Parallels Virtuozzo Containers

Parallels Virtuozzo Containers White Paper Launching Hosted VPS Services www.parallels.com Version 1.0

Table of Contents Table of Contents... 2 Introduction... 3 Choosing the Right Hardware... 4 Planning a Networking Infrastructure... 5 Network Security... 6 Hardware Node... 6 Service Container... 6 Hosted Containers... 7 Installing Parallels Virtuozzo Containers... 8 Parallels Virtuozzo Containers for Linux... 8 The Host OS... 8 Installing the Parallels Virtuozzo Containers Software... 8 Parallels Virtuozzo Containers for Windows... 8 Installing Parallels Virtuozzo Containers... 9 Windows Host OS Security Considerations... 9 Windows Server 2003 Operating System Licensing... 9 Resource Management... 10 Memory... 10 CPU... 10 Disk Space... 10 Provisioning New Containers... 12 UpsellIng Hosting Plans... 12 Backups... 13 Patch Management... 14 Parallels Virtuozzo Containers for Linux... 14 Updating the Host OS... 14 Updating Parallels Virtuozzo Containers... 15 Updating the OS and Applications in a VPS... 15 Parallels Virtuozzo Containers for Windows... 16 The Host OS... 16 The Parallels Virtuozzo Containers Software... 17 Patching the Container... 17 Monitoring... 17 High Availability with SAN/iSCSI... 18 Parallels Power Panel... 19 Conclusion... 20 Parallels Launching Hosted VPS Services 2

Introduction In today s competitive hosting market, organizations must use their technical resources as efficiently as possible. Hardware and software resources must be optimized and cost-effective, management must be efficient and the end-user experience must be friendly and effective to reduce support issues. With its high density, easy-to-use interface and centralized server management capabilities, Parallels Virtuozzo Containers enables service providers to maximize their hardware and software resources, streamline IT management and reduce support issues. These benefits make Parallels Virtuozzo Containers the leading virtualization technology used by service providers to deliver end-user services and improve their internal infrastructure. This document includes recommendations and best practices to help IT administrators make informed decisions about their upcoming Parallels Virtuozzo Containers deployment. This document discusses Parallels Virtuozzo Containers efficient deployment for Hosting Service Providers who are launching virtual private server (VPS) hosting. This document is ideal for IT professionals who are planning hardware purchases, managing server and network infrastructures and responsible for the software deployments in the company. This document assumes that the reader has basic server knowledge or already owns Parallels Virtuozzo Containers. For more information about Parallels Virtuozzo Containers, please refer to the user s guide and other supplied documentation. Although not discussed specifically in this document, Parallels Virtuozzo Containers should also be used for improving the delivery of shared hosting, software-as-a-service, and managed dedicated server offerings. The concepts for delivering these service offerings are similar to the ones discussed in this document, but may involve slightly different partitioning and best practices. Parallels Launching Hosted VPS Services 3

Choosing the Right Hardware Hardware is very important for the overall strategy of any virtual server deployment because a significant number of containers will run on that hardware and any hardware failures may result in costly downtime. Choosing quality hardware is important to best avoid downtime, increase service levels and ensure business continuity. The physical server s hardware components should be balanced by performance. A powerful CPU will not bring higher overall performance if the underlying disk system does not have enough disk I/O bandwidth to write the information to the disk. Similarly, a system without sufficient memory will cause excessive swapping which will significantly decrease the overall performance of the system by wasting CPU and disk I/O resources. Based on our observations in early 2008, we recommend dual way Quad Core processor servers with 12 to 16 GB of memory to provide the best performance for the price. When comparing server pricing from popular server hardware vendors, administrators can see that a scaled down scenario with, for example, a 1 CPU and 8 GB memory will increase the cost by more than 50% not only because the server is not much cheaper, but also because of additional management, floor space and power consumption costs. A scaled up system with 4 CPU and 32 GB of memory will cost more than 200% of the price and will need much more expensive storage systems to handle the load on the disk system. System MSRP Pricing (March 2008) 1x CPU 2.5 GHz Intel QuadCore E5420 8 GB Memory (4x2 GB) 4x72 GB SAS Hard disk HP: $5.004 USD (DL 360 G5) Dell: $5.921 USD (2950 III) Recommended: 2x CPU 2.5 GHz Intel QuadCore E5420 16 GB Memory 4x72 GB SAS Harddisk HP: $5.951 USD (DL 360 G5) Dell: $7.110 USD (2950 III) 4x CPU 2.4 GHz Intel QuadCore E7330 32 GB Memory 4x72 GB SAS Harddisk HP: $19.933 USD (DL 580 G5) Dell: $19.784 USD (Rack 900) Table 1 - Typical hardware prices for 1-, 2- and 4-way CPU servers When choosing storage for the server, we recommend a RAID array to deliver the needed performance. A single disk I/O limitation will likely become a bottleneck when dozens of Virtuozzo containers will have disk activity simultaneously. Therefore, a stripe hardware RAID and disks with 10k RPM are highly recommended. Additional mirroring (RAID 10) will help to avoid massive data loss if the hardware corrupts or breaks down. Parallels Virtuozzo Containers for Linux will install a custom kernel with the virtualization layer in it. Generally, hardware support in Parallels Virtuozzo Containers for Linux corresponds to the hardware support of Red Hat Enterprise Linux. However, to ensure hardware compatibility, administrators may want to additionally consult the Parallels Virtuozzo Containers for Linux Hardware Compatibility list (www.parallels.com/en/products/virtuozzo/hcl). Parallels Virtuozzo Containers for Windows has no special hardware requirements and will run on each server compatible with Windows 2003 Server. Parallels recommends using systems certified by Microsoft. Parallels Launching Hosted VPS Services 4

