White Paper
Parallels
®
Virtuozzo Containers
Table of Contents
Table of Contents ...2
Introduction ...3
Choosing the Right Hardware ...4
Planning a Networking Infrastructure ...5
Network Security ...6
Hardware Node ...6
Service Container ...6
Hosted Containers ...7
Installing Parallels Virtuozzo Containers ...8
Parallels Virtuozzo Containers for Linux ...8
The Host OS ...8
Installing the Parallels Virtuozzo Containers Software ...8
Parallels Virtuozzo Containers for Windows ...8
Installing Parallels Virtuozzo Containers ...9
Windows Host OS Security Considerations ...9
Windows Server 2003 Operating System Licensing ...9
Resource Management ...10
Memory ...10
CPU ...10
Disk Space ...10
Provisioning New Containers ...12
UpsellIng Hosting Plans ...12
Backups ...13
Patch Management ...14
Parallels Virtuozzo Containers for Linux ...14
Updating the Host OS ...14
Updating Parallels Virtuozzo Containers ...15
Updating the OS and Applications in a VPS ...15
Parallels Virtuozzo Containers for Windows ...16
The Host OS ...16
The Parallels Virtuozzo Containers Software ...17
Patching the Container ...17
Monitoring ...17
High Availability with SAN/iSCSI ...18
Parallels Power Panel ...19
Introduction
In today’s competitive hosting market, organizations must use their technical resources as efficiently as possible. Hardware and software resources must be optimized and cost-effective, management must be efficient and the end-user experience must be friendly and effective to reduce support issues. With its high density, easy-to-use interface and centralized server management capabilities, Parallels Virtuozzo Containers enables service providers to maximize their hardware and software resources, streamline IT management and reduce support issues. These benefits make Parallels Virtuozzo Containers the leading virtualization technology used by service providers to deliver end-user services and improve their internal infrastructure.
This document includes recommendations and best practices to help IT administrators make informed decisions about their upcoming Parallels Virtuozzo Containers deployment.
This document discusses Parallels Virtuozzo Containers efficient deployment for Hosting Service Providers who are launching virtual private server (VPS) hosting. This document is ideal for IT professionals who are planning hardware purchases, managing server and network infrastructures and responsible for the software deployments in the company. This document assumes that the reader has basic server knowledge or already owns Parallels Virtuozzo Containers. For more information about Parallels Virtuozzo Containers, please refer to the user’s guide and other supplied documentation. Although not discussed specifically in this document, Parallels Virtuozzo Containers should also be used for improving the delivery of shared hosting, software-as-a-service, and managed dedicated server offerings. The concepts for delivering these service offerings are similar to the ones discussed in this document, but may involve slightly different partitioning and best practices.
Choosing the Right Hardware
Hardware is very important for the overall strategy of any virtual server deployment because a significant number of containers will run on that hardware and any hardware failures may result in costly downtime. Choosing quality hardware is important to best avoid downtime, increase service levels and ensure business continuity.
The physical server’s hardware components should be balanced by performance. A powerful CPU will not bring higher overall performance if the underlying disk system does not have enough disk I/O bandwidth to write the information to the disk. Similarly, a system without sufficient memory will cause excessive “swapping” which will significantly decrease the overall performance of the system by wasting CPU and disk I/O resources.
Based on our observations in early 2008, we recommend dual way Quad Core processor servers with 12 to 16 GB of memory to provide the best performance for the price. When comparing server pricing from popular server hardware vendors, administrators can see that a scaled down scenario with, for example, a 1 CPU and 8 GB memory will increase the cost by more than 50% not only because the server is not much cheaper, but also because of additional management, floor space and power consumption costs. A scaled up system with 4 CPU and 32 GB of memory will cost more than 200% of the price and will need much more expensive storage systems to handle the load on the disk system.
