virtual machine technology 71
TRANSCRIPT
-
8/3/2019 Virtual Machine Technology 71
1/45
Virtual Machine Monitors
-
8/3/2019 Virtual Machine Technology 71
2/45
Bibliography
1. Virtual Machine Monitors: Current Technology AndFuture Trends, Mendel Rosenblum and Tal Garfinkel,IEEE Computer, May 2005
2. Xen and the Art of Virtualization, P. Barham, R.
Dragovic, K. Fraser, S. Hand, T. Harris, A Ho, R.Neugebauer, I. Pratt, A. Warfield, SOSP 03.
3. The Definitive Guide to the Xen Hypervisor, DavidChisnall, Prentice Hall, 2008.
4. Scale and Performance in the Denali Isolation
Kernel, Andrew Whitaker, Marianne Shaw, andSteven D. Gribble, in System Design andImplementation (OSDI), Boston, MA, Dec. 2002.
5. Xen Homepage:http://www.cl.cam.ac.uk/research/srg/netos/xen/
-
8/3/2019 Virtual Machine Technology 71
3/45
Outline
Overview
What is a virtual machine?
What is a virtual machine monitor (VMM)? System or application virtual machines
History of Virtual Machines
B
enefits of Virtual Machines Issues and Implementation
-
8/3/2019 Virtual Machine Technology 71
4/45
What is a Virtual Machine?
Several definitions and implementations.
Here, a virtual machine is an isolated
environment that appears to be a wholecomputer, but actually only has access to
a portion of the computers resources.
-
8/3/2019 Virtual Machine Technology 71
5/45
A Formal Definition
The environment in which a hosted
operating system runs, providing the
abstraction of a dedicated machine. Avirtual machine may be identical to the
underlying hardware (full virtualization) or it
may differ slightly (paravirtualization).
www.linuxtopia.org/online_books/linux_virtualization/xen_3.0_user_guide/linux_viruali
zation_xen_user_78.html
-
8/3/2019 Virtual Machine Technology 71
6/45
What is a Virtual Machine Monitor?
A virtual machine monitor (VMM) is a thinsoftware layer that runs directly on the barehardware
It partitions the computers resources into one ormore virtual machines
Each virtual machine appears to be running onthe bare hardware.
End result the appearance of multipleinstances of the same computer, but all aresupported on a single machine.
-
8/3/2019 Virtual Machine Technology 71
7/45
Full Virtualization versus
Paravirtualization Full virtualization: each virtual machine
runs on an exact copy of the underlying
hardware. Paravirtualization: the VMM modifies the
underlying hardware somewhat
Because some aspects of the hardware cant
be virtualized
To present a simpler interface; improve
performance.
-
8/3/2019 Virtual Machine Technology 71
8/45
Virtual machine layer - VMM
Hardware layer
Application
Guest OS1
Application
Guest OS2
Application
Guest OS3
VM1 VM2 VM3
-
8/3/2019 Virtual Machine Technology 71
9/45
Hardware layer
Operating system
VMM
VM1 VM2Sometimes a virtual machine
monitor is installed on an existing
operating machine.
More about this later.
-
8/3/2019 Virtual Machine Technology 71
10/45
VM How They Work
When an application process makes a system
call, it is received by its own OS, running (in user
mode) on its private virtual machine.
When the guest OS tries to execute aprivileged instruction, the virtual machine
software traps the operation and ensures that it
is executed correctly & safely
e.g., when a guest OS appears to execute an I/O
system call, the host VM monitor is actually in
charge.
-
8/3/2019 Virtual Machine Technology 71
11/45
Virtualization versus Emulation
Virtualization presents multiple copies ofthe same hardware system.
Direct execution of code on the hardware
Emulation presents a model of anotherhardware system
Instructions are emulated in software much
slower than virtualization Example: Microsofts VirtualPC can run onother chipsets than the x86 family; used onMac hardware until Apple adopted Intel chips
-
8/3/2019 Virtual Machine Technology 71
12/45
System & Process VMshttp://en.wikipedia.org/wiki/Virtual_machine
System virtual machine (hardware virtual
machine)
Multiplex the underlying hardware
Each VM can run its own OS
Each VM is securely isolated from others
Process or application virtual machine
Runs inside a normal OS
Provides a platform-independent host for an
application
For example, the Java Virtual Machine
-
8/3/2019 Virtual Machine Technology 71
13/45
Virtual Machines Examples
Denali was designed to support Internet services
by providing a platform that allows a large
number of servers to run on a single server
machine. Paravirtualizes x86 architecture to improve
performance and scalability
Isolation kernel: isolates each server in avirtual machine to reduce the danger of sharing
physical resources with untrusted servers.
-
8/3/2019 Virtual Machine Technology 71
14/45
History - Why VMMs?
