UNIT II VIRTUALIZATION BASICS allowed to use the processor for a short time, each taking turns and having
Virtual Machine Basics – Taxonomy of Virtual Machines – Hypervisor – Key Concepts –
Virtualization structure – Implementation levels of virtualization – Virtualization Types: Full
Virtualization – Para Virtualization – Hardware Virtualization – Virtualization of CPU,
Memory and I/O devices.
2.1 BASICS OF VIRTUALIZATION
• Virtualization is a method of running multiple independent virtual operating
systems on a single physical computer. A virtual machine (sometimes called a
pseudo-machine). The creation and management of virtual machines has often
been called platform virtualization.vi
• Platform virtualization is performed on a given computer (hardware platform) by
software called a control program. The control program creates a simulated
environment, a virtual computer, which enables the device to use hosted
software specific to the virtual environment, sometimes called guest software.
• The guest software, which is often itself a complete operating system, runs just
as if it were installed on a stand-alone computer. Frequently, more than one
virtual machine is able to be simulated on a single physical computer, their
number being limited only by the host device’s physical hardware resources.
• Because the guest software often requires access to specific peripheral devices
in order to function, the virtualized platform must support guest interfaces to
those devices.
• Examples of such devices are the hard disk drive, CD-ROM, DVD, and network
interface card.
• Virtualization technology is a way of reducing the majority of hardware
acquisition and maintenance costs, which can result in significant savings for
any company.
2.1.1 Parallel Processing
• Parallel processing is performed by the simultaneous execution of program
instructions that have been allocated across multiple processors with the
objective of running a program in less time.
• The next advancement in parallel processing was multiprogramming. In a
multiprogramming system, multiple programs submitted by users are each
1 2
exclusive time with the processor in order to execute instructions. This
approach is known as “round-robin scheduling” (RR scheduling).
• In RR scheduling, a small unit of time called a time slice (or quantum) is defined.
All executable processes are held in a circular queue. The time slice is defined
based on the number of executable processes that are in the queue. For example,
if there are five user processes held in the queue and the time slice allocated for
the queue to execute in total is 1 second, each user process is allocated 200
milliseconds of process execution time on the CPU before the scheduler begins
moving to the next process in the queue.
• The CPU scheduler manages this queue, allocating the CPU to each process for
a time interval of one time slice. New processes are always added to the end of
the queue. The CPU scheduler picks the first process from the queue, sets its
timer to interrupt the process after the expiration of the timer, and then
dispatches the next process in the queue. The process whose time has expired is
placed at the end of the queue.
• If a process is still running at the end of a time slice, the CPU is interrupted and
the process goes to the end of the queue. If the process finishes before the end
of the time-slice, it releases the CPU voluntarily.
• In either case, the CPU scheduler assigns the CPU to the next process in the
queue. Every time a process is granted the CPU, a context switch occurs, which
adds overhead to the process execution time. To users it appears that all of the
programs are executing at the same time.
• Resource contention problems often arose in these early systems. Explicit
requests for resources led to a condition known as deadlock. Competition for
resources on machines with no tie-breaking instructions led to the critical section
routine. Contention occurs when several processes request access to the same
resource.
• In order to detect deadlock situations, a counter for each processor keeps track
of the number of consecutive requests from a process that have been rejected.
Once that number reaches a predetermined threshold, a state machine that
inhibits other processes from making requests to the main store is initiated until
the deadlocked process is successful in gaining access to the resource.
2.1.2 Vector Processing
• The next step in the evolution of parallel processing was the introduction of
multiprocessing. Here, two or more processors share a common workload.
• The earliest versions of multiprocessing were designed as a master/slave model,
where one processor (the master) was responsible for all of the tasks to be