Planning a Networking Infrastructure Each server should be connected to both the Internet and to the local management LAN using at least two (2) Network Interface Cards (NICs) with at least 1 GB/s. One NIC is required for the traffic of the customer VPS, and the second NIC is needed for managing the hardware node and the created containers. The management network is responsible for migration of containers, backup traffic and management. This network should be configured as a separate private LAN with private IPs. For security reasons, review the set of services running on the host (like SSH, sendmail, etc). Administrators should minimize the set of services running and configure the necessary ones to listen on the private management LAN only. The hardware level of the node should be reachable only from the management LAN. More information on how to secure the node can be found in the Network Security chapter on page 6. PVCHOST1 Firewall Customer PVCHOST2 PVCHOST3 Management Server PVCHOST4 Monitoring Server PVCHOSTn Central Backup Server Staff Figure 1 - Typical network architecture Through the hardware node, the host operating system and the Parallels Virtuozzo Containers software itself, the VPS is connected to the network in a bridged or routed type of networking. Bridged networking connects a container with a complete Layer 2 connection to the network. Although this enables almost any networking protocol to be used inside a container, it requires more configuration. With a routed network configuration, packets are routed between the host and container network interfaces via host system routing. Therefore, the container can only use IP routable traffic to the network and UDP broadcasts, for example, are not forwarded to the container. Parallels Launching Hosted VPS Services 5

Mode Advantages Disadvantages Routed Bridged Highest performance (packets never copied) Simple configuration process Support of all dedicated server network features Raw packet support Support of Mac -address dependent applications (such as load-balancers) DHCP client and server support Table 2 - Comparison of routed and bridged networking Mac-addresses in containers not supported on Linux Only IP packets can be used Impossible to isolate cross-container traffic at the data link layer No DHCP support Lower performance (higher overhead due to packet broadcasting) in certain cases Additional possible contingencies Virtuozzo Containers are ideal for large scale hosting due to the low overhead and ability to perform live migrations. For this type of hosting application, where only IP based services are typically deployed, we recommend using routed networking to improve security. To allow migration of containers between the same operating system platforms, all nodes running the same OS should be located in the same subnet in the management LAN. The containers running the same platform (Linux or Windows) should be located in one subnet in the public LAN. Network Security To ensure security of the hardware node, services and virtual containers, a firewall is needed to protect the Parallels Virtuozzo infrastructure. A central firewall should be installed between the Internet and the Parallels Virtuozzo server to ensure security for the running containers. This firewall should only allow traffic through the well-known ports described in the following sections. Hardware Node Block all incoming connections, especially on external networks For outgoing connections, leave the following ports open: Port 80: needed for EZ templates to connect to the external repositories to create templates cache Port 21: needed for Debian EZ templates to connect to the Debian repository to create templates cache Port 443: needed to connect to vzup2date server vzup2date.swsoft.com Port 5224: needed to connect to Parallels Key Administrator to update the Parallels Virtuozzo license Service Container Incoming connections: Port 22 (open): open from the nodes in the same cluster and from the management LAN Ports 25, 110, 90 (open): open from everywhere: Service VE takes the IP address of a container, which is down for backing up or migration and displays a nice maintenance message Ports 4643, 8443 (open): from everywhere: VZPP and Plesk ports Port 4646 (open): Port of VZagent SOAP interface; open it for selected hosts it will be used Parallels Launching Hosted VPS Services 6

