Uploaded byanilanindian
PPT, PDF239 views

Vmm concepts

This document discusses virtualization concepts and provides definitions and background information. It begins with references and sources on virtualization. It then defines virtualization and key terms like virtual machine monitor and guest/host. It covers the origins and principles of virtualization, how virtualization was rediscovered, and discusses various virtualization architectures, interfaces, types of virtual machine monitors, and strategies for virtualizing systems like the IA-32 architecture. It concludes by discussing memory management challenges in virtualization.

Embed presentation

Download to read offline
Virtualization Concepts
CS5204 – Operating Systems Virtualization 2 Concepts  James Smith, Ravi Nair, “The Architectures of Virtual Machines,” IEEE Computer, May 2005, pp. 32-38.  Mendel Rosenblum, Tal Garfinkel, “Virtual Machine Monitors: Current Technology and Future Trends,” IEEE Computer, May 2005, pp. 39-47.  L.H. Seawright, R.A. MacKinnon, “VM/370 – a study of multiplicity and usefulness,” IBM Systems Journal, vol. 18, no. 1, 1979, pp. 4-17.  S.T. King, G.W. Dunlap, P.M. Chen, “Operating System Support for Virtual Machines,” Proceedings of the 2003 USENIX Technical Conference, June 9-14, 2003, San Antonio TX, pp. 71-84.  A. Whitaker, R.S. Cox, M. Shaw, S.D. Gribble, “Rethinking the Design of Virtual Machine Monitors,” IEEE Computer, May 2005, pp. 57-62.  G.J. Popek, and R.P. Goldberg, “Formal requirements for virtualizable third generation architectures,” CACM, vol. 17 no. 7, 1974, pp. 412-421. References and Sources
CS5204 – Operating Systems Virtualization 3 Definitions  Virtualization  A layer mapping its visible interface and resources onto the interface and resources of the underlying layer or system on which it is implemented  Purposes  Abstraction – to simplify the use of the underlying resource (e.g., by removing details of the resource’s structure)  Replication – to create multiple instances of the resource (e.g., to simplify management or allocation)  Isolation – to separate the uses which clients make of the underlying resources (e.g., to improve security)  Virtual Machine Monitor (VMM)  A virtualization system that partitions a single physical “machine” into multiple virtual machines.  Terminology  Host – the machine and/or software on which the VMM is implemented  Guest – the OS which executes under the control of the VMM
CS5204 – Operating Systems Virtualization 4 Origins - Principles  Efficiency  Innocuous instructions should execute directly on the hardware  Resource control  Executed programs may not affect the system resources  Equivalence  The behavior of a program executing under the VMM should be the same as if the program were executed directly on the hardware (except possibly for timing and resource availability) Communications of the ACM, vol 17, no 7, 1974, pp.412-421 “an efficient, isolated duplicate of the real machine”
CS5204 – Operating Systems Virtualization 5 Origins - Principles Instruction types  Privileged an instruction traps in unprivileged (user) mode but not in privileged (supervisor) mode.  Sensitive Control sensitive – attempts to change the memory allocation or privilege mode Behavior sensitive  Location sensitive – execution behavior depends on location in memory  Mode sensitive – execution behavior depends on the privilege mode  Innocuous – an instruction that is not sensitive Theorem For any conventional third generation computer, a virtual machine monitor may be constructed if the set of sensitive instructions for that computer is a subset of the set of privileged instructions. Signficance The IA-32/x86 architecture is not virtualizable.
CS5204 – Operating Systems Virtualization 6 Origins - Technology  Concurrent execution of multiple production operating systems  Testing and development of experimental systems  Adoption of new systems with continued use of legacy systems  Ability to accommodate applications requiring special-purpose OS  Introduced notions of “handshake” and “virtual-equals-real mode” to allow sharing of resource control information with CP  Leveraged ability to co-design hardware, VMM, and guestOS IBM Systems Journal, vol. 18, no. 1, 1979, pp. 4-17.
CS5204 – Operating Systems Virtualization 7 VMMs Rediscovered  Server/workload consolidation (reduces “server sprawl”)  Compatible with evolving multi-core architectures  Simplifies software distributions for complex environments  “Whole system” (workload) migration  Improved data-center management and efficiency  Additional services (workload isolation) added “underneath” the OS  security (intrusion detection, sandboxing,…)  fault-tolerance (checkpointing, roll-back/recovery) VMM VirtualVirtual MachineMachine Guest OS Application VirtualVirtual MachineMachine Guest OS Application VirtualVirtual MachineMachine Guest OS Application Real Machine
