Virtualization Basics: Understanding Techniques and ...

1 Virtualization Basics: Understanding Techniques andFundamentalsHyungro LeeSchool of Informatics and Computing, Indiana University815 E 10th , IN is a fundamental part of cloud computing,especially in delivering Infrastructure as a Service (IaaS).Exploring different Techniques and architectures of the vir-tualization helps us understand the basic knowledge of virtu-alization and the server consolidation in the cloud with x86architecture. This paper describes Virtualization technolo-gies, architectures and optimizations regarding the sharingCPU, memory and I/O devices on x86 virtual machine and Subject [General]: Hardware/software interface; [Performanceof systems]: Performance attributes; [OperatingSystems]: Organization and designGeneral TermsPerformance, DesignKeywordsVirtualization, Virtual machine Monitor, x86, Cloud Com-puting1. INTRODUCTIONBack in 1974, Popek and Goldberg Virtualization require-ments were introduced in the article Formal Requirementsfor Virtualizable Third Generation Architectures [7] and itstill provides guidelines for virtualizing hardware resourcesand terms.

2 Virtualization is now the foundation of cloudcomputing [1] to provide highly scalable and virtualized re-sources. Numerous systems and projects in industry, academiaand communities have adopted a Virtualization technologywith cloud computing services to reduce under-utilized hard-ware resources and achieve efficient use of systems. The Fu-tureGrid project funded a US National Science Foundation(NSF), a Nebula platform launched by NASA, or Kasumi-gaseki Cloud supported by Japanese government is a goodexample of growing involvement in Virtualization technolo-gies with the cloud. Early technologies and developmentsin the Virtualization have been accomplished by some com-panies such as IBM from 1967 and VMware from 1998. Inopen source communities, Xen, KVM, Linux-vServer, LXCand others have supported Virtualization in different plat-forms with different approaches. In this paper, x86 archi-tecture Virtualization will be discussed with these cloud computing, Infrastructure-as-a-Service (IaaS) pro-vides on-demand virtual machine instances with virtualiza-tion technologies.

3 IaaS has been broadly used to provide re-quired compute resources in shared resource Web Services (AWS), Google Compute Engine, Mi-crosoft Windows Azure, and HP Cloud offer commercialcloud services. OpenStack, Eucalyptus, SaltStack, Nimbus,and many others provide private open source cloud plat-forms with community support in development. Since thevirtualization is sharing resources, many concerns have beenraised regarding security, isolation and performance com-pared to native VIRTUALIZATIONV irtualization typically refers to the creation of virtual ma-chine that can virtualize all of the hardware resources, in-cluding processors, memory, storage, and network connectiv-ity [7]. With the Virtualization , physical hardware resourcescan be shared by one or more virtual machines. According tothe requirements from Popek and Goldberg, there are threeaspects to satisfy the Virtualization . First, the virtualizationshould provide an equivalent environment to run a programcompared to a native system.

4 If the program shows a differ-ent behavior under the Virtualization , it may not be eligibleas a virtualized environment. The Virtualization also needsto provide a secured control of virtualized resources. Havinga full control of resources is important to protect data andresources on each virtual environment from any threats orperformance interference in sharing physical resources. Vir-tualization often expects performance degradation due tothe additional tasks for Virtualization , but good performanceshould be achieved with a software or hardware support inhandling privileged instructions. With these requirements,efficient Virtualization is guaranteed. In the following sec-tion, different types of hypervisors are explained with theimplementation level of Virtualization . Virtualized resourceis also presented in cpu, memory and I/O HypervisorTo understand Virtualization , hypervisor should be addressedfirst. Hypervisor enables communication between hardwareand a virtual machine so that the Virtualization accom-plishes with this abstraction layer (hypervisor).

5 Hypervisoris originally called virtual machine monitor (VMM) from[7]. These two terms (Hypervisor and VMM) are typicallytreated as synonyms, but according to the distinction fromAgesen et al [1], a virtual machine monitor (VMM) is asoftware that manages CPU, memory, I/O data transfer,interrupt, and the instruction set on a given virtualized en-vironment. A hypervisor may refer to an operating system(OS) with the VMM. There is a slight distinction betweenhypervisor and VMM but in this paper, we consider theseterms to have identical meanings to represent a software forvirtual machine . Typically, a hypervisor can be divided intoType 1 and Type 2 hypervisor based on the different levelof implementation. Type 1 is sitting on hardware and thecommunication between hardware and virtual machine is di-rect. The host operating system is not required in Type 1hypervisor since it runs directly on a physical machine .

