CLOUD COMPUTING

UNIT-2

Dr. M. Sri Devi Sameera

Associate Professor
Dept of CSE
Dhanekula
8/16/2024
Inst of Eng & Cloud
TechComputing/ Unit-2
 Unit-2

UNIT- II: Virtual Machines and Virtualization of Clusters and Data Centers

1. Implementation Levels of Virtualization,

2. Virtualization Structures/ Tools and mechanisms,

3. Virtualization of CPU,

4. Memory and I/O Devices,

5. Virtual Clusters and Resource Management,

6. Virtualization for Data Center Automation.

8/16/2024 Cloud Computing/ Unit-2 2

 Virtualization
• In computing, virtualization refers to the act of creating a virtual (rather
than actual) version of something, including virtual computer hardware
platforms, storage devices, and computer network resources.

8/16/2024 Cloud Computing/ Unit-2 3

 IMPLEMENTATION LEVELS OF VIRTUALIZATION

• Virtualization is a computer architecture technology by which multiple virtual machines

(VMs) are multiplexed in the same hardware machine.

• The purpose of a VM is to enhance resource sharing by many users and improve

computer performance in terms of resource utilization and application flexibility.

• Hardware resources (CPU, memory, I/O devices, etc.) or software resources (operating
system and software libraries) can be virtualized in various functional layers.

8/16/2024 Cloud Computing/ Unit-2 4

 Levels of Virtualization Implementation
• A traditional computer runs with a host operating system specially tailored for its
hardware architecture.
• After virtualization, different user applications managed by their own
operating systems (guest OS) can run on the same hardware, independent of the host OS.
• This is often done by adding additional software, called a virtualization layer.

• This virtualization layer is known as hypervisor or virtual machine monitor (VMM).

• The VMs are shown in the upper boxes, where applications run with their
own guest OS over the virtualized CPU, memory, and I/O resources.

8/16/2024 Cloud Computing/ Unit-2 5

8/16/2024 Cloud Computing/ Unit-2 6
8/16/2024 Cloud Computing/ Unit-2 7
 Levels of Virtualization Implementation

Virtualization ranging from hardware to applications in five abstraction levels.

8/16/2024 Cloud Computing/ Unit-2 8

 Virtualization at ISA (Instruction Set Architecture) level

 Emulating a given ISA by the ISA of the host machine.

 The basic emulation method is through code interpretation.
 An interpreter program interprets the source instructions to target
instructions one by one.
• Typical systems: Bochs, Crusoe, Quemu, BIRD, Dynamo

8/16/2024 Cloud Computing/ Unit-2 1-9

 Virtualization at Hardware Abstraction level

 Mapping of virtual resources with physical resources.

 Distinguished between privileged and non privileged
instruction

8/16/2024 Cloud Computing/ Unit-2 1 - 10

 Virtualization at Hardware Abstraction level

• A hardware abstraction layer (HAL) is a logical division of code that serves as

an abstraction layer between a computer's physical hardware and its software.
• It provides a device driver interface allowing a program to communicate with the
hardware.
• The mainpurposeof a HAL is to conceal different hardware architectures
from the OS by providing a uniform interface to the system peripherals.

8/16/2024 Cloud Computing/ Unit-2 1 - 11

 Virtualization at Hardware Abstraction level
The HAL provides the following benefits:
• Allowing applications to extract as much performance out of the hardware devices as
possible
• Enabling the OS to perform regardless of the hardware architecture
• Enabling device drivers to provide direct access to each hardware device, which
allows programs to be device-independent
• Allowing software programs to communicate with the hardware devices at a general
level
• Facilitating portability
8/16/2024 Cloud Computing/ Unit-2 1 - 12
 Virtualization at Operating System (OS) level

Advantage:
• Has minimal starup/shutdown cost, low resource and high

requirement, scalability; synchronize VM and host state changes.

Shortcoming & limitation:
• All VMs at the operating system level must have the same kind of guest OS
• Poor application flexibility and isolation.

8/16/2024 Cloud Computing/ Unit-2 1 - 13

 Virtualization at Hardware Abstraction level

Virtualization is performed right on top of the hardware.

• It generates virtual hardware environments for VMs and manages
the underlying hardware through virtualization.
• Typical systems: VMware, Virtual PC, Denali, Xen
• The idea is to virtualize a computer’s resources such as its
processors, memory, and I/O devices. The intention is to upgrade the
hardware utilization rate.

