OpenCity Community, profile picture
Uploaded byOpenCity Community
PDF, PPTX7,834 views

Virtualization Technology Overview

The document discusses the history and usage of virtualization technology, provides an overview of CPU, memory, and I/O virtualization, compares the Xen and KVM virtualization architectures, and describes some Intel work to support virtualization in OpenStack including the Open Attestation service.

Embed presentation

Download as PDF, PPTX
Virtualization Technology Overview Liu, Jinsong (jinsong.liu@intel.com) SSG System Software Division
Agenda • Introduction  history  Usage model • Virtualization overview  cpu virtualiztion  memory virtualization  I/O virtualization • Xen/KVM architecture  Xen  KVM • Some intel work for Openstack  OAT 2 2012/11/28
Virtualization history • 60s’ IBM - CP/CMS on S360, VM370, … • 70’s 80s’ Silence • 1998 VMWare - SimOS project, Stanford • 2003 Xen - Xen project, Cambridge • After that: KVM/Hyper-v/Parallels … 3 2012/11/28
What is Virtualization VM0 VM1 VMn Apps Apps Apps Guest OS Guest OS ... Guest OS Virtual Machine Monitor (VMM) Platform HW Memory Processors I/O Devices • VMM is a layer of abstraction  support multiple guest OSes  de-privilege each OS to run as Guest OS • VMM is a layer of redirection  redirect physical platform to virtual platform illusions of many  provide virtaul platfom to guest os 4 2012/11/28
Server Virtualization Usage Model Server Consolidation R&D Production App App App … OS OS OS HW HW VMM VMM HW HW Benefit: Cost Savings • Consolidate services Benefit: Business Agility and Productivity • Power saving Dynamic Load Balancing Disaster Recovery App App App App 1 2 3 4 App App … OS OS OS OS OS OS VMM VMM VMM HW HW VMM CPU Usage CPU Usage HW HW 90% 30% Benefit: Lost saving • RAS • live migration • relief lost • Benefit: Productivity 5 2012/11/28
Agenda • Introduction • Virtualization overview  CPU virtualization  Memory virtualization  I/O virtualization • Xen/KVM architecture • Some intel work for Openstack 6 2012/11/28
X86 virtualization challenges • Ring Deprivileging  Goal: isolate guest OS from • Controlling physical resources directly • Modifying VMM code and data  Ring deprivileging layout • vmm runs at full privileged ring0 • Guest kernel runs at • X86-32: deprivileging ring 1 • X86-64: deprivileging ring 3 • Guest app runs at ring 3  Ring deprivileging problems • Unnecessary faulting • some privilege instructions • some exceptions • Guest kernel protection (x86-64) • Virtualization holes  19 instructions • SIDT/SGDT/SLDT … • PUSHF/POPF …  Some userspace holes hard to fix by s/w approach • Hard to trap, or • Performance overhead 7 2012/11/28
X86 virtualization challenges VM0 VM0 1 VM0 2 Ring3 Guest Apps Apps Guest Apps Apps Guest Apps Apps Guest Kernel Guest OS Guest Kernel Guest OS Guest Kernel Guest OS Ring1 Ring0 Virtual Machine Monitor (VMM) 8 2012/11/28
Typical X86 virtualization approaches • Para-virtualization (PV)  Para virtualization approach, like Xen  Modified guest OS aware and co-work with VMM  Standardization milestone: linux3.0 • VMI vs. PVOPS • Bare metal vs. virtual platform • Binary Translation (BT)  Full virtualization approach, like VMWare  Unmodified guest OS  Translate binary ‘on-the-fly’ • translation block w/ caching, • usually used for kernel, ~80% native performance • userspace app directly runs natively as much as possible, ~100% native performance • overall ~95% native performance • Complicated • Involves excessive complexities. e.g., self-modifying code • Hardware-assisted Virtualization (VT)  Full virtualization approach assisted by hardware, like KVM  Unmodified guest OS  Intel VT-x, AMD-v  Benefits: • Closing virtualization holes in hardware • Simplify VMM software • Optimizing for performance 9 2012/11/28
Memory virtualization challenges • Guest OS has 2 assumptions  expect to own physical memory starting from 0 • BIOS/Legacy OS are designed to boot from address low 1M  expect to own basically contiguous physical memory • OS kernel requires minimal contiguous low memory • DMA require certain level of contiguous memory • Efficient MM management, e.g., less buddy overhead • Efficient TLB, e.g., super page TLB • MMU virtualization  How to keep physical TLB valid  Different approaches involve different complication and overhead 10 2012/11/28
Memory virtualization challenges VM1 VM2 VM3 VM4 1 Guest 2 Pseudo 3 Physical 4 Memory 5 Hypervisor 5 Machine 1 Physical Memory 2 3 4 11 2012/5/13
