solaris logical domain)

시스템 전략 사업본부

한국 썬 마이크로시스템즈

Hands On Manual Logical Domains

© 2008 Sun Microsystems Korea, Ltd1

Agenda

I. LDom Concepts and Architecture

II. Getting Started with LDoms

III. LDom Scenarios

* Key Resources


Logical Domains(Ldom)

Server

OS

ApplicationMailServer

WebServer

FileServer

Solaris Control Domain

펌웨어기반의Hypervisor

Solaris or Linux guest

domains


Logical Domain은 CMT 서버에서지원하는 Hypervisor 기반의파티셔닝기술


각각의도메인은완전히독립적인서버로존재

> 커널, 패치, 튜닝파라메터

> 사용자계정, 관리자

> 디스크

> 콘솔및 OBP> 네트웍인터페이스, MAC and IP addresses

도메인은독립적으로시작, 종료및 rebootingAvailable on T1- and T2- and future CMT servers


LDoms 특징


LDoms 주요 구성요소

The HypervisorThe Control DomainService DomainsThe I/O DomainsGuest DomainsVirtualized devices

HardwareShared CPU,Memory & IO

IO Devices

Hypervisor

Control & Serviceprimary

CryptoMemMem

CPUCpu CPUCpu

72GB

Network

Solaris 10 11/06

ldmd

vntsd CPUCpu

CPUCpuCPUCpu

CPUCpuCPUCpu

CPUCpuCPUCpuGuestldom1

CryptoMemMem

CPUCpu CPUCpu

Solaris 10 11/06+app+patches

PCI-E A

PCI-E A

CPUCpuCPUCpu

MemMem

MemMem

MemMem

MemMem CryptoCryptoCryptoCrypto

CryptoCrypto

Crypto

UnallocatedResources

/dev/lofi/1

vol1

vnet1

/dev/dsk/c0d0s0

vdisk0

vnet1

vnet0 Guestldom2

CryptoMemMem

CPUCpu CPUCpu

Solaris 10 11/06+app+patches

/dev/dsk/c0d0s0

vdisk1

vnet1

vnet0

primary-vds0primary-vsw0

MemMem Crypto

CPUCpu

drd

Primary/Control ldom1 ldom2



Hypervisor

도메인간격리를가능하게함 (eg: visible to hardware parts)도메인간통신을위한채널인 Logical Domain Channels (LDCs) 지원



각 도메인의 역할

Control domain> 다른도메인의생성및관리

> Also as a service and I/O domain

Service, I/O domains> 가상네트웍및디스크서비스제공

Guest domain > 사용자도메인



가상 서브시스템

물리적인디바이스를가상디바이스로변환

가상디바이스종류

> CPU's> Memory> Modular Arithmetic Units (Crypto cores) > Network switches and NICs> Disk servers and disks> Consoles> A Virtual Terminal Server (vntsd)



Ldoms Direct I/O

물리적인디바이스드라이버를통해직접접속

> Direct I/O Model, Detailing Ownership at a PCI Root Level



Ldoms Virtual I/O

LDoms VIO 인프라스트럭쳐

> 서비스도메인과통신하는가상화된디바이스를통해간접접속( indirect access)

> Service domain owns a device and functions as a proxy

도메인간클라이언트-서버모델구현



Virtual Disk Server device (vds)

Virtual disk server는블록디바이스를가상화하여가상 SANs을통하여클라이

언트도메인에서비스

Guest는디스크를 SCSI 디스크로인식



Virtual Network

가상네트웍스위치(a Layer 2 switch)Multiple VLANs per box by adding virtual switchesVirtual NIC “vnetN” seen within the domain



Virtual Network Terminal Server daemon (vntsd)

컨트롤도메인에서데몬으로동작

> A new daemon, not the telnet daemon of old

도메인에시리얼콘솔접속

> telnet <ip> <port>

기본적으로로컬포트에서만 접속가능

> Not visible outside the control domain by default

ssh to control domain then go to console (no passwords in clear over network)