Outgoing connections: Port 22 (open): for connecting to other nodes in the management group Hosted Containers The following is a list of typical ports that may be used by different services running in a container. The exact list of the ports open for incoming and outgoing connection depends on the services running in the containers. Ports 20, 21: FTP (File Transfer for upload/download of files to the server) Port 22: SSH Port 25: SMPT (Mail out server) Port 53: DNS Port 80: HTTP Port 106: popassd (for local host only) Port 110: POP (Incoming mail server) Port 113: auth Port 143: IMAP Port 443: HTTPS Port 465: SMTPS Port 990: FTPS Port 993: IMAPs Port 995: POP3S Port 3306: MYSQL Port 4643: Parallels Power Panel Port 5432: POSTGRES Port 8443: plesk-https Port: 9080 tomcat Port 5224: plesk-license-update (outgoing only) Parallels Launching Hosted VPS Services 7

Installing Parallels Virtuozzo Containers PARALLELS VIRTUOZZO CONTAINERS FOR LINUX The Host OS Parallels Virtuozzo Containers installs on top of an existing operating system, which should be preinstalled on the server. Parallels recommends an operating system that has a long support range by its vendor. An Enterprise Distribution of Red Hat for example (Red Hat Enterprise Linux www.redhat. com ). Alternatively free Linux distributions can be chosen. In this case Cent OS (www.centos.org ) is the recommended Linux distribution. A complete list of supported Linux distributions can be found at www.parallels.com/en/products/virtuozzo/specs/linux. Other Linux distributions that are not supported as a host OS may be used as guest OS. For a smooth installation of Parallels Virtuozzo Containers for Linux, be sure that the system is partitioned properly. Partition Recommended Size Description SWAP Two times the memory size The paging partition for the Linux OS. / (Root) 10-15 GB The root partition containing all Hardware Node operating system and Virtuozzo Containers software files. /vz All available space on Raid partition (ext3, 4096 block, one block per inode) The partition to host Virtuozzo Containers templates and all container data. Allocating as much disk space as possible to this partition is recommended. I/O performance requirements are highest for this partition Table 3 Parallels Virtuozzo Containers for Linux partitioning Installing the Parallels Virtuozzo Containers Software After installing the host operating system, administrators must run the Parallels Virtuozzo installer script install from the mounted distribution media, which can be downloaded from www.parallels.com/en/ download/virtuozzo4. The graphical installer guides administrators through the installation process. Additionally, an unattended installation method is available and can be initiated by starting the installer program with the corresponding parameters. For more information about the installation process, see the Parallels Virtuozzo Containers Installation Guide, which is found in the distribution media or at http://download.parallels.com/virtuozzo/virtuozzo4.0/docs/en/lin/vzlinuxinstallation.pdf. PARALLELS VIRTUOZZO CONTAINERS FOR WINDOWS In a Microsoft Windows Server environment, we recommend using the x64 Edition of Windows 2003 Server Standard or Enterprise Edition with SP2 installed. The x64 edition of Microsoft Server 2003 has a better overall performance compared to the 32-bit release and allows a higher density of containers per physical server. Parallels Virtuozzo Containers has certain requirements regarding Windows patch level. Be sure that no unapproved Microsoft hotfixes are installed before installing Parallels Virtuozzo on a server. An up-to-date list of approved and unapproved patches is available at www.parallels.com/en/products/virtuozzo/updates. Parallels Launching Hosted VPS Services 8

