• No results found

Parallels Virtuozzo Containers

N/A
N/A
Protected

Academic year: 2021

Share "Parallels Virtuozzo Containers"

Copied!
20
0
0

Loading.... (view fulltext now)

Full text

(1)

White Paper

Parallels

®

Virtuozzo Containers

(2)

Table of Contents

Table of Contents ...2

Introduction ...3

Choosing the Right Hardware ...4

Planning a Networking Infrastructure ...5

Network Security ...6

Hardware Node ...6

Service Container ...6

Hosted Containers ...7

Installing Parallels Virtuozzo Containers ...8

Parallels Virtuozzo Containers for Linux ...8

The Host OS ...8

Installing the Parallels Virtuozzo Containers Software ...8

Parallels Virtuozzo Containers for Windows ...8

Installing Parallels Virtuozzo Containers ...9

Windows Host OS Security Considerations ...9

Windows Server 2003 Operating System Licensing ...9

Resource Management ...10

Memory ...10

CPU ...10

Disk Space ...10

Provisioning New Containers ...12

UpsellIng Hosting Plans ...12

Backups ...13

Patch Management ...14

Parallels Virtuozzo Containers for Linux ...14

Updating the Host OS ...14

Updating Parallels Virtuozzo Containers ...15

Updating the OS and Applications in a VPS ...15

Parallels Virtuozzo Containers for Windows ...16

The Host OS ...16

The Parallels Virtuozzo Containers Software ...17

Patching the Container ...17

Monitoring ...17

High Availability with SAN/iSCSI ...18

Parallels Power Panel ...19

(3)

Introduction

In today’s competitive hosting market, organizations must use their technical resources as efficiently as possible. Hardware and software resources must be optimized and cost-effective, management must be efficient and the end-user experience must be friendly and effective to reduce support issues. With its high density, easy-to-use interface and centralized server management capabilities, Parallels Virtuozzo Containers enables service providers to maximize their hardware and software resources, streamline IT management and reduce support issues. These benefits make Parallels Virtuozzo Containers the leading virtualization technology used by service providers to deliver end-user services and improve their internal infrastructure.

This document includes recommendations and best practices to help IT administrators make informed decisions about their upcoming Parallels Virtuozzo Containers deployment.

This document discusses Parallels Virtuozzo Containers efficient deployment for Hosting Service Providers who are launching virtual private server (VPS) hosting. This document is ideal for IT professionals who are planning hardware purchases, managing server and network infrastructures and responsible for the software deployments in the company. This document assumes that the reader has basic server knowledge or already owns Parallels Virtuozzo Containers. For more information about Parallels Virtuozzo Containers, please refer to the user’s guide and other supplied documentation. Although not discussed specifically in this document, Parallels Virtuozzo Containers should also be used for improving the delivery of shared hosting, software-as-a-service, and managed dedicated server offerings. The concepts for delivering these service offerings are similar to the ones discussed in this document, but may involve slightly different partitioning and best practices.

(4)

Choosing the Right Hardware

Hardware is very important for the overall strategy of any virtual server deployment because a significant number of containers will run on that hardware and any hardware failures may result in costly downtime. Choosing quality hardware is important to best avoid downtime, increase service levels and ensure business continuity.

The physical server’s hardware components should be balanced by performance. A powerful CPU will not bring higher overall performance if the underlying disk system does not have enough disk I/O bandwidth to write the information to the disk. Similarly, a system without sufficient memory will cause excessive “swapping” which will significantly decrease the overall performance of the system by wasting CPU and disk I/O resources.

Based on our observations in early 2008, we recommend dual way Quad Core processor servers with 12 to 16 GB of memory to provide the best performance for the price. When comparing server pricing from popular server hardware vendors, administrators can see that a scaled down scenario with, for example, a 1 CPU and 8 GB memory will increase the cost by more than 50% not only because the server is not much cheaper, but also because of additional management, floor space and power consumption costs. A scaled up system with 4 CPU and 32 GB of memory will cost more than 200% of the price and will need much more expensive storage systems to handle the load on the disk system.

