Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com W H I T E P A P E R K V M : O p e n V i r t u a l i z a t i o n B e c o m e s E n t e r p r i s e G r a d e Sponsored by: IBM, Red Hat Gary Chen February 2013 I N T H I S W H I T E P A P E R Server virtualization has quickly become a trusted, mainstream solution aboard x86 servers. KVM, which stands for Kernel-Based Virtual Machine, is an open source technology that allows Linux to act as a full-fledged, enterprise-capable hypervisor for both Linux and Windows workloads. The implementation of KVM is unique in several ways and delivers a robust and scalable hypervisor. This IDC White Paper examines the architecture, progression, and future of KVM, as well as the related management and cloud system software, and profiles two key vendors in the ecosystem, IBM and Red Hat. S I T U A T I O N O V E R V I E W Today, virtualization has overtaken physical as the primary server deployment method. The latest IDC statistics show that: Virtual servers are outshipping physical servers by a ratio of more than 2:1 in 2012. 55% of all installed workloads as of the end of 2011 are virtualized, and new workloads are being virtualized at a rate of 67%. The industry has also seen a shift in the drivers and use cases for virtualization. Initially, customers primarily virtualized to consolidate servers and benefit from hard savings in areas of hardware, real estate, and power and cooling. The hypervisor provides the fundamental technology for virtualization, enabling the efficient sharing of resources. However, hypervisor use cases have rapidly expanded, and customers are regularly using hypervisors now for high availability, disaster recovery, servicelevel management, and the foundation for private clouds. Accordingly, the initial cost savings are expanding to include soft savings from increased agility, flexibility, elasticity, and security. The competitive landscape is also changing, as alternative hypervisors to VMware have improved dramatically and now offer customers a viable enterprise-class choice. Hypervisors are becoming less of a standalone product and more of an embedded feature of a larger product, such as an operating system (OS) or a cloud system software suite. Although multihypervisor adoption is modest today, with about 15% of customers having multihypervisor deployments, interest has been rising steadily as alternatives have improved, and IDC expects that number to at least double over the next few years (see Figure 1).
(% of respondents) F I G U R E 1 M u l t i h y p e r v i s o r D e p l o y m e n t s G a t h e r i n g S t e a m i n 2 0 1 1 Q. What is your hypervisor deployment strategy going forward? 100 90 80 70 60 50 40 30 20 10 0 Combination of multiple hypervisors Standardize on one hypervisor n = 404 Source: IDC's Virtualization Multiclient Study, 2011 The battle for the second hypervisor is fierce, with several strong choices in the market. When comparing choices for a second hypervisor in a recent study (see Figure 2), IDC found that customers are just as likely to choose a proprietary solution as an open source solution, an indication of how much open source virtualization has matured over the years. 2 #238850 2013 IDC
F I G U R E 2 O p e n S o u r c e R i v a l i n g P r o p r i e t a r y f o r S e c o n d H y p e r v i s o r Q. Which second hypervisor will you deploy? Don't know (8.0%) Open source (46.0%) Closed source (46.0%) n = 39 Source: IDC's Virtualization Multiclient Study, 2011 As virtualization evolves into cloud to increase flexibility, competing hypervisors are also given new opportunities. IDC's 2012 Cloud System Software Survey indicates that customers deploying a private cloud are very open to deploying a new hypervisor that may be embedded with a cloud software platform, indicating that the value is shifting into the cloud layer with the hypervisor becoming a commodity feature (see Figure 3). F I G U R E 3 C l o u d s W o n ' t A l w a y s B e B u i l t o n E x i s t i n g H y p e r v i s o r s Q. Which hypervisor would you prefer to use with your private cloud system? Existing (46.8%) New (53.2%) n = 282 Source: IDC's 2012 Cloud System Software Survey 2013 IDC #238850 3
