Unit-2

UNIT- II: Virtual Machines and Virtualization of Clusters and Data Centers

1. Implementation Levels of Virtualization,

2. Virtualization Structures/ Tools and mechanisms,

3. Virtualization of CPU,

4. Memory and I/O Devices,

5. Virtual Clusters and Resource Management,

6. Virtualization for Data Center Automation.

8/16/2023 Cloud Computing/ Unit-2 2

 virtualization
• In computing, virtualization refers to the act of creating a virtual (rather
than actual) version of something, including virtual computer hardware
platforms, storage devices, and computer network resources.

8/16/2023 Cloud Computing/ Unit-2 3

 IMPLEMENTATION LEVELS OF VIRTUALIZATION

• Virtualization is a computer architecture technology by which multiple

virtual machines (VMs) are multiplexed in the same hardware machine.

• The purpose of a VM is to enhance resource sharing by many users and

improve computer performance in terms of resource utilization and
application flexibility.

• Hardware resources (CPU, memory, I/O devices, etc.) or software resources

(operating system and software libraries) can be virtualized in various
functional layers.

8/16/2023 Cloud Computing/ Unit-2 4

 Levels of Virtualization Implementation
• A traditional computer runs with a host operating system specially tailored for its
hardware architecture.
• After virtualization, different user applications managed by their own operating
systems (guest OS) can run on the same hardware, independent of the host OS.
• This is often done by adding additional software, called a virtualization layer.
• This virtualization layer is known as hypervisor or virtual machine monitor (VMM).
• The VMs are shown in the upper boxes, where applications run with their own
guest OS over the virtualized CPU, memory, and I/O resources.

8/16/2023 Cloud Computing/ Unit-2 5

8/16/2023 Cloud Computing/ Unit-2 6
8/16/2023 Cloud Computing/ Unit-2 7
 Levels of Virtualization Implementation

Virtualization ranging from hardware to applications in five abstraction levels.

8/16/2023 Cloud Computing/ Unit-2 8

 Virtualization at ISA (Instruction Set Architecture) level

❑ Emulating a given ISA by the ISA of the host machine.

❑ The basic emulation method is through code interpretation.
❑ An interpreter program interprets the source instructions to target instructions one
by one.
• Typical systems: Bochs, Crusoe, Quemu, BIRD, Dynamo

1-9
Virtualization at Hardware Abstraction level

❑ Mapping of virtual resources with physical resources.

❑ Distinguished between privileged and non privileged instruction

1 - 10
 Virtualization at Hardware Abstraction level

• A hardware abstraction layer (HAL) is a logical division of code that serves as an abstraction
layer between a computer's physical hardware and its software.
• It provides a device driver interface allowing a program to communicate with the hardware.
• The main purpose of a HAL is to conceal different hardware architectures from the OS by
providing a uniform interface to the system peripherals.

1 - 11
 Virtualization at Hardware Abstraction level
The HAL provides the following benefits:
• Allowing applications to extract as much performance out of the hardware devices as possible
• Enabling the OS to perform regardless of the hardware architecture
• Enabling device drivers to provide direct access to each hardware device, which allows programs
to be device-independent
• Allowing software programs to communicate with the hardware devices at a general level
• Facilitating portability

1 - 12
 Virtualization at Operating System (OS) level

Advantage:
• Has minimal starup/shutdown cost, low resource requirement, and high
scalability; synchronize VM and host state changes.
Shortcoming & limitation:
• All VMs at the operating system level must have the same kind of guest OS
• Poor application flexibility and isolation.

1 - 13
 Virtualization at Hardware Abstraction level

Virtualization is performed right on top of the hardware.

• It generates virtual hardware environments for VMs, and manages the underlying hardware
through virtualization.
• Typical systems: VMware, Virtual PC, Denali, Xen
• The idea is to virtualize a computer’s resources such as its processors, memory, and I/O
devices. The intention is to upgrade the hardware utilization rate.

1 - 14
 Virtualization at Operating System (OS) level

It is an abstraction layer between traditional OS and user applications.

• This virtualization creates isolated containers on a single physical server and the
OS-instance to utilize the hardware and software in datacenters.
• Containers provide a lightweight virtual environment that groups and isolates a set
of processes and resources such as memory, CPU, disk etc., from the host.
• The isolation guarantees that any processors inside the container cannot see any
processes or resources outside the container.
• Typical systems: Jail / Virtual Environment / Ensim's VPS / FVM

1 - 15
 Library Support Level
• Most applications use APIs exported by user-level libraries rather than using lengthy system calls by the
OS.

