lOMoARcPSD|15848582

UNIT-2 Virtualization Basics

Cloud Computing (Anna University)

Scan to open on Studocu

Studocu is not sponsored or endorsed by any college or university

Downloaded by Vetrivel ([email protected])
 lOMoARcPSD|15848582

UNIT II – VIRTUALIZATION BASICS

Virtual Machine
The concept of a virtual machine was introduced around 1960. It is the evolution of the time-
sharing technique. In the time-sharing method, each program has full access to all the computer
resources but at a time, only one program will be executed. The system switch between programs
in time slices while saving and restoring program states each time. With the use of the time-sharing
method, multiple users can use the computer system concurrently. IBM research centres evolved
the time-sharing method as Virtual Machines. CP-67 was the first available virtual machine
architecture. Systems with multiple Virtual Machines on a single host and single virtual machine
on multiple hosts were developed.
Before launching any new hardware technology, it is first tested on the emulator to detect, recreate
and repair the flaws in the design & tack necessary steps. Similarly, before introducing any new
software, it is simulated to check for any errors and debug them. To do this task, a system that can
act as a substitute for the main environment to build new technology. This is where Virtual
Machines come into the picture. It acts as the emulation of the computer system providing the full
functionality of the physical system.
What is a Virtual Machine?

With the introduction of new technologies and newer research models, a lot number of hardware
and software products are being launched. Many of the software are platform-dependent hence it is
sometimes difficult to debug or check them because of the limited hardware resources.

A VM (virtual machine) is an emulation of a computer system, where these machines use computer
architectures to provide the functionality of a physical computer. The physical device on which
virtual machines work is known as Host, whereas the virtual machines are known as Guest. A
single host can have multiple numbers of guests.

Virtualization
Virtualization is a proven software technology that makes it possible to run multiple operating
systems and applications on the same server at the same time. Example: Run both Windows and
Linux on the same machine

Downloaded by Vetrivel ([email protected])

 lOMoARcPSD|15848582

It is the creation of a virtual (rather than actual) version of something, such as an operating system,
a server, a storage device or network resources.

Taxonomy (Types) of Virtual Machine

Downloaded by Vetrivel ([email protected])

 lOMoARcPSD|15848582

The virtual machine works like a computer, and it is sandboxed from the rest of the host system.
The software within the guest cannot make changes to the software of the host system. Thus, the
virus files can be tested using a virtual machine without affecting the main computer system. The
computer software that creates and runs the virtual machine is known as Hypervisor. Based on their
functions there are two different types of virtual machines – System virtual machines and process
virtual machines.

1. System Virtual Machine:

These types of VMs provide full virtualization. Acting as the substitute for the real machine, these
will provide functionalities to execute an entire operating system. Hardware resources are shared
and managed, forming multiple environments on the host system. These environments are isolated

Downloaded by Vetrivel ([email protected])

 lOMoARcPSD|15848582

from each other but exist on the same physical host. Thus, these provide time-sharing among
several single-tasking operating systems.

To allow memory sharing between different virtual machines on one computer operating system,
memory overcommitment systems can be applied. Memory pages having identical content can be
shared among multiple virtual machines present on the same physical host. This is highly useful for
read-only pages.

These types of virtual machines gives us complete system platform and gives the execution of
the complete virtual operating system. Just like virtual box, system virtual machine is
providing an environment for an OS to be installed completely. We can see in below image
that our hardware of Real Machine is being distributed between two simulated operating
systems by Virtual machine monitor. And then some programs, processes are going on in that
distributed hardware of simulated machines separately.

Downloaded by Vetrivel ([email protected])

 lOMoARcPSD|15848582

2. Process Virtual Machine :

These VMs are also known as Application virtual machines, Managed runtime environments. This
type of VM runs as a normal application inside the host’s operating system, supporting a single
process. It is created with the starting of the process and is destroyed when the process ends. It is
used to provide a platform-independent programming environment to the process, allowing it to
execute in the same manner on any of the other platforms.
These are implemented using interpreters and provides high-level abstractions. These are popularly
used for Java programming which uses Java virtual machine for execution of programs. There is a
special case of a process VM that abstracts over the communication mechanism of a computer
cluster. These contain one process per physical machine in the cluster. These help the programmer
to focus on the algorithm instead of the communication process provided by the interconnect
and virtual machine in OS. The application running on these VM has access to all the operating
system services. Parallel virtual machine, Message passing interface are examples of these virtual
machines(VM).