performed and it only off-loaded tasks to the other processor (the slave) when the
master processor determined, based on a predetermined threshold, that work
could be shifted to increase performance.
• Vector processing was developed to increase processing performance by
operating in a multitasking manner. Matrix operations were added to
computers to allow a single instruction to manipulate two arrays of numbers
performing arithmetic operations.
• This was valuable in certain types of applications in which data occurred in the
form of vectors or matrices. In applications with less well-formed data, vector
processing was less valuable.
2.1.3 Symmetric Multiprocessing Systems
• The next advancement was the development of symmetric multiprocessing
systems (SMP) to address the problem of resource management in master/ slave
models.
• In SMP systems, each processor is equally capable and responsible for
managing the workflow as it passes through the system.
• The primary goal is to achieve sequential consistency, in other words, to make
SMP systems appear to be exactly the same as a single-processor,
multiprogramming platform. Engineers discovered that system performance
could be increased nearly 10–20% by executing some instructions out of order.
• However, programmers had to deal with the increased complexity and cope with
a situation where two or more programs might read and write the same operands
simultaneously.
• This difficulty, however, is limited to a very few programmers, because it only
occurs in rare circumstances. To this day, the question of how SMP machines
should behave when accessing shared data remains unresolved.
• Data propagation time increases in proportion to the number of processors
added to SMP systems.
3 4
• After a certain number (usually somewhere around 40 to 50 processors),
performance benefits gained by using even more processors do not justify the
additional expense of adding such processors.
• To solve the problem of long data propagation times, message passing systems
were created. In these systems, programs that share data send messages to each
other to announce that particular operands have been assigned a new value.
Instead of a global message announcing an operand’s new value, the message is
communicated only to those areas that need to know the change.
• There is a network designed to support the transfer of messages between
applications. This allows a great number processors (as many as several
thousand) to work in tandem in a system. These systems are highly scalable and
are called massively parallel processing (MPP) systems.
2.1.4 Massively Parallel Processing Systems
• Massive parallel processing is used in computer architecture circles to refer to
a computer system with many independent arithmetic units or entire
microprocessors, which run in parallel. “Massive” connotes hundreds if not
thousands of such units. In this form of computing, all the processing elements
are interconnected to act as one very large computer.
• This approach is in contrast to a distributed computing model, where massive
numbers of separate computers are used to solve a single problem (such as in
the SETI project, mentioned previously).
• Early examples of MPP systems were the Distributed Array Processor, the
Goodyear MPP, the Connection Machine, and the Ultracomputer. In data
mining, there is a need to perform multiple searches of a static database.
• The earliest massively parallel processing systems all used serial computers as
individual processing units in order to maximize the number of units available
for a given size and cost.
• Single-chip implementations of massively parallel processor arrays are
becoming ever more cost effective due to the advancements in integrated circuit
technology.
• An example of the use of MPP can be found in the field of artificial
intelligence.
• For example, a chess application must analyze the outcomes of many possible
 alternatives and formulate the best course of action to take.
• Another example can be found in scientific environments, where certain
simulations (such as molecular modeling) and complex mathematical
problems can be split apart and each part processed simultaneously. Parallel data
query (PDQ) is a technique used in business.
• This technique divides very large data stores into pieces based on various
algorithms. Rather than searching sequentially through an entire database to
resolve a query, 26 CPUs might be used simultaneously to perform a sequential
search, each CPU individually evaluating a letter of the alphabet.
• MPP machines are not easy to program, but for certain applications, such as data
mining, they are the best solution.