System MSRP Pricing (March 2008)
1x CPU 2.5 GHz Intel QuadCore E5420 8 GB Memory (4x2 GB)
4x72 GB SAS Hard disk
HP: $5.004 USD (DL 360 G5) Dell: $5.921 USD (2950 III)
Recommended:
2x CPU 2.5 GHz Intel QuadCore E5420 16 GB Memory
4x72 GB SAS Harddisk
HP: $5.951 USD (DL 360 G5) Dell: $7.110 USD (2950 III)
4x CPU 2.4 GHz Intel QuadCore E7330 32 GB Memory
4x72 GB SAS Harddisk
HP: $19.933 USD (DL 580 G5) Dell: $19.784 USD (Rack 900)
Table 1 - Typical hardware prices for 1-, 2- and 4-way CPU servers
When choosing storage for the server, we recommend a RAID array to deliver the needed performance. A single disk I/O limitation will likely become a bottleneck when dozens of Virtuozzo containers will have disk activity simultaneously. Therefore, a stripe hardware RAID and disks with 10k RPM are highly recommended. Additional mirroring (RAID 10) will help to avoid massive data loss if the hardware corrupts or breaks down.
Parallels Virtuozzo Containers for Linux will install a custom kernel with the virtualization layer in it. Generally, hardware support in Parallels Virtuozzo Containers for Linux corresponds to the hardware support of Red Hat Enterprise Linux. However, to ensure hardware compatibility, administrators may want to additionally consult the Parallels Virtuozzo Containers for Linux Hardware Compatibility list (www.parallels.com/en/products/virtuozzo/hcl).
Parallels Virtuozzo Containers for Windows has no special hardware requirements and will run on each server compatible with Windows 2003 Server. Parallels recommends using systems certified by Microsoft™.
Planning a Networking Infrastructure
Each server should be connected to both the Internet and to the local management LAN using at least two (2) Network Interface Cards (NICs) with at least 1 GB/s. One NIC is required for the traffic of the customer VPS, and the second NIC is needed for managing the hardware node and the created containers.
The management network is responsible for migration of containers, backup traffic and management. This network should be configured as a separate private LAN with private IPs. For security reasons, review the set of services running on the host (like SSH, sendmail, etc). Administrators should minimize the set of services running and configure the necessary ones to listen on the private management LAN only. The hardware level of the node should be reachable only from the management LAN. More information on how to secure the node can be found in the Network Security chapter on page 6.
Figure 1 - Typical network architecture
Through the hardware node, the host operating system and the Parallels Virtuozzo Containers software itself, the VPS is connected to the network in a bridged or routed type of networking.
Bridged networking connects a container with a complete Layer 2 connection to the network. Although this enables almost any networking protocol to be used inside a container, it requires more configuration. With a routed network configuration, packets are routed between the host and container network interfaces via host system routing. Therefore, the container can only use IP routable traffic to the network and UDP broadcasts, for example, are not forwarded to the container.
Firewall PVCHOST1
PVCHOST2
PVCHOST3
PVCHOST4 Management Server
Monitoring Server
Central Backup Server
Staff
Customer
Mode Advantages Disadvantages
Routed • Highest performance (packets never copied)
S
• imple configuration process
M
• ac-addresses in containers not supported on Linux
O
• nly IP packets can be used
I
• mpossible to isolate cross-container traffic at the data link layer
N
• o DHCP support Bridged • Support of all dedicated server network features
R
• aw packet support
S
• upport of Mac -address dependent applications (such as load-balancers)
D
• HCP client and server support
L
• ower performance (higher overhead due to packet broadcasting) in certain cases
A
• dditional possible contingencies
Table 2 - Comparison of routed and bridged networking
Virtuozzo Containers are ideal for large scale hosting due to the low overhead and ability to perform live migrations. For this type of hosting application, where only IP based services are typically deployed, we recommend using routed networking to improve security.
To allow migration of containers between the same operating system platforms, all nodes running the same OS should be located in the same subnet in the management LAN. The containers running the same platform (Linux or Windows) should be located in one subnet in the public LAN.
NeTwoRk SeCuRITy
To ensure security of the hardware node, services and virtual containers, a firewall is needed to protect the Parallels Virtuozzo infrastructure. A central firewall should be installed between the Internet and the Parallels Virtuozzo server to ensure security for the running containers. This firewall should only allow traffic through the well-known ports described in the following sections.