Downloaded by Vetrivel ([email protected])

 lOMoARcPSD|15848582

While process virtual machines, unlike system virtual machine, does not provide us with the
facility to install the virtual operating system completely. Rather it creates virtual environment of
that OS while using some app or program and this environment will be destroyed as soon as we
exit from that app. Like in below image, there are some apps running on main OS as well some
virtual machines are created to run other apps. This shows that as those programs required
different OS, process virtual machine provided them with that for the time being those programs
are running. Example – Wine software in Linux helps to run Windows applications.

Hypervisor

Downloaded by Vetrivel ([email protected])

 lOMoARcPSD|15848582

A hypervisor, also known as a virtual machine monitor or VMM. The hypervisor is a piece of
software that allows us to build and run virtual machines which are abbreviated as VMs.

A hypervisor allows a single host computer to support multiple virtual machines (VMs) by sharing
resources including memory and processing.

What is the use of a hypervisor?

Hypervisors allow the use of more of a system's available resources and provide greater IT
versatility because the guest VMs are independent of the host hardware which is one of the major
benefits of the Hypervisor.

In other words, this implies that they can be quickly switched between servers. Since a hypervisor
with the help of its special feature, it allows several virtual machines to operate on a single physical
server. So, it helps us to reduce:

o The Space efficiency

o The Energy uses
o The Maintenance requirements of the server.

Downloaded by Vetrivel ([email protected])

 lOMoARcPSD|15848582

Kinds of hypervisors

There are two types of hypervisors: "Type 1" (also known as "bare metal") and "Type 2" (also
known as "hosted"). A type 1 hypervisor functions as a light operating system that operates directly
on the host's hardware, while a type 2 hypervisor functions as a software layer on top of an
operating system, similar to other computer programs.

Since they are isolated from the attack-prone operating system, bare-metal hypervisors are
extremely stable.

Furthermore, they are usually faster and more powerful than hosted hypervisors. For these
purposes, the majority of enterprise businesses opt for bare-metal hypervisors for their data center
computing requirements.

While hosted hypervisors run inside the OS, they can be topped with additional (and different)
operating systems.

Downloaded by Vetrivel ([email protected])

 lOMoARcPSD|15848582

The hosted hypervisors have longer latency than bare-metal hypervisors which is a very major
disadvantage of the it. This is due to the fact that contact between the hardware and the hypervisor
must go through the OS's extra layer.

The Type 1 hypervisor

The native or bare metal hypervisor, the Type 1 hypervisor is known by both names.

It replaces the host operating system, and the hypervisor schedules VM services directly to the
hardware.

The type 1 hypervisor is very much commonly used in the enterprise data center or other server-
based environments.

It includes KVM, Microsoft Hyper-V, and VMware vSphere. If we are running the updated version
of the hypervisor then we must have already got the KVM integrated into the Linux kernel in 2007.

The Type 2 hypervisor

It is also known as a hosted hypervisor, The type 2 hypervisor is a software layer or framework that
runs on a traditional operating system.

It operates by separating the guest and host operating systems. The host operating system schedules
VM services, which are then executed on the hardware.

Individual users who wish to operate multiple operating systems on a personal computer should use
a form 2 hypervisor.

This type of hypervisor also includes the virtual machines with it.

Hardware acceleration technology improves the processing speed of both bare-metal and hosted
hypervisors, allowing them to build and handle virtual resources more quickly.

On a single physical computer, all types of hypervisors will operate multiple virtual servers for
multiple tenants. Different businesses rent data space on various virtual servers from public cloud
service providers. One server can host multiple virtual servers, each of which is running different
workloads for different businesses.

Downloaded by Vetrivel ([email protected])

 lOMoARcPSD|15848582

What is a cloud hypervisor?

Hypervisors are a key component of the technology that enables cloud computing since they are a
software layer that allows one host device to support several virtual machines at the same time.

Hypervisors allow IT to retain control over a cloud environment's infrastructure, processes, and
sensitive data while making cloud-based applications accessible to users in a virtual environment.

