This document summarizes a tutorial on the hardware revolution in server virtualization. It begins with an overview of server virtualization technologies including VMM architectures and the criteria for a processor to be virtualizable. It then discusses the challenges of virtualizing x86 processors due to their architecture. The document outlines software techniques like binary translation and para-virtualization used for CPU, memory, and I/O virtualization. It also reviews hardware techniques enabled by technologies like VT-x, EPT, and SR-IOV. The summary concludes with a brief discussion of future trends in manageability and security relating to server virtualization.
Overview of VMware & VMware Education from IBMctc TrainCanada
Presentation will be delivered by IBM Training VMware Instructor, Stephen DeBarros, and will cover:
Virtualization 101.
Advantages to Virtualization.
What is Vmware VSphere?
Using Vmware Overview.
Overview of VMware education offered at IBM and newly released education
Recorded webinar is available here:
http://www.traincanada.com/site/event/overview-of-vmware-vmware-education-from-ibm/
Iwan ‘e1’ Rahabok who's working as a Staff SE, Strategic Accounts in Singapore ha created an awesome vCenter Operations 5 Training. It's available in PowerPoint format and I really would like to advise you to read the slide notes. The presentation serves 2 purposes, first it provides in-depth training for those who are learning or evaluating vCenter Operations 5 and second it provides materials that vCenter Ops champion can use to share with internal colleagues (e.g. storage team, app team, etc)
VMware vSphere Version Comparison 4.0 to 6.5Sabir Hussain
VMware vSphere leverages the power of virtualization to transform datacenters into simplified cloud computing infrastructures and enables IT organizations to deliver flexible and reliable IT services VMware vSphere virtualizes and aggregates the underlying physical hardware resources across multiple system and provides pools off virtual resources to the datacenter.
VM Virtualization
VMGate.com
** Edureka Certification Training: https://www.edureka.co **
This Edureka "VMware Tutorial for Beginners” video will give you a thorough and insightful overview of Virtualization and help you understand other related terms that revolve around VMware and Virtualization. Following are the offering of this video:
1. What is VMware?
2. What is Virtualization?
3. Types Of Virtualization
4. What Is Hypervisor?
5. Hypervisor Types
6. Demo- Creating a VM using VMware Workstation Player
Overview of VMware & VMware Education from IBMctc TrainCanada
Presentation will be delivered by IBM Training VMware Instructor, Stephen DeBarros, and will cover:
Virtualization 101.
Advantages to Virtualization.
What is Vmware VSphere?
Using Vmware Overview.
Overview of VMware education offered at IBM and newly released education
Recorded webinar is available here:
http://www.traincanada.com/site/event/overview-of-vmware-vmware-education-from-ibm/
Iwan ‘e1’ Rahabok who's working as a Staff SE, Strategic Accounts in Singapore ha created an awesome vCenter Operations 5 Training. It's available in PowerPoint format and I really would like to advise you to read the slide notes. The presentation serves 2 purposes, first it provides in-depth training for those who are learning or evaluating vCenter Operations 5 and second it provides materials that vCenter Ops champion can use to share with internal colleagues (e.g. storage team, app team, etc)
VMware vSphere Version Comparison 4.0 to 6.5Sabir Hussain
VMware vSphere leverages the power of virtualization to transform datacenters into simplified cloud computing infrastructures and enables IT organizations to deliver flexible and reliable IT services VMware vSphere virtualizes and aggregates the underlying physical hardware resources across multiple system and provides pools off virtual resources to the datacenter.
VM Virtualization
VMGate.com
** Edureka Certification Training: https://www.edureka.co **
This Edureka "VMware Tutorial for Beginners” video will give you a thorough and insightful overview of Virtualization and help you understand other related terms that revolve around VMware and Virtualization. Following are the offering of this video:
1. What is VMware?
2. What is Virtualization?
3. Types Of Virtualization
4. What Is Hypervisor?
5. Hypervisor Types
6. Demo- Creating a VM using VMware Workstation Player
Overview of my VMware vSphere 5.1 with ESXi and vCenter class. Get an overview of the most powerful, enterprise class private cloud platform available.
Windows Server 2012 introduceert het gebruik van Storage Pools. Hiermee kunt u zowel USB, externe als interne harde schijven in een Storage Pool plaatsen. Vanuit deze pool kunt u vervolgens zoveel virtuele schijven maken als u nodig heeft. Dit zijn in feite VHD bestanden zoals deze ook al door HyperV gebruikt werden. Server 2012 ondersteunt de RAID versies 0,1 en 5. Wilt u flexibiliteit en file redundancy, zonder een duur SAN aan te hoeven schaffen, dan is deze feature is voor u!