• Since most systems provide well-documented APIs, such an interface becomes another candidate for
virtualization.

• Virtualization with library interfaces is possible by controlling the communication link between applications
and the rest of a system through API hooks.

• The software tool WINE has implemented this approach to support Windows applications on top of UNIX
hosts.

• Another example is the vCUDA which allows applications executing within VMs to leverage GPU hardware
acceleration.

8/16/2023 Cloud Computing/ Unit-2 16

 User application level
• Virtualization at the application level virtualizes an application as a VM.

• On a traditional OS, an application often runs as a process. Therefore, application-level virtualization is

also known as process-level virtualization.

• The most popular approach is to deploy high level language (HLL) VMs.

• In this scenario, the virtualization layer sits as an application program on top of the operating system,
and the layer exports an abstraction of a VM that can run programs written and compiled to a particular
abstract machine definition.

• Any program written in the HLL and compiled for this VM will be able to run on it.

• The Microsoft .NET CLR and Java Virtual Machine (JVM) are two good examples of this class of VM.

8/16/2023 Cloud Computing/ Unit-2 17

 VMM Design Requirements and Providers

• hardware-level virtualization inserts a layer between real hardware and

traditional operating systems. This layer is commonly called the Virtual Machine
Monitor (VMM) and it manages the hardware resources of a computing system.
• There are three requirements for a VMM.
• First, a VMM should provide an environment for programs which is essentially
identical to the original machine.
• Second, programs run in this environment should show, at worst, only minor
decreases in speed.
• Third, a VMM should be in complete control of the system resources.

8/16/2023 Cloud Computing/ Unit-2 18

Containers vs Virtual Machines (VMs)

What are Virtual Machines (VMs)?

• A virtual machine (VM) is an operating system that shares the physical
resources of one server. It is a guest on the host’s hardware, which is
why it is also called a guest machine.

8/16/2023 Cloud Computing/ Unit-2 19

8/16/2023 Cloud Computing/ Unit-2 20
• What is a Container?

• A container is an environment that runs an application that is not

dependent on the operating system. It isolates the app from the host by
virtualizing it. This allows users to created multiple workloads on a single
OS instance.

8/16/2023 Cloud Computing/ Unit-2 21

8/16/2023 Cloud Computing/ Unit-2 22
 Virtualization Support at the OS Level
• CC is transforming the computing landscape by shifting the hardware and management costs of a data
centre to third parties.

• The challenges of CC are:

a) the ability to use a variable number of physical machines and VM instances depending on the needs of the
problem. Ex: A work may need a single CPU at an instance but multi-CPUs at another instance

b) the slow operation of instantiating new VMs.

8/16/2023 Cloud Computing/ Unit-2 23

• Operating system virtualization inserts a virtualization layer inside an operating system
to partition a machine’s physical resources.
• It enables multiple isolated VMs within a single operating system kernel. This kind of VM
is often called a virtual execution environment (VE), Virtual Private System (VPS), or
simply container.
• From the user’s point of view, VEs look like real servers.
• This means a VE has its own set of processes, file system, user accounts, network
interfaces with IP addresses, routing tables, firewall rules, and other personal settings.

8/16/2023 Cloud Computing/ Unit-2 24

Virtualization at OS Level

1 - 25
 Virtualization for Linux

OpenVZ (Open Virtuozzo) is an operating-system-level virtualization technology for Linux.

1 - 26
Advantages of OS Extensions

• VMs at the OS level have minimal start-up shutdown costs, low resource
requirements and high scalability.
• For an OS level VM, the VM and its host environment can synchronise state changes

8/16/2023 Cloud Computing/ Unit-2 27

Disadvantages of OS Extension
• The main disadvantage of OS extensions is that all VMs at OS level on a
single container must have the same kind of guest OS.

8/16/2023 Cloud Computing/ Unit-2 28

 Middleware Support for Virtualization

• This is the other name for Library-level Virtualization and is also known as user-level
Application Binary Interface or API emulation.

• This type of virtualization can create execution environments for running alien
(new/unknown) programs on a platform rather than creating a VM to run the entire OS.

