Goddard Update April12

Who is Red Hat?
The Red Hat Society

1 Rick Ring, Senior Solutions Architect, Red Hat, rring@redhat.com
Who is Red Hat?

Who is Red Hat?

RED HAT ENTERPRISE LINUX
Update
Rick Ring
Senior Solutions Architect
Red Hat
rring@redhat.com
4
Some Questions First
● What are you working on?
● What problems are you having?
● Any Red Hat specific issues/problems?
● What do you think is the best use of your
time with us today?

Our Time Together Today
● Red Hat Enterprise Linux
● Red Hat Enterprise Virtualization
● Messaging, Realtime, Grid
● Red Hat Storage (Gluster)
● Red Hat CloudForms

What Does Red Hat Do?
Red Hat Makes Open Source

Software predictable, deployable,
& sustainable

Red Hat subscription model
Subscription Model: Subscribe once, predictable cost and value
Red Hat $ $ $ $ $
Subscription Model
Continuous Stream of Features
Years

What do you get with a Red Hat
Enterprise Linux subscription?

Red Hat Solutions
Red Hat Enterprise Linux
Operating System

Red Hat Solutions
Load Balancing Extended Lifecycle

Resilient File System Extended Update
Scalable File System Smart Management
High Availability High Performance Network
Add Ons
Operating System

Red Hat Solutions
Red Hat Enterprise Virtualization

Virtualization Management

Add Ons
Operating System

Red Hat Solutions

Red Hat Network Satellite

Systems Management

Add Ons
Operating System

Red Hat Solutions

Red Hat Directory Server

Red Hat Certificate System Red Hat Network Satellite
Identity Management Systems Management

Add Ons
Operating System

Red Hat Solutions

Red Hat MRG Messaging
Red Hat Directory Server Red Hat MRG Realtime
Red Hat Certificate System Red Hat Network Satellite Red Hat MRG Grid
Identity Management Systems Management MRG

Add Ons
Operating System

Red Hat Solutions
JBoss Red Hat Enterprise Virtualization

J2EE Virtualization Management

Add Ons
Operating System

Red Hat Solutions
JBoss Red Hat Enterprise Virtualization Red Hat Storage

J2EE Virtualization Management Gluster

Add Ons
Operating System

Red Hat Solutions Red Hat CloudForms
Red Hat OpenShift
Cloud
JBoss Red Hat Enterprise Virtualization Red Hat Storage

J2EE Virtualization Management Gluster

Add Ons
Operating System

Red Hat Solutions
● Red Hat Enterprise Linux ● Red Hat Enterprise Linux
● Red Hat Enterprise Virtualization ● RHEL 5
● System Management ● RHEL 6
● Security and Identity
Management
● MRG
● Storage
● JBoss
● Cloud

SELinux: DAC and MAC
Attacker
Password Attacker Password
Files Files
Web Web
Server Server
Access Access
to Internal Firewall to Internal Firewall
Network Rules Network Rules
Discretionary Access Mandatory Access Control

Control

Security Architecture
● Every subject (i.e. Process) and object (i.e. Data files)
are assigned collections of security attributes, called a
security context
● user:role:type[:sensitivity:category]
[rring@rring /]$ ls -lZ

drwxr-xr-x. root root system_u:object_r:file_t:s0 backup
dr-xr-xr-x. root root system_u:object_r:bin_t:s0 bin
dr-xr-xr-x. root root system_u:object_r:boot_t:s0 boot
drwxr-xr-x. root root system_u:object_r:cgroup_t:s0 cgroup
drwxr-xr-x. root root system_u:object_r:device_t:s0 dev
drwxr-xr-x. root root unconfined_u:object_r:default_t:s0 dist
drwxr-xr-x. root root system_u:object_r:etc_t:s0 etc
drwxr-xr-x. root root system_u:object_r:home_root_t:s0 home
dr-xr-xr-x. root root system_u:object_r:lib_t:s0 lib
dr-xr-xr-x. root root system_u:object_r:lib_t:s0 lib64

Security Architecture
Linux Kernel
SELinux (MAC) Object:
Linux DAC File:
Yes /etc/passwd
Subject: Allowed? Policy
Action:
Process No =DENY Enforcement
read
31337 Yes = SELinux Server
No
Security Log: avc denied
Context
Security
Access
Policy Server:
Vector
Database Makes a
Cache
decision
/etc/selinux/POLICYTYPE/* Result is cached

Evolution of x86 Virtualization
VM
VM VM
VM VM
VM
VM
VM VM
VM VM
VM Hypervisor
Hypervisor VM
VM VM
VM VM
VM
Operating
Operating System
System
Hypervisor
Hypervisor Operating
Operating System
System
Hypervisor
Hypervisor
Hardware
Hardware Hardware
Hardware Hardware
Hardware

Kernel-Based Virtual Machine (KVM)
Performance
● 85%-95% of bare metal
Scalablility
● Host
● 160 logical CPU (4,096
theoretical)
● 2 TB RAM (64TB theoretical)
● Guest
● 64 vCPU
● 512 GB RAM
● RHEL 6.3 beta

● 160 vCPU
● 2TB RAM
Management based on open standards
CIM Provider Management
C Application Perl
Python OCaml
CIM Provider C Python Perl OCaml
libvirt
xen kvm qemu OpenVZ LXC LDoms Storage
xen kvm hypervisor

qemu OpenVZ LXC LDoms

Protecting VM's with SELinux

The premier open source operating system
Red Hat Enterprise Linux 5.8
● Server
● Red Hat Enterprise Linux

● Red Hat Enterprise Linux Advanced Platform (AP)
● Client/Desktop
● Red Hat Enterprise Linux Desktop
● Multi OS Option
● Workstation Option
● Features
● Virtualization – KVM & Xen
● Security
● Certifications
● Cluster Suite
● Cluster Logical Volume Management
● Global File System (GFS)
● XFS available
Red Hat Enterprise Linux 6
● Extensive improvements in every dimension
● Efficiency and scaling
● Unprecedented resource management
● Focus on security
● Integrated virtualization
● Enterprise manageability

Integrated virtualization
● RHEL guests supported on third-party
hypervisors:
● Microsoft Hyper-V
● VMWare
● Memory related improvements for guest

acceleration include:
● Transparent hugepages
● Kernel Same-page Merging (KSM)

Integrated virtualization
● Networking improvements for guest
acceleration include:
● PCI-passthru access (SRIOV)
● Most of the implementation moved from QEMU user-
space into the kernel resulting in performance gains.
● Logical PCI slot assignment preserved

across migrations.

