This document discusses virtualization and cloud computing. It begins by explaining the motivations for virtualization, such as managing resources more efficiently and improving performance, security, and reliability. It then covers key concepts in virtualization like virtual machines, hypervisors, paravirtualization, and hardware assisted virtualization. A major virtualization technology discussed is Xen, which uses paravirtualization. The document also briefly mentions Linux containers as a form of lightweight virtualization.
This document discusses virtualization and cloud computing. It begins by explaining the motivations for virtualization, such as managing resources more efficiently and allowing live migration of virtual machines. It then covers key concepts in virtualization like virtual machine monitors, full virtualization versus paravirtualization, and hardware assisted virtualization. Specific virtualization technologies are discussed like Xen, a popular open source hypervisor based on paravirtualization. The document also covers challenges in virtualizing the x86 CPU architecture.
Chapter 5 – Cloud Resource
Virtualization
Contents
Virtualization.
Layering and virtualization.
Virtual machine monitor.
Virtual machine.
Performance and security isolation.
Architectural support for virtualization.
x86 support for virtualization.
Full and paravirtualization.
Xen 1.0 and Xen 2.0.
Performance comparison of virtual machine monitors.
The darker side of virtualization.
Software fault isolation.
Cloud Computing: Theory and Practice. Chapter 5 2 Dan C. Marinescu
Motivation
There are many physical realizations of the fundamental
abstractions necessary to describe the operation of a computing
systems.
Interpreters.
Memory.
Communications links.
Virtualization is a basic tenet of cloud computing, it simplifies the
management of physical resources for the three abstractions.
The state of a virtual machine (VM) running under a virtual machine
monitor (VMM) can de saved and migrated to another server to
balance the load.
Virtualization allows users to operate in environments they are
familiar with, rather than forcing them to idiosyncratic ones.
Cloud Computing: Theory and Practice.
Chapter 5 3 Dan C. Marinescu
Motivation (cont’d)
Cloud resource virtualization is important for:
System security, as it allows isolation of services running on
the same hardware.
Performance and reliability, as it allows applications to migrate
from one platform to another.
The development and management of services offered by a
provider.
Performance isolation.
Cloud Computing: Theory and Practice.
Chapter 5 4 Dan C. Marinescu
Virtualization
Simulates the interface to a physical object by:
Multiplexing: creates multiple virtual objects from one instance
of a physical object. Example - a processor is multiplexed
among a number of processes or threads.
Aggregation: creates one virtual object from multiple physical
objects. Example - a number of physical disks are aggregated
into a RAID disk.
Emulation: constructs a virtual object from a different type of a
physical object. Example - a physical disk emulates a Random
Access Memory (RAM).
Multiplexing and emulation. Examples - virtual memory with
paging multiplexes real memory and disk; a virtual address
emulates a real address.
Cloud Computing: Theory and Practice.
Chapter 5 5 Dan C. Marinescu
Layering
Layering – a common approach to manage system complexity.
Minimizes the interactions among the subsystems of a complex
system.
Simplifies the description of the subsystems; each subsystem is
abstracted through its interfaces with the other subsystems.
We are able to design, implement, and modify the individual
subsystems independently.
Layering in a computer system.
Hardware.
Software.
Operating system.
Libraries.
Applications.
.
Chapter 5 – Cloud Resource
Virtualization
Contents
Virtualization.
Layering and virtualization.
Virtual machine monitor.
Virtual machine.
Performance and security isolation.
Architectural support for virtualization.
x86 support for virtualization.
Full and paravirtualization.
Xen 1.0 and Xen 2.0.
Performance comparison of virtual machine monitors.
The darker side of virtualization.
Software fault isolation.
Cloud Computing: Theory and Practice. Chapter 5 2 Dan C. Marinescu
Motivation
There are many physical realizations of the fundamental
abstractions necessary to describe the operation of a computing
systems.
Interpreters.
Memory.
Communications links.
Virtualization is a basic tenet of cloud computing, it simplifies the
management of physical resources for the three abstractions.
The state of a virtual machine (VM) running under a virtual machine
monitor (VMM) can de saved and migrated to another server to
balance the load.
Virtualization allows users to operate in environments they are
familiar with, rather than forcing them to idiosyncratic ones.
Cloud Computing: Theory and Practice.
Chapter 5 3 Dan C. Marinescu
Motivation (cont’d)
Cloud resource virtualization is important for:
System security, as it allows isolation of services running on
the same hardware.
Performance and reliability, as it allows applications to migrate
from one platform to another.
The development and management of services offered by a
provider.
Performance isolation.
Cloud Computing: Theory and Practice.
Chapter 5 4 Dan C. Marinescu
Virtualization
Simulates the interface to a physical object by:
Multiplexing: creates multiple virtual objects from one instance
of a physical object. Example - a processor is multiplexed
among a number of processes or threads.
Aggregation: creates one virtual object from multiple physical
objects. Example - a number of physical disks are aggregated
into a RAID disk.
Emulation: constructs a virtual object from a different type of a
physical object. Example - a physical disk emulates a Random
Access Memory (RAM).
Multiplexing and emulation. Examples - virtual memory with
paging multiplexes real memory and disk; a virtual address
emulates a real address.
Cloud Computing: Theory and Practice.
Chapter 5 5 Dan C. Marinescu
Layering
Layering – a common approach to manage system complexity.
Minimizes the interactions among the subsystems of a complex
system.
Simplifies the description of the subsystems; each subsystem is
abstracted through its interfaces with the other subsystems.
We are able to design, implement, and modify the individual
subsystems independently.
Layering in a computer system.
Hardware.
Software.
Operating system.
Libraries.
Applications.
.
This document discusses virtualization concepts and provides definitions and background information. It begins with references and sources on virtualization. It then defines virtualization and key terms like virtual machine monitor and guest/host. It covers the origins and principles of virtualization, how virtualization was rediscovered, and discusses various virtualization architectures, interfaces, types of virtual machine monitors, and strategies for virtualizing systems like the IA-32 architecture. It concludes by discussing memory management challenges in virtualization.
This document discusses virtualization concepts and provides definitions and background information. It begins with references and sources on virtualization. It then defines virtualization and key terms like virtual machine monitor and guest/host. It covers the origins and principles of virtualization, how virtualization was rediscovered, and discusses various virtualization architectures, interfaces, types of virtual machine monitors, and strategies for virtualizing systems like the IA-32 architecture. It concludes by discussing memory management challenges in virtualization.
The document discusses different levels of virtualization implementation including instruction set architecture level, hardware abstraction level, operating system level, library support level, and user-application level. It also discusses hypervisor design requirements and common virtualization providers like Xen. Key types of virtualization discussed are full virtualization, para-virtualization, CPU virtualization, memory virtualization, and I/O virtualization.
