COMP7940

Cloud Computing

Chapter 05

Virtualization

Reading: Hwang et al. Chap 1.2.4 and

Chap 3
Virtual Machines and
Virtualization
• A virtual machine (VM) is an emulation of a particular
computer system, or a software abstraction of a physical
machine.
• Virtualization is the technology that can host multiple
isolated virtual machines in the same hardware
machine.
Application Application Application

Three VMs: Guest OS 1 Guest OS 2 Guest OS 3

Virtualized CPU, Virtualized CPU, Virtualized CPU,
RAM, Storage RAM, Storage RAM, Storage

Virtualization Layer (Hypervisor or VMM)

Hardware (CPU, RAM, Storage) (and host OS*)

2
*Sometimes there is no host OS, and hypervisor manages the hardware.
Why Virtualization?
• The problems of running multiple (critical)
applications within the same OS:
—It’s difficult to dedicate resources to different
applications (e.g., how to assign 1 CPU core and 1G
RAM to App1, 2 CPU cores and 4G RAM to App2, …?).
—An application may affect other applications in terms
of performance and security

Isolation offers protection!

3
Why Virtualization? (Cont.)
• Higher resource utilization
• Better management Web File Email
Server Server Server
• Easier backup
• More reliable Web
Server
File
Server
Email
Server
• More secure Backup Backup Backup

• Save more space Server Consolidation

• Save more energy
VM1 VM1
• … VM2 VM2

VM3 VM3

Main server Backup server

4
Use case for virtual machines
1. Multiple users want to share the computation resource
over a single machine, and each one will use a given
budget
— cloud services like Amazon EC2 or Azure Virtual Machines
2. To protect the host OS and other applications
— Sandbox in Windows
3. Allow different OS to run at the same time to support
different applications
— WSL2 in Windows, Wine on Mac
4. Easy to deploy
— Docker, JVM

5
Case Study: Amazon AWS EC2
• Virtualization plays an important role in AWS for
making cloud virtual machine EC2.
• A brief introduction video from AWS Academy.

6
Hypervisor or VMM
• In a virtualized computer, many operating systems
(called guest OSs) can run on the same hardware,
independent of the host OS.
— The virtual machines should be isolated.
— The host OS manages hardware resources and the guest
OSs. Sometimes the hypervisor takes the duty of host OS.

• A virtualization layer (known as hypervisor or

virtual machine monitor (VMM)) sits between
guest OSs and host OS.
— It virtualizes the physical hardware of a host machine into
virtual resources to be used by VMs.

7
Hypervisor

8
Hypervisor
• Inserted between hardware and operating
systems.
—Responsible for allocating hardware resources for
programs;
—To disallow a program to access any resource not
explicitly allocated to it;
—To regain control of resources which is already
allocated under certain circumstances;

9
Examples of Hypervisors
• XEN
• VirtualBox
• Hyper-V
• VMware ESX
• KVM
• Docker

10
11
VM Architectures

12
Five Levels of Virtualization
Implementation
• Virtualization can be
implemented at different
levels
— Instruction set architecture
(ISA) level: to emulate a
given ISA by the ISA of the
host machine.
— Hardware level: it generates
a virtual hardware
environment for a VM.
— Operating system level
— Library support level
— Application (or process)
level: application isolation
or sandboxing

13
INSTRUCTION SET
ARCHITECTURE LEVEL

14
Instruction Set Architecture
Level
• Support the emulation of different CPU
• E.g. Running Android Apps (in ARM
architecture) over a Windows machine (in x64
architecture) with the help of ISA emulation.
App

ARM hypervisor x64

Instruction Instruction
Set on Set on host
guest OS Code machine
Interpretation
15
Concepts for Instruction Set
Architecture Level
• Instruction set
— The hardware on the physical server in cloud computing has its own
instruction set that it will process.
— Hence, these instructions act as an interface between hardware and
software. Therefore, by the instruction set, hardware immediately
assigns its services to its upper layers.
• Emulator
— The emulator serves as an interpreter, and the fundamental role of this
is to set communication between the virtualization and hardware layers
in cloud computing.
• Mapping of the instruction
— Instructions that the emulator gets for the resources from the virtual
machine can get mapped to the hardware instruction presented in the
host machine.
— Therefore, after the processing emulator got the result back from the
host machine, it sent services to the user with the help of the virtual
machine. 16
HARDWARE LEVEL