Reliability, Availability, Serviceability (RAS)
● Advanced error recovery/reporting
● CPU and memory hot add
● Machine Check Architecture
● Intelligent recovery from CPU/memory errors
● Enhanced error reporting for PCI devices (PCI-AER & APEI)
● DIF/DIX: End-to-end data integrity checking
● Mature file systems to cater to varied usage and
performance characteristics.
● ext4
● NFSv4
● XFS (optional)
● GFS2 (optional)
● Rapid file system recovery (up to 10x faster than RHEL 5)
● E.G. Fsck for 1TB filesystem (45 million files)
● RHEL5 Ext3 = 1 hour, RHEL6 Ext4 = 6 minutes.

Lower Power Consumption

Policy Driven Power Management
● Advanced kernel and sub-systems
● Power savings from CPU, disk, network
● Tickless Kernel
● Tuned - adaptive tuning daemon
● Latency policy scripts
● Provides a variety of power tuning profiles
● Powertop
● Identifies power hungry applications and system services

Improved Resource Management
Control Groups (cgroups)
● Reduce resource contention and increase
predictability in performance.
● CPU/CPUSET
● Memory
● Network
● I/O

Identity Management in RHEL 6
● IdM Server which provides centralized...
● Identity management
● Authentication via Kerberos or LDAP.
● Host and service management
● Red Hat Directory Server (RHDS) is a general

purpose LDAP server that is extra cost
● IdM is a customized Identity Management

solution that integrates LDAP, Kerberos,
Certificates, NTP and DNS and is included in
RHEL 6.2 for free
Key Differences between IM and RHDS
Area RHDS IdM
Use cases General purpose Enterprise identity
Level of integration Flexible – do it yourself Integrated, controlled
Schema Default LDAP schema Optimized for enterprise
identity
CLI LDAP utilities + instance Python based CLI and
management instance management
UI Console – thick client Web UI
DIT Standard Less hierarchy
Authentication LDAP Kerberos (or LDAP with
Kerberos)
AD synch Two ways; One way from AD; users
users & groups only
Password policies LDAP based Kerberos based
Proxy auth PAM_SSSD Not supported (in works)
Multiple domain suffixes Yes Requires another domain
How delivered Stand-alone product Offered free as a part of
RHEL
Making Security Friendly and Useful
● System Security Services Daemon
(SSSD)
● centralized access to remote identity
stores; allows for caching of credentials

for offline use.
● Extensive SELinux Policy library
making security accessible
● Sandboxing, sVirt & Kiosk modes
● OpenScap
● Standardize system security information
● XACE
● secure independent MLS windows
environment

Interoperability and Deployment
● Installation using Workload
Profiles/Personalities
● Minimal install option provides
minimal security attack surface
● Microsoft Interoperability
● Client support for Windows
2008 R2 active directory
● File/Print (Samba) file sharing
● Enterprise Management
● Auditd for centralized reporting
● ABRT for centralized incident
analysis
● Key Escrow: secure storage &
recovery of encryption keys
RHEL 6.1
● PCIE 3.0
● Hot add on Nehelem EX
● Driver updates
● Scheduler Updates
● RHEL HA supported on KVM
● Cluster daemons support SNMP traps
● IdM for centralized ID management,
authentication and synchronization

● SSSD integration with IdM
● Subscription Management

RHEL 6.2
● Resource Management - Control Groups
● Scalability improvements and performance
improvements
● Linux Containers (Technology Preview)

● Linux Containers provide the ability to run multiple
application environments in isolation.
● Integrated into virt-manager and virt-inst.

RHEL 6.2
● Parallel NFS (pNFS) (Technology Preview)
● Limited to client-side functionality for file layout only.
● Clustered Samba on GFS2 (CTDB)

● Allows for meta data to span multiple physical hosts in
a cluster.
● Provides high availability features like node monitoring
and failover.
● Available via the Resilient Storage Add-On.

RHEL 6.2
● Fibre Channel over Ethernet (FCoE) Target
(Technology Preview)
● High-end storage capabilities that can be leveraged
using existing 10GbE infrastructure.
● Support for iSCSI extension for RDMA (iSER)

initiator and target
● Supports high throughput and low latency using
infiniband.

RHEL 6.2
● Trusted boot (Technology Preview)
● Install-time option that allows for Intel Trusted
Execution Technology (TXT) to perform a measured
and verified launch of the OS kernel.
● Common Criteria Certification

● Target for Evaluation Assurance Level (EAL) 4+

RHEL 6.3 beta
● Virtualization
● Virt-P2V
● live volume resizing
● Scalability of VM's
● 160 Maximum vCPUs
● 2TB RAM
● Storage
● LVM support for RAID 4, 5, and 6 – Tech Preview
● LVM Thin Provisioning – Tech Preview
● Subscription Management
● On-premise subscription management using
Subscription Asset Manager (SAM)
Extending Capabilities and Limits
Red Hat Enterprise Linux Technology capabilities & limits
(supported [/theoretical] )
RHEL 3 RHEL 4 RHEL 5 RHEL 6
Max Logical CPUs
x86 16 32 32 32
Itanium2 8 256 / 512 256 / 1024 N/A
x86_64 8 64 / 64 64 / 255 128 / 4096
Power 8 64 / 128 128 / 128 128
System z 32 z900 64 z10 EC 64 z10 EC 64
Max Memory
x86 64 GB 64 GB 16 GB 16 GB
Itanium2 128 GB 2 TB 2 TB N/A
x86_64 128 GB 256 GB / 1 TB 256 GB / 1 TB 2 TB / 64 TB
Power 64 GB 128 GB / 1 TB 512 GB / 1 TB 2 TB
System z 256 GB z900 1.5 TB z10 EC 1.5 TB z10 EC 3 TB

