Module 2:

Virtualization: Introduction, Characteristics of Virtualized, Environments Taxonomy of

Virtualization Techniques, Execution Virtualization, Other Types of Virtualization, Virtualization and
Cloud Computing, Pros and Cons of Virtualization, Technology Examples

VIRTUALIZATION

Virtualization is a large umbrella of technologies and concepts that are meant to provide an
abstract environment - whether virtual hardware or an operating system to run applications.

Virtualization technologies have gained renewed interested recently due to the confluence of
several phenomena:

Increased performance and computing capacity.

Nowadays, the average end-user desktop PC is powerful enough to meet almost all the needs of
everyday computing, with extra capacity that is rarely used. Almost all these PCs have resources
enough to host a virtual machine manager and execute a virtual machine with by far acceptable
performance.

Underutilized hardware and software resources

Hardware and software underutilization is occurring due to (1) increased performance and
computing capacity, and (2) the effect of limited or sporadic use of resources. Computers today
are so powerful that in most cases only a fraction of their capacity is used by an application or
the system. Moreover, if we consider the IT infrastructure of an enterprise, many computers are
only partially utilized whereas they could be used without interruption on a 24/7/365 basis. For
example, desktop PCs mostly devoted to office automation tasks and used by administrative staff
are only used during work hours, remaining completely unused overnight. Using these resources
for other purposes after hours could improve the efficiency of the IT infrastructure. To
transparently provide such a service, it would be necessary to deploy a completely separate
environment, which can be achieved through virtualization.
Lack of space

The continuous need for additional capacity, whether storage or compute power, makes data
centers grow quickly. Companies such as Google and Microsoft expand their infrastructures by
building data centers as large as football fields that are able to host thousands of nodes. This
condition, along with hardware underutilization, has led to the diffusion of a technique called
server consolidation, for which virtualization technologies are fundamental.

Greening initiative

Recently, companies are increasingly looking for ways to reduce the amount of energy they
consume and to reduce their carbon footprint. Data centers are one of the major power
consumers; maintaining a data center operation not only involves keeping servers on, but a great
deal of energy is also consumed in keeping them cool. Infrastructures for cooling have a
significant impact on the carbon footprint of a data center. Hence, reducing the number of
servers through server consolidation will definitely reduce the impact of cooling and power
consumption of a data center. Virtualization technologies can provide an efficient way of
consolidating servers.

Rise of administrative costs.

The increased demand for additional capacity, which translates into more servers in a data center,
is also responsible for a significant increment in administrative costs. Computers—in particular,
servers—do not operate all on their own, but they require care and feeding from system
administrators. Common system administration tasks include hardware monitoring, defective
hardware replacement, server setup and updates, server resources monitoring, and backups.
These are labor-intensive operations, and the higher the number of servers that have to be
managed, the higher the administrative costs. Virtualization can help reduce the number of
required servers for a given workload, thus reducing the cost of the administrative personnel.

Characteristics of virtualized environments

Virtualization is a broad concept that refers to the creation of a virtual version of something,
whether hardware, a software environment, storage, or a network. In a virtualized environment
there are three major components: guest, host, and virtualization layer. The guest represents the
system component that interacts with the virtualization layer rather than with the host, as would
normally happen. The host represents the original environment where the guest is supposed to be
managed. The virtualization layer is responsible for recreating the same or a different
environment where the guest will operate.

Figure: The virtualization reference model

The Characteristics of Virtualization is as follows

Increased security: The ability to control the execution of a guest in a completely transparent
manner opens new possibilities for delivering a secure, controlled execution environment. The
virtual machine represents an emulated environment in which the guest is executed. All the
operations of the guest are generally performed against the virtual machine, which then translates
and applies them to the host. Resources exposed by the host can then be hidden or simply
protected from the guest. Sensitive information that is contained in the host can be naturally
hidden without the need to install complex security policies.
Managed execution: Virtualization of the execution environment not only allows increased
security, but a wider range of features also can be implemented. In particular, sharing,
aggregation, emulation, and isolation are the most relevant features.