The document discusses different levels of virtualization implementation including instruction set architecture level, hardware abstraction level, operating system level, library support level, and user-application level. It also covers virtualization support at the OS level, middleware support for virtualization, hypervisor and Xen architecture, CPU virtualization, memory virtualization, I/O virtualization, and virtualization in multi-core processors.
Virtualization allows multiple virtual machines to run on a single physical machine. It relies on hardware advances like multi-core CPUs and networking improvements. Virtualization works by either emulating hardware, trapping privileged instructions and emulating them, dynamic binary translation, or paravirtualization where the guest OS is aware it is virtualized. I/O virtualization can emulate devices, use paravirtualized drivers, or directly assign devices to VMs. This enables server consolidation and efficient utilization of resources in cloud computing.
This document discusses virtualization and cloud computing. It begins by explaining the motivations for virtualization, such as managing resources more efficiently and allowing live migration of virtual machines. It then covers key concepts in virtualization like virtual machine monitors, full virtualization versus paravirtualization, and hardware assisted virtualization. Specific virtualization technologies are discussed like Xen, a popular open source hypervisor based on paravirtualization. The document also covers challenges in virtualizing the x86 CPU architecture.
Chapter 5 – Cloud Resource
Virtualization
Contents
Virtualization.
Layering and virtualization.
Virtual machine monitor.
Virtual machine.
Performance and security isolation.
Architectural support for virtualization.
x86 support for virtualization.
Full and paravirtualization.
Xen 1.0 and Xen 2.0.
Performance comparison of virtual machine monitors.
The darker side of virtualization.
Software fault isolation.
Cloud Computing: Theory and Practice. Chapter 5 2 Dan C. Marinescu
Motivation
There are many physical realizations of the fundamental
abstractions necessary to describe the operation of a computing
systems.
Interpreters.
Memory.
Communications links.
Virtualization is a basic tenet of cloud computing, it simplifies the
management of physical resources for the three abstractions.
The state of a virtual machine (VM) running under a virtual machine
monitor (VMM) can de saved and migrated to another server to
balance the load.
Virtualization allows users to operate in environments they are
familiar with, rather than forcing them to idiosyncratic ones.
Cloud Computing: Theory and Practice.
Chapter 5 3 Dan C. Marinescu
Motivation (cont’d)
Cloud resource virtualization is important for:
System security, as it allows isolation of services running on
the same hardware.
Performance and reliability, as it allows applications to migrate
from one platform to another.
The development and management of services offered by a
provider.
Performance isolation.
Cloud Computing: Theory and Practice.
Chapter 5 4 Dan C. Marinescu
Virtualization
Simulates the interface to a physical object by:
Multiplexing: creates multiple virtual objects from one instance
of a physical object. Example - a processor is multiplexed
among a number of processes or threads.
Aggregation: creates one virtual object from multiple physical
objects. Example - a number of physical disks are aggregated
into a RAID disk.
Emulation: constructs a virtual object from a different type of a
physical object. Example - a physical disk emulates a Random
Access Memory (RAM).
Multiplexing and emulation. Examples - virtual memory with
paging multiplexes real memory and disk; a virtual address
emulates a real address.
Cloud Computing: Theory and Practice.
Chapter 5 5 Dan C. Marinescu
Layering
Layering – a common approach to manage system complexity.
Minimizes the interactions among the subsystems of a complex
system.
Simplifies the description of the subsystems; each subsystem is
abstracted through its interfaces with the other subsystems.
We are able to design, implement, and modify the individual
subsystems independently.
Layering in a computer system.
Hardware.
Software.
Operating system.
Libraries.
Applications.
.
Chapter 5 – Cloud Resource
Virtualization
Contents
Virtualization.
Layering and virtualization.
Virtual machine monitor.
Virtual machine.
Performance and security isolation.
Architectural support for virtualization.
x86 support for virtualization.
Full and paravirtualization.
Xen 1.0 and Xen 2.0.
Performance comparison of virtual machine monitors.
The darker side of virtualization.
Software fault isolation.
Cloud Computing: Theory and Practice. Chapter 5 2 Dan C. Marinescu
Motivation
There are many physical realizations of the fundamental
abstractions necessary to describe the operation of a computing
systems.
Interpreters.
Memory.
Communications links.
Virtualization is a basic tenet of cloud computing, it simplifies the
management of physical resources for the three abstractions.
The state of a virtual machine (VM) running under a virtual machine
monitor (VMM) can de saved and migrated to another server to
balance the load.
Virtualization allows users to operate in environments they are
familiar with, rather than forcing them to idiosyncratic ones.
Cloud Computing: Theory and Practice.
Chapter 5 3 Dan C. Marinescu
Motivation (cont’d)
Cloud resource virtualization is important for:
System security, as it allows isolation of services running on
the same hardware.
Performance and reliability, as it allows applications to migrate
from one platform to another.
The development and management of services offered by a
provider.
Performance isolation.
Cloud Computing: Theory and Practice.
Chapter 5 4 Dan C. Marinescu
Virtualization
Simulates the interface to a physical object by:
Multiplexing: creates multiple virtual objects from one instance
of a physical object. Example - a processor is multiplexed
among a number of processes or threads.
Aggregation: creates one virtual object from multiple physical
objects. Example - a number of physical disks are aggregated
into a RAID disk.
Emulation: constructs a virtual object from a different type of a
physical object. Example - a physical disk emulates a Random
Access Memory (RAM).
Multiplexing and emulation. Examples - virtual memory with
paging multiplexes real memory and disk; a virtual address
emulates a real address.
Cloud Computing: Theory and Practice.
Chapter 5 5 Dan C. Marinescu
Layering
Layering – a common approach to manage system complexity.
Minimizes the interactions among the subsystems of a complex
system.
Simplifies the description of the subsystems; each subsystem is
abstracted through its interfaces with the other subsystems.
We are able to design, implement, and modify the individual
subsystems independently.
Layering in a computer system.
Hardware.
Software.
Operating system.
Libraries.
Applications.
.
This document discusses virtualization concepts and provides definitions and background information. It begins with references and sources on virtualization. It then defines virtualization and key terms like virtual machine monitor and guest/host. It covers the origins and principles of virtualization, how virtualization was rediscovered, and discusses various virtualization architectures, interfaces, types of virtual machine monitors, and strategies for virtualizing systems like the IA-32 architecture. It concludes by discussing memory management challenges in virtualization.
