Virtual Machines

Calum Aldridge

2 Overview
Objective of virtual machines is to abstract the hardware of a single computer into
multiple execution environments.
Illusion that each environment is running on its own individual computer.

3 Overview: Components
Host: The underlying hardware system that runs the virtual machines.
Virtual Machine Manager (hypervisor): Creates and runs virtual machines by
providing an interface identical to the host.
Guest: Software component of a virtual machine i.e. usually an independent instance
of an operating system.

4 Overview: Implementations
Type 0 hypervisors: hardware-based solutions that provide support for virtual
machine creation and management via firmware. Ex: IBM LPARs
Type 1 hypervisors: operating-system-like software built to provide virtualization.
Ex: VMware ESX
Type 2 hypervisors: Applications that run on standard OSes but provide VMM features
to guest OSes. Ex: Parallels, VirtualBox
Emulators: allows applications written for one hardware environment to run on a
very different hardware environment. Ex: CEMU

5 History
Virtual machines first appeared commercially on IBM mainframes in 1972.
Provided by the IBM VM operating system.
One problem with the early VMs involved disk systems. How would one solve many
virtual machines using few disk drives?
Minidisks: Virtual disks where the system allocated as many tracks on the physical
disks as the minidisk needed.

6 History cont.
IBM remained the master of virtualization for many years after its introduction.
A formal definition for virtualization helped establish system requirements and a
target for functionality.
A VMM provides an environment for programs that is essentially identical to the
original machine.
Programs running within that environment show only minor performance decreases..
The VMM is in complete control of system resources.

7 Benefits and Features

The host system is protected from the virtual machines. The virtual machines are
protected from each other.
Potential disadvantage is preventing sharing of resources.
Can suspend or take “snapshots” of a VM. Can later resume from the same point after
making a copy or moving the VM.
Many virtual machines on one workstation allows for developers to quickly test and
port different versions of their programs.

8 Benefits and Features cont.

System consolidation: taking two more separate systems and running them in VMs on
one system.
Optimizes resources and is seen frequently in production data-centers
Templating: one standard virtual machine image used as a source for multiple VMs.
Increasingly helpful among other features for system admins. Managing 100 physical
servers running 20 virtual servers is much easier than dealing with a flat 2,000
servers.
9 Benefits and Features cont.
Live migration: feature that moves a running guest from one physical server to
another without interrupting its operation.
If a server is overloaded or needs maintenance, live migration can free resources
on the source host without disrupting the guest.
Applications could be installed on a specially tuned VM for specifically that
certain application.
More efficient than having multiple applications installed on one host OS.

10 Building Blocks VMs are extremely useful, but difficult to implement.

An exact duplicate of an underlying machine takes a lot of work.
Ability to virtualize depends on the features provided by the CPU.
Virtual CPU (VCPU): VCPU does not execute code but rather represents the state of
the CPU as the guest believes it to be.
When the guest is context-switched onto a CPU by the VMM, information from the VCPU
is used to load the right context.
Akin to how a general-purpose operating system would use the PCB.

11 Implementations: Trap and Emulate

On a typical dual-mode system (user and kernel modes), the guest can execute only
in user mode.
Not safe to allow user-level code to run in kernel mode.
The virtual machine has a virtual user mode and a virtual kernel mode, both of
which run in physical user mode.
Actions that cause a transfer from user mode to kernel mode on a real machine must
also cause a transfer from virtual user mode to virtual kernel mode.

12 Trap and Emulate cont.

When the kernel in the guest attempts to execute a privileged instruction, it
results in an error causing a trap to the VMM in the real machine.
The VMM emulates the action that was attempted by the guest kernel then returns
control to the virtual machine.
This is the trap-and-emulate method.
Most virtualization products use this method to some extent.

13 Trap and Emulate cont.

14 Binary Translation
Some CPUs do not have a clean clear cut separation of privileged and nonprivileged
instructions.
The Intel x86 CPU is unfortunately one of them.
Binary translation:
If the guest VCPU is in user mode, the guest can run its instructions natively on a
physical CPU.
If the guest VCPU is in kernel mode, then the guest believes that it is running in
kernel mode. The VMM examines every instruction the guest executes in virtual
kernel mode by reading the next few instructions that the guest is going to execute
via the guest program counter. Special instructions are translated into a new set
of instructions that perform the equivalent task while normal instructions are run
natively.