Increased emphasis on creative applications is being driven by digital transformation and

increasing consumer expectations. As a result, many businesses are transferring their virtual
computers to the cloud.

A hypervisor also helps in the rapid migration of applications to the cloud as being a part of a
virtualization platform.

As a result, businesses will take advantage of the cloud's many advantages, such as lower hardware
costs, improved accessibility, and increased scalability, for a quicker return on investment.

Benefits of hypervisors

Using a hypervisor to host several virtual machines has many advantages:

o Speed: The hypervisors allow virtual machines to be built instantly unlike bare-metal
servers. This makes provisioning resources for complex workloads much simpler.
o Efficiency: Hypervisors that run multiple virtual machines on the resources of a single
physical machine often allow for more effective use of a single physical server.
o Flexibility: Since the hypervisor distinguishes the OS from the underlying hardware, the
program no longer relies on particular hardware devices or drivers, bare-metal hypervisors
enable operating systems and their related applications to operate on a variety of hardware
types.
o Portability: Multiple operating systems can run on the same physical server thanks to
hypervisors (host machine). The hypervisor's virtual machines are portable because they are
separate from the physical computer.

Downloaded by Vetrivel ([email protected])

 lOMoARcPSD|15848582

As an application requires more computing power, virtualization software allows it to access

additional machines without interruption.

VIRTUALIZATION

• Virtualization is a technique, which allows sharing single physical instance of an

application or resource among multiple organizations or tenants (customers).

• Virtualization is a proved technology that makes it possible to run multiple operating

system and applications on the same server at same time.

• Virtualization is the process of creating a logical(virtual) version of a server operating

system, a storage device, or network services.

• The technology that work behind virtualization is known as a virtual machine

monitor(VM), or virtual manager which separates compute environments from the actual
physical infrastructure.

• Virtualization -- the abstraction of computer resources.

• Virtualization hides the physical characteristics of computing resources from their users,
applications, or end users.

• This includes making a single physical resource (such as a server, an operating system, an
application, or storage device) appear to function as multiple virtual resources.

• It can also include making multiple physical resources (such as storage devices or
servers) appear as a single virtual resource.

Downloaded by Vetrivel ([email protected])

 lOMoARcPSD|15848582

• In computing, virtualization refers to the act of creating a virtual (rather than actual)
version of something, like computer hardware platforms, operating systems, storage
devices, and computer network resources
• Creation of a virtual machine over existing operating system and hardware.

• Host machine: The machine on which the virtual machine is created.

• Guest machine: virtual machines referred as a guest machine.

• Hypervisor: Hypervisor is a firmware or low-level program that acts as a Virtual

Machine Manager.

Figure 2.10 Virtualization Example

Downloaded by Vetrivel ([email protected])

 lOMoARcPSD|15848582

Advantages of Virtualization:

1. Reduced Costs.

2. Efficient hardware Utilization.

3. Virtualization leads to better resource Utilization and increase performance

4. Testing for software development.

5. Increase Availability

6. Save energy

7. Shifting all your Local Infrastructure to Cloud in a day

8. Possibility to Divide Services

9. Running application not supported by the host.

Disadvantages of Virtualization:

1. Extra Costs.

2. Software Licensing.

Downloaded by Vetrivel ([email protected])

 lOMoARcPSD|15848582

2.6 IMPLEMENTATION LEVELS OF VIRTUALIZATION

Virtualization is a computer architecture technology by which multiple virtual machines

(VMs) are multiplexed in the same hardware machine. The purpose of a VM is to enhance
resource sharing by many users and improve computer performance in terms of resource
utilization and application flexibility.

Hardware resources (CPU, memory, I/O devices, etc.) or software resources(operating

system and software libraries) can be virtualized in various functional layers.

The idea is to separate the hardware from the software to yield better system efficiency. For
example, computer users gained access to much enlarged memory space when the concept of
virtual memory was introduced. Similarly, virtualization techniques can be applied to enhance
the use of compute engines, networks and storage.

2.6.1 Levels of Virtualization:

A traditional computer runs with host operating system specially tailored for its hardware
architecture, as shown in Figure 2.11 (a). After virtualization, different user applications
managed by their own operating systems (guest OS) can run on the same hardware, independent
of the host OS.