2.2 Taxonomy of Virtualization Techniques

• Virtualization covers a wide range of emulation techniques that are applied to different
areas of computing.
• A classification of these techniques helps us better understand their characteristics and
. Fig. Taxonomy of Virtualization Techniques
use.
• Virtualization is mainly used to emulate execution environments, storage, and
Within these two categories we can list various techniques that offer the guest a different type
networks. Among these categories, execution virtualization constitutes the oldest,
of virtual computation environment:
most popular, and most developed area. We can divide these execution virtualization
• bare hardware
techniques into two major categories by considering the type of host they require.
• operating system resources
1. Process-level
• low-level programming language
Techniques are implemented on top of an existing operating system, which has
• application libraries.
full control of the hardware.
Execution virtualization
2. System-level
• Includes all techniques that aim to emulate an execution environment that is separate
Techniques are implemented directly on hardware and do not require - or
from the one hosting the virtualization layer.
require a minimum of support from - an existing operating system
• All these techniques concentrate their interest on providing support for the execution of
programs, whether these are the operating system, a binary specification of a program
compiled against an abstract machine model, or an application. Therefore, execution
virtualization can be implemented directly on top of the hardware by the operating
system, an application, or libraries dynamically or statically linked to an application
image

5 6
Hardware-level virtualization: • Guest operating systems run a layer over the hypervisor.
• Hardware-level virtualization is a virtualization technique that provides an abstract • The os is usually unaware of the virtualization
execution environment in terms of computer hardware on top of which a guest
operating system can be run.
• Hardware-level virtualization is also called system virtualization, since it provides
ISA to virtual machines, which is the representation of the hardware interface of a
system.
2.3 Hypervisor
 A hypervisor is a hardware virtualization technique allowing multiple operating
systems, called guests to run on a host machine. This is also called the Virtual Machine
Monitor (VMM).
Type 1: bare metal hypervisor
• sits on the bare metal computer hardware like the CPU, memory, etc.
• All guest operating systems are a layer above the hypervisor. 2.4 VIRTUALIZATION STRUCTURES

• Type 1 hypervisor executes on bare system. LynxSecure, RTS Hypervisor, Oracle VM,
Sun xVM Server, VirtualLogic VLX are examples of Type 1 hypervisor. The following
diagram shows the Type 1 hypervisor.
• The type1 hypervisor does not have any host operating system because they are
installed on a bare system.
•
2.4.1 Hypervisor
Type 2: hosted hypervisor
Type 2 hypervisor is a software interface that emulates the devices with which a system
normally interacts. Containers, KVM, Microsoft Hyper V, VMWare Fusion, Virtual Server
2005 R2, Windows Virtual PC and VMWare workstation 6.0 are examples of Type 2
Type 1: bare metal hypervisor
hypervisor.
• Run over a host operating system.
• Hypervisor is the second layer over the hardware.
Figure showed the architectures of a machine before and after virtualization.
 Before virtualization, the operating system manages the hardware.
 After virtualization, a virtualization layer is inserted between the hardware and the
operating system. In such a case, the virtualization layer is responsible for converting
portions of the real hardware into virtual hardware.
 Therefore, different operating systems such as Linux and Windows can run on the same
physical machine, simultaneously.
 Depending on the position of the virtualization layer, there are several classes of VM
architectures, namely the hypervisor architecture, para-virtualization, and host- based
virtualization.
 The hypervisor is also known as the VMM (Virtual Machine Monitor). They both
perform the same virtualization operations.
 A hypervisor is a hardware virtualization technique allowing multiple operating
systems, called guests to run on a host machine. This is also called the Virtual Machine
Monitor (VMM).
• sits on the bare metal computer hardware like the CPU, memory, etc.
• All guest operating systems are a layer above the hypervisor.

7 8
 • The original CP/CMS hypervisor developed by IBM was of this kind.
Type 2: hosted hypervisor
• Run over a host operating system.
• Hypervisor is the second layer over the hardware.
• Guest operating systems run a layer over the hypervisor.
• The os is usually unware of the virtualization
2.4.2 The XEN Architecture
 Xen is an open source hypervisor program developed by Cambridge University. Xen is
a micro- kernel hypervisor, which separates the policy from the mechanism.
 Xen does not include any device drivers nativel . It just provides a mechanism by which
a guest OS can have direct access to the physical devices.
 As a result, the size of the Xen hypervisor is kept rather small. Xen provides a
Virtual environment located between the hardware and OS.
2.4.3 Binary Translation with Full Virtualization
 Depending on implementation technologies, hardware virtualization can be classified
into two categories: full virtualization and host-based virtualization.
 Full virtualization does not need to modify the host OS. I t relies on binary translation
to trap and to virtualizes the execution of certain sensitive, non virtualizable
instructions. The guest OSes and their applications consist of noncritical and critical
instructions.
 I n a host-based system, both a host OS and a guest OS are used. A virtualization
software layer is built between the host OS and guest OS.
 These two classes of VM architecture are introduced next.
Binary Translation of Guest OS Requests Using a VMM
 This approach was implemented by VMware and many other software companies.
9 10
 VMware puts the VMM at Ring 0 and the guest OS at Ring 1. The VMM scans the
instruction stream and identified the privileged, control- and behavior sensitive
instructions.
 When these instructions are identified, they are trapped into the VMM, which emulates
the behavior of these instructions.
 The method used in this emulation is called binary translation. Therefore, full
virtulation combines binary translation and direct execution.
2.4.4 Host-Based Virtualization
 An alternative VM architecture is to install a virtualization layer on top of the host OS.
This host OS is still responsible for managing the hardware.
 This host-based architecture has some distinct advantages. First, the user can install
this VM architecture without modifying the host OS. The virtualizing software can rely
on the host OS to provide device drivers and other low-level services. This will simplify
the VM design and ease its deployment.
 Second, the host-based approach appeals to many host machine configurations.
Compared to the hypervisor/VMM architecture, the performance of the host-based
architecture may also be low.
2.4.5 Para –virtualization
 Para -virtualization needs to modify the guest operating systems. A para-virtualized VM
 provides special API s requiring substantial OS modifications in user applications.
 Performance degradation is a critical issue of a virtualized system.