Red Hat Enterprise Linux Portfolio
Servers Servers Add-Ons Desktops
(x86) (other architectures (optional software)
and use cases)
One solution – three Four additional offerings Eight add-ons Two offerings
editions
1
RHEL Server
1 RHEL guest
Red Hat Red Hat
Enterprise Linux Enterprise Linux
RHEL Desktop
for IBM System z for IBM POWER
4
RHEL Server
4 RHEL guests
Red Hat
Enterprise Linux
Server
Red Hat

Red Hat
Enterprise Linux Enterprise Linux RHEL Workstation
for High- for SAP
Performance Applications
RHEL Server Computing
Unlimited RHEL
guests

Red Hat Enterprise Linux Pricing
● 4 Components
● System Size
● 2, 4, 8 Sockets
● Number of Virtual Guests
● 1, 4, ∞
● Support Level
● Self Support, Standard, Premium
● Term
● 1 year, 3 year

Number of Sockets
RHEL Server
8-socket server
Red Hat Enterprise Linux Server

RHEL Server
4-socket server
Red Hat Enterprise
Linux Server
RHEL Server
2-socket server

Number of Instances
1 4 ∞
RHEL Server
RHEL Server RHEL Server Unlimited RHEL
Red Hat Enterprise 1 RHEL guests 4 RHEL guests guests
Linux Server

What can I do with my RHEL Server
subscription?
Win RHEL Win
Guest Guest Guest
Win Win Win

Guest Guest Guest
Win Win RHEL

Guest Guest Guest
RHEL Win Win
1 4 ∞ Guest Guest Guest
Server using
Red Hat's
RHEL Server Hypervisor
RHEL Server RHEL Server Unlimited RHEL (Xen or KVM)
1 RHEL guests 4 RHEL guests guests
OR
Server using
Microsoft Hyper-V
OR
Server using
VMware ESX

Rules for using RHEL in a cluster of servers
dedicated to running workloads in virtual machines
Pooling is allowed with RHEL Server (1-guest) and RHEL Server (4-guest) subscriptions.
RHEL RHEL
Guest Guest
RHEL RHEL
Guest Guest
RHEL
Guest Server
#4
Server
#1 4
4
4
1
RHEL
RHEL RHEL Guest
Guest Guest
RHEL RHEL Server

Guest Guest #3
Server 4
1
#2
4
4

RHEL RHEL RHEL RHEL RHEL

Guest Guest Guest Guest Guest Guests are no longer locked to each
RHEL RHEL RHEL RHEL RHEL server, but can be pooled . . .
Guest Guest Guest Guest Guest
Pool of 10 RHEL Guests
Server
#4
Server
#1 44
4
1
Server
#3
Server 4
1
#2
4
4

and redistributed across the servers
RHEL
Guest
RHEL
Guest Server
#4
Server
#1 44
4
1 RHEL
RHEL
Guest
Guest
RHEL RHEL
RHEL RHEL Guest Guest
Guest Guest
RHEL RHEL Server

Guest Guest #3
Server 4
1
#2
4
4

Red Hat offers multiple Support Options
Self- Standard Premium
support*
Hours of coverage None Business Hours 24x7 for Severity 1 and 2
Support channel None Phone and Web Phone and Web
Number of cases None Unlimited Unlimited
Initial & ongoing response times None
Severity 1 1 Business Hour Initial - 1 Hour
Ongoing - 1 Hour**
Severity 2 4 Business Initial – 2 Hours
Hours Ongoing - 4 Hours**
Severity 3 1 Business Day Initial – 4 Business Hours
Ongoing – 8 Business Hours**
Severity 4 2 Business Days Initial – 8 Business Hours

Ongoing - 2 Business Days**
Customer portal access Yes Yes Yes

Software Maintenance Included Included Included
Software upgrades Included Included Included
* Self-support replaces Basic support
** or as agreed.

Subscription Term
● 1 year
● 3 year

Pricing Model Summary
RHEL Server
1 4 ∞
RHEL Server Premium/Standard
1 4 ∞ 1 Year or 3 Year
Premium/Standard 8-socket server

RHEL Server
1 Year or 3 Year
1 4 ∞
4-socket server
Premium/Standard
1 Year or 3 Year
2-socket server

Servers (other architectures and use cases)
RHEL Server
IBM Z
RHEL Server
IBM Power
RHEL Server
HPC Compute Nodes
RHEL Server
SAP

Add-ons (optional software)

● Fail-over for off-the-shelf applications like Apache, MySQL
and PostgreSQL coupled with resources like IP address and
single node file systems to form a highly available service.
● Any application that can be
● monitored for status
● started and stopped
● Maximum of 16 nodes in a cluster.
● x86_64 only
● Hypervisors support status:
● KVM
● RHEV-H (RHEV-M 2.3)
● VMWare (RHEL 6.1)
● Limited to a single LAN or data-center located within one
physical site.

● HA Add-On
● GFS2
● Clustered LVM
● Cmirror - mirrored logical volume in a
cluster.Clustered SAMBA (tech preview)

● Simultaneous samba exports of the same share from
multiple cluster nodes

● Provides support for TCP
load balancing independent
of applications
● Contains
● LVS
● Piranha (GUI)
● The Active Router
● Balances load.
● Checks integrity of services in
each real server.
● The Backup Router heart-
beats the Active Router and
takes over in case the active
router fails.

● Support for XFS® file system
● Tuned for streaming data
● Support for 100TB in a single FS

● RDMA over Converged Ethernet (RoCE) support
● Replaces Infiniband and TCP transport layers for
RDMA applications
● Limited to local LAN segment and datacenter
● Limited to supported hardware

Desktops - two solutions
RHEL Desktop RHEL Workstation

Red Hat Enterprise Linux Life Cycle
RHEL 3 & 4 Extended Life Support (ELS)

Add-On
Production 1 Phase (approx 4 years) Production Production 3 Extended Life Phase
2 Phase
(approx 1 Phase (approx 2 (approx 3 years)
year) years)
Year 1 Year 2 Year 3 Year 4 Year 5 Year 6 Year 7 Year 8 Year 9 Year 10
RHEL 5 & 6
Production 1 Phase (approx 5 ½ years) Production Production 3 Phase (appox 3 ½ Extended Live Phase
2 Phase
(approx 1 years) (approx 3 years)
year)
Year 1 Year 2 Year 3 Year 4 Year 5 Year 6 Year 7 Year 8 Year 9 Year 10 Year 11 Year 12 Year 13