The Storage Hypervisor: The missing link for the Software Defined Datacenter Virsto Software
The concept of the software-defined datacenter (SDD) is gaining recognition, as IT moves away from infrastructure traditionally defined by hardware toward a more flexible infrastructure built around software and dynamic allocation of resources. In the SDD, all virtualized storage, server, networking and security resources required by an application can be defined by software and provisioned automatically. Virsto’s VM-centric storage hypervisor is purpose built to deliver software-defined storage: the missing link for storage agility, performance and efficiency to realize more agile IT.
Updated lifecycle management, improved analytics and support, and the option of Kubernetes — VMware vSphere® 7 is the biggest re-platform of vSphere in years. Learn more about the most significant vSphere evolution in a decade.
Learn more: http://ms.spr.ly/6005TmX9B
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...The Linux Foundation
This presentation will detail a practical approach to memory introspection of virtual machines running on the Xen hypervisor with no in-guest footprint. The functionality makes use of the mem-event API with a number of improvements which enable the proper tracking of guest OS activity. The technology created on top of this Xen API opens the door for several immediate applications, including: rootkit detection and prevention, detection and action on several categories of malware, and event source information for low-level post-event forensics and correlation based on real event data during events.
Overview of my VMware vSphere 5.1 with ESXi and vCenter class. Get an overview of the most powerful, enterprise class private cloud platform available.
Windows Server 2012 introduceert het gebruik van Storage Pools. Hiermee kunt u zowel USB, externe als interne harde schijven in een Storage Pool plaatsen. Vanuit deze pool kunt u vervolgens zoveel virtuele schijven maken als u nodig heeft. Dit zijn in feite VHD bestanden zoals deze ook al door HyperV gebruikt werden. Server 2012 ondersteunt de RAID versies 0,1 en 5. Wilt u flexibiliteit en file redundancy, zonder een duur SAN aan te hoeven schaffen, dan is deze feature is voor u!
The Storage Hypervisor: The missing link for the Software Defined Datacenter Virsto Software
The concept of the software-defined datacenter (SDD) is gaining recognition, as IT moves away from infrastructure traditionally defined by hardware toward a more flexible infrastructure built around software and dynamic allocation of resources. In the SDD, all virtualized storage, server, networking and security resources required by an application can be defined by software and provisioned automatically. Virsto’s VM-centric storage hypervisor is purpose built to deliver software-defined storage: the missing link for storage agility, performance and efficiency to realize more agile IT.
Updated lifecycle management, improved analytics and support, and the option of Kubernetes — VMware vSphere® 7 is the biggest re-platform of vSphere in years. Learn more about the most significant vSphere evolution in a decade.
Learn more: http://ms.spr.ly/6005TmX9B
XPDS14 - Zero-Footprint Guest Memory Introspection from Xen - Mihai Dontu, Bi...The Linux Foundation
This presentation will detail a practical approach to memory introspection of virtual machines running on the Xen hypervisor with no in-guest footprint. The functionality makes use of the mem-event API with a number of improvements which enable the proper tracking of guest OS activity. The technology created on top of this Xen API opens the door for several immediate applications, including: rootkit detection and prevention, detection and action on several categories of malware, and event source information for low-level post-event forensics and correlation based on real event data during events.
Modified maximum tangential stress criterion for fracture behavior of zirconi...dentalid
The veneering porcelain sintered on zirconia is widely used in dental prostheses, but
repeated mechanical loadings may cause a fracture such as edge chipping or delamination.
In order to predict the crack initiation angle and fracture toughness of zirconia/veneer bilayered
components subjected to mixed mode loadings, the accuracy of a new and
traditional fracture criteria are investigated. A modified maximum tangential stress
criterion considering the effect of T-stress and critical distance theory is introduced, and
compared to three traditional fracture criteria. Comparisons to the recently published
fracture test data show that the traditional fracture criteria are not able to properly predict
the fracture initiation conditions in zirconia/veneer bi-material joints. The modified
maximum tangential stress criterion provides more accurate predictions of the experimental
results than the traditional fracture criteria
The changing landscape of recruiting and admissions requires constant innovation. This panel will discuss some of the ways that graduate admissions offices are using online tools for recruiting and conversion.
