PPT
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
898
On Slideshare
898
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
43
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • My name is Wesley Peck This talk is going to be an overview of virtualization technologies.
  • What is a virtual machine and why would we want to use one What are the requirements does and architecture need to be virtualizable What are the basic techniques for virtualizing an architecture Comparison of two different architectures which have been virtualized An overview of several successful virtualization products
  • IBM: A virtual machine is an isolated and protected copy of the original machine - Copy does not necessarily mean exact copy VMWare: Virtualization is the separation of a resource or request from its underlying physical delivery - What is the premier example of this in standard operating systems? - Virtual Memory
  • Why is virtualization useful? - Why do you think virtualization would be useful?
  • The software behind virtualization technology is the virtual machine monitor - The monitor sits above and abstracts the system hardware - Conceptually guest operating systems interact with the virtual machine instead of directly with the hardware
  • What requirements must an architecture meet in order to be virtualizable?
  • What are some desirable characteristics of a virtual machine monitor?
  • There are three main virtualization strategies. 1. Emulation: the most abstract implementation - Software provides virtual implementations of every hardware device - Time consuming to develop - Performance is poor - Great for simulations 2. Full System Virtualization: less abstract than hardware - Software provides virtual implementations of architectures privileged operations - Can be tricky to develop (issues with architectures) - Performance can suffer - Can run unmodified operating systems at acceptable performance levels 3. Paravirtualization - Software provides a virtual architecture with efficient mechanisms for privileged operations - Operating systems must be changed in order to work with the new architecture - Performance is often very good
  • Basic processor virtualization works much like a normal operating system The VMM runs in the privileged level and all guests run in the unprivileged level Privileged instructions executed by the guest are emulated after a trap is received
  • Memory virtualization make use of traditional virtual memory techniques Main difference is the two levels of virtual memory Guest operating system managed virtual memory VMM managed virtual memory
  • The basic techniques should work, in theory, but there are several problems 1. Some architectures were never designed to be virtualizable 2. Performance implications of some of the techniques are bad 3. The naive techniques can waste lots of resources 4. The naive techniques often do not have enough information to be effective: e.g. page replacement
  • Here we look at our first virtualizable architecture. IBM developed the first VMM with the CP-67 but its performance was not good enough A decision was made to create a new architecture with the goal of virtualization The result was the VM/370 (Virtual Machine Facility 370)
  • The VM/370 added several hardware assists to enable high performance VMM designs 1. Virtual Machine Assist 13 instructions which replaced guest virtual machine instructions that would have been emulated in software otherwise. 35% performance increase. 2. Extended Control Program Support A set of 35 instructions which were targeted at specific applications. These instructions replaced some functions which were previously supplied by the vmm. 3. Shadow Table Bypass Assists placed in hardware which allowed trusted guests to access the virtual memory system directly. A security risk but most machines were “well behaved” because they were designed by IBM.
  • The Intel IA-32 architecture was never designed to be virtualized and this causes complications. Compared to IBMs well-designed virtualization architecture the IA-32 presents as a poor contender. However, the IA-32 is by far the most widely available and so virtualization is still demanded. Example complications are non-protected privileged instructions and enormous I/O requirements.
  • Solutions for virtualizing the IA-32 revolve around detecting the 17 problem instructions. These instructions are sensitive to being run in a virtualized environment but do not trap.
  • The IA-64 architecture is similar in its complications. One advantage, however, is the IA-64’s support for ring compression. This allows traps in the guest operating system to be captured by the vmm.
