Virtual Machine Technology 71

8/3/2019 Virtual Machine Technology 71

1/45

Virtual Machine Monitors


2/45

Bibliography

1. Virtual Machine Monitors: Current Technology AndFuture Trends, Mendel Rosenblum and Tal Garfinkel,IEEE Computer, May 2005

2. Xen and the Art of Virtualization, P. Barham, R.

Dragovic, K. Fraser, S. Hand, T. Harris, A Ho, R.Neugebauer, I. Pratt, A. Warfield, SOSP 03.

3. The Definitive Guide to the Xen Hypervisor, DavidChisnall, Prentice Hall, 2008.

4. Scale and Performance in the Denali Isolation

Kernel, Andrew Whitaker, Marianne Shaw, andSteven D. Gribble, in System Design andImplementation (OSDI), Boston, MA, Dec. 2002.

5. Xen Homepage:http://www.cl.cam.ac.uk/research/srg/netos/xen/


3/45

Outline

Overview

What is a virtual machine?

What is a virtual machine monitor (VMM)? System or application virtual machines

History of Virtual Machines

B

enefits of Virtual Machines Issues and Implementation


4/45

What is a Virtual Machine?

Several definitions and implementations.

Here, a virtual machine is an isolated

environment that appears to be a wholecomputer, but actually only has access to

a portion of the computers resources.


5/45

A Formal Definition

The environment in which a hosted

operating system runs, providing the

abstraction of a dedicated machine. Avirtual machine may be identical to the

underlying hardware (full virtualization) or it

may differ slightly (paravirtualization).

www.linuxtopia.org/online_books/linux_virtualization/xen_3.0_user_guide/linux_viruali

zation_xen_user_78.html


6/45

What is a Virtual Machine Monitor?

A virtual machine monitor (VMM) is a thinsoftware layer that runs directly on the barehardware

It partitions the computers resources into one ormore virtual machines

Each virtual machine appears to be running onthe bare hardware.

End result the appearance of multipleinstances of the same computer, but all aresupported on a single machine.


7/45

Full Virtualization versus

Paravirtualization Full virtualization: each virtual machine

runs on an exact copy of the underlying

hardware. Paravirtualization: the VMM modifies the

underlying hardware somewhat

Because some aspects of the hardware cant

be virtualized

To present a simpler interface; improve

performance.


8/45

Virtual machine layer - VMM

Hardware layer

Application

Guest OS1

Application

Guest OS2

Application

Guest OS3

VM1 VM2 VM3


9/45

Hardware layer

Operating system

VMM

VM1 VM2Sometimes a virtual machine

monitor is installed on an existing

operating machine.

More about this later.


10/45

VM How They Work

When an application process makes a system

call, it is received by its own OS, running (in user

mode) on its private virtual machine.

When the guest OS tries to execute aprivileged instruction, the virtual machine

software traps the operation and ensures that it

is executed correctly & safely

e.g., when a guest OS appears to execute an I/O

system call, the host VM monitor is actually in

charge.


11/45

Virtualization versus Emulation

Virtualization presents multiple copies ofthe same hardware system.

Direct execution of code on the hardware

Emulation presents a model of anotherhardware system

Instructions are emulated in software much

slower than virtualization Example: Microsofts VirtualPC can run onother chipsets than the x86 family; used onMac hardware until Apple adopted Intel chips


12/45

System & Process VMshttp://en.wikipedia.org/wiki/Virtual_machine

System virtual machine (hardware virtual

machine)

Multiplex the underlying hardware

Each VM can run its own OS

Each VM is securely isolated from others

Process or application virtual machine

Runs inside a normal OS

Provides a platform-independent host for an

application

For example, the Java Virtual Machine


13/45

Virtual Machines Examples

Denali was designed to support Internet services

by providing a platform that allows a large

number of servers to run on a single server

machine. Paravirtualizes x86 architecture to improve

performance and scalability

Isolation kernel: isolates each server in avirtual machine to reduce the danger of sharing

physical resources with untrusted servers.


14/45

History - Why VMMs?