Roxana Ivan - Buget mic pentru evenimente mari (Impact Hub Bucharest, 2014.02...Lumea SEO PPC
Asociaţia Specialiştilor în Search Engine Marketing din România v-a invitat joi, 27 februarie 2014, de la ora 19:00, în Impact Hub Bucharest, la cea de-a doua ediție Lumea SEO PPC din acest an. An discutat despre modalitățile de promovare online, dar totodata și despre strategiile de SEO și PPC aplicate în domeniul organizării de evenimente și de conferințe de tip business-to-busines, alături de speakerii: Cristian Manafu - Managing Partner la Evensys, Dragoș Smeu - Senior PPC Specialist at WebDigital.Ro și Roxana Ivan - Marketing & Communications Assistant 2Parale. Moderator: Valentin Radu.
Detalii:
http://lumeaseoppc.ro/follow-up-90/
I spoke about:
- The need for machine virtualisation
- Hyper-V architecture and components
- Failover Clustering
- Licensing
- Management- W2008 R2: Cluster Shared Volume and Live Migration
- The possible future
This presenation gives a quick history on Hyper-V and discusses the arhcitecture of the vurrent release. It then goes into detail on Hyper-V R2, i.e. the build included in Hyper-V Server 2008 R2 and Windows Server 2008 R2. It includes Live Migration, Cluster Shared Volumes, Virtual Machine Queue, SLAT, Core Parking and Native VHD.
An introduction to virtualization as a concept, its implementation in VirtualBox and an extension into an OpenStack private cloud. Done at SF State University. See more at http://commons.sfsu.edu/virtualization-and-cloud
Scalable Object Storage with Apache CloudStack and Apache HadoopChiradeep Vittal
Object Storage (like AWS S3) in the cloud is a key enabler of scalability and reliability in Cloud Computing. We will discuss how Apache CloudStack integrates Object Storage solutions and discuss specifically how HDFS (a part of Apache Hadoop) can provide the storage engine for the Object Storage component
Virtually Secure: Uncovering the risks of virtualizationSeccuris Inc.
Virtually Secure: Uncovering the risks of virtualization
Organizations have been quickly leveraging the benefits of virtualized platforms in their datacenters, often unknowingly increasing the exposure of their most prized assets.
Michael will highlight the key concerns around virtualization technologies including the answers to questions such as are virtualized servers PCI compliant and what minimum controls must exist to protect the hypervisor? He will walk the audience through the latest technical threats and shed light on the solutions and controls available to secure your virtual environments.
In a traditional Xen configuration domain 0 is used for a large number of different functions including running the toolstack(s), backends for network and disk I/O, running the QEMU device model instances, driving the physical devices in the system, handling guest console/framebuffer I/O and miscellaneous monitoring and management functions. Having all these functions in one domain produces a complex environment which is susceptible to shared fate on the failure of any one function, has complex interactions between functions (including resource contention) which makes it difficult to predict performance, and has limited flexibility (such as requiring the same kernel for all device drivers).
""Domain 0 disaggregation"" has been discussed for some time as a way to break out domain 0's functions into separate domains. Doing this enables each domain to be tailored to its function such as using a different kernel or operating system to drive different physical devices. Splitting functions into separate domains removes some of the unintentional interactions such as in-domain resource contention and reduces the system impact of the failure of a single function such as a device driver crash.
Although domain 0 disaggregation is not new it is seldom used in practise and much of its use is focussed on providing enhanced security. Citrix XenServer will be moving towards a disaggregated domain 0 in order to provide better security, scalability, performance, reliability, supportability and flexibility. This talk will describe XenServer's “Windsor” architecture and explain how it will provide the above benefits to customers and users. We will present an overview of the architecture and some early experimental measurements showing the benefits.
Automated Design of Digital Microfluids Lab-on-ChipACMBangalore
Automated Design of Digital
Microfluidics Lab-on-Chip
Krishnendu Chakrabarty
Department of Electrical and Computer Engineering
Duke University
Durham, NC
Connecting Biochemistry to Information Technology
And Electronic Design Automation
Talk delivered at ACM Bangalore Distinguished Speaker Program Feb 2009
Social Network Analysis (SNA) and its implications for knowledge discovery in...ACMBangalore
Social Network Analysis (SNA) and its implications for knowledge discovery in Informal Networks- Talk by Dr Jai Ganesh, SETLabs, Infosys at Search and Social Platforms tutorial, as part of Compute 2009, ACM Bangalore
Perspectives on Cloud COmputing - GoogleACMBangalore
Perspectives on Cloud Computing by Dr Prasad Ram, Google India Site Director, keynote delivered at Cloud Symposium, as part of Compute 2009, ACM Bangalore
Making of a Successful Cloud Business:
Current Status & Future Requirements
Rajarshi Bhose and Sumit Kumar Bose
Infosys Technologies Limited
Delivered as part of Cloud symposium, at ACM Bangalore COmpute 2009.