System MSRP Pricing (March 2008)

1x CPU 2.5 GHz Intel QuadCore E5420 8 GB Memory (4x2 GB)

4x72 GB SAS Hard disk

HP: $5.004 USD (DL 360 G5) Dell: $5.921 USD (2950 III)

Recommended:

2x CPU 2.5 GHz Intel QuadCore E5420 16 GB Memory

4x72 GB SAS Harddisk

HP: $5.951 USD (DL 360 G5) Dell: $7.110 USD (2950 III)

4x CPU 2.4 GHz Intel QuadCore E7330 32 GB Memory

4x72 GB SAS Harddisk

HP: $19.933 USD (DL 580 G5) Dell: $19.784 USD (Rack 900)

Table 1 - Typical hardware prices for 1-, 2- and 4-way CPU servers

When choosing storage for the server, we recommend a RAID array to deliver the needed performance. A single disk I/O limitation will likely become a bottleneck when dozens of Virtuozzo containers will have disk activity simultaneously. Therefore, a stripe hardware RAID and disks with 10k RPM are highly recommended. Additional mirroring (RAID 10) will help to avoid massive data loss if the hardware corrupts or breaks down.

Parallels Virtuozzo Containers for Linux will install a custom kernel with the virtualization layer in it. Generally, hardware support in Parallels Virtuozzo Containers for Linux corresponds to the hardware support of Red Hat Enterprise Linux. However, to ensure hardware compatibility, administrators may want to additionally consult the Parallels Virtuozzo Containers for Linux Hardware Compatibility list (www.parallels.com/en/products/virtuozzo/hcl).

Parallels Virtuozzo Containers for Windows has no special hardware requirements and will run on each server compatible with Windows 2003 Server. Parallels recommends using systems certified by Microsoft™.

(5)

Planning a Networking Infrastructure

Each server should be connected to both the Internet and to the local management LAN using at least two (2) Network Interface Cards (NICs) with at least 1 GB/s. One NIC is required for the traffic of the customer VPS, and the second NIC is needed for managing the hardware node and the created containers.

The management network is responsible for migration of containers, backup traffic and management. This network should be configured as a separate private LAN with private IPs. For security reasons, review the set of services running on the host (like SSH, sendmail, etc). Administrators should minimize the set of services running and configure the necessary ones to listen on the private management LAN only. The hardware level of the node should be reachable only from the management LAN. More information on how to secure the node can be found in the Network Security chapter on page 6.

Figure 1 - Typical network architecture

Through the hardware node, the host operating system and the Parallels Virtuozzo Containers software itself, the VPS is connected to the network in a bridged or routed type of networking.

Bridged networking connects a container with a complete Layer 2 connection to the network. Although this enables almost any networking protocol to be used inside a container, it requires more configuration. With a routed network configuration, packets are routed between the host and container network interfaces via host system routing. Therefore, the container can only use IP routable traffic to the network and UDP broadcasts, for example, are not forwarded to the container.

Firewall PVCHOST1

PVCHOST2

PVCHOST3

PVCHOST4 Management Server

Monitoring Server

Central Backup Server

Staff

Customer

(6)

Mode Advantages Disadvantages

Routed • Highest performance (packets never copied)

S

• imple configuration process

M

• ac-addresses in containers not supported on Linux

O

• nly IP packets can be used

I

• mpossible to isolate cross-container traffic at the data link layer

N

• o DHCP support Bridged • Support of all dedicated server network features

R

• aw packet support

S

• upport of Mac -address dependent applications (such as load-balancers)

D

• HCP client and server support

L

• ower performance (higher overhead due to packet broadcasting) in certain cases

A

• dditional possible contingencies

Table 2 - Comparison of routed and bridged networking

Virtuozzo Containers are ideal for large scale hosting due to the low overhead and ability to perform live migrations. For this type of hosting application, where only IP based services are typically deployed, we recommend using routed networking to improve security.

To allow migration of containers between the same operating system platforms, all nodes running the same OS should be located in the same subnet in the management LAN. The containers running the same platform (Linux or Windows) should be located in one subnet in the public LAN.

NeTwoRk SeCuRITy

To ensure security of the hardware node, services and virtual containers, a firewall is needed to protect the Parallels Virtuozzo infrastructure. A central firewall should be installed between the Internet and the Parallels Virtuozzo server to ensure security for the running containers. This firewall should only allow traffic through the well-known ports described in the following sections.

