Cloud Computing

Dr. M. Varaprasad Rao

[email protected]
Today’s Session…
• IaaS (Infrastructure-as-a-Service)

12-Oct-14 2
 Infrastructure as a service (IaaS)
• In the most basic cloud-service model & according to the IETF (Internet
Engineering Task Force), providers of IaaS offer computers – physical or (more
often) virtual machines – and other resources. (A hypervisor, such as Xen, Oracle
VirtualBox, KVM, VMware ESX/ESXi, or Hyper-V runs the virtual machines as
guests. Pools of hypervisors within the cloud operational support-system can
support large numbers of virtual machines and the ability to scale services up
and down according to customers' varying requirements.)
• IaaS clouds often offer additional resources such as a virtual-machine disk image
library, raw block storage, and file or object storage, firewalls, load balancers, IP
addresses, virtual local area networks (VLANs), and software bundles.
• IaaS-cloud providers supply these resources on-demand from their large pools
installed in data centers. For wide-area connectivity, customers can use either
the Internet or carrier clouds (dedicated virtual private networks).

12-Oct-14 3
• To deploy their applications, cloud users install operating-system
images and their application software on the cloud infrastructure.

• In this model, the cloud user patches and maintains the operating
systems and the application software.

• Cloud providers typically bill IaaS services on a utility computing basis:

cost reflects the amount of resources allocated and consumed.

12-Oct-14 4
12-Oct-14 5
12-Oct-14 6
Hypervisor
• A Hypervisor or Virtual Machine Monitor (VMM) is a piece of
computer software, firmware or hardware that creates and runs
virtual machines.

• A computer on which a hypervisor is running one or more virtual

machines is defined as a host machine. Each virtual machine is called a
guest machine.

• The hypervisor presents the guest operating systems with a virtual

operating platform and manages the execution of the guest operating
systems. Multiple instances of a variety of operating systems may
share the virtualized hardware resources.
12-Oct-14 7
Classification

12-Oct-14 8
• Type 1 (or native, bare metal) hypervisors run directly on the host's
hardware to control the hardware and to manage guest operating systems.
A guest operating-system thus runs on another level above the hypervisor.

• This model represents the classic implementation of virtual-machine

architectures; IBM developed the original hypervisors as bare-metal tools
in the 1960s: the test tool SIMMON, and CP/CMS. CP/CMS was the
ancestor of IBM's z/VM. Modern equivalents include Oracle VM Server for
SPARC, Oracle VM Server for x86, the Citrix XenServer, VMware ESX/ESXi
and Microsoft Hyper-V 2008/2012.

• Type 2 (or hosted) hypervisors run within a conventional operating-system

environment. With the hypervisor layer as a distinct second software level,
guest operating-systems run at the third level above the hardware.
VMware Workstation and VirtualBox exemplify Type 2 hypervisors.
12-Oct-14 9
• The classification of specific hypervisor implementations as Type 1 or
Type 2 is not always clear cut. For example, Kernel-based Virtual
Machine (KVM) and bhyve are implemented as a kernel module for
Linux and FreeBSD respectively which, when loaded, allows its host
operating system to act as a bare-metal (i.e., Type 1) hypervisor.

• However, as Linux distributions and FreeBSD are operating systems in

their own right, one can regard KVM and bhyve as Type 2 hypervisors.

• LynuxWorks proposed a Type 0 (Zero) Hypervisor to differentiate

specific hypervisor implementations. However, no consensus as to the
validity of this term ensued.[

12-Oct-14 10

Hosted
Specialized
Examples:
Basilisk II, bhyve, Bochs,
DOSBox, DOSEMU, L4Linux,
Mac-on-Linux, Mac-on-Mac,
SheepShaver, Windows on
Windows, Virtual DOS
machine, Win4Lin
12-Oct-14
Hypervisor
Management
Tools Native
Examples:
Independent Ganeti
Examples:
Adeos, CP/CMS, Hyper-V,
oVirt KVM, Red Hat Enterprise
Virtual Machine Manager Virtualization, LDoms / Oracle
VM Server for SPARC,
Examples: LynxSecure, SIMMON,
Cgroups, lmctfy, Linux-Vserver, VMware ESX/ESXi, Vmware,
LXC,Docker,OpenVZ, vSphere, vCloud, Xen,
Virtuozzo,FreeBSD jail, XenClient, XtratuM, z/VM
Microsoft Virtual Server,
Parallels Workstation,
Parallels Desktop for Mac,
Parallels Server for Mac,
PearPC, QEMU, Solaris Containers,
VirtualBox, Virtual Iron,
VMware Fusion,VMware Player,
VMware Server, VMware
Workstation,
Windows Virtual PC, Workload
Partitions 11
Desktop virtualization
• Citrix XenApp
• Citrix XenDesktop
• iCore Virtual Accounts
• Remote Desktop Services
• VMware Horizon View

