Tuesday Jun 21, 2016
Wednesday Jun 01, 2016
By Jsavit-Oracle on Jun 01, 2016
Friday Mar 18, 2016
By Jsavit-Oracle on Mar 18, 2016
Wednesday Nov 11, 2015
By Jsavit-Oracle on Nov 11, 2015
Thursday Oct 08, 2015
By Jsavit-Oracle on Oct 08, 2015
Thursday Apr 09, 2015
By Jsavit-Oracle on Apr 09, 2015
Multipath groups are arranged in an active/standby pair of connections to the same physical media. In case of a path or service domain failure, I/O activity continues on a surviving path. This is also helpful for rolling upgrades: a service domain can be rebooted for an upgrade, and virtual disk I/O continues without interruption. That's important for continuous availability while upgrading system software.
A previous limitation was that you could not determine by commands which path was active, and you couldn't force activity onto a selected path. That meant that all the I/O for multiple virtual disks went (typically) to the primary path instead of being load balanced across service domains and HBAs. You could deduce which service domains were actively doing disk I/O by using commands like iostat, but there was no visibility, and no way to spread the load. Oracle VM Server for SPARC addresses this by adding command output that shows which path is active, and let you switch the active path to one of the available paths. Now, the command 'ldm list-bindings' shows which path is active, and the command 'ldm set-vdisk' lets you set which path is active. For further details and syntax, please see the documentation at Configuring Virtual Disk Multipathing
Monday Mar 23, 2015
By Jsavit-Oracle on Mar 23, 2015
Oracle has just released Oracle VM Server for SPARC release 3.2. This update has been integrated into Oracle Solaris 11.2 beginning with SRU 8.4. Please refer to Oracle Solaris 11.2 Support Repository Updates (SRU) Index [ID 1672221.1].
This new release introduces the following features:
- Improved multipath virtual disk I/O (mpgroup): view, set active I/O path
- Improved domain observability to show dependencies between service and guest domains
- Improved network observability, quality of service and security management, and PVLAN
- I/O Resiliency (IOR) for physical I/O
- Dynamic Bus (dynamically assign PCI bus to domains)
- Live migration improvements
- Guest additions (VM API to interact with host environment)
- Guest access to SPARC performance counters
Live migration performance and security enhancements
This blog entry details 3.2 improvements to live migration. Oracle VM Server for SPARC has supported live migration since release 2.1, and has been enhanced over time to provide features like cross-CPU live migration to permit migrating domains across different SPARC CPU server types. Oracle VM Server for SPARC 3.2 improves live migration performance and security.
Live migration performance
The time to migrate a domain is reduced in Oracle VM Server for SPARC 3.2 by the following improvements:
- Parallel page copying and memory mapped I/O: data compression and transmission were alredy multi-threaded, but copying from hypervisor memory was single-threaded and buffers were copied twice. This change adds worker threads for parallelism and reduces the number of times data is copied, including for network I/O
- LZJB used to compress: Memory is compressed before it is encrypted and transmitted over the network. This change uses the fast, lightweight LZJB (Lempel Zev Jeff Bonwick) algorithm to quickly compress and decompress memory pages. Zero-fill pages are skipped, and pages that are only slightly reduced in size are sent unchanged. That reduces overall processing time.
This improvement is available on all SPARC servers supporting Oracle VM Server for SPARC, including the older UltraSPARC T2, UltraSPARC T2 Plus, and SPARC T3 systems. Some speedups are only be available for guest domains running Solaris 11.2 SRU 8 or later, and will not be available on Solaris 10. Solaris 10 guests must run Solaris 10/09 or later, as that release introduced code for cooperative live migration that works with the hypervisor.
Live migration security
Oracle VM Server for SPARC 3.2 improves live migration security by adding certificate-based authentication and supporting the FIPS 140-2 standard.
Certificate based authentication
Live migration requires mutual authentication between the source and target servers. The simplest way to initiate live migration is to issue an "ldm migrate" command on the source system specifying an adminstrator password on the target system, or point to a root-readable file containing the target system's password. That is cumbersome, and not ideal for security. Oracle VM Server for SPARC 3.2 adds a secure, scalable way to permit password-less live migration using certificates that prevents man-in-the-middle attacks.