6 Dueto this reason, it is sometimes called a bare metal hyper-visor . VMware vSphere/ESXi, Microsoft Windows Server2012 Hyper-V, Citrix XenServer, Red Hat Enterprise Vir-tualization (RHEV) and open-source Kernel-based VirtualMachine (KVM) are identified in this category. Type 2 hy-pervisor is on the operating system to manage virtual ma-chine easily with the support of hardware configuration fromoperating system. The extra layer between hardware andvirtual machine in the type 2 hypervisor causes inefficiencycompared to the type 1 hypervisor. VirtualBox and VMwareWorkstation are in this category. The terms of Host or Guestmachine (or domain) are used in the hypervisor to describedifferent roles. Host machine (domain) contains a hypervisorto manage virtual machines, and Guest machine (domain)means each virtual machine sitting on a hosted machine ina secure and isolated environment with its own logical do-main. With these separated roles, the hypervisor is able tooffer resource boundaries to multiple virtual machines on thesame physical machine .

7 In other words, the hypervisor is asoftware layer that creates a virtual environment with virtu-alized CPU, memory and I/O (storage and network) devicesby abstracting away the underlying physical hardware. Vir-tual machine (VM) typically refers to an encapsulated entityincluding the operating system and the applications runningin it as x86 privilege levelsx86 architecture has certain restrictions related to resourceaccess such as kernel execution for machine instructions,memory and I/O functions. x86 operating systems can per-form these tasks by running in a most privileged level, al-though user applications do not have access to the different levels of access to hardware resources pro-vide certain protection from software failure. These privilegelevels are also called protection rings since it protects accessto hardware resources with four different layers of privilege levels in x86 architecture with two-level ring 0 and ring 3 can protect memory, I/O ports andcertain machine instructions against accidental damage ofthe system by user programs [9].

8 Ring zero is for kernelexecution and device drivers which is the most privilegedand Ring three is for user mode applications in the leastprivileged layer. Any interrupt from ring 0 cannot transfercontrol to ring 1, 2 or 3. With these protection rings, mem-ory access or I/O data transfer is only doable via the kernelexecution. For example, User application can transfer con-trol to the kernel by making a system call when it opens afile or allocates has to manage these privilege levels to offer vir-tualized resources. Virtualization offers different techniquesfor handling the privilege levels, and the resource sharing canbe achieved with a software, a hardware support, or translation, shadow page tables, and I/O emulationare used as a software-assisted Virtualization . Binary trans-lation runs VMM on ring 0 mode to have the most privilegedlevel but guest operating system runs on Ring 1 to trap OScalls in VMM.

9 This was introduced by VMware to offer bet-ter performance in Virtualization . Shadow page tables areused for mapping guest physical memory to the actual ma-chine memory. The guest OS is not allowed to access tothe hardware page tables so that the hypervisor keeps themappings between the guest memory and the host physicalmemory. Using Shadow page tables consumes system mem-ory but it accelerates the mappings with a one-step lookupwith translation lookaside buffer (TLB) hardware. Emu-lated device is used to deliver requests from guest OS to areal hardware across different platforms even if the deviceis not supported. Hardware-assisted Virtualization uses ahigher privilege level than ring 0 to run VMM at the level, ring -1. With hardware-assisted Virtualization the x86operating system has direct access to resources without bi-nary translation or the x86 architecture, there are several Techniques basedon different approaches for handling privilege rings and emu-lating devices.

10 Full Virtualization , paravirtualization, hardware-assisted Virtualization and operating system-level virtualiza-tion are CPU VIRTUALIZATIONV irtualization in x86 architecture needs to manage virtualmachines (VMs) by the additional layer (hypervisor) be-tween the vms and physical hardware. Virtual machineshave in-direct access to the cpu, memory, and other hard-ware resources through the hypervisor so the privileged in-structions in the guest operating system can be executedwith or without translating and trapping. Full virtualiza-tion, para- Virtualization and hardware-assisted virtualiza-tion are one of the Techniques handling these privileged in-structions in hypervisor. Some other Techniques are alsointroduced in this Full virtualizationFull Virtualization provides Virtualization without modify-ing guest operating system. In x86 architecture, dealingwith privileges instructions is a key factor for virtualizinghardware.