Académique Documents
Professionnel Documents
Culture Documents
Multi-Method Virtualization
An Architectural Strategy for Service Tuning
access to video/desktop conferencing and multi-user 3- map across the OSI layers if they were considered as a
dimensional metaverse spaces like Second Life. The technology, the options are placed based on the
ad hoc development of complex systems has resulted primary user function that it virtualizes. Below is an
in the need to develop a model based management example of a technology component set mapped to the
method to accurately tune delivery of course materials. OSI Model in a traditional way.
1.2 Context of Model Development Table 1: Open Systems Interconnection Model (OSI)
OSI Layer Example Technology
Following a general approach presented by various Application Telnet
network models, such as the OSI Model, virtualization Presentation ASCII
methods can be divided into layers that slice resources Session Secure Sockets
between the user and service initiation point. This Transport TCP
report describes a model and strategy for applying Network IP
virtualization methods along a service pipe to Data Link Ethernet 802.3
maximize the efficiency of the cost and bandwidth of Physical 10BASE-T
each segment of the pipe. This model was designed to
support an academic research network, a five node Also, like the OSI model, the Virtualization layer
regional VPN-based WAN that services about 3000 Model is designed to create a modularity, so that
internationally distributed users whose locations are as technologies can be defined, developed, implemented,
diverse as the South Pole, India, Iraq, and the South and maintained within a larger constellation of
Pacific, and includes a large population in the United enabling technologies. However, layered models are
States. The primary users are students engaged in insufficient to visualize end-to-end service offerings in
laboratory experiments and exercises associated with the case of this research facility, so additional models
graduate level coursework. But there is also a will be introduced later that describe topological
significant percentage of students, faculty, alumni, and progression of services.
partners that participate in collaborative research, pilot
projects, and course support efforts. Table 2: Virtualization Layer Model (VLM)
2
Proceedings of the 43rd Hawaii International Conference on System Sciences - 2010
laboratory space, campus environments, meeting media options complete a full service suite for the
facilities, network operations centers, incident theaters research team members who have access to higher
of operations, etc. These virtualized environments are bandwidth connections to the Internet or local access in
rendering non-technical cuing, scope-setting, and a lab facility.
communications enabling conditions that would The current ARN Application Layer of the VLM
normally be experienced by the user in addition to the contains our current “local desktop services”
OSI application layer resources they perceive through virtualization through, Citrix Metaframe™. This
the command line, system GUIs, or interactive allows users to log on to a desktop portal and access
topological diagrams of networked systems. the unique service they need, without the underlying
processing requirements of offering them completely
Also referenced in the development of the VLM virtualized operating systems or direct access to
was the Storage Network Industry Association™ virtualized storage offerings. The application layer
(SNIA) Shared Storage Model v2.0 (SSSM2), seen in offerings available in industry present two distinct
Table 3.[2] This model focuses on how storage blocks technologies. The first is full local desktop
are aggregated and its layers divide the path between environment that provides a local desktop that interacts
where the data is actually stored on a physical medium much as the desktop on a PC, Linux, or Macintosh
and where processing of data takes place in an operating systems, but does not require full system
application. Unlike the OSI and VLM models that virtualization. This first technology can be accessed
place intermediate and enabling layers of processing both specialized thin hardware and PC-based software
“down the stack”, the SNIA places intermediate clients. Those we have tested in our facility include
processing in the middle Block SunBlade hardware thin clients, Windows Terminal
Virtualization/Aggregation layer between the Upper Services desktop emulation, and Citrix. The second
Application Layer and the bottom Storage Device technology is application terminal service that presents
Layer where data is physically stored. Below is a a specific application in a window, generally initiated
simplified version of the SSSM2 model that indicates from a web link (for example opening a word
minimally the sequence of layering. processor from a web link on the Citrix Metaframe
Desktop.). This is different from a web application
using HTLM to interact with programs, and relies on
Table 3: Simplified SSSM2 Model screen refreshes to interact specifically with an
SNIA Layer Example Technology instance of an application. This second technology has
Application Email Server proven to be the most efficient for many service
File File System requirements inside ARNe. Both technologies
Block Virtualization / SAN Switch or Storage generally rely on reproducing user interface output of
Extent Aggregation Virtualization Device application or system components and transmitting
Block Subsystem HDS Storage Device screen refresh information.
