Making the Adaptive Enterprise Vision a Reality: The HP Partitioning Continuum
The Partitioning Continuum at a Glance
This section provides an executive summary level of detail for the partitioning continuum. Later sections will provide a bit more detail and later chapters provide examples of how to set up each type of partition.
What Is Partitioning?
As we saw in the last chapter, the Adaptive Enterprise is all about pooling and sharing of system resources by running many workloads on the same system. However, this can sometimes be challenging because:
- One or more of the applications would consume more than its fair share of system resources
- Applications have namespace collisions. They share the same network ports, log files, configuration files, named pipes, patch levels, kernel tunables, or any one of a number of other system resources
- It can be difficult to schedule downtime on the system because multiple workloads are impacted.
Partitioning allows you to put multiple applications on a server and isolate them from each other. Each type of partition provides a different level of isolation from resource or namespace collisions, which we will cover later in this chapter.
The properties of a partition can include one or more of the following:
- Hardware-fault isolation: the ability to ensure that hardware faults and hardware maintenance in one partition won't impact other partitions on the system.
- Software-fault isolation: the ability to ensure that a software fault in one partition won't impact applications running in other partitions.
- Resource isolation: the ability to control the amount of critical system resources available to each partition.
- Security isolation: the ability to ensure that the users and processes running in one partition are not able to access or impact processes in other partitions.
- Namespace isolation: the ability to ensure that each partition has a duplicated namespace of one sort or another. It can include a copy of portions of the file system or a copy of the entire operating system.
- Application isolation: the ability to have different versions and patch levels of the same application in different partitions.
- Kernel parameter isolation: the ability to tune the kernel parameters in each partition to the application that will be running there. Many applications require a specific set of kernel parameters to ensure that the application can run at peak performance.
- Operating system isolation: the ability to run separate operating systems in each partition. This has the advantage that it typically provides most of the other types of isolation, the exception being hardware fault isolation. You can safely run a development workload in a partition on one system that is running production workloads in other partitions.
- Resource flexibility: the ability to share resources between different partitions. This is the key benefit of partitions rather than separate systems for each workload. When a workload runs out of resources on a system, it is not possible to reconfigure the system to allocate additional resources. And if the spike in load that caused the need for additional resources is rare, the utilization of the server will go down if you add resources.
HP's Partitioning Continuum
HP supports four different partitioning technologies that have progressively stronger isolation or flexibility depending on your requirements. These are depicted in Figure 2-1.
Figure 2-1 The HP Partitioning Continuum
The first partitioning alternative is hardware-supported partitions, or nPartitions (nPars). HP introduced nPars during HP World in August 2000, when we introduced our first cell-based platform, the HP 9000 Superdome. The architecture of the system was designed to allow components of the system to be isolated from one another. The key features of nPars include:
- Complete hardware-fault isolation: HP's nPars is unique in the industry because it provides fully electrically isolated partitions inside a single system. This is accomplished using a custom chipset design in each cell such that firewalls are configured to ensure that electrical signals are dropped if they are destined for a cell that does not belong to the partition. This ensures that no hardware failure in one partition can affect any other partition in the system.
- Complete software-fault isolation: Clearly, if the electrical signals can't cross an nPar boundary, neither can any of the software running there. The partitions look and act like separate systems. They can run separate OS images with different versions, different patch levels, kernel tunables, etc.
- Cell granularity: One of the key benefits of nPars over separate servers for each workload is the fact that an nPar can be resized very quickly. Currently, HP-UX requires a reboot in order to move a cell from one partition to another. However, a future version of HP-UX will support addition and deletion of memory online, which will make possible a number of interesting features, including online addition and deletion of cells.
- Multiple OS images: Each partition gets its own hardware and software, including the operating system.
- Support for HP-UX, Windows, OpenVMS and Linux: The Precision Architecture–based HP 9000 Superdome only supports HP-UX. However, the Integrity Superdome, based on the Itanium processor, supports HP-UX, Windows, Linux, and OpenVMS in separate partitions on the same system. Another benefit of this flexibility is that the HP Integrity platform can be repurposed from an HP-UX platform to a Windows platform either after the HP-UX workload has been moved to another system or as an emergency spare in the case of a failed system.
- In late 2005, HP began supporting running Precision Architecture (PA) processors in one partition and Itanium processors in another. This will require up-to-date firmware but will be supported on any cell-based system with either the sx1000 or sx2000 chipsets.
Virtual partitions is the ability to run multiple copies of the HP-UX operating system on a single core set of hardware. This can be a separate server or within an nPartition. Some of the key benefits of HP's vPars include:
- Software-fault isolation: Software faults on one partition, including kernel panics, can't impact other partitions.
- Operating system isolation: Each partition gets its own complete copy of the operating system. They can be different versions, different patch levels, different kernel tunables, etc. They also could run different versions of the applications. This is why vPars are often used to provide development and test environments.