This is often done by adding additional software, called a virtualization layer as shown in
Figure 2.11 (b). This virtualization layer is known as hypervisor or virtual machine monitor
(VMM) .The VMs are shown in the upper boxes, where applications run with their own guest OS
over the virtualized CPU, memory, and I/O resources. The main function of the software layer
for virtualization is to virtualize the physical hardware of a host machine into virtual resources to
be used by the VMs, exclusively. The virtualization software creates the abstraction of VMs by

Downloaded by Vetrivel ([email protected])

 lOMoARcPSD|15848582

interposing a virtualization layer at various levels of a computer system. Common virtualization

layers include the instruction set architecture (ISA) level, hardware level, operating system level,
library support level, and application level.

Figure 2.11 The architecture of a computer system before and after Virtualization

Downloaded by Vetrivel ([email protected])

 lOMoARcPSD|15848582

Figure 2.12 Virtualization ranging from hardware to applications in five abstraction levels.

Instruction Set Architecture Level:

At the ISA level, virtualization is performed by emulating a given ISA by the ISA of the
host machine. For example, MIPS binary code can run on an x86-based host machine with the
help of ISA emulation. With this approach, it is possible to run a large amount of legacy binary

Downloaded by Vetrivel ([email protected])

 lOMoARcPSD|15848582

code written for various processors on any given new hardware host machine. Instruction set
emulation leads to virtual ISAs created on any hardware machine.

The basic emulation method is through code interpretation. An interpreter program

interprets the source instructions to target instructions one by one. OneSource instruction may
require tens or hundreds of native target instructions to perform its function. Obviously, this
process is relatively slow. For better performance, dynamic binary translation is desired.

This approach translates basic blocks of dynamic source instructions to target

instructions. The basic blocks can also be extended to program traces or super blocks to increase
translation efficiency. Instruction set emulation requires binary translation and optimization. A
virtual instruction set architecture (V-ISA) thus requires adding a processor-specific software
translation layer to the compiler.

Hardware Abstraction Level:

Hardware-level virtualization is performed right on top of the bare hardware. The idea is
to virtualize a computer’s resources, such as its processors, memory, and I/O devices. The
intention is to upgrade the hardware utilization rate by multiple users concurrently.

Operating System Level:

This refers to an abstraction layer between traditional OS and user applications. OS-level
virtualization creates isolated containers on a single physical server and the OS instances to
utilize the hardware and software in datacenters.

The containers behave like real servers. OS-level virtualization is commonly used in
creating virtual hosting environments to allocate hardware resources among a large number of

Downloaded by Vetrivel ([email protected])

 lOMoARcPSD|15848582

mutually distrusting users. It is also used, to a lesser extent, in consolidating server hardware by
moving services on separate hosts into containers or VMs on one server.

Library Support Level:

Most applications use APIs exported by user level libraries rather than using lengthy
system calls by the OS. Since most systems provide well documented APIs, such an interface
becomes another candidate for virtualization.

Virtualization with library interfaces is possible by controlling the communication link

between applications and the rest of a system through API hooks. The software tool WINE has
implemented this approach to support Windows applications on top of UNIX hosts. Another
example is the vCUDA which allows applications executing within VMs to leverage GPU

hardware acceleration.

User-Application Level:

Virtualization at the application level virtualizes an application as a VM. On a traditional

OS, an application often runs as a process. Therefore, application-level virtualization is also
known as process-level virtualization. The most popular approach is to deploy high level
language (HLL)VMs.

2.6.2 VMM Design Requirements and Providers

Hardware-level virtualization inserts a layer between real hardware and traditional

operating systems. This layer is commonly called the Virtual Machine Monitor (VMM) and it
manages the hardware resources of a computing system. Each time programs access the
hardware the VMM captures the process. VMM acts as a traditional OS.

Downloaded by Vetrivel ([email protected])

 lOMoARcPSD|15848582

One hardware component, such as the CPU, can be virtualized as several virtual copies.
Therefore, several traditional operating systems which are the same or different can sit on the
same set of hardware simultaneously.

Three requirements for a VMM

• First, a VMM should provide an environment for programs which is essentially identical
to the original machine.