12-Oct-14 12
Application virtualization
• Ceedo
• Citrix XenApp
• Dalvik
• InstallFree
• Microsoft App-V
• Remote Desktop Services
• Spoon
• Symantec Workspace Virtualization
• VMware ThinApp
12-Oct-14 13
Security implications
• The use of hypervisor technology by malware and rootkits installing themselves as a
hypervisor below the operating system can make them more difficult to detect
because the malware could intercept any operations of the operating system (such as
someone entering a password) without the anti-malware software necessarily
detecting it (since the malware runs below the entire operating system).

• Implementation of the concept has allegedly occurred in the SubVirt laboratory

rootkit (developed jointly by Microsoft and University of Michigan researchers) as
well as in the Blue Pill malware package. However, such assertions have been
disputed by others who claim that it would be possible to detect the presence of a
hypervisor-based rootkit.

• In 2009, researchers from Microsoft and North Carolina State University

demonstrated a hypervisor-layer anti-rootkit called Hooksafe that can provide generic
protection against kernel-mode rootkits.
12-Oct-14 14
Ex: VirtualBox
• Oracle VM VirtualBox (formerly Sun VirtualBox, Sun xVM VirtualBox and
innotek VirtualBox) is a virtualization software package for x86 and
AMD64/Intel64-based computers from Oracle Corporation as part of its family
of virtualization products. It was created by innotek GmbH, purchased in 2008
by Sun Microsystems, and now developed by Oracle.

• It is installed on an existing host operating system as an application; this host

application allows additional guest operating systems, each known as a Guest
OS, to be loaded and run, each with its own virtual environment.

• Supported host operating systems include Linux, Mac OS X, Windows XP,

Windows Vista, Windows 7, Windows 8, Solaris, and OpenSolaris; there are
also ports to FreeBSD and Genode.
12-Oct-14 15
• Supported guest operating systems include versions and derivations of Windows,
Linux, BSD, OS/2, Solaris, Haiku and others. Since release 3.2.0, VirtualBox also
allows limited virtualization of Mac OS X guests on Apple hardware, though
OSX86 can also be installed using VirtualBox.

• Since version 4.3, Windows guests on supported hardware can take advantage of
the recently implemented WDDM driver included in the guest additions; this
allows Windows Aero to be enabled along with Direct3D support.

• Guest Additions should be installed in order to achieve the best possible

experience. The Guest Additions are designed to be installed inside a virtual
machine after the guest operating system has been installed. They consist of
device drivers and system applications that optimize the guest operating system
for better performance and usability.
12-Oct-14 16
History
• VirtualBox was initially offered by innotek GmbH under a proprietary software license, making one
version of the product available at no cost for personal or evaluation use, subject to the VirtualBox
Personal Use and Evaluation License (PUEL).

• In January 2007, based on counsel by LiSoG, innotek GmbH released VirtualBox Open Source
Edition (OSE) as free and open-source software, subject to the requirements of the GNU General
Public License (GPL), version 2.

• innotek GmbH also contributed to the development of OS/2 and Linux support in virtualization and
OS/2 ports of products from Connectix which were later acquired by Microsoft. Specifically, innotek
developed the “additions” code in both Microsoft Virtual PC and Microsoft Virtual Server, which
enables various host-guest OS interactions like shared clipboards or dynamic viewport resizing.

• Sun Microsystems acquired innotek in February 2008.

• Oracle Corporation acquired Sun in January 2010 and re-branded the product as "Oracle VM
VirtualBox"
12-Oct-14 17
Emulated environment
Running Ubuntu Live CD under VirtualBox on Ubuntu
• Users of VirtualBox can load multiple guest OSs under a single host
operating-system (host OS). Each guest can be started, paused and
stopped independently within its own virtual machine (VM).
• The user can independently configure each VM and run it under a
choice of software-based virtualization or hardware assisted
virtualization if the underlying host hardware supports this.
• The host OS and guest OSs and applications can communicate with
each other through a number of mechanisms including a common
clipboard and a virtualized network facility.
• Guest VMs can also directly communicate with each other if
configured to do so.
12-Oct-14 18
• Software-based virtualization

• In the absence of hardware-assisted virtualization, VirtualBox adopts a standard software-based

virtualization approach. This mode supports 32-bit guest OSs which run in rings 0 and 3 of the Intel ring
architecture.

