330 likes | 617 Vues
Virtualization Overview. Berhè Tesfay Senior System Engineer support.trendmicro.it@itwayvad.com. Agenda. Virtualization Overview Trend’s Software Virtual Appliance Strategy Certified By Trend Micro Program Overview IWSVA VMware Performance Tuning VMware Troubleshooting.
E N D
Virtualization Overview Berhè Tesfay Senior System Engineer support.trendmicro.it@itwayvad.com
Agenda • Virtualization Overview • Trend’s Software Virtual Appliance Strategy • Certified By Trend Micro Program Overview • IWSVA • VMware Performance Tuning • VMware Troubleshooting
What is Virtualization? • Allows one computer to perform the job of multiple computers • Resources are shared through virtualized computers • Single computer can host multiple OS and applications • Hypervisor transforms hardware into software to create virtual machines with their own CPU, memory, disk, and network controllers • Multiple virtual machines run on the same physical HW without interfering with each other
Major Virtualization Players • VMware • Citrix XenServer • Microsoft Server 2008 Hyper-V • Sun LDOM (Sparc), Sun xVM VirtualBox (x86)
Market Drivers of Virtualization Osterman Research Rpt 02/08
Trend’s Software Virtual Appliance Strategy • A move away from traditional hardware appliances • Consolidating software to single SVA platform • Flexible deployment types to maximize sales • Software Appliance • Virtual Appliance • SVA Strategy Allows Trend Micro To… • Keep up with changing technology in malware detection/prevention • Adopt to latest CPU technology within a few months • Reduce development costs and consolidate to single platform • Traditional Security Appliances Can’t Keep Up With Malware • Appliance useful life reduced to ~18/24 months • Requires more and more CPU and memory • ASICs are too expensive to develop and are out of date quickly
Flexible Software Virtual Appliance Approach Future: Provides virtualized deployments via Hypervisor technologies Virtual Appliance Trend Micro IxSVA Application Hardened, Integrated OS & Security Application Provides “bare-metal” installation with tuned, security-hardened OS Software Appliance
Trend SVA Benefits • Reduce Costs • Increase IT Flexibility • Improve Disaster Recovery & Business Continuity IxSVA Software Virtual Appliance • Provide operational flexibility • Simplify management • Optimize IT resources • Consolidate and reduce costs • Mitigate cost of proprietary hardware • No need to install & support OS • Standardize hardware configurations • Provide more capacity at lower cost Software Appliance Virtual Appliance
VMware Virtual Appliance Trend Micro IxSVA Included here InterScan Web Security Virtual Appliance
“Certified by Trend Micro”Trend Micro Virtual Software Appliance Platform Certification Program • Customer Benefits • Assured compatibility with Trend Micro software virtual appliances • Fully supported platform by Trend Micro • Convert idle existing assets to security defenses • Increase cost-effectiveness of technology investment The “Certified by Trend Micro” program provides Independent Hardware / Appliance Vendors (IHVs) the ability to go to market with Trend Micro software virtual appliance solutions that have been tested and verified on their appliance or server platforms. • Independent Hardware/Appliance Vendor (IHV,IAV) Benefits • Broaden your security offerings and increase market opportunity • Assure customer satisfaction • Fully supported platform by Trend Micro • Increase cost-effectiveness of technology investment “Certified by Trend Micro” Appliance Platforms will be Supported by Trend Micro Certification Process, in Partnership with AppLabs 2014/8/21 10 Internal Use
How Do Vendors Get Certified? • Trend certification test suite is run on vendor’s HW for 72 hours • Tests are performed by AppLabs (Trend’s certification partner) • Results are validated and accepted or denied by Trend PDG • HW that passes are accepted into “Certification Program” • Vendor provides HW to PDG and Core Support for duration of certification
How Does Customer Get Support for SVA? • Support rep triages problem to isolate if application, OS or hardware platform • Trend will support SVA’s application and OS • Hardware platform is supported if server is Trend Certified • Otherwise, customer must resolve hardware issues with their reseller or hardware vendor Trend Supports SVA Operating System • IWSVA and IMSVA is based on CentOS 5.x operating system • CentOS is a branch of RedHat’s Enterprise Server • Vulnerabilities that affect IxSVA will be reviewed and patched through open source community and Trend • OS patches will be distributed through Trend’s download site
Trend Micro’s First SVA - IWSVA IWSVA Software Virtual Appliance • Single CD install contains everything customer needs • Installer Wizard for rapid sub 15 minute installation • Broad hardware platform support with many off-the-shelf servers • Installable as Software Appliance or Virtual Appliance • Purpose-build, hardened 64 bit OS that is performance tuned • Industry standard Command Line Interface (CLI) • Simple to scale with more powerful hardware or more VM instances IWSVA New Features • Features latest Trend Micro WTP technology • CLI interface for true appliance functionality • Transparent Bridge Mode support for seamless deployment • Reporting DB enhancements to match high-performance hardware capabilities • Configuration migration from IWSA 3.1, IWSS 3.1 Linux, IWSS 3.1 Windows • Bundles SQUID 3.0 for convenience, ICAP v1.0 support Availability • GA: August 4, 2008 Trend Micro Internal & Confidential