Early computers were large (mainframes)
and expensive
VMM approach allowed the machine to besafely multiplexed among many different
applications
As an alternative to multiprogramming
-
8/3/2019 Virtual Machine Technology 71
15/45
Virtual Machines - History
Early example: the IBM 370 VM/370 is the virtual machine monitor
As each user logs on, a new virtual machineis created
CMS, a single-user, interactive OS wascommonly run as the OS
Separation of powers:
Virtual machine interacts with userapplications
Virtual machine monitor manages hardwareresources
-
8/3/2019 Virtual Machine Technology 71
16/45
History 1980s & 1990s
As hardware got cheaper and operating
systems became better equipped to
handle multitasking, the original motivation
went away.
Hardware platforms gradually eliminated
hardware support for virtualization.
And then
-
8/3/2019 Virtual Machine Technology 71
17/45
History late 90s to today
Massively parallel processors (MPPs)were developed during the 1990s; theywere hard to program and did not support
existing operating systems Researchers at Stanford used
virtualization to make MPPs look more like
traditional machines Result: VMware Inc. supplier of VMMsfor commodity hardware
-
8/3/2019 Virtual Machine Technology 71
18/45
Rationale for VMMs Today
Today, security and encapsulation are the
most important reasons for using VMMs
VMMs give operating systemsdevelopers another opportunity to develop
functionality no longer practical in todays
complex and ossified operating systems,
where innovation moves at a geologicpace. [1]
-
8/3/2019 Virtual Machine Technology 71
19/45
Example Virtual Machine Systems
VMware: commercial product, derived
from research done at Stanford
Xen: open source, Cambridge University,widely used in research and academia
Denali: University of Washington, focuses
on support for Internet services
-
8/3/2019 Virtual Machine Technology 71
20/45
Reasons for Adopting VMMs
Security and isolation
Ability to support several operating
systems at the same time Ability to experiment with new operating
systems, or modifications of existing
systems, while maintaining backward
compatibility with existing operating
systems.
-
8/3/2019 Virtual Machine Technology 71
21/45
Security and Isolation
Applications running on a virtual machineare more secure than those runningdirectly on hardware machines.
VMM controls how guest operating systemsuse hardware resources; what happens inone VM doesnt affect any other VM: byvirtualizing all hardware resources, a VMM
can prevent one VM from even naming theresources of another VM, let alone modifyingthem. [4]
-
8/3/2019 Virtual Machine Technology 71
22/45
Encapsulation
The software state of a virtual machine isnt
dependent on the underlying hardware.
Rosenblum and Garfinkel [1] point out that this
makes it possible to suspend and resume entirevirtual machines and even move them to other
platforms
For load balancing
For system maintenance
Etc.
-
8/3/2019 Virtual Machine Technology 71
23/45
Servers
Conventionally, servers run on dedicated
machines.
Protects against another server/application
crashing the OS But wasteful of hardware resources
VMM technology makes it possible to
support multiple servers, each running onits own VM, on a single hardware platform.
-
8/3/2019 Virtual Machine Technology 71
24/45
Desirable Qualities
A good VMM
Doesnt require applications to be modified
Doesnt severely affect performance Is not complex/error prone
-
8/3/2019 Virtual Machine Technology 71
25/45
Implementation Issues
Enforce VMM control of hardware by
preventing guest OS from executing
privileged instructions.
Virtualize CPU
Virtualize memory
-
8/3/2019 Virtual Machine Technology 71
26/45
CPU Virtualization
Basic technique: direct execution
The virtual machine executes on the realmachine, but the VMM exercises control over
privileged instructions VMM runs in privileged (kernel) mode.
Guest OS executes all its code, privileged
and unprivileged, in user mode. If the guest OS tries to execute a privilegedinstruction the CPU traps to the VMM whichexecutes the privileged operation.
-
8/3/2019 Virtual Machine Technology 71
27/45
Protection Rings
Intel chips have 3 protection modes:
0: equivalent to kernel mode; can execute all
privileged instructions
1: cannot execute privileged instructions but
highter priority than user level
2: where user processes run
Normally, only rings 0 and 2 are used. Xen runs the guest OS in level 1
-
8/3/2019 Virtual Machine Technology 71
28/45
Example: Disable Interrupts [1]
If a guest OS tries to disable interrupts, the
instruction is trapped by the VMM which
makes a note that interrupts are disabled
for that virtual machine
If interrupts arrive for that machine, they
are buffered at the VMM layer until the
guest OS enables interrupts.
-
8/3/2019 Virtual Machine Technology 71
29/45
Direct Execution Not Always
Possible
Modern CPUs, esp. x86 architectures,
have not been designed for virtualization.
Example: POPF (pop CPU flags fromstack)
If executed in user mode, no trap - just ignore
In this case, direct execution fails Guest OS
assumes flags have been popped, but theyhavent
-
8/3/2019 Virtual Machine Technology 71
30/45
Two Ways to Handle Non-
virtualizable Instructions
Paravitualization
Modify VMM interface to use instructions that
can be virtualized
Xen, Denali
Binary Translation
Monitor execution of kernel code and replace
non-virtualizable instructions with otherinstructions
VMware
-
8/3/2019 Virtual Machine Technology 71
31/45
Paravirtualization
Rewrite portions of the guest OS to delete
this kind of instruction; replace with other
instructions that are virtualizable.