Early computers were large (mainframes)

and expensive

VMM approach allowed the machine to besafely multiplexed among many different

applications

As an alternative to multiprogramming


15/45

Virtual Machines - History

Early example: the IBM 370 VM/370 is the virtual machine monitor

As each user logs on, a new virtual machineis created

CMS, a single-user, interactive OS wascommonly run as the OS

Separation of powers:

Virtual machine interacts with userapplications

Virtual machine monitor manages hardwareresources


16/45

History 1980s & 1990s

As hardware got cheaper and operating

systems became better equipped to

handle multitasking, the original motivation

went away.

Hardware platforms gradually eliminated

hardware support for virtualization.

And then


17/45

History late 90s to today

Massively parallel processors (MPPs)were developed during the 1990s; theywere hard to program and did not support

existing operating systems Researchers at Stanford used

virtualization to make MPPs look more like

traditional machines Result: VMware Inc. supplier of VMMsfor commodity hardware


18/45

Rationale for VMMs Today

Today, security and encapsulation are the

most important reasons for using VMMs

VMMs give operating systemsdevelopers another opportunity to develop

functionality no longer practical in todays

complex and ossified operating systems,

where innovation moves at a geologicpace. [1]


19/45

Example Virtual Machine Systems

VMware: commercial product, derived

from research done at Stanford

Xen: open source, Cambridge University,widely used in research and academia

Denali: University of Washington, focuses

on support for Internet services


20/45

Reasons for Adopting VMMs

Security and isolation

Ability to support several operating

systems at the same time Ability to experiment with new operating

systems, or modifications of existing

systems, while maintaining backward

compatibility with existing operating

systems.


21/45

Security and Isolation

Applications running on a virtual machineare more secure than those runningdirectly on hardware machines.

VMM controls how guest operating systemsuse hardware resources; what happens inone VM doesnt affect any other VM: byvirtualizing all hardware resources, a VMM

can prevent one VM from even naming theresources of another VM, let alone modifyingthem. [4]


22/45

Encapsulation

The software state of a virtual machine isnt

dependent on the underlying hardware.

Rosenblum and Garfinkel [1] point out that this

makes it possible to suspend and resume entirevirtual machines and even move them to other

platforms

For load balancing

For system maintenance

Etc.


23/45

Servers

Conventionally, servers run on dedicated

machines.

Protects against another server/application

crashing the OS But wasteful of hardware resources

VMM technology makes it possible to

support multiple servers, each running onits own VM, on a single hardware platform.


24/45

Desirable Qualities

A good VMM

Doesnt require applications to be modified

Doesnt severely affect performance Is not complex/error prone


25/45

Implementation Issues

Enforce VMM control of hardware by

preventing guest OS from executing

privileged instructions.

Virtualize CPU

Virtualize memory


26/45

CPU Virtualization

Basic technique: direct execution

The virtual machine executes on the realmachine, but the VMM exercises control over

privileged instructions VMM runs in privileged (kernel) mode.

Guest OS executes all its code, privileged

and unprivileged, in user mode. If the guest OS tries to execute a privilegedinstruction the CPU traps to the VMM whichexecutes the privileged operation.


27/45

Protection Rings

Intel chips have 3 protection modes:

0: equivalent to kernel mode; can execute all

privileged instructions

1: cannot execute privileged instructions but

highter priority than user level

2: where user processes run

Normally, only rings 0 and 2 are used. Xen runs the guest OS in level 1


28/45

Example: Disable Interrupts [1]

If a guest OS tries to disable interrupts, the

instruction is trapped by the VMM which

makes a note that interrupts are disabled

for that virtual machine

If interrupts arrive for that machine, they

are buffered at the VMM layer until the

guest OS enables interrupts.


29/45

Direct Execution Not Always

Possible

Modern CPUs, esp. x86 architectures,

have not been designed for virtualization.

Example: POPF (pop CPU flags fromstack)

If executed in user mode, no trap - just ignore

In this case, direct execution fails Guest OS

assumes flags have been popped, but theyhavent


30/45

Two Ways to Handle Non-

virtualizable Instructions

Paravitualization

Modify VMM interface to use instructions that

can be virtualized

Xen, Denali

Binary Translation

Monitor execution of kernel code and replace

non-virtualizable instructions with otherinstructions

VMware


31/45

Paravirtualization

Rewrite portions of the guest OS to delete

this kind of instruction; replace with other

instructions that are virtualizable.