K V M B A C K G R O U N D KVM is a module within the Linux kernel that turns the Linux operating system into a Type 1 bare metal hypervisor for x86 and other systems. KVM officially became part of the mainline Linux kernel as of version 2.6.20 (released in February 2007). Being an integral part of the mainstream Linux kernel has several implications: KVM is preintegrated and pretested with Linux and included in nearly all Linux distributions, regardless of whether KVM is formally supported or not. In reality, all the major Linux distributions include and support KVM today, and it is a Linux feature that most users expect in any distribution. Although KVM is built on Linux, it can virtualize Windows workloads as well as Linux workloads. KVM is able to leverage the entire Linux development community as any improvements to Linux in general also benefit KVM. It also means that Linux developers can now presume that KVM is available to be utilized as a standard Linux feature. Developers can leverage KVM to test and develop applications and should assume that customers will deploy their applications into virtualized environments. The KVM module continues to be updated along with the Linux kernel and does not have any easily determinable version of its own, but this may not matter to most users because in many cases users receive KVM through a Linux distribution. However, commercial Linux vendors may attach their own version numbers to their standalone KVM distributions, which may also include separate management tools and additional features. KVM inherits the drivers and broad hardware compatibility of Linux, allowing it to run nearly anywhere Linux for x86 runs, and no unique effort is required to produce new drivers specifically for KVM. While KVM was originally developed for x86, ports are in progress for other architectures as well. A lot of IT Linux skills and knowledge carry over to KVM, making it more familiar to Linux users. KVM reuses many of the established Linux technologies, such as process management, drivers, memory management, I/O, svirt, and Security Enhanced Linux (SELinux). K V M A R C H I T E C T U R E KVM is a loadable Linux kernel module that allows the Linux operating system to unlock hardware virtualization instructions and function as a Type 1 bare metal hypervisor. A hypervisor can be thought of as a very specialized operating system designed to run VMs instead of arbitrary applications. Other than the virtualization aspect, the rest of a hypervisor deals with standard OS tasks such as managing memory, scheduling processes, handling drivers, doing I/O, etc. Within the Linux kernel, the KVM module implements the essential capabilities to do the magic that allows virtual machines to function but yet adopts the philosophy of not reinventing the wheel and uses the established and proven Linux OS functions for the rest. By not having to rewrite basic functions, developers can focus their efforts on optimizing 4 #238850 2013 IDC
Linux for VM processes not replicating those functions within the hypervisor code stack. It also means that all the advances in Linux as an OS apply to virtualization as well: Scheduling, resource control, and memory management. Virtual machines under KVM in Linux are simply treated as any other running process during execution. All the advances made within Linux over the years that deal with core OS functions of handling processes, such as scheduling, resource control, and memory management, are applied to VMs operating within KVM; future advances will follow suit. For example, improvements to the scheduler, such as process priority, CFS, and control groups, allow fine-grained controls to implement QoS for VMs by managing the resources such as CPU, memory, and I/O just as users can do with processes today. Another example would be adding non-uniform memory access (NUMA) support to Linux, which allows Linux processes and, by inheritance, VMs to address large amounts of memory. Storage. VM images are treated like any other Linux file on a disk device. Thus, storage support is any type of storage that is supported by Linux today, which includes local disk, a variety of file systems, NAS, iscsi, and SAN. Improvements to the storage I/O stack and support for a storage vendor's infrastructure all carry over to KVM and allow VMs to leverage Linux's robust and proven storage stack. Hardware support. KVM inherits the entire Linux device ecosystem and is able to access any device that Linux supports. QEMU a related open source project is used to provide I/O device virtualization inside the virtual machines created by KVM. Linux is a popular, general-purpose OS and thus is compatible with a wide variety of devices and systems, allowing KVM to run on nearly every hardware platform today. Scalability enhancements to Linux that allow it to run on systems with a large number of CPUs/cores and very large RAM sizes also carry over to KVM, allowing it to scale as Linux scales. Security. KVM also is able to leverage the Linux security model, SELinux, which essentially "sandboxes" processes so that if a process becomes compromised, the problem is limited to that process and does not compromise the entire system. Because VMs are run as normal Linux processes under KVM, this protection extends to VMs as