Professional Documents
Culture Documents
TI
VIRTUAL MACHINE
TS. V VN KHANG
[0]
MC LC
1
1.1
o hoa la gi ?
1.2
My ao la gi ?
1.3
Phn loai my ao 4
CC KIN TRC O HA
Nhng li ch cua my ao 12
MT S CP O HA HIN NAY.............................................................13
2.1
2.2
2.2.1
Gii thiu
2.2.2
o ha h iu hnh l g? 13
2.2.3
2.2.4
2.2.5
13
13
14
14
3.1
VMWARE 17
3.1.1
3.1.2
3.1.3
3.2
Hyper-V
3.2.1
17
17
19
24
24
[1]
3.2.2
3.2.3
34
4.1
4.2
Gi tr cua ao hoa 40
4.3
36
BO MT TRONG O HA..............................................................................51
5.1
5.2
Nhng vn tn tai
5.3
55
5.4
58
53
[2]
TNG QUAN V MY O
1.1
Ao hoa la gi ?
My ao la gi ?
Virtual Machine
[3]
Phn loai my ao
Bi v v tr chy trc tip trn phn cng khng phi nm bn trong mi trng h
iu hnh nn chng mc nhin s em li hiu sut cao nht, tnh sn sng cng
nh vn bo mt. Mt vi sn phm ang s dng dng ny l Microsoft HyperV, Citrix Xenserver, Vmware ESX server.
b. Type 2 VMM:
[5]
Cc li ch ca h thng my o:
- Nhiu h iu hnh c th cng tn ti trn cng mt my tnh, nhng c tnh
c lp cao.
- My o c th cung cp mt kin trc tp lnh (ISA-Intruction set Architecture)
khc vi my thc.
[6]
[7]
1.4
CC KIN TRC AO HA
[8]
[9]
[10]
Bare-Hardware
Bi v VMM c ci t trc tip ln phn cng nn hypervisor (VMM) cng c
th truy xut trc tip ln cc thit b I/O. Hypervisor (VMM) trong m hnh
hosted virtual machine thng qua h iu hnh truy xut cc thit b I/O, cn
trong m hnh bare-hardware th cn phi c cc driver cp thp tng tc vi
cc thit b phn cng bn di.
[11]
Mt cch khc hypervisor truy xut n cc thit b I/O l gn tng thit b cho
tng my o mt cch c th. iu ny c gi l Partitioning. Vi c ch ny,
my o c th ci t trc tip driver ca tng nh sn xut tng ng
Hypervisor
[12]
Nhng li ch cua my ao
[13]
MT S CP O HA HIN NAY
2.1
[14]
[15]
[16]
[17]
VMWARE
VMware Workstation
VMware Server
VMware ESX/ESXi
3.1.2
[19]
3.1.3
VMware ESX
VMware ESXi c xem l th h tip theo ca VMware virtualization
foundation. Khng ging nh WMware ESX, ESXi khng c thnh phn Service
[20]
VMware vSMP
2. VMware vCenter Server
vCenter Server c th c xem nh l Active Directory trong Microsoft, n c
dng qun l tp trung tt c cc host ESX/ESXi cng nh cc my o c
chy trong cc host . vCenter Server c giao din Windows, database cho php
nh qun tr trin khai, qun l, gim st, t ng ha, v thit lp an ton trong
mi trng mng. H qun tr CSDL Microsoft SQL Server hoc Oracle c
dng lu tt c thng tin v cc host v my o.
[21]
[22]
vSphere Client
vSphere Client h tr qun l cc host ESX/ESXi bng vic xc thc ti khon
trn tng host cc b hoc c th xc thc tp trung thng qua vCenter Server vi
ti khon Windows.
5. VMware Vmotion va Storage Vmotion
Vmotion l tnh nng ca ESX/ESXi v vCenter Server cho php cc my o ang
chy c th c di chuyn t host vt l (ESX/ESXi) sang host vt l khc m
khng cn phi tt ngun my o. S di chuyn ny gia 2 host vt l ny khng
lm mt i s hot ng hay kt ni gia cc my o vi nhau.
Storage Vmotion cng da trn tng Vmotion nhng i tng c di chuyn
y chnh l cc storage trn SANs
6. VMware Distributed Resource Scheduler
DRS l tnh nng phn phi ti nguyn mt cch t ng trong mt cluster. Tuy
nhin, khi nim cluster y khng ging nh khi nim cluster trong h iu
hnh Windows Server.