CS5204 – Operating Systems Virtualization 8 Architecture & Interfaces  Architecture: formal specification of a system’s interface and the logical behavior of its visible resources. Hardware System ISA User ISA Operating System System Calls Libraries Applications ISA ABI API  API – application binary interface  ABI – application binary interface  ISA – instruction set architecture
CS5204 – Operating Systems Virtualization 9 VMM Types  System  Process  Provides ABI interface  Efficient execution  Can add OS-independent services (e.g., migration, intrustion detection)  Provdes API interface  Easier installation  Leverage OS services (e.g., device drivers)  Execution overhead (possibly mitigated by just-in-time compilation)
CS5204 – Operating Systems Virtualization 10 System-level Design Approaches  Full virtualization (direct execution)  Exact hardware exposed to OS  Efficient execution  OS runs unchanged  Requires a “virtualizable” architecture  Example: VMWare  Paravirtualization  OS modified to execute under VMM  Requires porting OS code  Execution overhead  Necessary for some (popular) architectures (e.g., x86)  Examples: Xen, Denali
CS5204 – Operating Systems Virtualization 11 Design Space (level vs. ISA)  Variety of techniques and approaches available  Critical technology space highlighted API interface ABI interface
CS5204 – Operating Systems Virtualization 12 System VMMs  Structure  Type 1: runs directly on host hardware  Type 2: runs on HostOS  Primary goals  Type 1: High performance  Type 2: Ease of construction/installation/acceptability  Examples  Type 1: VMWare ESX Server, Xen, OS/370  Type 2: User-mode Linux Type 1 Type 2
CS5204 – Operating Systems Virtualization 13 Hosted VMMs  Structure  Hybrid between Type1 and Type2  Core VMM executes directly on hardware  I/O services provided by code running on HostOS  Goals  Improve performance overall  leverages I/O device support on the HostOS  Disadvantages  Incurs overhead on I/O operations  Lacks performance isolation and performance guarantees  Example: VMWare (Workstation)
CS5204 – Operating Systems Virtualization 14 Whole-system VMMs  Challenge: GuestOS ISA differs from HostOS ISA  Requires full emulation of GuestOS and its applications  Example: VirtualPC
CS5204 – Operating Systems Virtualization 15 Strategies  De-privileging  VMM emulates the effect on system/hardware resources of privileged instructions whose execution traps into the VMM  aka trap-and-emulate  Typically achieved by running GuestOS at a lower hardware priority level than the VMM  Problematic on some architectures where privileged instructions do not trap when executed at deprivileged priority  Primary/shadow structures  VMM maintains “shadow” copies of critical structures whose “primary” versions are manipulated by the GuestOS  e.g., page tables  Primary copies needed to insure correct environment visible to GuestOS  Memory traces  Controlling access to memory so that the shadow and primary structure remain coherent  Common strategy: write-protect primary copies so that update operations cause page faults which can be caught, interpreted, and emulated. resource vmm privileged instruction trap GuestOS resource emulate change change
CS5204 – Operating Systems Virtualization 16 Virtualizing the IA-32 (x86) architecture  Architecture has protection rings 0..3 with OS normally in ring 0 and applications in ring 3…  …and VMM must run in ring 0 to maintain its integrity and control  …but GuestOS not running in ring 0 is problematic:  Some privileged instructions execute only in ring 0 but do not fault when executed outside ring 0 (remember privileged vs. sensitive?)  instructions for low latency system calls (SYSENTER/SYSEXIT) always transition to ring 0 forcing the VMM into unwanted emulation or overhead  For the Itanium architecture, interrupt registers only accessible in ring 0; forcing VMM to intercept each device driver access to these registers has severe performance consequences  Masking interrupts can only be done in ring 0  Ring compression: paging does not distinguish privilege levels 0-2, GuestOS must run in ring 3 but is then not protected from its applications also running in ring 3  Cannot be used for 64-bit guests on IA-32  The fact that it is not running in ring 0 can be detected (is this important?)
CS5204 – Operating Systems Virtualization 17 Memory Management  Isolation/protection of Guest OS address spaces  Efficient MM address translation VMM machine VMM GuestOS “shadow” page tables page tables process virtual OS physical entity address space