Options in the system virtualization layer of the
The VLM did not scale to a broad description of VLM are generally reserved in ARNe for clients who
virtualization as the management team tried to apply it require extended capabilities beyond desktop and
to the ARN network. But it did call to attention application virtualization. That is because our team
another requirement for model development, the need have found it much is less efficient than application, in
for “end to end” modeling of a virtualized service that terms of processor and memory load required to
mapped out the intermediary components of a service present an offering. Access to the virtual machine guest
to consider where bottlenecks are occurring and operating system is still accessed through some type of
whether service activity is matching resource capacity desktop virtualization, whether through a VMware
along the service path. This led to the development of client, VNC, Citrix, Microsoft Terminal Services, or
the Service Pipe modeling presented shown first in other remote desktop applications which create the
Figure 1. virtual presence of the system locally for the client.
Because of the highly dispersed user population, Instead, system virtualization has found its primary
the target bandwidth of minimum-capacity user use in ARNe by creating efficiencies of management
connections has been limited to 56kbps. Text base and processing resources internal to the network
community virtualization is used for broad client services data center. This type of data center
support (the options in italic in Table 2.) Primarily configuration using virtualization has been widely
these are in the areas of collaborate workspace considered, as by W. Vogels [3]. But this report will
(SharePoint) and Classroom environment (Moodle and present uses where offering virtualized systems
Angel Learning Management Systems (LMS)). Multi- directly to the client has been used to significant
3
Proceedings of the 43rd Hawaii International Conference on System Sciences - 2010
advantage. When this is done internal to ARNe, 3. Mapping Virtualization With a Service
generally clients are provided a service from that guest Line Pipe Model
machine instance as if it were a hardware-based
system. This includes traditional services like web,
email, and other services. Services lines can be represented as a long pipe
Storage Virtualization options have been explored from the initial service to the client interface. In figure
in ARNe, but Storage Area Network service within 1 there are two layers of desktop virtualization. The
ARNe are not generally offered to external clients at internal VMWware client is run on a Citrix server, and
the block layer because this service has stricter latency the Citrix server offers that application out through the
requirements than most other services. However, it is Citrix portal as an ICA client. While this initial
included in this model because it is a significant configuration allowed for a consolidation of access to
service that can be used to analyze virtualized systems the Citrix portal, the two-step rendering of the desktop,
that fits effectively into the structure of the VLM. first with VMware, and then again through Citrix,
Block virtualization of SAN traffic to remote machines created a lag in response that was unacceptable for
would generally also create unnecessary additional service provisioning. Note, “I” stands for “Internet”,
bandwidth requirements thorugh the service pipe to the and relates to ISP service options and tested
external user. Instead, if SAN block-level storage characteristics in particular troubleshooting incidents.
services are necessary, it is offered to systems that It will not be discussed here, but is generally taken as a
exist within the ARNe facility, and those machines are constant in service provisioning from a particular
offered to external users thorough some desktop location.
virtualization method. This practice of moving
virtualization within the service pipe to tune bandwidth Client Citrix
and latency is a significant way to enhance service Resc. Client I ARN Desktop LAN System
ISP ISP Virtualiza Connec Virtualiz
performance. ICA
Conne Connec tion ation
Client tion
Network virtualization is very important in ARN ction tion Service
Service
because we have a large number of students and VMWare VMware
Client
faculty studying networks and network security. The
primary technologies used to create virtual networks
for ARNe clients include the network device emulator
Figure 1: Service line virtualization Citrix/VMware
suite GNS3 and VLAN technologies such as 8021Q.
[4] The choice between them is primarily based on
performance. If clients are interested in running a
limited number of network devices and are not using Reconfiguration of the service pipe required four
significant network capacity, GNS3 emulation is actions. First, the VMware client is distributed to the
sufficient. The GNS3 network is then offered to the end users. Second, a security portal must be created to
client through virtualized desktop technology discussed allow for the authorized pass-through of VMware
earlier. If clients need significant well-defined Desktop protocol Traffic. Third, the VMware servers
network capacity, Cisco VLAN technology are used to must be made available through this security portal.
segment off existing physical network resources and Fourth, The client population should have a link to this
offer it as a virtual network that exists inside the ARNe portal present in their community virtualization layer.
facility. While it would be simple to provide access to A security portal could be a product such as VMware
this virtual network resource through virtual private vCenter Lab Manager.
network (VPN) technologies, generally ARNe has
consolidated access through a single Citrix portal in Client VMware
order to provide a single point of security access. Resc. Client I ARN Security LAN System
ISP Virtualiz
access control lists are created to provide desktop VM ISP Portal Connec
Conne Connec (Protocol tion ation
virtualization to a first node inside the VPN. This Ware Service
Client ction tion Pass-
technique is also important in order to isolate client Through) VMware
machines from activity on the network that would be
harder to control with a VPN.