Memory virtualization approaches • Direct page table  Guest/VMM in same linear space  Guest/VMM share same page table GVA • Shadow page table  Guest page table unmodified • gva -> gpa  VMM shadow page table • gva -> hpa  Complication and memory overhead Guest page table • Extended page table  Guest page table unmodified • gva -> gpa Direct Shadow • full control CR3, page fault  VMM extended page table page table GPA page table • gpa -> hpa • hardware based • good scalability for SMP • low memory overhead Extended • Reduce page fault VMexit greatly page table • Flexible choices  Para virtualization • Direct page table • Shadow page table  Full virtualization HPA • Shadow page table • Extended page table 12 2012/11/28
Shadow page table Page Directory • Guest page table remains PTE unmodified to guest PDE  Translate from gva -> gpa Page Table • Hypervisor create a new vCR3 page table for physical Virtual  Use hpa in PDE/PTE Physical  Translate from gva -> hpa  Invisible to guest Page Directory PTE PDE Page Table pCR3 13 2012/11/28
Extended page table Guest CR3 EPT base pointer Guest Guest Physical Address Extended Guest Linear Page Page Host Physical Address Tables Tables Address • Extended page table  Guest can have full control over its page tables and events • CR3, INVLPG, page fault  VMM controls Extended Page Tables • Complicated shadow page table is eliminated • Improved scalability for SMP guest 14 2012/11/28
I/O virtualization requirements Interrupt Register Access Device CPU DMA Shared Memory • I/O device from OS point of view  Resource configuration and probe  I/O request: IO, MMIO  I/O data: DMA  Interrupt • I/O Virtualization require  presenting guestos driver a complete device interface • Presenting an existing interface • Software Emulation • Direct assignment • Presenting a brand new interface • Paravirtualization 15 2012/11/28
I/O virtualization approaches • Emulated I/O  Software emulates real hardware device  VMs run same driver for the emulated hardware device  Good legacy software compatibility  Emulation overheads limit performance • Paravirtualized I/O  Uses abstract interfaces and stack for I/O services  FE driver: guest run virtualization-aware drivers  BE driver: driver based on simplified I/O interface and stack  Better performance over emulated I/O • Direct I/O  Directly assign device to Guest • Guest access I/O device directly • High performance and low CPU utilization  DMA issue • Guest set guest physical address • DMA hardware only accept host physical address  Solution: DMA Remapping (a.k.a IOMMU) • I/O page table is introduced • DMA engine translate according to I/O page table  Some limitations under live migration 16 2012/11/28
Virtual platform models Hypervisor Model Host-based Model Hybrid Model Guest Guest Guest Apps Apps ULM Apps Apps Apps DM Service Preferred Guest Guest Preferred VM Guest OS OS ULM OS OS OS DM DR P M DR P M Host Hypervisor U-Hypervisor OS P LKM M DR DM N P Processor Mgt code DR Device Driver N NoDMA M Memory Mgt code DM Device Model 17 2012/11/28
Agenda • Introduction • Virtualization • Xen/KVM architecture • Some intel work for Openstack 18 2012/11/28
Xen Architecture HVM Domain HVM Domain Domain 0 DomainU (32-bit) (64-bit) XenLinux64 Unmodified Unmodified OS OS (xm/xend) Models Control Device Panel 3P 3D XenLinux64 Drivers Drivers FE FE Front end Virtual 0D Virtual driver Guest BIOS Guest BIOS Backend Drivers Virtual Platform Virtual Platform 1/3P Native Device Drivers VM Exit VM Exit Callback / Hypercall 0P Inter-domain Event Channels Control Interface Scheduler Event Channel Hypercalls Processor Memory I/O: PIT, APIC, PIC, IOAPIC Xen Hypervisor 19 2012/11/28
KVM Architecture Windows Linux Guest Guest Qemu-kvm Non Root Root VMCS VMCS VMCS vCPU vMEM vTimer Linux Kernel vPIC vAPIC vIOAPIC KVM module 20 2012/11/28
Agenda • Introduction • Virtualization • Xen/KVM architecture • Some intel work for Openstack 21 2012/11/28
Trusted Pools - Implementation User specifies :: OpenStack App App App App App App Host Mem > 2G agent Disk > 50G OS OS GPGPU=Intel Hypervisor / tboot EC2 API trusted_host=trusted Create VM HW/TXT Tboot- Scheduler Enabled Create TrustedFilter OSAPI Query Report Attest untrusted trusted/ Query API Attestation Server Host Agent API Privacy OAT- Query API CA Based Attestation Appraiser Service Whitelist Whitelist API DB