  • The first virtualization product we are going to look at is VMWare. VMWare is the most popular of all of the virtualization products. It supports both a hosted environment and a hypervisor approach It uses many clever design tricks to achieve high performance
  • The processor is virtualized by using direct execution on the processor - Combined with binary translation to eliminate problem instructions - Results in very performance only “slightly” lower than paravirtualized approaches Memory is virtualized using the very straight forward shadow table approach - Additionally a special ballooning driver is installed in each guest operating system - This trick gives the VMM insight into page usable inside of the guest Device I/O is virtualized in one of two different ways - The hosted architecture relies on the existing host for I/O support - The hypervisor architecture supports only a limited number of “certified” devices
  • The main benefit of full system virtualization is that unmodified applications can run on the vmm. When combined with performance enhancing “tricks” like those employed by VMWare the results are very impressive However, even with these tricks performance can suffer because of the need to emulate protected operations
  • The first paravirtualize approach we will look at is the Denali vmm. This vmm aims to provide very fast, minimal virtual machine containers The target for Denali is supporting thousands of extremely light weight vmm Each vmm runs a simple network application. Most of these vmm’s remain idle because their services are rarely employed Because of the special requirements, Denali provides its own architecture
  • Denali virtualizes the cpu using direct execution with a set of extended operations - First, the system requires a idle’ing guest to use the idle instruction - Second, interrupts are queued instead of delievered directly - Third, interrupt semantics are changed from “just happened” to “recently happened” Denali does not support virtual memory Denali virtualizes I/O by providing a set of generic devices which are fully supported by the architecure - Instead of presenting a Linksys NC100, for example, Denali provides a “network card” - The difference is in the way interaction with the device happens - This results in very high performance I/O in Denali
  • Xen in another paravirtualized virtualization architecture. Xen’s goal is to paravirtualize commodity operating systems It also wants to support application level binary compatibility Xen has achieved most of these goals and it currently the most popular paravirtualized approach.
  • Xen has different architecture policies not just different mechanisms. In Xen’s view keeping the guest operating system completely in the dark can be a bad thing. The claim is that completely hiding the virtualization of resources risks both performance and correctness For example, if virtualization only exposed virtual time to a guest then time sensitive tasks can operate in correctly Take, for example, TCP timeouts and round-trip time estimates. These both require information about the real time
  • Xen virtualizes the processor using direct execution - The guest is executed in ring 1 on the IA-32 - Exception handlers must be registered with Xen instead of directly with the hardware - A special mechanism is employed for the system call handler (avoids indirecting through Xen) Memory is virtualized by allowing the guests to maintain their own hardware page tables - What restrictions must there be on this? - Only read-only access is given to the guest - Any page table updates must go through xen - Xen ensures that mapped pages are read-only and only make use of the correct pages I/O Devices are virtualized through shared memory asynchronous descriptor rings - A circular queue allocated by the guest but accessible by xen - Data not placed directly into queue, only pointers to the data - Uses a producer consumer model - Does not require that requests be serviced in order (optimizations) - Additionally a lightweight event system replaces hardware interrupts - Bitmask of pending events

Transcript

  • 1. Survey of System Virtualization Techniques
    • Paper by Robert Rose
    • Presentation by Wesley Peck
    • April 24, 2007
  • 2. Overview
    • What and Why of Virtualization
    • Requirements of a Virtual Machine
    • Basic Virtualization Techniques
    • Architecture Comparisons
    • Virtual Machine Implementations
    • Questions
  • 3. What is a Virtual Machine
    • What is virtualization?
      • An isolated and protected copy
      • Separation of Resources from Physical Delivery
  • 4. Why use Virtualization
    • Why is it useful?
      • Isolation
      • Encapsulation
        • Load Balancing
        • Migration
        • Fault Tolerance
        • Scalability
        • Suspend/Resume
        • Checkpointing
  • 5. Virtual Machine Monitors
    • The VMM is the software behind the virtual machine
    • It hosts multiple guest OS instances
    • Each instance gets its own virtual cpu, virtual memory, virtual disk, etc.
  • 6. Requirements
    • For any computer a virtual machine monitor may be constructed if the set of sensitive instructions for that computer is a subset of the set of privileged instructions — Popek and Goldberg
    • Extremely complicated way of saying that the virtual machine needs a way of determining when a guest executes privileged instructions.