15 Binary Translation cont.

16 Nested Page Tables
How can a virtual memory manager keep page-table state both for guests that believe
they are managing the page tables and for the VMM itself?
The answer is nested page tables (NPTs) which are implemented in both trap-and-
emulate as well as binary translation.
Each guest OS maintains one or more page tables to translate from virtual to
physical memory. The VMM maintains NPTs to represent the guest’s page- table state
just like the VCPU.

17 Nested Page Tables cont.

When the guest changes its page table, the change is reflected in the NPT.
When the guest is on the CPU, the VMM puts the pointer to the appropriate NPT into
the appropriate CPU register.
If the guest needs to modify the page table, the operation is intercepted by the
VMM and appropriate changes are made.

18 Hardware Assistance
Without some level of hardware support, virtualization would be impossible.
Intel added new virtualization support in successive generations of the x86 family
and now binary translation is no longer needed.
AMD and Intel have addressed memory management which allows VMMs to not have to
implement software NPTs.
A standard direct-memory-access (DMA) controller accepts a target memory address
and a source I/O device and transfers data between the two without OS action.
Without this hardware assistance, a guest might try to set up a DMA transfer that
affects the VMM or other guests.

19 Types of Virtual Machines: VM Life Cycle

Whenever a virtual machine is created, the creator gives the VMM certain parameters
How many VCPUS, amount of memory, amount of disk space, access to the DVD drive,
etc.
The VMM then creates the VM with these specified parameters. Resources are
dedicated or virtualized, depending on the type.
When the virtual machine is no longer needed, it can be deleted.
The VMs relatively easy life cycle can lead to virtual machine sprawl in which
there are so many virtual machines on a system that their, use, history, and state
become confusing and difficult to track.

20 Types of Virtual Machines: Type 0 Hypervisor

Type 0 hypervisors have existed for many years under many names, including
“partitions” and “domains”.
Type 0s are a hardware feature and very close to raw hardware execution
OSes don’t need to do anything special to take advantage of their features.
The VM is encoded in the firmware and loaded at boot time.
Feature set tends to be smaller than other types.
The hypervisor manages shared access or grants all devices to a control partition.
In the partition, a guest OS provides services via daemons to other guests and the
hypervisor routes I/O requests appropriately.

21 Types of Virtual Machines: Type 0 Hypervisor

22 Types of Virtual Machines: Type 1 Hypervisor
Type 1 hypervisors are commonly found in data centers and increasingly known as
“the data-center OS.”
Run natively on the hardware.
Create, run, and manage guest OSes rather than managing system calls and other
interfaces.
Type 1s run in kernel mode taking advantage of hardware protection.
By using type 1 hypervisors, data-center managers can consolidate more Oses and
applications onto fewer systems.

23 Types of Virtual Machines: Type 1 Hypervisor

Using snapshots and cloning, the system can save the states of guests and duplicate
those states.
The price of this increased manageability is the cost of the VMM, the need to learn
new tools, and the increased complexibility.
24 Types of Virtual Machines: Type 2 Hypervisor
Type 2 hypervisors are application-level VMMs.
Simply another process run and managed by the host.
The host doesn’t even know virtualization is occurring.
Type 2 hypervisors tend to have poorer overall performance than type 0 or 1.
If the VMM is being run by a user without admin privileges, the VMM cannot take
advantage of hardware assistance features.
There’s overhead of running a general-purpose operating system as well as guest
operating systems.
Type 2 hypervisors still have merit as they’re very mobile.

25 Paravirtualization
Paravirtualization presents the guest with a system that is similar but not
identical to the guest’s preferred system.
The guest must be modified to run on the paravirtualized virtual hardware.
This extra work leads to more efficient use of resources and a smaller
virtualization layer.
The Xen VMM implements several techniques to optimize performance of guests as well
as hosts.
Presents clean and simple device abstractions allowing efficient I/O.
Does not implement NPTs. Each guest has its own page tables set to read-only.
A hypercall is made from the guest to the hypervisor VMM when a change is needed.

