Lecture15-16.1 Virtualisation Professor. Sinnott
Director, eResearch University of Melbourne
Virtualisation Motivation
Copyright By Assignmentchef assignmentchef
What happens in a VM?
Historical perspective
Requirements for virtualisatio Virtualisation approaches
Memory management
Live migration
Motivation
Server Consolidation
Increased utilisation
Reduced energy consumption
Personal virtual machines can be created
No hardware purchase needed Public cloud computing
Security/Isolation
Share a single machine with multiple users
Hardware independence Relocate to different hardware
Terminology
VirtualMachineMonitor/Hypervisor: The virtualisation layer between the underlying hardware (e.g. the physical server) and the virtual machines and guest operating systems it supports.
The environment of the VM should appear to be the same as the physical machine
Minor decrease in performance only
Appears as though in control of system resources
VirtualMachine:Arepresentationofa real machine using hardware/software that can host a guest operating system
GuestOperatingSystem:Anoperating system that runs in a virtual machine environment that would otherwise run directly on a separate physical system
VMM/Hypervisor
Recap on Kernel-User mode separation
User Space
Process 1 Process 2
Context switch Context switch
Kernel Space
Operating System Kernel
Processes run in lower privileged (user) mode
OS Kernel runs in privileged Kernel mode
OS typically virtualises memory, CPU, disk etc giving appearance of complete access to CPU/memory/disk to application processes
Each process has illusion of access to some/all of the memory or the CPU (but actually shared across multiple processes)
Context switches can catch (trap) sensitive calls
e.g. add two numbers vs change bios settings;
Sensitive calls -> instruction sets are typically device specific, e.g. ARM vs x86 vs
What Happens in a VM?
VMM/Hypervisor
Gives perception of a whole machine
Host Network Device
Virtual Network Device
Image file on disk (vmdk, vhd, qcow2 etc)
Virtual Disk
Host hard drive
VHD (Virtual Hard Disk represents a virtual hard disk drive (HDD). May contain what is found on a physical hard disk, such as disk partitions and a file system, which in turn can contain files and folders.
VMDK (Virtual Machine Disk) describes containers for virtual hard disk drives to be used in virtual machines like VMware.
qcow2 (QEMU Copy On Write) file format for disk image files used by
QEMU. It uses a disk storage optimization strategy that delays allocation of storage until it is actually needed.
Guest OS apps think they write to hard disk but translated to virtualised host hard drive by VMM
Which one is determined by image that is launched
Historical Perspective
Virtualisation concept goes back to 1960s
IBM System/370
System/370 featured hardware support for interpretive execution
Formal requirements laid down by Popek and Goldberg (1974)
Why then?
Mainframes needed ability to run multiple kinds of applications
Hardware was very expensive back in the day
Origins Principles
an efficient, isolated duplicate of the real machine Properties of interest
Fidelity:SoftwareontheVMM executes behaviour identical to that demonstrated when running on the machine directly, barring timing effects
Performance:Anoverwhelming majority of guest instructions executed by hardware without VMM intervention
Safety:TheVMMmanagesall hardware resources
Communications of the ACM, vol 17, no 7, 1974, pp.412-421
Classification of Instructions
Privileged Instructions: instructions that trap if the processor is in user mode and do not trap in kernel mode
Sensitive Instructions: instructions whose behaviour depends on the mode or configuration of the hardware
Different behaviours depending on whether in user or kernel mode
e.g. POPF interrupt (for interrupt flag handling)
Innocuous Instructions: instructions that are neither privileged nor sensitive
Read data, add numbers etc
Origins Principles
Theorem (Popek and Goldberg)
For any conventional third generation computer, a virtual machine
monitor may be constructed if the set of sensitive instructions for
that computer is a subset of the set of privileged instructions i.e. have to be trappable
Example of Privilege Rings
Ring 0: Typically hardware interactions
Ring 1: Typically device drivers
Specific gates between Rings (not ad hoc)
Allows to ensure for example that spyware
cant turn on web cam or recording device etc
Significance
The IA-32/x86 architecture was not originally virtualisable
x86 Virtualisability
x86 architecture was historically not
virtualisable, due to sensitive instructions that
could not be trapped, e.g. instructions such as: SMSW storing machine status word
SGDT, SLDT store global/local descriptor table register POPF interrupt flag (user/kernel mode)
Robin and Irvine, Analysis of an Intel Pentiums Ability to Support a Secure Virtual Machine Monitor, Usenix, 2000
Intel and AMD introduced extensions to make x86 virtualisable
AMD SVM (Secure Virtual Machine) Intel VT (Virtualisation Technology)
These are very similar, but use slightly different machine instructions
Typical Virtualisation Strategy
Trap and Emulate!
VMM emulates the effect on system/hardware resources of privileged instructions whose execution traps into the VMM
aka trap-and-emulate
Typically achieved by running GuestOS at a lower hardware priority level than the VMM
Problematic on some architectures where privileged instructions do not trap when executed at de-privileged level
VMM needs to support:
De-privileging
privileged instruction
emulate change change
Primary/shadow structures
VMM maintains shadow copies of critical structures whose primary versions are manipulated by the GuestOS, e.g. memory page tables
Primary copies needed to ensure correct versions are visible to GuestOS
Memory traces
Controlling access to memory so that the shadow and primary structure remain coherent
Common strategy: write-protect primary copies so that update operations that might cause page faults can be caught, interpreted, and addressed
Someones app/code doesnt crash the server you
are using!!!
