Virtuozzo 7 Update 5 - what's new?

Users of the Virtuozzo family of products often ask us about how each new version differs, and whether it is worth upgrading their systems to the latest build. Therefore, we decided to talk in detail here, in Habré, about the capabilities of each version, and today is the first post in the series dedicated to Virtuozzo 7 Update 5.

In addition to increasing the stability of each component, quarterly updates of Virtuozzo always carry a number of new features. Many of these users have specially ordered and are waiting for their appearance in order to be able to get more returns from the hyper-convergent system and containers. For example, in Virtuozzo Update 6, there are features such as working with geo-replication for S3 or data encryption at rest, but let's look at all the major improvements in order.

Security

Previously, users themselves embedded data encryption mechanisms on disks and in Virtuozzo containers. But starting from Update 5 we have added the ability to encrypt data directly at the level of the distributed storage of VZ Storage. For cryptography, the AES256 algorithm is used, as practice has shown - the most popular among users. The key management system is used externally, because the overwhelming majority already have their own Key Management tools.
')


At rest encryption occurs for all passive data. You can simply enable this feature in the control panel.

The second innovation is integration into the LDAP and Active Directory directory systems. This feature allows you to manage access rights for different users within a single host or virtual machine. The distributed storage infrastructure of Virtuozzo Storage allows you to configure permissions for each individual object, so that the same profiles and the same credentials are used for authorization on virtual machines and containers as for sharing data access.

In addition to this, it is worth noting that Virtuozzo 7 still provides updates for all kernels released in the last 18 months in the form of ReadyKernel live-updates. Since the release of Virtuozzo 7, users have not created a single ticket related to the stability of this mechanism for updating the kernel of virtualization hosts.

Performance

Our developers have worked hard to improve the performance of the ecosystem. In particular, the installation was accelerated: the main part of the distribution is now deployed from a squashfs compressed image (instead of a per-package installation), so you only need a few minutes to try Virtuozzo, and accelerated deployment to the data center helps to restart services faster after maintenance.

Increased productivity has in many ways affected users of Windows virtual machines. To do this, VirtIO support was added to the hypervisor, and the virtual machines feel “at home”, as if they work in the Hyper-V ecosystem. Considering that the Virtuozzo hypervisor provides support for all the necessary functions for this, there is a noticeable performance increase in VMs with MS Windows.

For example, we can show the results of comparing the performance of Virtuozzo and pure KVM:

Tests were performed on the following configuration:

Model: IBM System x3650 M3
CPU: 24 SMP (2Sx6Cx2T) Xeon E5645 @ 2.4 GHz
RAM: 16 x 8GB DDR3 1600 MHz
HDD: RAID0 (5 x 900GB 10000 RPM SAS)
NET: 10 Gbit direct server <-> client connection



The test used is VConsolidate (https://openvz.org/Performance/vConsolidate-UP)

The guaranteed performance of each VM or container has been enhanced by the appearance of I / O limits. Depending on the type of business, you can now configure I / O limits for some operations. This is done so that the VM with heavy load does not “eat off” the performance of other machines running on the same host, which is very important if there are indeed many virtual machines on one node. If we talk about service providers, the maximum load on the I / O creates backup and migration. Users can now set limits on available resources for these and any other categories of transactions. Thus, when properly configured, the VMs will not notice that there are “neighbors” on the host. Of course, if the number of machines corresponds to the performance of the host as a whole.

At the same time, it is possible to place even more services on one host without sacrificing performance, if we are talking about not very powerful machines with limited needs. So, in the hypervisor, you can now determine not only the number of processors, but also the specific number of cores that each VM or container can use. This feature allows you to better utilize server resources with multi-core processors.

Functionality

In each release, we add new features that are the most popular users. And in Update 5, migration support for NFS volumes appears. As practice has shown, many users of containers work with NFS-drives, which previously created restrictions in data migration. NFS support is now officially implemented in containers and Virtuozzo ecosystem virtual machines.

The second useful feature is support for S3 geo-replication. Now containers and virtual machines can request information from S3 distributed storage and save data with the geo-replication option via a standard interface.

Also in Virtuozzo 7, support for Docker Swarm has been added. Docker containers were previously supported, but integration with the Docker Swarm control system allows users of individual virtual machines (VPS) to manage their Docker-izirovannyh applications using standard tools. Recall that in addition to this, Docker has the ability to implement a permanent data storage for temporarily running services based on Virtuozzo Storage for Docker.

Speaking of storage. Starting from Update 5, it is possible to monitor its status through SMNP. If earlier it was necessary to collect data via SSH, now you can configure the permanent transfer of all system state information to a single management console via SMNP protocol.

And separately about migration

Special attention is given to the modernization of the system of live migration of containers and virtual machines, which allows maintenance, without stopping services. For these tasks, the CRIU tool is used, which we already wrote about in the previous post .

In Virtuozzo 7 Update 5, migration was accelerated, and several technologies are used for this at once. For containers, a memory compression mechanism was implemented for transferring information from one space to another. For a VM, some actions are artificially slowed down during migration, such as accessing a disk and accessing memory. As a result, the amount of data that needs to be transferred across the network during the migration process is reduced, and the process is completed much earlier.



In addition, the compatibility of different nodes for the transfer of applications, the functionality of which depends on the capabilities of the processors, has been improved. For example, there are technical problems when migrating from AMD to Intel. By the way, they often occur when moving a virtual machine to a system with another generation of CPU architecture. To prevent this from happening during the migration, support for unnecessary instructions on the CPU is turned off, and applications continue to work on the new host, as if nothing had happened.

What to expect from Version 6?

The next version of Virtuozzo 7 will be presented before the new year. It will contain about 15 new features, including online reclaim of unallocated disk space of virtual machines, improvement of the network subsystem for Windows, simplified cluster creation, and more. As the version is released, we will talk about these features in more detail in our blog.