IWSVA HW Requirements Minimum Recommended Dual 2.8 GHz Intel Core2Duo 64-bit processor or equivalent for up to 4000 users Dual 3.0 GHz Intel QuadCore 64-bit processor or equivalent for up to 8000 users 4GB RAM supports up to 4000 users 8GB RAM supports up to 8000 users 300GB disk space or more for log intensive environments (fast 15K RPM SAS drives) • Single 2.0 GHz Intel Core2Duo 64-bit processor supporting: Intel(TM) VT(TM) or equivalent • 2GB RAM • 8GB disk space • Monitor that supports 800 x 600 resolution with 256 colors or higher Certified Platforms • Dell PowerEdge 1950 Series II/III • Dell PowerEdge 2950 Series II/III • HP Proliant DL 380 • IBM Systems x3550
VMware Server VM VM VM IxSS VMware ESX IxSS IxSA OS IxSVA VM VM VM IxSVA Native OS Windows, Linux, Solaris Native OS Windows, Linux, Solaris Trend Appliance OS Trend Linux OS Lx OS Trend Hardware IHV Hardware IHV Hardware IHV Hardware IHV Hardware How Does This Relate to Our Existing Form Factors? Virtual Host Architecture Hardware Appliance Software Appliance Virtual Appliance Software
Sizing at Glance – Software Appliance * See sizing guide for more sizing calculations • Conditions: • Zero TCP connection failure & Zero HTTP transaction failure • Less than 2 seconds for an average page load. • Hardware: • Dell 1850: 1 x Xeon DualCore x 2.80 GHz / 2Gb / 1 x 146Gb 15K SCSI / 2 x Gigabit NICs • Dell 1950: 2 x Xeon E5335 DualCore x 2Ghz/ 4GB / 2 x 73Gb 15K RPM SAS / 2 x Gigabit NICs • Dell 1950: 2 x Xeon 5160 DualCore x 3Ghz/ 4GB / 2 x 73Gb 15K RPM SAS / 2 x Gigabit NICs • Dell 2950: 2 x Xeon X5460 QuadCore x 3.16Ghz / 8GB / 3 x 73Gb 15K RPM SAS / 2 x Gigabit NIC
Sizing at Glance – Virtual Appliance * See sizing guide for more sizing calculations • Conditions: • Zero TCP connection failure & Zero HTTP transaction failure • Less than 2 seconds for an average page load. • Physical Hardware: • VMware ESX 3.5 running on Dell 2950 in a virtual machine configured similar to Dell 1950 • Virtual Appliance configured with specific resource allocations • Virtual Appliance vs. Software Appliance • The performance degradation is 12 - 15% due to the overhead of performing the virtualization
Performance Sizing Variables Number (Connections/User x Concurrent User % x User Population) Of = ------------------------------------------------------------------------------------ X (1 – Cache %) Servers Server’s Maximum Concurrent Connections Example: Average connections per user: 3 Concurrent Users on Internet: 33% User Population: 15000 users Dell 2950 Server (8 Cores, 8G Ram): 6700 Cache Percentage: 0% (no caching) (3 x .33 x 15000) # of Servers = ------------------------------ X (1 - 0) Equals: 2.22 servers 6700 max cps (Dell 2950) Round up to nearest whole server: 3 Dell 2950 servers
Calculating Maximum of Users per Server Maximum Server’s Maximum Concurrent Connections # Of = ---------------------------------------------------------------- X Concurrent users % on Internet Users Connections per User Example: Average connections per user: 4 Concurrent Users on Internet: 33% Dell 2950 Server (8 Cores, 8G Ram): 6700 6700 max cps (Dell 2950) # of Users = ------------------------------------ Equals: 5075 users maximum for this server (4 x .33)
Supporting IxSVA Products Under VMware • Create Virtual Machine • Install SVA Application • Performance Tune Virtual Machine (if necessary) • Troubleshooting Tips
Installation on VMware ESX • Upload the IWSVA CD image to VMware server • Create a New Virtual Machine and assign resources • Bind CD ISO to CD autostart and start Virtual Machine • Go through the Installation Process
Performance Tuning - VMware ESX • Performance tune ESX, VMkernel, Guest OS • Install VMware Tools to Guest OS for memory management • Allocate resource pools for the application • Use the Trend Micro product readme as a guide for resource allocations • Configure the Virtual Machine to use Virtual SMP • For high throughput applications (IWSVA, IMSVA) • Use 2 or more physical network cards for the vSwitch where the products are connected to • Use only 1Gbit physical network cards
Performance Tuning - VMware ESX • Underlying hardware needs to be utilized according to best practice • Use high performance RAID storage where possible • 15K RPM disks • Large Stripe Size • For networking • Use gigabit only • One dedicated connection for console access • Two or more dedicated physical NIC’s per configured vSwitch
Performance Tuning - VMware ESX • Avoid the VMkernel swapping • Monitor /proc/vmware/swap/stats file. If constantly over 0, add more physical memory • Tuning the Guest OS can offer significant performance improvements • Install VMware Tools • Disable unused services in OS • Disable unused hardware in virtual machine profile • Use SCSI for disk type profile
Performance Tuning – Guest OS • One main function of VMware Tools is to deallocate memory from selected virtual machines when RAM is scarce ample memory; balloon remains uninflated inflate balloon Driver demands memory from guest OS Guest is forced to page out to its own paging area; VMkernel reclaims memory deflate balloon Driver relinquishes memory Guest may page in; ESX Server grants memory
Virtual Machine Resource Pools • Resource pools allows VMware ESX to pre-allocate compute and memory resources for dedicated use • For IWSVA it is best to allocate the following for a resource pool • 4096Mb RAM • 3000Mhz • If no resource pool or reservation is defined, 50% of configured requirements is captured for that VM
VMware ESX Guest OS Performance Monitoring • Use the VI3 Client to view Guest OS performance • Change chart options to gather the statistics you are after
Troubleshooting and Fault Analysis • Virtual machine problems can be caused by • Not enough physical resources • Not enough virtual resource available (allocation issues) • Guest OS or application failures • Misconfigurations