The use of para-virtualized guest OS assisted by an intelligent compiler to replace
nonvirtualizable OS instructions by hypercalls
2.4.5.1 Para-Virtualization Architecture
• When the x86 processor is virtualized, a virtualization layer is inserted between the
hardware and the OS. According to the x86 ring definition, the virtualization layer should
also be installed at Ring 0. Different instructions at Ring 0 may cause some problems.
• In Figure, we show that para-virtualization replaces nonvirtualizable instructions with
hypercalls that communicate directly with the hypervisor or VMM. However, when the
guest OS kernel is modified for virtualization, it can no longer run on the hardware directly.
FIGURE The use of a para-virtualized guest OS assisted by an intelligent compiler to
replace nonvirtualizable OS instructions by hypercalls
• Compared with full virtualization, para-virtualization is relatively easy and more
practical. The main problem in full virtualization is its low performance in binary
translation. To speed up binary translation is difficult. Therefore, many virtualization
products employ the para-virtualization architecture. The popular Xen, KVM, and
VMware ESX are good examples.
2.4.5.2 KVM (Kernel-Based VM)
11
• This is a Linux para-virtualization system—a part of the Linux version 2.6.20 kernel.
Memory management and scheduling activities are carried out by the existing Linux
kernel.
• The KVM does the rest, which makes it simpler than the hypervisor that controls the
entire machine. KVM is a hardware-assisted para-virtualization tool, which improves
performance and supports unmodified guest OSes such as Windows, Linux, Solaris, and
other UNIX variants.
2.4.5.3 Para-Virtualization with Compiler Support
Unlike the full virtualization architecture which intercepts and emulates privileged and
sensitive instructions at runtime, para-virtualization handles these instructions at compile
time. The guest OS kernel is modified to replace the privileged and sensitive instructions
with hypercalls to the hypervisor or VMM. Xen assumes such a para- virtualization
architecture.
The guest OS running in a guest domain may run at Ring 1 instead of at Ring 0. This
implies that the guest OS may not be able to execute some privileged and sensitive
instructions. The privileged instructions are implemented by hypercalls to the hypervisor.
After replacing the instructions with hypercalls, the modified guest OS emulates the
behavior of the original guest OS. On an UNIX system, a system call involves an interrupt
or service routine. The hypercalls apply a dedicated service routine in Xen.
Example VMware ESX Server for Para-Virtualization
VMware pioneered the software market for virtualization. The company has developed
virtualization tools for desktop systems and servers as well as virtual infrastructure for large
data centers. ESX is a VMM or a hypervisor for bare-metal x86 symmetric multiprocessing
(SMP) servers.
It accesses hardware resources such as I/O directly and has complete resource management
control. An ESX-enabled server consists of four components
VMkernel
drive
12
 x86 SMP
hardware

FIGURE The VMware ESX server architecture using para-

virtualization.
Full virtualization vs. Para virtualization
Full virtualization
 Does not need to modify guest OS, and critical instructions are emulated by software
through the use of binary translation.
The main function of the software layer for virtualization is to virtualize the physical hardware
 VMware Workstation applies full virtualization, which uses binary translation to
of a host machine into virtual resources to be used by the VMs, exclusively. This can be
automatically modify x86 software on-the-fly to replace critical instructions.
implemented at various operational levels, as we will discuss shortly.
Advantage: no need to modify OS.
The Virtualization software creates the abstraction of VMs by interposing a virtualization layer
Disadvantage: binary translation slows down the performance.
at various levels of a computer system.
Para virtualization
Common virtualization layers include
 Reduces the overhead, but cost of maintaining a paravirtualized OS is high.
• Instruction set architecture (ISA) level,
 The improvement depends on the workload.
• hardware level,
 Para virtualization must modify guest OS, non-virtualizable instructions are replaced
• operating system level,
by hyper calls that communicate directly with the hypervisor or VMM.
• library support level, and
• application level