Installing Parallels Virtuozzo Containers Parallels Virtuozzo Containers for Windows can be downloaded from www.parallels.com/en/download/virtuozzo4. Be sure to select proper edition for download. No special partitioning is needed on a Windows host to install Parallels Virtuozzo Containers. However, creating a separate partition for the operating system and a separate partition for the Parallels Virtuozzo Containers data folder on the RAID system is recommended. Partition Recommended Size Description C: (Root) 15-20 GB The root partition containing all hardware node OS and Parallels Virtuozzo Containers program software files. D: Any free drive letter can be chosen All available space on Raid partition (NTFS formatted) The partition to host Virtuozzo Containers templates and all container data. Allocating as much disk space as possible to this partition is recommended. I/O performance requirements are highest for this partition; RAID10 array is recommended for performance and data redundancy reasons. Table 4 -Typical Parallels Virtuozzo Containers for Windows partitioning Installing Parallels Virtuozzo Containers for Windows can be done through Parallels Management Console, the included graphical GUI management tool, by launching the virtuozzo4.0_x64.exe file. For an easy installation, Parallels Virtuozzo Containers supports an unattended installation mode via the virtuozzo4.0_x64.exe file with the proper parameters. In general, no other applications should be installed on the host OS level on the hardware node. Exceptions include: Antivirus Software (the list of supported anti virus tools can be found at http://kb.swsoft.com/ en/2226 ) 3rd Party Backup Software to backup the host system itself (optional because Parallels Virtuozzo Containers has its own backup system) For more information about the installation process, see the Parallels Virtuozzo Containers Installation Guide, which is found in the distribution media or at http://download.parallels.com/virtuozzo/virtuozzo4.0/docs/en/win/vzwindowsinstallation.pdf. Windows Host OS Security Considerations To ensure security of the host, the OS on the hardware should be hardened. The Administrator account should be renamed and the Guest account should be disabled or renamed. The user password should have a minimum length of eight (8) characters and should consist of alphanumerical and numerical characters for a higher complexity. Regularly changing the password increases security. Windows Server 2003 Operating System Licensing In a Parallels Virtuozzo Containers for Windows installation, an OS license is needed for each container. The most cost effective licensing model in a service provider environment is the Microsoft Server Data Center Edition License. This license is available in the SPLA program and is licensed per physical processor. The licensing already integrates the licenses for all containers running on the licensed hardware. Downgrade rights of the license allow installing each version of Windows 2003 Server. Parallels recommends installing the x64 Enterprise Edition of Windows Server 2003. More information on the Microsoft Data Center Edition licensing can be found at www.microsoft.com/windowsserver2003/howtobuy/licensing/datacenter.mspx#etc. Parallels Launching Hosted VPS Services 9

Resource Management Parallels Virtuozzo Containers Resource Management controls the amount of resources available to containers. The controlled resources include CPU power, disk space and a set of memory-related parameters. All resources for a container can be preconfigured in a sample configuration file, which reflects the hosting plan offered to Parallels customers. Proper resource configuration for a Parallels Virtuozzo Containers server is essential. An incorrect configuration may lead to poor overall system performance which will result in negative user experiences and produce a high number of support issues. Memory In Parallels Virtuozzo Containers for Linux, the Virtuozzo Service Level Management (SLM) controls the amount of physical memory available to a container and offers easy, effective configuration. The parameters can be set in the sample configuration template which is used when creating a new container or the command line interface can be used to set the proper values for an already created container. Hint: Customers who purchase Parallels System Automation or Parallels Business Automation Standard can easily configure and assign multiple service plans and configurations using the graphical user interface provided by these products. The new memory limit is set on the fly, and no reboot of the container is needed. For more information on the resource management see the Parallels Virtuozzo Containers for Linux User Guide. Parallels Virtuozzo Containers for Windows allows administrators to directly set the memory for applications inside the container. Shared and memory mapped files are not included in this value. The container uses the central swap file on the host level and has no own swap file running internally. CPU # vzctl set 101 --slmmemorylimit 128M --save The CPU performance is configured in CPU units. The default value for a container is 1000. When planning and setting up the CPU resources for a container, the difference between the values should be in balance (1000/2000/4000 are reasonable) and significant differences should be avoided. Otherwise, slow containers may slow down the entire system by not being able to free system-wide locks (like file system journal) quickly enough. Additionally, it is possible to set the number of CPUs available to a container. The default value allows the VPS to use as many CPUs as installed in the system (a 2 processor system with 4 cores on each CPU has 8 CPUs in total). Limiting the number of CPUs per container to one, two or four may improve overall system performance because it simplifies the scheduling for the OS. Additionally, the VPS owner s experience may be improved because runaway tasks in other containers are isolated so they cannot consume processing power across the entire server. Additionally it is possible to set a guaranteed CPU value in percentage. This allows to assign a minimum overall percentage of CPU usage which is exclusively reserved for a dedicated container. Disk Space Because most web hosting customers will not use all the disk space assigned to their VPS offering, providers may elect to oversell up to 30-50% of the disk space on the server. Disk space can be assigned to a Containerby pre-setting the value in the sample configuration, which is used to create the container. When the container is up and running administrators can change the disk space on the fly by using the Parallels management tools or the command line interface. Parallels Launching Hosted VPS Services 10