This document discusses virtualization concepts and provides definitions and background information. It begins with references and sources on virtualization. It then defines virtualization and key terms like virtual machine monitor and guest/host. It covers the origins and principles of virtualization, how virtualization was rediscovered, and discusses various virtualization architectures, interfaces, types of virtual machine monitors, and strategies for virtualizing systems like the IA-32 architecture. It concludes by discussing memory management challenges in virtualization.
The document discusses different levels of virtualization implementation including instruction set architecture level, hardware abstraction level, operating system level, library support level, and user-application level. It also discusses hypervisor design requirements and common virtualization providers like Xen. Key types of virtualization discussed are full virtualization, para-virtualization, CPU virtualization, memory virtualization, and I/O virtualization.
The document discusses different levels of virtualization implementation including instruction set architecture level, hardware abstraction level, operating system level, library support level, and user-application level. It also covers virtualization support at the OS level, middleware support for virtualization, hypervisor and Xen architecture, CPU virtualization, memory virtualization, I/O virtualization, and virtualization in multi-core processors.
Virtualization allows multiple virtual machines to run on a single physical machine. It relies on hardware advances like multi-core CPUs and networking improvements. Virtualization works by either emulating hardware, trapping privileged instructions and emulating them, dynamic binary translation, or paravirtualization where the guest OS is aware it is virtualized. I/O virtualization can emulate devices, use paravirtualized drivers, or directly assign devices to VMs. This enables server consolidation and efficient utilization of resources in cloud computing.
Disco: Running Commodity Operating Systems on Scalable Multiprocessors DiscoMagnus Backman
Disco: Running Commodity Operating Systems on Scalable Multiprocessors
VMware started as a grad school project out of Stansford university.
Many servers were under utilized so Project Disco was born.
Yes, VMware was originally called Project Disco.
In fact both GOOGLE and Project Disco started out together as grad projects.
The document provides an overview of virtualization, including definitions, types of virtualization, and popular hypervisors. It discusses how virtualization addresses issues with underutilized servers in data centers by consolidating workloads. Full virtualization provides a complete hardware simulation but has challenges virtualizing certain architectures like x86. Paravirtualization modifies the guest OS, while hardware-assisted virtualization uses new CPU features to simplify virtualization. Memory, storage, network, and application virtualization are also summarized.
Virtualization allows multiple virtual machines to run on a single physical machine. It began in IBM mainframes in 1972 and allowed time-sharing of computing resources. Modern virtualization technologies like VMware and Xen create virtual environments that are essentially identical to the original machine for programs to run in. Virtualization provides benefits like consolidation of servers, high availability, disaster recovery and easier management of computing resources. There are different types of virtualization including server, desktop, application, memory and storage virtualization.
This document provides information about virtualization. It discusses the history of virtualization beginning in IBM mainframes in 1972. It then discusses different types of virtualization including server virtualization, desktop virtualization, application virtualization, and others. It also discusses the benefits of virtualization such as consolidation, centralized management, high availability, disaster recovery and increased efficiency.
Virtualization is a framework that divides computer resources into execution environments. It abstracts physical hardware from the operating system to improve resource utilization and flexibility. Virtualization technologies enable multiple operating systems and applications to run simultaneously on a single physical server by simulating virtual machines. While not a new concept dating back to IBM in the 1960s, modern virtualization platforms like VMware vSphere transform hardware resources into fully functional virtual machines running their own operating systems. This improves efficiency, fault tolerance, and simplifies management and provisioning of computer systems.
Virtualization refers to the abstraction of computer resources through software. There are two main types of virtualization: platform virtualization, which involves simulating virtual machines, and resource virtualization, which involves simulating combined or simplified resources. Platform virtualization can be implemented through full virtualization using a hypervisor, paravirtualization which requires guest OS modifications, or operating system-level virtualization which isolates servers running the same OS. Resource virtualization techniques include storage, network, and CPU virtualization. Popular virtualization platforms include VMware, Xen, KVM, and Linux containers.
This document discusses different levels and approaches to virtualization including instruction set architecture level, hardware abstraction level, operating system level, library support level, and user-application level virtualization. It also covers virtualization of CPU, memory, I/O devices, and virtual clusters. Key points include hardware-assisted virtualization using features like VT-x, two-stage memory mapping using EPT, different approaches to I/O virtualization, and live VM migration involving transferring memory and synchronizing state changes.
The document discusses virtualization and provides an overview of key concepts and types of virtualization. It defines virtualization as using software to create virtual versions of hardware resources like servers, storage, and networks. The summary discusses the main types of virtualization covered in the document:
1. Server virtualization allows consolidating multiple physical servers onto one server by virtualizing hardware resources.
2. OS virtualization works at the OS layer, virtualizing a physical server and OS into isolated partitions that function like separate servers.
3. Hardware emulation uses a hypervisor to emulate hardware for guest operating systems, allowing different OS types on one server.
4. Paravirtualization coordinates hardware access without fully emulating
Virtualization involves dividing the resources of a computer into multiple execution environments. It has been used since the 1960s and there are several types including hardware, desktop, and language virtualization. The key components of a virtualization architecture are the hypervisor and guest/host machines. Hypervisors allow multiple operating systems to run on a single system and can be type 1 (runs directly on hardware) or type 2 (runs within an operating system). Virtualization provides benefits but also has limitations related to resource allocation and compatibility that vendors continue working to address.
Virtualization allows multiple operating systems and applications to run on a single host machine. It does this through virtual machines (VMs) which are isolated software containers that act like independent machines. The document discusses virtualization techniques including hardware virtualization using a hypervisor, paravirtualization, containers, and Docker. It covers concepts such as the virtual machine monitor (VMM), guest and host operating systems, and how virtualization improves efficiency and resource utilization.
The document discusses virtual machine systems and how they allow multiple operating systems to run simultaneously on the same hardware. A virtual machine provides an interface identical to the underlying hardware, creating the illusion of multiple processors. This allows different operating systems to run independently in virtual environments without directly sharing resources. Early examples include CP/67 which virtualized an IBM 360/67 computer. Modern virtualization software like VMware replicates hardware resources to support multiple guest operating systems on a single physical machine.
Need for Virtualization – Pros and cons of Virtualization – Types of Virtualization –System VM, Process VM, Virtual Machine monitor – Virtual machine properties - Interpretation and binary translation, HLL VM - supervisors – Xen, KVM, VMware, Virtual Box, Hyper-V.
Virtualization abstracts physical computing resources into virtual resources that can be allocated dynamically. It allows for server consolidation, improved system management, increased application availability, and more efficient use of resources. There are different types of virtualization including server, storage, and network virtualization. Server virtualization uses a virtual machine monitor to run multiple virtual machines on a single physical machine. Storage virtualization presents a logical view of physical storage to improve utilization and manageability. Trap-and-emulate is a common approach for virtualizing the system instruction set architecture by having privileged instructions trap to an emulator.
