Home > Articles

Making the Adaptive Enterprise Vision a Reality: The HP Partitioning Continuum

This chapter provides an architectural overview of each of the partitioning products available with HP's 9000 and Integrity servers. It also covers key benefits of each of these solutions to help you decide which one to use. .
This chapter is from the book

The Partitioning Continuum at a Glance

This section provides an executive summary level of detail for the partitioning continuum. Later sections will provide a bit more detail and later chapters provide examples of how to set up each type of partition.

What Is Partitioning?

As we saw in the last chapter, the Adaptive Enterprise is all about pooling and sharing of system resources by running many workloads on the same system. However, this can sometimes be challenging because:

  • One or more of the applications would consume more than its fair share of system resources
  • Applications have namespace collisions. They share the same network ports, log files, configuration files, named pipes, patch levels, kernel tunables, or any one of a number of other system resources
  • It can be difficult to schedule downtime on the system because multiple workloads are impacted.

Partitioning allows you to put multiple applications on a server and isolate them from each other. Each type of partition provides a different level of isolation from resource or namespace collisions, which we will cover later in this chapter.

The properties of a partition can include one or more of the following:

  • Hardware-fault isolation: the ability to ensure that hardware faults and hardware maintenance in one partition won't impact other partitions on the system.
  • Software-fault isolation: the ability to ensure that a software fault in one partition won't impact applications running in other partitions.
  • Resource isolation: the ability to control the amount of critical system resources available to each partition.
  • Security isolation: the ability to ensure that the users and processes running in one partition are not able to access or impact processes in other partitions.
  • Namespace isolation: the ability to ensure that each partition has a duplicated namespace of one sort or another. It can include a copy of portions of the file system or a copy of the entire operating system.
  • Application isolation: the ability to have different versions and patch levels of the same application in different partitions.
  • Kernel parameter isolation: the ability to tune the kernel parameters in each partition to the application that will be running there. Many applications require a specific set of kernel parameters to ensure that the application can run at peak performance.
  • Operating system isolation: the ability to run separate operating systems in each partition. This has the advantage that it typically provides most of the other types of isolation, the exception being hardware fault isolation. You can safely run a development workload in a partition on one system that is running production workloads in other partitions.
  • Resource flexibility: the ability to share resources between different partitions. This is the key benefit of partitions rather than separate systems for each workload. When a workload runs out of resources on a system, it is not possible to reconfigure the system to allocate additional resources. And if the spike in load that caused the need for additional resources is rare, the utilization of the server will go down if you add resources.

HP's Partitioning Continuum

HP supports four different partitioning technologies that have progressively stronger isolation or flexibility depending on your requirements. These are depicted in Figure 2-1.

02fig01.jpg

Figure 2-1 The HP Partitioning Continuum

nPartitions

The first partitioning alternative is hardware-supported partitions, or nPartitions (nPars). HP introduced nPars during HP World in August 2000, when we introduced our first cell-based platform, the HP 9000 Superdome. The architecture of the system was designed to allow components of the system to be isolated from one another. The key features of nPars include:

  • Complete hardware-fault isolation: HP's nPars is unique in the industry because it provides fully electrically isolated partitions inside a single system. This is accomplished using a custom chipset design in each cell such that firewalls are configured to ensure that electrical signals are dropped if they are destined for a cell that does not belong to the partition. This ensures that no hardware failure in one partition can affect any other partition in the system.
  • Complete software-fault isolation: Clearly, if the electrical signals can't cross an nPar boundary, neither can any of the software running there. The partitions look and act like separate systems. They can run separate OS images with different versions, different patch levels, kernel tunables, etc.
  • Cell granularity: One of the key benefits of nPars over separate servers for each workload is the fact that an nPar can be resized very quickly. Currently, HP-UX requires a reboot in order to move a cell from one partition to another. However, a future version of HP-UX will support addition and deletion of memory online, which will make possible a number of interesting features, including online addition and deletion of cells.
  • Multiple OS images: Each partition gets its own hardware and software, including the operating system.
  • Support for HP-UX, Windows, OpenVMS and Linux: The Precision Architecture–based HP 9000 Superdome only supports HP-UX. However, the Integrity Superdome, based on the Itanium processor, supports HP-UX, Windows, Linux, and OpenVMS in separate partitions on the same system. Another benefit of this flexibility is that the HP Integrity platform can be repurposed from an HP-UX platform to a Windows platform either after the HP-UX workload has been moved to another system or as an emergency spare in the case of a failed system.
  • In late 2005, HP began supporting running Precision Architecture (PA) processors in one partition and Itanium processors in another. This will require up-to-date firmware but will be supported on any cell-based system with either the sx1000 or sx2000 chipsets.