HARDwARe NoDe

Block all incoming connections, especially on external networks

For outgoing connections, leave the following ports open:

Port 80: needed for EZ templates to connect to the external repositories to create templates

cache

Port 21: needed for Debian EZ templates to connect to the Debian repository to create

templates cache

Port 443: needed to connect to vzup2date server vzup2date.swsoft.com

Port 5224: needed to connect to Parallels Key Administrator to update the Parallels

Virtuozzo license

SeRVICe CoNTAINeR

Incoming connections:

Port 22 (open): open from the nodes in the same cluster and from the management LAN

Ports 25, 110, 90 (open): open from everywhere: Service VE takes the IP address of a

container, which is down for backing up or migration and displays a nice maintenance message

Ports 4643, 8443 (open): from everywhere: VZPP and Plesk ports

Port 4646 (open): Port of VZagent SOAP interface; open it for selected hosts it will be used

(7)

Outgoing connections:

Port 22 (open): for connecting to other nodes in the management group

HoSTeD CoNTAINeRS

The following is a list of typical ports that may be used by different services running in a container. The exact list of the ports open for incoming and outgoing connection depends on the services running in the containers.

Ports 20, 21: FTP (File Transfer for upload/download of files to the server)

Port 22: SSH

Port 25: SMPT (Mail out server)

Port 53: DNS

Port 80: HTTP

Port 106: popassd (for local host only)

Port 110: POP (Incoming mail server)

Port 113: auth

Port 143: IMAP

Port 443: HTTPS

Port 465: SMTPS

Port 990: FTPS

Port 993: IMAPs

Port 995: POP3S

Port 3306: MYSQL

Port 4643: Parallels Power Panel

Port 5432: POSTGRES

Port 8443: plesk-https

Port: 9080 tomcat

Port 5224: plesk-license-update (outgoing only)

(8)

Installing Parallels Virtuozzo Containers

PARALLeLS VIRTuoZZo CoNTAINeRS FoR LINuX

The Host oS

Parallels Virtuozzo Containers installs on top of an existing operating system, which should be pre-installed on the server. Parallels recommends an operating system that has a long support range by its vendor. An Enterprise Distribution of Red Hat for example (Red Hat Enterprise Linux – www.redhat. com ). Alternatively free Linux distributions can be chosen. In this case Cent OS (www.centos.org ) is the recommended Linux distribution. A complete list of supported Linux distributions can be found at www.parallels.com/en/products/virtuozzo/specs/linux.

Other Linux distributions that are not supported as a host OS may be used as guest OS. For a smooth installation of Parallels Virtuozzo Containers for Linux, be sure that the system is partitioned properly.

Partition Recommended Size Description

SWAP Two times the memory size The paging partition for the Linux OS.

/ (Root) 10-15 GB The root partition containing all Hardware Node operating system and Virtuozzo Containers software files.

/vz All available space on Raid partition

(ext3, 4096 block, one block per inode) The partition to host Virtuozzo Containers templates and all container data. Allocating as much disk space as possible to this partition is recommended.

I/O performance requirements are highest for this partition Table 3 – Parallels Virtuozzo Containers for Linux partitioning

Installing the Parallels Virtuozzo Containers Software

After installing the host operating system, administrators must run the Parallels Virtuozzo installer script install from the mounted distribution media, which can be downloaded from www.parallels.com/en/ download/virtuozzo4. The graphical installer guides administrators through the installation process. Additionally, an unattended installation method is available and can be initiated by starting the installer program with the corresponding parameters.

For more information about the installation process, see the Parallels Virtuozzo Containers Installation Guide, which is found in the distribution media or at

http://download.parallels.com/virtuozzo/virtuozzo4.0/docs/en/lin/VzLinuxInstallation.pdf.

PARALLeLS VIRTuoZZo CoNTAINeRS FoR wINDowS

In a Microsoft Windows Server environment, we recommend using the x64 Edition of Windows 2003 Server Standard or Enterprise Edition with SP2 installed. The x64 edition of Microsoft Server 2003 has a better overall performance compared to the 32-bit release and allows a higher density of containers per physical server.

Parallels Virtuozzo Containers has certain requirements regarding Windows patch level. Be sure that no unapproved Microsoft hotfixes are installed before installing Parallels Virtuozzo on a server. An up-to-date list of approved and unapproved patches is available at

(9)

Installing Parallels Virtuozzo Containers

Parallels Virtuozzo Containers for Windows can be downloaded from

www.parallels.com/en/download/virtuozzo4. Be sure to select proper edition for download.

No special partitioning is needed on a Windows host to install Parallels Virtuozzo Containers. However, creating a separate partition for the operating system and a separate partition for the Parallels Virtuozzo Containers data folder on the RAID system is recommended.

Partition Recommended Size Description

C: (Root) 15-20 GB The root partition containing all hardware node OS and Parallels Virtuozzo Containers program software files.