IBM's System Director VMControl is an advanced software module that allows a single administrator to manage virtual workloads across multiple platforms, including Linux, AIX, Windows, VMware, KVM, Hyper-V, PowerVM, and z/VM. It provides automated provisioning of new workloads, image management capabilities, strong integration with networks, resilience for virtual machines and infrastructure, security features, and efficient software license management. VMControl is positioned as the strongest and most advanced cross-platform virtualization management environment currently on the market.
Virtualization: Force driving cloud computingMayank Aggarwal
Virtualization allows a single physical machine to run multiple virtual machines, making hardware resources available to multiple virtual operating systems. This is done through a hypervisor or virtual machine monitor that allocates physical resources to virtual machines. Virtualization provides benefits like reduced costs, increased hardware utilization, and isolation of environments while sharing resources. The main types of virtualization are execution level (using a hypervisor), operating system level (through time-sharing), programming level (through virtual machines like Java), application level, storage, and network.
Virtualization refers to creating virtual versions of hardware platforms, operating systems, and other resources. It provides abstraction between computing resources and applications. Key terms include virtual machine, guest OS, hypervisor, and virtual machine monitor. Before virtualization, each physical machine ran one OS image, resources were underutilized, and infrastructure was inflexible. Virtualization allows multiple VMs to run on a single physical machine, improving utilization and flexibility. It virtualizes CPU, memory, I/O, networking, and other resources. CPU virtualization uses binary translation, paravirtualization, or hardware assistance. Memory virtualization maps guest physical to machine memory. I/O virtualization routes requests between virtual and physical devices. Popular virtualization
This document provides an overview of virtualization. It defines virtualization as the act of creating virtual versions of computer resources like hardware platforms, operating systems, storage, and networks. The key learning objectives are understanding how different resources like processors, memory, storage and networks can be virtualized. The document discusses the different approaches to virtualization including full virtualization, para-virtualization, and hardware-assisted virtualization. It outlines the benefits of virtualization including maximizing hardware investments and reducing costs. The role of the hypervisor in managing virtual machines is also explained.
Inroduction to Virtualization and Video Playback during a Live Migrated Virtual Machine hosting the server with its time analysis.
OS- Ubuntu
Hypervisor- KVM
This document introduces cloud computing and virtualization. It discusses how virtualization addresses challenges in efficiently provisioning resources for cloud computing. Key features of cloud computing like on-demand services, shared network resources, and pay-as-you-use models are enabled by the flexibility and fine-grained metering provided by virtualization. The document then covers different virtualization techniques like binary translation, paravirtualization, and hardware-assisted virtualization. It also discusses the architecture and benefits of the Xen virtualization system including its use of domains, hypercalls, memory sharing through page tables, and split device drivers.
Disco: Running Commodity Operating Systems on Scalable Multiprocessors DiscoMagnus Backman
Disco: Running Commodity Operating Systems on Scalable Multiprocessors
VMware started as a grad school project out of Stansford university.
Many servers were under utilized so Project Disco was born.
Yes, VMware was originally called Project Disco.
In fact both GOOGLE and Project Disco started out together as grad projects.
The document provides an overview of virtualization, including definitions, types of virtualization, and popular hypervisors. It discusses how virtualization addresses issues with underutilized servers in data centers by consolidating workloads. Full virtualization provides a complete hardware simulation but has challenges virtualizing certain architectures like x86. Paravirtualization modifies the guest OS, while hardware-assisted virtualization uses new CPU features to simplify virtualization. Memory, storage, network, and application virtualization are also summarized.
Virtualization allows multiple virtual machines to run on a single physical machine. It began in IBM mainframes in 1972 and allowed time-sharing of computing resources. Modern virtualization technologies like VMware and Xen create virtual environments that are essentially identical to the original machine for programs to run in. Virtualization provides benefits like consolidation of servers, high availability, disaster recovery and easier management of computing resources. There are different types of virtualization including server, desktop, application, memory and storage virtualization.
This document provides information about virtualization. It discusses the history of virtualization beginning in IBM mainframes in 1972. It then discusses different types of virtualization including server virtualization, desktop virtualization, application virtualization, and others. It also discusses the benefits of virtualization such as consolidation, centralized management, high availability, disaster recovery and increased efficiency.
Virtualization is a framework that divides computer resources into execution environments. It abstracts physical hardware from the operating system to improve resource utilization and flexibility. Virtualization technologies enable multiple operating systems and applications to run simultaneously on a single physical server by simulating virtual machines. While not a new concept dating back to IBM in the 1960s, modern virtualization platforms like VMware vSphere transform hardware resources into fully functional virtual machines running their own operating systems. This improves efficiency, fault tolerance, and simplifies management and provisioning of computer systems.
Virtualization refers to the abstraction of computer resources through software. There are two main types of virtualization: platform virtualization, which involves simulating virtual machines, and resource virtualization, which involves simulating combined or simplified resources. Platform virtualization can be implemented through full virtualization using a hypervisor, paravirtualization which requires guest OS modifications, or operating system-level virtualization which isolates servers running the same OS. Resource virtualization techniques include storage, network, and CPU virtualization. Popular virtualization platforms include VMware, Xen, KVM, and Linux containers.
This document discusses different levels and approaches to virtualization including instruction set architecture level, hardware abstraction level, operating system level, library support level, and user-application level virtualization. It also covers virtualization of CPU, memory, I/O devices, and virtual clusters. Key points include hardware-assisted virtualization using features like VT-x, two-stage memory mapping using EPT, different approaches to I/O virtualization, and live VM migration involving transferring memory and synchronizing state changes.
The document discusses virtualization and provides an overview of key concepts and types of virtualization. It defines virtualization as using software to create virtual versions of hardware resources like servers, storage, and networks. The summary discusses the main types of virtualization covered in the document:
1. Server virtualization allows consolidating multiple physical servers onto one server by virtualizing hardware resources.
2. OS virtualization works at the OS layer, virtualizing a physical server and OS into isolated partitions that function like separate servers.
3. Hardware emulation uses a hypervisor to emulate hardware for guest operating systems, allowing different OS types on one server.
4. Paravirtualization coordinates hardware access without fully emulating
Virtualization involves dividing the resources of a computer into multiple execution environments. It has been used since the 1960s and there are several types including hardware, desktop, and language virtualization. The key components of a virtualization architecture are the hypervisor and guest/host machines. Hypervisors allow multiple operating systems to run on a single system and can be type 1 (runs directly on hardware) or type 2 (runs within an operating system). Virtualization provides benefits but also has limitations related to resource allocation and compatibility that vendors continue working to address.