Life Cycle Dates

Product documentation
http://docs.redhat.com/

Support portal
https://access.redhat.com/

Knowledgebase

Reference Architectures, Tech Briefs,
Videos, and Webinars

Reference Architectures, Tech Briefs,
Videos, and Webinars

Online User Groups

Opening support cases
https://access.redhat.com/knowledge/videos/getting-started-red-hat-support-cases

IAVAs
https://access.redhat.com/kb/docs/DOC-53631

CVEs
https://www.redhat.com/security/data/cve/

CVEs
https://www.redhat.com/security/data/cve/CVE-2011-2983.html

Aqueduct project
● https://fedorahosted.org/aqueduct/
● Goal - ease the burden of implementing configuration policies on
Red Hat Enterprise Linux based systems in order to bring those
systems into compliance
● Accomplished via process automation
● BASH scripts
● Puppet manifests
● Supported Security Configuration Guidances
● Center for Internet Security ( CIS)
● Defense Information Systems Agency Security Technical Implementation
Guide ( STIG)
● Department of Homeland Security ( DHS)
● Health Insurance Portability and Accountability Act ( HIPAA)
● National Industrial Security Program Operating Manual ( NISPOM)
● Payment Card Industry ( PCI)
● https://fedorahosted.org/aqueduct/wiki/Rhel5DraftStigGettingStart
ed
● STIG'ing a RHEL 5 system in 10 easy steps
Community – you aren't alone
● gov-sec
● Open to US .gov/.mil and select US .coms
● https://www.redhat.com/mailman/listinfo/gov-sec
● Mil-OSS.org
● Grass roots organization connecting civilian and military
users of open source software
● Forge.mil
● “Sourceforge for .mil”
● CAC or ECA required
● DoDBastille
● https://community.forge.mil/content/dodbastille
● Support Portal forums

Red Hat Solutions
● Red Hat Enterprise Linux ● Red Hat Enterprise Virtualization
● Red Hat Enterprise Virtualization ● Integrated Virtualization
● System Management ● Stand Alone Hypervisor
● Security and Identity ● Manager for Virtual Servers
Management ● Manager for Virtual Desktops
● MRG
● Storage
● JBoss
● Cloud

Simple, subscription pricing model
for Server and Desktop Virtualization
Server Virtualization
● Complete
management feature
set
● High performance
hypervisor
Desktop Virtualization
● Add-on to RHEV
infrastructure (Server
Virtualization)

RHEV: Strategic Alternative To VMware And Natural
Choice For Linux Vms
RHEV COMPLETE ● Server consolidation

VIRTUAL INFRASTRUCTURE SOLUTION ● Hardware abstraction
● Private cloud
substrate
● Unix to Linux
migration
● Big Data
development/ hybrid
mode
● Virtual Desktop
Infrastructure (VDI)

RHEV Is Mature And Ready For Large
Scale Virtualization Deployments...

Thousands Of Customers Worldwide
Deploy Rhev In Production Today
T1/ MISSION CRITICAL BUSINESS APPLICATIONS ARE

POWERED BY RHEV

A Significant Majority Of RHEV
Customers Are Also VMware Customers
RHEV IS BEING DEPLOYED AS A STRATEGIC

ALTERNATIVE TO VMWARE

New In Rhev 3.0
Over 1,000 Features, Enhancements And Bug Fixes
RHEV HYPERVISOR RHEV MANAGER
● RHEL 6.2 based hypervisor - ● RHEV-M runs on RHEL
performance and scalability ● RESTful API
enhancements ● Power User Portal
● Kernel/Scheduler ● Granular Multi-level Admin
● Memory management ● Marketplace
● Block IO ● Embedded Reports
● Networking ● Local Disk Support
● SPICE enhanced WAN performance ● TECH PREVIEW: Web Admin


Architecture Overview
Data Center Model

RHEV Hypervisor/KVM Overview
SMALL FORM FACTOR, SCALABLE,
HIGH PERFORMANCE ● Host: 160 logical CPU
(4,096 theoretical max),
2 TB RAM (64TB
theoretical max)
● Guest: 64 vCPU,
512 GB RAM
● Supports latest silicon
virtualization technology
● Based on the latest
RHEL 6 kernel
● Microsoft SVVP certified

RHEV Manager Features
● High Availability
● Live Migration
● Self Service Portal
● Load Balancing
● Power Saver
● Templates, thin
provisioning, snapshots
● Centralized storage and
networking management
● Eco-system marketplace

Manager Landing Page
All portals (Admin, Power User,

VDI, and Reporting) are
available at the landing page
Documentation is available
here as well

RHEV is full-featured
Feature Description
Web GUI Interface Web GUI Interface
High Availability Restart guest Vms from failed hosts automatically on other hosts
Live Migration Move running VM hosts; 0 downtime, 0 sessions lost
System Scheduler Continuously load balance Vms based on resource usage/policies
Power Saver Concentrate Vms on fewer servers during off-peak hours. Save
Power
Maintenance Manager 0 downtime for Vms during planned maintenance window
Image Manager Template-based provisioning, thin provisioning
Monitoring and For all objects in system – VM guests, hosts, networking, storage,
Reporting etc
API Set of scripting commands for all of the functions available via the
search bar, object tabs, and related GUI object interactions.
Security SELinux to isolate and label individual virtual machines – inherited
from Red Hat Enterprise Linux
OVF import/export Move Vms b/w storage domains, integrate with 3rd party
management
V2V Convert Vms from Vmware and RHEL/Xen to RHEV

RHEV Manager Overview
● Centralized virtual infrastructure management (hosts, virtual machines,

networking, storage, templates etc.)
● Designed for large scale – 500+ hosts and 10,000+ virtual machines
● Administrative interfaces: GUI, RESTful API

RHEV provides enterprise wide virtual
machine management
Manager For Servers

User Interface
● New network management UI
● Simplify advanced operations such as VLANs on bonded
interfaces
● Better graphical representation of topology

User Interface
Tech preview of HTML based web Tech Preview
admin

● Reporting system built on Jasper Reports
● Included in RHEV Subscription
● Includes prebuilt dashboards and reports
● eg. historic utilization, trending, quality of service
● Allows users to create their own reports and
templates