More Related Content

PDF
Introduction to virtualization
bySasikumar Thirumoorthy
 
PPTX
1.Introduction to virtualization
byHwanju Kim
 
PPSX
Virtualization basics
byChandrani Ray Chowdhury
 
PDF
Introduction to Cloud Computing
byAnimesh Chaturvedi
 
PPT
Introduction to Virtualization
byelliando dias
 
PPTX
What is Virtualization
byDhrupesh Kotadiya
 
PPT
Fullandparavirtualization.ppt
byImXaib
 
ODP
Introduction to virtualization
byAhmad Hafeezi
 
Introduction to virtualization
bySasikumar Thirumoorthy
 
1.Introduction to virtualization
byHwanju Kim
 
Virtualization basics
byChandrani Ray Chowdhury
 
Introduction to Cloud Computing
byAnimesh Chaturvedi
 
Introduction to Virtualization
byelliando dias
 
What is Virtualization
byDhrupesh Kotadiya
 
Fullandparavirtualization.ppt
byImXaib
 
Introduction to virtualization
byAhmad Hafeezi
 

What's hot

PPTX
Virtualization & cloud computing
bySoumyajit Basu
 
PPTX
Virtual Machine
byMehul Boghra
 
PPTX
Virtualization
byYdel Capales
 
PPT
Virtualization in cloud computing ppt
byMehul Patel
 
PPTX
Principles of virtualization
byRubal Sagwal
 
PPT
Servers
bySrinath Dhayalamoorthy
 
PPTX
Cloud service models
byPrem Sanil
 
PPTX
6. Live VM migration
byHwanju Kim
 
PPTX
Introduction of Cloud computing
byRkrishna Mishra
 
PPTX
Hardware virtualization basic
bySanoj Kumar
 
PPTX
What is Virtualization and its types & Techniques.What is hypervisor and its ...
byShashi soni
 
PPT
Virtualization VMWare technology
bysanjoysanyal
 
PPT
Virtualization in cloud
byAshok Kumar
 
PPTX
Cloud Computing: Virtualization
byDr.Neeraj Kumar Pandey
 
PDF
Vmware overview
bySyed Zeeshan
 
PDF
Cloud Computing and Virtualization
byMahbub Noor Bappy
 
PPTX
Storage Virtualization
byMehul Jariwala
 
PPTX
Virtualization- Cloud Computing
byNIKHILKUMAR SHARDOOR
 
PPTX
5. IO virtualization
byHwanju Kim
 
PDF
Virtualization presentation
byMangesh Gunjal
 
Virtualization & cloud computing
bySoumyajit Basu
 
Virtual Machine
byMehul Boghra
 
Virtualization
byYdel Capales
 
Virtualization in cloud computing ppt
byMehul Patel
 
Principles of virtualization
byRubal Sagwal
 
Servers
bySrinath Dhayalamoorthy
 
Cloud service models
byPrem Sanil
 
6. Live VM migration
byHwanju Kim
 
Introduction of Cloud computing
byRkrishna Mishra
 
Hardware virtualization basic
bySanoj Kumar
 
What is Virtualization and its types & Techniques.What is hypervisor and its ...
byShashi soni
 