8/16/2024 Cloud Computing/ Unit-2 1 - 14

 Virtualization at Operating System (OS) level
It is an abstraction layer between traditional OS and user applications.
• This virtualization creates isolated containers on a single physical server
and the OS-instance to utilize the hardware and software in datacenters.
• Containers provide a lightweight virtual environment that groups and isolates
a set of processes and resources such as memory, CPU, disk etc., from the
host.
• The isolation guarantees that any processors inside the container cannot see
any processes or resources outside the container.
• Typical systems: Jail / Virtual Environment / Ensim's VPS / FVM
8/16/2024 Cloud Computing/ Unit-2 1 - 15
 Library Support Level
• Most applications use APIs exported by user-level libraries rather than using lengthy
system calls by the OS.
• Since most systems provide well-documented APIs, such an interface becomes another
candidate for virtualization.
• Virtualization with library interfaces is possible by controlling the communication link
between applications and the rest of a system through API hooks.
• The software tool WINE has implemented this approach to support Windows
applications on top of UNIX hosts.
• Another example is the vCUDA which allows applications executing within VMs to
leverage GPU hardware acceleration.

8/16/2024 Cloud Computing/ Unit-2 16

 User application level
• Virtualization at the application level virtualizes an application as a VM.

• On a traditional OS, an application often runs as a process. Therefore, application-level

virtualization is also known as process-level virtualization.
• The most popular approach is to deploy high level language (HLL) VMs.

• In this scenario, the virtualization layer sits as an application program on top of the
operating system, and the layer exports an abstraction of a VM that can run programs
written and compiled to a particular abstract machine definition.
• Any program written in the HLL and compiled for this VM will be able to run on it.
• The Microsoft .NET CLR and Java Virtual Machine (JVM) are two good examples of this
class of VM.

8/16/2024 Cloud Computing/ Unit-2 17

 VMM Design Requirements and Providers
• Hardware-level virtualization inserts a layer between real hardware and
traditional operating systems. This layer is commonly called the Virtual
Machine Monitor (VMM) and it manages the hardware resources of a
computing system.
• There are three requirements for a VMM.
• First, a VMM should provide an environment for programs which is
essentially identical to the original machine.
• Second, programs run in this environment should show, at worst, only
minor decreases in speed.
• Third, a VMM should be in complete control of the system resources.

8/16/2024 Cloud Computing/ Unit-2 18

Containers vs Virtual Machines (VMs)

What are Virtual Machines (VMs)?

• A virtual machine (VM) is an operating system that shares the
physical resources of one server. It is a guest on the host’s hardware,
which is why it is also called a guest machine.

8/16/2024 Cloud Computing/ Unit-2 19

8/16/2024 Cloud Computing/ Unit-2 20
• What is a Container?

• A container is an environment that runs an application that is not dependent

on the operating system. It isolates the app from the host by virtualizing it.
This allows users to created multiple workloads on a single OS instance.

8/16/2024 Cloud Computing/ Unit-2 21

8/16/2024 Cloud Computing/ Unit-2 22
 Virtualization Support at the OS Level
• CC is transforming the computing landscape by shifting the hardware and management
costs of a data centre to third parties.
• The challenges of CC are:
a) the ability to use a variable number of physical machines and VM instances
depending on the needs of the problem. Ex: A work may need a single CPU at an
instance but multi-CPUs at another instance
b) the slow operation of instantiating new VMs.

8/16/2024 Cloud Computing/ Unit-2 23

• Operating system virtualization inserts a virtualization layer inside an
operating system to partition a machine’s physical resources.

• It enables multiple isolated VMs within a single operating system kernel. This
kind of VM is often called a virtual execution environment (VE), Virtual
Private System (VPS), or simply container.

• From the user’s point of view, VEs look like real servers.

• This means a VE has its own set of processes, file system, user accounts,
network interfaces with IP addresses, routing tables, firewall rules, and other
personal settings.

8/16/2024 Cloud Computing/ Unit-2 24

 irtualization at Leve

8/16/2024 Cloud Computing/ Unit-2 1 - 25

OpenVZ (Open Virtuozzo) is an operating-system-level virtualization technology for Linux.

8/16/2024 Cloud Computing/ Unit-2 1 - 26

Advantages of OS Extensions

• VMs at the OS level have minimal start-up shutdown costs, low

requirements
resource and high scalability.

• For an OS level VM, the VM and its host environment can synchronise state changes.

8/16/2024 Cloud Computing/ Unit-2 27

Disadvantages of OS Extension
• The main disadvantage of OS extensions is that all VMs at OS level
on a single container must have the same kind of guest OS.