WEB BUSINESS PLATFORMS ON
THE ‘CLOUD’ – AN ENGINEERING
PERSPECTIVE
Harshavardhan “Harsh” Jegadeesan
Business Suite Core
SAPLabs, India
As part of cloud symposium, at ACM Bangalore Compute 2009
Market-Oriented Cloud Computing (as part of cloud symposium of ACM Compute 2009)
Srikumar Venugopal
Grid Computing and Distributed Systems (GRIDS) Laboratory
Dept. of Computer Science and Software Engineering
The University of Melbourne, Australia
presentation on cloud - internet reengineering? at cloud computing symposium, as part of acm bangalore compute 2009 conference, by venki nishtala, Rediff
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
2. Agenda
Server Virtualization technologies ~15 min
•
− Overview and history
− VMM architectures
− Criteria for a processor to be virtualizable
X86 Virtualization ~30 min
•
− The x86 processor architecture overview
− Virtualization challenges in x86 processors
Break 1 – Q&A
•
Software techniques for virtualization ~ 45 min
•
− CPU virtualization (Binary Translation/Para-virtualization)
− Memory virtualization (shadow tables/Xen writeable page tables)
− I/O virtualization (device emulation)
Break 2 – Q&A
•
Hardware techniques for virtualization ~45 min
•
− CPU virtualization (VT-x/AMD-V)
− Memory virtualization (Intel EPT/AMD NPT)
− I/O virtualization (VT-d/Vt-d2/PCI SIG SR-IOV/MR-IOV)
Future Trends ~ 5 min
•
− Manageability
− Security
Did you ever wonder if the person in the puddle is real, and you're just
a reflection of him? ~Calvin and Hobbes
2 16 January 2009
3. Server Virtualization Technologies
Software/
Software/
Hardware Firmware Resource
Firmware
Partitioning Virtualization Virtualization
Partitioning
APP1 APP2
APP1 APP2
APP2
APP1
APP2
APP1
OS1 OS2
OS1 OS2
OS2
OS1 OS
Hypervisor Layer
Hypervisor Layer
S/W (Software/
(Software/
Firmware)
Firmware)
H/W CPU CPU
CPU
CPU CPU
CPU CPU CPU
Memory Memory
Memory Memory
Memory Memory Memory Memory
HP Integrity VM HP-UX SRP
HP vPar
HP nPar
IBM SLPARS (micro- Solaris Containers
IBM DLPAR
Sun DSD
partitions) (Zones)
Sun Logical Domains
Hitachi Virtage PVC (earlier SWSoft)
VMware ESX/GSX OpenVZ,
Microsoft Hyper-V
Isolation IBM WPAR
Flexibility
3 16 January 2009
Xen, KVM, xVM…
4. A brief history lesson
1960’s 1996
APP APP APP
APP APP APP APP
APP
CMS MVS MVS CMS W2K3 W2K WNT4 Linux
IBM VM/370 VMware
IBM Mainframe Intel / AMD x86 Server
Stanford Research
VMM on IBM Mainframe
•
• DISCO project
• Many apps on $$$ HW
• VMM on cheap x86 HW
• VMware in 1999
Commodity hardware becomes powerful enough to support a virtual machine
manager (VMM) – so it’s back to the future with a proven technology!
4 16 January 2009
6. Hosted VM Architecture
HP Integrity VM, Microsoft Virtual Server, VMware GSX
6 16 January 2009
7. Virtualization Requirements – Popek and
Goldberg
A Model of Third Generation Machines
•
− Two modes of execution
− Protection mechanism for the
supervisor mode
− A method to automatically signal the
supervisor when the VM executes a
sensitive instruction.