Hosting Plan Offer QoS Parameters Silver Gold Platinum CPU Power: XXX 1 MHz guaranteed, X*1 GHz burstable Guaranteed memory: 128 MB Max memory: 256 MB Disk space: 5 GB One CPU CPU Power: 2*XXX MHz guaranteed, X*2 GHz burstable Guaranteed memory: 256 MB Max memory: 512 MB Disk space: 10 GB Two CPUs CPU Power: 4*XXX MHz guaranteed, X*4 GHz burstable Guaranteed memory: 512 MB Max memory: 1024 MB Disk space: 30 GB Four CPUs Table 5 - Examples of VPS for Linux offerings CPU units: 1000 slmmemorylimit: 256 MB Disk space: 5242880 (in KB) One CPU CPU units: 2000 slmmemorylimit: 512 MB Disk space: 10485760 (in KB) Two CPUs CPU units: 4000 slmmemorylimit: 1024 MB Disk space: 20971520 (in KB) Four CPUs For more information on the resource management, see the Parallels Virtuozzo Containers for Linux User Guide. Hosting Plan Offer QoS Parameters Silver Gold Platinum CPU Power: XXX MHz guaranteed, X GHz burstable Guaranteed memory: 128MB Max memory: 256 MB Disk space: 5 GB One CPU CPU Power: 2*XXX MHz guaranteed, X*2 GHz burstable Guaranteed memory: 256 MB Max memory: 512 MB Disk space e: 10 GB Two CPUs CPU Power: 4*XXX MHz guaranteed, X*4 GHz burstable Guaranteed memory: 512 MB Max memory: 1024 MB Disk space: 30 GB Four CPUs Table 6 - Examples of VPS for Windows offerings CPU guarantee: not limited CPU limit: not limited CPU units: 2000 Memory: 512 MB Disk space: 10485760 (in KB) Number of processes: 80 Number of TS sessions: 2 Two CPUs CPU guarantee: not limited CPU limit: not limited CPU units: 2000 Memory: 512 MB Disk space: 10485760 (in KB) Number of processes: 80 Number of TS sessions: 2 Two CPUs CPU guarantee: not limited CPU limit: not limited CPU units: 4000 Memory: 1024 MB Disk space: 20971520 (in KB) Number of processes: 80 Number of TS sessions: 2 Four CPUs 1 The guarantee is not set for a container, but calculated instead. For example. if you have 30 silver containers on the host, 20 gold and 10 platinum, and the host is 4 core 3GHz each, the guarantee corresponds to 4*3GHz/(1*30 + 2*20 + 4*10) = 109MHz. The burstable power corresponds to the CPU power (3GHz), multiplied by the number of cores available to the container. Parallels Launching Hosted VPS Services 11

Provisioning New Containers Parallels provides several automation solutions (www.parallels.com/en/products/am) which allow easy provisioning and management of containers and other operational services. For administrators who want to provision services with their existing tools, Parallels Virtuozzo Containers provides a complete API (SOAP, XML-RPC) or command line scripting interface. Accessible functions are documented in the Parallels Virtuozzo Containers API documentation, which can be downloaded at www.parallels.com/en/products/virtuozzo4/docs. Also see the command line Reference Guide, which is available at www.parallels.com/en/products/virtuozzo4/docs, to find out which commands are available and how to use them. Hosting plans and container configurations should be created by using the sample container configurations, which allow service providers to create a template that can be reused each time a new container is created. Before creating containers on a hardware node, the provisioning software must verify that the server can handle the additional load. In general, verify that the following main resources are available: Memory - Memory is often overcommitted. Therefore, verify the real memory usage and sum up the memory configured for the containers. Disk - For provisioning new containers and to let existing containers to grow when needed, at least 20-30% of the disc space should be available on the /vz partition. Disk I/O - The number of processes waiting for I/O can be seen via the vmstat command. CPU - The average utilization should not exceed 70%. UPSELLING HOSTING PLANS Parallels Virtuozzo Containers makes it easy for your customers to upgrade their current service plan to a plan with more container resources using the API. To do this, you will need to configure at least two container configurations so that a new sample configuration can be applied to the container when ordered by the customers. The changes will immediately take affect without downtime. Hint: Parallels Automation software provides control panels which allow clients to go online to request and pay for an upgrade which will be automatically provisioned. Fore more information on changing a container configuration via the API, see the Programmers Guide. Parallels Launching Hosted VPS Services 12