17
Hardware Abstraction
• Generates a virtual hardware environment for a
VM
—CPU Virtualization
—Memory Virtualization
—GPU Virtualization
—I/O Virtualization

Img: the Matrix 18

Full Virtualization
• No need to modify the host OS.
• Noncritical instructions (not control hardware or
threaten the security of the system) from guest OSs
can run on the hardware directly.
• Binary translation is used to trap and virtualize
the execution of sensitive, privileged, and critical
instructions from guest OSs.
— This is to make sure any guest OS is not able to affect
other guest OSs through privileged instructions.
— The VMM emulates the behavior of these instructions.
— Binary translation is rather time-consuming.
• So in general, the performance of full virtualization
is relatively low: 80-97% of the one with the same
hardware but without virtualization.
19
Para-virtualization
• To overcome the performance issue of full
virtualization, para-virtualization technique is
developed.

• It modifies the guest operating systems to

replace non-virtualizable instructions with
hypercalls for the hypervisor to carry out the
virtualization process.

• Examples: Xen, KVM, VMware ESX

20
Protect Rings

21
Comparing Full/Para
Virtualization
Full Virtualization Para Virtualization

22
Hardware-assisted
Virtualization
• Hardware-assisted Virtualization improve over
Full and Para virtualization

• Hardware-assisted CPU virtualization: all

privileged and sensitive instructions are trapped
in the hypervisor automatically without
modifying the guest OSs.
—Intel’s VT-x and AMD’s AMD-v

23
CPU Virtualization

24
Memory Virtualization
• Hardware-assisted memory virtualization: in
virtualized environment, there is a two-stage
memory mapping: from virtual memory to
physical memory to machine memory.
—Intel uses “Extended Page Table” technique to
improve the performance of memory address
translation.
—AMD uses “Nested Page Tables” or “Rapid
Virtualization Indexing” to address the issue.

25
Memory Virtualization

26
VT-x in BIOS

Img from: https://www.tonymacx86.com/

27
OPERATING SYSTEM
LEVEL

28
OS-level Virtualization
• OS-level virtualization inserts a virtualization layer
inside an operating system to partition a machine’s
physical resources.
• Create isolated containers on the OS instances to
utilize the hardware and software in data centers.
• Multiple isolated VMs are isolated in the single
operating system kernel.
— The VMs are also known as Virtual Execution Environment
(VE), Virtual Private System (VPS), or Container.

• Examples: Linux vServer, OpenVZ, Docker

29
 Architecture: Container vs VM

30
img: Microsoft.com
 Virtual machine
Isolation Provides complete isolation from the host operating system
and other VMs. This is useful when a strong security
boundary is critical, such as hosting apps from competing
companies on the same server or cluster.
Operating system Runs a complete operating system including the kernel, thus
requiring more system resources (CPU, memory, and
storage).
Guest compatibility Runs just about any operating system inside the virtual
machine
Deployment Deploy individual VMs by using Windows Admin Center or
Hyper-V Manager; deploy multiple VMs by using PowerShell
or System Center Virtual Machine Manager.
Operating system Download and install operating system updates on each VM.
updates and upgrades Installing a new operating system version requires upgrading
or often just creating an entirely new VM. This can be time-
consuming, especially if you have a lot of VMs...
Persistent storage Use a virtual hard disk (VHD) for local storage for a single
VM, or an SMB file share for storage shared by multiple
servers
Load balancing Virtual machine load balancing moves running VMs to other
servers in a failover cluster.
Fault tolerance VMs can fail over to another server in a cluster, with the VM's If a cluster node fails, any containers running on it are rapidly recreated
operating system restarting on the new server.
Networking Uses virtual network adapters.
Ref:Microsoft.com
Container
Typically provides lightweight isolation from the host and other
containers, but doesn't provide as strong a security boundary as a VM.
Runs the user mode portion of an operating system, and can be tailored
to contain just the needed services for your app, using fewer system
resources.
Runs on the same operating system version as the host (Hyper-V
isolation enables you to run earlier versions of the same OS in a
lightweight VM environment)
Deploy individual containers by using Docker via command line; deploy
multiple containers by using an orchestrator such as Azure Kubernetes
Service.
1.Updating or upgrading the operating system files within a container is
the same:
Edit your container image's build file (known as a Dockerfile) to point to
the latest version of the Windows base image.
2.Rebuild your container image with this new base image.
3.Push the container image to your container registry.
4.Redeploy using an orchestrator.
The orchestrator provides powerful automation for doing this at scale.
Use Azure Disks for local storage for a single node, or Azure Files (SMB
shares) for storage shared by multiple nodes or servers.
Containers themselves don't move; instead an orchestrator can
automatically start or stop containers on cluster nodes to manage
changes in load and availability.
by the orchestrator on another cluster node.
Uses an isolated view of a virtual network adapter, providing a little less
virtualization–the host's firewall is shared with containers–while using
less resources.
31
OS-level Virtualization (Cont.)
• Advantages:
—Minimal startup/shutdown costs, low resource
requirement, high scalability
—It’s possible to synchronize state changes between
the VM and the host environment
—Container is designed to encapsulate “an application
and its running environment”, not an “OS”.