Integration
● “Hook” mechanism for customization
● Allows administrator to define scripts to modify VM
operation
● e.g., Add extra options such as CPU pinning, watchdog device,
direct LUN access, etc
● Leverages new VM custom properties interface
● Administrators can create custom name/value properties for VMs
● These properties can be used to store metadata
● All properties are passed to hook script
● Several sample scripts developed for RHEV 3 including
● SR/IOV ● Network QoS
● Cisco VM-FEX ● Network monitoring / IDS
● Advanced CPU/NUMA pinning ● Smartcard
● SMBIOS Customization ● Isolated Private vLANS
● File Injection ● Direct LUN

● Hook scripts are called at specific VM lifecycle events
● VDSM (management agent) Start
● Before and After VM start
● Before and After VM migration in/out
● Before and After VM Pause
● Before and After VM Continue
● Before and After VM Hibernate
● Before and After VM resume from hibernate
● On VM stop
● On VDSM Stop
● Hooks can modify a virtual machines XML definition
before VM start
● Hooks can run system commands – eg. Apply firewall
rule to VM

● Enhancements to Multi
Level Admin
● Allow roles to be assigned
to specified objects
● Clusters, Templates and Virtual
Machines
● More fine grained
permissions
● eg. Access to virtual machine
console

RHEV extends the scalability frontier
vSphere 4 RHEV RHEV 3
2.1/2.2 RHEL 6
After ~7 yrs 1st 6 months 1st 12 months
Host cores 64 96 4,096
Host memory 1 TB 64 TB
Guest vCPUs
8 16 32-64
Guest memory
256 GB 1TB
Hosts/ cluster
32 100 200
Density
320 500+ 2,000+

RHEV User Portal
● Tied to Microsoft Active
Directory or Red Hat
Identity Management
(LDAP) users and groups
● Role and object based
security delegation
● Complete VM lifecycle
management

User Portal – Basic view

RHEV provides high performance virtual desktops
● User experience indistinguishable from physical PC
● 30+ frames per second HD video
● Supports flash and other graphics
● Bi-directional audio and video
● Multi-monitor support (4+ monitors)
● USB 1.1 and 2.0 support

Designed from the ground up for Virtual Desktops
● SPICE includes 3
components
● SPICE driver in the guest
● SPICE virtual graphics
adapter in the host
● SPICE client on the thin
client
● Adaptive protocol –
chooses optimal point to
process graphics
● In the host, or
● On the client
● Highest density, optimal
user-experience

RHEV Ecosystem: Partners Through
Your Deployment Lifecycle
● Integrate through the
RHEV API
● Certified by Red Hat
Operations
Monitoring to work with RHEV
Security
Capacity &
● Free trials available
Performance
Management
via the RHEV
Backup &
Disaster Marketplace
Recovery
Capacity
Planning &
P2V, V2V
Application
Delivery
VDI

Documentation

TCO/ROI Calculator

Training

Virtualization Performance
SPECvirt_sc2010 ● Leading performance results
● Highest in 2, 4 and 8 socket
systems
● Only hypervisor on 8 socket
systems
● Including over 500 VMs per host
SPECvirt_sc2010: As of January 1,
2012, RHEV claims top 6 results and
the only 8 socket server scores http://spec.org/virt_sc2010/

Industry Leadership: Significant Cost
Advantage
● 10 physical hosts (2x4HT, 64GB) ● 10 physical hosts (2x8HT, 256GB)

● Same density across both ● Same density across both
RHEV COSTS 1/7th VS. VMWARE AND 1/3rd OVER 3 YEARS.

SCALE UP COST ADVANTAGE EVEN MORE

You have a choice of hypervisor platforms

Manager for Servers
Live Migration, High Availability, System
Scheduler, Power Saver, Storage/Snapshots,
thin provisioning
WINDOWS RHEL 3, 4, 5, WINDOWS RHEL 3, 4, 5,

GUESTS 6 GUESTS GUESTS 6 GUESTS
RED HAT ENTERPRISE RED HAT ENTERPRISE

LINUX 5.4+ VIRTUALIZATION
HYPERVISOR

Red Hat Solutions
● Red Hat Enterprise Linux ● Messaging
● Red Hat Enterprise ● Open source, open standard
Virtualization ● Advanced Message Queuing
● System Management Protocol Implementation
● Exchanges, Queues, Bindings,
Producers, Consumers
Management
● Realtime
● MRG ● Deterministic Performance
● Storage ● Replacement Kernel
● JBoss ● Tools
● Cloud ● Grid
● HPC and HTPC
● Condor based

Evolution of Messaging
Point to point integration of As integration requirements expand,
systems requires each system point-to-point integration becomes
know how to integrate with the unwieldy to both build and manage.
other system.
application
application application application
application application
Messaging middleware establishes a common

integration framework for integration.
application

That's Great, but.....
● Architectures rarely look like this
● More often they look like this
● That's a problem for legacy messaging systems

The Problem with Legacy Messaging
Systems
● Interoperability is lacking
● Between platforms (.NET, Java, Python, etc.)
● Between messaging systems
● Complex, expensive, difficult to administer
● Vendor lock-in
● JMS is a standard, but only addresses API
● Remainder of stack is vendor-specific
● No open ecosystem to address customer needs
● Vendor dictates features
● Vendor dictates availability
● Vendor dictates costs

AMQP
● Originated with the needs of financial
services
● Secure, performant, reliable
● But architected for broad set of requirements
● e.g. large message size
● e.g. client agnostic
The goal is to become the de-facto open standard

for messaging middleware

Origins of AMQP
“AMQP was born out of my own experience and

frustrations in developing front- and back-office
processing systems at investment banks. It seemed to
me that we were living in integration Groundhog Day -
the same problems of connecting systems together
would crop up with depressing regularity. Each time the
same discussions about which products to use would
happen, and each time the architecture of some system
would be curtailed to allow for the fact that the chosen
middleware was reassuringly expensive.”
John O’Hara
“Toward a Commodity Enterprise Middleware”
AMQP - an Internet Protocol for Business Messaging

What is AMQP?
● A standard wire protocol
● Ensure interoperability between systems
● Normalizes message to a common “linqua franca”
● Supports variety of message semantics
● Delivers business-relevant interoperability
● Designed for enterprise requirements
● Secure, reliable, resilient, performant
● What AMQP isn't?
● An API (AMQP is language/API agnostic)

● Enterprise Messaging System
● Advance Message Queueing Protocol
● Spans use cases
● fast messaging, reliable messaging, large file transfer,
publish/subscribe
● Linux-specific optimizations
● Also runs on non-Linux platforms
● Supports multiple platforms
● C++ Linux broker
● Java broker
● Supports multiple languages
● Java (JMS), C#, C++, Ruby, Python, etc.