HARDwARe NoDe
Block all incoming connections, especially on external networks
•
For outgoing connections, leave the following ports open:
•
Port 80: needed for EZ templates to connect to the external repositories to create templates
•
cache
Port 21: needed for Debian EZ templates to connect to the Debian repository to create
•
templates cache
Port 443: needed to connect to vzup2date server vzup2date.swsoft.com
•
Port 5224: needed to connect to Parallels Key Administrator to update the Parallels
•
Virtuozzo license
SeRVICe CoNTAINeR
Incoming connections:
•
Port 22 (open): open from the nodes in the same cluster and from the management LAN
•
Ports 25, 110, 90 (open): open from everywhere: Service VE takes the IP address of a
•
container, which is down for backing up or migration and displays a nice maintenance message
Ports 4643, 8443 (open): from everywhere: VZPP and Plesk ports
•
Port 4646 (open): Port of VZagent SOAP interface; open it for selected hosts it will be used
Outgoing connections:
•
Port 22 (open): for connecting to other nodes in the management group
•
HoSTeD CoNTAINeRS
The following is a list of typical ports that may be used by different services running in a container. The exact list of the ports open for incoming and outgoing connection depends on the services running in the containers.
Ports 20, 21: FTP (File Transfer for upload/download of files to the server)
•
Port 22: SSH
•
Port 25: SMPT (Mail out server)
•
Port 53: DNS
•
Port 80: HTTP
•
Port 106: popassd (for local host only)
•
Port 110: POP (Incoming mail server)
•
Port 113: auth
•
Port 143: IMAP
•
Port 443: HTTPS
•
Port 465: SMTPS
•
Port 990: FTPS
•
Port 993: IMAPs
•
Port 995: POP3S
•
Port 3306: MYSQL
•
Port 4643: Parallels Power Panel
•
Port 5432: POSTGRES
•
Port 8443: plesk-https
•
Port: 9080 tomcat
•
Port 5224: plesk-license-update (outgoing only)
Installing Parallels Virtuozzo Containers
PARALLeLS VIRTuoZZo CoNTAINeRS FoR LINuXThe Host oS
Parallels Virtuozzo Containers installs on top of an existing operating system, which should be pre-installed on the server. Parallels recommends an operating system that has a long support range by its vendor. An Enterprise Distribution of Red Hat for example (Red Hat Enterprise Linux – www.redhat. com ). Alternatively free Linux distributions can be chosen. In this case Cent OS (www.centos.org ) is the recommended Linux distribution. A complete list of supported Linux distributions can be found at www.parallels.com/en/products/virtuozzo/specs/linux.
Other Linux distributions that are not supported as a host OS may be used as guest OS. For a smooth installation of Parallels Virtuozzo Containers for Linux, be sure that the system is partitioned properly.
Partition Recommended Size Description
SWAP Two times the memory size The paging partition for the Linux OS.
/ (Root) 10-15 GB The root partition containing all Hardware Node operating system and Virtuozzo Containers software files.
/vz All available space on Raid partition
(ext3, 4096 block, one block per inode) The partition to host Virtuozzo Containers templates and all container data. Allocating as much disk space as possible to this partition is recommended.
I/O performance requirements are highest for this partition Table 3 – Parallels Virtuozzo Containers for Linux partitioning
Installing the Parallels Virtuozzo Containers Software
After installing the host operating system, administrators must run the Parallels Virtuozzo installer script install from the mounted distribution media, which can be downloaded from www.parallels.com/en/ download/virtuozzo4. The graphical installer guides administrators through the installation process. Additionally, an unattended installation method is available and can be initiated by starting the installer program with the corresponding parameters.
For more information about the installation process, see the Parallels Virtuozzo Containers Installation Guide, which is found in the distribution media or at
http://download.parallels.com/virtuozzo/virtuozzo4.0/docs/en/lin/VzLinuxInstallation.pdf.
PARALLeLS VIRTuoZZo CoNTAINeRS FoR wINDowS
In a Microsoft Windows Server environment, we recommend using the x64 Edition of Windows 2003 Server Standard or Enterprise Edition with SP2 installed. The x64 edition of Microsoft Server 2003 has a better overall performance compared to the 32-bit release and allows a higher density of containers per physical server.
Parallels Virtuozzo Containers has certain requirements regarding Windows patch level. Be sure that no unapproved Microsoft hotfixes are installed before installing Parallels Virtuozzo on a server. An up-to-date list of approved and unapproved patches is available at
Installing Parallels Virtuozzo Containers
Parallels Virtuozzo Containers for Windows can be downloaded from
www.parallels.com/en/download/virtuozzo4. Be sure to select proper edition for download.