More Related Content

PPTX
cloud basics.
byMercy joy
 
PDF
Security challenges for adoption of virtualization for effective e governance
byAdam Bert Lacay
 
PDF
Intel vmcs-shadowing-paper
byAhmed Sallam
 
PDF
Security in a Virtualised Environment
byPeter Wood
 
PDF
Aqualogic monitoring system datasheet
byChenna Keshavulu
 
PDF
IBM SmartCloud Desktop Infrastructure: VMware View on IBM Flex System
byIBM India Smarter Computing
 
PDF
IRJET-Virtualization Technique for Effective Resource Utilization and Dedicat...
byIRJET Journal
 
PDF
Virtualization
bybkwesi12345
 
cloud basics.
byMercy joy
 
Security challenges for adoption of virtualization for effective e governance
byAdam Bert Lacay
 
Intel vmcs-shadowing-paper
byAhmed Sallam
 
Security in a Virtualised Environment
byPeter Wood
 
Aqualogic monitoring system datasheet
byChenna Keshavulu
 
IBM SmartCloud Desktop Infrastructure: VMware View on IBM Flex System
byIBM India Smarter Computing
 
IRJET-Virtualization Technique for Effective Resource Utilization and Dedicat...
byIRJET Journal
 
Virtualization
bybkwesi12345
 

Similar to Vmm concepts

PPTX
virtualization.pptx
byssuser6e6eec
 
PDF
virtualization (1).pdf bbbbbbbnnnnnjnjjjjj
bygirisaksham3
 
PDF
IaaS - Virtualization_Cambridge.pdf
byDharavathRamesh2
 
PPTX
Disco: Running Commodity Operating Systems on Scalable Multiprocessors Disco
byMagnus Backman
 
PDF
Cloud Computing Virtualization and containers
bySelvaraj Kesavan
 
PDF
virtual-machine-150316004018-conversion-gate01.pdf
byKowsalyaJayakumar2
 
PPTX
virtualization concepts and details in cloud computing
byMuhammadFawadKhan22
 
PDF
Virtualization.pdf
byaimarcarillo
 
PPTX
Virtual machine
byIGZ Software house
 
PPTX
CC CLOUD RESOURCE VIRTUALIZATION PPT TO REFER
by2021ismadhuprasadrna
 
PPT
Unit II.ppt
byHARISHK762704
 
PPTX
Session 6(Virtual Machine) in operating system
bynaac2krmu
 
PPT
VIRTUAL MACHINE VERSATILE PLATFORM01~chapter 1 (1).ppt
bynagarajans87
 
PPTX
eve of Virtualization and virtualization support .pptx
byVenkateshperadka2
 
PPTX
KIIT_Cloud_scaling and Virtualization.pptx
bybhaskarkumar0125
 
PPT
While technology and algorithms are an important part of computer science, th...
byKishan Kaushik
 
DOCX
Hardware Support for Efficient VirtualizationJohn Fisher-O
bysimisterchristen
 
PPT
Usenix Invited Talk
bywebhostingguy
 
PPT
Virtualization Training
byArcadian Learning
 
PPT
PPT
bybutest
 
virtualization.pptx
byssuser6e6eec
 
virtualization (1).pdf bbbbbbbnnnnnjnjjjjj
bygirisaksham3
 
IaaS - Virtualization_Cambridge.pdf
byDharavathRamesh2
 
Disco: Running Commodity Operating Systems on Scalable Multiprocessors Disco
byMagnus Backman
 
Cloud Computing Virtualization and containers
bySelvaraj Kesavan
 
virtual-machine-150316004018-conversion-gate01.pdf
byKowsalyaJayakumar2
 
virtualization concepts and details in cloud computing
byMuhammadFawadKhan22
 
Virtualization.pdf
byaimarcarillo
 
Virtual machine
byIGZ Software house
 
CC CLOUD RESOURCE VIRTUALIZATION PPT TO REFER
by2021ismadhuprasadrna
 
Unit II.ppt
byHARISHK762704
 
Session 6(Virtual Machine) in operating system
bynaac2krmu
 
VIRTUAL MACHINE VERSATILE PLATFORM01~chapter 1 (1).ppt
bynagarajans87
 
eve of Virtualization and virtualization support .pptx
byVenkateshperadka2
 
KIIT_Cloud_scaling and Virtualization.pptx
bybhaskarkumar0125
 
While technology and algorithms are an important part of computer science, th...
byKishan Kaushik
 