Aggregation: Not only is it possible to share physical resource among several guests, but
virtualization also allows aggregation, which is the opposite process. A group of separate hosts
can be tied together and represented to guests as a single virtual host. This function is naturally
implemented in middleware for distributed computing.

Emulation: In computing, an emulator is software or hardware that allows one computer

system (host) to function like another computer system.

Isolation: Virtualization allows providing guests—whether they are operating systems,

applications, or other entities—with a completely separate environment, in which they are
executed.

Portability: Portability in cloud computing refers to the ability to transfer applications and data
between cloud computing environments, enabling cloud services migration from one cloud
provider to another or between public and private clouds.

Taxonomy of virtualization techniques

Virtualization covers a wide range of emulation techniques that are applied to different areas of
computing. A classification of these techniques helps us better understand their characteristics
and use.
The first classification discriminates against the service or entity that is being emulated.

Virtualization is mainly used to emulate execution environments, storage, and networks.

Among these categories, execution virtualization constitutes the oldest, most popular, and most
developed area. In particular we can divide these execution virtualization techniques into two
major categories by considering the type of host they require.

Process-level techniques are implemented on top of an existing operating system, which has full
control of the hardware. System-level techniques are implemented directly on hardware and do
not require—or require a minimum of support from—an existing operating system. Within these
two categories we can list various techniques that offer the guest a different type of virtual
computation environment: bare hardware, operating system resources, low-level programming
language, and application libraries.

Figure: Taxonomy of virtualization techniques

Execution virtualization

Execution virtualization can be implemented directly on top of the hardware by the operating
system, an application, or libraries. Execution virtualization includes all techniques that aim to
emulate an execution environment that is separate from the one hosting the virtualization layer.

Machine reference model

Virtualizing an execution environment at different levels of the computing stack requires a

reference model that defines the interfaces between the levels of abstractions, which hide
implementation details.

Modern computing systems can be expressed in terms of the reference model described in
Figure. At the bottom layer, the model for the hardware is expressed in terms of the Instruction
Set Architecture (ISA), which defines the instruction set for the processor, registers, memory,
and interrupts management. ISA is the interface between hardware and software, and it is
important to the operating system (OS) developer (System ISA) and developers of applications
that directly manage the underlying hardware (User ISA).

Figure: A Machine Reference Model

The application binary interface (ABI) separates the operating system layer from the
applications and libraries, which are managed by the OS. System calls are defined at this level.
This interface allows portability of applications and libraries across operating systems that
implement the same ABI. The highest level of abstraction is represented by the application
programming interface (API), which interfaces applications to libraries and/or the underlying
operating system.

The instruction set exposed by the hardware has been divided into different security classes that
define who can operate with them. The first distinction can be made between privileged and
nonprivileged instructions. Nonprivileged instructions are those instructions that can be used
without interfering with other tasks because they do not access shared resources. This category
contains, for example, all the floating, fixed-point, and arithmetic instructions. Privileged
instructions are those that are executed under specific restrictions and are mostly used for
sensitive operations.

A possible implementation features a hierarchy of privileges (see Figure) in the form of ring
based security: Ring 0, Ring 1, Ring 2, and Ring 3; Ring 0 is in the most privileged level and
Ring 3 in the least privileged level. Ring 0 is used by the kernel of the OS, rings 1 and 2 are used
by the OS-level services, and Ring 3 is used by the user. Recent systems support only two levels,
with Ring 0 for supervisor mode and Ring 3 for user mode.
Figure: Security Rings and Privileged mode

All the current systems support at least two different execution modes: supervisor mode and
user mode. The first mode denotes an execution mode in which all the instructions can be
executed without any restriction. This mode, also called master mode or kernel mode, is
generally used by the operating system (or the hypervisor) to perform sensitive operations on
hardware level resources. In user mode, there are restrictions to control the machine-level
resources.

Hardware-level virtualization

Hardware-level virtualization is a virtualization technique that provides an abstract execution

environment in terms of computer hardware on top of which a guest operating system can be run.