No special partitioning is needed on a Windows host to install Parallels Virtuozzo Containers. However, creating a separate partition for the operating system and a separate partition for the Parallels Virtuozzo Containers data folder on the RAID system is recommended.
Partition Recommended Size Description
C: (Root) 15-20 GB The root partition containing all hardware node OS and Parallels Virtuozzo Containers program software files.
D:
Any free drive letter can be chosen All available space on Raid partition (NTFS formatted) The partition to host Virtuozzo Containers templates and all container data. Allocating as much disk space as possible to this partition is recommended.
I/O performance requirements are highest for this partition; RAID10 array is recommended for performance and data redundancy reasons.
Table 4 -Typical Parallels Virtuozzo Containers for Windows partitioning
Installing Parallels Virtuozzo Containers for Windows can be done through Parallels Management Console, the included graphical GUI management tool, by launching the virtuozzo4.0_x64.exe file. For an easy installation, Parallels Virtuozzo Containers supports an unattended installation mode via the virtuozzo4.0_x64.exe file with the proper parameters.
In general, no other applications should be installed on the host OS level on the hardware node. Exceptions include:
Antivirus Software (the list of supported anti virus tools can be found at http://kb.swsoft.com/
•
en/2226 )
3rd Party Backup Software to backup the host system itself (optional because Parallels
•
Virtuozzo Containers has its own backup system)
For more information about the installation process, see the Parallels Virtuozzo Containers Installation Guide, which is found in the distribution media or at
http://download.parallels.com/virtuozzo/virtuozzo4.0/docs/en/win/VzWindowsInstallation.pdf.
windows Host oS Security Considerations
To ensure security of the host, the OS on the hardware should be hardened. The “Administrator” account should be renamed and the “Guest” account should be disabled or renamed. The user password should have a minimum length of eight (8) characters and should consist of alphanumerical and numerical
ReSouRCe MANAgeMeNT
Parallels Virtuozzo Containers Resource Management controls the amount of resources available to containers. The controlled resources include CPU power, disk space and a set of memory-related parameters. All resources for a container can be preconfigured in a sample configuration file, which reflects the hosting plan offered to Parallels customers.
Proper resource configuration for a Parallels Virtuozzo Containers server is essential. An incorrect configuration may lead to poor overall system performance which will result in negative user experiences and produce a high number of support issues.
Memory
In Parallels Virtuozzo Containers for Linux, the Virtuozzo Service Level Management (SLM) controls the amount of physical memory available to a container and offers easy, effective configuration. The parameters can be set in the sample configuration template which is used when creating a new container or the command line interface can be used to set the proper values for an already created container.
Hint: Customers who purchase Parallels System Automation or Parallels Business Automation Standard can easily configure and assign multiple service plans and configurations using the graphical user interface provided by these products.
The new memory limit is set on the fly, and no reboot of the container is needed. For more information on the resource management see the Parallels Virtuozzo Containers for Linux User Guide.
Parallels Virtuozzo Containers for Windows allows administrators to directly set the memory for applications inside the container. Shared and memory mapped files are not included in this value. The container uses the central swap file on the host level and has no own swap file running internally.
CPu
The CPU performance is configured in CPU units. The default value for a container is 1000. When plan-ning and setting up the CPU resources for a container, the difference between the values should be in balance (1000/2000/4000 are reasonable) and significant differences should be avoided. Otherwise, slow containers may slow down the entire system by not being able to free system-wide locks (like file system journal) quickly enough. Additionally, it is possible to set the number of CPUs available to a container. The default value allows the VPS to use as many CPUs as installed in the system (a 2 processor system with 4 cores on each CPU has 8 CPUs in total). Limiting the number of CPUs per container to one, two or four may improve overall system performance because it simplifies the scheduling for the OS. Additionally, the VPS owner’s experience may be improved because runaway tasks in other containers are isolated so they cannot consume processing power across the entire server. Additionally it is pos-sible to set a guaranteed CPU value in percentage. This allows to assign a minimum overall percentage of CPU usage which is exclusively reserved for a dedicated container.