Mt ESX/ESXi cluster l s tp hp v tn dng kh nng x l ca cc CPU, b
nh ca tt c cc host trong cluster. Sau khi 2 hay nhiu host c gn vo
cluster, tt c cc host s hot ng mt cch ng thi nhm cung cp CPU v b
nh cho cc my o trong nhm cluster
7. VMware High Avaibility
WMware HA khng ging nh DRS ngha l n khng s dng cng ngh
VMotion di chuyn cc my o t host ny sang host khc, bi v c nhiu
nguyn nhn khin h thng b li khng th on trc c nh: mt ngun, li
phn cng. Khi c s c li xy ra v phn cng hoc mt ngun ca mt Server
ESX/ESXi, cc my o ang chy trong Server b li s c khi ng li
chy tip trong cc Server ESX/ESXi khc trong cng cluster cha Server b li
.
[23]
Hyper-V
3.2.1
[25]
3.2.2
[26]
Hypervisor.
[27]
Parent Partition.
M ta
Virtual
Machine Chu trch nhim qun l trng thi ca my o
Management
Service ang hot ng trong cc phn vng con (active,
(VMM service)
offline, stopped) v iu khin cc tc v c th
nh hng n trng thi my o hin ti in hnh
l hnh ng to snapshot. Ngoi ra cn c vai tr
trong vic b sung hoc loi b cc thit b. Khi
mt my o c khi ng VMM service s to
ring mt Virtual Machine Worker Process cho mi
my o c khi ng.
Virtual
Machine Thnh phn ny c khi to bi VMM service
Worker Process
khi my o c khi ng. mt Virtual Machine
Worker Process s c to ring cho mi my o
Hyper-V v chu trch nhim qun l cc mc
tng tc gia phn vng cha chay h iu hnh
Windows Server 2008 vi phn vng con ang
chy h iu hnh my khch. Nhim v ca n
bao gm: creating, configuring, running, pausing,
resuming, saving, restoring v snapshotting my o
m n ang lin kt v chu trch nhim qun l.
N cng x l vn IRQs, b nh, v port nhp
[29]
Virtual
Driver
Windows
Hypervisor L mt th vin DLL cha trong phn vng cha
Interface Library
ang chy Windows server 2008 v bt k h iu
hnh my khch no c chng nhn l hot ng
tt trn phn vng con ( nm trong danh sch h
iu hnh h tr) ca Hyper-V.
VMBus
Virtualization
Providers
Virtualization
Clients
[30]
Child Partion
Phn vng con l mt phn vng phn cng v mt logic ang chy mt h iu
hnh c lp trong mi trng Hyper-V .
Phn vng con l mt trong 3 khi nim chnh trong mi trng Hyper-V. Hai ci
cn li chnh l phn vng chnh (root partition) v phn vng cha (Parent
Partition). Tuy nhin l trc y k t phin bn Hyper-V version 1.0 phn
vng chnh v phn vng cha l tng ng khng cn s phn bit. Tt nhin l
ch c mt phn vng cha trn mt my vt l chy Hyper-V v s lng phn
vng con l ty thuc vo lng ti nguyn ang c v gn nh l khng gii hn.
Mi phn vng s hu ngun ti nguyn v b nh cng nh b x l c lp v
duy tr cc thng tin chnh sch v thit b s dng. Phn vng cha c ton quyn
truy cp b nh v thit b vt l mt cch trc tip , kch hot lp hypervisor.
Cng nh vic c trch nhim trong vic to v qun l cc phn vng con. Mi
phn vng con c th chy mt h iu hnh ring bit thng c gi l h iu
hnh my khch (Guest OS).
[31]
[32]
[33]
[34]
[35]
[36]
[37]
Gi tr cua ao hoa
[39]
4.3
[41]
[42]
[43]
hai u l nhng chng trnh m phng phn cng, nhng min ngn ng s
dng ca chng khc nhau.
4.3.2
o hoa Desktop:
[44]
[45]
[46]
[47]
nguyn phn cng m rng cho php chia s ti nguyn tt hn gia ng dng
v ngi dng, mt n ca v tr vt l v cu hnh ca c s d liu t chng
trnh truy vn, cng nh khi to in ton quy m rng hn.