Virtualization allows multiple operating systems and applications to run on a single host machine. It does this through virtual machines (VMs) which are isolated software containers that act like independent machines. The document discusses virtualization techniques including hardware virtualization using a hypervisor, paravirtualization, containers, and Docker. It covers concepts such as the virtual machine monitor (VMM), guest and host operating systems, and how virtualization improves efficiency and resource utilization.
The document discusses virtual machine systems and how they allow multiple operating systems to run simultaneously on the same hardware. A virtual machine provides an interface identical to the underlying hardware, creating the illusion of multiple processors. This allows different operating systems to run independently in virtual environments without directly sharing resources. Early examples include CP/67 which virtualized an IBM 360/67 computer. Modern virtualization software like VMware replicates hardware resources to support multiple guest operating systems on a single physical machine.
Need for Virtualization – Pros and cons of Virtualization – Types of Virtualization –System VM, Process VM, Virtual Machine monitor – Virtual machine properties - Interpretation and binary translation, HLL VM - supervisors – Xen, KVM, VMware, Virtual Box, Hyper-V.
Virtualization abstracts physical computing resources into virtual resources that can be allocated dynamically. It allows for server consolidation, improved system management, increased application availability, and more efficient use of resources. There are different types of virtualization including server, storage, and network virtualization. Server virtualization uses a virtual machine monitor to run multiple virtual machines on a single physical machine. Storage virtualization presents a logical view of physical storage to improve utilization and manageability. Trap-and-emulate is a common approach for virtualizing the system instruction set architecture by having privileged instructions trap to an emulator.
IBM's System Director VMControl is an advanced software module that allows a single administrator to manage virtual workloads across multiple platforms, including Linux, AIX, Windows, VMware, KVM, Hyper-V, PowerVM, and z/VM. It provides automated provisioning of new workloads, image management capabilities, strong integration with networks, resilience for virtual machines and infrastructure, security features, and efficient software license management. VMControl is positioned as the strongest and most advanced cross-platform virtualization management environment currently on the market.
Virtualization: Force driving cloud computingMayank Aggarwal
Virtualization allows a single physical machine to run multiple virtual machines, making hardware resources available to multiple virtual operating systems. This is done through a hypervisor or virtual machine monitor that allocates physical resources to virtual machines. Virtualization provides benefits like reduced costs, increased hardware utilization, and isolation of environments while sharing resources. The main types of virtualization are execution level (using a hypervisor), operating system level (through time-sharing), programming level (through virtual machines like Java), application level, storage, and network.
Virtualization refers to creating virtual versions of hardware platforms, operating systems, and other resources. It provides abstraction between computing resources and applications. Key terms include virtual machine, guest OS, hypervisor, and virtual machine monitor. Before virtualization, each physical machine ran one OS image, resources were underutilized, and infrastructure was inflexible. Virtualization allows multiple VMs to run on a single physical machine, improving utilization and flexibility. It virtualizes CPU, memory, I/O, networking, and other resources. CPU virtualization uses binary translation, paravirtualization, or hardware assistance. Memory virtualization maps guest physical to machine memory. I/O virtualization routes requests between virtual and physical devices. Popular virtualization
This document provides an overview of virtualization. It defines virtualization as the act of creating virtual versions of computer resources like hardware platforms, operating systems, storage, and networks. The key learning objectives are understanding how different resources like processors, memory, storage and networks can be virtualized. The document discusses the different approaches to virtualization including full virtualization, para-virtualization, and hardware-assisted virtualization. It outlines the benefits of virtualization including maximizing hardware investments and reducing costs. The role of the hypervisor in managing virtual machines is also explained.
Inroduction to Virtualization and Video Playback during a Live Migrated Virtual Machine hosting the server with its time analysis.
OS- Ubuntu
Hypervisor- KVM
This document introduces cloud computing and virtualization. It discusses how virtualization addresses challenges in efficiently provisioning resources for cloud computing. Key features of cloud computing like on-demand services, shared network resources, and pay-as-you-use models are enabled by the flexibility and fine-grained metering provided by virtualization. The document then covers different virtualization techniques like binary translation, paravirtualization, and hardware-assisted virtualization. It also discusses the architecture and benefits of the Xen virtualization system including its use of domains, hypercalls, memory sharing through page tables, and split device drivers.
Gender and Mental Health - Counselling and Family Therapy Applications and In...PsychoTech Services
A proprietary approach developed by bringing together the best of learning theories from Psychology, design principles from the world of visualization, and pedagogical methods from over a decade of training experience, that enables you to: Learn better, faster!
Andreas Schleicher presents PISA 2022 Volume III - Creative Thinking - 18 Jun...EduSkills OECD
Andreas Schleicher, Director of Education and Skills at the OECD presents at the launch of PISA 2022 Volume III - Creative Minds, Creative Schools on 18 June 2024.
🔥🔥🔥🔥🔥🔥🔥🔥🔥
إضغ بين إيديكم من أقوى الملازم التي صممتها
ملزمة تشريح الجهاز الهيكلي (نظري 3)
💀💀💀💀💀💀💀💀💀💀
تتميز هذهِ الملزمة بعِدة مُميزات :
1- مُترجمة ترجمة تُناسب جميع المستويات
2- تحتوي على 78 رسم توضيحي لكل كلمة موجودة بالملزمة (لكل كلمة !!!!)
#فهم_ماكو_درخ
3- دقة الكتابة والصور عالية جداً جداً جداً
4- هُنالك بعض المعلومات تم توضيحها بشكل تفصيلي جداً (تُعتبر لدى الطالب أو الطالبة بإنها معلومات مُبهمة ومع ذلك تم توضيح هذهِ المعلومات المُبهمة بشكل تفصيلي جداً
5- الملزمة تشرح نفسها ب نفسها بس تكلك تعال اقراني
6- تحتوي الملزمة في اول سلايد على خارطة تتضمن جميع تفرُعات معلومات الجهاز الهيكلي المذكورة في هذهِ الملزمة
واخيراً هذهِ الملزمة حلالٌ عليكم وإتمنى منكم إن تدعولي بالخير والصحة والعافية فقط
كل التوفيق زملائي وزميلاتي ، زميلكم محمد الذهبي 💊💊
🔥🔥🔥🔥🔥🔥🔥🔥🔥
Level 3 NCEA - NZ: A Nation In the Making 1872 - 1900 SML.pptHenry Hollis
The History of NZ 1870-1900.
Making of a Nation.
