虚拟机virtualbox安装xp

virtualbox安装xp 时间:2021-04-04 阅读:()

H3CCAS虚拟机内存隔离操作指导书Copyright2016杭州华三通信技术有限公司版权所有,保留一切权利.
非经本公司书面许可,任何单位和个人不得擅自摘抄、复制本文档内容的部分或全部,并不得以任何形式传播.
本文档中的信息可能变动,恕不另行通知.
i目录1简介·······························································································································12配置前提·························································································································13配置环境·························································································································13.
1服务器·························································································································13.
2软件···························································································································14组网拓扑·························································································································25配置指导·························································································································25.
1准备工作······················································································································25.
2内存隔离测试················································································································35.
3测试结论······················································································································511简介服务器虚拟化技术允许将多个业务虚拟机整合在一个计算节点上运行,虽然极大提高了物理资源的利用率,但是计算资源的共享机制可能引入虚拟机的安全问题.
虚拟机计算资源,尤其是内存资源的隔离,对于商用虚拟机而言是至关重要的,虚拟机之间是否能够相互隔离,互无干扰,并按照事先约定好的配置安全运行,是虚拟机是否能够用于商业环境的基本前提.
本文档介绍H3CCAS虚拟机内存隔离的测试方法和操作步骤.
2配置前提本文档中的配置均是在实验室环境下进行的配置和验证,配置前服务器和软件的所有参数均采用出厂时的缺省配置.
如果您已经对被测试对象进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突.
3配置环境3.
1服务器本文档不严格与具体硬件服务器型号对应,如果使用过程中与产品实际情况有差异,请参考相关产品手册,或以设备实际情况为准.
本文档使用的服务器型号与配置如下表所示,该环境不作为实际部署时的强制环境或推荐环境,只需要服务器能够兼容H3CCAS云计算管理平台即可完成本配置.
配置项说明服务器#1(H3CCASCVM虚拟化管理平台)HPProLiantBL460cG7CPU:2路6核,IntelXeonX5675@3.
07GHz内存:96GB服务器#2(H3CCASCVK虚拟化内核系统)HPProLiantBL460cG7CPU:2路6核,IntelXeonX5675@3.
07GHz内存:96GB3.
2软件软件版本服务器虚拟化管理软件H3CCAS-E0301(KVMKernel4.
1.
0)虚拟机操作系统CentOSRelease6.
564位内存监测工具LiME2.
6.
32-431,下载地址:http://code.
google.
com/p/lime-forensics/downloads/list24组网拓扑图1H3CCAS虚拟机内存隔离测试组网逻辑拓扑图(1)服务器#1作为虚拟化管理平台,服务器#2作为虚拟化内核系统,在服务器#2上安装两个虚拟机,安装CentOSRelease6.
564位操作系统.
(2)在VM#1和VM#2上都安装内存监测工具LiME.
(3)在VM#1操作系统上写入内容到内存中,使用内存监测工具,观察VM#2操作系统内是否能够检测到VM#1上写入的内容.
如果能够检测到,说明两个虚拟机的内存没有隔离,反之,则说明两个虚拟机之间的内存是相互隔离的.
5配置指导5.
1准备工作步骤1系统管理员登录H3CCASCVM虚拟化管理平台(服务器#1),在服务器#2上创建2个新的虚拟机(VM),虚拟机配置如下表所示.
资源大小虚拟CPU个数1路2核虚拟内存大小4GB虚拟磁盘大小20GB(共享存储)虚拟磁盘类型默认(1*Virtio)虚拟磁盘格式默认(智能格式,QCOW2)3虚拟磁盘缓存模式默认(directsync)虚拟网卡类型默认(1*Virtio)虚拟交换机默认(vSwitch0,复用管理网口)步骤2通过控制台(VNC)为两个虚拟机安装CentOSRelease6.
564位操作系统.
步骤3【可选】在H3CCASCVM虚拟化管理平台中,修改虚拟机,为虚拟机挂载CAStools工具,并在操作系统内安装CAStools.
5.
2内存隔离测试步骤1将测试工具LiME的源代码拷贝到VM#1和VM#2虚拟机操作系统内部.
步骤2安装LiME内存监测工具.
#在VM#1虚拟机操作系统内,打开命令行终端,解压缩测试工具文件.
[root@Host1~]#unzipLiME-master.
zip#解压缩测试工具Archive:LiME-master.
zip41afb9beb63f565921907fc572d9445ce41d3df7creating:LiME-master/inflating:LiME-master/LICENSEinflating:LiME-master/README.
mdcreating:LiME-master/doc/inflating:LiME-master/doc/README.
mdcreating:LiME-master/src/inflating:LiME-master/src/Makefileinflating:LiME-master/src/Makefile.
sampleinflating:LiME-master/src/disk.
cinflating:LiME-master/src/lime.
hinflating:LiME-master/src/main.
cinflating:LiME-master/src/tcp.
c#进入解压缩后的目录,将测试工具编译成ko文件.
[root@Host1~]#cdLiME-master/src/#进入测试工具源代码所在目录[root@Host1src]#make#编译make-C/lib/modules/2.
6.
32-431.
el6.
x86_64/buildM="/root/LiME-master/src"modulesmake[1]:Enteringdirectory`/usr/src/kernels/2.
6.
32-431.
el6.
x86_64'CC[M]/root/LiME-master/src/tcp.
oCC[M]/root/LiME-master/src/disk.
oCC[M]/root/LiME-master/src/main.
oLD[M]/root/LiME-master/src/lime.
oBuildingmodules,stage2.
MODPOST1modulesCC/root/LiME-master/src/lime.
mod.
oLD[M]/root/LiME-master/src/lime.
ko.
unsignedNOSIGN[M]/root/LiME-master/src/lime.
ko4make[1]:Leavingdirectory`/usr/src/kernels/2.
6.
32-431.
el6.
x86_64'strip--strip-unneededlime.
komvlime.
kolime-2.
6.
32-431.
el6.
x86_64.
ko[root@Host1src]#cplime-2.
6.
32-431.
el6.
x86_64.
kolime.
ko#重命名步骤3在VM#2虚拟机操作系统内,按照上一步骤执行相同的操作,安装LiME内存监测工具.
步骤4在VM#1虚拟机操作系统内,打开文本编辑器,在文档中键入"IloveCAS"字符,但不保存文档.
图2在内存中写入临时字符内容步骤5在VM#1虚拟机操作系统内,执行如下命令,首先将虚拟机当前内存dump成一个文件,然后在内存文件中查找上一步骤中写入的临时字符内容.
[root@Host1src]#insmodlime.
kopath=/allmem.
dmpformat=raw[root@Host1src]#hexdump-C/allmem.
dmp|grep"IloveCAS"图3在内存文件中找到临时写入的字符内容5上述命令执行时间与虚拟机当前的内存大小有关,虚拟机内存越大,命令执行所消耗的时间越长.
步骤6在VM#2虚拟机操作系统内,执行与上一步骤完全相同的操作,首先将虚拟机当前内存dump成一个文件,然后在内存文件中查找是否也有相同的临时字符内容.
[root@Host2src]#insmodlime.
kopath=/allmem.
dmpformat=raw[root@Host2src]#hexdump-C/allmem.
dmp|grep"IloveCAS"图4在同一主机的其它VM上使用内存监测工具查询的结果5.
3测试结论从上述测试结果分析,VM#1和VM#2位于相同的物理主机上,在VM#1中产生的内存数据,在VM#2中通过内存监测工具无法检索到,说明,VM#1和VM#2的虚拟内存是完全隔离的.

展开全文