- Single CPU granularity: vPars can be configured and run using a single CPU and can be allocated in single-CPU increments as well.
- Dynamic CPU migration: CPUs can be moved from one vPar to another while both partitions are up and running.
- Minimal overhead: HP's vPars solution was designed to allow each major hardware component—CPUs and I/O cards—for example, to be assigned to a partition in its entirety. Because these components are not shared, there is no need for a virtualization layer to manage every interface between the OS and the underlying hardware. Put differently, each OS talks directly to the hardware assigned to the vPar, ensuring that running vPars on a system has a minimal impact on performance.
In 2005, HP released a new partitioning technology designed specifically for the Integrity platform called Integrity VM. This is a type of virtual partition in which the system hardware itself is fully virtualized. The result is that the operating system can operate inside the VM unmodified. This means that users will be able to run any operating system that supports the Integrity platform inside a VM, which includes HP-UX 11i V2 initially and future support for 11i V3, Windows Datacenter, Linux, or OpenVMS. Some of the key features of this technology include:
- OS isolation: Each partition runs its own full copy of the operating system. This means that the OS can be patched and tuned specifically for the applications that are running there.
- Sub-CPU or whole-CPU granularity: Since the system is virtualized, each virtual CPU inside a VM can represent a portion of a CPU or a whole CPU on the physical system.
- Differentiated CPU controls: Users have the ability to give differentiated access to the physical CPUs to specific VMs. What this means is that you will be able to define specific CPU entitlements for each VM. For example, you can assign a four-CPU VM 50% of four physical CPUs, another 25%, and a third 10%.
- I/O device sharing: Integrity VM provides fully virtualized I/O, which means multiple virtual SCSI cards can represent a single physical SCSI or fibre channel card.
- Because of the complete virtualization of the system, the OS images are unchanged. This ensures that all independent software vendor applications will run with no changes as well.
This is a nice solution for a test and/or development environment because the VMs are fully isolated and can be created and destroyed quickly and easily.
Secure Resource Partitions
HP's first consolidation solution was resource partitions, which have been shipping in HP-UX for over 10 years. They have been enhanced regularly over the years to include processor sets, memory, and I/O controls. The most recent enhancement was the addition of security containment which has been available in HP VirtualVault for many years making it possible to run applications in separate Secure Resource Partitions (SRPs) such that they can't communicate with one another. The key features of Secure Resource Partitions include:
- Sub-CPU or whole-CPU controls: CPUs can be allocated to each SRP with sub-CPU granularity using the fair share scheduler (FSS) or whole-CPU granularity using processor sets (PSETs). CPU controls are implemented by instantiating separate process schedulers for each partition in the HP-UX kernel.
- Real memory controls: HP-UX is unique in the industry in its implementation of memory resource groups (MRGs). With MRGs, HP-UX creates a separate memory-management subsystem for each partition.
- Disk I/O bandwidth controls: It is possible to define bandwidth controls for each LVM or VxVM volume group for each partition.
- Application and user assignment to partitions: Because all partitions are running in the same copy of the operating system, it is important that processes get placed into the correct partition when they start up. SRPs provides a number of utilities that allow you to start up or move application processes to the correct partition.
- Security containment: This is a new feature in HP-UX 11i V2 that has been integrated with resource partitions to create what is now called Secure Resource Partitions. Security containment allows you to define security compartments for processes belonging to each application workload. Within a compartment, processes have full access to IPC mechanisms between processes, network interfaces and files on the file system. However, it is not possible for a process in one compartment to communicate with a process in another compartment unless a rule has been defined to allow that specific communication to occur.
Secure Resource Partitions is a set of technologies that have been implemented in the HP-UX kernel. The product that pulls all these features together is Process Resource Manager. PRM provides a single-configuration interface so users have the ability to define partitions, assign CPU, memory, disk I/O and security rules and then assign an application and/or set of users to run in that partition.
A very convenient feature of the partitioning continuum is the fact that you can combine the different types of partitions in almost any combination. The only combination that is not supported is that vPars and Integrity VMs cannot run in the same nPar. Figure 2-2 shows an example of the flexibility provided.
Figure 2-2 The Flexibility of the HP Partitioning Continuum
You can run Secure Resource Partitions (SRPs) in an HP-UX partition using any of the other OS-level partition options. You can run VMs in one nPar and vPars in another, with Secure Resource Partitions in one or more of those vPars. This flexibility is a tremendous advantage when trying to increase the utilization of large servers by placing multiple workloads on them.
The key advantage is that the partitioning continuum simplifies the consolidation design process because you can look at each workload individually and determine what level of isolation is required, what level of granularity is required, and what level of flexibility is required. Then you can choose an appropriate combination of partition technologies for all the workloads on the system and stack the partitions in a combination that provides all the features required for all the workloads.
Now we will look at each of the different partitioning technologies in a bit more detail. There is also a chapter covering each of these later in this part of the book. These chapters will provide examples of how to set up each type of partition.