well. SELinux sandboxes VMs not only from each other but also, more importantly, from the hypervisor, protecting against any potential hypervisor vulnerabilities that could emerge. O P E N K V M M A N A G E M E N T As virtualization has grown in scale and complexity, management is a crucial factor in any deployment. One aspect that hampered Xen, an earlier open source hypervisor, was a fractured management interface, which eventually led to incompatible versions of Xen in the market. In addition, many of the Xen management tools were closed source, with no open source community driving the management tools in addition to the hypervisor. Linux and KVM have standardized on the open source libvirt and libguestfs libraries as the base APIs for managing virtualization and images (which support other hypervisors besides KVM). Higher-level tools, such as virsh, virt-manager, and ovirt, are then built on top of libvirt. 2013 IDC #238850 5
ovirt is the primary project that the community is focusing on for KVM management, with a consortium of industry vendors supporting the project. ovirt is fully open source and presents a high-level, enterprise-grade, Web interface for managing KVM virtualization as well as attached storage and networking. ovirt is a modern Web application with a REST-based API, a Python SDK, and a command line interface for scripting and automation. ovirt runs on an open source stack of Linux and Java. Having a single, standard management interface for KVM will be crucial to accelerating KVM support in the ecosystem. K V M A D O P T I O N A N D U S E C A S E S Initial KVM adoption has been in several main areas, with an increasing number of public customer references highlighting client use of KVM and open virtualization management available from KVM partners such as IBM and Red Hat. Linux server consolidation. Linux servers are often less virtualized than Windows servers, and customers use the KVM hypervisor inside Linux distributions to consolidate Linux workloads. Mixed hypervisors. KVM is deployed as an alternative hypervisor alongside an existing installed base for reasons of cost or flexibility. Virtual desktops. KVM serves as the hypervisor back end to provide a virtual desktop infrastructure for security and scalability. Foundation for cloud. IaaS clouds use a hypervisor as the foundational layer in the software stack, and KVM is an extremely popular choice for certain cloud software platforms such as OpenStack. K V M A N D T H E C L O U D Hypervisors and virtualization technology have grown in many ways, with use cases constantly expanding. One logical evolution has been to serve as the foundation for private and public clouds. Many public cloud providers have gravitated toward KVM and open source due to excellent cost, code quality, customizability, and transparency. Some of the key public clouds that have been built on KVM include the Google Compute Engine, HP Cloud, and IBM SmartCloud Enterprise. Many of the clouds being built, both public and private, are utilizing emerging open source cloud system software platforms such as OpenStack, Eucalyptus, and CloudStack. These platforms are quickly gaining in maturity, and KVM is well supported by all. OpenStack, in particular, has a tremendous amount of momentum and a fast-growing community. While OpenStack supports multiple hypervisors, KVM is the choice of over 95% of OpenStack clouds, according to IDC estimates. KVM has become the unofficial reference standard for OpenStack, and the future success of OpenStack will also help KVM succeed. 6 #238850 2013 IDC
T H E O P E N V I R T U A L I Z A T I O N A L L I A N C E In May 2011, BMC Software, Eucalyptus, HP, IBM, Intel, Red Hat, and SUSE formed the Open Virtualization Alliance (OVA). The goal of the alliance is to promote KVM in the marketplace by growing the ecosystem, educating the market about KVM, and documenting best practices and case studies. OVA, however, is not a type of certification, nor does it create standards or perform interoperability or compatibility testing. The OVA includes hundreds of members of the ecosystem that are engaging with clients to provide solutions on KVM. The current membership is extremely diverse, representing server, storage, networking, management, OS, business application, and cloud software vendors as well as service providers. This ecosystem will be crucial to the success of KVM because virtualization today is a much more holistic, end-to-end approach that needs contributions from a wide variety of areas. V E N D O R P R O F I L E S I B M IBM is a major contributor to KVM, having embraced it early on and dedicating dozens of engineers to the project, with a particular focus on performance tuning. Since the hypervisor is the lowest layer in