Hardware Support for Efficient VirtualizationJohn Fisher-O
bysimisterchristen
 
Usenix Invited Talk
bywebhostingguy
 
Virtualization Training
byArcadian Learning
 
PPT
bybutest
 

Recently uploaded

PDF
Techbrains Baku 2025 by GoUP - all speaker session
byHusseinMalikMammadli
 
PDF
MAD (1).pdf Mobile application develipment
byprathiT1
 
PPTX
Cyber Security Overview-breif note .pptx
byxbitindiacom
 
PPTX
Why 2026 Could Be a Turning Point for Decentralized Exchanges.pptx
bycalliemorgan193
 
PDF
Xemelgo - RFID Industry Predictions for 2026
byRich Rogers
 
PPTX
Salesforce Spring 26 Release Key .pptx
byMehediHasan939830
 
PDF
Top 10 API Automation Testing Tools: Features, Pros & Cons
byhenrycavill30521
 
PDF
How Azure DevOps Consultants Dubai Reduce Release Delays.pdf
byLogicEra
 
PPTX
Search Engine Responses to Conspiratorial Search Practices AANZCA 2025 Presen...
bykkasianenko
 
PDF
Benefits of Using the IAC 500 Sensor for Ambient Conditions
byCS Instruments
 
PPTX
Large Language Model. LLM Audit Artificial Intelligence
byMANASCHOUDHARY22
 
PPTX
Cybersecurity Basics: Understanding Threats, Protection Methods, and Safe Dig...
byDhruvManiar3
 
PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
PDF
IAC 500 Sensor - Humidity Measurement Device
byCS Instruments
 
PDF
“Lessons from Yesterday's Tomorrowland” by Scott M. Graffius
byScott M. Graffius
 
PPTX
AI Bot Traffic Surge: Retail Fraud Threat for Age-Restricted Websites
byFTx Identity
 
PDF
Digital Marketing Trends in 2026: AI, Data, Content & Future Growth
byConacent Consulting
 
DOCX
Top Websites To ⭐Buy ⭐Old ⭐Gmail ⭐Accounts (PVA & Bulk) (5).docx
byBuy Old Gmail Accounts
 
PPTX
Document Reconstruction using AI & Deep Learning
bysonjuktaweb
 
PPTX
UNIT III TYPOLOGY OF CRIME AND CRIMINAL BEHAVIOUR (1).pptx
bybloodyhumanoid
 
Techbrains Baku 2025 by GoUP - all speaker session
byHusseinMalikMammadli
 
MAD (1).pdf Mobile application develipment
byprathiT1
 
Cyber Security Overview-breif note .pptx
byxbitindiacom
 
Why 2026 Could Be a Turning Point for Decentralized Exchanges.pptx
bycalliemorgan193
 
Xemelgo - RFID Industry Predictions for 2026
byRich Rogers
 
Salesforce Spring 26 Release Key .pptx
byMehediHasan939830
 
Top 10 API Automation Testing Tools: Features, Pros & Cons
byhenrycavill30521
 
How Azure DevOps Consultants Dubai Reduce Release Delays.pdf
byLogicEra
 
Search Engine Responses to Conspiratorial Search Practices AANZCA 2025 Presen...
bykkasianenko
 
Benefits of Using the IAC 500 Sensor for Ambient Conditions
byCS Instruments
 
Large Language Model. LLM Audit Artificial Intelligence
byMANASCHOUDHARY22
 
Cybersecurity Basics: Understanding Threats, Protection Methods, and Safe Dig...
byDhruvManiar3
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
IAC 500 Sensor - Humidity Measurement Device
byCS Instruments
 
“Lessons from Yesterday's Tomorrowland” by Scott M. Graffius
byScott M. Graffius
 
AI Bot Traffic Surge: Retail Fraud Threat for Age-Restricted Websites
byFTx Identity
 
Digital Marketing Trends in 2026: AI, Data, Content & Future Growth
byConacent Consulting
 
Top Websites To ⭐Buy ⭐Old ⭐Gmail ⭐Accounts (PVA & Bulk) (5).docx
byBuy Old Gmail Accounts
 