8/16/2024 Cloud Computing/ Unit-2 28

 Middleware Support for Virtualization

• This is the other name for Library-level Virtualization and is also known as user-
level Application Binary Interface or API emulation.

• This type of virtualization can create execution environments for running

alien (new/unknown) programs on a platform rather than creating a VM to run the entire OS.

8/16/2024 Cloud Computing/ Unit-2 29

8/16/2024 Cloud Computing/ Unit-2 30
 VIRTUALIZATION STRUCTURES/TOOLS AND
MECHANISMS
• the virtualization layer is responsible for converting
portions of the real hardware into virtual hardware.
• Therefore, different operating systems such as Linux and
Windows can run on the same physical machine,
simultaneously.
• Depending on the position of the virtualization layer,
there are several classes of VM architectures, namely the
• hypervisor architecture,
• paravirtualization,
• And host-based virtualization.
• The hypervisor is also known as the VMM
Machine Monitor). They both perform the same
(Virtual
virtualization operations.

8/16/2024 Cloud Computing/ Unit-2 31

 HYPERVISOR AND XEN ARCHITECTURE
Hypervisor
A hypervisor is a hardware virtualization technique allowing multiple operating systems,
called guests to run on a host machine. This is also called the Virtual Machine Monitor
(VMM).
Type 1: bare metal hypervisor
• sits on the bare metal computer hardware like the CPU, memory, Disk, N/W etc.
• All guest operating systems are a layer above the hypervisor.
Type 2: hosted hypervisor
• Run over a host operating system.
• Hypervisor is the second layer over the hardware.
• Guest operating systems run a layer over the hypervisor.
• The OS is usually unaware of the virtualization

8/16/2024 Cloud Computing/ Unit-2 1 - 32

8/16/2024 Cloud Computing/ Unit-2 1 - 33
 Hypervisor and Xen Architecture
 Xen is an open source hypervisor program developed by Cambridge University.
 Xen is a microkernel hypervisor, which separates the policy from the mechanism.
 The Xen hypervisor implements all the mechanisms, leaving the policy to be handled by
Domain 0, as shown in figure does not include any device drivers natively.
 It just provides a mechanism by which a guest OS can have direct access to the
physical devices. As a result, the size of the Xen hypervisor is kept rather small.
 Xen provides a virtual environment located between the hardware and the OS.
 A number of vendors are in the process of developing commercial Xen hypervisors,
among them are Citrix XenServer and Oracle VM.
8/16/2024 Cloud Computing/ Unit-2 34
 Hypervisor and Xen Architecture
 The core components of a Xen system are the hypervisor, kernel, and applications.
The organization of the three components is important.
 Like other virtualization systems, many guest Oses can run on top of the hypervisor.
 The guest OS, which has control ability, is called Domain 0, and the others are called Domain
U.
 Domain 0 is a privileged guest OS of Xen.
 It is first loaded when Xen boots without any file system drivers being available.
 Domain 0 is designed to access hardware directly and manage devices. Therefore, one
of the responsibilities of Domain 0 is to allocate and map hardware resources for the guest
domains (the Domain U domains).

8/16/2024 Cloud Computing/ Unit-2 35

Domain 0, behaving as a VMM, allows users to create, copy, save, read, modify, share, migrate, and roll back
VMs as easily as manipulating a file, which flexibly provides tremendous benefits for users.

8/16/2024 Cloud Computing/ Unit-2 36

 Binary Translation with Full Virtualization
• Depending on implementation Technology, Hardware virtualization can be classified into
two categories:
1.full virtualization and
2. host-based virtualization.

• Full virtualization does not need to modify the host OS. It relies on binary translation to
trap and to virtualize the execution of certain sensitive, non-virtualizable instructions.

• The guest OSes and their applications consist of noncritical and critical instructions.

• In a host-based system, both a host OS and a guest OS are used. A virtualization

software layer is built between the host OS and guest OS.

8/16/2024 Cloud Computing/ Unit-2 37

 Full Virtualization
• With full virtualization, noncritical instructions run on the hardware directly while critical
instructions are discovered and replaced with traps into the VMM to be emulated by
software.

• Both the hypervisor and VMM approaches are considered full virtualization.

Why are only critical instructions trapped into the VMM?

• This is because binary translation can acquire a large performance overhead.
• Noncritical instructions do not control hardware or threaten the security of the system, but
critical instructions do.
• Therefore, running noncritical instructions on hardware not only can promote efficiency, but
also can ensure system security.