From the NZ Wars to Liberals,
Richard Seddon, George Grey,
Social Laboratory, New Zealand,
Confiscations, Kotahitanga, Kingitanga, Parliament, Suffrage, Repudiation, Economic Change, Agriculture, Gold Mining, Timber, Flax, Sheep, Dairying,
2. Contents
Virtualization.
Layering and virtualization.
Virtual machine monitor.
Virtual machine.
x86 support for virtualization.
Full and paravirtualization.
Xen.
Resources:
Book and,
VMware White paper: “Understanding Full Virtualization, Paravirtualization, and
Hardware Assisted” https://www.vmware.com/techpapers/2007/understanding-full-virtualization-
paravirtualizat-1008.html
2
3. Motivation
Three fundamental abstractions are necessary to describe the operation
of a computing systems:
(1) interpreters/processors, (2) memory, (3) communications links
As the scale of a system and the size of its users grows, it becomes
very challenging to manage its recourses (see three points above)
Resource management issues:
provision for peak demands overprovisioning
heterogeneity of hardware and software
machine failures
Virtualization is a basic enabler of Cloud Computing, it
simplifies the management of physical resources for the three
abstractions
For example, the state of a virtual machine (VM) running under a virtual
machine monitor (VMM) can de saved and migrated to another server to
balance the load
For example, virtualization allows users to operate in environments they are
familiar with, rather than forcing them to specific ones
3
4. Motivation (cont’d)
“Virtualization, in computing, refers to the act of creating a
virtual (rather than actual) version of something,
including but not limited to a virtual computer hardware
platform, operating system (OS), storage device, or computer
network resources.” from Wikipedia
Virtualization abstracts the underlying resources; simplifies
their use; isolates users from one another; and supports
replication which increases the elasticity of a system
4
5. Motivation (cont’d)
Cloud resource virtualization is important for:
Performance isolation
as we can dynamically assign and account for resources across
different applications
System security:
as it allows isolation of services running on the same hardware
Performance and reliability:
as it allows applications to migrate from one platform to another
The development and management of services offered by a provider
5
6. Virtualization
Virtualization simulates the interface to a physical object by:
Multiplexing: creates multiple virtual objects from one instance of a
physical object. Many virtual objects to one physical. Example - a
processor is multiplexed among a number of processes or threads.
Aggregation: creates one virtual object from multiple physical
objects. One virtual object to many physical objects. Example - a
number of physical disks are aggregated into a RAID disk.
Emulation: constructs a virtual object of a certain type from a
different type of a physical object. Example - a physical disk
emulates a Random Access Memory (RAM).
Multiplexing and emulation. Examples - virtual memory with paging
multiplexes real memory and disk; a virtual address emulates a real
address.
6
7. Layering and Virtualization
Layering – a common approach to manage system complexity:
Simplifies the description of the subsystems; each subsystem is abstracted
through its interfaces with the other subsystems
Minimises the interactions among the subsystems of a complex system
With layering we are able to design, implement, and modify the individual
subsystems independently
Layering in a computer system:
Hardware
Software
Operating system
Libraries
Applications
7
8. Layering and Interfaces
8
Hardware
Operating System
ISA
Libraries
ABI
API
System calls
Applications
System ISA User ISA
A1
A2
A3
Application Programming Interface (API), Application Binary Interface (ABI), and
Instruction Set Architecture (ISA). An application uses library functions (A1),
makes system calls (A2), and executes machine instructions (A3) (from book)
9. Interfaces
Instruction Set Architecture (ISA) – at the boundary between
hardware and software.
Application Binary Interface (ABI) – allows the ensemble consisting of
the application and the library modules to access the hardware; the ABI
does not include privileged system instructions, instead it invokes system
calls.
Application Program Interface (API) - defines the set of instructions
the hardware was designed to execute and gives the application access to
the ISA; it includes high-level language (HLL) library calls which often
invoke system calls
9
10. Code portability
Binaries created by a compiler for a specific ISA and a specific operating
systems are not portable
It is possible, though, to compile a HLL program for a virtual machine
(VM) environment where portable code is produced and distributed and
then converted by binary translators to the ISA of the host system
A dynamic binary translation converts blocks of guest instructions
from the portable code to the host instruction and leads to a significant
performance improvement, as such blocks are cached and reused
10
11. HLL Language Translations
11
Compiler front-end
Intermediate
code
HLL code
Compiler
Portable
code
Compiler back-end
Object code
Loader
Memory
image
VM loader
VM compiler/
interpreter
VM image
VM compiler/
interpreter
Memory
image ISA-1
Memory
image ISA-2
12. History of Virtualization
(from “Modern Operating Systems” 4th Edition, p474 by Tanenbaum and Bos)
1960’s, IBM: CP/CMS control program: a virtual machine operating
system for the IBM System/360 Model 67
2000, IBM: z-series with 64-bit virtual address spaces and backward
compatible with the System/360
1974: Popek and Golberg from UCLA published “Formal Requirements
for Virtualizable Third Generation Architectures” where they listed the
conditions a computer architecture should satisfy to support virtualization
efficiently. The popular x86 architecture that originated in the 1970s did
not support these requirements for decades.
1990’s, Stanford researchers, VMware: Researchers developed a
new hypervisor and founded VMware, the biggest virtualization company
of today’s. First virtualization solution was is 1999 for x86.
Today many virtualization solutions: Xen from Cambridge, KVM, Hyper-V,
…
IBM was the first to produce and sell virtualization for the mainframe.
But, VMware popularised virtualization for the masses.
12
13. Virtual Machine Monitor (VMM / Hypervisor)
A virtual machine monitor (VMM/hypervisor) partitions the
resources of computer system into one or more virtual machines
(VMs). Allows several operating systems to run concurrently on a
single hardware platform
A VM is an execution environment that runs an OS
VM – an isolated environment that appears to be a whole computer, but
actually only has access to a portion of the computer resources
A VMM allows:
Multiple services to share
the same platform
Live migration - the movement
of a server from one platform to another
System modification while maintaining
backward compatibility with the original system
Enforces isolation among the systems, thus security
A guest operating system is an OS that runs in a VM under the
control of the VMM.
13
14. VMM Virtualizes the CPU and the Memory
A VMM (also hypervisor) (howto):
Traps the privileged instructions executed by a guest OS and
enforces the correctness and safety of the operation
Traps interrupts and dispatches them to the individual guest
operating systems
Controls the virtual memory management
Maintains a shadow page table for each guest OS and replicates any
modification made by the guest OS in its own shadow page table.
This shadow page table points to the actual page frame and it is
used by the Memory Management Unit (MMU) for dynamic address
translation.
Monitors the system performance and takes corrective actions to
avoid performance degradation. For example, the VMM may swap
out a VM to avoid thrashing.