Five abstraction levels

2.5 IMPLEMENTATION LEVELS OF VIRTUALIZATION
• A traditional computer runs with a host operating system specially tailored for its hardware
architecture.
• After virtualization, different user applications managed by their own operating systems
(guest OS) can run on the same hardware, independent of the host OS. This is often done
by adding additional software, called a virtualization layer. This virtualization layer is
known as hypervisor or virtual machine monitor (VMM).
• The VMs are shown in the upper boxes, where applications run with their own guest OS
over the virtualized CPU, memory, and I/O resources.

13 14
 • Hardware-level virtualization is performed right on top of the bare hardware. On the
one hand, this approach generates a virtual hardware environment for a VM. On the
other hand, the process manages the underlying hardware through virtualization.
• The idea is to virtualize a computer’s resources, such as its processors, memory, and
I/O devices. The intention is to upgrade the hardware utilization rate by multiple users
concurrently. The idea was implemented in the IBM VM/370 in the 1960s. More
recently, the Xen hypervisor has been applied to virtualize x86-based machines to run
Linux or other guest OS.
2.5.1.3 Operating System Level
This refers to an abstraction layer between traditional OS and user applications. OS-level
virtualization creates isolated containers on a single physical server and the OS instances to
utilize the hardware and software in data centers. The containers behave like real servers. OS-
level virtualization is commonly used in creating virtual hosting environments to allocate
hardware resources among a large number of mutually distrusting users.
Advantages of OS Extension for Virtualization
1. VMs at OS level has minimum startup/shutdown costs
Figure: Virtualization ranging from hardware to applications in five abstraction levels
2. OS-level VM can easily synchronize with its environment
Disadvantage of OS Extension for Virtualization
2.5.1.1 Instruction Set Architecture Level
 All VMs in the same OS container must have the same or similar guest OS, which
• At the ISA level, virtualization is performed by emulating a given ISA by the ISA of
restrict application flexibility of different VMs on the same physical machine.
the host machine. For example, MIPS binary code can run on an x86-based host
2.5.1.4 Library Support Level
machine with the help of ISA emulation.
• Most applications use APIs exported by user-level libraries rather than using lengthy
• The basic emulation method is through code interpretation. An interpreter program
system calls by the OS. Since most systems provide well-documented APIs, such an
interprets the source instructions to target instructions one by one. One source
interface becomes another candidate for virtualization.
instruction may require tens or hundreds of native target instructions to perform its
• Virtualization with library interfaces is possible by controlling the communication link
function.
between applications and the rest of a system through API hooks. The software tool
• This approach translates basic blocks of dynamic source instructions to target
WINE has implemented this approach to support Windows applications on top of UNIX
instructions. The basic blocks can also be extended to program traces or super blocks
hosts.
to increase translation efficiency. Instruction set emulation requires binary translation
• Another example is the vCUDA which allows applications executing within VMs to
and optimization. A virtual instruction set architecture (V-ISA) thus requires adding a
leverage GPU hardware acceleration.
processor-specific software translation layer to the compiler.
2.5.1.5 User-Application Level
2.5.1.2 Hardware Abstraction Level