  • 7. Characteristics
    • Programs run under the VMM should exhibit identical effects (sans timing)
    • Most guest instructions should be executed by the physical processor
    • The VMM maintains complete control of the system resources
    • The VMM should be as simple as possible
  • 8. Implementation Strategies
    • Emulation
      • Complete software representation
    • Full System Virtualization
      • Virtual replica of all hardware
    • Paravirtualization
      • Present a different virtual architecture
  • 9. Basic CPU Virtualization
    • VMM runs in most privileged mode
      • VMM can maintain complete control
    • Guest OS runs in an unprivileged mode
      • Privileged instructions will trap
      • VMM then emulates the required instruction in a safe manner
  • 10. Basic Memory Virtualization
    • VMM maintains a “shadow” page table
      • Guest OS establishes a mapping
      • VMM detects changes, updates shadow
      • Hardware uses shadow page table
    • VMM can over commit memory
      • Just like normal virtual memory
  • 11. Why “Basic” Doesn’t Work
    • Architectures not designed for virtualization
      • Unprivileged privileged instructions
    • Performance implications
      • Traps are slow
    • Wasted resources from redundant code
    • Lack of information leads to ineffectiveness
  • 12. Virtualizing System/370
    • First VMM was CP-67 for System/360
      • Its performance was less than desirable
    • IBM decides to tailor the architecture for running virtual machines
      • Result is VM/370, a VMM for System/370 Extended Architecture
  • 13. Virtualizing System/370
    • Virtual Machine Assist
    • Extended Control Program Support
    • Shadow Table Bypass
    • These hardware assists greatly enhanced performance
  • 14. Virtualizing IA-32
    • The IA-32 was not designed to be virtualized
    • Many protected instructions are not required to be executed in protected mode
    • There are a great deal of devices which must be supported
  • 15. Virtualizing IA-32
    • Non-sensitive, non-protected instructions executed directly
    • Sensitive, privileged instructions trap
    • Sensitive, non-privileged instructions detected
  • 16. Virtualizing IA-64
    • Virtualization of the IA-64 architecture faces many of the same problems as the IA-32
    • Exception is IA-64’s support for ring compression
  • 17. VMWare VMM
    • VMWare is one of the most popular full system virtualization tools available
    • Supports both a hosted environment approach and a hypervisor approach
    • For performance enhancements operating system drivers are installed by VMWare
    • Generic devices are exported to Guest
  • 18. VMWare Virtualization
    • CPU: Direct Execution w/ Binary Translation
    • MEM: Shadow Table w/ Ballooning Driver
    • I/O: Hosted Architecture or Limited Support
  • 19. Benefits and Drawbacks
    • Unmodified applications and operating systems can run on the VMM
    • Performance can suffer because of the need to emulate protected operations
      • Especially bad on the IA-32
      • Virtual Memory Especially Difficult
      • Special tricks can be employed
  • 20. Denali
    • Provides minimalistic, fast containers for virtual machines
    • Provides its own virtual architecture instead of using the underlying system architecture
  • 21. Denali Virtualization
    • CPU: Direct Execution w/ Extensions
      • Idle loop instruction
      • Interrupt Queueing
      • New Interrupt Semantics
    • MEM: Eliminates Virtual Memory
    • I/O: Generic I/O support for Devices
  • 22. Xen
    • Goal is to paravirtualize commodity operating systems (e.g. Linux)
    • Application level binary compatibility
    • Xen has meet most of its goals and provides ports of Linux, BSD, and Windows
  • 23. The Xen Difference
    • Some times keeping the Guest OS completely “in the dark” is bad
    • Completely hiding the virtualization of resources from a guest risks both performance and correctness
    • Example: Timing
  • 24. Xen Virtualization
    • CPU: Direct Execution
      • Guest executes in ring 1
      • Exception handlers registered with Xen
    • MEM: Guest maintains page tables
    • I/O: Shared Asynchronous Descriptor Rings
      • Lightweight event system
  • 25. References
    • Robert Rose, “Survey of System Virtualization Techniques”
    • Mendel Rosenblum et al., “Virtual Machine Monitors: Current Technology and Future Trends”, IEEE Computer, May 2005, Issue 5, pg. 39-47
    • Paul Barham et al., “Xen and the Art of Virtualization”, SOSP’03, pg. 164-177
    • VMWare, “Virtualization Overview”, Whitepaper
  • 26. Questions?