8/16/2024 Cloud Computing/ Unit-2 38

 Binary Translation of Guest OS Requests Using a
VMM
• This approach was implemented by VMware and many other software
companies.
• VMware puts the VMM at Ring 0 and the guest OS at Ring 1.
• The VMM scans the instruction stream and identifies the
privileged, control- and behavior-sensitive instructions.
• When these instructions are identified, they are trapped into the VMM,
which emulates the behavior of these instructions.
• The method used in this emulation is called binary translation.
• Therefore, full virtualization combines binary translation and direct
execution.
• The guest OS is completely decoupled from the underlying hardware.
• Consequently, the guest OS is unaware that it is being virtualized.
• The performance of full virtualization may not be ideal, because it
involves binary translation which is rather time-consuming.
• Binary translation employs a code cache to store translated
instructions to improve performance, but it increases hot the cost
memory usage. of
8/16/2024 Cloud Computing/ Unit-2 39
 Host-Based Virtualization
• An alternative VM architecture is to install a virtualization layer on top of the host OS.

• This host OS is still responsible for managing the hardware. The guest OSes are installed and
run on top of the virtualization layer.

• Dedicated applications may run on the VMs.

• This host based architecture has some distinct advantages

• the user can install this VM architecture without modifying the host OS.

• The virtualizing software can rely on the host OS to provide device drivers and other
low-level services.

• This will simplify the VM design and ease its deployment.

8/16/2024 Cloud Computing/ Unit-2 40
 Para-Virtualization with Compiler Support
• Para-virtualization needs to modify the guest operating systems.

• A para-virtualized VM provides special APIs requiring OS modifications in user

substantial applications.

• Performance degradation is a critical issue of a virtualized system.

• No one wants to use a VM if it is much slower than using a physical machine.

• The virtualization layer can be inserted at different positions in a machine software stack.

• However, para-virtualization attempts to reduce the virtualization overhead, and thus

improve performance by modifying only the guest OS kernel.

8/16/2024 Cloud Computing/ Unit-2 41

• Paravirtualization replaces nonvirtualizable instructions with hypercalls that
communicate directly with the virtualization layer hypervisor.

• A hypercall is based on the same concept as a system call. System calls are used by an
application to request services from the OS and provide the interface between the
application or process and the OS. Hypercalls work the same way, except the
hypervisor is used.

8/16/2024 Cloud Computing/ Unit-2 42

8/16/2024 Cloud Computing/ Unit-2 43
8/16/2024 Cloud Computing/ Unit-2 44
 Full Virtualization vs. Para-Virtualization
Full virtualization
• Does not need to modify guest OS, and critical instructions are emulated by software through the use
of binary translation.
• VMware Workstation applies full virtualization, which uses binary translation to automatically modify
x86 software on-the-fly to replace critical instructions.
• Advantage: no need to modify OS.
• Disadvantage: binary translation slows down the performance.
Para virtualization
• Reduces the overhead, but cost of maintaining a paravirtualized OS is high.
• The improvement depends on the workload.
• Para virtualization must modify guest OS, non-virtualizable instructions are replaced by hypercalls
that
communicate directly with the hypervisor or VMM.
• Para virtualization is supported by Xen, Denali and VMware ESX.
8/16/2024 Cloud Computing/ Unit-2 1 - 45
 Examples of para virtualization

• KVM(KERNAL BASED VIRTUAL MACHINE)

• XEN
• VMWARE ESX

“Next Class: Virtualization of CPU…”

8/16/2024 Cloud Computing/ Unit-2

 VIRTUALIZATION OF CPU, MEMORY, AND
I/O DEVICES

• To support virtualization, processors such as the x86 employ a special running mode and
instructions, known as hardware-assisted virtualization.

8/16/2024 Cloud Computing/ Unit-2

 Hardware Support for Virtualization
• Modern operating systems and processors permit multiple processes to run
simultaneously.
• If there is no protection mechanism in a processor, all instructions from different
processes will access the hardware directly and cause a system crash.
• All processors have at least two modes, user mode and supervisor mode, to ensure
controlled access of critical hardware.
• Instructions running in supervisor mode are called privileged instructions. Other
instructions are unprivileged instructions.
• In a virtualized environment, it is more difficult to make OSes and applications run
correctly because there are more layers in the machine stack

8/16/2024 Cloud Computing/ Unit-2

 CPU Virtualization
• A VM is a duplicate of an existing computer system in which a majority of the VM instructions
are executed on the host processor in native mode.

• Thus, unprivileged instructions of VMs run directly on the host machine for higher efficiency.