D:

Any free drive letter can be chosen All available space on Raid partition (NTFS formatted) The partition to host Virtuozzo Containers templates and all container data. Allocating as much disk space as possible to this partition is recommended.

I/O performance requirements are highest for this partition; RAID10 array is recommended for performance and data redundancy reasons.

Table 4 -Typical Parallels Virtuozzo Containers for Windows partitioning

Installing Parallels Virtuozzo Containers for Windows can be done through Parallels Management Console, the included graphical GUI management tool, by launching the virtuozzo4.0_x64.exe file. For an easy installation, Parallels Virtuozzo Containers supports an unattended installation mode via the virtuozzo4.0_x64.exe file with the proper parameters.

In general, no other applications should be installed on the host OS level on the hardware node. Exceptions include:

Antivirus Software (the list of supported anti virus tools can be found at http://kb.swsoft.com/

en/2226 )

3rd Party Backup Software to backup the host system itself (optional because Parallels

Virtuozzo Containers has its own backup system)

For more information about the installation process, see the Parallels Virtuozzo Containers Installation Guide, which is found in the distribution media or at

http://download.parallels.com/virtuozzo/virtuozzo4.0/docs/en/win/VzWindowsInstallation.pdf.

windows Host oS Security Considerations

To ensure security of the host, the OS on the hardware should be hardened. The “Administrator” account should be renamed and the “Guest” account should be disabled or renamed. The user password should have a minimum length of eight (8) characters and should consist of alphanumerical and numerical

(10)

ReSouRCe MANAgeMeNT

Parallels Virtuozzo Containers Resource Management controls the amount of resources available to containers. The controlled resources include CPU power, disk space and a set of memory-related parameters. All resources for a container can be preconfigured in a sample configuration file, which reflects the hosting plan offered to Parallels customers.

Proper resource configuration for a Parallels Virtuozzo Containers server is essential. An incorrect configuration may lead to poor overall system performance which will result in negative user experiences and produce a high number of support issues.

Memory

In Parallels Virtuozzo Containers for Linux, the Virtuozzo Service Level Management (SLM) controls the amount of physical memory available to a container and offers easy, effective configuration. The parameters can be set in the sample configuration template which is used when creating a new container or the command line interface can be used to set the proper values for an already created container.

Hint: Customers who purchase Parallels System Automation or Parallels Business Automation Standard can easily configure and assign multiple service plans and configurations using the graphical user interface provided by these products.

The new memory limit is set on the fly, and no reboot of the container is needed. For more information on the resource management see the Parallels Virtuozzo Containers for Linux User Guide.

Parallels Virtuozzo Containers for Windows allows administrators to directly set the memory for applications inside the container. Shared and memory mapped files are not included in this value. The container uses the central swap file on the host level and has no own swap file running internally.

CPu

The CPU performance is configured in CPU units. The default value for a container is 1000. When plan-ning and setting up the CPU resources for a container, the difference between the values should be in balance (1000/2000/4000 are reasonable) and significant differences should be avoided. Otherwise, slow containers may slow down the entire system by not being able to free system-wide locks (like file system journal) quickly enough. Additionally, it is possible to set the number of CPUs available to a container. The default value allows the VPS to use as many CPUs as installed in the system (a 2 processor system with 4 cores on each CPU has 8 CPUs in total). Limiting the number of CPUs per container to one, two or four may improve overall system performance because it simplifies the scheduling for the OS. Additionally, the VPS owner’s experience may be improved because runaway tasks in other containers are isolated so they cannot consume processing power across the entire server. Additionally it is pos-sible to set a guaranteed CPU value in percentage. This allows to assign a minimum overall percentage of CPU usage which is exclusively reserved for a dedicated container.

Disk Space

Because most web hosting customers will not use all the disk space assigned to their VPS offering, pro-viders may elect to oversell up to 30-50% of the disk space on the server. Disk space can be assigned to a Containerby pre-setting the value in the sample configuration, which is used to create the container. When the container is up and running administrators can change the disk space on the fly by using the Parallels management tools or the command line interface.

