The document discusses virtual machines (VMs) and their capabilities, including virtualization properties such as fault isolation, performance isolation, and the ability to capture VM state. It outlines types of virtualization, including hardware-assisted virtualization like Intel VT and x86 virtualization challenges. The document also contrasts hypervisor-based virtualization with operating system-level virtualization, detailing performance, security, and overhead differences.

1. 1
What is a Virtual Machine?
Behaveslike hardware
Encapsulates all OS and
application state
Extra level of indirection
Decouples hardware, OS
Enforces isolation
Multiplexes physical hardware
across VMs
Virtualization Properties
Fault isolation
Performance isolation
Cleanly capture all VM state
Enables VM snapshots, clones
Independent of physical hardware
Enables migration of live, running VMs
Transformations on instructions, memory, I/O
Enables transparent resource overcommitment,
encryption, compression, replication …
Virtualization
Based on materials from:
Introduction to Virt ual Machines by Ca rl Waldspurger
Un dersta nding Inte l® Virt ualization Technology (VT) by N. B. Sahgal and D. Rodgers
Inte l Virt ualization Technology Ro admap and VT-d Support in Xen by Jun Nakajima
A Performance Co mpariso n of Co ntainer-based Virt ualization Systems for MapReduce
Clusters by M. G. Xavier, M. V. Neves, and C.A.F. De Rose
© 2010VM ware Inc .Allrights reserv ed
Starting Point: A Physical Machine
Processors, memory, chipset, I/O
devices, etc.
Tightly coupled to physical
Single active OS instance
OS controls hardware

2. 2
Types of Virtualization
Higher performance
ESX, Xen, HyperV, KVM
Easier to install
Leverage host’s device drivers
VMware Workstation, Parallels
Attribution: http://itechthoughts.wordpress.com/tag/full-virtualization/
Types of Virtualization
Unmodified OS, virtualization is transparent to OS
OS modified to be virtualized
Attribution http://forums.techarena.in/guides-tutorials/1104460.htm
Virtualization Applications Types of Virtualization

3. 3
Processor Virtualization
Attribution: http://itechthoughts.wordpress.com/tag/full-virtualization/
Trap and Emulate
What is a Virtual Machine Monitor?
Equivalent execution: Programs running in the virtualized environment run
identically to running natively.
Performance: A statistically dominant subset of the instructions must be
executed directly on the CPU.
Safety and isolation: A VMM most completely control system resources.
What Needs to Virtualized Virtualized?
Privileged
Unprivileged

4. 4
Processor Paravirtualization
Page table updates
HW Support
Codenamed "Vanderpool"
Available since Itanium 2 (2005), Xeon and Centrino (2006)
AMD-V
Codename “Pacifica”
Available since Athlon 64 (2006)
x86 Virtualization Challenges
x86 ISA includes instructions that read or modify privileged state
But which don’t trap in unprivileged mode
Pop top-of-stack into EFLAGS register
EFLAGS.IF bit privileged (interrupt enable flag)
POPF silently ignores attempts to alter EFLAGS.IF in unprivileged mode!
So no trap to return control to VMM
x86 Virtualization Approaches

5. 5
VM Entry and VM Exit
■ VM Entry
■ VM Exit
■ VMM can control which instructions cause VM exists
Benefits: VT Helps Improve VMMs
Eliminates need for binary patching / translation
Facilitates support for Legacy OS
Eliminates need for complex SW techniques
Simpler and smaller VMMs
Smaller trusted-computing base
Intel VT-x Operating Modes
Fully privileged, intended for VM monitor
Not fully privileged, intended for guest software
Reduces Guest SW privilege w/o relying on rings
Solution to Ring Aliasing and Ring Compression

6. 6
Memory Virtualization Techniques
TLB invalidation requests, page table creation, write to existing page tables
x86 Memory Management Primer
Maps virtual to physical page addresses
CR3 points to page table root
HW walks the page tables
Inserts virtual to physical mapping

7. 7
Issues with Nested Page Tables
Simplifies monitor design
Guest page table is in physical address space
Need to walk PhysMap multiple times
•
•
Memory Reclamation
Memory Paravirtualization
VMM validates that guest owns machine address
Hardware Support
Since Corei7 (2008)
Since Opteron and Phenom II (2007)

8. 8
Page Sharing I/O Virtualization
Page Sharing

9. 9
Direct Mapped/PCI Passthrough Hardware Support
AMD-Vi
IO Paravirtualization

10. 10
Operating System Level Virtualization
Shared operating system
A group of OS processes in an insolated environment
Lightweight virtualization layer
Operating System-Level Virtualization
Each container has:
•
•
•
•
•
•
Intel VT-d VT-d Applied to Pass-through Model

11. 11
Hypervisor vs. System-Level Virtualization
Hypervisor OS-Level/Container
Different Kernel OS Single Kernel
Device Emulation Syscall
Limits per machine Limits per process
Higher overhead Lower overhead
More secure Less secure