• Disadvantage:
—All VMs on a single container must use the same
operating system.

32
LIBRARY SUPPORT LEVEL

33
Library Support Level
• Most applications use APIs (libraries) rather
than lengthy system calls by the OS.
• Examples:
—WINE: running Windows applications on UNIX hosts
—vCUDA: allows applications within VMs to leverage
GPU hardware acceleration

WINE, running Windows app on UNIX,

without installing windows
img: wikipedia 34
Example of Library
Virtualization - vCUDA
• CUDA is a library for
general-purpose
GPUs.
• Difficult to run CUDA
applications on
hardware-level VMs
directly
• vCUDA resides in the
guest OS as a
substitute for
standard CUDA library

35
USER APPLICATION LEVEL

36
User Application Level
• Also known as process-level virtualization.
• Deploy high level language (HLL) VMs.
• Example:
—Microsoft .NET
—Java virtual machine (JVM)

37
Virtual Clusters
• A virtual cluster consists of a set of VMs that can
communicate through a (virtual) network.

• Given a physical cluster (e.g., at a data center), we

may build different virtual clusters for different
clients at different periods.
— A kind of “cluster on demand” service

• It offers fast deployment and effective scheduling.

1. Preparing the disk image (a template for all VMs)
2. Configuring the VMs
3. Choosing the physical nodes
4. Executing the VM deployment

38
VM Migration

39
VM Live Migration
• Sometimes a VM needs to be reallocated to a different physical
node. “Live” means the user service will not be affected (or with very
minor impact) during the VM migration.
— E.g., the current physical node is heavily loaded. Some VMs are selected to
be migrated to other lightly loaded physical nodes.
— E.g., the current physical node is too lightly loaded. All VMs are migrated to
other physical nodes, so that this physical node can be turned off or put into
deep sleep state to reduce energy consumption.

• VM live migration takes the following steps:

— Start migration: make preparations, select the target node
— Transfer memory: iterative pre-copy until the dirty portion of the memory
can be handled by the last copy.
— Suspend the VM and copy the last portion of the data (service downtime!)
— Commit and activate the VM on the target node

• Typical performance of today’s live migration techniques:

— one to several minutes of migrate time
— hundreds of MBs of migrated data (network traffic)
— less than 1 second of service downtime.
40
 Case Study – Hyper-V
• Built into Windows 10 Pro/Education/Enterprise
(except home edition) and Windows Server.
• Hyper-V succeed Windows Server Virtualization,
first appear in Windows Server 2008.

https://docs.microsoft.com/en-
us/virtualization/hyper-v-on-
windows/quick-start/quick-create-
virtual-machine
41
Hyper-V
• Hyper-V does not need to be
installed.
• It can be enabled through
Settings.
• Enable “Virtualization” in
BIOS.
• Expect a multi-core machine
with at least 8GB

42
Hyper-V Manager
• Hyper-V Manager is an application that manage
different Hyper-V instances.
• It allocates resources for each instance and to
control their life-cycle
(create/start/stop/pause/delete)
—CPU
—RAM
—HD
—Network

Windows Hyper-V Virtual Machine Tutorial - YouTube 43

Case Study - Docker
• A very developer-friendly, popular container
option.
• Like Github, a lot of public images are publicly
available.
• Fast deployment, widely support by different
cloud platform

• Will go deeper to it!

44