Document Reconstruction using AI & Deep Learning
bysonjuktaweb
 
UNIT III TYPOLOGY OF CRIME AND CRIMINAL BEHAVIOUR (1).pptx
bybloodyhumanoid
 

Vmm concepts

  • 1.
  • 2.
    CS5204 – Operating Systems Virtualization 2 Concepts James Smith, Ravi Nair, “The Architectures of Virtual Machines,” IEEE Computer, May 2005, pp. 32-38.  Mendel Rosenblum, Tal Garfinkel, “Virtual Machine Monitors: Current Technology and Future Trends,” IEEE Computer, May 2005, pp. 39-47.  L.H. Seawright, R.A. MacKinnon, “VM/370 – a study of multiplicity and usefulness,” IBM Systems Journal, vol. 18, no. 1, 1979, pp. 4-17.  S.T. King, G.W. Dunlap, P.M. Chen, “Operating System Support for Virtual Machines,” Proceedings of the 2003 USENIX Technical Conference, June 9-14, 2003, San Antonio TX, pp. 71-84.  A. Whitaker, R.S. Cox, M. Shaw, S.D. Gribble, “Rethinking the Design of Virtual Machine Monitors,” IEEE Computer, May 2005, pp. 57-62.  G.J. Popek, and R.P. Goldberg, “Formal requirements for virtualizable third generation architectures,” CACM, vol. 17 no. 7, 1974, pp. 412-421. References and Sources
  • 3.
    CS5204 – Operating Systems Virtualization 3 Definitions Virtualization  A layer mapping its visible interface and resources onto the interface and resources of the underlying layer or system on which it is implemented  Purposes  Abstraction – to simplify the use of the underlying resource (e.g., by removing details of the resource’s structure)  Replication – to create multiple instances of the resource (e.g., to simplify management or allocation)  Isolation – to separate the uses which clients make of the underlying resources (e.g., to improve security)  Virtual Machine Monitor (VMM)  A virtualization system that partitions a single physical “machine” into multiple virtual machines.  Terminology  Host – the machine and/or software on which the VMM is implemented  Guest – the OS which executes under the control of the VMM
  • 4.
    CS5204 – Operating Systems Virtualization 4 Origins- Principles  Efficiency  Innocuous instructions should execute directly on the hardware  Resource control  Executed programs may not affect the system resources  Equivalence  The behavior of a program executing under the VMM should be the same as if the program were executed directly on the hardware (except possibly for timing and resource availability) Communications of the ACM, vol 17, no 7, 1974, pp.412-421 “an efficient, isolated duplicate of the real machine”
  • 5.
    CS5204 – Operating Systems Virtualization 5 Origins- Principles Instruction types  Privileged an instruction traps in unprivileged (user) mode but not in privileged (supervisor) mode.  Sensitive Control sensitive – attempts to change the memory allocation or privilege mode Behavior sensitive  Location sensitive – execution behavior depends on location in memory  Mode sensitive – execution behavior depends on the privilege mode  Innocuous – an instruction that is not sensitive Theorem For any conventional third generation computer, a virtual machine monitor may be constructed if the set of sensitive instructions for that computer is a subset of the set of privileged instructions. Signficance The IA-32/x86 architecture is not virtualizable.
  • 6.
    CS5204 – Operating Systems Virtualization 6 Origins- Technology  Concurrent execution of multiple production operating systems  Testing and development of experimental systems  Adoption of new systems with continued use of legacy systems  Ability to accommodate applications requiring special-purpose OS  Introduced notions of “handshake” and “virtual-equals-real mode” to allow sharing of resource control information with CP  Leveraged ability to co-design hardware, VMM, and guestOS IBM Systems Journal, vol. 18, no. 1, 1979, pp. 4-17.
  • 7.
    CS5204 – Operating Systems Virtualization 7 VMMsRediscovered  Server/workload consolidation (reduces “server sprawl”)  Compatible with evolving multi-core architectures  Simplifies software distributions for complex environments  “Whole system” (workload) migration  Improved data-center management and efficiency  Additional services (workload isolation) added “underneath” the OS  security (intrusion detection, sandboxing,…)  fault-tolerance (checkpointing, roll-back/recovery) VMM VirtualVirtual MachineMachine Guest OS Application VirtualVirtual MachineMachine Guest OS Application VirtualVirtual MachineMachine Guest OS Application Real Machine
  • 8.