Properties for a Virtual Machine Monitor
•
− Equivalence
− Resource control
− Efficiency
7 16 January 2009
8. VMM Requirements (Sensitive Instructions)
Ref : Analyzing the Intel Pentium’s ability to support a secure VMM – John Scott Robin (1999)
8 16 January 2009
9. Agenda
Server Virtualization technologies
•
− Overview and history
− VMM architectures
− Criteria for a processor to be virtualizable
X86 Virtualization
•
− The x86 processor architecture overview
− Virtualization challenges in x86 processors
Software techniques for virtualization
•
− CPU virtualization (Binary Translation/Para-virtualization)
− Memory virtualization (shadow tables/Xen writeable page tables)
− I/O virtualization (device emulation)
Hardware techniques for virtualization
•
− CPU virtualization (VT-x/AMD-V)
− Memory virtualization (Intel EPT/AMD NPT)
− I/O virtualization (VT-d/Vt-d2/PCI SIG SR-IOV/MR-IOV)
Future Trends
•
− Manageability
− Security
9 16 January 2009
10. X86 architecture – Privilege Levels
Data Structures contains Privilege Levels
• DPL : Descriptor privilege level
• CPL : Current Privilege Level
− DPL of the access rights byte in CS
segment descriptor cache register
− privilege level of the code and data
segment for the current task
• RPL : Requested Privilege Level
− the privilege level of the new selector
loaded into a segment register
10 16 January 2009
12. X86 memory management - segmentation
Upper 13 bits of
segment selector
are used to index
the descriptor table
GDTR, LDTR
TI = Table Indicator
Select the descriptor table
0 = Global Descriptor Table
1 = Local Descriptor Table
Access
selector Segment base Segment limit
rights
Hidden part of segment register
12 16 January 2009
13. X86 Paging – 32 bit mode
Page Table
Page Table Entry
13 16 January 2009
17. X86 virtualization challenges
Incorrect execution when
Non-faulting read Excessive
run in ring level > 0 (3C1)
of privileged Faulting
registers (3B1)
Guest
Guest
Ring 3 CPUID Sysenter
Apps
Apps
Ring
POPF LAR/LSL/
SGDT/SIDT/SLDT/STR CLI/
VERR/VER aliasing/
/PUSHF/SMSW/POP/ STI
STR/POP W/CALL/
PUSH
compression
Ring 1 /PUSH INT/JMP/
RET
Address space
compression
Ring 0
VMM
Leakage of privilege
level (3C1)
Hardware
Non-faulting write to Segment
privileged state reversibility issue
(eflags.IF) (3B1) on context switch
17 16 January 2009
18. Agenda
Server Virtualization technologies
•
− Overview and history
− VMM architectures
− Criteria for a processor to be virtualizable
X86 Virtualization
•
− The x86 processor architecture overview
− Virtualization challenges in x86 processors
Software techniques for virtualization
•
− CPU virtualization (Binary Translation/Para-virtualization)
− Memory virtualization (shadow tables/Xen writeable page tables)
− I/O virtualization (device emulation)
Hardware techniques for virtualization
•
− CPU virtualization (VT-x/AMD-V)
− Memory virtualization (Intel EPT/AMD NPT)
− I/O virtualization (VT-d/Vt-d2/PCI SIG SR-IOV/MR-IOV)
Future Trends
•
− Manageability
− Security
18 16 January 2009
19. Dynamic Binary Translation
x86 Parser &
x86
x86 High Level
Binary
Binary Translator
Data RAM
Disk Code Cache Code Cache
High Level Tags
Optimization
Low Level
Code Generation
Low Level
Optimization and
Scheduling
Translator Runtime -- Execution
Ref : Virtual Machines and Dynamic Translation:Implementing ISAs in Software – Joel Emer, Massachusetts
Institute of Technology
19 16 January 2009
20. Binary Translation - C Code Example
int isPrime(int a) {
for (int i = 2; i < a; i++) {
if (a % i == 0) return 0;
}
return 1;
}
Ref : Keith Adams and Ole Agesen. A comparison of software and hardware techniques for x86
virtualization. Operating Systems Review, 40(5):2–13, December 2006
20 16 January 2009
21. Basic Block Translation
Most instructions copied identically.
•
Privileged instructions must be emulated.
•
Jumps must be translated since translation can alter code layout.
•
Each translated BB must end with jump to next translated BB.
•
Ref : Keith Adams and Ole Agesen. A comparison of software and hardware techniques for x86
virtualization. Operating Systems Review, 40(5):2–13, December 2006
21 16 January 2009
22. Translation of isPrime(49)
Note that prime: BB never translated since 49 is not prime.
Ref : Keith Adams and Ole Agesen. A comparison of software and hardware techniques for x86
virtualization. Operating Systems Review, 40(5):2–13, December 2006
22 16 January 2009
26. Dynamic memory resizing - Ballooning
Inflating a balloon
•
− When the server wants to
reclaim memory
− Driver allocates pinned
physical pages within the VM
− Increases memory pressure in
the guest OS, reclaims space
to satisfy the driver allocation
request
− Driver communicates the
physical page number for
each allocated page to VMM
Deflating
•
− Frees up memory for general
use within the guest OS
26 16 January 2009
27. I/O system architecture overview (PCI/PCI-e)
OS driver OS driver
OS driver
VMM
CPU CPU CPU
CPU
CHAOS!!