Paravirtualization affects the guest OS, but

not applications that run on it the API is

unchanged


32/45

Binary Translation

Combines direct execution with on-the-fly

binary translation (a form of emulation).

When the guest OS executes privileged code,

the DBT (dynamic binary translator) replacesnon-virtualizable instructions with equivalent

code.

Paravirtualization changes the source code of aguest OS; binary translation changes the binary

code as it executes.


33/45

Comparison

Paravirtualization is more efficient, butrequires modification to the guest OS

Paravirtualization also allows more efficient

interfaces, in some cases Binary translation is backward-compatible

but has some extra overhead of run-timetranslation the first time an instruction isencountered.

Once translated, code is saved and usedagain if needed.


34/45

Techniques Hardware Support

AMD and Intel have added extensions to

support virtualization.

New execution mode (-1)

Allows guest OS to run in execution ring 0 and VMM in

yet a higher privileged mode

Flags to indicate if running in this mode

Will reduce the number of traps and the time toprocess a trap

Will support direct execution of all instructions


35/45

Memory Virtualization

VMM maintains a shadow page table foreach virtual machine.

When the guest OS makes an entry in its

own page table, the VMM makes the sameentry in the shadow table.

Shadow page table points to actual page

frame The hardware MMU uses the shadow pagetable when it translates virtual addresses.


36/45

Paging Out the Virtual Machine

The VMM can swap one virtual machine(or parts thereof) to disk and swap inanother.

Reduces the hardware requirements for agiven workload

Particularly useful in environments where

many servers are required, but only a feware used frequently. (Web services, forex.)


37/45

Challenges

It would make sense to let the virtual

machine operating system decide which of

its pages to swap out

VMwares ESX Server uses the concept of

a balloon process, running inside the

guest OS, as a conduit for pages to be

removed [1].


38/45

Balloon Process

When the VMM wants to swap out pagesfrom a VM it notifies the balloon process toallocate more memory to itself.

In order to get more memory for theballoon process, the guest OS must pageout unused portions of other processes toits virtual disk.

The VMM now knows which pages theguest OS thinks it can do without.


39/45

Other Virtual Memory Challenges

VMware tracks duplicate pages in different

virtual machines

To avoid duplication, it only stores one copy

of the actual page with pointers from the

shadow page tables in sharing processes.

Copy-on-write policy

Xen focuses on total isolation of eachvirtual machine, which means no sharing


40/45

Virtual Machines - Examples

VMware, a publicly held company, has two lines

of products:

Desktop : VMware Workstation can run multiple

different operating systems on a single PC. Runs inbetween the virtual machines and the native (host)

OS.

VMware Fusion (for Mac-Intel platform)

VMware ESX Server, VMware Server run directly onhardware;


41/45

Hosted versus Non-hosted VMM

Hosted has 3 advantages [1]

VMM is no harder to install than any other

application

The VMM can use the host OS scheduler,

pager, etc. and focus primarily on isolation

I/O support is better: the VMM can use the

device drivers that are designed to work withthe host OS rather than having to provide its

own.


42/45

Hosted versus Non-hosted VMM

Disadvantage [1]

I/O overhead is greatly increased: requests

go from guest OS to VMM to host OS and

down eventually to the device driver.

Too much for servers

More difficult to provide complete isolation,

so not appropriate for servers from asecurity perspective.


43/45

Virtual Machines - Examples

Xen is an open-source VM system for PCs

Designed to support execution of Linux,BSD Unix, Windows simultaneously on the

same platform Objective of original project: efficient

hosting of up to 100 virtual machines

XenSource, Inc. provides products basedon Xen and recently entered the servermarket in a big way.


44/45

Denali

Problem addressed: hosting Internet

services economically

Goal: to allow new services to hosted onthird-party servers.

Requires assurances that one server wont

interfere with another.

Encapsulation of VMM model very important


45/45

Isolation Kernel

An OS structure for isolating untrustedsoftware services

Based on 4 principles:

Expose low-level resources rather than high-level abstractions

Prevent direct sharing by exposing onlyprivate, virtualized namespaces

Keeps one VM from even naming theresources of another VM, let alone modifyingthem. [4]

Documents

Virtual Machine Technology 71