From Fedora Project Wiki

(→‎Virtualization: add Improved Graphical Console for Virtual Guests)
(→‎Virtualization VNC Authentication: integrate rel notes from freature page)
Line 7: Line 7:
 
Virtualization in Fedora 11 includes major changes, and new features, that continue to support KVM, Xen, and many other virtual machine platforms.
 
Virtualization in Fedora 11 includes major changes, and new features, that continue to support KVM, Xen, and many other virtual machine platforms.
 
    
 
    
=== Virtualization VNC Authentication ===
+
=== Improved VNC Authentication for Virtual Machine Management ===
{{Admon/warning|Work in progress.|Feature is not yet complete.}}
+
Fedora 11 introduces the ability to use the <code>SASL</code> protocol
Define a mapping of SASL authentication into the VNC protocol, and implement it for QEMU and GTK-VNC, providing strongly authenticated, securely encrypted remote access of virtual guest consoles.  
+
for authenticating <code>VNC</code> connection to <code>KVM</code>
 +
and <code>QEMU</code> virtual machines. <code>SASL</code> is a pluggable
 +
system, allowing many different authentication mechanisms to be configured
 +
without changing the application code. The use of <code>SASL</code>, in
 +
combination with existing <code>TLS</code> encryption support, will allow clients like
 +
<code>vinagre</code>, <code>virt-viewer</code> and <code>virt-manager</code>
 +
to securely connect to remote virtual machine consoles hosted on Fedora
 +
servers. In environments where Kerberos is deployed, this further allows for
 +
secure single sign on to the <code>VNC</code> server. This new authentication
 +
capability obsoletes the traditional <code>VNC</code> password scheme which
 +
is not sufficiently secure.
  
For further details refer to the [[Features/VirtVNCAuth|Virtualization VNC Authentication]] wiki page
+
For further details refer to the [[Features/Virt<code>VNC</code>Auth|Virtualization <code>VNC</code> Authentication]] wiki page
  
 
=== Improved Graphical Console for Virtual Guests ===
 
=== Improved Graphical Console for Virtual Guests ===

Revision as of 00:38, 7 March 2009


Virtualization

Virtualization in Fedora 11 includes major changes, and new features, that continue to support KVM, Xen, and many other virtual machine platforms.

Improved VNC Authentication for Virtual Machine Management

Fedora 11 introduces the ability to use the SASL protocol for authenticating VNC connection to KVM and QEMU virtual machines. SASL is a pluggable system, allowing many different authentication mechanisms to be configured without changing the application code. The use of SASL, in combination with existing TLS encryption support, will allow clients like vinagre, virt-viewer and virt-manager to securely connect to remote virtual machine consoles hosted on Fedora servers. In environments where Kerberos is deployed, this further allows for secure single sign on to the VNC server. This new authentication capability obsoletes the traditional VNC password scheme which is not sufficiently secure.

For further details refer to the [[Features/VirtVNCAuth|Virtualization VNC Authentication]] wiki page

Improved Graphical Console for Virtual Guests

This feature aims to improve the user experiance for virtual guests' graphical console, by providing an accurate mouse pointer and higher screen resolution, without requiring manual configuration.

For further details refer to the Improved Graphical Console for Virtual Guests wiki page

KVM PCI Device Assignment

Warning.png
Work in progress.
Feature is not yet complete.

Fedora 11 expands its virtualization capabilities to include KVM PCI device assignment support. KVM users can now give virtual machines exclusive access to physical PCI devices using Fedora's virtualization toools, including the Virtual Machine Manager application.

Intel VT-d or AMD IOMMU hardware platform support is required in order for this feature to be available.

For further details refer to the KVM PCI Device Assignment wiki page.

SVirt Mandatory Access Control

Warning.png
Work in progress.
Feature is not yet complete.

Fedora 11 integrates SELinux's Mandatory Access Control with Virtualization. Virtual machines can now be much more effectively isolated from the host and one another, giving the increased assurance that security flaws cannot be exploited by malicious guests.