Backups Containers should be backed up regularly to avoid data loss. Parallels Virtuozzo Containers provides a full featured backup functionality and central management of the backup/restore configuration and tasks via the Parallels Infrastructure Manager. VPS owners are able to access the latest backups and can create their own backups via the Parallels Power Panel. The backups should be stored on a central backup server. This can be done by configuring a central backup server or by mounting a NFS/samba share to each of the hosts. PVC Node 1 /vz /vz/backups File server Share: pvcbackup PVC Node 2 /vz /vz/backups PVC Node n /vz /vz/backups Figure 2 - Mount points from file server on PVC nodes Alternatively, a Parallels Virtuozzo server can be configured as the central backup server for the Parallels Virtuozzo Containers for Linux and the Parallels Virtuozzo Containers for Windows backups. With this configuration, no additional drives must be mounted to the hosts. PVC Node 1 /vz /vz/backups PVC Backup Node /vz /vz/backups PVC Node 2 /vz /vz/backups PVC Node n /vz /vz/backups Figure 3 - PVC serer as a backup storage Parallels Launching Hosted VPS Services 13

Administrators can create a full backup of all containers running on the node by using the vzabackup utility from the command line of the backup node. The vzabackup tool is able to backup all nodes in the infrastructure. # vzabackup -F --force --storage 1.2.3.4 pvcserver01.local.network.com pvcserver02.local.network.com This command creates a full (-F) backup of all containers on the nodes pvcserver01.local.network. com and pvcserver02.local.network.com. The --force option prevents the backup task being from stopped on failures on single VCs. The --storage option allows setting a central backup node to store the backups on. If the --storage option is not available, the backup is initiated but stored in the default location configured on each separate node. By issuing the vzabackup via a task scheduler such as cron on the central backup server, administrators can automate backups. When using mounted drives from a central share or NAS, administrators must configure this mounted directory on each node as the default location for the local backups. The default location on Parallels Virtuozzo for Linux is /vz/backups. On a Parallels Virtuozzo for Windows system, backups can be found in the Parallels Virtuozzo data folder in the subfolder backup (example: X:/vz/backups). The location can be changed by using the Parallels Virtuozzo Management Console, which is installed on the hardware node. The local backup location can be changed via the Parallels Management Console. Right-click on the local server and go to Backup -> Default Location to change the default location of the backup. Backups should run regularly on all days and rotate in regular intervals every several weeks: Full backup every Saturday at 1 a.m. Incremental backup every Monday, Tuesday, Wednesday, Thursday and Friday at 1 a.m. Backup rotation, which would keep 3 to 5 weekly backup chains For more information on how to use vzbackup via the command line or GUI tools, see the Parallels Virtuozzo Containers User Guide. For more information on initiating the backup via the API, see the Parallels Virtuozzo Containers Programmers Guide. Patch Management To ensure system stability and security, it is highly recommended that administrators regularly update the host OS, the Parallels Virtuozzo Containers software and the software inside the containers. PARALLELS VIRTUOZZO CONTAINERS FOR LINUX Updating the Host OS Parallels Virtuozzo Containers for Linux allows administrators to use the standard package management tools such as yum to keep the host OS up-to-date. The Parallels Virtuozzo kernel running on the hardware node is updated via the Parallels Virtuozzo software update utility vzup2date. To reduce bandwidth to/from the Internet and to increase service availability, we recommend that administrators set up a local patch server that acts as a local repository for both host and containers patching. Parallels Launching Hosted VPS Services 14

Cent OS Repository Provider Repository PVCNODE2 Fedora Core Repository PVCNODE1 Updating Parallels Virtuozzo Containers Figure 4 - Repository configuration for central local repository Parallels Virtuozzo Containers patches are announced via email to all subscribed customers using the email address provided to Parallels with the order. Additional people can be added by contacting the Parallels Sales person or via partnermarketing@parallels.com. The email is sent out shortly after the patches are available on the download servers and provides information on the issues fixed with the update. Parallels Virtuozzo Containers for Linux can be kept updated by using the Parallels Infrastructure Manager (PIM) or via the command line utility vzup2date. PIM allows easy mass updates of the PVC servers in the infrastructure. The web based PIM and the command line tool can connect to the Parallels update server on the Internet or to a local repository to download the Parallels Virtuozzo patches. Updating the OS and Applications in a VPS The Linux distribution used inside a VPS is based on an OS template. The binaries of these templates are stored in a local repository on the hardware node and are linked to the container. We recommend using EZ templates for Parallels Virtuozzo Containers for Linux to simplify the process of updating the operating system inside each container. Linux users can install their own update RPMs in their containers. However, Parallels recommends using the provided update tools to install the patches for the templates deployed into the containers. EZ templates are designed to make resolving application dependences as automated as possible. EZ templates tightly depend on package repositories. All packages are transparently and automatically downloaded from repositories on demand: # vzpkg update cache fedora-core-6-x86 Loading rpm2vzrpm plugin Setting up Update Process Setting up repositories base0 100% ========================= 951 B 00:00 base1 100% ========================= 951 B 00:00 base2 100% ========================= 951 B 00:00 base3 100% ========================= 951 B 00:00... Parallels Launching Hosted VPS Services 15