(11)

Hosting Plan offer QoS Parameters

Silver CPU Power: XXX1 MHz guaranteed, X*1 GHz burstable

Guaranteed memory: 128 MB Max memory: 256 MB Disk space: 5 GB One CPU

CPU units: 1000 slmmemorylimit: 256 MB Disk space: 5242880 (in KB) One CPU

Gold CPU Power: 2*XXX MHz guaranteed, X*2 GHz burstable Guaranteed memory: 256 MB

Max memory: 512 MB Disk space: 10 GB Two CPUs

CPU units: 2000 slmmemorylimit: 512 MB Disk space: 10485760 (in KB) Two CPUs

Platinum CPU Power: 4*XXX MHz guaranteed, X*4 GHz burstable Guaranteed memory: 512 MB

Max memory: 1024 MB Disk space: 30 GB Four CPUs

CPU units: 4000

slmmemorylimit: 1024 MB Disk space: 20971520 (in KB) Four CPUs

Table 5 - Examples of VPS for Linux offerings

For more information on the resource management, see the Parallels Virtuozzo Containers for Linux User Guide.

Hosting Plan offer QoS Parameters

Silver CPU Power: XXX MHz guaranteed, X GHz burstable Guaranteed memory: 128MB

Max memory: 256 MB Disk space: 5 GB One CPU

CPU guarantee: not limited CPU limit: not limited CPU units: 2000 Memory: 512 MB

Disk space: 10485760 (in KB) Number of processes: 80 Number of TS sessions: 2 Two CPUs

Gold CPU Power: 2*XXX MHz guaranteed, X*2 GHz burstable Guaranteed memory: 256 MB

Max memory: 512 MB Disk space e: 10 GB Two CPUs

CPU guarantee: not limited CPU limit: not limited CPU units: 2000 Memory: 512 MB

Disk space: 10485760 (in KB) Number of processes: 80 Number of TS sessions: 2 Two CPUs

Platinum CPU Power: 4*XXX MHz guaranteed, X*4 GHz burstable Guaranteed memory: 512 MB

Max memory: 1024 MB Disk space: 30 GB Four CPUs

CPU guarantee: not limited CPU limit: not limited CPU units: 4000 Memory: 1024 MB

Disk space: 20971520 (in KB) Number of processes: 80 Number of TS sessions: 2 Four CPUs

(12)

Provisioning New Containers

Parallels provides several automation solutions (www.parallels.com/en/products/am) which allow easy provisioning and management of containers and other operational services. For administrators who want to provision services with their existing tools, Parallels Virtuozzo Containers provides a complete API (SOAP, XML-RPC) or command line scripting interface.

Accessible functions are documented in the Parallels Virtuozzo Containers API documentation, which can be downloaded at www.parallels.com/en/products/virtuozzo4/docs. Also see the command line Reference Guide, which is available at www.parallels.com/en/products/virtuozzo4/docs, to find out which commands are available and how to use them.

Hosting plans and container configurations should be created by using the sample container

configurations, which allow service providers to create a template that can be reused each time a new container is created.

Before creating containers on a hardware node, the provisioning software must verify that the server can handle the additional load. In general, verify that the following main resources are available:

Memory - Memory is often overcommitted. Therefore, verify the real memory usage and sum up

the memory configured for the containers.

Disk - For provisioning new containers and to let existing containers to grow when needed,

at least 20-30% of the disc space should be available on the /vz partition.

Disk I/O - The number of processes waiting for I/O can be seen via the vmstat command.

CPU - The average utilization should not exceed 70%.

uPSeLLINg HoSTINg PLANS

Parallels Virtuozzo Containers makes it easy for your customers to upgrade their current service plan to a plan with more container resources using the API. To do this, you will need to configure at least two container configurations so that a new sample configuration can be applied to the container when ordered by the customers. The changes will immediately take affect without downtime.

Hint: Parallels Automation software provides control panels which allow clients to go online to request and pay for an upgrade which will be automatically provisioned.

(13)

Backups

Containers should be backed up regularly to avoid data loss. Parallels Virtuozzo Containers provides a full featured backup functionality and central management of the backup/restore configuration and tasks via the Parallels Infrastructure Manager. VPS owners are able to access the latest backups and can create their own backups via the Parallels Power Panel.

The backups should be stored on a central backup server. This can be done by configuring a central backup server or by mounting a NFS/samba share to each of the hosts.

Figure 2 - Mount points from file server on PVC nodes

Alternatively, a Parallels Virtuozzo server can be configured as the central backup server for the Parallels Virtuozzo Containers for Linux and the Parallels Virtuozzo Containers for Windows backups.

With this configuration, no additional drives must be mounted to the hosts.