• Second, programs run in this environment should show, at worst, only minor decreases in
speed.

• Third, a VMM should be in complete control of the system resources

2.6.3 Virtualization Support at the OS Level

With the help of VM technology, a new computing mode known as cloud

computing is emerging. Cloud computing is transforming the computing landscape by shifting
the hardware and staffing costs of managing a computational center to third parties, just like
banks. However, cloud computing has at least two challenges.

Downloaded by Vetrivel ([email protected])

 lOMoARcPSD|15848582

• The first is the ability to use a variable number of physical machines and VM instances
depending on the needs of a problem.

• The second challenge concerns the slow operation of instantiating new VMs.

Currently, new VMs originate either as fresh boots or as replicates of a template

VM, unaware of the current application state. Therefore, to better support cloud computing, a
large amount of research and development should be done.

Why OS-Level Virtualization?

To reduce the performance overhead of hardware-level virtualization, even hardware

modification is needed. OS-level virtualization provides a feasible solution for these hardware-
level virtualization issues. Operating system virtualization inserts a virtualization layer inside an
operating system to partition a machine’s physical resources. It enables multiple isolated VMs
within a single operating system kernel. This kind of VM is often called a virtual execution
environment (VE), Virtual Private System (VPS), or simply container. From the user’s point of
view, VEs look like real servers. This means a VE has its own set of processes, file system, user
accounts, network interfaces with IP addresses, routing tables, firewall rules, and other personal
settings. Although VEs can be customized for different people, they share the same operating
system kernel.

Advantages of OS Extensions

(1) VMs at the operating system level have minimal startup/shutdown costs, low resource
requirements, and high scalability.

Downloaded by Vetrivel ([email protected])

 lOMoARcPSD|15848582

(2) For an OS-level VM, it is possible for a VM and its host environment to synchronize
state changes when necessary.

These benefits can be achieved via two mechanisms of OS-level virtualization:

(1) All OS-level VMs on the same physical machine share a single operating system kernel
(2) The virtualization layer can be designed in a way that allows processes in VMs to
access as many resources of the host machine as possible, but never to modify them.

Virtualization on Linux or Windows Platforms

Virtualization support on the Windows-based platform is still in the research stage. The
Linux kernel offers an abstraction layer to allow software processes to work with and operate on
resources without knowing the hardware details. New hardware may need a new Linux kernel to
support. Therefore, different Linux platforms use patched kernels to provide special support for
extended functionality.

Downloaded by Vetrivel ([email protected])

 lOMoARcPSD|15848582

2.6.4 Middleware Support for Virtualization

Library-level virtualization is also known as user-level Application Binary Interface

(ABI) or API emulation. This type of virtualization can create execution environments for
running alien programs on a platform rather than creating a VM to run the entire operating
system. API call interception and remapping are the key functions performed. This provides an
overview of several library-level virtualization systems: namely the Windows Application
Binary Interface (WABI), lxrun, WINE, Visual MainWin, and Vcuda.

2.7 Virtualization Structures/Tools and Mechanisms

There are three typical classes of VM architecture. Before virtualization, the operating
system manages the hardware. After virtualization, a virtualization layer is inserted between the
hardware and the operating system. In such a case, the virtualization layer is responsible for

Downloaded by Vetrivel ([email protected])

 lOMoARcPSD|15848582

converting portions of the real hardware into virtual hardware. Therefore, different operating
systems such as Linux and Windows can run on the same physical machine, simultaneously.

Depending on the position of the virtualization layer, there are several classes of VM
architectures, namely the hypervisor architecture, para-virtualization, and host based
virtualization. The hypervisor is also known as the VMM (Virtual Machine Monitor). They both
perform the same virtualization operations.

2.7.1 Hypervisor and Xen Architecture:

The hypervisor supports hardware-level virtualization on bare metal devices like CPU,
memory, disk and network interfaces. The hypervisor software sits directly between the physical
hardware and its OS. This virtualization layer is referred to as either the VMM or the hypervisor.
The hypervisor provides hypercalls for the guest OSes and applications. Depending on the
functionality, a hypervisor can assume a micro-kernel architecture like the Microsoft Hyper-V.
Or it can assume monolithic hypervisor architecture like the VMware ESX for server
virtualization. A micro-kernel hypervisor includes only the basic and unchanging functions (such
as physical memory management and processor scheduling). The device drivers and other
changeable components are outside the hypervisor. A monolithic hypervisor implements all the
aforementioned functions, including those of the device drivers.