8/16/2023 Cloud Computing/ Unit-2 29

8/16/2023 Cloud Computing/ Unit-2 30
 VIRTUALIZATION STRUCTURES/TOOLS AND
MECHANISMS
• the virtualization layer is responsible for converting
portions of the real hardware into virtual hardware.
• Therefore, different operating systems such as Linux and
Windows can run on the same physical machine,
simultaneously.
• Depending on the position of the virtualization layer,
there are several classes of VM architectures, namely
the
• hypervisor architecture,
• paravirtualization,
• And host-based virtualization.
• The hypervisor is also known as the VMM (Virtual
Machine Monitor). They both perform the same
virtualization operations.

8/16/2023 Cloud Computing/ Unit-2 31

 HYPERVISOR AND XEN ARCHITECTURE
Hypervisor
A hypervisor is a hardware virtualization technique allowing multiple operating systems, called guests to
run on a host machine. This is also called the Virtual Machine Monitor (VMM).
Type 1: bare metal hypervisor
• sits on the bare metal computer hardware like the CPU, memory, Disk, N/W etc.
• All guest operating systems are a layer above the hypervisor.
Type 2: hosted hypervisor
• Run over a host operating system.
• Hypervisor is the second layer over the hardware.
• Guest operating systems run a layer over the hypervisor.
• The OS is usually unaware of the virtualization

1 - 32
1 - 33
 Hypervisor and Xen Architecture

▪ Xen is an open source hypervisor program developed by Cambridge University.

▪ Xen is a microkernel hypervisor, which separates the policy from the mechanism.
▪ The Xen hypervisor implements all the mechanisms, leaving the policy to be handled by Domain 0,
as shown in figure does not include any device drivers natively.
▪ It just provides a mechanism by which a guest OS can have direct access to the physical
devices. As a result, the size of the Xen hypervisor is kept rather small.
▪ Xen provides a virtual environment located between the hardware and the OS.
▪ A number of vendors are in the process of developing commercial Xen hypervisors, among them
are Citrix XenServer and Oracle VM.

8/16/2023 Cloud Computing/ Unit-2 34

 Hypervisor and Xen Architecture
▪ The core components of a Xen system are the hypervisor, kernel, and applications.
The organization of the three components is important.

▪ Like other virtualization systems, many guest Oses can run on top of the hypervisor.
▪ The guest OS, which has control ability, is called Domain 0, and the others are called Domain U.
▪ Domain 0 is a privileged guest OS of Xen.
▪ It is first loaded when Xen boots without any file system drivers being available.
▪ Domain 0 is designed to access hardware directly and manage devices. Therefore, one of the
responsibilities of Domain 0 is to allocate and map hardware resources for the guest domains (the
Domain U domains).

8/16/2023 Cloud Computing/ Unit-2 35

Domain 0, behaving as a VMM, allows users to create, copy, save, read, modify, share, migrate, and roll back VMs as easily
as manipulating a file, which flexibly provides tremendous benefits for users.

8/16/2023 Cloud Computing/ Unit-2 36

 Binary Translation with Full Virtualization
• Depending on implementation Technology, Hardware virtualization can be classified into two categories:

1. full virtualization and

2. host-based virtualization.

• Full virtualization does not need to modify the host OS. It relies on binary translation to trap and to virtualize the execution of
certain sensitive, non-virtualizable instructions.

• The guest OSes and their applications consist of noncritical and critical instructions.

• In a host-based system, both a host OS and a guest OS are used. A virtualization software layer is built between the host OS and
guest OS.

8/16/2023 Cloud Computing/ Unit-2 37

 Full Virtualization
• With full virtualization, noncritical instructions run on the hardware directly while critical instructions are discovered and replaced
with traps into the VMM to be emulated by software.

• Both the hypervisor and VMM approaches are considered full virtualization.

• Why are only critical instructions trapped into the VMM?

• This is because binary translation can acquire a large performance overhead.

• Noncritical instructions do not control hardware or threaten the security of the system, but critical instructions do.

• Therefore, running noncritical instructions on hardware not only can promote efficiency, but also can ensure system security.

8/16/2023 Cloud Computing/ Unit-2 38

 Binary Translation of Guest OS Requests Using a
VMM
• This approach was implemented by VMware and many other software
companies.
• VMware puts the VMM at Ring 0 and the guest OS at Ring 1.
• The VMM scans the instruction stream and identifies the privileged,
control- and behavior-sensitive instructions.
• When these instructions are identified, they are trapped into the VMM,
which emulates the behavior of these instructions.
• The method used in this emulation is called binary translation.
• Therefore, full virtualization combines binary translation and direct
execution.
• The guest OS is completely decoupled from the underlying hardware.
• Consequently, the guest OS is unaware that it is being virtualized.
• The performance of full virtualization may not be ideal, because it
involves binary translation which is rather time-consuming.
• Binary translation employs a code cache to store translated hot
instructions to improve performance, but it increases the cost of
memory usage.
8/16/2023 Cloud Computing/ Unit-2 39
 Host-Based Virtualization
• An alternative VM architecture is to install a virtualization layer on top of the host OS.