Dependencies are resolved on a per container basis, which allows users to have unique sets of packages in each container. Container upgrades are as easy as running a single command: # vzpkg update 101... Running Transaction Updating : hwdata ###################### [1/2] Cleanup : hwdata ###################### [2/2] Although any container can use completely independent sets of packages, any identical files in different containers will be automatically shared on both disk and memory. EZ templates use standard package repositories based on yum (for RPM based distributions) and apt (Debian) Linux utilities. However, having available and consistent package repositories is much more important for EZ template management than for dedicated servers. Because Virtuozzo containers rely on the packages in the template area, unavailability of package repositories may prevent container migration, restoring from backup, etc. Administrators are therefore recommended to: Maintain their own local repositories rather than rely on third parties Include these repositories in the disaster recovery plan Never delete files from the local repositories - even if remote repositories do so - unless they are 100% sure that corresponding Linux distributions are not used by any of other containers, either running or even stored in backup. EZ templates allow administrators to use the original OS vendor s packages and to receive the updated RPM packages from a central repository right after their release. To keep the container s Linux distribution up-to-date, the local repository must be regularly updated from the upstream repository. Since the repositories are managed by the OS vendor and not by Parallels it is recommended to sign up for email notifications which are send out by the vendor when the repositories are updated. It is recommended that administrators create a local repository on a central server in the local infrastructure. This repository should be kept up-to-date and old packages should remain in that repository because they might be needed by a container which requires a older version of the software. When migrating or restoring containers from the backup, Parallels Virtuozzo may automatically download required packages to the template area on the destination server. Missing packages may lead to failed migrations or restoring of the container. For more information on keeping a Parallels Virtuozzo for Linux system up-to-date, see the Parallels Virtuozzo Containers for Linux User Guide. PARALLELS VIRTUOZZO CONTAINERS FOR WINDOWS The Host OS Updated: hwdata.noarch 0:1.0-3.swsoft Complete! Updated: hwdata noarch 0:0.158.1-1 The Microsoft Windows Update Service can be used for a Microsoft Windows system. Parallels tests all Microsoft OS patches against Parallels Virtuozzo and makes them available on a central WSUS server on the Internet. During the installation of Parallels Virtuozzo Containers for Windows, the default WSUS source server is changed to vzwinupdate.swsoft.com to download just the Parallels-tested and approved patches 2. 2 This update server only delivers approval policy on Windows updates for PVC servers. The updates bits are still downloaded from the Microsoft Windows update server. Parallels Launching Hosted VPS Services 16

A central patch server allows administrators to save Internet bandwidth by downloading operating system and Parallels Virtuozzo patches to one central server only. All Parallels Virtuozzo for Windows servers can download patches from this central server instead of from the Internet. A WSUS installation on a dedicated server is recommended for central deployment of Microsoft OS patches. When using a central WSUS server, configure the WSUS server to get the patches from the central Parallels Virtuozzo Containers for Windows WSUS server vzwinupdate.swsoft.com. The Parallels Virtuozzo Containers Software On a Microsoft Windows Server system, the Parallels Virtuozzo Containers Update Manager helps keep the system up-to-date. The Parallels Virtuozzo Update Manager connects to the server on the Internet and downloads the available Parallels Virtuozzo patches. The installed Parallels Virtuozzo patches will ensure system compatibility with the newest Microsoft OS patches by updating the KSAL DB Kernel Service Abstraction Layer Database. This database is responsible for the OS patches downloadable from the Internal or external WUS server. If Parallels Virtuozzo detects a non-supported Microsoft patch, the Parallels Virtuozzo service will not start. The download and installation of the Parallels Virtuozzo patches can be automated by configuring the Virtuozzo Update Service via the Parallels Management Console. A list of approved Microsoft patches can be found at www.parallels.com/en/products/virtuozzo/updates. To provide a central server for Parallels Virtuozzo itself, a Virtuozzo Update Service (VUS) server must be set up. The VUS software must be installed on the same server on which the Windows Software Update Service is installed by running the vusinstall.exe, which is located in the Parallels Virtuozzo for Windows media distribution. After installing the service, use the installed VUS manager to synchronize the local VUS with the central Parallels Virtuozzo Containers Update Center. For more information on compatible patches, see the Parallels Virtuozzo Containers User Guide. Patching the Container A Parallels Virtuozzo for Windows system does not allow users to install OS patches inside the VPS manually. Therefore, the provider must take responsibility for the patch management of the containers. Microsoft OS patches installed on the hardware node are automatically distributed to containers. Because most Windows updates require a reboot, a maintenance window must be planned to reboot the node (reboot of individual containers is not required). Monitoring Parallels Virtuozzo Containers provides the option to use SNMP to monitor a Parallels Virtuozzo infrastructure. The provided SNMP monitoring plug-in allows administrators to integrate Parallels Virtuozzo system services monitoring into a central monitoring system. Parallels Virtuozzo installs the SNMP support by default. Monitoring checks the availability of the physical server by monitoring hardware defects such as errors on the disk system. Additionally, the running services related to Parallels Virtuozzo must be monitored. Monitoring should be used for all containers in the infrastructure. Parallels recommends monitoring containers that are part of a managed VPS offering. Monitoring unmanaged containers is optional. For more information on monitoring, see the Parallels Virtuozzo User Guide. Parallels Launching Hosted VPS Services 17