a computer system, performance is especially critical for hypervisors. Early on in KVM's development, IBM contributed to many of KVM's performance improvements, such as memory overcommit, VM scalability, and CPU overcommit and capping. IBM continued its efforts in 2012, focusing on large VMs, high I/O scalability, and optimization of exits. IBM is also actively involved in developing benchmarks and using benchmarks to demonstrate and improve KVM performance. Many of IBM's KVM benchmark results are made publicly available, with some impressive results. IBM has also invested significant resources in supporting KVM both internally and externally. Internally, IBM uses KVM to run its public SmartCloud Enterprise Cloud and private Research Compute Cloud. IBM recently established the first ever KVM Center of Excellence in Beijing, China, where clients, partners, and sellers can go to meet experts and conduct briefings, demos, and proofs of concept. In addition, the IBM KVM Assistance Program (IKAP) is available to provide support for customers around the world deploying KVM. Upcoming KVM features that IBM is developing include: Better SR-IOV support Gluster integration Upstream support for Power architectures Support for very large high-end systems Support for KVM features on ovirt and OpenStack 2013 IDC #238850 7
IBM also develops key software products that work with and can manage KVM, in addition to building hardware support for KVM. IBM continues to embrace a multihypervisor strategy to give customers choice and is building support for KVM as a first-class hypervisor, including support for all of the key IBM software products as guests on KVM. VMControl is a plug-in for IBM Systems Director, which enables it to perform management of virtual environments in the datacenter. In addition to KVM management, VMControl manages PowerVM, zvm, Hyper-V, and VMware hypervisors. For the KVM interface, VMControl currently uses libvirt but is expected to move to the newer ovirt APIs. VMControl is envisioned as a multihypervisor management product that can abstract away the differences across multiple hypervisors and hardware (even non-ibm hardware) to perform the common tasks in any virtual infrastructure. IBM SmartCloud Entry is an entry-level cloud system software product that sits above VMControl to build a cloud across x86, non-86, and multiple hypervisors. Currently supported hypervisors include VMware and KVM, with Hyper-V support coming next year. IBM SmartCloud Entry features easy GUI deployment, a Webbased self-service portal, and basic metering. All SmartCloud products are built on a common core and can be upgraded by simply adding more advanced modules. IBM's Tivoli products, such as IBM SmartCloud Provisioning, IBM SmartCloud Orchestrator, and Tivoli Service Automation Manager, also support KVM. R e d H a t Red Hat is the largest contributor to the KVM code base and is playing a major role in bringing KVM, as well as ovirt and OpenStack, to commercially supported, enterprise products. KVM was first featured in Red Hat Enterprise Linux (RHEL) 5.4 and is a major component in RHEL 6. Red Hat packages KVM into two different ways: As part of RHEL. This full Linux OS is Red Hat's flagship product. KVM is integrated into Linux as previously discussed, and RHEL features the complete Linux kernel, tools, and applications typical of a full Linux distribution. Customers that are comfortable deploying the full Linux OS or that require the full OS for add-ons, such as certain third-party agents, would choose RHEL. RHEL can also operate in an interesting hybrid mode, running both VMs and "bare metal" applications simultaneously, supporting some unique use cases. Standalone, as part of Red Hat Enterprise Virtualization (RHEV). RHEV is composed of two parts: RHEV-H is the hypervisor subset of RHEL, including only the necessary components required to run KVM. It strips out unnecessary items such as some kernel drivers, tools, and applications that aren't relevant to KVM to reduce the overall distribution size and also the attack surface for greater security. It runs off of a read-only live CD, ensuring that the system always boots secure, unmodified code and is only 120MB in size. RHEV-M is the management component, a commercially supported enterprise version of ovirt. RHEV-M can manage both RHEL-based KVM instances and RHEV-H based KVM instances. 8 #238850 2013 IDC
