virtual RHEV webinars on- demand redhat.com/webinars/virtualizaton
QUESTIONS? redhat.com/promo/rhev3 John Rinehart: jrinehar@redhat.com Mark St Laurent: mstlaure@redhat.com