• Other critical instructions should be handled carefully for correctness and stability.
• The critical instructions are divided into three categories: privileged instructions, control
sensitive instructions, and behavior- sensitive instructions.

• Privileged instructions execute in a privileged mode and will be trapped if executed outside this
mode.

• Control-sensitive instructions attempt to change the configuration of resources used.

• Behavior-sensitive instructions have different behaviors depending on the configuration of
resources, including the load and store operations over the virtual memory.
8/16/2024 Cloud Computing/ Unit-2
Process:
• System call triggers the 80h interrupt (It allows application programmers to
obtain system services from the Unix kernel) and passes control to the OS kernel.
• Kernel invokes the interrupt handler to process the system call
• In Xen, the 80h interrupt in the guest OS concurrently causes the 82h (Address external
memory) interrupt in the hypervisor; control is passed on to the hypervisor as well.
• After the task is completed, the control is transferred back to the guest OS kernel.

8/16/2024 Cloud Computing/ Unit-2

 Hardware-Assisted CPU Virtualization
• This technique attempts to simplify virtualization because full or paravirtualization
is complicated.

• Intel and AMD add an additional mode called privilege mode level (some people call it
Ring-1) to x86 processors.

• Therefore, operating systems can still run at Ring 0 and the hypervisor can run at Ring -1.

• All the privileged and sensitive instructions are trapped in the hypervisor automatically.

8/16/2024 Cloud Computing/ Unit-2

8/16/2024 Cloud Computing/ Unit-2
 Memory Virtualization
• Virtual memory virtualization is similar to the virtual memory support provided by modern operating systems.
• In a traditional execution environment, the operating system maintains mappings of virtual memory to
machine memory using page tables, which is a one-stage mapping from virtual memory to machine memory.

• All modern x86 CPUs include a memory management unit (MMU) and a translation lookaside buffer (TLB) to
optimize virtual memory performance.

• A translation lookaside buffer (TLB) is a memory cache that is used to reduce the time taken to access a user
memory location. It is a part of the chip's memory-management unit (MMU). The TLB stores the recent
translations of virtual memory to physical memory and can be called an address-translation cache.

• However, in a virtual execution environment, virtual memory virtualization involves sharing the physical

system memory in RAM and dynamically allocating it to the physical memory of the VMs.

8/16/2024 Cloud Computing/ Unit-2

8/16/2024 Cloud Computing/ Unit-2
 I/O Virtualization
• I/O virtualization involves managing the routing of I/O requests between
virtual devices and the shared physical hardware.

• There are three ways to implement I/O virtualization:

1. full device emulation,
2. para-virtualization, and
3. direct I/O.

8/16/2024 Cloud Computing/ Unit-2

• Full device emulation is the first approach for I/O virtualization.

• Emulation is using software to provide a different execution environment or architecture. For example,
you might have an Android emulator run on a Windows box. The Windows box doesn't have the same
processor that an Android device does so the emulator actually executes the Android application
through software.

• Generally, this approach emulates well-known, real-world

devices.

8/16/2024 Cloud Computing/ Unit-2

Para-VZ:

• In para-VZ, the frontend driver runs in Domain-U; it manages the requests of the guest OS.
The backend driver runs in Domain-0 and is responsible for managing the real I/O devices.
This methodology (para) gives more performance but has a higher CPU overhead.

Direct I/O VZ:

• This lets the VM access devices directly; achieves high performance with lower costs.
Currently, it is used only for the mainframes.

8/16/2024 Cloud Computing/ Unit-2

4. VIRTUAL CLUSTERS AND RESOURCE MANAGEMENT
• Three critical design issues of virtual
clusters:

• live migration of VMs,

• memory and file migrations, and

• dynamic deployment of virtual clusters.

8/16/2024 Cloud Computing/ Unit-2

 Physical versus Virtual Clusters

• A physical cluster is a collection of servers (physical machines) interconnected by a

physical network such as a LAN.

• Virtual clusters is that they consist of many of the same server, all divided up the same
way. Big jobs are handled by adding more virtual instance to the workflow.

8/16/2024 Cloud Computing/ Unit-2

Each virtual cluster is formed with physical machines or a VM hosted by multiple
physical clusters.

8/16/2024 Cloud Computing/ Unit-2

The provisioning of VMs to a virtual cluster is done dynamically to have the following interesting
properties:

• The virtual cluster nodes can be either physical or virtual (VMs) with different operating systems.

• A VM runs with a guest OS that manages the resources in the physical machine.

• The purpose of using VMs is to consolidate multiple functionalities on the same server.