For further details refer to the SVirt Mandatory Access Control wiki page.

Other Improvements

Fedora also includes the following virtualization improvements:

libvirt Updated to 0.6.0

The libvirt package provides an API and tools to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The libvirt software is designed to be a common denominator among all virtualization technologies with support for the following:

  • The Xen hypervisor on Linux and Solaris hosts.
  • The QEMU emulator
  • The KVM Linux hypervisor
  • The LXC Linux container system
  • The OpenVZ Linux container system
  • Storage on IDE/SCSI/USB disks, FibreChannel, LVM, iSCSI, and NFS

New features and improvements since 0.4.6:

  • thread safety of the API and event handling
  • allow QEmu domains to survive daemon restart
  • extended logging capabilities
  • support copy-on-write storage volumes
  • support of storage cache control options for QEmu/KVM
  • driver infrastructure and locking
  • Test driver infrastructure
  • parallelism in the daemon and associated config
  • virsh help cleanups
  • logrotate daemon logs
  • more regression tests
  • QEmu SDL graphics
  • add --version flag to daemon
  • memory consumption cleanup
  • QEmu pid file and XML states for daemon restart
  • gnulib updates
  • PCI passthrough for KVM
  • generic internal thread API
  • RHEL-5 specific Xen configure option and code
  • save domain state as string in status file
  • add locking to all API entry points
  • new ref counting APIs
  • IP address for Xen bridges
  • driver format for disk file types
  • improve QEmu/KVM tun/tap performances
  • enable floppies for Xen fully virt
  • support VNC password settings for QEmu/KVM
  • qemu driver version reporting

There were also dozens of cleanups, documentation enhancements, portability and bug fixes. For further details refer to: http://www.libvirt.org/news.html

virt-manager Updated to 0.6.1

The virt-manager package provides a GUI implementation of virtinst and libvirt functionality.

New features and improvements since 0.6.0:

  • VM disk and network stats reporting (Guido Gunther)
  • VM Migration support (Shigeki Sakamoto)
  • Support for adding sound devices to an existing VM
  • Enumerate host devices attached to an existing VM
  • Allow specifying a device model when adding a network device to an existing VM
  • Combine the serial console view with the VM Details window
  • Allow connection to multiple VM serial consoles
  • Bug fixes and many minor improvements.

For further details refer to:

http://virt-manager.et.redhat.com/

virtinst Updated to 0.400.1

The python-virtinst package contains tools for installing and manipulating multiple VM guest image formats.

New features and improvements since 0.400.0:

  • Add virt-image -> vmx support to virt-convert, replacing virt-pack (Joey Boggs)
  • Add disk checksum support to virt-image (Joey Boggs)
  • Enhanced URL install support: Debian Xen paravirt, Ubuntu kernel and boot.iso, Mandriva kernel, and Solaris Xen Paravirt (Guido Gunther, John Levon, Cole Robinson)
  • Expanded test suite
  • Numerous bug fixes, cleanups, and minor improvements

For further details refer to:

Xen Updated to 3.3.1

Fedora 11 supports booting as a domU guest, but will not function as a dom0 host until such support is provided in the upstream kernel. Support for a pv_ops dom0 is targeted for Xen 3.4.

Changes since 3.3.0:

  • Xen 3.3.1 is a maintenance release in the 3.3 series.

For further details refer to:

Xen Kernel Support

The kernel package in Fedora 11 supports booting as a guest domU, but will not function as a dom0 until such support is provided upstream. The most recent Fedora release with dom0 support is Fedora 8.

Booting a Xen domU guest within a Fedora 11 host requires the KVM based xenner. Xenner runs the guest kernel and a small Xen emulator together as a KVM guest.

Important.png
KVM requires hardware virtualization features in the host system.
Systems lacking hardware virtualization do not support Xen guests at this time.

For more information refer to: