Archive for the ‘Virtualization’ Category

Improving Data Center Resource Management, Deployment, and Availability with Virtualization

Jul 24, 2009 Grad School, Papers, Virtualization

That’s the title of my thesis proposal, which attempts to cram all the work I’ve done over the past four years in just a few words. In the end, I’m pretty happy with the result–I’ve been able to tie together the various projects I’ve worked on to show how virtualization provides powerful new techniques for deploying applications, more efficiently managing resources, and providing high reliability in large data centers.

If you are interested, you can read the full version, or look through my slides.  It should make for absolutely thrilling bed time reading.

Here is the executive summary of what I’ve worked on:

Deployment

I start by looking at the deployment challenges of transitioning to a virtual environment and figuring out where to place VMs. This is an interesting area because virtualization can provide great benefits such as improved server consolidation, but also adds new challenges in the form of virtualization overheads.

MOVE (Modeling Overheads of Virtual Environments)

When you first consider transitioning from running applications natively to using virtual machines, it is important to understand how application resource requirements will change due to the overheads incurred by the virtualization layer. The MOVE project is designed to help predict these resource changes by building a regression model that relates the native and virtual platforms. This was work that I started during an internship at HP Labs in the summer of 2007, working with Lucy Cherkasova.

Memory Buddies – Guiding VM placement with memory information

Once you know your resource requirements, you need to figure out where to put each of your virtual machines.  The Memory Buddies project tries to place virtual machines in order to maximize the amount of memory sharing that can be achieved — if VMs are running similar operating systems or applications, then the virtualization layer can share copies of these duplicated pages. In order to make this practical in a data center with many thousands of VMs, we propose an efficient fingerprinting technique that uses Bloom filters to quickly compare virtual machine memory contents.

Resource Management

Making data centers more efficient is a key concern throughout all of my work.  Virtualization’s greatest benefit comes in the promise of improved server utilization, leading to lower hardware costs and decreased energy consumption.

Sandpiper – automated VM loadbalancing

Alright, now we’ve figured out initial resource allocations and placements for all of our virtual machines, but those initial decisions may not be sufficient (or efficient) if an application’s workload changes over time. Sandpiper is a system which monitors the resource utilization and performance of a set of VMs and dynamically adjusts their resources or migrates them between hosts in order to prevent servers from becoming overloaded. This was the first project I worked on when I came to grad school, and now there are several commercial products out there doing similar things. We recently revised and extended this paper for a journal.

Reliability

High performance systems are only useful if they are reliable. The remaining work for my thesis uses virtualization to decrease the cost of high availability and fault tolerance systems.

ZZ: Cheap Practical Byzantine Fault Tolerance

Byzantine Fault Tolerance is a way of providing very strong reliability guarantees, even in the face of malicious users or application components.  Unfortunately, BFT has a very high cost because each application request must be executed 2f+1 times in order to handle f simultaneous faults. In ZZ, we try to reduce this cost down to only f+1, by using an additional f sleeping VM replicas which are only woken up after a fault is detected.

CloudNet: Wide Area Resource Management and Availability

My most recent work was started while at AT&T in Fall 2008, and looks at how VPNs can be combined with cloud computing platforms to make data center resources appear seamlessly connected to an enterprise’s existing infrastructure. We are further exploring this area to see how we can provide disaster recovery services so that if a data center becomes unavailable, the critical applications running within it can transparently fail over to servers at a different data center.

Hot Cloud 2009: The Case for Enterprise Ready Virtual Private Clouds

Jun 15, 2009 Cloud Computing, Papers

The work I presented at Hot Cloud was about what enterprise customers need from cloud computing platforms, and how we can go about building enterprise clouds that are more secure, transparent, and flexible.

You can find a copy of our paper here, and my slides here. Or you can get a summary of our ideas below.

Here are the three key features we feel are lacking from existing cloud platforms:

Security: Enterprises need strong security guarantees about the isolation of both the computation and network resources they are getting from the cloud. Existing systems rely on firewall rules for security that must be configured on a per-VM basis. While firewalls are a very powerful form of access control, they are incredibly fine grain and need to be carefully configured. This is a especially a problem in highly dynamic (ie. cloud) environments where new VMs are often being created or moved between servers.

Transparency: Another problem with cloud computing is that the resources it gives you are completely separated from the systems an enterprise is already running within its data centers. This makes it difficult to deploy applications since you can’t get the abstraction of having your cloud resources seamlessly connected to your existing LANs within the enterprise.