The AMQP Model
● Exchanges
● Receives messages from publisher
applications and routes these to
queues, based on arbitrary criteria—
typically topic & message headers
● Queues
● Stores messages until they can be
safely processed by a consumer
application (or multiple applications)
● Bindings
● Defines the relationship between a
queue and an exchange and provides
the message routing criteria

MRG Messaging - a Modular
Approach
● Exchange inspects inbound messages from
publisher
● Routes messages to queues via binding
● Consumers receive message via subscribing to queues
● Architectural Strength
● Sophistication via myriad exchange/queue combinations
● Runtime creation of exchanges, queues, bindings
Consumer
Exchange Application
Publisher
Application Exchange
Consumer
Application
Queue
Bindings Queue
Consumer
Queue Application

MRG Messaging Exchanges

MRG Messaging Features
● Rich broker federation options
● Dynamic routing of messages between brokers
● Support high availability
● Support load balancing
● Support business-specific message distribution
● e.g. SLAs based on message type
● e.g. Geographic distribution
Adjustable during operation
Exchange
● Exchange
Queue
Queue
Queue
Exchange
Exchange
Exchange
Exchange
Queue
Queue
Queue
Queue
Queue
Queue
Exchange
Exchange
Queue
Queue
Queue

Red Hat MRG Realtime
● Determinism = predictability
● Priority = ensure highest priority applications are not blocked
by low priority
● Quality Of Service (QoS) = consistent response times
● Proven results
● Context switch latency under 25 µs. 99.9999% under 20 µs

(from interrupt to commencing running new process)
● Average of 38% improvement over stock RHEL5
● Timer event precision enhanced to µs level, rather than ms
● Replacement kernel
● No code changes required
● Tools work
● kernel-rt package upgraded to upstream version 3.0

Red Hat MRG Realtime

MRG Realtime Tools
● TUNA tuning tool,
● Dynamically control tuning parameters
like process affinity, parent & threads,
scheduling policy, device IRQ
priorities, etc.
● MRG Realtime Latency Tracer
● Runtime trace capture of longest
latency codepaths – both kernel and
application. Peak detector
● Selectable triggers for threshold
tracing
● Detailed kernel profiles based on
latency triggers
● Existing standard RHEL5 based
performance monitoring tools
● Gdb, OProfile Frysk – source level
debuggers & profiler
● SystemTap, kprobe – kernel event
tracing and dynamic data collection
● kexec/kdump standard kernel
dump/save core capabilities
Hardware Matters
● Hardware can have a big effect
on realtime performance
● Hardware drivers may need to
be updated to handle threaded
interrupts
● Many system BIOS's include
Service Management Interrupts
(SMIs)
● Cause non-deterministic latency
beneath the operation system by
taking CPU cycles for things like
power management, administration
● SMI latencies cannot be resolved
by realtime linux—they require the
hardware OEM to remove SMIs or
make them configurable
● Red Hat has worked with OEMs
to certify systems for MRG
Realtime
Red Hat MRG Grid
● Provides leading High Performance & High Throughput
Computing
● Enables building cloud infrastructure and aggregating

multiple clouds
● Provides seamless and flexible computing across:

● Local grids
● Remote grids
● Private and hybrid clouds
● Public clouds (Amazon EC2)
● Cycle-harvesting from desktop PCs
● Based on Condor from University of Wiscon

Grid Features
● Desktop Cycle-Harvesting
● ClassAds
● Policies
● Federated Grids/Clusters
● Workflow Management
● Compute On-Demand (COD)
● High Availability
● Priority Based Scheduling
● Parallel Universe
● Accounting

Grid Enhancements
● Enterprise Supportability
● Web-Based Management Console
● Low Latency Scheduling
● Cloud Integration with Amazon Ec2
● Concurrency Limits
● Automating Virtualization - Integrating
Condor with libvirt

MRG Grid Architecture Components
Execute Node
Central Manager: Schedules Slots
●
Central Manager starter
Jobs
● collector: collects info about pool Master 1 Advertising
status startd
● negotiator: responsible for match- collector negotiator
making. Informs submit nodes Master
about execute nodes & vice-versa
● Submit Node: Submit Jobs 2 Matchmaking
● schedd: schedules jobs and Execute Node
stores in job queue Submit Node Slots
● shadow: spawned to manage jobs starter
● Execute Node: Executes Jobs Master schedd 3 Execution
● startd: enforces policies, spawns startd
job to starter shadow
● starter: process that spawns
remote job and sends statistics to Master
submitter
● Master Daemon manages other
daemons
Low Latency Scheduling
Message body is an
uncompressed zip
file with files needed
to run job
Job Execute Node

Message
Job Slots
Exchange Queue Hooks
Hooks
Using MRG
Messaging
carod
Reply
Queue
Job
Job Results
Submission
*MRG Components in Red

Supported Hardware and Platforms
Red Hat Red Hat Windows Windows Windows Windows Windows 7
Enterprise Enterprise XP SP3+ Server 2003+ Server 2008 Server 2008 (32-bit and
Linux 5.7 Linux 6.2 (32-bit) (32-bit and 64- (32-bit and R2 (64-bit) 64-bit)
(32-bit and (32-bit and bit) 64-bit)
64-bit) 64-bit)
Messaging X X
Native Linux
Broker
Messaging X X
Client -
Java/JMS[a]
Messaging X X X X X X X
Client - C++
Messaging X X X X X X X
Client -
Python
Messaging X X X
Client - Ruby
preview
Grid X X X
Scheduler
Grid Execute X X X X X X X
Node
Realtime X (64-bit only)
[a] The Java and JMS MRG Messaging Clients are supported for use with Java 1.5 and Java 6 JVMs. For Sun JVMs, it is
recommended to use Java 1.5.15 or later or 1.6.06 or later.