This is accomplished by using SSL certificates to establish a trust relationship between different server's control domainss as described at Configuring SSL Certificates for Migration. In brief, a certificate is securely copied from the remote system's /var/opt/SUNWldm/server.crt to the local system's /var/opt/SUNWldm/trust and a symbolic is made from certificate in the ldmd trusted certificate directory to /etc/certs/CA. After the certificate and ldmd services are restarted, the two control domains can securely communicate with one another without passwords. This enhancement is available on all servers supporting Oracle VM Server for SPARC, using either Solaris 10 or Solaris 11.
FIPS 140-2 Mode
The Oracle VM Server for SPARC Logical Domains Manager can be configured to perform domain migrations using the Oracle Solaris FIPS 140-2 certified OpenSSL libraries as described at http://docs.oracle.com/cd/E48724_01/html/E48732/fipsmodeformigration.html#scrolltoc. When this is in effect, migrations are conformant with this standard, and can only done between servers that are all in FIPS 140-2 mode.
For more information, please see Using a FIPS 140 Enabled System in Oracle® Solaris 11.2. This enhancement requires that the control domain run Oracle Solaris 11.2 SRU 8.4 or later.
Where to get more information
For additional resources about Oracle VM Server for SPARC 3.2, please see the documentation at http://docs.oracle.com/cd/E48724_01/index.html, especially the What's New page, the Release Notes and the Administration Guide
Friday Oct 17, 2014
By Jsavit-Oracle on Oct 17, 2014
This paper shows how to configure to meet demanding performance and availability requirements. Topics include:
- Oracle VM Server for SPARC definitions, concepts and deployment options.
- Software, hardware, and firmware requirements.
- Best Practices for optimal performance.
- Best Practices for resiliency and availability.
The paper includes specific recommendations, describes the reasons behind them, and illustrates them with examples taken from actual systems.
Tuesday Sep 23, 2014
By Jsavit-Oracle on Sep 23, 2014
Previous blog entries have described scalability improvements that improve virtual disk and network I/O performance. This new update adds scalability in a different context, by increasing the number of virtual I/O devices a domain can have.
Every virtual I/O device requires a Logical Domain Channel (LDC) endpoint. Previous product versions had a limit of 768 LDCs (or 512 on UltraSPARC T2 systems) per domain (not per system) that constrained growth. This set a maximum number of virtual I/O devices in a domain, which impeded migration of large configurations that might have hundreds of disk devices or network connections. While this could be addressed in a number of ways, such as using physical I/O or consolidating many small LUNs onto fewer large LUNs, it was an impediment to adopting Oracle VM Server for SPARC. It especially affected how service domains could be used, since each service domain has LDC endpoints for each of the virtual devices it provides to guests.
With this new update, and with associated system firmware levels, LDC endpoints are arranged into a large pool which can be shared among domains. As described in Using Logical Domain Channels, each domain can have 1,984 LDC endpoints on SPARC T4, SPARC T5, M5, and M6 systems, out of a pool of 98,304 LDC endpoints in total. The required system firmware to support the LDC endpoint pool is 8.5.1.b for SPARC T4 and 9.2.1.b for SPARC T5, SPARC M5, and SPARC M6.
This more than doubles the number of I/O devices available to a guest domain, and can be implemented by installing the current firmware and moving to the Oracle VM Server for SPARC update.
Wednesday Aug 27, 2014
By Jsavit-Oracle on Aug 27, 2014
Wednesday Jul 02, 2014
Wednesday May 21, 2014
By Jsavit-Oracle on May 21, 2014
Friday Mar 28, 2014
Thursday Mar 20, 2014
Thursday Nov 21, 2013
By Jsavit-Oracle on Nov 21, 2013
- Oracle VM Server for SPARC - virtual HBA (vHBA) enhancements
- Oracle VM Server for SPARC 3.4 - scalability improvements
- Upgrading Oracle VM Manager to version 3.4.1
- New whitepaper: Optimizing Oracle VM Server for x86 Performance
- Upgrading Oracle VM Server to version 3.3.4
- Upgrading Oracle VM Manager to version 3.3.4
- Oracle VM 3.4.1 and new performance features
- Root domains and I/O on SPARC M7
- Oracle VM Performance and Tuning - Part 6 - I/O
- Oracle VM Performance and Tuning - Part 5