Resource Flexibility: There are two issues here. First, existing cloud platforms grant users very limited control over the network resources connected to their VMs.  This means, for example, that it is impossible to do something like reserve a high bandwidth link between a pair of VMs, and certainly not between a VM and the enterprise site that is going to be accessing it. Secondly, cloud platforms are not as flexible as they should be: if you replicate a VM to increase the processing power of an application you need to deal with these security and transparency issues all over again.

To help provide these three features, we propose the idea of a Virtual Private Cloud, that uses VPNs to securely connect groups of VMs within a cloud data center back to the enterprise sites that will use them.  VPNs make it so that the cloud resources are only accessible by other members of the same VPN.  This is a much coarser grain access control mechanism than firewalls, but it is much cleaner and we use MPLS based VPNs that have the benefit of being both highly scalable for enterprises that may run many hundreds or thousands of VMs, and that require no endhost configuration on the VMs — the VPN is entirely setup at the routers at the cloud and enterprise sites.  Finally, there is the option of using layer 2 VPNs (a Virtual Private LAN Service) to bridge the cloud computing data center and enterprise networks, giving the abstraction that cloud resources are seamlessly connected to the enterprise’s own LAN.

We are building a system that will implement this sort of system, and are exploring how it can be used to simplify VM migration over the WAN and for providing high availability services capable of seamlessly failing an application over from one cloud data center to another.

Speeding Up Migration with Page Sharing

May 8, 2009 Memory, Virtualization

Update: Looking at this now, I’ve definitely become fully convinced that it is a good idea.  Clearly you need to be a little careful that your pages match up at each end, but as long as you keep an intelligent cache at each end, you definitely should be able to significantly reduce the amount of migration traffic due to duplicate memory contents.

Kevin Lawton (author of old-school virtualization tool Bochs), recently wrote an article (and followup) on how you could speed up VM migration in a data center by exploiting things like page duplication between the source and destination machines.  The idea is that a lot of VMs have common memory pages that you wouldn’t actually need to copy over.  He references some of my own work that looked at the amount of sharing that actually occurs between VMs, the first (but hopefully not last) time I’ve ever seen a link to one of my papers in a random blog post in my RSS feed!

The only problem I see has to do with detecting when pages are truly identical. When you do page sharing between VMs on a single host, you detect the similarity by producing a short (32 or 64 bit) hash for each page in memory. If you scan two pages and they produce the same hash, then those pages are very likely identical. I say “very likely“, because it could just be a hash collision, and you need to actually scan all the bits in each page before you can truly know that the two pages are identical.

When you do this on a single machine, it’s not too big a deal to scan two pages and compare their bits, but if you are trying to verify that pages on the source and destination of a migration are identical, it is a big problem. Obviously you can’t just copy the page over the network to do the comparison, since that is what you were trying to avoid in the first place. I guess the only solution is to use a longer hash value (thus reducing the chance for collisions) and really hope that you don’t have a malicious VM at the destination that is trying to corrupt your memory by purposefully creating memory pages that will collide with your content.

I think it is a neat idea that would generally work in practice, but you will need a pretty smart cache at each end to make sure your really keeping the pages consistent.

Another idea would be to use a “post copy” based approach that tries to get the VM started up on the destination machine as quickly as possible, deferring copying most memory pages until after it has already started.  You might be able to use this to quickly unload a host that is approaching the overload limit, although the migrated VMs may see a larger performance penalty because of how the migration technique works.

The End of Desktops (and all your applications)

May 7, 2009 Cloud Computing

I have to agree with Google’s Eric Schmidt about the importance of cloud services on the future of everyday computing. Desktop style applications that run entirely on your own computer don’t have much life left because 1) people will have too many different devices, so keeping them all synced with local storage is a pain, 2) it’s easier for application developers to maintain a single online version of an app instead of dealing with pushing out updates and bug fixes to users, 3) forcing users to go online to get an app prevents piracy, 4) applications can get as much or as little computation and storage power as they need from the cloud, 5) etc.  Sadly, I think it might be #3 that is the real motivation in the end for many companies.

Cloud based services are also better for the environment.  If the average everyday computer can be reduced down to a basic thin client for accessing remote cloud services, that reduces the cost and energy usage of home devices.  The applications running in the cloud can in turn exploit massive degrees of multiplexing to reduce their own energy costs.  As it stands today, most peple’s computers are far more powerful than they really need to be, and they spend a lot of time sitting around idle.  You might as well give consumers devices that are as simple as possible.  Make them so simple that they don’t crash all the time.   Make it so they don’t require technically adept family members to service them a few times a year. Then people will spend less time being frustrated by their computers, and more time able to use the applications running on them.