In this model, the guest is represented by the operating system, the host by the physical computer
hardware, the virtual machine by its emulation, and the virtual machine manager by the
hypervisor (see Figure). Hardware-level virtualization is also called system virtualization.
Figure: A hardware virtualization reference model

Hypervisors: A fundamental element of hardware virtualization is the hypervisor, or virtual

machine manager (VMM).

It recreates a hardware environment in which guest operating systems are installed. There are
two major types of hypervisor: Type I and Type II (see Figure).

Type I hypervisors run directly on top of the hardware. Therefore, they take the place of the
operating systems and interact directly with the ISA interface exposed by the underlying
hardware, and they emulate this interface in order to allow the management of guest operating
systems. This type of hypervisor is also called a native virtual machine since it runs natively on
hardware.

Type II hypervisors require the support of an operating system to provide virtualization

services. This means that they are programs managed by the operating system. This type of
hypervisor is also called a hosted virtual machine since it is hosted within an operating system.
Figure: Hosted (left) and native (right) virtual machines

A virtual machine manager is internally organized as described in Figure 2.8. Three main
modules, dispatcher, allocator, and interpreter, coordinate their activity in order to emulate the
underlying hardware. The dispatcher constitutes the entry point of the monitor and reroutes the
instructions issued by the virtual machine instance to one of the two other modules. The allocator
is responsible for deciding the system resources to be provided to the VM: whenever a virtual
machine tries to execute an instruction that results in changing the machine resources associated
with that VM, the allocator is invoked by the dispatcher. The interpreter module consists of
interpreter routines. These are executed whenever a virtual machine executes a privileged
instruction: a trap is triggered and the corresponding routine is executed.
Three properties of Virtual Machine Manager that have to be satisfied:

• Equivalence. A guest running under the control of a virtual machine manager should exhibit the
same behavior as when it is executed directly on the physical host.

• Resource control. The virtual machine manager should be in complete control of virtualized
resources.

• Efficiency. A statistically dominant fraction of the machine instructions should be executed

without intervention from the virtual machine manager.
Full virtualization: Full virtualization refers to the ability to run a program, most likely an
operating system, directly on top of a virtual machine and without any modification, as though it
were run on the raw hardware. To make this possible, virtual machine managers are required to
provide a complete emulation of the entire underlying hardware. The principal advantage of full
virtualization is complete isolation, which leads to enhanced security, ease of emulation of
different architectures, and coexistence of different systems on the same platform. A simple
solution to achieve full virtualization is to provide a virtual environment for all the instructions,
thus posing some limits on performance.

Paravirtualization: This is a not-transparent virtualization solution that allows implementing

thin virtual machine managers. Paravirtualization techniques expose a software interface to the
virtual machine that is slightly modified from the host and, as a consequence, guests need to be
modified. This technique has been successfully used by Xen for providing virtualization
solutions for Linux-based operating systems specifically ported to run on Xen hypervisors.

Partial virtualization: Partial virtualization provides a partial emulation of the underlying

hardware, thus not allowing the complete execution of the guest operating system in complete
isolation. Partial virtualization allows many applications to run transparently, but not all the
features of the operating system can be supported, as happens with full virtualization.

Operating system-level virtualization: Operating system-level virtualization offers the

opportunity to create different and separated execution environments for applications that are
managed concurrently. Differently from hardware virtualization, there is no virtual machine
manager or hypervisor, and the virtualization is done within a single operating system, where the
OS kernel allows for multiple isolated user space instances.

Programming language-level virtualization: Programming language-level virtualization is

mostly used to achieve ease of deployment of applications, managed execution, and portability
across different platforms and operating systems. The main advantage of programming-level
virtual machines, also called process virtual machines, is the ability to provide a uniform
execution environment across different platforms. Programs compiled into byte code can be
executed on any operating system and platform for which a virtual machine able to execute that
code has been provided.

Application - level virtualization

Application -level virtualization is a technique allowing applications to be run in runtime

environments that do not natively support all the features required by such applications.