4.3.7 o hoa mang:
o ha mng, sn phm ca o ha khng gian a ch mng trong hoc thng qua
mng con. Trong my tnh, o ha mng l qu trnh kt ni ti nguyn phn cng
v phn mm mng chc nng mng vo trong mt thc th n, qun tr da trn
phn mm, mt mng o. o ha mng bao hm o ha nn tng, thng kt ni
vi o ha ti nguyn.o ha mng c phn loi thnh external, kt ni nhiu
mng, hay nhiu phn ca cc mng, vo trong mt n v o ha, hoc l
internal, cung cp chc nng ging nh mng n nhng software container trn
mt h thng n. D l internal hay external u ph thuc vo s b sung cung
cp bi nh sn xut h tr cng ngh ny.o ha mng: l phng thc kt ni
cc ti nguyn sn c trong mng bng cch chia bng thng sn c ca mng
thnh cc knh, m trong mi knh ny c lp vi cc knh khc, v mi
knh ny c th c phn pht (hay phn pht li) ti mt server c th hay thit
b trong thi gian thc. tng l s o ha bin i s phc tp ca mng
bng cch tch n thnh tng phn c th qun l, cng ging nh phn vng a
cng th d qun l file hn.
4.3.8 o hoa Server:
o ha server l mt n ca nhng ti nguyn server, bao gm s lng v tnh
ng nht ca nhng server vt l ring bit, b x l v h iu hnh t ngi
dng server. Ngi qun tr server s dng phn mm ng dng chia mt
server vt l vo trong nhiu mi trng o c cch ly. Nhng mi trng o
ny i khi c gi l my ch ring o (VPS-virtual private servers) nhng
chng cng c bit n nh l khch, v d, containers hay emulations.C 3
hng tip cn o ha server ph bin: kiu my o, kiu my o song song v o
ha OS-level. My o da trn m hnh host/guest. Mi guest chy trn mt m
phng o ca lp phn cng. Hng tip cn ny cho php h iu hnh guest
chy m khng thay i. N cng cho php qun tr vin to ra cc guest s dng
nhng h iu hnh khc nhau. Guest khng c hiu bit v h iu hnh host bi
v n khng nhn thc c rng n khng chy trn mt phn cng thc. Tuy
nhin, n yu cu ti nguyn my tnh thc t host - v th n s dng mt
hypervisor phi hp cu lnh n CPU. Hypervisor gi l mt gim st my o
(VMM -virtual machine monitor). N hp thc ha mi vn cu lnh CPU ca
guest v qun l bt k code thc hin no yu cu b sung c quyn. C
VMware v Microsoft Virtual Server u s dng kiu my o. Kiu my o song
[48]
BO MT TRONG O HA
5.1
[49]
[50]
Nhng vn tn tai
[51]
Nhng lo ngi v mt v tn cng ny sinh sau khi xut hin phn mm gi Blue
Pill ca Joanna Rutkowska ti hi ngh Black Hat nm 2006. Tuy nhin, k t khi
, ngnh cng ngh thng tin pht trin cng vi s xut hin ca cc cng
ngh phn cng m bo s tch hp ca cc c s h tng, v d nh cng
ngh o ha Virtualization Technology ca Intel cho Directed I/O (thng c
bit n di tn gi VT-d). Rutkowska, nh sng lp v gim c iu hnh ca
Invisible Things Lab, mt hng nghin cu bo mt cng ngh thng tin cho
rng Ngy nay, hu cc cc b x l Core i5 v i7 ca Intel u c cc cng
ngh ny v cc nh cung cp phn mm o ha chuyn sang h tr nhng
tnh nng ny.
Rutkowska cng t cm thy nghi ng v vic liu s c ngi thc s s dng
cc rookit dng Blue Pill xm nhp cc my ch o. B cho rng: Nhng k
tn cng khng tht s c mc tiu s dng cc rookits tinh vi ny, c bit l v
cc cng ngh rootkit ni ting t nhng nm 90 vn hot ng kh tt trong vic
tn cng cc h iu hnh truyn thng.
Trussell cho bit: Mi ngi ang lo ngi v nhng vin cnh mang tnh l
thuyt hn l nhng vin cnh c thc s coi l cc vn cn tn ti.