Virtualization VMWare technology
bysanjoysanyal
 
Virtualization in cloud
byAshok Kumar
 
Cloud Computing: Virtualization
byDr.Neeraj Kumar Pandey
 
Vmware overview
bySyed Zeeshan
 
Cloud Computing and Virtualization
byMahbub Noor Bappy
 
Storage Virtualization
byMehul Jariwala
 
Virtualization- Cloud Computing
byNIKHILKUMAR SHARDOOR
 
5. IO virtualization
byHwanju Kim
 
Virtualization presentation
byMangesh Gunjal
 

Similar to Virtualization Technology Overview

PDF
Virtualization Primer for Java Developers
byRichard McDougall
 
PPTX
Disco: Running Commodity Operating Systems on Scalable Multiprocessors Disco
byMagnus Backman
 
PPTX
Cloud Computing
byVikash Kushvaha
 
PDF
2virtualizationtechnologyoverview 13540659831745-phpapp02-121127193019-phpapp01
byVietnam Open Infrastructure User Group
 
PDF
virtualization tutorial at ACM bangalore Compute 2009
byACMBangalore
 
PPTX
Overview of System Virtualization
byAndre Odendaal
 
PDF
Virtualization: Hyper-V, VMM, App-V and MED-V.
byMicrosoft Iceland
 
PDF
VMware Performance for Gurus - A Tutorial
byRichard McDougall
 
PDF
Ian Pratt Nsdi Keynote Apr2008
byThe Linux Foundation
 
PPTX
Security Best Practices For Hyper V And Server Virtualization
byrsnarayanan
 
PPTX
Vitualisation
byPriya_Srivastava
 
PPT
virtual machine.ppt
bySushantShinde74
 
PPT
While technology and algorithms are an important part of computer science, th...
byKishan Kaushik
 
PDF
Ian Prattlinuxworld Xen Aug2008
byThe Linux Foundation
 
KEY
Hardware supports for Virtualization
byYoonje Choi
 
PDF
Mobile Virtualization using the Xen Technologies
byThe Linux Foundation
 
PPTX
cloud basics.
byMercy joy
 
PDF
Esx mem-osdi02
by35146895
 
PDF
Linux Foundation Collaboration Summit 13 :10 years of Xen and Beyond
byThe Linux Foundation
 
DOCX
Hardware Support for Efficient VirtualizationJohn Fisher-O
bysimisterchristen
 
Virtualization Primer for Java Developers
byRichard McDougall
 
Disco: Running Commodity Operating Systems on Scalable Multiprocessors Disco
byMagnus Backman
 
Cloud Computing
byVikash Kushvaha
 
2virtualizationtechnologyoverview 13540659831745-phpapp02-121127193019-phpapp01
byVietnam Open Infrastructure User Group
 
virtualization tutorial at ACM bangalore Compute 2009
byACMBangalore
 
Overview of System Virtualization
byAndre Odendaal
 
Virtualization: Hyper-V, VMM, App-V and MED-V.
byMicrosoft Iceland
 
VMware Performance for Gurus - A Tutorial
byRichard McDougall
 
Ian Pratt Nsdi Keynote Apr2008
byThe Linux Foundation
 
Security Best Practices For Hyper V And Server Virtualization
byrsnarayanan
 
Vitualisation
byPriya_Srivastava
 
virtual machine.ppt
bySushantShinde74
 
While technology and algorithms are an important part of computer science, th...
byKishan Kaushik
 
Ian Prattlinuxworld Xen Aug2008
byThe Linux Foundation
 
Hardware supports for Virtualization
byYoonje Choi
 
Mobile Virtualization using the Xen Technologies
byThe Linux Foundation
 
cloud basics.
byMercy joy
 
Esx mem-osdi02
by35146895
 
Linux Foundation Collaboration Summit 13 :10 years of Xen and Beyond
byThe Linux Foundation
 