Memory

메모리는각도메인에완전할당됨(like DSDs), not pageable/swappable (as in VMware) 할당단위는 8KB> Memory need not be contiguous> Most OS deployments will need > 512MB



vCPU's

UltraSPARC T1은 8개의물리적코어및각코어가 4쓰레드지원

> 각각의쓰레드가 vCPU로인식됨, 따라서최대 32 vCPUs 로인식

CPU는도메인당 1 vCPU 단위로할당

vCPU는하나의도메인에만할당됨

> 따라서최대 32 도메인구성가능( UltraSPARC T1)

UltraSPARC T2는최대 64 vCPUs 지원(64 도메인구성가능)UltraSPARC T2+는최대 128 도메인구성가능

CPU는동적으로재구성가능



Example: vCPU reconfiguration

V

App App

Logical Domain 1

Hyper-visor

V

P P

V

App App

Logical Domain 1

Hyper-visor P P

V

App App

Logical Domain 2

P

V

Example command line operations:# ldm remove-vcpu 1 domain1# ldm add-vcpu 1 domain2



LDom Manager

하이퍼바이저및모든도메인컨트롤

> 시스템에하나만설치가능하며, 그도메인이 Control Domain으로동작

CLI (Command Line Interface) Logical Domains을물리적자원에맵핑

> Heuristic binding of LDoms to resources> Assists with performance optimization> Assists in event of failures / blacklisting



LDoms 구성을 위한 준비 사항

Install Solaris 10 Update 4 later> Available on Sun Download Center

Update the latest firmware to LDoms level (See LDom Manager 1.0.2 Release Notes)> Available on Sun Download Center> System firmware version 6.6.x later for your Sun UltraSPARC T1 platform or system> System firmware version 7.1.x later for your Sun UltraSPARC T2 platform> System firmware version 7.1.x later for Sun UltraSPARC T2 + Platform > Install necessary patches and packages (See Release Notes)

Get and install Logical Domain Manager 1.0.2 software. > Available on Sun Download Center

(Optional) Solaris Security Toolkit 4.2 software. (Optional) Logical Domains (LDoms) Management Information Base (MIB) software package. > Refer to the Logical Domains (LDoms) Management Information Base (MIB) 1.0.2 Adminis



Control Domain 구성

기본 필수서비스생성

> vdiskserver – virtual disk server> vswitch – virtual switch service> vconscon – virtual console concentrator service

1. Virtual Disk Server (vds) 생성 : 로지컬도메인가상디스크기능지원

primary$ ldm add-vds primary-vds0 primary2. Virtual console concentrator service (vcc) 생성 : 로지컬도메인에대한콘솔기능지원

primary$ ldm add-vcc port-range=5000-5100 primary-vcc0 primary3. Virtual switch service (vsw) 생성 : 로지컬도메인에대한가상네트워크지원지원

primary$ ldm add-vsw net-dev=e1000g0 primary-vsw0 primary4. 서비스구성확인

primary$ ldm list-services primary

주의 : LDom primary 구성서비스는 Rebooting 후에적용됨



Control Domain 구성(계속)