Figure 2: Authentication and VMware pass-through
4
Proceedings of the 43rd Hawaii International Conference on System Sciences - 2010
development of service pipe diagramming as a means institutional servers in the research lab. The goal was
to analyze the virtualization components of service to avoid having the costly requirement of acquiring
offerings. This report presents below three cases more processing resources for ARNe. In addition,
where service pipe modeling is used to analyze service expected network traffic for Oracle would be
offerings. nonexistent, so no additional network resources would
be required.
3.1. Case 1: Distributed Oracle™ Admin However, the most limited resource in this case
proved to be something other than the potential cost of
Regis University teaches many different database centralized server processing. It was the help resource
classes using Oracle. When the program was required for students to successfully complete the lab.
introduced, Oracle was included with the textbook. It While the processing was dispersed to a many-to-many
was initially considered that the most cost effective model, the help desk became the only resource
way to have students perform lab exercises was to have successful in troubleshooting the disparate problems.
them install Oracle locally on their systems and then The help-desk support resources were moved to a one-
provide lab guides for the students to follow in order to to-many model that relied on live human response.
gain direct experience with the technology. One Students were given a CD with their textbook and
important component of the success of this approach asked to load up Oracle on “Whatever system they
was providing adequate support for students to were working on.” This created a heterogeneity
successfully complete the lab. With an international problem that amplified the support requirements by the
student population, and minimal system requirements number of users having different systems, (virtually
for the curricular program, students came to this class everyone.) Generally in online labs associated with
with a wide variety of operating systems that included classes there are three tiers of available support. 1)
a wide range of software installations and network Students rely on peers to provide basic hints and
configurations. suggestions for managing technologies associated with
In the initial service pipe diagram (Figure 3), there labs, though completing labs and answering questions
is no virtualization of the Oracle Application. is clearly described as individual responsibility. But
However, the student uses a web browser to access the because the Oracle installations were distributed across
LMS and potentially the technical help desk directly. highly divergent systems, and Oracle is sensitive to
These two components in concert comprise the typical those changes, the peer-oriented many-to-many
support environment found in a scheduled laboratory support model held little value. 2) Instructors
session live on campus. While this service is not using generally provided the next level of support for their
a specialized application or protocol to virtualize the students at a ration of about one to fifteen. Instructors
experience, the web-based resources create the context are not compensated to do significant troubleshooting
in which Oracle is used by the student. Support is on fifteen different machines. The instructor’s primary
available to the student in three primary forms. Peer responsibilities reside in explaining the content of the
support in forums, instructor assistance in forums, and course and assisting with laboratory exercises once the
the help desk. Oracle software is up and running. So the faculty
began to offload the Oracle technical support questions
onto the help desk resources. 3) The help desk was
Client LMS
operated by one individual at a time. Because of this
Resc. Client I ARN one-to-many support requirement an immediate long
ISP ISP
Conne cue of service requests was generated, creating
Oracle Connec HelpDesk
Local ction tion untenable delays in the students’ ability to get Oracle
working for lab assignment deadlines. Further,
Web
Browser
because of the heterogeneous nature of the client
systems, the knowledge base used to facilitate support
was generally inadequate and hard to navigate.
Figure 3: Oracle client install
To tune this problem, ARNe managers redesigned
the service line to offer students a virtual desktop so
The lab designers hoped that distributing Oracle that students logged in through a Citrix server. The
across a large number of client machines on a one-to- Citrix server created a homogeneous thin client that
one basis would have the effect of distributing
could be distributed to students in the Oracle class in
processing load in proportion to use across many
addition to most of the other labs that ARNe provided
individual client stations rather than having many
support for. This thin client was not as sensitive to the
instances of Oracle on one concentrated set of
changes in operating system configurations, and many
5
Proceedings of the 43rd Hawaii International Conference on System Sciences - 2010
different clients were available to support the different memory, and a significant portion of memory was
operating systems. This meant that the help desk devoted to the virtualization process. Because the
requirements were dramatically reduced using the RDBMS was database and processor intensive, the
configuration illustrated in the following service pipe. service slowed below satisfactory performance. This
The Oracle Relational Database Management System attempt at virtualization for the convenience of
(RDBMS) managed multiple instances of Oracle on a maintenance failed. However, there are currently new
single server. Students logged into Citrix, and offerings by Oracle that include a customized virtual
launched Putty, a communications utility to access machine built on the Xen™ hypervisor.[6] Currently
their particular database on a separate server running the ARNe management team is beginning to
the Oracle RDBMS. While Putty is a thin network implement this as the next generation of RDBMS
client, the use of Citrix meant that there was no platforms to support these classes.