Therefore, the size of the hypervisor code of a micro-kernel hypervisor is smaller than
that of a monolithic hypervisor. Essentially, a hypervisor must be able to convert physical
devices into virtual resources dedicated for the deployed VM to use.

The Xen Architecture:

The core components of a Xen system are the hypervisor, kernel, and applications. The
organization of the three components is important. Like other virtualization systems, many guest

Downloaded by Vetrivel ([email protected])

 lOMoARcPSD|15848582

OSes can run on top of the hypervisor. However, not all guest OSes are created equal, and one in
particular controls the others.

The guest OS, which has control ability, is called Domain 0, and the others are called
Domain U. Domain 0 is a privileged guest OS of Xen. It is first loaded when Xen boots without
any file system drivers being available. Domain 0 is designed to access hardware directly and
manage devices. Therefore, one of the responsibilities of Domain 0 is to allocate and map
hardware resources for the guest domains (the Domain U domains).

2.7.2 Binary Translation with Full Virtualization:

Depending on implementation technologies, hardware virtualization can be classified into

two categories: full virtualization and host-based virtualization. Full virtualization does not need
to modify the host OS. It relies on binary translation to trap and to virtualize the execution of
certain sensitive, non virtualizable instructions. The guest OSes and their applications consist of
noncritical and critical instructions. In a host-based system, both a host OS and a guest OS are
used. A virtualization software layer is built between the host OS and guest OS.

Full Virtualization:

With full virtualization, noncritical instructions run on the hardware directly while critical
instructions are discovered and replaced with traps into the VMM to be emulated by software.
Both the hypervisor and VMM approaches are considered full virtualization.

Binary Translation of Guest OS Requests Using a VMM :

VMware puts the VMM at Ring 0 and the guest OS at Ring 1. The VMM scans the
instruction stream and identifies the privileged, control- and behavior-sensitive instructions.

Downloaded by Vetrivel ([email protected])

 lOMoARcPSD|15848582

When these instructions are identified, they are trapped into the VMM, which emulates the
behavior of these instructions.

Figure 2.13 Indirect execution of complex instructions via binary translation of guest OS

requests using the VMM plus direct execution of simpleinstructions on the same host.

The method used in this emulation is called binary translation. Therefore, full
virtualization combines binary translation and direct execution. The guest OS is completely
decoupled from the underlying hardware. Consequently, the guest OS is unaware that it is being
virtualized. Binary translation employs a code cache to store translated hot instructions to
improve performance, but it increases the cost of memory usage.

Host-Based Virtualization:

Downloaded by Vetrivel ([email protected])

 lOMoARcPSD|15848582

An alternative VM architecture is to install a virtualization layer on top of the host OS.

This host OS is still responsible for managing the hardware. The guest OSes are installed and run
on top of the virtualization layer. Dedicated applications may run on the VMs. Certainly, some
other applications can also run with the host OS directly. This host-based architecture has some
distinct advantages, as enumerated next. First, the user can install this VM architecture without
modifying the host OS. The virtualizing software can rely on the host OS to provide device
drivers and other low level services. This will simplify the VM design and ease its deployment.
Second, the host-based approach appeals to many host machine configurations.

Downloaded by Vetrivel ([email protected])

 lOMoARcPSD|15848582

Compared to the hypervisor/VMM architecture, the performance of the host based architecture
may also be low. When an application requests hardware access, it involves four layers of
mapping which downgrades performance significantly.

2.7.3 Para-Virtualization with Compiler Support:

Para-virtualization needs to modify the guest operating systems. A para-virtualized VM

provides special APIs requiring substantial OS modifications in user applications. Performance
degradation is a critical issue of a virtualized system. No one wants to use a VM if it is much
slower than using a physical machine.