Hardware Support for Efficient VirtualizationJohn Fisher-O
bysimisterchristen
 

More from OpenCity Community

PDF
开源讲义.pdf
byOpenCity Community
 
PDF
物联网操作系统漫谈-GIAC大会.pdf
byOpenCity Community
 
PDF
2017开源年会-企业开源那些事儿-更新.pdf
byOpenCity Community
 
PDF
社会化研发
byOpenCity Community
 
PDF
Containers & CaaS
byOpenCity Community
 
PPT
OaaS:Open as a Strategy
byOpenCity Community
 
PDF
Hello openstack 2014
byOpenCity Community
 
PDF
Docker openstack-2014
byOpenCity Community
 
PDF
Learn OpenStack from trystack.cn
byOpenCity Community
 
PDF
OpenStack系列公开课2 -20130508
byOpenCity Community
 
PDF
OpenStack ecosystem
byOpenCity Community
 
PDF
How to master OpenStack in 2 hours
byOpenCity Community
 
PDF
Learn OpenStack from trystack.cn ——Folsom in practice
byOpenCity Community
 
PDF
Quantum Networks
byOpenCity Community
 
PDF
云计算思考
byOpenCity Community
 
PDF
Openstorage Openstack
byOpenCity Community
 
PDF
Openstack的研究与实践
byOpenCity Community
 
PDF
Open Stack Cheng Du Swift Alex Yang
byOpenCity Community
 
PDF
Nova与虚拟机管理
byOpenCity Community
 
PDF
Look Into Libvirt Osier Yang
byOpenCity Community
 
开源讲义.pdf
byOpenCity Community
 
物联网操作系统漫谈-GIAC大会.pdf
byOpenCity Community
 
2017开源年会-企业开源那些事儿-更新.pdf
byOpenCity Community
 
社会化研发
byOpenCity Community
 
Containers & CaaS
byOpenCity Community
 
OaaS:Open as a Strategy
byOpenCity Community
 
Hello openstack 2014
byOpenCity Community
 
Docker openstack-2014
byOpenCity Community
 
Learn OpenStack from trystack.cn
byOpenCity Community
 
OpenStack系列公开课2 -20130508
byOpenCity Community
 
OpenStack ecosystem
byOpenCity Community
 
How to master OpenStack in 2 hours
byOpenCity Community
 
Learn OpenStack from trystack.cn ——Folsom in practice
byOpenCity Community
 
Quantum Networks
byOpenCity Community
 
云计算思考
byOpenCity Community
 
Openstorage Openstack
byOpenCity Community
 
Openstack的研究与实践
byOpenCity Community
 
Open Stack Cheng Du Swift Alex Yang
byOpenCity Community
 
Nova与虚拟机管理
byOpenCity Community
 
Look Into Libvirt Osier Yang
byOpenCity Community
 

Virtualization Technology Overview

  • 1.
    Virtualization Technology Overview Liu, Jinsong (jinsong.liu@intel.com) SSG System Software Division
  • 2.
    Agenda • Introduction  history  Usage model • Virtualization overview  cpu virtualiztion  memory virtualization  I/O virtualization • Xen/KVM architecture  Xen  KVM • Some intel work for Openstack  OAT 2 2012/11/28
  • 3.
    Virtualization history • 60s’ IBM - CP/CMS on S360, VM370, … • 70’s 80s’ Silence • 1998 VMWare - SimOS project, Stanford • 2003 Xen - Xen project, Cambridge • After that: KVM/Hyper-v/Parallels … 3 2012/11/28
  • 4.
    What is Virtualization VM0 VM1 VMn Apps Apps Apps Guest OS Guest OS ... Guest OS Virtual Machine Monitor (VMM) Platform HW Memory Processors I/O Devices • VMM is a layer of abstraction  support multiple guest OSes  de-privilege each OS to run as Guest OS • VMM is a layer of redirection  redirect physical platform to virtual platform illusions of many  provide virtaul platfom to guest os 4 2012/11/28
  • 5.
    Server Virtualization UsageModel Server Consolidation R&D Production App App App … OS OS OS HW HW VMM VMM HW HW Benefit: Cost Savings • Consolidate services Benefit: Business Agility and Productivity • Power saving Dynamic Load Balancing Disaster Recovery App App App App 1 2 3 4 App App … OS OS OS OS OS OS VMM VMM VMM HW HW VMM CPU Usage CPU Usage HW HW 90% 30% Benefit: Lost saving • RAS • live migration • relief lost • Benefit: Productivity 5 2012/11/28
  • 6.