Control Domain 자원할당

1. 보안모듈할당

primary$ ldm set-mau 1 primary2. CPUs 할당

primary$ ldm set-vcpu 4 primary3. 메모리할당

primary$ ldm set-memory 1G primary4. 현재구성을 system controller (SC)에추가

primary$ ldm add-config initial5. Control Domain 구성확인

primary$ ldm list-spconfig6. Rebooting을통한구성적용

primary# shutdown -y -g0 -i6



Guest Domain 생성

Guest Domain 생성

1. Guest Domain 생성

primary$ ldm add-domain ldg12. CPUs 도메인할당

primary$ ldm add-vcpu 4 ldg13. 메모리도메인할당

primary$ ldm add-memory 512m ldg14. 가상네트웍생성

primary$ ldm add-vnet vnet1 primary-vsw0 ldg15. 가상디스크디바이스의디스크서비스등록

primary$ ldm add-vdsdev /dev/dsk/c0t0d0s2 vol1@primary-vds06. 가상디스크도메인할당

primary$ ldm add-vdisk vdisk1 vol1@primary-vds0 ldg1



Guest Domain 생성(계속)7. Guest Domain Boot 파라메터셋팅

primary$ ldm set-var auto-boot\?=true ldg1primary$ ldm set-var boot-device=vdisk ldg18. 할당된자원을 Guest Domain에바인딩및확인

primary$ ldm bind-domain ldg1primary$ ldm list-domain ldg19. Guest domain 시작

primary$ ldm start-domain ldg110 현재구성을 system controller (SC)에추가

primary$ ldm add-config Ldmconf111. 콘솔을통한 도메인접속

$ ssh [email protected]$ telnet localhost 5001$ telnet host-name 500112. Jump Start를통한 Guest Domain OS 설치



Control Domain 구성 요약

primary$ ldm add-vds primary-vds0 primaryprimary$ ldm add-vcc port-range=5000-5100 primary-vcc0 primaryprimary$ ldm add-vsw net-dev=e1000g0 primary-vsw0 primaryprimary$ ldm list-services primaryprimary$ ldm set-mau 1 primaryprimary$ ldm set-vcpu 4 primaryprimary$ ldm set-memory 1G primaryprimary$ ldm add-config initialprimary$ ldm list-spconfigprimary# shutdown -y -g0 -i6



Guest Domain 구성 요약

primary$ ldm add-domain ldg1primary$ ldm add-vcpu 4 ldg1primary$ ldm add-memory 512m ldg1primary$ ldm add-vnet vnet1 primary-vsw0 ldg1primary$ ldm add-vdsdev /dev/dsk/c0t0d0s2 vol1@primary-vds0primary$ ldm add-vdisk vdisk1 vol1@primary-vds0 ldg1primary$ ldm set-var auto-boot\?=true ldg1primary$ ldm set-var boot-device=vdisk ldg1primary$ ldm bind-domain ldg1primary$ ldm list-domain ldg1primary$ ldm add-config Ldmconf1primary$ ldm start-domain ldg1$ ssh [email protected]$ telnet localhost 5001$ telnet host-name 5001



동적 재구성 테스트

Virtual CPUs에대한동적재구성

primary$ ldm add-vcpu 2 ldg1ldg1$ psrinfoprimary$ ldm remove-vpu 2 ldg1ldg1$ psrinfo



Web Hacking Pattern(Solaris10 Apache Security Setting)

III. LDom Scenarios

Scenario 1.

Combining Several Small Servers> Consolidation of Small Servers


Scenario 2.

Using Different Kernels> Different Kernels in Two Logical Domains Combined With Solaris Containers

III. LDom Scenarios


Scenario 3.

Providing Maximum Isolation and Security> Isolation Methodologies

III. LDom Scenarios


Scenario 4.

Allowing Mixed Access to Devices> Direct and Virtual Access to I/O

III. LDom Scenarios


Logical Domains 소개

> http://www.sun.com/ldomsSun Virtualization Solutions> http://www.sun.com/datacenter/consolidation/virtualization/

Virtualization Learning Center> http://www.sun.com/solaris/virtualization

Solaris 10 and Logical Domain Manager Download> http://www.sun.com/download/index.jsp

Logical Domains (LDoms) 1.0.2 Administration Guide> http://docs.sun.com/source/820-3598-10/

Logical Domains (LDoms) 1.0.2 Release Notes> http://docs.sun.com/source/820-3599-10/

Beginners Guide to LDoms: Understanding and Deploying > http://www.sun.com/blueprints/0207/820-0832.html

* Key Resources


시스템 전략 사업본부

한국 썬마이크로시스템즈

Thank you!

solaris logical domain)

Documents