15 16
Virtualization at the application level virtualizes an application as a VM. On a traditional OS, 2.5.2 VMM Design Requirements
an application often runs as a process. Therefore, application-level virtualization is also known • There are three requirements for a VMM.
as process-level virtualization. First, a VMM should provide an environment for programs which is
• The most popular approach is to deploy high level language (HLL) VMs. In this essentially identical to the original machine.
scenario, the virtualization layer sits as an application program on top of the operating Second, programs run in this environment should show, at worst, only
system, and the layer exports an abstraction of a VM that can run programs written and minor decreases in speed.
compiled to a particular abstract machine definition. Third, a VMM should be in complete control of the system resources.
• Any program written in the HLL and compiled for this VM will be able to run on it.
The Microsoft .NET CLR and Java Virtual Machine (JVM) are two good examples of Comparison of Four VMM and Hypervisor Software Packages
this class of VM. Provider and Host CPU Host OS Guest OS Architectu
2.5.1.6 Relative Merits of Different Approaches References re
Relative Merits of Virtualization at Various Levels (More “X”’s Means Higher Merit, VMware x86, x86-64 Windows, Windows, Linux, Full
with a Maximum of 5 X’s) Workstation Linux Solaris, FreeBSD, Virtualizatio
• The column headings correspond to four technical merits. Netware, OS/2, n
• “Higher Performance” and “Application Flexibility” are self-explanatory. SCO, BeOS,
“Implementation Complexity” implies the cost to implement that particular Darwin
virtualization level. “Application Isolation” refers to the effort required to VMware ESX x86, x86-64 No host OS The same as Para-
isolate resources committed to different VMs. Server VMware Virtualization
Workstation
Level of Higher Application Implementation Applica Xen x86, x86-64, IA-64 NetBSD, FreeBSD, Hypervisor
Implementation Performance Flexibility Complexity tion Linux, Solaris NetBSD, Linux,
Isolati Solaris, Windows
on XP and 2003 Server
ISA X XXXXX XXX XXX KVM x86, x86-64, IA-64, Linux Linux, Windows, Para-
Hardware-level S390, PowerPC FreeBSD, Solaris Virtualization
virtualization XXXXX XXX XXXXX XXXX
OS-level 2.5.3 Virtualization Support at the OS Level
virtualization XXXXX XX XXX XX Cloud computing has at least two challenges.
Runtime library • The first is the ability to use a variable number of physical machines and VM
support XXX XX XX XX instances depending on the needs of a problem. For example, a task may need only a
User application XX XX XXXXX XXXXX single CPU during some phases of execution but may need hundreds of CPUs at
Level other times.
• The second challenge concerns the slow operation of instantiating new VMs.

