KVM: Your Key to Open Source Server Virtualization

By Kenneth Hess (Send Email)
Posted Sep 17, 2010


More on open source servers and server virtualization

Considering a switch to a virtualized infrastructure strikes fear into the hearts of even the most educated among today's CIOs. Technology confusion and vendor choices aside, the physical-to-virtual transition dread stems from security concerns, performance uncertainty and scalability questions. Red Hat's Kernel Virtual Machine (KVM) attempts to answer those trepidations positively.

If fear is preventing you from making the change from a physical to virtual infrastructure, you must put that phobia aside and consider KVM, Red Hat's enterprise server virtualization alternative.

KVM is Red Hat's commercial competition for Citrix XenServer, Microsoft Hyper-V and VMware ESX/vSphere. Like the others, KVM is a full virtualization technology. Full virtualization means that virtual machines (VMs) built with KVM fully abstract computer hardware, so the operating systems that run inside the VMs "think" they're running on physical hardware. Memory, CPU, disk, peripherals, NICs and graphics adapters compose VMs using full virtualization technology.

VM Security

The first, and most heated, topic of discussion surrounding a move to virtual infrastructure is security. Unfortunately, virtualization and its husky sibling, cloud computing, have received demon status among tech observers and industry sideliners. Security is a major concern for anyone who runs a computing environment, whether it is physical or virtual. VMs are not less secure than physical machines; nor are they more secure. Their status as virtual doesn't alter their security in any way.

You must take the same precautions, apply the same patches and perform the same due diligence with VMs as you do with physical ones. You must trim unneeded services, install anti-virus software, install security fixes and provide firewall protection for all of your VMs.

Another anti-virtualization argument is that the virtual host (Dom0) adds more security vulnerability to the mix. The reasoning is that Dom0 is a privileged VM, since it carries messages to and from the hypervisor and therefore exposes the whole environment to compromise. There is a shred of truth to this argument. With the exception of Microsoft's Hyper-V, all current virtualization technology uses Linux as the host operating system or Dom0.

Dom0 is a light, almost minimal, Linux implementation. It does, however, need its own patches, security scans and monitoring to maintain the system security and service integrity that you require. It's existence, however, shouldn't prevent your move to a virtual infrastructure.

Red Hat's KVM boasts a security-hardened Dom0. Red Hat also maintains an active development team to rapidly and accurately answer any security vulnerabilities that arise. For a security comparison of KVM, Xen and VMware, consult the whitepaper titled, "KVM Security Comparison."

VM Performance

VM performance is always an interesting topic to tackle in virtualization discussions. So, what about performance? By converting your underutilized, over-built systems to VMs, you've somehow compromised their performance. No, you haven't, and Red Hat's KVM can prove it to you. In fact, Red Hat boasts that the highest computing workloads (SAP, Oracle, Exchange and Java) enjoy performance that is 90 percent, or greater, of physical on KVM. Some workloads, Linux/Apache/MySQL/PHP (LAMP) workloads for example, achieve up to 140 percent higher performance than physical machines.

How can performance on a VM exceed that of a physical machine? Optimization. KVM workloads take full advantage of virtualization-enhanced, multi-core CPU technology. Tapping into virtualization's performance-enhanced wellspring may give your applications the boost they hunger for.

VM Scalability

Anti-virtualization conversations end with a stab at scalability. If cloud computing is any example of scalability, then that one has no merit from the start. But cloud computing is rarely accepted as the final word on how scalable virtualization is, so the argument continues. For the same reasons given for incredible application performance, scalability is a non-issue. KVM's multicore technology exploitation makes it far more scalable than adding more underutilized physical machines to your data center matrix.

VMs handle workloads quite well in stressed environments. You'll find that your 100 physical server application farm will scale significantly and perform admirably with fewer virtual systems. That's right, those 100 physical systems will likely seek a smaller footprint once they are converted to a virtual format. You might trim that scalable system of yours to one-half or one-third the number of supported systems due to the more efficient and hardware-optimized virtual infrastructure. Remember that scalability has less to do with how many systems you can spin up than how well your systems perform under increased load.

KVM gives you everything you need in the familiar surroundings of Red Hat Enterprise Linux (RHEL). If you can't commit to RHEL until you experience KVM for yourself, you can download and use KVM as Proxmox (not affiliated with Red Hat), which combines zones (containers) and KVM into a single hypervisor package. The Linux kernel supports KVM natively as of version 2.6.20.

Red Hat's native KVM virtualization technology is a capable contender in the enterprise virtualization marketplace. It competes directly with VMware vSphere, Microsoft Hyper-V and Citrix XenServer. KVM's security, performance and scalability should allay any fears associated with enterprise virtualization technology. Red Hat has made significant effort in all three of these key areas to make its commercial virtualization offering a data center darling.

Ken Hess is a freelance writer who writes on a variety of open source topics including Linux, databases, and virtualization. He is also the coauthor of Practical Virtualization Solutions, which is scheduled for publication in October 2009. You may reach him through his web site at http://www.kenhess.com.

Follow ServerWatch on Twitter

Page 1 of 1


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.