RHEV architecture
The RHEV platform comprises multiple components that work seamlessly together, as represented in the following diagram, and each component is explained in detail under the Components of RHEV section:
Components of RHEV
The RHEV platform consists of the following components:
- Red Hat Enterprise Virtualization Manager (RHEV-M): This is a centralized management console with a graphical, web-based interface that manages your complete virtualization infrastructure, such as hosts, storage, network, virtual machines, and more, running on the physical hardware.
- Red Hat Enterprise Virtualization Hypervisor (RHEV-H): RHEV hosts can be either based on full Red Hat Enterprise Linux 6 systems with KVM enabled (also called Red Hat Enterprise Linux Virtualization Hosts) or on purpose-built RHEV-H hosts. RHEV-H is a bare metal, image-based, small-footprint (less than 200 MB) hypervisor with minimized security footprint, also referred to as Red Hat Enterprise Virtualization Hypervisor.
What is the difference between these two? RHEV-H is like a live image that does not allow third-party applications, whereas the RHEL host is an operating system with KVM modules that allows any third-party software.
- Virtual Desktop and Server Management Daemon (VDSM): This runs as the VDSM service on the RHEV hypervisor host that facilitates the communication between RHEV-M and the hypervisor host. It uses the libvirt (http://libvirt.org/) and QEMU service for the management and monitoring of virtual machines and other resources such as hosts, networking, storage, and so on.
- Storage domains: This is used to store virtual machine images, snapshots, templates, and ISO disk images in order to spin up virtual machines.
- Logical networking: This defines virtual networking for guest data, storage access, and management and displays network that accesses the virtual machine consoles.
- Database platform: This is used to store information about the state of virtualization environment.
- SPICE: This is an open remote computing protocol that provides client access to remote virtual machine display and devices (keyboard, mouse, and audio). VNC can also be used to get remote console access.
- Authentication: This provides integration with external directory services such as Red Hat IPA and Active Directory Services for user authentication.
- API support: RHEV v3.3 and higher supports the REST API, Python SDK, and Java Software Development Kit, which allow users to perform complete automation of managing virtualization infrastructure outside of a standard web interface of manager using own programs or custom scripts. Users can also use command-line shell utility to interact with RHEV-M outside of the standard web interface in order to manage your virtual infrastructure.
- Admin/user portal: This is used for initial setup, configuration, and management. There is a power user portal, which is a trimmed-down version of the administration portal that is tailored for the end user's self-provisioning of virtual machines.
The hardware and software requirement of RHEV
The following section explains the minimal hardware and software requirements in order to install, set up, and run RHEV in your environment.
Red Hat Enterprise Virtualization Manager
In order to deploy and set up RHEV-M on a physical or virtual machine, the following are the minimum or recommended hardware prerequisites:
Minimum requirements:
- A dual-core CPU
- 4 GB of RAM
- 25 GB local disk space
- Network Interface Card with bandwidth of 1 GBps
Recommended requirements:
- A quad-core CPU
- 16 GB of RAM
- 50 GB local disk space
- Network Interface Card with bandwidth of 1 GBps
RHEV-M requires the Red Hat Enterprise Linux 6.3 server or higher. Install only minimal or basic server type during the installation in order to avoid package conflict while setting up the manager.
A valid Red Hat Network subscription uses RHN classic to access the following channels. It is highly recommended that you use the Red Hat subscription manager to subscribe to these relevant channels. However, the following channel names will vary if you use the subscription manager. In this book, we use RHN classic to register and subscribe to the following channels later during our manager setup:
- Red Hat Enterprise Linux Server (v6 for 64-bit x86_64)
- RHEL Server Supplementary (v6 64-bit x86_64)
- Red Hat Enterprise Virtualization Manager (v3.3 x86_64)
- Red Hat JBoss EAP (v6) for 6Server x86_64
The Red Hat Enterprise Virtualization Hypervisor host
One or two physical hosts act as virtualization hosts or RHEV-H. A minimum of two hypervisor hosts is required to demonstrate and test the live migration of virtual machines across hypervisor hosts.
Intel or AMD 64-bit supported hardware with virtualization extensions support of Intel VT or AMD-V enabled with following minimal compute requirements:
- 2 GB RAM
- 2 GB local disk space
- One network interface with a bandwidth of 1 GBps
The recommended hardware for virtualization hosts always varies as per your requirement. Consider the following basic factors before sizing your hardware:
- The number of guest operating systems, their application memory, and CPU requirements. For network-intensive application workloads, add multiple network interfaces and segregate the network traffic using RHEV's logical networks.
- For less critical and non-disk I/O-intensive applications, use local storage, and in this case, extend the internal storage size of virtualization hosts in order to store the virtual machine images as per your requirement. However, keep in mind that the use of local storage will prevent other features such as live migration of virtual machines to other hosts.
- For high transnational database workloads, use the NAS/SAN storage with a dedicated network interface in the case of NAS and FC for SAN.
- Virtualization hosts must run Version 6.3 or higher of either the RHEV hypervisor host or Red Hat Enterprise Linux Server as a host.
The Red Hat Enterprise Virtualization Manager client
In order to access the manager, you need the following supported clients and browsers:
- Mozilla Firefox 17 or higher is required to access both portals on Red Hat Enterprise Linux.