PVC Node 1

/vz

/vz/backups

PVC Node 2

/vz

/vz/backups

PVC Node n

/vz

/vz/backups

File server

Share: pvcbackup

PVC Backup Node

/vz

/vz/backups

PVC Node 1

/vz

/vz/backups

PVC Node 2

/vz

(14)

Administrators can create a full backup of all containers running on the node by using the vzabackup utility from the command line of the backup node. The vzabackup tool is able to backup all nodes in the infrastructure.

This command creates a full (-F) backup of all containers on the nodes pvcserver01.local.network. com and pvcserver02.local.network.com. The “--force” option prevents the backup task being from stopped on failures on single VCs. The “--storage” option allows setting a central backup node to store the backups on. If the “--storage” option is not available, the backup is initiated but stored in the default location configured on each separate node. By issuing the vzabackup via a task scheduler such as cron on the central backup server, administrators can automate backups.

When using mounted drives from a central share or NAS, administrators must configure this mounted directory on each node as the default location for the local backups. The default location on Parallels Virtuozzo for Linux is /vz/backups. On a Parallels Virtuozzo for Windows system, backups can be found in the Parallels Virtuozzo data folder in the subfolder backup (example: X:/vz/backups).

The location can be changed by using the Parallels Virtuozzo Management Console, which is installed on the hardware node. The local backup location can be changed via the Parallels Management Console. Right-click on the local server and go to Backup -> Default Location to change the default location of the backup.

Backups should run regularly on all days and rotate in regular intervals every several weeks: Full backup every Saturday at 1 a.m.

Incremental backup every Monday, Tuesday, Wednesday, Thursday and Friday at 1 a.m.

Backup rotation, which would keep 3 to 5 weekly backup chains

For more information on how to use vzbackup via the command line or GUI tools, see the Parallels Virtuozzo Containers User Guide. For more information on initiating the backup via the API, see the Parallels Virtuozzo Containers Programmers Guide.

Patch Management

To ensure system stability and security, it is highly recommended that administrators regularly update the host OS, the Parallels Virtuozzo Containers software and the software inside the containers.

PARALLeLS VIRTuoZZo CoNTAINeRS FoR LINuX

updating the Host oS

Parallels Virtuozzo Containers for Linux allows administrators to use the standard package management tools such as yum to keep the host OS up-to-date. The Parallels Virtuozzo kernel running on the hardware node is updated via the Parallels Virtuozzo software update utility vzup2date.

To reduce bandwidth to/from the Internet and to increase service availability, we recommend that administrators set up a local patch server that acts as a local repository for both host and containers patching.

# vzabackup -F --force --storage 1.2.3.4 pvcserver01.local.network.com pvcserver02.local.network.com

(15)

Figure 4 - Repository configuration for central local repository

updating Parallels Virtuozzo Containers

Parallels Virtuozzo Containers patches are announced via email to all subscribed customers using the email address provided to Parallels with the order. Additional people can be added by contacting the Parallels Sales person or via partnermarketing@parallels.com. The email is sent out shortly after the patches are available on the download servers and provides information on the issues fixed with the update.

Parallels Virtuozzo Containers for Linux can be kept updated by using the Parallels Infrastructure Manager (PIM) or via the command line utility vzup2date. PIM allows easy mass updates of the PVC servers in the infrastructure. The web based PIM and the command line tool can connect to the Parallels update server on the Internet or to a local repository to download the Parallels Virtuozzo patches.

updating the oS and Applications in a VPS

The Linux distribution used inside a VPS is based on an OS template. The binaries of these templates are stored in a local repository on the hardware node and are linked to the container. We recommend using EZ templates for Parallels Virtuozzo Containers for Linux to simplify the process of updating the operating system inside each container.

Linux users can install their own update RPMs in their containers. However, Parallels recommends using the provided update tools to install the patches for the templates deployed into the containers.

EZ templates are designed to make resolving application dependences as automated as possible.

Fedora Core Repository Cent OS Repository

Provider Repository

PVCNODE1

(16)

Dependencies are resolved on a per container basis, which allows users to have unique sets

of packages in each container.

Container upgrades are as easy as running a single command:

Although any container can use completely independent sets of packages, any identical files

in different containers will be automatically shared on both disk and memory.

EZ templates use standard package repositories based on yum (for RPM based distributions) and apt (Debian) Linux utilities. However, having available and consistent package repositories is much more important for EZ template management than for dedicated servers. Because Virtuozzo containers rely on the packages in the template area, unavailability of package repositories may prevent container migration, restoring from backup, etc. Administrators are therefore recommended to:

Maintain their own local repositories rather than rely on third parties

Include these repositories in the disaster recovery plan

Never delete files from the local repositories - even if remote repositories do so - unless they are

100% sure that corresponding Linux distributions are not used by any of other containers, either running or even stored in backup.

