Secure Resource Partitions Terminology


There are several important terms relating to SRPs. These terms are used throughout the remainder of the chapter and in SRP documentation.

Application Manager: the operating system process that is responsible for ensuring that all processes are running in the proper PRM group. The application manager polls the PRM configuration file and the process table and moves processes to the appropriate PRM group as needed.

CPU Manager: the technology used to schedule processes on CPUs. FSS, PSETs, or a combination of the two can be used as the CPU manager.

Fair Share Scheduler (FSS): the process scheduler used for PRM groups that schedules processes to run according to the entitlement of each group. FSS guarantees that each workload receives its entitled share of the processors. A major benefit of using FSS is the ability to allocate CPU resources on sub-CPU granularity.

Processor Sets (PSETs): a subset of the active processors on a server. When using PSETs as the CPU manager for a PRM group, CPU granularity is limited to whole CPUs. Processes running in a PRM group with PSETs as the CPU manager will be scheduled with the standard HP-UX time-share scheduler, not the fair share scheduler.

Entitlement: the guaranteed amount of system resources an SRP will receive when the overall system utilization is at 100% and the workload within each PRM group is utilizing its full allocation of system resources. In situations where a workload is not busy, its resources may be used by other SRPs, and vice versa. As a result, actual resource utilization may be higher or lower than the entitlement, depending on each workload's demands, but the entitlement is a minimum guaranteed amount of system resources if they are needed. Entitlements apply only to FSS groups.

Shares: units of CPU, memory, and disk I/O bandwidth allocated for PRM groups. The allocated number of shares is the minimum entitlement for the resources in a group. The number of shares allocated in the system are totaled and each SRP receives the appropriate percentage of resources based on the number of shares it has been allocated. For example, consider the situation where one PRM group is allocated 20 CPU shares, a second group is allocated 40 shares, a third group is allocated 40 shares, and a final group is allocated 100 shares. In this case there is a total of 200 CPU shares allocated. The first group's entitlement is 10% (20/200), the second and third groups' entitlements are 20% (40/200), and the final group's entitlement is 50% (100/200).

CPU Capping: a resource control put in place to ensure that each PRM group consumes no more CPU resources than allowed. CPU capping can be useful in situations where increased performance due to resource sharing may set false expectations for application performance. For example, users could become accustomed to high levels of application performance and become dissatisfied when the performance returns to normal levels. Using this control may result in lower system utilization because resources not being consumed by a PRM group cannot be shared, which results in idle hardware.

Security Compartment: a restriction placed around an application (processes, executables, data files, and communication channels) that prevents access to resources outside the compartment. The overall design philosophy of security compartments is similar to that of a submarine. When a submarine sustains damage to a portion of the vessel, catastrophic damage is generally avoided because the effects of the damage are restricted to the compartment directly compromised. Security compartments are designed in much the same way, providing isolation between applications that prevents security breaches from causing damage beyond the compartment directly compromised.

Disk I/O Bandwidth Manager: a kernel module that monitors HP Logical Volume Manager (LVM) volume groups and VERITAS Volume Manager (VxVM) disk groups. The I/O requests are rearranged by the kernel monitor to ensure that disk bandwidth entitlements are met.

Memory Manager: a process running on the operating system that is responsible for ensuring PRM groups are granted their entitled memory. The memory manager also supports memory capping.

Memory Capping: an upper bound on the memory entitlement that ensures that each PRM group consumes no more memory than allowed.

PRM Group: a collection of users and applications that can contain secure compartments and are allocated CPU, memory, and disk bandwidth entitlements. PRM groups have a name and an ID. Two PRM groups are created by default: the PRM_SYS group that contains the system processes has an ID of 0 and the OTHERS PRM group has an ID of 1.

System Group: the PRM group that contains all system processes by default. All processes started by root are placed in the system group. The system group is commonly referred to as the PRM_SYS group.

Others Group: the PRM group that contains all of the processes started by users who have not been explicitly associated with a PRM group. The others group is simply referred to as OTHERS.



The HP Virtual Server Environment. Making the Adaptive Enterprise Vision a Reality in Your Datacenter
The HP Virtual Server Environment: Making the Adaptive Enterprise Vision a Reality in Your Datacenter
ISBN: 0131855220
EAN: 2147483647
Year: 2003
Pages: 197

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net