The virtualization layer can be inserted at different positions in a machine software stack.
However, para-virtualization attempts to reduce the virtualization overhead, and thus improve
performance by modifying only the guest OS kernel. The guest operating systems are para-
virtualized. The traditional x86 processor offers four instruction execution rings: Rings 0,1, 2,
and 3. The lower the ring number, the higher the privilege of instruction being executed. The OS
is responsible for managing the hardware and the privileged instructions to execute at Ring 0,
while user-level applications run at Ring 3.

Downloaded by Vetrivel ([email protected])

 lOMoARcPSD|15848582

Figure 2.14 Para-virtualized VM architecture

Downloaded by Vetrivel ([email protected])

 lOMoARcPSD|15848582

Figure 2.15 The use of a para-virtualized guest OS assisted by an intelligent

compiler to replace non virtualizable OS instructions by hyper
calls.

Para-Virtualization Architecture:

When the x86 processor is virtualized, a virtualization layer is inserted between the
hardware and the OS. According to the x86 ring definitions, the virtualization layer
should also be installed at Ring 0. The para-virtualization replaces non virtualizable
instructions with hyper calls that communicate directly with the hypervisor or VMM.
However, when the guest OS kernel is modified for virtualization, it can no longer run on
the hardware directly.

Although para-virtualization reduces the overhead, it has incurred other problems.

First, its compatibility and portability may be in doubt, because it must support the
unmodified OS as well. Second, the cost of maintaining para-virtualized OSes is high,
because they may require deep OS kernel modifications. Finally, the performance
advantage of para virtualization varies greatly due to workload variations.

KVM (Kernel-Based VM):

This is a Linux para-virtualization system—a part of the Linux version 2.6.20

kernel. Memory management and scheduling activities are carried out by the existing
Linux kernel. The KVM does the rest, which makes it simpler than the hypervisor that

Downloaded by Vetrivel ([email protected])

 lOMoARcPSD|15848582

controls the entire machine. KVM is a hardware-assisted para-virtualization tool, which

improves performance and supports unmodified guest OSes such as Windows, Linux,
Solaris, and other UNIX variants. Unlike the full virtualization architecture which
intercepts and emulates privileged and sensitive instructions at runtime, para-virtualization
handles these instructions at compile time.

The guest OS kernel is modified to replace the privileged and sensitive instructions
with hyper calls to the hypervisor or VMM. Xen assumes such a para virtualization
architecture. The guest OS running in a guest domain may run at Ring 1instead of at Ring
0. This implies that the guest OS may not be able to execute some privileged and sensitive
instructions. The privileged instructions are implemented by hypercalls to the
hypervisor. After replacing the instructions with hyper calls, the modified guest OS
emulates the behavior of the original guest OS.

2.8 VIRTUALIZATION OF CPU, MEMORY, AND I/O

DEVICES

To support virtualization, processors such as the x86 employ a special running

mode and instructions, known as hardware-assisted virtualization. In this way, the VMM
and guest OS run in different modes and all sensitive instructions of the guest OS and its
applications are trapped in the VMM. To save processor states, modes witching are
completed by hardware. For the x86architecture, Intel and AMD have proprietary
technologies for hardware-assisted virtualization.

Hardware Support for Virtualization: Modern operating systems and processors permit
multiple processes to run simultaneously. If there is no protection mechanism in a
processor, all instructions from different processes will access the hardware directly and
cause a system crash. Therefore, all processors have at least two modes, user mode and
supervisor mode, to ensure controlled access of critical hardware. Instructions running in
supervisor mode are called privileged instructions.

Other instructions are unprivileged instructions. In a virtualized environment, it is

more difficult to make OSes and applications run correctly because there are more
layers in the machine stack.

CPU
Virtualization:

Downloaded by Vetrivel ([email protected])

 lOMoARcPSD|15848582

A VM is a duplicate of an existing computer system in which a majority of the VM

instructions are executed on the host processor in native mode. Thus, unprivileged
instructions of VMs run directly on the host machine for higher efficiency. Other critical
instructions should be handled carefully for correctness and stability. The critical
instructions are divided into three categories:

Privileged instructions - Privileged instructions execute in a privileged mode

and will be trapped if executed outside this mode.

Control sensitive instructions - Control-sensitive instructions attempt to

change the configuration of resources used.

Behavior-sensitive instructions - Behavior-sensitive instructions have different

behaviors depending on the configuration of resources, including the load and store

operations over the virtual memory.