Root Memory
Configuration
Complex RX
TX
space
01 2
27 16 January 2009
3, 0, 0 (BDF)
28. I/O Virtualization Architecture
Service VM Model
Monolithic Model Pass-through Model
Guest VMs
Service VMs
VMn
VM0 VMn
VM0
VMn
I/O
Guest OS
Guest OS Guest OS
Guest OS
Services VM0
and Apps
and Apps and Apps
and Apps
Device
Device
Device
Guest OS Drivers
Drivers
Drivers
I/O Services
and Apps
Device Drivers
Hypervisor
Hypervisor
Hypervisor
Assigned
Shared
Shared
Devices
Devices
Devices
Pro: Higher Performance Pro: High Security
• Pro: Highest Performance
• •
Pro: I/O Device Sharing Pro: I/O Device Sharing
• Pro: Smaller Hypervisor
• •
Pro: VM Migration Pro: VM Migration
• Pro: Device assisted sharing
• •
Con: Larger Hypervisor Con: Lower Performance
• Con: Migration Challenges
• •
VMWare ESX Xen
28 16 January 2009
31. Networking in Xen
Guest
Driver Domain
Domain 1
Back-End Drivers Packet Data Guest
Front-End
Domain 2
Driver
Guest
Ethernet Hypervisor
Domain ...
Page
Bridge
Flipping
Virtual
Interrupts
NIC Driver
Driver
Control
Interrupt Hypervisor
Dispatch
Hardware Control + Data
Packet Data Interrupts
NIC CPU / Memory / Disk / Other Devices
31 16 January 2009
32. Agenda
Server Virtualization technologies (15 min)
•
− Overview and history
− VMM architectures
− Criteria for a processor to be virtualizable
X86 Virtualization (30 min)
•
− The x86 processor architecture overview
− Virtualization challenges in x86 processors
Software techniques for virtualization (30 min)
•
− CPU virtualization (Binary Translation/Para-virtualization)
− Memory virtualization (shadow tables/Xen writeable page tables)
− I/O virtualization (device emulation)
Hardware techniques for virtualization
•
− CPU virtualization (VT-x/AMD-V)
− Memory virtualization (Intel EPT/AMD NPT)
− I/O virtualization (VT-d/Vt-d2/PCI SIG SR-IOV/MR-IOV)
Future Trends (5 min)
•
− Manageability
− Security
32 16 January 2009
33. CPU Virtualization with Intel VT-x
Virtual Machines (VMs)
Two new VT-x operating modes
•
− Less-privileged mode
(VMX non-root) for guest OSes Apps
Apps
Ring 3
− More-privileged mode
OS
OS
(VMX root) for VMM Ring 0
Two new transitions
• VM Exit VM Entry
− VM entry to non-root operation VMX
VM Monitor (VMM)
− VM exit to root operation Root
Execution controls determine when exits occur
•
− Access to privilege state, occurrence of exceptions, etc.
− Flexibility provided to minimize unwanted exits
VM Control Structure (VMCS) controls VT-x operation
•
− Also holds guest and host state
33 16 January 2009
34. VT-x Operations
VM 1 VM 2 VM n
VMX Ring 3 Ring 3 Ring 3
...
Non-root
Ring 0 Ring 0 Ring 0
Operation
VM Exit VMCS VMCS VMCS
1 2 n
Ring 3
VMX
IA-32 Root
Operation VMRESUME
VMLAUNCH Ring 0
VMXON
34 16 January 2009
35. VT-x new instructions
VMXON and VMXOFF
•
− To enter and exit VMX-root mode.
VMLAUNCH: Used on initial transition from VMM to Guest
•
− Enters VMX non-root operation mode
VMRESUME: Used on subsequent entries
•
− Enters VMX non-root operation mode
− Loads Guest state and Exit criteria from VMCS
VMEXIT
•
− Used on transition from Guest to VMM
− Enters VMX root operation mode
− Saves Guest state in VMCS
− Loads VMM state from VMCS
VMPTRST and VMPTRLD
•
− To Read and Write the VMCS pointer.
VMREAD, VMWRITE, VMCLEAR
•
− Read from, Write to and clear a VMCS
VMCALL
•
− Hypervisor entry point for hypercall from guest
35 16 January 2009
36. VT-x Data Structures (VMCS)
VMCS is a 4K table VM execution controls Controls External interrupt
•
which specifies the processor exiting, interrupt
behaviour in window exiting,
VM environment
non-root mode CR3 load/store
Physical addressing exiting, VPID
•
only, and is accessed enable, VPID
value, EPT
through
enable, EPTP…
VMREAD/VMWRITE
interface Guest save state Processor state EIP, ESP,
saved on VM EFLAGS, IDTR,
Loads and Stores to
• exits and loaded Segment
the current VMCS from on VM registers etc..
pointer through entries
VMPTRLD and Host save state Processor state CR3, EIP set to
VMPTRST loaded on VM monitor entry,
exits EFLAGS etc..
