Ever since Red Hat Enterprise Linux added KVM Virtualization as a kernel-based hypervisor to run virtual machines (way back in Red Hat Enterprise Linux 5.4), the operating system took on a dual personality.
Red Hat Enterprise Linux became both a Virtualization host for high density virtual data centers / cloud service platforms, and a guest operating system running on third party hypervisors such as VMware vSphere and Microsoft Hyper-V. As the topic is sufficiently broad, I plan to split my discussion of virtualization into two posts.
Today’s post will discuss Red Hat Enterprise Linux 7 beta as a hypervisor using KVM Virtualization technology and it will highlight a few key enhancements that make Red Hat Enterprise Linux the operating system of choice for modern hybrid data centers. While the features that I will review are inherently those that I find to be the most exciting (note: I’m hoping you will find them to be exciting and useful as well), a complete list is available in the Red Hat Enterprise Linux 7 beta release notes.
Red Hat Enterprise Linux 7 beta with KVM Virtualization technology provides enterprise ready virtualization capabilities to our server, workstation and desktop customers. It serves as the platform for the open hybrid cloud, and establishes a supportive ecosystem where various other Red Hat products can add value, products such as: Red Hat Enterprise Linux Open Stack Platform, Red Hat Enterprise Virtualization, and Red Hat Storage.
So… what’s new? Drum roll please!
For starters, we have expanded live migration support – Red Hat Enterprise Linux 7 beta includes support for the live migration of a virtual machine from Red Hat Enterprise Linux 6.5 to Red Hat Enterprise Linux 7 beta. Previously, we only supported live migration between two hosts running Red Hat Enterprise Linux 6. This new functionality allows virtualized data centers and cloud providers to easily migrate their existing virtual machines running on Red Hat Enterprise Linux 6.5 to a brand new Red Hat Enterprise Linux 7 host, without virtual machine downtime. This also works hand in hand with in-place upgrade capabilities offered with Red Hat Enterprise Linux 7 beta.
In the world of virtualization security… security is always on our customers’ minds, whether it’s a credit card theft (has anyone out there been caught up in one of the many payment system hacks?) or the most recent Snapchat debacle. We believe security is a fundamental feature of the operating system and hypervisor. How many of you have depended on sVirt technology in our virtualization stack to protect your virtual machines from malicious users? We have introduced two new security features in Red Hat Enterprise Linux 7 beta to increase guest entropy for cryptography and additional security hardening to reduce the guest attack surface.
The first new (aforementioned) security feature, guest entropy, allows KVM Virtualization to meet new cryptographic security requirements from both the United States and United Kingdom. The para-virtualized random number generator (virtio-rng) driver allows the host to feed entropy to the guest. This allows cryptographic applications running on the guest to be more effective by alleviating entropy starvation in guests. The second new feature in uses a security hardening mechanism with libseccomp that allows applications to define interactions with the kernel using syscall filtering, to reduce the risk of a malicious guest exploiting a kernel vulnerability, thereby reducing the guest attack surface. These two security features add additional new and important layers of security to our KVM virtualization stack, above and beyond the existing SELinux mandatory access controls provided by sVirt, which protects against untrusted guests and misconfigured hosts.
In addition to security, we here at Red Hat know that our customers value application performance. With more and more systems, even at the low end, presenting NUMA topologies, there is a real need to address the performance irregularities that such systems present. Red Hat Enterprise Linux 7 beta has introduced a new kernel-based NUMA affinity mechanism for improved application performance allowing for greater efficiency over the traditional user-space based solution.
Automatic NUMA balancing matches significant resource consumers with available memory and CPU resources in order to reduce cross-node traffic. This results in better NUMA resource alignment for applications and virtual machines, thus improving performance by minimizing the cost of remote memory latencies. Users accrue performance benefits from automatic NUMA balancing without needing to explicitly place and bind process threads, including virtual CPU threads for virtual machines. This improves the out-of-box performance experience on NUMA systems in physical, virtual, and cloud, and positions Red Hat Enterprise Linux 7 beta as the open hybrid cloud operating platform.
Even network performance has been improved. Today’s high-end servers have lots of processors, and virtual machines running on such systems have a large number of vcpus. Red Hat Enterprise Linux 7 beta adds the multi-queue NIC feature in the KVM Virtualization virtio-net networking stack, which removes the single queue NIC bottleneck and allows the virtual NIC to process networking packets in parallel. This increases the throughput for both small virtual machines (2 – 4 vCPUs) and large virtual machines with higher virtual CPU counts, by allowing the virtual machines to transmit and receive packets through multiple queues in the virtio-net networking stack.
A note on scalability: The KVM scalability levels enable customers to more efficiently run large-scale workloads in a virtual guest than on hypervisors with much lower limits. The virtual guest size is 160 virtual CPUs, and the maximum supported memory in a KVM guest is 4 TB, doubling the previously supported virtual memory limit.
Finally, there is an intersection of GPUs with KVM Virtualization in Red Hat Enterprise Linux. Another feature in Red Hat Enterprise Linux 7 beta that is both exciting and paves the way for future enhancements is the KVM graphics device assignment capability — wherein the entire graphics card can be passed through to a single virtual machine. Using Red Hat Enterprise Linux 7 beta, you will be able to assign a GPU directly to a virtual machine and provide 3D graphics acceleration for GPU computing (NVIDIA Tesla) or high density farms (NVIDIA GRID) or local graphics (NVIDIA Quadro). Stay tuned for more updates as we go along this journey.
So what do you think of the KVM features I have outlined here? Are the virtualization enhancements to Red Hat Enterprise Linux 7 beta relevant to your own day-to-day operations? I look forward to reading your feedback, comments and questions.
In my next blog post I will expand on the topic of Red Hat Enterprise Linux as a guest operating system on third party hypervisors such as VMware vSphere and Microsoft Hyper-V.