• The system reconfigures the guest OS code, which would normally run in ring 0, to execute in ring 1 on
the host hardware. Because this code contains many privileged instructions which cannot run natively in
ring 1, VirtualBox employs a Code Scanning and Analysis Manager (CSAM) to scan the ring 0 code
recursively before its first execution to identify problematic instructions and then calls the Patch Manager
(PATM) to perform in-situ patching. This replaces the instruction with a jump to a VM-safe equivalent
compiled code fragment in hypervisor memory.
• The guest user-mode code, running in ring 3, generally runs directly on the host hardware in ring 3.

• In both cases, VirtualBox uses CSAM and PATM to inspect and patch the offending instructions whenever
a fault occurs. VirtualBox also contains a dynamic recompiler, based on QEMU to recompile any real mode
or protected mode code entirely (e.g. BIOS code, a DOS guest, or any operating system startup).

• Using these techniques, VirtualBox can achieve a performance comparable to that of VMware

12-Oct-14 19
• Hardware-assisted virtualization

• VirtualBox supports both Intel's VT-x and AMD's AMD-V hardware-

virtualization. Making use of these facilities, VirtualBox can run
each guest VM in its own separate address-space; the guest OS
ring 0 code runs on the host at ring 0 in VMX non-root mode
rather than in ring 1.

• VirtualBox supports some guests (including 64-bit guests, SMP

guests and certain proprietary OSs) only on hosts with hardware-
assisted virtualization.

12-Oct-14 20
• Device virtualization

• The system emulates hard disks in one of three disk image formats:

• A VirtualBox-specific container format, called "Virtual Disk Image" (VDI), storing

files (with a .vdi suffix) on the host operating system
• VMware Virtual Machine Disk Format (VMDK)
• Microsoft Virtual PC VHD format

• A VirtualBox virtual machine can, therefore, use disks previously created in

VMware or Microsoft Virtual PC, as well as its own native format.
• VirtualBox can also connect to iSCSI targets and to raw partitions on the
host, using either as virtual hard disks.
• VirtualBox emulates IDE (PIIX4 and ICH6 controllers), SCSI, SATA (ICH8M
controller) and SAS controllers to which hard drives can be attached.
12-Oct-14 21
• For an Ethernet network adapter, VirtualBox virtualizes these Network
Interface Cards:

• AMD PCnet PCI II (Am79C970A)

• AMD PCnet-Fast III (Am79C973)
• Intel Pro/1000 MT Desktop (82540EM)
• Intel Pro/1000 MT Server (82545EM)
• Intel Pro/1000 T Server (82543GC)

12-Oct-14 22
Feature set
• 64-bit guests (hardware virtualization support is required)
• Snapshots
• Seamless mode - the ability to run virtualized applications side by side with your normal desktop
applications
• Shared clipboard
• Shared folders
• Special drivers and utilities to facilitate switching between systems
• Command line interaction (in addition to the GUI)
• Public API (Java, Python, SOAP, XPCOM) to control VM configuration and execution[35]
• Nested paging for AMD-V and Intel VT (only for processors supporting SLAT and with SLAT enabled)
• Limited support for 3D graphics acceleration (including OpenGL up to (but not including) 3.0 and
Direct3D 9.0c via Wine's Direct3D to OpenGL translation)
• SMP support (up to 32 virtual CPUs per virtual machine), since version 3.0
• Teleportation (aka Live Migration)
• 2D video output acceleration (not to be mistaken with video decoding acceleration), since version
12-Oct-14 23
3.1
• Storage emulation features
• NCQ support for SATA, SCSI and SAS raw disks and partitions
• Pass-through mode for solid-state drives
• Pass-through mode for CD/DVD/BD disks - allows to play audio CDs, burn optical
disks, play encrypted DVD disks
• Can disable host OS I/O cache
• Allows to limit IO bandwidth
• PATA, SATA, SCSI, SAS, iSCSI, floppy disk controllers

• Storage support
• Raw hard disk access – allows physical hard disk partitions on the host system to appear in
the guest system
• VMware Virtual Machine Disk (VMDK) format support – allows VirtualBox to exchange disk
images with VMware
• Microsoft VHD support
• QEMU qed and qcow disks
• HDD format disks (only version 2; version 3 and 4 are not supported) used by Parallels
12-Oct-14virtualization products 24
• Limitations
• VirtualBox doesn't support USB3.
• VirtualBox has a very low transfer rate from and to USB devices.
• Even though VirtualBox is an open source product some of its
features are supplied only in a binary form under a commercial
license (see The extension pack below).

12-Oct-14 25
 Thank you

12-Oct-14 26