    Agenda • Introduction • Virtualizationoverview  CPU virtualization  Memory virtualization  I/O virtualization • Xen/KVM architecture • Some intel work for Openstack 6 2012/11/28
  • 7.
    X86 virtualization challenges •Ring Deprivileging  Goal: isolate guest OS from • Controlling physical resources directly • Modifying VMM code and data  Ring deprivileging layout • vmm runs at full privileged ring0 • Guest kernel runs at • X86-32: deprivileging ring 1 • X86-64: deprivileging ring 3 • Guest app runs at ring 3  Ring deprivileging problems • Unnecessary faulting • some privilege instructions • some exceptions • Guest kernel protection (x86-64) • Virtualization holes  19 instructions • SIDT/SGDT/SLDT … • PUSHF/POPF …  Some userspace holes hard to fix by s/w approach • Hard to trap, or • Performance overhead 7 2012/11/28
  • 8.
    X86 virtualization challenges VM0 VM0 1 VM0 2 Ring3 Guest Apps Apps Guest Apps Apps Guest Apps Apps Guest Kernel Guest OS Guest Kernel Guest OS Guest Kernel Guest OS Ring1 Ring0 Virtual Machine Monitor (VMM) 8 2012/11/28
  • 9.
    Typical X86 virtualizationapproaches • Para-virtualization (PV)  Para virtualization approach, like Xen  Modified guest OS aware and co-work with VMM  Standardization milestone: linux3.0 • VMI vs. PVOPS • Bare metal vs. virtual platform • Binary Translation (BT)  Full virtualization approach, like VMWare  Unmodified guest OS  Translate binary ‘on-the-fly’ • translation block w/ caching, • usually used for kernel, ~80% native performance • userspace app directly runs natively as much as possible, ~100% native performance • overall ~95% native performance • Complicated • Involves excessive complexities. e.g., self-modifying code • Hardware-assisted Virtualization (VT)  Full virtualization approach assisted by hardware, like KVM  Unmodified guest OS  Intel VT-x, AMD-v  Benefits: • Closing virtualization holes in hardware • Simplify VMM software • Optimizing for performance 9 2012/11/28
  • 10.
    Memory virtualization challenges •Guest OS has 2 assumptions  expect to own physical memory starting from 0 • BIOS/Legacy OS are designed to boot from address low 1M  expect to own basically contiguous physical memory • OS kernel requires minimal contiguous low memory • DMA require certain level of contiguous memory • Efficient MM management, e.g., less buddy overhead • Efficient TLB, e.g., super page TLB • MMU virtualization  How to keep physical TLB valid  Different approaches involve different complication and overhead 10 2012/11/28
  • 11.
    Memory virtualization challenges VM1 VM2 VM3 VM4 1 Guest 2 Pseudo 3 Physical 4 Memory 5 Hypervisor 5 Machine 1 Physical Memory 2 3 4 11 2012/5/13
  • 12.
    Memory virtualization approaches •Direct page table  Guest/VMM in same linear space  Guest/VMM share same page table GVA • Shadow page table  Guest page table unmodified • gva -> gpa  VMM shadow page table • gva -> hpa  Complication and memory overhead Guest page table • Extended page table  Guest page table unmodified • gva -> gpa Direct Shadow • full control CR3, page fault  VMM extended page table page table GPA page table • gpa -> hpa • hardware based • good scalability for SMP • low memory overhead Extended • Reduce page fault VMexit greatly page table • Flexible choices  Para virtualization • Direct page table • Shadow page table  Full virtualization HPA • Shadow page table • Extended page table 12 2012/11/28
  • 13.
    Shadow page table Page Directory • Guest page table remains PTE unmodified to guest PDE  Translate from gva -> gpa Page Table • Hypervisor create a new vCR3 page table for physical Virtual  Use hpa in PDE/PTE Physical  Translate from gva -> hpa  Invisible to guest Page Directory PTE PDE Page Table pCR3 13 2012/11/28
