Hardware virtualization layer The hardware virtualization layer is created by installing Microsoft Hyper-V on one or more compatible hardware platforms. Hyper-V, Microsoft's entry into the hypervisor market, is a very thin layer that presents a small attack surface. It can do this because Microsoft does not embed drivers. Instead, Hyper-V uses vendor-supplied drivers to manage VM hardware requests.Each VM exists within a partition, starting with the root partition. The root partition must run Windows 2008 Server x64 or Windows 2008 Server Core x64. Subsequent partitions, known as child partitions, usually communicate with the underlying hardware via the root partition. Some calls directly from a child partition to Hyper-V are possible using WinHv (defined below) if the OS running in the partition is “enlightened.” An enlightened OS understands how to behave in a Hyper-V environment. Communication is limited for an unenlightened OS partition, and applications there tend to run much more slowly than those in an enlightened one. Performance issues are generally related to the requirement for emulation software to interface hosted services.The Hyper-V components responsible for managing VM, hypervisor, and hardware communication are the VMBus, VSCs, and VSPs. These and other Hyper-V components are shown in Figure 2.4. PU cy Sd SU a un CT I) Child PartonAdvanced Programmable Interrupt Controller (APIC)}—An APIC allows priority levels to be assigned to interrupt outputs. Hypercalls—Hypercalls are made to Hyper-V to optimize partition calls for service. An enlightened partition may use WinHv or UnixHv to speak directly to the hypervisor instead of routing certain requests through the root partition. Integration Component (IC)—An IC allows child partitions to communicate with other partitions and the hypervisor. Memory Service Routine (MSR) Virtualization Infrastructure Driver (VID)— The VSD provides partition management services, virtual processor management services, and memory management services.VMBus—The VMBus is a channel-based communication mechanism. It enables interpartition communication and device enumeration. It is included in and installed with Hyper-V Integration Services. Virtual Machine Management Service (VMMS)—The VMMS is responsible for managing VM state associated with all child partitions. A separate instance exists for each VM. Virtual Machine Worker Process (VMWP) —The VMWP is a user-mode component of the virtualization stack. It enables VMMSs for the root partition so it can manage VMs in the child partitions. Virtualization Service Client (VSC)—The VSC is a synthetic device instance residing in a child partition. It uses hardware resources provided by VSPs. A VSC and VSP communicate via the VMBus.m Windows Hypervisor Interface Library (WinHv)—The WinHv is a bridge between a hosted operating system's drivers and the hypervisor. It allows drivers to call the hypervisor using standard Windows calling conventions when an enlightened environment is running within the partition. m Windows Management Instrumentation (WM!)—The WMI exposes a set of APIs for managing virtual machines.Hypervisors A fundamental element of hardware virtualization is the hypervisor, or virtual machine manager (VMM). It recreates a hardware environment in which guest operating systems are installed. There are two major types of hypervisor: Type | and Type II (see Figure 3.7).Type | hypervisors run directly on top of the hardware. Therefore, they take the place of the operating systems and interact directly with the ISA interface exposed by the underlying hardware, and they emulate this interface in order to allow the management of guest operating systems. This type of hypervisor is also called a native virtual machine since it runs natively on hardware. Type II hypervisors require the support of an operating system to provide virtualization services. This means that they are programs managed by the operating system, which interact with it through the ABI and emulate the ISA of virtual hardware for guest operating systems. This type of hypervisor is also called a hosted virtual machine since it is hosted within an operating system.3.8. Three main modules, dispatcher, allocator, and interpreter, coordinate their activity in order to emulate the underlying hardware. The dispatcher constitutes the entry point of the monitor and reroutes the instructions issued by the virtual machine instance to one of the two other modules. The allocator is responsible for deciding the system resources to be provided to the VM: whenever a virtual machine tries to execute an instruction that results in changing the machine resources associated with that VM, the allocator is invoked by the dispatcher. The interpreter module consists of interpreter routines. These are executed whenever a virtual machine executes a privileged instruction: a trap is triggered and the corresponding routine is executed.Cs) | { { Instructions (ISA) ™ = Dispatcher Interpreter Routines Virtual Machine ManagerEquivalence. A guest running under the control of a virtual machine manager should exhibit the same behavior as when it is executed directly on the physical host. Resource control. The virtual machine manager should be in complete control of virtualized resources. Efficiency. A statistically dominant fraction of the machine instructions should be executed without intervention from the virtual machine manager.The major factor that determines whether these properties are satisfied is represented by the layout of the ISA of the host running a virtual machine manager. Popek and Goldberg provided a classification of the instruction set and proposed three theorems that define the properties that hardware instructions need to satisfy in order to efficiently support virtualization.