High Availability with SAN/iSCSI Parallels Virtuozzo Containers 4.0 introduces high availability support for Linux and Windows environments. In the event of a hardware/software failure, the containers that ran on the broken host will be automatically restarted on a standby host, which greatly improves service levels. VE 1 VE 2 VE 3 VE 4 VE 5 VE 6 VE 7 VE 8 VE 9 Client 1 Client 2 Client 3 Figure 5 - PVC Cluster architecture Parallels Virtuozzo for Linux uses the Red Hat Clustering Suite, which is shipped with RHEL version 5, to achieve the high availability of containers running on the hardware nodes. Parallels Virtuozzo for Windows uses either the Microsoft Clustering Service or Microsoft Network Load Balancing to achieve high availability. For both Linux and Windows, the /vz directory must be available on the SAN and available to all servers in the cluster. One standby server can act as a failover server for multiple hardware nodes. Microsoft Windows allows seven active servers and one passive in one cluster group. Details on how to set up a clustered VPS service offering are available at: PVC for Linux: http://download.parallels.com/virtuozzo/virtuozzo4.0/docs/en/lin/vzlinuxclustering.pdf PVC for Windows: http://download.parallels.com/virtuozzo/virtuozzo4.0/docs/en/win/vzwindowsclustering.pdf Parallels Launching Hosted VPS Services 18

Parallels Power Panel Parallels Power Panel is a web-based self management interface for the container owners. It allows a root (Linux) or Administrator (Windows) user to connect via IP/hostname and the port 4643 (https://yourdomain:4643) to the VPS when the container is in started or stopped mode. Parallels Power Panel allows container administrators to: Start, stop or restart the container Repair the container Reinstall the container Back up and restore the container Change the container root password Start, stop or restart certain services inside the container Access other control panels installed in the container View a list of container processes and send them signals View the current resource consumption and resource over usage alerts View the Parallels Virtuozzo logs Figure 6 - Screenshot of Parallels Power Panel Parallels Launching Hosted VPS Services 19

Administrators can access the Parallels Power Panel via an IP/port redirect on the host level of the hardware node to a web server running in the service container running on each host. A web server running inside the service container provides access to the power panel. The feature set of the tool integrates basic functionality such as starting and stopping a container, backing up and restoring a container and service management. The feature set can be configured via an XML file, and the design and branding can be changed by using already designed templates or templates created by the provider. To enable access to the Power Panel, Offline Management must be switched on for the container. To reduce support efforts and costs, enabling the Power Panel for all container owners is recommended. Conclusion Parallels Virtuozzo Containers delivers a hosting solution with low overhead, efficient updates, and easyto-use management tools. This allows service providers to launch compelling services to increase revenue opportunities and streamline IT management to reduce support costs. This paper covered several practices to help service providers get the most out of their Parallels Virtuozzo Deployment including hardware selection, network configuration, resource management, patch management, monitoring, backups, and high availability configurations. More details about Virtuozzo can be located in the Parallels Virtuozzo Containers User Guides which are located on the Parallels website (http://www.parallels.com/virtuozzo/docs/). Parallels Launching Hosted VPS Services 20