17 18
 Currently, new VMs originate either as fresh boots or as replicates of a template VM,
unaware of the current application state. Therefore, to better support cloud
computing, a large amount of research and development should be done.
2.5.3.1 Why OS-Level Virtualization?
• To reduce the performance overhead of hardware-level virtualization, even hardware
modification is needed. OS-level virtualization provides a feasible solution for these
hardware-level virtualization issues.
• Operating system virtualization inserts a virtualization layer inside an operating
system to partition a machine’s physical resources. It enables multiple isolated VMs
within a single operating system kernel.
• This kind of VM is often called a virtual execution environment (VE), Virtual Private
System (VPS), or simply container. From the user’s point of view, VEs look like real
servers. This means a VE has its own set of processes, file system, user accounts,
network interfaces with IP addresses, routing tables, firewall rules, and other personal
settings.
• Although VEs can be customized for different people, they share the same operating
system kernel. Therefore, OS-level virtualization is also called single-OS image
virtualization. Figure illustrates operating system virtualization from the point of view
of a machine stack.
19
FIGURE The OpenVZ virtualization layer inside the host OS, which provides some OS
images to create VMs quickly.
2.5.3.2 Advantages of OS Extension for Virtualization
1. VMs at OS level has minimum startup/shutdown costs
2. OS-level VM can easily synchronize with its environment
2.5.3.3 Disadvantage of OS Extension for Virtualization
 All VMs in the same OS container must have the same or similar guest OS, which
restrict application flexibility of different VMs on the same physical machine.
2.5.3.4 Virtualization on Linux or Windows Platforms
By far, most reported OS-level virtualization systems are Linux-based.
Virtualization support on the Windows-based platform is still in the research stage. The
Linux kernel offers an abstraction layer to allow software processes to work with and operate
on resources without knowing the hardware details. New hardware may need a new Linux
kernel to support. Therefore, different Linux platforms use patched kernels to provide
special support for extended functionality.
However, most Linux platforms are not tied to a special kernel. In such a case, a host
can run several VMs simultaneously on the same hardware. Table 2.7 summarizes several
examples of OS level virtualization tools that have been developed in recent years.
Two OS tools (Linux vServer and OpenVZ) support Linux platforms to run other
platform-based applications through virtualization. These two OS-level tools are illustrated
in Example 2.3.
The third tool, FVM, is an attempt specifically developed for virtualization on the
Windows NT platform.
Virtualization Support for Linux and Windows NT Platforms
Virtualization Support and Source Brief Introduction on Functionality and
of Information Application Platforms
Linux vServer for Linux platforms Extends Linux kernels to implement a
(http://linuxvserver.org/) security mechanism to help build VMs by
setting resource limits and file attributes
and changing the root environment for VM
isolation
20
 OpenVZ for Linux platforms [65]; Supports virtualization by creating virtual Visual MainWin (http:// A compiler support system to develop
http://ftp.openvz .org/doc/OpenVZ- private servers (VPSes); the VPS has its www.mainsoft.com/) Windows applications using Visual
Users-Guide.pdf) own files, users, process tree, and virtual Studio to run on Solaris, Linux, and AIX
devices, hosts
which can be isolated from other VPSes, vCUDA (Example 2.4) (IEEE Virt ualization support for using general-
and checkpointing and live migration are IPDPS 2009 ) purpose GPUs to run data- intensive
supported applications under a special guest OS
FVM ( Feather- Weight Virtual Uses system call interfaces to create VMs
Machines) for virtualizing the at the NY kernel space; multiple VMs are • The WABI offers middleware to convert Windows system calls to Solaris system calls.
Windows NT platforms) supported by virtualized namespace and Lxrun is really a system call emulator that enables Linux applications written for x86
copy- on-write hosts to run on UNIX systems. Similarly, Wine offers library support for virtualizing
x86 processors to run Windows applications on UNIX hosts.
2.5.4 Middleware Support for Virtualization • Visual MainWin offers a compiler support system to develop Windows applications
Library-level virtualization is also known as user-level Application Binary Interface using Visual Studio to run on some UNIX hosts. The vCUDA is explained in Example
(ABI) or API emulation. This type of virtualization can create execution environments for with a graphical illustration in Figure.
running alien programs on a platform rather than creating a VM to run the entire operating
system. API call interception and remapping are the key functions performed. Example 2.5 The vCUDA for Virtualization of General-Purpose GPUs
The library-level virtualization systems: namely the Windows Application Binary • CUDA is a programming model and library for general-purpose GPUs. It leverages the
Interface (WABI), lxrun, WINE, Visual MainWin, and vCUDA, which are summarized in high performance of GPUs to run compute-intensive applications on host operating
Table. systems. However, it is difficult to run CUDA applications on hardware-level VMs directly.
Middleware and Library Support for Virtualization vCUDA virtualizes the CUDA library and can be installed on guest OSes.
Middleware or Runtime Library and Brief Introduction and Application • When CUDA applications run on a guest OS and issue a call to the CUDA API, Vcuda
References or Web Link Platforms. intercepts the call and redirects it to the CUDA API running on the host OS. Figure 2.7
WABI (http://docs.sun.com/app/ Middleware that converts Windows system shows the basic concept of the vCUDA architecture.
docs/doc/802-6306) calls running on x86 PCs to Solaris system • The vCUDA employs a client- server model to implement CUDA virtualization. It
calls running on SPARC workstations consists of three user space components: the vCUDA library, a virtual GPU in the guest OS
Lxrun (Linux Run) (http:// A system call emulator that enables (which acts as a client), and the vCUDA stub in the host OS (which acts as a server).
www.ugcs.caltech.edu/~steven/ Linuxapplications written for x86 hosts to • The vCUDA library resides in the guest OS as a substitute for the standard CUDA library.
lxrun/) run on UNIX systems such as the SCO It is responsible for intercepting and redirecting API calls from the client to the stub. Besides
OpenServer these tasks, vCUDA also creates vGPUs and manages them.
WINE (http://www.winehq.org/) A library support system for virtualizing
x86processors to run Windows applications
underLinux, FreeBSD, and Solaris

21 22
 uptime and utilization of hardware. The primary motive behind this technology brings
together all the physical servers into one large physical server. Thus making the
processor work more efficiently and effectively.
The operating system of the physical server gets transformed into a well to do OS that