26 Programming-Environment Virtualization
A programming language is designed to run within a custom-built virtualized
environment.
Java’s virtual machine (JVM) is a particularly notable example with specific
methods for security and memory management.
For Java, programs run within the JVM environment meaning that any system can run a
Java program assuming the presence of a JVM.

27 Types of Virtual Machines: Emulation

Emulation is useful when the host system has one system architecture and the guest
system was built for a different architecture.
Major challenge of emulation is performance.
Instruction-set emulation can run an order of magnitude slower than native
instructions.
Increases lifespan of old programs and allows for exploring old architectures
without having the physical old machine on hand.

28 Operating-System Components: CPU Scheduling

A system with virtualization frequently acts like a multiprocessor system.
The virtualization software presents one or more virtual CPUs to each of the
virtual machines running on the system and schedules the use of physical CPUs among
the machines.
When there are enough CPUs to allocate the requested number to each guest, the VMM
can treat the CPUs as dedicated and schedule only a given guest’s threads on that
guest’s CPUs.
There may not be enough CPUs to go around in other cases which causes
overcommitment in which the guests are configured for more CPUs than exist in the
host.
VMM deals with this by allocating CPU resources proportionally according to the
amount of hardware available.

29 Operating-System Components: Memory Mgmt.

Efficient memory use in general-purpose OSes is one of the major keys to
performance
VMMs typically overcommit memory, so that total memory guests are configured
exceeds amount of memory that physically exists.
Ex: VMware ESX establishes how much real memory each guest should use.
Evaluates max. memory size of each guest.
VMM computes a target real memory allocation for each guest.
Uses three low-level mechanisms to reclaim memory from guests.

30 Memory Management cont.

With nested page tables, the VMM can use this extra level of indirection to
optimize the guest’s use of memory without the guest’s knowledge.
2. The VMM installs in each guest a pseudo-device driver or kernel module that it
controls. Communicates with the VMM and is told to allocate or deallocate memory.
3. Determine if the same page has been loaded more than once. If so, the VMM
reduces the number of copies of the page to one and points the other users of the
page to that copy.

31 Operating System Components: I/O

Hypervisors can be less concerned with exactly representing exactly the underlying
hardware to their guests.
I/O devices may be dedicated to guests or the VMM may have device drivers onto
which it maps guest I/O.
The VMM may also provide idealized device drivers to guests, which allows easy
provision and management of guest I/O.

32 Operating System Components: Storage Mgmt.

There are multiple solutions to dealing with storage management depending on the
type of hypervisor.
Type 0 hypervisors tend to allow root disk partitioning.
Type 1 hypervisors store the guest root disk in one or more files within the file
systems provided by the VMM.
Type 2 hypervisors store the same information within the host operating system’s
file systems.
VMMs provide a mechanism to capture a physical system as it is currently configured
and convert it to a guest that the VMM can manage and run.

33 Operating System Components: Live Migration

One feature not found in general-purpose OSes but found in types 0 and 1
hypervisors is the live migration of a running guest.
The source VMM establishes a connection with the target VMM and confirms that it is
allowed to send a guest.
The target creates a new guest.
The source sends all read-only memory pages.
The sources send all read-write pages.
The source repeats step 4 except with modified pages.
When the duration of 4 and 5 becomes small, the source freezes teh guest and sends
the final VCPU’s state, final dirty pages, and other details. The guest begins
running and the source terminates.

34 Live Migration cont.

35 Summary
Virtualization is a method of providing a guest with a duplicate of a system’s
underlying hardware.
Type 0 virtualization is implemented in the hardware and requires modifications to
the operating system to ensure proper operation.
Type 1 virtualization provides the environment and features needed to create, run,
and destroy guest VMs.
Type 2 virtualization is simply an application that runs on other operating
systems.
Programming-environment virtualization specifies a containing application in which
programs run, and this app provides services to the programs.
Emulation is used when a host system has one architecture and a the guest was
compiled for a different architecture.