- Internet Explorer 8 or higher is required to access the user portal on Microsoft Windows. Use the desktop version and not the touchscreen version of Internet Explorer 10.
- Internet Explorer 9 or higher is required to access the administration portal on Microsoft Windows. Use the desktop version and not the touchscreen version of Internet Explorer 10. It's possible to access the manager portal from other browsers, but it's not tested and supported. Similarly, tablet and touchscreen versions of browsers are also not supported and tested at the time of writing this book.
Install a supported SPICE client in order to access virtual machine consoles. Check the Red Hat Enterprise Virtualization Manager release notes to see which SPICE features your client supports.
Storage
You need a storage type of NFS, ISCSI, SAN, POSIX, Red Hat Storage (GlusterFS), or local storage for data domains to store virtual machine images. The NFS system is required in order to store your ISO library and to export and import virtual machines for complete image backup and restoration of virtual machine images.
Directory services (optional)
While setting up RHEV-M, the RHEV-M installer script will create its own internal admin user for the initial configuration and setup. To add more users, you need to attach the manager to one of the supported directory services:
- Active Directory Red Hat Identity Management (IdM)
- Red Hat Directory Server 9 (RHDS 9)
- OpenLDAP
Networking and Domain Name Service
For the host networking and fully qualified domain name resolution, you need the following:
- A static IP address for RHEV-M and for each hypervisor host management network.
- A DNS service that can resolve both forward and DNS entries for those static IP addresses.
- An optional existing DHCP server that can address the network address for the virtual machine.
Virtual machines
We need installation images in order to create virtual machines and their valid license or subscription entitlement for each operating system. We will use these ISO images and later upload them to the ISO domain in order to use them as an installation media that deploys the operating system on a virtual machine.
Firewall Requirements
The RHEV infrastructure requires that the network traffic on a number of ports be allowed through the firewall. The following is the list of required ports that are to be opened on the firewall across various RHEV components.
Virtualization manager firewall requirements
RHEV-M requires the following ports be opened in order to allow network traffic through the system's firewall:
Source |
Destination |
Port/Protocol |
Purpose |
---|---|---|---|
The hypervisor host |
RHEV-M |
ICMP |
RHEV-M verifies the hypervisor's reachability via ICMP after the initial host registration |
The remote client |
RHEV-M |
22/TCP |
To provide SSH access to the manager |
Admin / User portal clients / Hypervisor host |
RHEV-M |
80 and 443/TCP |
To access the admin and user portal from remote clients |
Note
If you plan to use the NFS ISO storage domain on the same box as the running RHEV-M in order to store your ISO library to create virtual machines, please open TCP port 2049 for NFSv4.
Virtualization host firewall requirements
The Red Hat Enterprise Virtualization Hosts require the following ports be opened in order to allow the network traffic through the system's firewall:
Source |
Destination |
Port/Protocol |
Purpose |
---|---|---|---|
RHEV-M |
Hypervisor Hosts |
22 |
To secure shell access |
Admin /User portal clients |
Hypervisor Hosts |
From 5900 to 6411/TCP |
Used for Spice/VNC console access |
Hypervisor Hosts |
Hypervisor Hosts |
16514/TCP |
Used for libvirt virtual machine migration |
Hypervisor Hosts |
Hypervisor Hosts |
From 49152 to 49216/TCP |
Used for virtual machine migration and fencing |
Hypervisor Hosts / RHEV-M |
Hypervisor Hosts |
54321/TCP |
To provide VDSM communication with manager and hypervisors |
Directory server firewall requirements
The following ports are to be opened if you wish to integrate RHEV-M with directory services for user authentication:
Source |
Destination |
Port/Protocol |
Purpose |
---|---|---|---|
RHEV-M |
Directory server |
88 and 463/(TCP/UDP) |
Used for the Kerberos authentication |
RHEV-M |
Directory server |
389 and 636/TCP |
Lightweight Directory Access Protocol (LDAP) and LDAPS over SSL |
Remote database server firewall requirements
The following ports are to be opened if you wish to use the remote PostgreSQL database instance with RHEV-M:
Source |
Destination |
Port/Protocol |
Purpose |
---|---|---|---|
RHEV-M |
Remote PostgreSQL database server |
5432/(TCP and UDP) |
Used as a default port for PostgreSQL database connections |
User accounts and groups
The following users and groups are created by the RHEV-M setup tool in order to support virtualization on the manager system. If existing UIDs and GIDs on the host conflict with the default values used during the VDSM and QEMU installation, a conflict occurs.
Users |
Group |
---|---|
|
|
The following users and groups are created by default on the hypervisor when installing VDSM and QEMU packages. If existing UIDs and GIDs on the host conflict with the default values used during the installation, a conflict occurs.
Users |
Group |
---|---|
|
|
Note
RHEV 3.3 supports a self-hosted engine of RHEV-M, which enables RHEV-M to be run as a virtual machine on the hypervisor hosts it manages in an HA configuration. This will reduce the dependency on the dedicated physical or virtual hardware that hosts your RHEV-M instance.
For more information, refer to Red Hat Enterprise Virtualization Manager 3.3 Release notes at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.3/html-single/Manager_Release_Notes/index.html.