Red Hat builds gutsy, green virtualization machine
RHEL6 isn't revolutionary. But it does a nice job of advancing ideas that first appeared in other releases. For example, Security Enhanced Linux (SELinux), a security-focused subset of Linux, offers partitioning of resources so that user processes can't hijack kernel root-privileged processes.
RHEL6 takes SELinux and adds sandboxing policies that allow sysadmins or processes to further isolate sessions or applications. Policy controls also allow admins to confine session or resource access as well.
We were heartened by these extensions, as they're needed tools to isolate both users and processes from destabilizing busy servers.
And while Novell's SUSE Linux 11 first championed a production release of the Linux tickless kernel in a corporate distribution of Linux, Red Hat goes further toward kernel-based power management.
A tickless kernel doesn't interrupt the processor every thousandth of a second, waking it up from power saving states. This feature has been available in Linux for a while, but not often implemented because there are some applications that applications are built with that need a System Tick timer clock.
The powertop application in RHEL6 is used to actively command and monitor power usage in great detail. Applications can be tuned to spoof needless tick-based interruptions to the CPU without reducing functionality of the application. These noisy applications become quieter, and the CPU sleep states can become longer with tuning. When the CPU sleeps, it uses far less power.
Control groups, first seen in SLES 11, are also implemented in RHEL6. The cgroups allow tasks to be grouped together as an object, in terms of their accessibility to system resources. Tasks and cgroups can be confined in terms of CPU strokes (and which CPU), memory allocation, network I/O, storage, or access to the system scheduler.
Red Hat also added Aggressive Link Power Management that works (for now) only on SATA host bus adapters/controllers to jump to a low power state when there's no pending disk I/O. Coupled with aggressive use of powertop, an administrator has the ability to assert more active control over server/instance power consumption.
In an ideal future world, applications would set their use based on configuration information, but there are no real standards for this today, so administrators are left to tune application instances for power consumption.
Samba 4.0 inside
Directory service and authentication is enhanced through a new edition of Samba, open source software that provides file and print services for Windows clients. Samba 4.0 contains support for Active Directory trust relationships that work with Windows 2008 R2 Editions.
Samba 4.0 features additional support for IPv6 and connects to a System Security Services Daemon in RHEL6 that allows centralized access to different identity/authentication services, such as linking LDAP with Kerberos, Active Directory, and so on.
Products like Synchronicity and Microsoft acquisition Zoomit have provided similar directory/authentication mapping services, but RHEL6 is the first to put this into the kit.
Installation has become more sophisticated. We installed RHEL6 onto VMware ESXi, which had a configuration wrapper available to deal with RHEL6 specifics before RHEL6 was released.
The installation GUI also has detailed specs to install storage devices. If you want your server to use iSCSI or Fibre Channel over Ethernet, you get device and method-specific help and the same is provided for detected storage-area network (SAN) devices or firmware-based RAID drives.
RHEL6 also takes advantage of multi-queue networking. While we were unable to test this, we find its inclusion encouraging, as it gives administrators the capability to assign core-specific I/O tasks at a low-level, meaning that traffic doesn't have to go up and down an application stack to get CPU boosts.
Support for kernel-based KVM hypervisor virtualization is native (as it is on Ubuntu Server) and supports up to 64 virtual CPUs on virtualization-enhanced AMD and Intel server platforms.
CPU drivers (actually extensions) are available to put into virtual machines running atop KVM to enhance the virtual machine's ability to support updated CPU instruction sets.
Like paravirtualization, which makes generic socket connections to network and storage devices, CPU extensions allow applications written with advanced libraries (and their instruction sets) to skip the step of interpretation when the hypervisor must deal with complex VM instance states. The result ought to be higher efficiency between hypervisor host and VM.
We examined how RHEL6 plays into cloud platforms and came to several conclusions. (See how we conducted our test.)
1. Where a server is the host to user environments, RHEL6's SELinux controls, coupled with advanced Control Group use, permits a user and session resource partitioning profile that places a number of walls and limitations around users/tasks. As a user/process host, it passes nicely.
2. Where RHEL6 becomes a host for the random/sporadic traffic associated with private cloud virtual machines, RHEL6 is poised towards virtual machine life-cycling.
But it has no inherent applications that spin up instances the way an enlightened civilian might like, and so private cloud management tools are needed.
3. Using RHEL6 in the public cloud ought to be simpler, as RHEL6 can play with its KVM use and ability to confine instances with SELinux and cgroups.
4. We found KVM simpler to install and support than XenServer 5.6 (the latest version), but it's ultimately not as full-featured as XenServer.
5. RHEL6 plays now on ESXi and therefore VMware's vCloud. RedHat includes a new tool, virt-v2v which allows importation of Xen, ESX, or other KVM virtual machines. Unfortunately, it can't be done live—just from disk images.
Red Hat 6 is a maturation of concepts found in prior editions, but with a decided emphasis on directory services integration and security components. It's neither radical nor destabilizing, but it does put Red Hat at the forefront of sponsoring the KVM hypervisor infrastructure. While there are pockets of excitement, there are many smaller components that have been revised to give Red Hat 6 an incremental feel, and one we think is solid.
Henderson is principal researcher and Allen is a researcher for ExtremeLabs in Indianapolis. They can be reached at email@example.com.
Read more about software in Network World's Software section.