What MRG will manage
● Manage 1 to N servers from
a single interface
● Instrumentation data
● Current / historical / treads
● OS / Messaging / Grid / RT
overlayed
● Configuration
● Messaging - logs, federation,
clustering, HA, QoS, ...
● RT – taskset, priority, tuning, ...
● Grid – pools, scheduler policy,
targets, profiles, ...
● Sample Actions
● kill clients, purge queue,
increase pool size, close
sessions, ...

Synergy
● MRG integrates messaging, realtime, and grid
technologies.
● One stop management of the MRG platform
● Current and future capabilities:
● low-latency messaging
● Optimized realtime scheduling with qualities of service (QoS)
● Message-based job submission
● large messaging capabilities to transport virtual machines
● Partners:
● AMD, Cisco, IBM, Intel, UW Madison
● Realtime Java (IBM)
Messaging Java
Kernel
RHEL App Open Support

Compatability Source

Red Hat Solutions
● Red Hat Enterprise Linux ● Storage Appliance
● Red Hat Enterprise Virtualization
● Gluster
● System Management
Management
● MRG
● Storage
● JBoss
● Cloud

Red Hat Storage Software Appliance
Distributed File system
Node File File

1 A A
Commodity Node File File

2 B B
Hardware
Node File File

3 C C
Client Client Client ... Client

Shared File system (posix)
Providing Access to Your Data
● GlusterFS enables you to
create a Global
Namespace
● On that namespace you
can create volumes where

data resides
● Clients access data from
the volumes
● GlusterFS handles all
volume-level policies
● Distribute
● Replicate
● Geo-Rep
● And more…
Gluster Capabilities
Distributed
File
A
Node
1 File
A
File
B Client
Node
2 File
B
File
C
Node File
3 C

Replication
File
Node A
Node
1
4 File
A File
A
File
B Client
Node File Node
5 B 2 File
B
File
C
Node File Node

6 File
C 3 C
Geo-Replication
File
Node A
1 File File
A A File
A Node
7
File File File

Node B B B
2 File
B
File Node
File
C File 8
C
C
File
Node C
3
Client
Gluster Use
Access Object Access
http get and put
File
Node A
1 File
A Linux Client
Native client
File
B File Windows
Node B Client
2 File Samba (CIFS)
C
File
Other Client
C
NFS

Gluster Use
No meta-data server Object Access
http get and put
File
Node A
1 File
A Linux Client
Native client
File
B File Windows
Node B Client
2 File Samba (CIFS)
C
File
Other Client
C
NFS

Gluster Use
Expansion Object Access
http get and put
File
Node A
1 File
A Linux Client
Native client
File File Windows

Node B B Client
2 Additional Samba (CIFS)
Storage
File
Other Client
C
NFS
File
Node C
New Node 3

Pandora Internet Radio
Audio media content distribution
Problem
● Explosive user and title growth
● As many as 12 file formats for each song
● 'Hot' Content and long tail
Solution
● Three data centers, each with a six-node
Gluster FS cluster
• 1.2 PB of audio ● Replication for high Availability
served per week ● 2+ PB total capacity
• 13 million files Benefits

• 80 Storage Nodes ● Easily scale capacity
• Over 50 GB/sec ● Centralized management; one
peak traffic administrator to day-to-day operations

● No changes to application
● Higher reliability

Pattern Energy
High performance computing for weather prediction
Problem
● Create a high performance computing system
● Need to deliver rapid advance weather predictions
● Identify wind and solar abundance in advance
● More effectively perform preventative maintenance
and repair
Solution
● 32 HP compute nodes
• Rapid and ● Red Hat SSA for high throughput and availability
advance weather ● 20TB+ total capacity
predictions Benefits
• Maximizing energy ● Predicts solar and wind patterns 3 to 5 days in
assets advance
• Cost savings and ● Maximize energy production and repair times
avoidance ● Avoid costs of outsourcing weather predictions
● Solution has paid for itself many times over

Red Hat Storage Software Appliance
Gluster is an open-source,
distributed, shared
filesystem that frees you
from high priced storage
while giving you the
performance you need, the
resilience you require and
the freedom to buy the
storage you want, when
you want it, at the best
price

Red Hat Solutions
● Red Hat Enterprise Linux ● Red Hat Cloud Foundation
● Red Hat Enterprise ● Open source, open standards →
Virtualization interoperability
● System Management ● Tools vs Products
● CloudForms
Management ● Lets you create and manage IaaS
private and hybrid clouds
● MRG ● Cloud Engine
● Storage ● Application Engine
● JBoss ● System Engine
● Cloud ● OpenShift
● Platform-as-a-Service Cloud for
Open Source Developers

What Do You Mean When You Say Cloud?
Public Community Hybrid Private

Clouds Clouds Clouds Clouds
Service provider Shared by several Interoperable Privately owned and

owned and organizations and combination of managed with
managed supports a specific private and public restricted access
Access over Web community that has clouds (but could be
typically by pay-per shared concerns externally hosted)
use
Software-as-a-Service SaaS
(applications, processes, and information)
Cloud
Platform-as-a-Service PaaS
service (virtualization-optimized middleware)
types
Infrastructure-as-a-Service IaaS
(virtualized servers, storage, networks)

How Do You Build A Cloud?
● You shouldn't have to start over!
● IT Infrastructure is heterogeneous
● You cloud should be mostly based on current

in-house technology, hardware and apps

The Evolution Of A Cloud
VIRTUALIZE
YOUR SERVERS
Virtualize your physical
hardware to achieve higher
utilization, consolidation, and
flexibility.
Virtualization increases the utilization of
physical servers and provides a foundation
for cloud computing.

VIRTUALIZE BUILD A
YOUR SERVERS PRIVATE CLOUD
Virtualize your physical As you expand your use of
hardware to achieve higher virtualization, build a private
utilization, consolidation, and cloud to manage the scale and
flexibility. complexity.
Virtualization increases the utilization of A private cloud abstracts multiple instances

physical servers and provides a foundation of virtual resources
for cloud computing. into elastic pools of computation with self-
provisioning and scalable services.