• VMs can be replicated in multiple servers to promote parallelism, fault tolerance and disaster
discovery.

• The no. of nodes in a virtual cluster can grow or shrink dynamically.

• The failure of some physical nodes will slow the work but the failure of VMs will cause no
harm (fault tolerance is high).

8/16/2024 Cloud Computing/ Unit-2

8/16/2024 Cloud Computing/ Unit-2
 Fast Deployment and Effective Scheduling
Deployment means

• Construct and distribute software stacks (OS, libraries, apps) to a

physical node inside the cluster as fast as possible.

• Quickly switch runtime environments from one virtual cluster to another.

8/16/2024 Cloud Computing/ Unit-2

Green Computing
• It is a methodology that is environmentally responsible and an eco-
friendly usage of computers and their resources. It is also defined as
the study of designing, manufacturing, using and disposing of
computing devices in a way that reduces their environmental impact.

8/16/2024 Cloud Computing/ Unit-2

 LIVE MIGRATION

• Live migration refers to the process of moving a running virtual machine

or application between different physical machines without
disconnecting the client or application.

8/16/2024 Cloud Computing/ Unit-2

 Live VM Migration Steps
• When a VM fails, it can be replaced by another VM on a different node, as long
as they both run the same guest OS.

• This is called a failover (a procedure by which a system automatically transfers

control to a duplicate system when it detects a fault or failure) of a physical
system to a VM. Compared to a physical-physical failover, this methodology has
more flexibility.

• It also has a drawback – a VM must stop working if its host node fails. This can
be lessened by migrating from one node to another for a similar VM.

8/16/2024 Cloud Computing/ Unit-2

 Managing a Virtual Cluster: There exist four ways.

• We can use a guest-based manager, by which the cluster manager resides inside a
guest OS.

• We can bring out a host-based manager which itself is a cluster manager on the
host systems.

• An independent cluster manager, which can be used onboth the host and the
guest–making the infrastructure complex.

• Finally, we might also use an integrated cluster (manager), on the guest and host
operating systems; here the manager must clearly distinguish between physical and
virtual resources.
8/16/2024 Cloud Computing/ Unit-2
 VM STATES
• Inactive State: This is defined by the VZ platform, under which the VM is not enabled.

• Active State: This refers to a VM that has been instantiated at the VZ platform to
perform a task.

• Paused State: A VM has been instantiated but disabled temporarily to process a task
or is in a waiting state itself.

• Suspended State: A VM enters this state if its machine file and virtual resources are
stored back to the disk.

8/16/2024 Cloud Computing/ Unit-2

 Live Migration Steps
This consists of 6 steps.
• Steps 0 and 1: Start migration automatically and checkout load balances and server
consolidation.

• Step 2: Transfer memory (transfer the memory data + recopy any data that is changed

during the process). This goes on iteratively till changed memory is small enough to be

handled directly.

• Step 3: Suspend the VM and copy the last portion of the data.

• Steps 4 and 5: Commit and activate the new host. Here, all the data is recovered, and

the VM is started from exactly the place where it was suspended, but on the new host.
8/16/2024 Cloud Computing/ Unit-2
8/16/2024 Cloud Computing/ Unit-2
 Migration of Memory, Files, and Network
Resources

8/16/2024 Cloud Computing/ Unit-2

 Memory Migration

• Moving the memory instance of a VM from one physical host to another.

8/16/2024 Cloud Computing/ Unit-2

 FILE MIGRATION

• File system migration refers to the system management operations related to stopping
access to a file system, and then restarting these operations to access the file system from
a different computer system.

8/16/2024 Cloud Computing/ Unit-2

 NETWORK MIGRATION

• Network migrations involves transferring the data and programs from an

old network to a new network.

8/16/2024 Cloud Computing/ Unit-2

5. VIRTUALIZATION FOR DATA-CENTER AUTOMATION

• Data-center automation means that huge volumes of hardware, software,

and database resources in these data centers can be allocated dynamically
to millions of Internet users simultaneously.

8/16/2024 Cloud Computing/ Unit-2

 Server Consolidation in Data Centers
• Server consolidation is the process of migrating network services and applications from multiple
computers to a singular computer. This consolidation can include multiple physical computers to
multiple virtual computers on one host computer. You can consolidate computers for several
reasons, such as minimizing power consumption, simplifying administration duties, or reducing
overall cost. Consolidation can also increase hardware resource utilization.

• Server consolidation is an approach to improve the low utility ratio of hardware resources by
reducing the number of physical servers.