• This host OS is still responsible for managing the hardware. The guest OSes are installed and run on top of
the virtualization layer.

• Dedicated applications may run on the VMs.

• This host based architecture has some distinct advantages

• the user can install this VM architecture without modifying the host OS.

• The virtualizing software can rely on the host OS to provide device drivers and other low-level services.

• This will simplify the VM design and ease its deployment.

8/16/2023 Cloud Computing/ Unit-2 40

 Para-Virtualization with Compiler Support
• Para-virtualization needs to modify the guest operating systems.

• A para-virtualized VM provides special APIs requiring substantial OS modifications in user

applications.

• Performance degradation is a critical issue of a virtualized system.

• No one wants to use a VM if it is much slower than using a physical machine.

• The virtualization layer can be inserted at different positions in a machine software stack.

• However, para-virtualization attempts to reduce the virtualization overhead, and thus improve
performance by modifying only the guest OS kernel.

8/16/2023 Cloud Computing/ Unit-2 41

• Paravirtualization replaces nonvirtualizable instructions with hypercalls that communicate directly with the
virtualization layer hypervisor.

• A hypercall is based on the same concept as a system call. System calls are used by an application to request
services from the OS and provide the interface between the application or process and the OS. Hypercalls
work the same way, except the hypervisor is used.

8/16/2023 Cloud Computing/ Unit-2 42

8/16/2023 Cloud Computing/ Unit-2 43
8/16/2023 Cloud Computing/ Unit-2 44
 Full Virtualization vs. Para-Virtualization
Full virtualization
• Does not need to modify guest OS, and critical instructions are emulated by software through the use of
binary translation.
• VMware Workstation applies full virtualization, which uses binary translation to automatically modify x86
software on-the-fly to replace critical instructions.
• Advantage: no need to modify OS.
• Disadvantage: binary translation slows down the performance.
Para virtualization
• Reduces the overhead, but cost of maintaining a paravirtualized OS is high.
• The improvement depends on the workload.
• Para virtualization must modify guest OS, non-virtualizable instructions are replaced by hypercalls that
communicate directly with the hypervisor or VMM.
• Para virtualization is supported by Xen, Denali and VMware ESX.

1 - 45
 Examples of para virtualization

• KVM(KERNAL BASED VIRTUAL MACHINE)

• XEN
• VMWARE ESX

“Next Class: Virtualization of CPU…”

8/16/2023 Cloud Computing/ Unit-2 47

 VIRTUALIZATION OF CPU, MEMORY, AND I/O
DEVICES

• To support virtualization, processors such as the x86 employ a special running mode and
instructions, known as hardware-assisted virtualization.

8/16/2023 Cloud Computing/ Unit-2 48

 Hardware Support for Virtualization
• Modern operating systems and processors permit multiple processes to run simultaneously.

• If there is no protection mechanism in a processor, all instructions from different processes will access the hardware
directly and cause a system crash.

• All processors have at least two modes, user mode and supervisor mode, to ensure controlled access of critical
hardware.

• Instructions running in supervisor mode are called privileged instructions. Other instructions are unprivileged
instructions.

• In a virtualized environment, it is more difficult to make OSes and applications run correctly because there are more
layers in the machine stack

8/16/2023 Cloud Computing/ Unit-2 49

 CPU Virtualization
• A VM is a duplicate of an existing computer system in which a majority of the VM instructions are executed on the host processor
in native mode.

• Thus, unprivileged instructions of VMs run directly on the host machine for higher efficiency.

• Other critical instructions should be handled carefully for correctness and stability.

• The critical instructions are divided into three categories: privileged instructions, control sensitive instructions, and behavior-
sensitive instructions.

• Privileged instructions execute in a privileged mode and will be trapped if executed outside this mode.

• Control-sensitive instructions attempt to change the configuration of resources used.

• Behavior-sensitive instructions have different behaviors depending on the configuration of resources, including the load and
store operations over the virtual memory.