EZ templates allow administrators to use the original OS vendor’s packages and to receive the

updated RPM packages from a central repository right after their release. To keep the container’s Linux distribution up-to-date, the local repository must be regularly updated from the upstream repository. Since the repositories are managed by the OS vendor and not by Parallels it is recommended to sign up for email notifications which are send out by the vendor when the repositories are updated.

It is recommended that administrators create a local repository on a central server in the local infrastructure. This repository should be kept up-to-date and old packages should remain in that repository because they might be needed by a container which requires a older version of the software. When migrating or restoring containers from the backup, Parallels Virtuozzo may automatically download required packages to the template area on the destination server. Missing packages may lead to failed migrations or restoring of the container.

For more information on keeping a Parallels Virtuozzo for Linux system up-to-date, see the Parallels Virtuozzo Containers for Linux User Guide.

PARALLeLS VIRTuoZZo CoNTAINeRS FoR wINDowS

The Host oS

The Microsoft Windows Update Service can be used for a Microsoft Windows system. Parallels tests all Microsoft OS patches against Parallels Virtuozzo and makes them available on a central WSUS server on the Internet. During the installation of Parallels Virtuozzo Containers for Windows, the default WSUS source server is changed to vzwinupdate.swsoft.com to download just the Parallels-tested and approved patches2 .

2 This update server only delivers approval policy on Windows updates for PVC servers. The updates bits are still downloaded from the Microsoft Windows update server.

# vzpkg update 101 ...

Running Transaction

Updating : hwdata ###################### [1/2] Cleanup : hwdata ###################### [2/2] Updated: hwdata.noarch 0:1.0-3.swsoft

Complete! Updated:

(17)

A central patch server allows administrators to save Internet bandwidth by downloading operating system and Parallels Virtuozzo patches to one central server only. All Parallels Virtuozzo for Windows servers can download patches from this central server instead of from the Internet. A WSUS installation on a dedicated server is recommended for central deployment of Microsoft OS patches. When using a central WSUS server, configure the WSUS server to get the patches from the central Parallels Virtuozzo Containers for Windows WSUS server vzwinupdate.swsoft.com.

The Parallels Virtuozzo Containers Software

On a Microsoft Windows Server system, the Parallels Virtuozzo Containers Update Manager helps keep the system up-to-date. The Parallels Virtuozzo Update Manager connects to the server on the Internet and downloads the available Parallels Virtuozzo patches. The installed Parallels Virtuozzo patches will ensure system compatibility with the newest Microsoft OS patches by updating the KSAL DB – Kernel Service Abstraction Layer Database. This database is responsible for the OS patches downloadable from the Internal or external WUS server. If Parallels Virtuozzo detects a non-supported Microsoft patch, the Parallels Virtuozzo service will not start. The download and installation of the Parallels Virtuozzo patches can be automated by configuring the Virtuozzo Update Service via the Parallels Management Console. A list of approved Microsoft patches can be found at www.parallels.com/en/products/virtuozzo/updates. To provide a central server for Parallels Virtuozzo itself, a Virtuozzo Update Service (VUS) server must be set up. The VUS software must be installed on the same server on which the Windows Software Update Service is installed by running the vusinstall.exe, which is located in the Parallels Virtuozzo for Windows media distribution. After installing the service, use the installed VUS manager to synchronize the local VUS with the central Parallels Virtuozzo Containers Update Center.

For more information on compatible patches, see the Parallels Virtuozzo Containers User Guide.

Patching the Container

A Parallels Virtuozzo for Windows system does not allow users to install OS patches inside the VPS manually. Therefore, the provider must take responsibility for the patch management of the containers.

Microsoft OS patches installed on the hardware node are automatically distributed to containers. Because most Windows updates require a reboot, a maintenance window must be planned to reboot the node (reboot of individual containers is not required).

Monitoring

Parallels Virtuozzo Containers provides the option to use SNMP to monitor a Parallels Virtuozzo infrastructure. The provided SNMP monitoring plug-in allows administrators to integrate Parallels Virtuozzo system services monitoring into a central monitoring system. Parallels Virtuozzo installs the SNMP support by default.