    CS5204 – Operating Systems Virtualization 8 Architecture& Interfaces  Architecture: formal specification of a system’s interface and the logical behavior of its visible resources. Hardware System ISA User ISA Operating System System Calls Libraries Applications ISA ABI API  API – application binary interface  ABI – application binary interface  ISA – instruction set architecture
  • 9.
    CS5204 – Operating Systems Virtualization 9 VMMTypes  System  Process  Provides ABI interface  Efficient execution  Can add OS-independent services (e.g., migration, intrustion detection)  Provdes API interface  Easier installation  Leverage OS services (e.g., device drivers)  Execution overhead (possibly mitigated by just-in-time compilation)
  • 10.
    CS5204 – Operating Systems Virtualization 10 System-levelDesign Approaches  Full virtualization (direct execution)  Exact hardware exposed to OS  Efficient execution  OS runs unchanged  Requires a “virtualizable” architecture  Example: VMWare  Paravirtualization  OS modified to execute under VMM  Requires porting OS code  Execution overhead  Necessary for some (popular) architectures (e.g., x86)  Examples: Xen, Denali
  • 11.
    CS5204 – Operating Systems Virtualization 11 DesignSpace (level vs. ISA)  Variety of techniques and approaches available  Critical technology space highlighted API interface ABI interface
  • 12.
    CS5204 – Operating Systems Virtualization 12 SystemVMMs  Structure  Type 1: runs directly on host hardware  Type 2: runs on HostOS  Primary goals  Type 1: High performance  Type 2: Ease of construction/installation/acceptability  Examples  Type 1: VMWare ESX Server, Xen, OS/370  Type 2: User-mode Linux Type 1 Type 2
  • 13.
    CS5204 – Operating Systems Virtualization 13 HostedVMMs  Structure  Hybrid between Type1 and Type2  Core VMM executes directly on hardware  I/O services provided by code running on HostOS  Goals  Improve performance overall  leverages I/O device support on the HostOS  Disadvantages  Incurs overhead on I/O operations  Lacks performance isolation and performance guarantees  Example: VMWare (Workstation)
  • 14.
    CS5204 – Operating Systems Virtualization 14 Whole-systemVMMs  Challenge: GuestOS ISA differs from HostOS ISA  Requires full emulation of GuestOS and its applications  Example: VirtualPC
  • 15.
    CS5204 – Operating Systems Virtualization 15 Strategies De-privileging  VMM emulates the effect on system/hardware resources of privileged instructions whose execution traps into the VMM  aka trap-and-emulate  Typically achieved by running GuestOS at a lower hardware priority level than the VMM  Problematic on some architectures where privileged instructions do not trap when executed at deprivileged priority  Primary/shadow structures  VMM maintains “shadow” copies of critical structures whose “primary” versions are manipulated by the GuestOS  e.g., page tables  Primary copies needed to insure correct environment visible to GuestOS  Memory traces  Controlling access to memory so that the shadow and primary structure remain coherent  Common strategy: write-protect primary copies so that update operations cause page faults which can be caught, interpreted, and emulated. resource vmm privileged instruction trap GuestOS resource emulate change change
  • 16.
    CS5204 – Operating Systems Virtualization 16 Virtualizingthe IA-32 (x86) architecture  Architecture has protection rings 0..3 with OS normally in ring 0 and applications in ring 3…  …and VMM must run in ring 0 to maintain its integrity and control  …but GuestOS not running in ring 0 is problematic:  Some privileged instructions execute only in ring 0 but do not fault when executed outside ring 0 (remember privileged vs. sensitive?)  instructions for low latency system calls (SYSENTER/SYSEXIT) always transition to ring 0 forcing the VMM into unwanted emulation or overhead  For the Itanium architecture, interrupt registers only accessible in ring 0; forcing VMM to intercept each device driver access to these registers has severe performance consequences  Masking interrupts can only be done in ring 0  Ring compression: paging does not distinguish privilege levels 0-2, GuestOS must run in ring 3 but is then not protected from its applications also running in ring 3  Cannot be used for 64-bit guests on IA-32  The fact that it is not running in ring 0 can be detected (is this important?)
  • 17.
    CS5204 – Operating Systems Virtualization 17 MemoryManagement  Isolation/protection of Guest OS address spaces  Efficient MM address translation VMM machine VMM GuestOS “shadow” page tables page tables process virtual OS physical entity address space