8/16/2023 Cloud Computing/ Unit-2 50

Process:
• System call triggers the 80h interrupt (It allows application programmers to obtain
system services from the Unix kernel) and passes control to the OS kernel.
• Kernel invokes the interrupt handler to process the system call
• In Xen, the 80h interrupt in the guest OS concurrently causes the 82h (Address external
memory) interrupt in the hypervisor; control is passed on to the hypervisor as well.
• After the task is completed, the control is transferred back to the guest OS kernel.

8/16/2023 Cloud Computing/ Unit-2 51

 Hardware-Assisted CPU Virtualization
• This technique attempts to simplify virtualization because full or paravirtualization is
complicated.

• Intel and AMD add an additional mode called privilege mode level (some people call it
Ring-1) to x86 processors.

• Therefore, operating systems can still run at Ring 0 and the hypervisor can run at Ring -1.

• All the privileged and sensitive instructions are trapped in the hypervisor automatically.

8/16/2023 Cloud Computing/ Unit-2 52

8/16/2023 Cloud Computing/ Unit-2 53
 Memory Virtualization
• Virtual memory virtualization is similar to the virtual memory support provided by modern operating systems.

• In a traditional execution environment, the operating system maintains mappings of virtual memory to machine
memory using page tables, which is a one-stage mapping from virtual memory to machine memory.

• All modern x86 CPUs include a memory management unit (MMU) and a translation lookaside buffer (TLB) to optimize
virtual memory performance.

• A translation lookaside buffer (TLB) is a memory cache that is used to reduce the time taken to access a user memory
location. It is a part of the chip's memory-management unit (MMU). The TLB stores the recent translations of virtual
memory to physical memory and can be called an address-translation cache.

• However, in a virtual execution environment, virtual memory virtualization involves sharing the physical system
memory in RAM and dynamically allocating it to the physical memory of the VMs.

8/16/2023 Cloud Computing/ Unit-2 54

8/16/2023 Cloud Computing/ Unit-2 55
 I/O Virtualization
• I/O virtualization involves managing the routing of I/O requests between virtual
devices and the shared physical hardware.
• There are three ways to implement I/O virtualization:
1. full device emulation,
2. para-virtualization, and
3. direct I/O.

8/16/2023 Cloud Computing/ Unit-2 56

• Full device emulation is the first approach for I/O virtualization.

• Emulation is using software to provide a different execution environment or architecture. For example, you might have an Android
emulator run on a Windows box. The Windows box doesn't have the same processor that an Android device does so the emulator
actually executes the Android application through software.

• Generally, this approach emulates well-known, real-world devices.

8/16/2023 Cloud Computing/ Unit-2 57

Para-VZ:

• In para-VZ, the frontend driver runs in Domain-U; it manages the requests of the guest OS. The backend
driver runs in Domain-0 and is responsible for managing the real I/O devices. This methodology (para) gives
more performance but has a higher CPU overhead.

Direct I/O VZ:

• This lets the VM access devices directly; achieves high performance with lower costs. Currently, it is used
only for the mainframes.

8/16/2023 Cloud Computing/ Unit-2 58

4. VIRTUAL CLUSTERS AND RESOURCE MANAGEMENT

• Three critical design issues of virtual clusters:

• live migration of VMs,

• memory and file migrations, and

• dynamic deployment of virtual clusters.

8/16/2023 Cloud Computing/ Unit-2 59

 Physical versus Virtual Clusters

• A physical cluster is a collection of servers (physical machines) interconnected by a physical

network such as a LAN

• virtual clusters is that they consist of many of the same server, all divided up the same way.
Big jobs are handled by adding more virtual instance to the workflow.

8/16/2023 Cloud Computing/ Unit-2 60

Each virtual cluster is formed with physical machines or a VM hosted by multiple physical clusters.

8/16/2023 Cloud Computing/ Unit-2 61

The provisioning of VMs to a virtual cluster is done dynamically to have the following interesting properties:

• The virtual cluster nodes can be either physical or virtual (VMs) with different operating systems.

• A VM runs with a guest OS that manages the resources in the physical machine.

• The purpose of using VMs is to consolidate multiple functionalities on the same server.

• VMs can be replicated in multiple servers to promote parallelism, fault tolerance and disaster discovery.

• The no. of nodes in a virtual cluster can grow or shrink dynamically.

• The failure of some physical nodes will slow the work but the failure of VMs will cause no harm (fault
tolerance is high).