Disk Space
Because most web hosting customers will not use all the disk space assigned to their VPS offering, pro-viders may elect to oversell up to 30-50% of the disk space on the server. Disk space can be assigned to a Containerby pre-setting the value in the sample configuration, which is used to create the container. When the container is up and running administrators can change the disk space on the fly by using the Parallels management tools or the command line interface.
Hosting Plan offer QoS Parameters
Silver CPU Power: XXX1 MHz guaranteed, X*1 GHz burstable
Guaranteed memory: 128 MB Max memory: 256 MB Disk space: 5 GB One CPU
CPU units: 1000 slmmemorylimit: 256 MB Disk space: 5242880 (in KB) One CPU
Gold CPU Power: 2*XXX MHz guaranteed, X*2 GHz burstable Guaranteed memory: 256 MB
Max memory: 512 MB Disk space: 10 GB Two CPUs
CPU units: 2000 slmmemorylimit: 512 MB Disk space: 10485760 (in KB) Two CPUs
Platinum CPU Power: 4*XXX MHz guaranteed, X*4 GHz burstable Guaranteed memory: 512 MB
Max memory: 1024 MB Disk space: 30 GB Four CPUs
CPU units: 4000
slmmemorylimit: 1024 MB Disk space: 20971520 (in KB) Four CPUs
Table 5 - Examples of VPS for Linux offerings
For more information on the resource management, see the Parallels Virtuozzo Containers for Linux User Guide.
Hosting Plan offer QoS Parameters
Silver CPU Power: XXX MHz guaranteed, X GHz burstable Guaranteed memory: 128MB
Max memory: 256 MB Disk space: 5 GB One CPU
CPU guarantee: not limited CPU limit: not limited CPU units: 2000 Memory: 512 MB
Disk space: 10485760 (in KB) Number of processes: 80 Number of TS sessions: 2 Two CPUs
Gold CPU Power: 2*XXX MHz guaranteed, X*2 GHz burstable Guaranteed memory: 256 MB
Max memory: 512 MB Disk space e: 10 GB Two CPUs
CPU guarantee: not limited CPU limit: not limited CPU units: 2000 Memory: 512 MB
Disk space: 10485760 (in KB) Number of processes: 80 Number of TS sessions: 2 Two CPUs
Platinum CPU Power: 4*XXX MHz guaranteed, X*4 GHz burstable Guaranteed memory: 512 MB
Max memory: 1024 MB Disk space: 30 GB Four CPUs
CPU guarantee: not limited CPU limit: not limited CPU units: 4000 Memory: 1024 MB
Disk space: 20971520 (in KB) Number of processes: 80 Number of TS sessions: 2 Four CPUs
Provisioning New Containers
Parallels provides several automation solutions (www.parallels.com/en/products/am) which allow easy provisioning and management of containers and other operational services. For administrators who want to provision services with their existing tools, Parallels Virtuozzo Containers provides a complete API (SOAP, XML-RPC) or command line scripting interface.
Accessible functions are documented in the Parallels Virtuozzo Containers API documentation, which can be downloaded at www.parallels.com/en/products/virtuozzo4/docs. Also see the command line Reference Guide, which is available at www.parallels.com/en/products/virtuozzo4/docs, to find out which commands are available and how to use them.
Hosting plans and container configurations should be created by using the sample container
configurations, which allow service providers to create a template that can be reused each time a new container is created.
Before creating containers on a hardware node, the provisioning software must verify that the server can handle the additional load. In general, verify that the following main resources are available:
Memory - Memory is often overcommitted. Therefore, verify the real memory usage and sum up
•
the memory configured for the containers.
Disk - For provisioning new containers and to let existing containers to grow when needed,
•
at least 20-30% of the disc space should be available on the /vz partition.
Disk I/O - The number of processes waiting for I/O can be seen via the vmstat command.
•
CPU - The average utilization should not exceed 70%.
•
uPSeLLINg HoSTINg PLANS
Parallels Virtuozzo Containers makes it easy for your customers to upgrade their current service plan to a plan with more container resources using the API. To do this, you will need to configure at least two container configurations so that a new sample configuration can be applied to the container when ordered by the customers. The changes will immediately take affect without downtime.
Hint: Parallels Automation software provides control panels which allow clients to go online to request and pay for an upgrade which will be automatically provisioned.