14
15. Type 1 and 2 Hypervisors
15
Type 1 Hypervisor Type 2 Hypervisor
Taxonomy of VMMs:
1. Type 1 Hypervisor (bare metal, native): supports multiple virtual machines
and runs directly on the hardware (e.g., VMware ESX , Xen, Denali)
2. Type 2 Hypervisor (hosted) VM - runs under a host operating system (e.g.,
user-mode Linux)
17. Performance and Security Isolation
The run-time behavior of an application is affected by other applications
running concurrently on the same platform and competing for CPU
cycles, cache, main memory, disk and network access. Thus, it is
difficult to predict the completion time!
Performance isolation - a critical condition for QoS guarantees in shared
computing environments
A VMM is a much simpler and better specified system than a traditional
operating system. Example - Xen has approximately 60,000 lines of
code; Denali has only about half: 30,000
The security vulnerability of VMMs is considerably reduced as the
systems expose a much smaller number of privileged functions. For
example, Xen VMM has 28 hypercalls while Linux has 100s of system
calls
17
18. Conditions for Efficient Virtualization (from Popek and Goldberg):
Conditions for efficient virtualization (from Popek and Goldberg):
1. A program running under the VMM should exhibit a behavior essentially
identical to that demonstrated when running on an equivalent machine
directly.
2. The VMM should be in complete control of the virtualized resources.
3. A statistically significant fraction of machine instructions must be executed
without the intervention of the VMM. (Why?)
18
19. Dual-Mode Operation (recap)
Dual-mode operation allows OS to protect itself and other
system components
User mode and kernel mode
Mode bit provided by hardware
Ability to distinguish when system is running user or kernel code
Some instructions are privileged, only executable in kernel mode
System call changes mode to kernel, return resets it to user
19
20. User-mode vs Kernel-mode (recap)
Kernel-code (in particular, interrupt handlers) runs in kernel
mode
the hardware allows all machine instructions to be executed and
allows unrestricted access to memory and I/O ports
Everything else runs in user mode
The OS relies very heavily on this hardware-enforced
protection mechanism
20
21. Four layers of privilege execution rings
User applications run in ring 3
OS runs in ring 0
In which ring should the VMM run?
In ring 0, then, same privileges as an OS wrong
In rings 1,2,3, then OS has higher privileges wrong
Move the OS to ring 1 and the VMM in ring 0 OK
Three classes of machine instructions:
1. privileged instructions can be executed
in kernel mode. When attempted to be
executed in user mode, they cause a trap
and so executed in kernel mode.
2. nonprivileged instructions the ones that can be executed in user mode
3. sensitive instructions can be executed in either kernel or user but they
behave differently. Sensitive instructions require special precautions at
execution time.
4. sensitive and nonprivileged instructions are hard to virtualize
Challenges of x86 CPU Virtualization
21
22. Techniques for Virtualizing CPU on x86
1. Full virtualization with binary translation
2. OS-assisted Virtualization or Paravirtualization
3. Hardware assisted virtualization
22
23. Techniques for Virtualizing CPU on x86
Full virtualization – a guest OS can run unchanged under the VMM as if
it was running directly on the hardware platform. Each VM runs an exact
copy of the actual hardware.
Binary translation rewrites parts of the code on the fly to replace sensitive
but not privileged instructions with safe code to emulate the original instruction
“The hypervisor translates all operating system instructions on the fly and
caches the results for future use, while user level instructions run unmodified at
native speed.” (from VMware paper)
Examples: VMware, Microsoft Virtual Server
Advantages:
No hardware assistance,
No modifications of the guest OS
Isolation, Security
Disadvantages:
Speed of execution
23
24. Techniques for Virtualizing CPU on x86
Paravirtualization – “involves modifying the OS kernel to replace non-
virtualizable instructions with hypercalls that communicate directly with the
virtualization layer hypervisor. The hypervisor also provides hypercall
interfaces for other critical kernel operations such as memory
management, interrupt handling and time keeping. “ (from VMware paper)
Advantage: faster execution, lower virtualization overhead
Disadvantage: poor portability
Examples: Xen, Denali
24
25. Full Virtualization and Paravirtualization
25
Guest OS
Hypervisor
Hardware
abstraction
layer
Hardware
Guest OS
Hypervisor
Hardware
abstraction
layer
Hardware
(a) Full virtualization (b) Paravirtualization
26. Techniques for Virtualizing CPU on x86
Hardware Assisted Virtualization – “a new CPU execution mode
feature that allows the VMM to run in a new root mode below ring 0. As
depicted in Figure 7, privileged and sensitive calls are set to
automatically trap to the hypervisor, removing the need for either binary
translation or paravirtualization“ (from VMware paper)
Advantage: even faster execution
Examples: Intel VT-x, Xen 3.x
26
27. VMX root VMX non-root
VM entry
VM exit
Virtual-machine control structure
(a) (b)
host-state
guest-state
VT-x, a Major Architectural Enhancement
In 2005 Intel released two Pentium 4 models supporting VT-x.
VT-x supports two modes of operations (Figure (a)):
1. VMX root - for VMM operations.
2. VMX non-root - support a VM.
And a new data structure called the Virtual Machine Control Structure
including host-state and guest-state areas (Figure (b)).
VM entry - the processor state is loaded from the guest-state of the VM
scheduled to run; then the control is transferred from VMM to the VM.
VM exit - saves the processor state in the guest-state area of the running
VM; then it loads the processor state from the host-state area, finally
transfers control to the VMM.
27
28. Xen - a VMM based on Paravirtualization
The goal of the Cambridge group - design a VMM capable of scaling to
about 100 VMs running standard applications and services without any
modifications to the Application Binary Interface (ABI). (2003, Computing
Laboratory, Cambridge University)
Linux, Minix, NetBSD, FreeBSD and others can operate as
paravirtualized Xen guest OS running on x86, x86-64, Itanium, and ARM
architectures.
Xen domain - ensemble of address spaces hosting a guest OS and
applications running under the guest OS. Runs on a virtual CPU.
Dom0 - dedicated to execution of Xen control functions and
privileged instructions.
DomU - a user domain.
Applications make system calls using hypercalls processed by Xen;
privileged instructions issued by a guest OS are paravirtualized and
must be validated by Xen.
28
29. Xen
29
X86 hardware
Domain0 control
interface
Virtual x86
CPU
Virtual physical
memory
Virtual network
Virtual block
devices
Xen
Management
OS
Xen-aware
device drivers
Application Application Application
Guest OS
Xen-aware
device drivers
Guest OS
Xen-aware
device drivers
Xen-aware
device drivers
Guest OS
Xen-aware
device drivers
30. Dom0 Components
XenStore – a Dom0 process.