8/16/2023 Cloud Computing/ Unit-2 62

8/16/2023 Cloud Computing/ Unit-2 63
 Fast Deployment and Effective Scheduling
Deployment means

• Construct and distribute software stacks (OS, libraries, apps) to a physical

node inside the cluster as fast as possible

• Quickly switch runtime environments from one virtual cluster to another.

8/16/2023 Cloud Computing/ Unit-2 64

Green Computing
• It is a methodology that is environmentally responsible and an eco-
friendly usage of computers and their resources. It is also defined as
the study of designing, manufacturing, using and disposing
of computing devices in a way that reduces their environmental
impact.

8/16/2023 Cloud Computing/ Unit-2 65

 LIVE MIGRATION

• Live migration refers to the process of moving a running virtual machine or

application between different physical machines without disconnecting

the client or application.

8/16/2023 Cloud Computing/ Unit-2 66

 Live VM Migration Steps
• When a VM fails, it can be replaced by another VM on a different node, as
long as they both run the same guest OS.

• This is called a failover (a procedure by which a system automatically transfers

control to a duplicate system when it detects a fault or failure) of a physical
system to a VM. Compared to a physical-physical failover, this methodology
has more flexibility.

• It also has a drawback – a VM must stop working if its host node fails. This can
be lessened by migrating from one node to another for a similar VM.

8/16/2023 Cloud Computing/ Unit-2 67

 Managing a Virtual Cluster: There exist four ways.

• We can use a guest-based manager, by which the cluster manager resides inside a guest OS.

• We can bring out a host-based manager which itself is a cluster manager on the host systems.

• An independent cluster manager, which can be used on both the host and the guest – making the
infrastructure complex.

• Finally, we might also use an integrated cluster (manager), on the guest and host operating systems; here the
manager must clearly distinguish between physical and virtual resources.

8/16/2023 Cloud Computing/ Unit-2 68

 VM STATES
• Inactive State: This is defined by the VZ platform, under which the VM is not enabled.

• Active State: This refers to a VM that has been instantiated at the VZ platform to perform a task.

• Paused State: A VM has been instantiated but disabled temporarily to process a task or is in a waiting state

itself.

• Suspended State: A VM enters this state if its machine file and virtual resources are stored back to the disk.

8/16/2023 Cloud Computing/ Unit-2 69

 Live Migration Steps
This consists of 6 steps.

• Steps 0 and 1: Start migration automatically and checkout load balances and server consolidation.

• Step 2: Transfer memory (transfer the memory data + recopy any data that is changed during the process). This goes on iteratively till

changed memory is small enough to be handled directly.

• Step 3: Suspend the VM and copy the last portion of the data.

• Steps 4 and 5: Commit and activate the new host. Here, all the data is recovered, and the VM is started from exactly the place where it

was suspended, but on the new host.

8/16/2023 Cloud Computing/ Unit-2 70

8/16/2023 Cloud Computing/ Unit-2 71
 Migration of Memory, Files, and Network
Resources

8/16/2023 Cloud Computing/ Unit-2 72

 Memory Migration

• Moving the memory instance of a VM from one physical host to another

8/16/2023 Cloud Computing/ Unit-2 73

 FILE MIGRATION

• File system migration refers to the system management operations related to stopping
access to a file system, and then restarting these operations to access the file system
from a different computer system.

8/16/2023 Cloud Computing/ Unit-2 74

 NETWORK MIGRATION

• Network migrations involves transferring the data and programs from an old
network to a new network.

8/16/2023 Cloud Computing/ Unit-2 75

5. VIRTUALIZATION FOR DATA-CENTER AUTOMATION

• Data-center automation means that huge volumes of hardware, software, and database resources in

these data centers can be allocated dynamically to millions of Internet users simultaneously.

8/16/2023 Cloud Computing/ Unit-2 76

 Server Consolidation in Data Centers
• Server consolidation is the process of migrating network services and applications from multiple computers
to a singular computer. This consolidation can include multiple physical computers to multiple virtual
computers on one host computer. You can consolidate computers for several reasons, such as minimizing
power consumption, simplifying administration duties, or reducing overall cost. Consolidation can also
increase hardware resource utilization.

• Server consolidation is an approach to improve the low utility ratio of hardware resources by reducing the
number of physical servers.

• Server consolidation is an approach to the efficient usage of computer server resources in order to reduce
the total number of servers or server locations that an organization requires.