RHEV is available for both servers and desktops (VDI). RHEV has Microsoft SVVP certification, meaning that it fully supports Windows Server as well as Windows desktops. Red Hat entered into a virtualization interoperability agreement with Microsoft in February 2009, which ensures that each company will test and support its operating systems aboard the other company's hypervisor. This raises the potential that performance won't be compromised when running on the other vendor's hypervisor and will ensure that support will be provided without finger-pointing. RHEV is also certified by SAP to virtualize SAP applications on both Linux and Windows operating systems. The latest version of RHEV, 3.1, is a feature-focused release that includes many significant enhancements: Storage live migration Live snapshots Support for 160 vcpus and 2TB vram per virtual machine guest Physical-to-virtual (P2V) tool to complement the existing virtual-to-virtual (V2V) tool Ability to hot plug/unplug a VM's network interface and disk image Support for POSIX file system, including support for Red Hat Storage, IBM GPFS, and other similar systems Integrated graphical management of Red Hat Storage in RHEV-M Red Hat also has laid out an eventful road map for KVM and RHEV, with major releases occurring approximately every six months and minor releases in between. Upcoming releases will include features such as host-level SLAs, integrated QoS, UI plug-ins to extend the management interface, Open vswitch, and Quantum networking from OpenStack. C H A L L E N G E S / O P P O R T U N I T I E S Opportunity: Leveraging the reach of Linux. Because KVM is an inherent part of Linux, KVM will reach everywhere that Linux exists today, making it available to anyone using Linux. Challenge: Expanding beyond Linux. Being so closely tied to Linux comes with benefits and challenges. Many customers will see KVM as a solution primarily for Linux customers virtualizing Linux on Linux, even though Windows is well supported. Challenge: Creating a robust management ecosystem. ovirt will be the key technology in providing a standard base-level KVM management layer. However, enterprise systems management is a multilayered onion, and KVM support must also work its way into the larger management software market. 2013 IDC #238850 9
Opportunity: The public cloud. Public cloud providers have shown an early preference for using open source software to build their offerings because of the cost and the open, freely modifiable nature of the code. Challenge: Monetizing the cloud. Service providers often want cut-rate pricing or will support open source software themselves without using a commercial version. Challenge: Ecosystem support. Ecosystem support for any hypervisor must be far reaching and diverse in order to succeed today. KVM will have to fight for priority among the virtualization ecosystem vendors. Challenge: A highly competitive market for the second hypervisor. KVM faces stiff competition from Microsoft and also various Xen distributions. KVM will have to battle hard to be selected over its competitors for the second hypervisor slot in the enterprise. Opportunity: The rise of OpenStack. OpenStack has a lot of momentum behind it, and KVM has an extremely high attach rate to OpenStack. If OpenStack continues to gain traction, it will also drag along KVM deployments. C O N C L U S I O N KVM has made impressive progress since its inclusion in the Linux kernel in 2007. It has been able to tap into the power of the Linux open source development model to achieve widespread distribution and leverage the developer base to mature the code rapidly. KVM developers have made tremendous progress in addressing stability and performance tuning and today are focused on polishing up advanced features and management. ovirt has emerged as the open source standard for base KVM management, commercially supported by Red Hat with Red Hat Enterprise Virtualization. It is also complemented by ecosystem management products such as IBM Systems Director VMControl, IBM SmartCloud Entry, and the OpenStack project. Large-scale public clouds such as the Google Compute Engine continue to demonstrate the readiness of KVM for large-scale and complex deployments. The Open Virtualization Alliance has emerged as a strong consortium dedicated to promoting KVM in the marketplace. Hot cloud projects such as OpenStack rely on KVM as a key enabling feature. The growing robustness of KVM and the ecosystem makes KVM an increasingly attractive virtualization choice for customers that rely on Linux and beyond. 10 #238850 2013 IDC
C o p y r i g h t N o t i c e External Publication of IDC Information and Data Any IDC information that is to be used in advertising, press releases, or promotional materials requires prior written approval from the appropriate IDC Vice President or Country Manager. A draft of the proposed document should accompany any such request. IDC reserves the right to deny approval of external usage for any reason. Copyright 2013 IDC. Reproduction without written permission is completely forbidden. 2013 IDC #238850 11