(18)

High Availability with SAN/iSCSI

Parallels Virtuozzo Containers 4.0 introduces high availability support for Linux and Windows

environments. In the event of a hardware/software failure, the containers that ran on the broken host will be automatically restarted on a standby host, which greatly improves service levels.

Figure 5 - PVC Cluster architecture

Parallels Virtuozzo for Linux uses the Red Hat Clustering Suite, which is shipped with RHEL version 5, to achieve the high availability of containers running on the hardware nodes. Parallels Virtuozzo for Windows uses either the Microsoft Clustering Service or Microsoft Network Load Balancing to achieve high availability.

For both Linux and Windows, the /vz directory must be available on the SAN and available to all servers in the cluster. One standby server can act as a failover server for multiple hardware nodes. Microsoft Windows allows seven active servers and one passive in one cluster group.

Details on how to set up a clustered VPS service offering are available at: PVC for Linux:

http://download.parallels.com/virtuozzo/virtuozzo4.0/docs/en/lin/VzLinuxClustering.pdf

PVC for Windows:

http://download.parallels.com/virtuozzo/virtuozzo4.0/docs/en/win/VzWindowsClustering.pdf VE 1

VE 2

VE 3 VE 4

VE 5

VE 6 VE 7

VE 8

VE 9

Client 3 Client 2 Client 1

(19)

Parallels Power Panel

Parallels Power Panel is a web-based self management interface for the container owners. It allows a root (Linux) or Administrator (Windows) user to connect via IP/hostname and the port 4643 (https://yourdomain:4643) to the VPS when the container is in started or stopped mode. Parallels Power Panel allows container administrators to:

Start, stop or restart the container

Repair the container

Reinstall the container

Back up and restore the container

Change the container root password

Start, stop or restart certain services inside the container

Access other control panels installed in the container

View a list of container processes and send them signals

View the current resource consumption and resource over usage alerts

View the Parallels Virtuozzo logs

(20)

Administrators can access the Parallels Power Panel via an IP/port redirect on the host level of the hardware node to a web server running in the service container running on each host. A web server running inside the service container provides access to the power panel.

The feature set of the tool integrates basic functionality such as starting and stopping a container, backing up and restoring a container and service management. The feature set can be configured via an XML file, and the design and branding can be changed by using already designed templates or templates created by the provider. To enable access to the Power Panel, “Offline Management” must be switched on for the container. To reduce support efforts and costs, enabling the Power Panel for all container owners is recommended.

Conclusion

Parallels Virtuozzo Containers delivers a hosting solution with low overhead, efficient updates, and easy-to-use management tools. This allows service providers to launch compelling services to increase revenue opportunities and streamline IT management to reduce support costs.

This paper covered several practices to help service providers get the most out of their Parallels Virtuozzo Deployment including hardware selection, network configuration, resource management, patch management, monitoring, backups, and high availability configurations.

More details about Virtuozzo can be located in the Parallels Virtuozzo Containers User Guides which are located on the Parallels website (http://www.parallels.com/virtuozzo/docs/).

Figure

Table 1 - Typical hardware prices for 1-, 2- and 4-way CPU servers
Figure 1 - Typical network architecture
Table 2 - Comparison of routed and bridged networking
Table 3 – Parallels Virtuozzo Containers for Linux partitioning Installing the Parallels Virtuozzo Containers Software
+6

References

Related documents

Any physical server that will be managed via PVA should have a virtualization technology installed: Parallels Virtuozzo Containers software for Linux or Windows, Parallels

• Parallels Virtual Automation is a web-based tool for managing Hardware Nodes (servers where the Parallels Virtuozzo Containers software is installed) and Containers.. •

The following example describes the process of upgrading a system with Parallels Virtuozzo Containers for Linux 4.7 to Parallels Cloud Server 6.0 using a DVD:. 1 Configure

The PVA Management Server component can be used to manage servers running Parallels Virtuozzo Containers for Linux 4.0, 4.6 and 4.7, Parallels Virtuozzo Containers for Windows 4.6,

Server consolidations have long been a source for great cost reductions, and using Parallels Virtuozzo Containers results in a much lower total cost of ownership than

To scale an existing configuration using Parallels Management Console, do the following: 1 Select the Container Samples item under the corresponding Hardware Node name. 2

Now you need only one Virtuozzo Server license to be installed on the Hardware Node to start managing it by means of Parallels Infrastructure Manager, Parallels Power Panel,

Note: The Service Container is a special Container running the Parallels Agent software responsible for managing all the Containers of the given Hardware Node via Parallels tools