• Server consolidation is an approach to the efficient usage of computer server resources in

order to reduce the total number of servers or server locations that an organization requires.

8/16/2024 Cloud Computing/ Unit-2

 Server Consolidation in Data Centers
Cont..
In data centers, heterogeneous workloads may run at different times. The two types here
are
Chatty (Interactive) Workloads: These types may reach the peak at a particular time
and may be silent at some other time.

Ex: WhatsApp in the evening and the same at midday.

b) Non-Interactive Workloads: These don’t require any users efforts to make

progress after they have been submitted.

Ex: High Performance Computing

8/16/2024 Cloud Computing/ Unit-2

 SERVER CONSOLIDATION TECHNIQUES

There are two techniques

• 1. Centralised and Physical Consolidation

• 2. Virtualization based server

consolidation.

8/16/2024 Cloud Computing/ Unit-2

• Centralized Consolidation - Rather than maintaining servers at various branch
offices, an organization moves all servers to a centralized location. This greatly
simplifies maintenance duties for IT staff as they can immediately access all systems
without traveling. This also simplifies security, backing up data and instituting an
extensive failover plan.

• Physical Consolidation - An organization reduces the total number of servers by merging

the workload onto fewer servers. The new setup retains a homogeneous environment in
that it is still running on a single platform.

8/16/2024 Cloud Computing/ Unit-2

2.Virtualization based server consolidation

• This approach runs multiple platforms and diverse applications on a single server
(or cluster).

• This technique uses partitioning and virtualization to run many "virtual servers"
on a single machine.

• This makes efficient use of system resources while minimizing upkeep tasks.

8/16/2024 Cloud Computing/ Unit-2

Advantages
• Consolidation increases hardware utilization
• It enables more agile(able to move quickly and easily) provisioning of the available
resources
• The total cost of owning and using data centre is reduced (low maintenance, low
cooling, low cabling etc.)
• It enables availability and business continuity – the crash of a guest OS has no effect
upon a host OS.

8/16/2024 Cloud Computing/ Unit-2

 Virtual Storage Management
In System virtualization, virtual storage includes the storage managed by VMMs and
guest OSes. Generally, the data stored in this environment can be classified into two
categories:

1. VM images and
2. Application data.
• The VM images are special to the virtual environment.
• The application data includes all other data which is the same as the data in
traditional OS environments.

8/16/2024 Cloud Computing/ Unit-2

 Virtual Storage Management

Content Addressable Storage (CAS) is a solution to reduce the total size of

VM image; and therefore supports a large set of VM based systems in
data centers.

8/16/2024 Cloud Computing/ Unit-2

 CONTENT-ADDRESSED STORAGE (CAS)

• Content-addressed storage (CAS) is a method of providing fast access to fixed content

(data that is not expected to be updated) by assigning it a permanent place on disk.

• CAS makes data retrieval straightforward by storing it in such a way that an object
cannot be duplicated or modified once it has been stored; thus, its location is
unambiguous.

8/16/2024 Cloud Computing/ Unit-2

8/16/2024 Cloud Computing/ Unit-2
 Cloud OS for Virtualized Data Centers
• Data centers must be virtualized to serve as cloud
providers.

EC2 => Amazon Elastic Compute Cloud

WS => Web Service
CLI => Command Line Interface
WSRF => Web Services Resource
Framework
KVM => Kernel-
based VM VMFS => VM
File System HA => High
Availability

8/16/2024 Cloud Computing/ Unit-2

 Eucalyptus for Virtual Networking of Private Cloud

• Eucalyptus is an open source software platform for implementing Infrastructure as

a Service (IaaS) in a private or hybrid cloud computing environment.

• Its purpose is to build private clouds that can interact with end users through Ethernet
or the Internet.

• The system also supports interaction with other private clouds or public clouds over
the Internet.

8/16/2024 Cloud Computing/ Unit-2

• Instance Manager (IM): It controls
execution, inspection and terminating
of VM instances on the host machines
where it runs.
• Group Manager (GM): It gathers
information about VM execution and
schedules them on specific IMs; it also
manages virtual instance network.
• Cloud Manager (CM): It is an entry-
point into the cloud for both users and
administrators. It gathers information
about the resources, allocates them by
proper scheduling, and implements
them through the GMs.

8/16/2024 Cloud Computing/ Unit-2

 Trust Management in Virtualized Data Centers
VM-based Intrusion Detection

• An Intruder is a person who attempts to gain unauthorized access to a system, to

damage that system, or to disturb data on that system.