  • 14.
    Extended page table Guest CR3 EPT base pointer Guest Guest Physical Address Extended Guest Linear Page Page Host Physical Address Tables Tables Address • Extended page table  Guest can have full control over its page tables and events • CR3, INVLPG, page fault  VMM controls Extended Page Tables • Complicated shadow page table is eliminated • Improved scalability for SMP guest 14 2012/11/28
  • 15.
    I/O virtualization requirements Interrupt Register Access Device CPU DMA Shared Memory • I/O device from OS point of view  Resource configuration and probe  I/O request: IO, MMIO  I/O data: DMA  Interrupt • I/O Virtualization require  presenting guestos driver a complete device interface • Presenting an existing interface • Software Emulation • Direct assignment • Presenting a brand new interface • Paravirtualization 15 2012/11/28
  • 16.
    I/O virtualization approaches •Emulated I/O  Software emulates real hardware device  VMs run same driver for the emulated hardware device  Good legacy software compatibility  Emulation overheads limit performance • Paravirtualized I/O  Uses abstract interfaces and stack for I/O services  FE driver: guest run virtualization-aware drivers  BE driver: driver based on simplified I/O interface and stack  Better performance over emulated I/O • Direct I/O  Directly assign device to Guest • Guest access I/O device directly • High performance and low CPU utilization  DMA issue • Guest set guest physical address • DMA hardware only accept host physical address  Solution: DMA Remapping (a.k.a IOMMU) • I/O page table is introduced • DMA engine translate according to I/O page table  Some limitations under live migration 16 2012/11/28
  • 17.
    Virtual platform models Hypervisor Model Host-based Model Hybrid Model Guest Guest Guest Apps Apps ULM Apps Apps Apps DM Service Preferred Guest Guest Preferred VM Guest OS OS ULM OS OS OS DM DR P M DR P M Host Hypervisor U-Hypervisor OS P LKM M DR DM N P Processor Mgt code DR Device Driver N NoDMA M Memory Mgt code DM Device Model 17 2012/11/28
  • 18.
    Agenda • Introduction • Virtualization •Xen/KVM architecture • Some intel work for Openstack 18 2012/11/28
  • 19.
    Xen Architecture HVM Domain HVM Domain Domain 0 DomainU (32-bit) (64-bit) XenLinux64 Unmodified Unmodified OS OS (xm/xend) Models Control Device Panel 3P 3D XenLinux64 Drivers Drivers FE FE Front end Virtual 0D Virtual driver Guest BIOS Guest BIOS Backend Drivers Virtual Platform Virtual Platform 1/3P Native Device Drivers VM Exit VM Exit Callback / Hypercall 0P Inter-domain Event Channels Control Interface Scheduler Event Channel Hypercalls Processor Memory I/O: PIT, APIC, PIC, IOAPIC Xen Hypervisor 19 2012/11/28
  • 20.
    KVM Architecture Windows Linux Guest Guest Qemu-kvm Non Root Root VMCS VMCS VMCS vCPU vMEM vTimer Linux Kernel vPIC vAPIC vIOAPIC KVM module 20 2012/11/28
  • 21.
    Agenda • Introduction • Virtualization •Xen/KVM architecture • Some intel work for Openstack 21 2012/11/28
  • 22.
    Trusted Pools -Implementation User specifies :: OpenStack App App App App App App Host Mem > 2G agent Disk > 50G OS OS GPGPU=Intel Hypervisor / tboot EC2 API trusted_host=trusted Create VM HW/TXT Tboot- Scheduler Enabled Create TrustedFilter OSAPI Query Report Attest untrusted trusted/ Query API Attestation Server Host Agent API Privacy OAT- Query API CA Based Attestation Appraiser Service Whitelist Whitelist API DB