VMRESUME used if
•
same VMCS is being VM exit controls These fields MSR save etc..
control VM exits
resumed on a
processor. Else,
VM entry controls These fields Interrupts on
VMCLEAR followed by
control VM entry, MSR
VMLAUNCH. entries loads etc..
36 16 January 2009
37. VT-x solution to x86 virtualization challenges
Sysenter calls into guest
All reads return privilege Guest OS in full control of OS. CLI/STI optimized to
level 0, GDT/LDT owned by segment/task descriptors deliver virtual interrupts to
guest OS, CPUID can be VM
made to trap into VMM
Guest
Guest
Ring 3 CPUID Sysenter
Apps
Apps
No ring
LAR/LSL/VERR/
POPF compression –
CLI/
SGDT/SIDT/SLDT/STR
VERW/CALL/IN
Ring 0 all rings
STI
/PUSHF/SMSW/POP/
T/JMP/RET
PUSH available
No need for VMM to share address
space with guest – no address
compression
Ring -1
VMM
Hardware
Clean context switch on
Eflags.IF is no longer used for VM entry/exit
interrupt masking
37 16 January 2009
38. Intel EPT/AMD NPT
GPT Base
Pointer (hCR3)
gCR3
Guest
Physical
Guest Host
x86 Guest Host GPT
Address
Linear Physical
Page Tables Page Tables
Address Address
TLB & Caches
GPT directly translates Guest Virtual addresses into Host Physical
•
addresses on the fly.
− Uses Guest Page Table and Host-based Page Table
Significant reduction in “exit frequency”
•
• Primary page table modifications are as fast as native
• Page faults require no exits
• Context switches require no exits
− No shadow page table memory overhead
However, results in more expensive TLB misses - The “memsweep effect” –
•
mitigated by large guest pages
AMD ASID/Intel VPID - segments the TLB, reduces TLB purge overheads.
•
38 16 January 2009
39. VT-x extension: Extended Page Table
(EPT)
All guest-physical addresses go through extended page tables
•
• Includes address in CR3, address in PDE, address in PTE, etc.
39 16 January 2009
40. VT-x extension: Virtual Processor IDs
(VPID)
The idea of a tagged TLB is that each
•
TLB entry is “tagged” with an identifier
• Having such a tag allows the TLB
entries to not be “flushed” when
switching between the host and a
guest
• VPID is activated if the new “enable
VPIP” control bit is set in VMCS
Tag
Virtual Address Physical Address
Host 0x1000 0x10001000
Host 0x2000 0x10002000
Host 0x3000 0x10003000
Host 0x4000 0x10004000
Guest 0x1000 0xFFF01000
Guest 0x2000 0xFFF02000
Guest 0x3000 0xFFF03000
Guest 0x4000 0xFFF04000
40 16 January 2009
41. VT-x extension: CPUID spoofing
(Flex Migration)
Allows software to “spoof” the CPUID feature bits (e.g. make
•
the value of the CPUID feature bits appear different than
they really are).
• This is the same than the CPUID spoofing feature that the
current VT processors have.
Live VM Live VM
Migration Migration
Pre 2004 2006+ (Intel® Core™)
2004+
64 bit
32 bit 64 bit dual,
single core
single core quad-core
Older / Existing Servers Newer Servers
41 16 January 2009
42. Intel VT-d Architecture Detail
DMA Requests
Dev 31, Func 7
Device ID Virtual Address …
Length
Dev P, Func 2
Bus 255
Page
Frame
Bus N
Fault Generation Bus 0
Dev P, Func 1
4KB Page
Tables
Dev 0, Func 0
Address Translation
DMA Remapping Structures
Device D1
Engine Device
Assignment
Translation Cache Structures
Device D2
Address Translation
Structures
Context Cache
Memory Access with System Memory-resident Partitioning And
Physical Address Translation Structures
42 16 January 2009
43. VT-d: Remapping Structures
VT-d hardware selects page-table based on source of DMA request
•
− Requestor ID (bus / device / function) in request identifies DMA source
VT-d Device Assignment Entry
•
127 64
Rsvd Domain ID Rsvd Address
Width
63 0
Address Space Root Pointer Rsvd Ext. Controls P
Controls
VT-d supports hierarchical page tables for address translation
•
− Page directories and page tables are 4 KB in size
− 4KB base page size with support for larger page sizes
− Support for DMA snoop control through page table entries
VT-d Page Table Entry
•
63 0
Rsvd Page-Frame / Page-Table Address Available S Rsvd Ext. W R
P Controls
43 16 January 2009
45. PCI SIG IOV Overview
PCIe Multi-Root IOV
PCIe Single-Root IOV
SI SI SI SI SI SI
VI VI VI
PCI SIG is standardizing mechanisms that enable PCIe Devices to be directly shared
•
− Single-Root IOV – Direct sharing between SIs on a single system
− Multi-Root IOV – Direct sharing between SIs on multiple systems
PCI-SIG IOV Specification covers “north-side” of the Device
•
45 16 January 2009
46. PCI SIG IOV
Terminologies
SR-PCIM
SI SI
VI
VI
System Image (SI)
•
− SW, e.g., a guest OS, to which virtual
and physical devices can be assigned
Virtual Intermediary (VI)
•
− Performs resource allocation, isolation,
management and event handling
PCIM – PCI Manager
•
− Controls configuration, management
and error handling of PFs and VFs
− May be in SW and/or Firmware.