VIRTUALIZE BUILD A ADD A PUBLIC

YOUR SERVERS PRIVATE CLOUD CLOUD
Virtualize your physical As you expand your use of As you expand your use of
hardware to achieve higher virtualization, build a private cloud computing, add public
utilization, consolidation, and cloud to manage the scale and cloud providers delivered as a
flexibility. complexity. utility to increase capacity and
lower costs.
Virtualization increases the utilization of A private cloud abstracts multiple instances
physical servers and provides a foundation of virtual resources Red Hat's cloud architecture lets you
for cloud computing. into elastic pools of computation with self- manage and integrate various
provisioning and scalable services. virtualization systems and public cloud
providers together. This allows you to
leverage public cloud computing as a
utility.

Red Hat Helps You Bring Your
Applications To The Cloud

Red Hat Cloud Portfolio

Red Hat Cloudforms
CloudForms provides
IaaS infrastructure
through
● Application Lifecycle
Management
● Compute Resource
Management
● Infrastructure Service

Application Lifecycle Management

Compute Resource Management

DeltaCloud API's

Infrastructure Services

EVERYTHING NEEDED TO PLAN, BUILD,
AND MANAGE A CLOUD. TODAY.
● Comprehensive product family

● Detailed reference architecture
and cookbook implementation
guides
● Expert services to plan, build
and manage.
● Training classes for knowledge
transfer and development
● Cloud Foundations, Edition
One: Private Infrastructure-
as-a-Service Cloud.

CLOUD REFERENCE
ARCHITECTURE
Red Hat's suite of open source
software provides a rich
infrastructure for cloud providers to
build public/private cloud offerings.
● This Volume 1 guide for deploying

the Red Hat infrastructure for a
private cloud describes the
foundation for building a Red Hat
Private cloud:
● Deployment of infrastructure
management services
● Deployment of a farm of RHEV host
systems to run tenants' Vms.
● Demonstrate sample RHEL
application(s), JBoss application(s) and
MRG Grid application(s) respectively in
the tenant VMs.

WHY RED HAT? WE KNOW CLOUD.
“Linux Rules the Clouds”
● Most clouds are built using Source: ZDNet, December 2010
open source Linux; the

largest run on Red Hat.
● Recent Goldman Sachs IT
decision maker survey
recognized Red Hat's Red Hat
increasing value to
customers as they move to
cloud.
● Cloud by definition requires
openness and commodity
platforms, Red Hat has a 13
year history of unlocking this IT Decision Maker Survey, 100 Global 2000 Companies January, 2011
value for customers.

And Remember
Both are made of “fabric”
Choose wisely.

Questions??

Red Hat brings the community,
vendors and users together
Enterprise
Users
Hardware engineering engineering Software

vendors vendors
Open Source Community

WE CAN DO MORE
WHEN WE WORK
TOGETHER

Goddard Update April12

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Goddard Update April12

Încărcat de

Drepturi de autor:

Formate disponibile

Who is Red Hat?

The Red Hat Society

2 Rick Ring, Senior Solutions Architect, Red Hat, rring@redhat.com

3 Rick Ring, Senior Solutions Architect, Red Hat, rring@redhat.com

● Any Red Hat specific issues/problems?

● What do you think is the best use of your

time with us today?

5 Rick Ring, Senior Solutions Architect, Red Hat, rring@redhat.com

● Messaging, Realtime, Grid

● Red Hat Storage (Gluster)

● Red Hat CloudForms

6 Rick Ring, Senior Solutions Architect, Red Hat, rring@redhat.com

Red Hat Makes Open Source

7 Rick Ring, Senior Solutions Architect, Red Hat, rring@redhat.com

Continuous Stream of Features

8 Rick Ring, Senior Solutions Architect, Red Hat, rring@redhat.com

9 Rick Ring, Senior Solutions Architect, Red Hat, rring@redhat.com

Red Hat Enterprise Linux

10 Rick Ring, Senior Solutions Architect, Red Hat, rring@redhat.com

Load Balancing Extended Lifecycle

Red Hat Enterprise Linux

11 Rick Ring, Senior Solutions Architect, Red Hat, rring@redhat.com

Red Hat Enterprise Virtualization

Load Balancing Extended Lifecycle

Red Hat Enterprise Linux

12 Rick Ring, Senior Solutions Architect, Red Hat, rring@redhat.com

Red Hat Enterprise Virtualization

Red Hat Network Satellite

Load Balancing Extended Lifecycle

Red Hat Enterprise Linux

13 Rick Ring, Senior Solutions Architect, Red Hat, rring@redhat.com

Red Hat Enterprise Virtualization

Red Hat Directory Server

Load Balancing Extended Lifecycle

Red Hat Enterprise Linux

14 Rick Ring, Senior Solutions Architect, Red Hat, rring@redhat.com

Red Hat Enterprise Virtualization

Load Balancing Extended Lifecycle

Red Hat Enterprise Linux

15 Rick Ring, Senior Solutions Architect, Red Hat, rring@redhat.com

JBoss Red Hat Enterprise Virtualization

Load Balancing Extended Lifecycle

Red Hat Enterprise Linux

16 Rick Ring, Senior Solutions Architect, Red Hat, rring@redhat.com

JBoss Red Hat Enterprise Virtualization Red Hat Storage

Load Balancing Extended Lifecycle

Red Hat Enterprise Linux

17 Rick Ring, Senior Solutions Architect, Red Hat, rring@redhat.com

JBoss Red Hat Enterprise Virtualization Red Hat Storage

Load Balancing Extended Lifecycle

Red Hat Enterprise Linux

18 Rick Ring, Senior Solutions Architect, Red Hat, rring@redhat.com

19 Rick Ring, Senior Solutions Architect, Red Hat, rring@redhat.com

Discretionary Access Mandatory Access Control

20 Rick Ring, Senior Solutions Architect, Red Hat, rring@redhat.com

[rring@rring /]$ ls -lZ

21 Rick Ring, Senior Solutions Architect, Red Hat, rring@redhat.com

/etc/selinux/POLICYTYPE/* Result is cached

22 Rick Ring, Senior Solutions Architect, Red Hat, rring@redhat.com

23 Rick Ring, Senior Solutions Architect, Red Hat, rring@redhat.com

● RHEL 6.3 beta

CIM Provider C Python Perl OCaml

xen kvm qemu OpenVZ LXC LDoms Storage

xen kvm hypervisor