VMware ESX 服务器由资源管理器和服务控制台组成,其体系结构的核心思想是实现硬件资源在完全隔离的环境中部署。
系统架构图如下所示,其中主要包括了以下三个部分:
- VMware虚拟层,该层提供了理想的硬件环境和对底层物理资源的虚拟
- 资源管理器,它将CPU、内存、网络带宽和磁盘空间划分到每台虚拟机上
- 硬件界面组件,包括设备驱动程序等
虚拟
The VMware virtualization layer brings hardware virtualization to the standard Intel server platform. The virtualization layer is common among VMware desktop and server products, providing a consistent platform for development, testing, delivery and support of application workloads from the developer desktop to the workgroup to the data center.
As with mainframe virtualization, the VMware virtual machine offers complete hardware virtualization; the guest operating system and applications (those operating inside a virtual machine) can never directly determine which specific underlying physical resources they are accessing, such as which CPU they are running on in a multiprocessor system or which physical memory is mapped to their pages. The virtualization of the CPU incorporates direct execution: non-privileged instructions are executed by the hardware CPU without overheads introduced by emulation.
The virtualization layer provides an idealized physical machine that is isolated from other virtual machines on the system. It provides the virtual devices that map to shares of specific physical devices; these devices include virtualized CPU, memory, I/O buses, network interfaces, storage adapters and devices, human interface devices, BIOS and others.
Each virtual machine runs its own operating system and applications; they cannot talk to each other or leak data, other than via networking mechanisms similar to those used to connect separate physical machines. This isolation leads many users of VMware software to build internal firewalls or other network isolation environments, allowing some virtual machines to connect to the outside while others are connected only via virtual networks through other virtual machines.
Each virtual machine appears to run on its own CPU, or set of CPUs, fully isolated from other virtual machines, with its own registers, translation lookaside buffer, and other control structures. Most instructions are directly executed on the physical CPU, allowing compute-intensive workloads to run at near-native speed. Privileged instructions are performed safely by the patented and patent-pending technology in the virtualization layer.
While a contiguous memory space is visible to each virtual machine, the physical memory allocated may not be contiguous. Instead, noncontiguous physical pages are remapped efficiently and presented to each virtual machine. Some of the physical memory of a virtual machine may in fact be mapped to shared pages, or to pages that are unmapped or swapped out. This virtual memory management is performed by ESX Server without the knowledge of the guest operating system and without interfering with its memory management subsystem.
Support of disk devices in ESX Server is an example of the product's hardware independence. Each virtual disk is presented as a SCSI drive connected to a SCSI adapter. This device is the only disk storage controller used by the guest operating system, despite the wide variety of SCSI, RAID and Fibre Channel adapters that might actually be used in the system.
This abstraction makes virtual machines at once more robust and more transportable. There is no need to worry about the variety of potentially destabilizing drivers that may need to be installed on guest operating systems, and the file that encapsulates a virtual disk is identical no matter what underlying controller or disk drive is used.
VMware ESX Server can be used effectively with storage area networks (SANs). ESX Server supports QLogic and Emulex host bus adapters, which allow an ESX Server computer to be connected to a SAN and to see the disk arrays on the SAN.
You may define up to four virtual network cards within each virtual machine. Each virtual network card has its own MAC address and may have its own IP address (or multiple addresses) as well. Virtual network interfaces from multiple virtual machines may be connected to a virtual switch. Each virtual switch may be configured as a purely virtual network with no connection to a physical LAN, or may be bridged to a physical LAN via one or more of the physical NICs on the host machine.
VMnet connections may be used for high-speed networking between virtual machines, allowing private, cost-effective connections between virtual machines. The isolation inherent in their design makes them especially useful for supporting network topologies that normally depend on the use of additional hardware to provide security and isolation.
For example, an effective firewall can be constructed by configuring one virtual machine on an ESX Server system with two virtual Ethernet adapters, one bound to a VMnic (giving it a connection to a physical network) and the other bound to a VMnet. Other virtual machines would be connected only to the VMnet. By running filtering software in the dual-homed virtual machine, a user can construct an effective firewall without the need for additional hardware and with high-performance virtual networking between the virtual machines.
A similar approach can be used with multitier applications — with the Web or application servers reachable from other systems but with the database server connected only to the other tiers.
ESX Server virtualizes the resources of the physical system for use by the virtual machines.
In the preceding example, each virtual machine is configured with one CPU, an allocation of memory and disk, and two virtual Ethernet adapters. In reality, they share the same physical CPU and access noncontiguous pages of memory (with part of the memory of one of the virtual machines currently swapped to disk). Their virtual disks are actually set up as files on a common file system.
Each of these example virtual machines has two virtual NICs. Virtual NICs 1a and 2a are attached to the virtual switch that is bound to physical NICs 1a and 2a. Virtual NICs 1b and 2b are attached to a purely virtual switch.
In the VMware ESX Server architecture, guest operating systems interact only with the standard x86-compatible virtual hardware presented by the virtualization layer. This provides the capability for VMware to support any x86-compatible operating system. In practice, however, VMware supports a subset of x86-compatible operating systems that are tested throughout the product development cycle. VMware documents the installation and operation of these guest operating systems and trains its technical personnel in their support.
Because applications interact only with their guest operating system, and not the underlying virtual hardware, once operating system compatibility with the virtual hardware is established, application compatibility is not an issue.
服务控制台
The ESX Server system management functions and interfaces are implemented in the service console. These include the HTTP, SNMP and API interfaces described above, as well as other support functions such as authentication and low-performance device access. The service console is also installed as a first component and is used to bootstrap the ESX Server installation and configuration, as well as to boot the system and initiate execution of the virtualization layer and resource manager. In ESX Server, the service console is implemented using a modified Linux distribution.
The service console provides a control API that allows the virtual machines and resource allocations to be managed. The administrator may also access these controls via pages accessed through the Web server running in the service console.
In addition to the Web server, the following processes and services involved in the management of an ESX Server system run in the service console:
- Server daemon (vmserverd) — Performs actions in the service console on behalf of the VMware Remote Console and the Web-based VMware Management Interface.
- Authentication daemon (vmauthd) — Authenticates remote users of the management interface and remote consoles using the username/password database. Any other authentication store that can be accessed using the Pluggable Authentication Module (PAM) capabilities present in the service console may also be used. This permits the use of passwords from a Windows domain controller, LDAP or RADIUS server, or similar central authentication store to be used with VMware ESX Server for remote access.
- SNMP server (ucd-snmpd) — Implements the SNMP data structures and traps an administrator can use to integrate an ESX Server system into an SNMP-based system management tool.
- In addition to these VMware-supplied services, the service console can be used to run other system wide or hardware-dependent management tools. These include hardware-specific health monitors (such as IBM Director, HP Insight Manager and others), full-system backup and disaster recovery software, and clustering and high availability products.
The server and virtual machine resources and configuration attributes that are available through the SNMP and HTTP interfaces are also visible through a file system in the service console. The files in this /proc/vmware name space may be examined and modified by users logged in to the service console with sufficient permissions or may be used as a point of integration for home-grown or commercial scripts and management tools.
2839
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