− May be integrated into a VI
Translation Agent (TA )
•
− Uses ATPT to translates PCI Bus
Addresses into platform addresses
PCIe
Address Translation and Protection
•
Switch
Table (ATPT)
− Validates access rights of incoming PCI
memory transactions.
− Translates PCI Address into
platform physical addresses
F F
46 16 January 2009
47. VT-c: Virtual Machine Device
Queues (VMDq)
• On the receive path, VMDq
provides a hardware ‘sorter'
or classifier that essentially
does the pre-work for the
VMM of directing which end
VM the packets should go to.
The NIC or LAN silicon is
performing a hardware assist
for the VMM layer.
47 16 January 2009
49. Deja-Vu – Back to the future
What VT calls quot;non-root modequot;, and Pacifica calls quot;guest
•
modequot;, was called quot;interpretive executionquot; on the IBM
VM/370 and VM/ESA mainframes.
• VT's quot;vmlaunchquot; instruction and Pacifica's quot;vmrunquot; was
called as quot;sie“
• Intel's quot;VMCSquot; and AMD's quot;VMCBquot; was called as quot;state
descriptionquot; on the IBM mainframes.
• IBM also defined the concept of shadow translation tables
and a dual page-table walk in hardware.
• IBM also defined a interpreted SIE for nested hypervisor
support (not yet in Intel/AMD)
49 16 January 2009
50. Agenda
Server Virtualization technologies
•
− Overview and history
− VMM architectures
− Criteria for a processor to be virtualizable
X86 Virtualization
•
− The x86 processor architecture overview
− Virtualization challenges in x86 processors
Software techniques for virtualization
•
− CPU virtualization (Binary Translation/Para-virtualization)
− Memory virtualization (shadow tables/Xen writeable page tables)
− I/O virtualization (device emulation)
Hardware techniques for virtualization
•
− CPU virtualization (VT-x/AMD-V)
− Memory virtualization (Intel EPT/AMD NPT)
− I/O virtualization (VT-d/Vt-d2/PCI SIG SR-IOV/MR-IOV)
Future Trends
•
− Manageability
− Security
50 16 January 2009
51. Future Trends
Secure Hypervisors – The hypervisor itself like an OS can have holes.
•
BluePill attacks – subverting the hypervisor
•
Trusted Virtualization - Virtualizing TPMs for use by guest virtual machines
•
Trusted Virtualization – How do we trust the VMM ? Intel’s LT (LaGrande) and
•
AMD’s Presidio introduce architectural extensions for security
Firewalls to protect guests. Xen Motion security hole
•
Storage QoS – FC NPIV, Storage vMotion
•
Datacenter/Lifecycle Management (Virtualiztion 2.0)
•
− OpsWare PAS (now HP Operations Orchestrator)
− Novell ZENworks Orchestrator
− VMware Lifecycle Manager
51 16 January 2009
52. References
D. L. Osisek, K. M. Jackson, and P. H. Gum. ESA/390
•
interpretive-execution architecture, foundation for VM/ESA.
IBM Systems Journal, 30(1):34–51, 1991.
• John Scott Robin and Cynthia E. Irvine. Analysis of the Intel
Pentium’s ability to support a secure virtual machine
monitor. In USENIX, editor, Proceedings of the Ninth
USENIX Security Symposium, August 14–17, 2000,
Denver, Colorado, page 275, San Francisco, CA, USA,
2000
• Keith Adams and Ole Agesen. A comparison of software
and hardware techniques for x86 virtualization. Operating
Systems Review, 40(5):2–13, December 2006
• PCI IOV talks at WinHEC and HP by Michael Krause
• VMWorld 2007 talk by Ole Agesen
• Intel IDF 2007/2008 presentations
52 16 January 2009