Virtual Partitions

Virtual partitions is the ability to run multiple copies of the HP-UX operating system on a single core set of hardware. This can be a separate server or within an nPartition. Some of the key benefits of HP's vPars include:

  • Software-fault isolation: Software faults on one partition, including kernel panics, can't impact other partitions.
  • Operating system isolation: Each partition gets its own complete copy of the operating system. They can be different versions, different patch levels, different kernel tunables, etc. They also could run different versions of the applications. This is why vPars are often used to provide development and test environments.
  • Single CPU granularity: vPars can be configured and run using a single CPU and can be allocated in single-CPU increments as well.
  • Dynamic CPU migration: CPUs can be moved from one vPar to another while both partitions are up and running.
  • Minimal overhead: HP's vPars solution was designed to allow each major hardware component—CPUs and I/O cards—for example, to be assigned to a partition in its entirety. Because these components are not shared, there is no need for a virtualization layer to manage every interface between the OS and the underlying hardware. Put differently, each OS talks directly to the hardware assigned to the vPar, ensuring that running vPars on a system has a minimal impact on performance.

Integrity VM

In 2005, HP released a new partitioning technology designed specifically for the Integrity platform called Integrity VM. This is a type of virtual partition in which the system hardware itself is fully virtualized. The result is that the operating system can operate inside the VM unmodified. This means that users will be able to run any operating system that supports the Integrity platform inside a VM, which includes HP-UX 11i V2 initially and future support for 11i V3, Windows Datacenter, Linux, or OpenVMS. Some of the key features of this technology include:

  • OS isolation: Each partition runs its own full copy of the operating system. This means that the OS can be patched and tuned specifically for the applications that are running there.
  • Sub-CPU or whole-CPU granularity: Since the system is virtualized, each virtual CPU inside a VM can represent a portion of a CPU or a whole CPU on the physical system.
  • Differentiated CPU controls: Users have the ability to give differentiated access to the physical CPUs to specific VMs. What this means is that you will be able to define specific CPU entitlements for each VM. For example, you can assign a four-CPU VM 50% of four physical CPUs, another 25%, and a third 10%.
  • I/O device sharing: Integrity VM provides fully virtualized I/O, which means multiple virtual SCSI cards can represent a single physical SCSI or fibre channel card.
  • Because of the complete virtualization of the system, the OS images are unchanged. This ensures that all independent software vendor applications will run with no changes as well.

This is a nice solution for a test and/or development environment because the VMs are fully isolated and can be created and destroyed quickly and easily.

Secure Resource Partitions

HP's first consolidation solution was resource partitions, which have been shipping in HP-UX for over 10 years. They have been enhanced regularly over the years to include processor sets, memory, and I/O controls. The most recent enhancement was the addition of security containment which has been available in HP VirtualVault for many years making it possible to run applications in separate Secure Resource Partitions (SRPs) such that they can't communicate with one another. The key features of Secure Resource Partitions include:

  • Sub-CPU or whole-CPU controls: CPUs can be allocated to each SRP with sub-CPU granularity using the fair share scheduler (FSS) or whole-CPU granularity using processor sets (PSETs). CPU controls are implemented by instantiating separate process schedulers for each partition in the HP-UX kernel.
  • Real memory controls: HP-UX is unique in the industry in its implementation of memory resource groups (MRGs). With MRGs, HP-UX creates a separate memory-management subsystem for each partition.
  • Disk I/O bandwidth controls: It is possible to define bandwidth controls for each LVM or VxVM volume group for each partition.
  • Application and user assignment to partitions: Because all partitions are running in the same copy of the operating system, it is important that processes get placed into the correct partition when they start up. SRPs provides a number of utilities that allow you to start up or move application processes to the correct partition.
  • Security containment: This is a new feature in HP-UX 11i V2 that has been integrated with resource partitions to create what is now called Secure Resource Partitions. Security containment allows you to define security compartments for processes belonging to each application workload. Within a compartment, processes have full access to IPC mechanisms between processes, network interfaces and files on the file system. However, it is not possible for a process in one compartment to communicate with a process in another compartment unless a rule has been defined to allow that specific communication to occur.

Secure Resource Partitions is a set of technologies that have been implemented in the HP-UX kernel. The product that pulls all these features together is Process Resource Manager. PRM provides a single-configuration interface so users have the ability to define partitions, assign CPU, memory, disk I/O and security rules and then assign an application and/or set of users to run in that partition.

Partitioning Flexibility

A very convenient feature of the partitioning continuum is the fact that you can combine the different types of partitions in almost any combination. The only combination that is not supported is that vPars and Integrity VMs cannot run in the same nPar. Figure 2-2 shows an example of the flexibility provided.

02fig02.jpg

Figure 2-2 The Flexibility of the HP Partitioning Continuum

You can run Secure Resource Partitions (SRPs) in an HP-UX partition using any of the other OS-level partition options. You can run VMs in one nPar and vPars in another, with Secure Resource Partitions in one or more of those vPars. This flexibility is a tremendous advantage when trying to increase the utilization of large servers by placing multiple workloads on them.

The key advantage is that the partitioning continuum simplifies the consolidation design process because you can look at each workload individually and determine what level of isolation is required, what level of granularity is required, and what level of flexibility is required. Then you can choose an appropriate combination of partition technologies for all the workloads on the system and stack the partitions in a combination that provides all the features required for all the workloads.

Now we will look at each of the different partitioning technologies in a bit more detail. There is also a chapter covering each of these later in this part of the book. These chapters will provide examples of how to set up each type of partition.

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020