additional client-installed software in addition to what
was needed for other laboratory courses. This means 3.2. Case 2: GNS3 and VLANs
that no course-unique knowledge is necessary to
support client connections and clients software Network virtualization meets a broad range of
installations in the database classes. It also means that needs, but the functional requirements significantly
the standard external-facing security available in Citrix determine which method of virtualization is
could apply to the students in the database classes. appropriate, depending on available resources. This
LMS section compares virtualization options for two similar
Client Oracle service lines that used VLANning and GNS3. The
Resc. Help Desk
Client I ARN LAN RDBMS goal for network labs in general is to provide
ISP ISP Citrix Connec
Web Connec tion configurable network space for teaching complex
Conne
Browser
ction tion network configuration, forensic analysis, and research
Putty project activities. But the virtualization options
ICA
Client selected depend greatly on the specific activities that
will be required of students as part of their laboratory
Figure 4: Oracle application virtualization experience.
The first service line supports a set of
ARNe managers attempted a second phase of service undergraduate traffic analysis labs. These labs need to
tuning in the Oracle Service Line, as follows, because present network equipment passing traffic at machine
maintenance of the Oracle instances over time became speeds and servers and clients that generate this traffic.
problematic with graduate assistance turnover, Generally OpNet™ would be a tool of choice for
requiring significant training to facilitate long-term simulating load and capacity planning. OpNet™ is a
maintenance of the RDBMS. The team wanted to use network simulation tool that uses a proprietary
Virtualization to take snapshots of the RDBMS server interface to create a broad array of machine, software,
at the beginning of each semester to reset courses. The and network simulation for network designing, proof-
ARNe management team researched similar of-concept modeling, and performance load planning.
installations to determine the viability of this strategy But OpNet™ is generally not part of the undergraduate
and while Oracle Corporation refused support, some program, and teaching the OpNet interface for students
users were reporting success with Oracle™ on to complete one set of labs was not practical because it
VMware™.[5] is complex and dissimilar to other technology they use.
LMS VMware Since the actual hardware for this lab was available as
Client a surplus within existing ARN network resources, the
Help Desk Oracle
Resc. LAN RDBMS hardware was partitioned using 802.1q VLAN tagging.
Client I ARN
Connec
Web
ISP ISP Citrix An access control list was developed to allow for
Conne Connec tion
Browser desktop virtualization protocols to enter, and access a
ction tion
ICA
Putty single server inside the network. From there, students
Client could jump to other network nodes and configure
applications from a software library resident on that
server.
Figure 5: Oracle VMware attempt
6
Proceedings of the 43rd Hawaii International Conference on System Sciences - 2010
7
Proceedings of the 43rd Hawaii International Conference on System Sciences - 2010
8
Proceedings of the 43rd Hawaii International Conference on System Sciences - 2010
9
Proceedings of the 43rd Hawaii International Conference on System Sciences - 2010
IEEE Transactions on Communications, Vol 28, no. 4, April Std 802.1Q™-2005) IEEE Computer Soceity, NY, NY,
1980 pp 425 - 432 USA, 2005
[2] Yoder, Alan, SNIA Technical Council, “Shared [5] Scalzo, Bert, “Oracle On VMware: Expert tips for
Storage Model v2”, retrieved June, 2009, Database Virtualization” Ramppant Techpress, Kittrell, NC,
http://www.snia.org/education/storage_networking_pri USA, Nov, 2008
mer/shared_storage_model/
[6] Topurov, A, Grancher, E, “openlab tests Oracle VM for
[3] Vogels, Werner. “Beyond Server Consolidation” Queue, database service virtualization” CERN computer newsletter
Volume 6, Issue 1, ACM NY, NY, USA, January/February No. 2009-001, Geneva, March 31, 2009
2008
[7] Miller, K., Pegah, M, “Virtuaization: virtually at the
[4] IEEE, “IEEE Standard for Local and metropolitan area desktop” Proceedings of the 35th annual ACM SIGUCCS
networks, Virtual Bridged Local Area Networks”,( IEEE conference on User services, “Orlando, Florida, USA 2007,
Pages 255-260
10