Computing is typically thought of in terms of applications and supporting platforms. Supporting platforms typically include a hardware infrastructure of processor core, input/output, memory and fixed storage. The combination of these devices is what supports an operating system, which in turn supports applications.
Applications are typically self contained bundles of logic relying on little other than core object files and related resource files. As computing became integral to modern industry, applications became co-dependent on the presence of other applications such that the requisite environment for an application included not only the underlying operating system and supporting hardware platform, but also other key applications. Such key applications included application servers, database management servers, collaboration servers and communicative logic commonly referred to as middleware. Given the complexity of application and platform interoperability, different combinations of applications executing in a single hardware platform can demonstrate differing degrees of performance and stability.
Virtualization as a technology aims to interject a layer between a supporting platform and executing applications. From the perspective of business continuity and disaster recovery, virtualization provides the inherent advantage of environment portability. Specifically, to move an entire environment configured with multiple different applications is a matter of moving a virtual image from one supporting hardware platform to another. Further, more powerful computing environments can support the coexistence of multiple different virtual images, all the while maintaining a virtual separation between the images. Consequently, a failure condition in one virtual image cannot jeopardize the integrity of other co-executing virtual images in the same hardware platform.
A virtual machine monitor, known in the art as a “hypervisor,” manages the interaction between each virtual image and the underlying resources provided by the hardware platform. In this regard, a hypervisor runs directly on the hardware platform much as an operating system runs directly on hardware. By comparison, a hosted hypervisor runs within a host operating system. In either case, the hypervisor can support the operation of different “guest operating system images”—known as virtual machine (VM) images—the number of VM images being limited only by the processing resources of a VM container holding the VM images or the hardware platform itself.
Virtualization has proven especially useful for those end users requiring separate computing environments for different types of applications while being limited to a single hardware platform. For instance, it is well known for a primary operating system native to one type of hardware platform to provide a virtualized guest operating system native to a different hardware platform so that applications requiring the presence of the guest operating system can co-exist with other applications requiring the presence of the primary operating system. In this way, the end user need not provide separate computing environments each to support a different type of application. Yet, no matter the guest operating system, access to underlying resources of the single hardware platform remains static.
Virtualized environments have been deployed to aggregate different interdependent applications in different VMs in composing an applications solution. For instance, an application server can execute within one VM while a database management system can execute in a different VM and further while a Web server can execute in yet another VM. Each VM can be communicatively coupled to one another in a secure network; however, any given one deployment of the applications can be live migrated to a different deployment without interfering with the execution of the other applications in the other VMs. In a typical live migration, a VM can be moved from one host server to another in order to permit server maintenance or to permit an improvement in hardware support for the VM.
Live migration occurs frequently within the secure computing environment for the VMs managing the execution of the different applications for the applications solution. Yet, live migration also occurs outside of the secure environment. Specifically, on occasion, a VM is moved to a network environment external to the secure computing environment for the remaining VMs managing the remaining applications of the application solution. As a result, communications between the application managed by the VM in the external network and the applications managed by the VMs in the secure computing environment can be compromised through the exchange of data from outside the secure computing environment. Accordingly, live migration to a host server outside of the secure computing environment can introduce a security vulnerability to the applications solution.
In live migration, the stable memory pages of the source VM are moved to the target system. At a critical point the remaining highly active memory pages are moved, but this requires that the source VM be stopped and the final remaining pages are moved to the target VM. The target VM is then started to complete the migration.
When migrating two or more dependent VMs requiring co-location within the same physical system, data transferring between two VMs also needs to be migrated.