Backups
Containers should be backed up regularly to avoid data loss. Parallels Virtuozzo Containers provides a full featured backup functionality and central management of the backup/restore configuration and tasks via the Parallels Infrastructure Manager. VPS owners are able to access the latest backups and can create their own backups via the Parallels Power Panel.
The backups should be stored on a central backup server. This can be done by configuring a central backup server or by mounting a NFS/samba share to each of the hosts.
Figure 2 - Mount points from file server on PVC nodes
Alternatively, a Parallels Virtuozzo server can be configured as the central backup server for the Parallels Virtuozzo Containers for Linux and the Parallels Virtuozzo Containers for Windows backups.
With this configuration, no additional drives must be mounted to the hosts.
PVC Node 1
/vz
/vz/backups
PVC Node 2
/vz
/vz/backups
PVC Node n
/vz
/vz/backups
File server
Share: pvcbackup
PVC Backup Node
/vz
/vz/backups
PVC Node 1
/vz
/vz/backups
PVC Node 2
/vz
Administrators can create a full backup of all containers running on the node by using the vzabackup utility from the command line of the backup node. The vzabackup tool is able to backup all nodes in the infrastructure.
This command creates a full (-F) backup of all containers on the nodes pvcserver01.local.network. com and pvcserver02.local.network.com. The “--force” option prevents the backup task being from stopped on failures on single VCs. The “--storage” option allows setting a central backup node to store the backups on. If the “--storage” option is not available, the backup is initiated but stored in the default location configured on each separate node. By issuing the vzabackup via a task scheduler such as cron on the central backup server, administrators can automate backups.
When using mounted drives from a central share or NAS, administrators must configure this mounted directory on each node as the default location for the local backups. The default location on Parallels Virtuozzo for Linux is /vz/backups. On a Parallels Virtuozzo for Windows system, backups can be found in the Parallels Virtuozzo data folder in the subfolder backup (example: X:/vz/backups).
The location can be changed by using the Parallels Virtuozzo Management Console, which is installed on the hardware node. The local backup location can be changed via the Parallels Management Console. Right-click on the local server and go to Backup -> Default Location to change the default location of the backup.
Backups should run regularly on all days and rotate in regular intervals every several weeks: Full backup every Saturday at 1 a.m.
•
Incremental backup every Monday, Tuesday, Wednesday, Thursday and Friday at 1 a.m.
•
Backup rotation, which would keep 3 to 5 weekly backup chains
•
For more information on how to use vzbackup via the command line or GUI tools, see the Parallels Virtuozzo Containers User Guide. For more information on initiating the backup via the API, see the Parallels Virtuozzo Containers Programmers Guide.
Patch Management
To ensure system stability and security, it is highly recommended that administrators regularly update the host OS, the Parallels Virtuozzo Containers software and the software inside the containers.
PARALLeLS VIRTuoZZo CoNTAINeRS FoR LINuX
updating the Host oS
Parallels Virtuozzo Containers for Linux allows administrators to use the standard package management tools such as yum to keep the host OS up-to-date. The Parallels Virtuozzo kernel running on the hardware node is updated via the Parallels Virtuozzo software update utility vzup2date.
To reduce bandwidth to/from the Internet and to increase service availability, we recommend that administrators set up a local patch server that acts as a local repository for both host and containers patching.
# vzabackup -F --force --storage 1.2.3.4 pvcserver01.local.network.com pvcserver02.local.network.com
Figure 4 - Repository configuration for central local repository
updating Parallels Virtuozzo Containers
Parallels Virtuozzo Containers patches are announced via email to all subscribed customers using the email address provided to Parallels with the order. Additional people can be added by contacting the Parallels Sales person or via partnermarketing@parallels.com. The email is sent out shortly after the patches are available on the download servers and provides information on the issues fixed with the update.
Parallels Virtuozzo Containers for Linux can be kept updated by using the Parallels Infrastructure Manager (PIM) or via the command line utility vzup2date. PIM allows easy mass updates of the PVC servers in the infrastructure. The web based PIM and the command line tool can connect to the Parallels update server on the Internet or to a local repository to download the Parallels Virtuozzo patches.
updating the oS and Applications in a VPS
The Linux distribution used inside a VPS is based on an OS template. The binaries of these templates are stored in a local repository on the hardware node and are linked to the container. We recommend using EZ templates for Parallels Virtuozzo Containers for Linux to simplify the process of updating the operating system inside each container.
Linux users can install their own update RPMs in their containers. However, Parallels recommends using the provided update tools to install the patches for the templates deployed into the containers.
EZ templates are designed to make resolving application dependences as automated as possible.
Fedora Core Repository Cent OS Repository
Provider Repository
PVCNODE1
Dependencies are resolved on a per container basis, which allows users to have unique sets
•
of packages in each container.
Container upgrades are as easy as running a single command:
•
Although any container can use completely independent sets of packages, any identical files
•
in different containers will be automatically shared on both disk and memory.
EZ templates use standard package repositories based on yum (for RPM based distributions) and apt (Debian) Linux utilities. However, having available and consistent package repositories is much more important for EZ template management than for dedicated servers. Because Virtuozzo containers rely on the packages in the template area, unavailability of package repositories may prevent container migration, restoring from backup, etc. Administrators are therefore recommended to:
Maintain their own local repositories rather than rely on third parties
•
Include these repositories in the disaster recovery plan
•
Never delete files from the local repositories - even if remote repositories do so - unless they are
•
100% sure that corresponding Linux distributions are not used by any of other containers, either running or even stored in backup.
EZ templates allow administrators to use the original OS vendor’s packages and to receive the
updated RPM packages from a central repository right after their release. To keep the container’s Linux distribution up-to-date, the local repository must be regularly updated from the upstream repository. Since the repositories are managed by the OS vendor and not by Parallels it is recommended to sign up for email notifications which are send out by the vendor when the repositories are updated.
It is recommended that administrators create a local repository on a central server in the local infrastructure. This repository should be kept up-to-date and old packages should remain in that repository because they might be needed by a container which requires a older version of the software. When migrating or restoring containers from the backup, Parallels Virtuozzo may automatically download required packages to the template area on the destination server. Missing packages may lead to failed migrations or restoring of the container.
For more information on keeping a Parallels Virtuozzo for Linux system up-to-date, see the Parallels Virtuozzo Containers for Linux User Guide.
PARALLeLS VIRTuoZZo CoNTAINeRS FoR wINDowS
The Host oS
The Microsoft Windows Update Service can be used for a Microsoft Windows system. Parallels tests all Microsoft OS patches against Parallels Virtuozzo and makes them available on a central WSUS server on the Internet. During the installation of Parallels Virtuozzo Containers for Windows, the default WSUS source server is changed to vzwinupdate.swsoft.com to download just the Parallels-tested and approved patches2 .
2 This update server only delivers approval policy on Windows updates for PVC servers. The updates bits are still downloaded from the Microsoft Windows update server.
# vzpkg update 101 ...
Running Transaction
Updating : hwdata ###################### [1/2] Cleanup : hwdata ###################### [2/2] Updated: hwdata.noarch 0:1.0-3.swsoft
Complete! Updated:
A central patch server allows administrators to save Internet bandwidth by downloading operating system and Parallels Virtuozzo patches to one central server only. All Parallels Virtuozzo for Windows servers can download patches from this central server instead of from the Internet. A WSUS installation on a dedicated server is recommended for central deployment of Microsoft OS patches. When using a central WSUS server, configure the WSUS server to get the patches from the central Parallels Virtuozzo Containers for Windows WSUS server vzwinupdate.swsoft.com.
The Parallels Virtuozzo Containers Software
On a Microsoft Windows Server system, the Parallels Virtuozzo Containers Update Manager helps keep the system up-to-date. The Parallels Virtuozzo Update Manager connects to the server on the Internet and downloads the available Parallels Virtuozzo patches. The installed Parallels Virtuozzo patches will ensure system compatibility with the newest Microsoft OS patches by updating the KSAL DB – Kernel Service Abstraction Layer Database. This database is responsible for the OS patches downloadable from the Internal or external WUS server. If Parallels Virtuozzo detects a non-supported Microsoft patch, the Parallels Virtuozzo service will not start. The download and installation of the Parallels Virtuozzo patches can be automated by configuring the Virtuozzo Update Service via the Parallels Management Console. A list of approved Microsoft patches can be found at www.parallels.com/en/products/virtuozzo/updates. To provide a central server for Parallels Virtuozzo itself, a Virtuozzo Update Service (VUS) server must be set up. The VUS software must be installed on the same server on which the Windows Software Update Service is installed by running the vusinstall.exe, which is located in the Parallels Virtuozzo for Windows media distribution. After installing the service, use the installed VUS manager to synchronize the local VUS with the central Parallels Virtuozzo Containers Update Center.
For more information on compatible patches, see the Parallels Virtuozzo Containers User Guide.
Patching the Container
A Parallels Virtuozzo for Windows system does not allow users to install OS patches inside the VPS manually. Therefore, the provider must take responsibility for the patch management of the containers.
Microsoft OS patches installed on the hardware node are automatically distributed to containers. Because most Windows updates require a reboot, a maintenance window must be planned to reboot the node (reboot of individual containers is not required).
Monitoring
Parallels Virtuozzo Containers provides the option to use SNMP to monitor a Parallels Virtuozzo infrastructure. The provided SNMP monitoring plug-in allows administrators to integrate Parallels Virtuozzo system services monitoring into a central monitoring system. Parallels Virtuozzo installs the SNMP support by default.
High Availability with SAN/iSCSI
Parallels Virtuozzo Containers 4.0 introduces high availability support for Linux and Windows
environments. In the event of a hardware/software failure, the containers that ran on the broken host will be automatically restarted on a standby host, which greatly improves service levels.
Figure 5 - PVC Cluster architecture
Parallels Virtuozzo for Linux uses the Red Hat Clustering Suite, which is shipped with RHEL version 5, to achieve the high availability of containers running on the hardware nodes. Parallels Virtuozzo for Windows uses either the Microsoft Clustering Service or Microsoft Network Load Balancing to achieve high availability.
For both Linux and Windows, the /vz directory must be available on the SAN and available to all servers in the cluster. One standby server can act as a failover server for multiple hardware nodes. Microsoft Windows allows seven active servers and one passive in one cluster group.
Details on how to set up a clustered VPS service offering are available at: PVC for Linux:
http://download.parallels.com/virtuozzo/virtuozzo4.0/docs/en/lin/VzLinuxClustering.pdf
PVC for Windows:
http://download.parallels.com/virtuozzo/virtuozzo4.0/docs/en/win/VzWindowsClustering.pdf VE 1
VE 2
VE 3 VE 4
VE 5
VE 6 VE 7
VE 8
VE 9
Client 3 Client 2 Client 1
Parallels Power Panel
Parallels Power Panel is a web-based self management interface for the container owners. It allows a root (Linux) or Administrator (Windows) user to connect via IP/hostname and the port 4643 (https://yourdomain:4643) to the VPS when the container is in started or stopped mode. Parallels Power Panel allows container administrators to:
Start, stop or restart the container
•
Repair the container
•
Reinstall the container
•
Back up and restore the container
•
Change the container root password
•
Start, stop or restart certain services inside the container
•
Access other control panels installed in the container
•
View a list of container processes and send them signals
•
View the current resource consumption and resource over usage alerts
•
View the Parallels Virtuozzo logs
Administrators can access the Parallels Power Panel via an IP/port redirect on the host level of the hardware node to a web server running in the service container running on each host. A web server running inside the service container provides access to the power panel.
The feature set of the tool integrates basic functionality such as starting and stopping a container, backing up and restoring a container and service management. The feature set can be configured via an XML file, and the design and branding can be changed by using already designed templates or templates created by the provider. To enable access to the Power Panel, “Offline Management” must be switched on for the container. To reduce support efforts and costs, enabling the Power Panel for all container owners is recommended.
Conclusion
Parallels Virtuozzo Containers delivers a hosting solution with low overhead, efficient updates, and easy-to-use management tools. This allows service providers to launch compelling services to increase revenue opportunities and streamline IT management to reduce support costs.
This paper covered several practices to help service providers get the most out of their Parallels Virtuozzo Deployment including hardware selection, network configuration, resource management, patch management, monitoring, backups, and high availability configurations.
More details about Virtuozzo can be located in the Parallels Virtuozzo Containers User Guides which are located on the Parallels website (http://www.parallels.com/virtuozzo/docs/).