• Intrusions are unauthorized access to a certain computer from local or network users

and intrusion detection is used to recognize the unauthorized access.

8/16/2024 Cloud Computing/ Unit-2

• An Intrusion Detection System (IDS) is a device or software application that monitors a

network or devices for suspicious activities and helps to detect intrusions. Typically, an IDS is

connected to Security Information and Event Management (SIEM) system, which collects

outputs from various security systems and filters out malicious activities report them.

• An intrusion detection system (IDS) is a system that monitors network traffic for suspicious

activity and issues alerts when such activity is discovered. While anomaly detection and

reporting is the primary function, some intrusion detection systems are capable of taking actions

when malicious activity or anomalous traffic is detected, including blocking traffic sent from

suspicious IP addresses.

8/16/2024 Cloud Computing/ Unit-2

 • A typical IDS can be classified as a

1. Host-based IDS (HIDS)

2. Network-based IDS (NIDS).

8/16/2024 Cloud Computing/ Unit-2

 Host-Based Intrusion Detection System (HIDS)
• A host-based intrusion detection system (HIDS) is a system that monitors a computer
system on which it is installed to detect an intrusion and/or misuse, and responds by
logging the activity and notifying the designated authority.
• A HIDS can be thought of as an agent that monitors and analyzes whether anything or
anyone, whether internal or external, has avoided the system’s security policy.
• A Host Based Network Intrusion Detection System (HIDS) runs on a particular device on a
network.
• It can monitor inbound and outbound traffic of the particular system as well as any
suspicious system activity like any suspicious change in system files. Usually HIDS
compares any change in system activity with a previously taken snapshot of the uninfected
system to detect suspicious activities in the system. As a result, if malware infects the system
and tries to change any system file of the device, HIDS can detect it and warn the user.

8/16/2024 Cloud Computing/ Unit-2

Network-based Intrusion Detection System (NIDS)
• A network-based intrusion detection system (NIDS) is used to monitor
and analyze network traffic to protect a system from network-based
threats.
A NIDS reads all inbound packets and searches for any suspicious
patterns. When threats are discovered, based on its severity, the system
can take action such as notifying administrators, or barring the source IP
address from accessing the network.
• A Network based Intrusion Detection System (NIDS) on the other hand is
installed on a strategic point on a network, so that it can monitor inbound
and outbound traffic of all the devices of the network. It then analyses
the traffic based on a library of known attacks and raises an alert if any
suspicious activity is detected.

8/16/2024 Cloud Computing/ Unit-2

8/16/2024 Cloud Computing/ Unit-2
 Virtualization-based intrusion detection

• Virtualization-based intrusion detection can isolate guest VMs on the same hardware platform.
Even some VMs can be seized successfully; they never influence other VMs, which is similar to the
way in which a NIDS operates. Furthermore, a VMM monitors and audits access requests for
hardware and system software. This can avoid fake actions and possess the merit of a HIDS.

• There are two different methods for implementing a VM-based IDS:

1.Either the IDS is an independent process in each VM or a high-privileged VM on the VMM; or

2.the IDS is integrated into the VMM and has the same privilege to access the hardware as well as
the VMM

8/16/2024 Cloud Computing/ Unit-2

8/16/2024 Cloud Computing/ Unit-2
• IDS to run on a VMM as a high-privileged VM

• The VM-based IDS contains a policy engine and a policy module.

• The policy framework can monitor events in different guest VMs by operating system
interface library and PTrace indicates trace to secure policy of monitored host.

• It’s difficult to predict and prevent all intrusions without delay.

• Therefore, an analysis of the intrusion action is extremely important after an intrusion occurs.

• Most computer systems use logs to analyze attack action.

• The IDS log service is based on the operating system kernel.

• Thus, when an operating system is attacked by attackers, the log service should be unaffected.

8/16/2024 Cloud Computing/ Unit-2

• Besides IDS, honeypots and honeynets are also established in intrusion detection. They
attract and provide a fake system view to attackers in order to protect the real system.

• A honeypot is a purposely defective system that simulates an operating system to cheat

and monitor the actions of an attacker.

• A honeynet is a network set up with intentional vulnerabilities; its purpose is to

invite attack, so that an attacker's activities and methods can be studied and that
information used to increase network security.

• The concept of the honeypot is sometimes extended to a network of honeypots, known

as a honeynet.

8/16/2024 Cloud Computing/ Unit-2

8/16/2024 Cloud Computing/ Unit-2
 Thank you

8/16/2024 Cloud Computing/ Unit-2