A CPU architecture is virtualizable if it supports the ability to run the VM’s

privileged and privileged instructions in the CPU’s user mode while the VMM runs in
supervisor mode. When the privileged instructions including control- and behavior
sensitive instructions of a VM are executed, they are trapped in the VMM. In this case, the
VMM acts as a unified mediator for hardware access from different VMs to guarantee the
correctness and stability of the whole system. RISC CPU architectures can be naturally
virtualized because all control- and behavior- sensitive instructions are privileged
instructions.

Hardware-Assisted CPU Virtualization:

This technique attempts to simplify virtualization because full or para virtualization

is complicated. Intel and AMD add an additional mode called privilege mode level (some
people call it Ring-1) to x86 processors. Therefore, operating systems can still run at Ring
0 and the hypervisor can run at Ring -1.All the privileged and sensitive instructions are
trapped in the hypervisor automatically. This technique removes the difficulty of
implementing binary translation of full virtualization. It also lets the operating system
run in VMs without modification.

Memory Virtualization:

Downloaded by Vetrivel ([email protected])

 lOMoARcPSD|15848582

Virtual memory virtualization is similar to the virtual memory support

provided by modern operating systems. In a traditional execution environment, the
operating system maintains mappings of virtual memory to machine memory using page
tables, which is a one- stage mapping from virtual memory to machine memory. All
modern x86 CPUs include a memory management unit (MMU) and a translation lookaside
buffer (TLB) to optimize virtual memory performance.

However, in a virtual execution environment, virtual memory virtualization

involves sharing the physical system memory in RAM and dynamically allocating it
to the physical memory of the VMs. That means a two-stage mapping process should be
maintained by the guest OS and the VMM, respectively: virtual memory to physical
memory and physical memory to machine memory. Furthermore, MMU virtualization
should be supported, which is transparent to the guest OS. The guest OS continues to
control the mapping of virtual addresses to the physical memory addresses of VMs. But the
guest OS cannot directly access the actual machine memory. The VMM is responsible for
mapping the guest physical memory to the actual machine memory. Figure 2.16 shows the
two-level memory mapping procedure.

I/O
Virtualizatio
n:

I/O virtualization involves managing the routing of I/O requests between virtual devices
and the shared physical hardware. There are three ways to implement I/O virtualization:

• Full device emulation

• Para virtualization

• Direct I/O

Downloaded by Vetrivel ([email protected])

 lOMoARcPSD|15848582

Figure 2.16 Two-level memory mapping procedure.

Full device emulation is the first approach for I/O virtualization. Generally,
this approach emulates well known, real-world devices. All the functions of a device or bus
infrastructure, such as device enumeration, identification, interrupts, and DMA, are
replicated in software. This software is located in the VMM and acts as a virtual device.ll
The I/O access requests of the guest OS are trapped in the VMM which interacts with the
I/O devices.

A single hardware device can be shared by multiple VMs that run

concurrently. However, software emulation runs much slower than the hardware it
emulates. The para virtualization method of I/O virtualization is typically used in Xen. It
is also known as the split driver model consisting of a frontend driver and a backend driver.
The frontend driver is running in Domain U and the backend driver is running in Domain 0.
They interact with each other via a block of shared memory. The frontend driver manages
the I/O requests of the guest OSes and the backend driver is responsible for managing the
real I/O devices and multiplexing the I/O data of different VMs. Although para I/O-
virtualization achieves better device performance than full device emulation, it comes with
a higher CPU overhead.

Downloaded by Vetrivel ([email protected])

 lOMoARcPSD|15848582

Figure 2.17 Device emulation for I/O virtualization implemented inside the middle
layer that maps real I/O devices into the virtual devices for the guest device
driver to use.

Virtualization in Multi-Core Processors:

Virtualizing a multi-core processor is relatively more complicated than virtualizing

a unicore processor. Though multicore processors are claimed to have higher performance
by integrating multiple processor cores in a single chip, muti-core virtualization has
raised some new challenges to computer architects, compiler constructors, system
designers, and application programmers. There are mainly two difficulties: Application
programs must be parallelized to use all cores fully, and software must explicitly assign
tasks to the cores, which is a very complex problem.

Downloaded by Vetrivel ([email protected])