Major VMM and Hypervisor Providers
VMM Provider
VM Architecture
VMWare Workstation
x86, x86- 64
x86, x86-64
Windows, Linux
Windows, Linux, Solaris, FreeBSD, OS/2
Full Virtualization
VMWare ESX Server
x86, x86- 64
x86, x86-64
No Host OS
Same as VMWare workstation
Baremetal hypervisor
x86, x86- 64, IA-64
x86, x86- 64, IA-64
NetBSD, Linux, Solaris
Windows, Linux, Solaris, FreeBSD, OS/2, NetBSD
Para- virtualisation
Linux, Windows, FreeBSD, Solaris
Hardware virtualisation
Aspects of VMMs
Full virtualisation allow an unmodified guest OS to run in isolation by simulating full hardware (e.g. VMWare)
Guest OS has no idea it is not on physical machine vs
Para-virtualisation VMM/Hypervisor exposes special interface to guest OS for better performance. Requires a modified/hypervisor- aware Guest OS (e.g. Xen)
Can optimise systems to use this interface since not all instructions need to be trapped/dealt with
Full Virtualisation
Advantages
Guest is unaware it is executing within a VM Guest OS need not be modified
No hardware or OS assistance required
Can run legacy OS
Direct execution of code
Disadvantages
can be less efficient
User/kernel split typically
VMM run Ring 0
Apps run in Ring 3
Virtualisation (Guest OS) uses extra rings; VMM traps privileged instructions and translates to hardware specific instructions
Ring 3 Ring 2
Ring 1 Ring 0
Binary translation of OS privileged
Host Hardware
Para-Virtualisation
Advantages
Lower virtualisation overheads, so better performance, e.g. Xen
Disadvantages
Need to modify guest OS Cant run arbitrary OS!
Less portable
Less compatibility
Ring 3 Ring 2
Ring 1 Ring 0
Direct execution of code
Calls to virtualisation layer replace non-virtualisable instructions
Paravirtualised Guest
Host Hardware
Aspects of VMMs (contd)
Hardware-assisted virtualisation Hardware provides architectural support for running a Hypervisor (e.g. KVM)
New processors typically have this
Requires that all sensitive instructions trappable
Binary Translation Trap and execute occurs by scanning guest instruction stream and replacing sensitive instructions with emulated code (e.g. VMWare)
Dont need hardware support, but can be much harder to achieve
Rarely ever 1:1 mapping between instruction sets
Hardware-assisted virtualisation
Advantages
Good performance
Easier to implement
Advanced implementation supports hardware assisted DMA, memory virtualisation,
Disadvantages
Needs hardware support
Ring 3 Ring 2
Ring 1 Ring 0
Direct execution of code
Calls to virtualisation layer replace non-virtualisable instructions
-1 supported
Page tables, virtual memory mgt, direct memory access for high-speed reads etc
Host Hardware
Binary Translation
Advantages
Guest OS need not be modified
No hardware or OS assistance required
Can run legacy OS
Disadvantages
Overheads
Complicated
Need to replace instructions on-the- fly
Library support to help this, e.g. vCUDA
Ring 3 Ring 2
Ring 1 Ring 0
Direct execution of code
Binary translation of OS privileged
Host Hardware
Aspects of VMMs (contd)
Bare Metal Hypervisor VMM runs directly on actual hardware (e.g. VMWare ESX Server)
Boots up and runs on actual physical machine VMM has to support device drivers, all HW mgt
Hosted Virtualisation VMM runs on top of another operating system (E.g. VMWare Workstation,)
Operating System Level Virtualisation
Lightweight VMs (containers)
Instead of whole-system virtualisation, the
OS creates mini-containers
A subset of the OS is often good enough for many use cases
Cant use for running Windows on Linux etc, but often not needed!
Akin to an advanced version of chroot
operation that changes apparent root directory for current running process and subprocesses. Program run in such a modified environment cannot access files and commands outside that environmental directory tree.
Examples:
LXC, Docker, OpenVZ, FreeBSD Jails etc
Operating System Level Virtualisation
Advantages
Lightweight
Many more VMs on same hardware
Can be used to package applications and all OS dependencies into container
Disadvantages
Can only run apps designed for the same OS Cannot host a different guest OS
Can only use native file systems
Uses same resources as other containers
Memory Virtualisation
Conventionally page tables store the logical page number -> physical page number mappings
Seems like more memory than actually have
What happens in a VM?
Shadow Page Tables
VMM machine
OS physical
VMM maintains shadow page tables in lock-step with the page tables
Adds additional management overhead
Hardwareperforms guest -> physical and physical -> machine translation
process virtual
Shadow Page Table Entry
shadow page tables
page tables
Live Migration from Virtualisation Perspective
Source: Clark et al, Live migration of virtual machines, NSDI 2005
Clark et al. Live migration of virtual machines, NSDI 2005.
Effects of Live Migration
Source: Clark et al, Live migration of virtual machines, NSDI 2005
References
Hwang, Dongarra & Fox, 2011. Distributed and Cloud Computing, 1st Edition. Elsevier.
&. 2005. Virtual machine monitors: Current technology and future trends, in IEEE Computer.
Clark et al, 2005. Live migration of virtual machines. In Proceedings of the 2nd ACM/USENIX Symposium on Networked Systems Design and Implementation (NSDI). pp. 273-286
K. Adams, O. Agesen, 2006. A Comparison of Software and Hardware Techniques for x86 Virtualization, ASPLOS 2006
CS: assignmentchef QQ: 1823890830 Email: [email protected]
Reviews
There are no reviews yet.