Supports a system-wide registry and naming service.
Implemented as a hierarchical key-value storage.
A watch function informs listeners of changes of the key in storage
they have subscribed to.
Communicates with guest VMs via shared memory using Dom0
privileges.
Toolstack - responsible for creating, destroying, and managing the
resources and privileges of VMs.
To create a new VM, a user provides a configuration file describing
memory and CPU allocations and device configurations.
Toolstack parses this file and writes this information in XenStore.
Takes advantage of Dom0 privileges to map guest memory, to load
a kernel and virtual BIOS and to set up initial communication
channels with XenStore and with the virtual console when a new VM
is created. 30
32. Linux Containers
A Linux Container is a Linux process (or processes) that is a virtual
environment with its own process network space. (lightweight process
virtualization)
Containers share portions of the host kernel
Containers use:
Namespaces: per-process isolation of OS resources (filesystem, network and user ids)
Cgroups: resource management and accounting per process
Examples for using containers:
https://www.dotcloud.com/
https://www.heroku.com/
32
opensource.com
33. Xen (old) Implementation on x86 Architecture
Xen runs at privilege Level 0, the guest OS at Level 1, and applications
at Level 3.
The x86 architecture does not support either the tagging of TLB entries
or the software management of the TLB. Thus, address space
switching, when the VMM activates a different OS, requires a complete
TLB flush; this has a negative impact on the performance.
Solution - load Xen in a 64 MB segment at the top of each address
space and delegate the management of hardware page tables to the
guest OS with minimal intervention from Xen. This region is not
accessible or re-mappable by the guest OS.
A guest OS must register with Xen a description table with the
addresses of exception handlers for validation.
33
34. Xen Abstractions for Networking and I/O
Each domain has one or more Virtual Network Interfaces (VIFs) which
support the functionality of a network interface card. A VIF is attached
to a Virtual Firewall-Router (VFR).
Split drivers have a front-end in the DomU and the back-end in Dom0;
the two communicate via a ring in shared memory.
Ring - a circular queue of descriptors allocated by a domain and
accessible within Xen. Descriptors do not contain data, the data buffers
are allocated off-band by the guest OS.
Two rings of buffer descriptors, one for packet sending and one for
packet receiving, are supported.
To transmit a packet:
a guest OS enqueues a buffer descriptor to the send ring,
then Xen copies the descriptor and checks safety,
copies only the packet header, not the payload, and
executes the matching rules.
34
35. Xen I/O
Xen zero-copy semantics
for data transfer using I/O
rings.
(a) The communication
between a guest
domain and the driver
domain over an I/O
and an event channel;
NIC is the Network
Interface Controller.
(b) The circular ring of
buffers.
35
Consumer Request
(private pointer in Xen)
Producer Request
(shared pointer updated
by the guest OS)
Producer Response
(shared pointer updated
by Xen)
Consumer Response
(private pointer maintained by
the guest OS)
Response queue
Request queue
Unused
descriptors
Outstanding
descriptors
Bridge
Driver domain Guest domain
Backend Frontend
XEN
Network
interface
NIC
(a)
(b)
I/O channel
Event channel
36. Xen 2.0
Optimization of:
Virtual interface - takes advantage of the capabilities of some
physical NICs, such as checksum offload.
I/O channel - rather than copying a data buffer holding a packet,
each packet is allocated in a new page and then the physical page
containing the packet is re-mapped into the target domain.
Virtual memory - takes advantage of the superpage and global page
mapping hardware on Pentium and Pentium Pro processors. A
superpage entry covers 1,024 pages of physical memory and the
address translation mechanism maps a set of contiguous pages to a
set of contiguous physical pages. This helps reduce the number of
TLB misses.
36
37. The original architecture The optimised architecture
37
Driver domain Guest domain
Virtual
Interface
Backend
Interface
NIC
Driver
Physical
NIC
Xen VMM
Bridge
(a)
Driver domain Guest domain
High Level
Virtual
Interface
Backend
Interface
NIC
Driver
Physical
NIC
Xen VMM
(b)
I/O
channel
I/O
channel
Offload
Driver
Bridge
Xen Network Architecture
38. A comparison of send and receive data rates for a native Linux system,
the Xen driver domain, an original Xen guest domain, and an optimised
Xen guest domain.
38
Performance Measurements
39. Performance Comparison of Virtual Machines
Compare the performance of Xen and OpenVZwith, a standard
operating system, a plain vanilla Linux.
The questions examined are:
How the performance scales up with the load?
What is the impact of a mix of applications?
What are the implications of the load assignment on individual
servers?
The main conclusions:
The virtualization overhead of Xen is considerably higher than that
of OpenVZ and that this is due primarily to L2-cache misses.
The performance degradation when the workload increases is also
noticeable for Xen.
Hosting multiple tiers of the same application on the same server is
not an optimal solution.
39
40. The Darker Side of Virtualization
In a layered structure, a defense mechanism at some layer can be
disabled by malware running at a layer below it.
It is feasible to insert a rogue VMM, a Virtual-Machine Based Rootkit
(VMBR) between the physical hardware and an operating system.
Rootkit - malware with a privileged access to a system.
The VMBR can enable a separate malicious OS to run surreptitiously
and make this malicious OS invisible to the guest OS and to the
application running under it.
Under the protection of the VMBR, the malicious OS could:
observe the data, the events, or the state of the target system.
run services, such as spam relays or distributed denial-of-service
attacks.
interfere with the application.
40
41. The insertion of a Virtual-Machine Based Rootkit (VMBR) as the lowest
layer of the software stack running on the physical hardware; (a) below
an operating system; (b) below a legitimate virtual machine monitor. The
VMBR enables a malicious OS to run surreptitiously and makes it invisible
to the genuine or the guest OS and to the application.
41
Hardware
Virtual machine based rootkit
Operating
system (OS)
Application
Hardware
Virtual machine monitor
Guest OS
Application
Virtual machine based rootkit
(a) (b)
Malicious
OS
Malicious
OS
The Darker Side of Virtualization (con’t)
42. Summary
Virtualization (Chapter 5, Sections 5.1-5.8)
Layering and virtualization.
Virtual machine monitor.
Virtual machine.
x86 support for virtualization.
Xen.
42
Editor's Notes
Virtual memory
Old days for process accounting
BREAK
sensitive instructions can be executed in either kernel or user but they behave differently. Sensitive instructions require special precautions at execution time.
sensitive and nonprivileged instructions are hard to virtualize
Sensitive instruction discloses or alters state of processor privilege
Sensitive data structure contains information about state of processor privilege