8/16/2023 Cloud Computing/ Unit-2 77

 Server Consolidation in Data Centers Cont..
In data centers, heterogeneous workloads may run at different times. The two types here are

a) Chatty (Interactive) Workloads: These types may reach the peak at a particular time and may be silent at some

other time.

Ex: WhatsApp in the evening and the same at midday.

b) Non-Interactive Workloads: These don’t require any users’ efforts to make progress after they have been

submitted.

Ex: High Performance Computing

8/16/2023 Cloud Computing/ Unit-2 78

 SERVER CONSOLIDATION TECHNIQUES

There are two techniques

• 1. Centralised and Physical Consolidation

• 2. Virtualization based server consolidation.

8/16/2023 Cloud Computing/ Unit-2 79

• Centralized Consolidation - Rather than maintaining servers at various branch offices, an organization

moves all servers to a centralized location. This greatly simplifies maintenance duties for IT staff as they can

immediately access all systems without traveling. This also simplifies security, backing up data and instituting an

extensive failover plan.

• Physical Consolidation - An organization reduces the total number of servers by merging the workload onto

fewer servers. The new setup retains a homogeneous environment in that it is still running on a single

platform.

8/16/2023 Cloud Computing/ Unit-2 80

2. Virtualization based server consolidation

• This approach runs multiple platforms and diverse applications on a single server (or cluster).

• This technique uses partitioning and virtualization to run many "virtual servers" on a single machine.

• This makes efficient use of system resources while minimizing upkeep tasks.

8/16/2023 Cloud Computing/ Unit-2 81

Advantages

• Consolidation increases hardware utilization

• It enables more agile(able to move quickly and easily) provisioning of the available resources
• The total cost of owning and using data centre is reduced (low maintenance, low cooling, low cabling etc.)
• It enables availability and business continuity – the crash of a guest OS has no effect upon a host OS.

8/16/2023 Cloud Computing/ Unit-2 82

 Virtual Storage Management
In System virtualization, virtual storage includes the storage managed by VMMs and guest
OSes. Generally, the data stored in this environment can be classified into two categories:
1. VM images and
2. Application data.
• The VM images are special to the virtual environment.
• The application data includes all other data which is the same as the data in traditional
OS environments.

8/16/2023 Cloud Computing/ Unit-2 83

 Virtual Storage Management
Content Addressable Storage (CAS) is a solution to reduce the total size of
VM image; and therefore supports a large set of VM based systems in data
centers.

8/16/2023 Cloud Computing/ Unit-2 84

 CONTENT-ADDRESSED STORAGE (CAS)

• Content-addressed storage (CAS) is a method of providing fast access to fixed content (data
that is not expected to be updated) by assigning it a permanent place on disk.

• CAS makes data retrieval straightforward by storing it in such a way that an object cannot
be duplicated or modified once it has been stored; thus, its location is unambiguous.

8/16/2023 Cloud Computing/ Unit-2 85

8/16/2023 Cloud Computing/ Unit-2 86
 Cloud OS for Virtualized Data Centers
• Data centers must be virtualized to serve as cloud providers.

EC2 => Amazon Elastic Compute Cloud

WS => Web Service
CLI => Command Line Interface
WSRF => Web Services Resource Framework
KVM => Kernel-based VM
VMFS => VM File System
HA => High Availability

8/16/2023 Cloud Computing/ Unit-2 87

 Eucalyptus for Virtual Networking of Private Cloud
• Eucalyptus is an open source software platform for implementing Infrastructure as a Service (IaaS) in a
private or hybrid cloud computing environment.

• Its purpose is to build private clouds that can interact with end users through Ethernet or the Internet.

• The system also supports interaction with other private clouds or public clouds over the Internet.

8/16/2023 Cloud Computing/ Unit-2 88

• Instance Manager (IM): It controls
execution, inspection and terminating
of VM instances on the host machines
where it runs.
• Group Manager (GM): It gathers
information about VM execution and
schedules them on specific IMs; it also
manages virtual instance network.
• Cloud Manager (CM): It is an entry-
point into the cloud for both users and
administrators. It gathers information
about the resources, allocates them by
proper scheduling, and implements
them through the GMs.

8/16/2023 Cloud Computing/ Unit-2 89

 Trust Management in Virtualized Data
Centers VM-based Intrusion Detection

• An Intruder is a person who attempts to gain unauthorized access to a system, to damage that system, or to

disturb data on that system.

• Intrusions are unauthorized access to a certain computer from local or network users and intrusion detection is

used to recognize the unauthorized access.