Paravirtualization affects the guest OS, but
not applications that run on it the API is
unchanged
-
8/3/2019 Virtual Machine Technology 71
32/45
Binary Translation
Combines direct execution with on-the-fly
binary translation (a form of emulation).
When the guest OS executes privileged code,
the DBT (dynamic binary translator) replacesnon-virtualizable instructions with equivalent
code.
Paravirtualization changes the source code of aguest OS; binary translation changes the binary
code as it executes.
-
8/3/2019 Virtual Machine Technology 71
33/45
Comparison
Paravirtualization is more efficient, butrequires modification to the guest OS
Paravirtualization also allows more efficient
interfaces, in some cases Binary translation is backward-compatible
but has some extra overhead of run-timetranslation the first time an instruction isencountered.
Once translated, code is saved and usedagain if needed.
-
8/3/2019 Virtual Machine Technology 71
34/45
Techniques Hardware Support
AMD and Intel have added extensions to
support virtualization.
New execution mode (-1)
Allows guest OS to run in execution ring 0 and VMM in
yet a higher privileged mode
Flags to indicate if running in this mode
Will reduce the number of traps and the time toprocess a trap
Will support direct execution of all instructions
-
8/3/2019 Virtual Machine Technology 71
35/45
Memory Virtualization
VMM maintains a shadow page table foreach virtual machine.
When the guest OS makes an entry in its
own page table, the VMM makes the sameentry in the shadow table.
Shadow page table points to actual page
frame The hardware MMU uses the shadow pagetable when it translates virtual addresses.
-
8/3/2019 Virtual Machine Technology 71
36/45
Paging Out the Virtual Machine
The VMM can swap one virtual machine(or parts thereof) to disk and swap inanother.
Reduces the hardware requirements for agiven workload
Particularly useful in environments where
many servers are required, but only a feware used frequently. (Web services, forex.)
-
8/3/2019 Virtual Machine Technology 71
37/45
Challenges
It would make sense to let the virtual
machine operating system decide which of
its pages to swap out
VMwares ESX Server uses the concept of
a balloon process, running inside the
guest OS, as a conduit for pages to be
removed [1].
-
8/3/2019 Virtual Machine Technology 71
38/45
Balloon Process
When the VMM wants to swap out pagesfrom a VM it notifies the balloon process toallocate more memory to itself.
In order to get more memory for theballoon process, the guest OS must pageout unused portions of other processes toits virtual disk.
The VMM now knows which pages theguest OS thinks it can do without.
-
8/3/2019 Virtual Machine Technology 71
39/45
Other Virtual Memory Challenges
VMware tracks duplicate pages in different
virtual machines
To avoid duplication, it only stores one copy
of the actual page with pointers from the
shadow page tables in sharing processes.
Copy-on-write policy
Xen focuses on total isolation of eachvirtual machine, which means no sharing
-
8/3/2019 Virtual Machine Technology 71
40/45
Virtual Machines - Examples
VMware, a publicly held company, has two lines
of products:
Desktop : VMware Workstation can run multiple
different operating systems on a single PC. Runs inbetween the virtual machines and the native (host)
OS.
VMware Fusion (for Mac-Intel platform)
VMware ESX Server, VMware Server run directly onhardware;
-
8/3/2019 Virtual Machine Technology 71
41/45
Hosted versus Non-hosted VMM
Hosted has 3 advantages [1]
VMM is no harder to install than any other
application
The VMM can use the host OS scheduler,
pager, etc. and focus primarily on isolation
I/O support is better: the VMM can use the
device drivers that are designed to work withthe host OS rather than having to provide its
own.
-
8/3/2019 Virtual Machine Technology 71
42/45
Hosted versus Non-hosted VMM
Disadvantage [1]
I/O overhead is greatly increased: requests
go from guest OS to VMM to host OS and
down eventually to the device driver.
Too much for servers
More difficult to provide complete isolation,
so not appropriate for servers from asecurity perspective.
-
8/3/2019 Virtual Machine Technology 71
43/45
Virtual Machines - Examples
Xen is an open-source VM system for PCs
Designed to support execution of Linux,BSD Unix, Windows simultaneously on the
same platform Objective of original project: efficient
hosting of up to 100 virtual machines
XenSource, Inc. provides products basedon Xen and recently entered the servermarket in a big way.
-
8/3/2019 Virtual Machine Technology 71
44/45
Denali
Problem addressed: hosting Internet
services economically
Goal: to allow new services to hosted onthird-party servers.
Requires assurances that one server wont
interfere with another.
Encapsulation of VMM model very important
-
8/3/2019 Virtual Machine Technology 71
45/45
Isolation Kernel
An OS structure for isolating untrustedsoftware services
Based on 4 principles:
Expose low-level resources rather than high-level abstractions
Prevent direct sharing by exposing onlyprivate, virtualized namespaces
Keeps one VM from even naming theresources of another VM, let alone modifyingthem. [4]