Nhng s o ha cng mang theo nhng ri ro nu nh c s h tng o khng
tun th v tng thch vi cc chun mc thc hnh tt nht. Cc nh t vn v
vn bo mt cho bit hc va pht hin ra mt lot vn bo mt trn cc
trang web ca khch hng. Lovejoy ang nhn thy s tn ti cc phn mm gi
mo cc vn c lin quan gia cc trang web ny sinh do vic to dng khng
c hiu qu cc my o. B cho bit: Nhn chung, nhng my o ny s
cha phn mm gi mo hoc cha nhng li c th d dng b pht hin. iu
ny tng xy ra mt ln. gi y, cc my o ang c s dng trn lan v
to ra kh nhiu rc ri cho ngi s dng.
Mul ca RSA cho bit thm: Chng ti ang nhn thy c rt nhiu vn
cha c lm r. ng cho bit ng thng xuyn nhn thy cc chun mc
qun l lng lo i vi my o, cng nh tn ngi s dng v mt khu c th
d dng suy on trong cc chng trnh qun l cho php truy nhp hon ton
vo c s h tng. Thm vo , chng ti cng i khi nhn ra cc cng c
qun l thit b o nm sai v tr ca bc tng la.
S dng mt khu mc nh khi to mi cc my ch o l iu rt ph bin,
Harold Moss, CTO chin lc bo mt m my ca IBM Security Solutions cho
bit, v nhng ngi chu trch nhim qun tr cc my mi khng thng xuyn
[52]
[53]
[54]
[55]
trn phng php mi. iu my cng gip cc qun tr vin ng dng rng ri
phng php mi ny thc hin vic sao lu da trn my ch o, gip khc
phc c ton b nhc im da trn phng php truyn thng. T gip
doanh nghip tng cng bo v d liu mt cch hiu qu nht.
5.4
Fortinet
Phin bn o ha ca 4 thit b c thit k bo v lung d liu di chuyn gia
cc my o.
Fortinet cho bit cc thit b FortiGate, FortiManager, FortiAnalyzer v FortiMail
tng thch vi mi trng o ha VMware, gip m rng mc bo mt cng
nh kh nng qun tr v bo co lung d liu di chuyn gia cc my o.
FortiGate l thit b qun l bo mt hp nht (unified threat management - UTM)
c cc chc nng bo mt nh tng la, mng ring o VPN v bo v chng
xm nhp. Phn mm FortiGate c th trin khai trn cc my o VMware, vi
bn quyn cho 2, 4, 8 b x l CPU o ha.
Mt tnh nng khc trn thit b FortiGate l vng o ha (virtual domain), c kh
nng to vng qun tr v tng la ring bit ch trn mt thit b. Fortinet ni
rng Fortigate o ha cng h tr cc vng o ha.
FortiManager l nn tng dng qun tr cc thit b Fortinet; FortiAnalyzer l cng
c phn tch v bo co, v FortiMail l cng c qut bo mt cho email.
Hng cho bit cc sn phm khi chy trn my o cng c cc chc nng tng t
nh trn thit b vt l. Chng c th kim sot, bo co lung d liu di chuyn
gia cc my khch trn my lu tr (host machine).
Hin nay trn th trng c cc nh cung cp phn mm bo mt dng trn my o
ha gm Catbird, Reflex Systems, Check Point, Altor, Stonesoft, Vyatta v mt s
hng khc. Cisco s ra mt nn tng bo mt o ha trong thi gian sp ti.
FortiGate Virtual Appliance, bn 2 CPU c gi 9.995 la M (9.995 USD,
~190.000.000 ng), bn 4 CPU gi 14.995 la M (14.995 USD, ~285.000.000
ng), v bn 8 CPU c gi 29.995 la M (29.995 USD, ~570.000.000 ng).
FortiManager Virtual Appliance, giy php s dng cho 5.000 thit b/120.000
my khch FortiClient c gi 22.495 la M (22.495 USD, ~427.000.000 ng).
FortiAnalyzer Virtual Appliance s c mt trn th trng vo Qu 4 nm 2010, v
[56]
Giao din qun l duy nht cung cp cho mt s thng nht ca mi trng vt l
v o ha.
VPN-1 Power VSX
[57]
La chn trin khai linh hot bao gm mt phin bn phn mm duy nht,
cng nh mt dng thit b y tnh nng.
[58]