8/16/2023 Cloud Computing/ Unit-2 90

• An Intrusion Detection System (IDS) is a device or software application that monitors a

network or devices for suspicious activities and helps to detect intrusions. Typically, an IDS

is connected to Security Information and Event Management (SIEM) system, which collects

outputs from various security systems and filters out malicious activities report them.

• An intrusion detection system (IDS) is a system that monitors network traffic for suspicious

activity and issues alerts when such activity is discovered. While anomaly detection and

reporting is the primary function, some intrusion detection systems are capable of taking

actions when malicious activity or anomalous traffic is detected, including blocking traffic

sent from suspicious IP addresses.

8/16/2023 Cloud Computing/ Unit-2 91

• A typical IDS can be classified as a
1. Host-based IDS (HIDS)
2. Network-based IDS (NIDS).

8/16/2023 Cloud Computing/ Unit-2 92

 Host-Based Intrusion Detection System (HIDS)
• A host-based intrusion detection system (HIDS) is a system that monitors a computer
system on which it is installed to detect an intrusion and/or misuse, and responds by
logging the activity and notifying the designated authority.
• A HIDS can be thought of as an agent that monitors and analyzes whether anything or
anyone, whether internal or external, has avoided the system’s security policy.
• A Host Based Network Intrusion Detection System (HIDS) runs on a particular device on a
network.
• It can monitor inbound and outbound traffic of the particular system as well as any
suspicious system activity like any suspicious change in system files. Usually HIDS compares
any change in system activity with a previously taken snapshot of the uninfected system to
detect suspicious activities in the system. As a result, if malware infects the system and tries
to change any system file of the device, HIDS can detect it and warn the user.

8/16/2023 Cloud Computing/ Unit-2 93

Network-based Intrusion Detection System (NIDS)
• A network-based intrusion detection system (NIDS) is used to monitor and analyze network traffic to
protect a system from network-based threats.
A NIDS reads all inbound packets and searches for any suspicious patterns. When threats are discovered,
based on its severity, the system can take action such as notifying administrators, or barring the source IP
address from accessing the network.
• A Network based Intrusion Detection System (NIDS) on the other hand is installed on a strategic point on a
network, so that it can monitor inbound and outbound traffic of all the devices of the network. It then
analyses the traffic based on a library of known attacks and raises an alert if any suspicious activity is
detected.

8/16/2023 Cloud Computing/ Unit-2 94

8/16/2023 Cloud Computing/ Unit-2 95
 Virtualization-based intrusion detection
• Virtualization-based intrusion detection can isolate guest VMs on the same hardware platform. Even some VMs
can be seized successfully; they never influence other VMs, which is similar to the way in which a NIDS operates. Furthermore, a
VMM monitors and audits access requests for hardware and system software. This can avoid fake actions and
possess the merit of a HIDS.

• There are two different methods for implementing a VM-based IDS:

1. Either the IDS is an independent process in each VM or a high-privileged VM on the VMM; or

2. the IDS is integrated into the VMM and has the same privilege to access the hardware as well as the VMM

8/16/2023 Cloud Computing/ Unit-2 96

8/16/2023 Cloud Computing/ Unit-2 97
• IDS to run on a VMM as a high-privileged VM

• The VM-based IDS contains a policy engine and a policy module.

• The policy framework can monitor events in different guest VMs by operating system interface library and
PTrace indicates trace to secure policy of monitored host.

• It’s difficult to predict and prevent all intrusions without delay.

• Therefore, an analysis of the intrusion action is extremely important after an intrusion occurs.

• Most computer systems use logs to analyze attack action.

• The IDS log service is based on the operating system kernel.

• Thus, when an operating system is attacked by attackers, the log service should be unaffected.

8/16/2023 Cloud Computing/ Unit-2 98

• Besides IDS, honeypots and honeynets are also established in intrusion detection. They attract and provide
a fake system view to attackers in order to protect the real system.

• A honeypot is a purposely defective system that simulates an operating system to cheat and monitor the
actions of an attacker.

• A honeynet is a network set up with intentional vulnerabilities; its purpose is to invite attack, so that an
attacker's activities and methods can be studied and that information used to increase network security.

• The concept of the honeypot is sometimes extended to a network of honeypots, known as a honeynet.

8/16/2023 Cloud Computing/ Unit-2 99

8/16/2023 Cloud Computing/ Unit-2 100
Thank you