Device driver runs on a virtual system. It consists of a hypervisor that solely manages the memory,
processor and other elements by allowing multiple OS to run on the same machine
without the help of any source code.
Hardware virtualization is of three kinds.
Device (GPU, Hard disk, Network card)
These are:
Figure: Basic concept of the vCUDA architecture.
1.1 Full Virtualization: Here the hardware architecture is completely simulated.
Guest software doesn't need any modification to run any applications.
• The functionality of a vGPU is threefold: It abstracts the GPU structure and gives
1.2 Emulation Virtualization: Here the virtual machine simulates the hardware &
applications a uniform view of the underlying hardware; when a CUDA application in the
is independent. Furthermore, the guest OS doesn't require any modification.
guest OS allocates a device’s memory the vGPU can return a local virtual address to the
1.3 Para-Virtualization: Here, the hardware is not simulated; instead the guest
application and notify the remote stub to allocate the real device memory, and the vGPU is
software runs its isolated system.
responsible for storing the CUDA API flow.
2. Software Virtualization
• The vCUDA stub receives and interprets remote requests and creates a corresponding
It is also called application virtualization is the practice of running software from a
execution context for the API calls from the guest OS, then returns the results to the guest OS.
remote server. Software virtualization is similar to that of virtualization except that it
The vCUDA stub also manages actual physical resource allocation.
is capable to abstract the software installation procedure and create virtual software
installation.
2.6 TYPES OF VIRTUALIZATION 3. OS level virtualization
Virtualization is a method of running multiple independent virtual operating systems It is also called OS-level virtualization is a type of virtualization technology which
on a single physical computer work on OS layer. Here the kernel of an OS allows more than one isolated user-space
Types of virtualization instances to exist. Such instances are called containers/software containers or
1. Hardware Virtualization virtualization engines.
• Full Virtualization 4. Server virtualization
• Emulation Virtualization It is the division of physical server into several virtual servers and this division is
• Para-virtualization mainly done to improvise the utility of server resource. In other word it is the masking
2. Software Virtualization of resources that are located in server which includes the number & identity of
3. OS Virtualization processors, physical servers & the operating system.
4. Server Virtualization 5. Storage Virtualization
5. Storage Virtualization Storage Virtualization is the process which helps in the grouping of physical storage
1. Hardware Virtualization from a number of network storage devices. Therefore, it works as a single storage
This is one of the most common types of Virtualization as it is related to the application

23 24
 device. It also has many advantages with this as it has the capacity to reduce of resources used. Behavior-sensitive instructions have different behaviors depending on the
downtime, speed, performance and load balancing configuration of resources, including the load and store operations over the virtual memory.
The VMM acts as a unified mediator for hardware access from different VMs to guarantee the
2.7 VIRTUALIZATION OF CPU, MEMORY, AND I/O DEVICES correctness and stability of the whole system.
2.7.2.1. Hardware-Assisted CPU Virtualization
2.7.1 Hardware Support for Virtualization This technique attempts to simplify virtualization because full or paravirtualization is
Modern operating systems and processors permit multiple processes to run complicated. Intel and AMD add an additional mode called privilege mode level to x86
simultaneously. If there is no protection mechanism in a processor, all instructions from processors.
different processes will access the hardware directly and cause a system crash. Therefore, all
processors have at least two modes, user mode and supervisor mode, to ensure controlled
access of critical hardware. Instructions running in supervisor mode are called privileged
instructions. Other instructions are unprivileged instructions. The VMware Workstation is a
VM software suite for x86 and x86-64 computers. This software suite allows users to set up
multiple x86 and x86-64 virtual computers and to use one or more of these VMs simultaneously
with the host operating system. The VMware Workstation assumes the host-based
virtualization. Xen is a hypervisor for use in IA-32, x86-64, Itanium, and PowerPC 970 hosts.

2.7.3 Memory Virtualization

Virtual memory virtualization is similar to the virtual memory support provided by modern
operating systems. All modern x86 CPUs include a memory management unit (MMU) and a
translation lookaside buffer (TLB) to optimize virtual memory performance. A two-stage
mapping process should be maintained by the guest OS and the VMM, respectively: virtual
memory to physical memory and physical memory to machine memory.

2.7.2 CPU Virtualization

Two level memory mapping process
A VM is a duplicate of an existing computer system in which a majority of the VM
instructions are executed on the host processor in native mode. Thus, unprivileged instructions
of VMs run directly on the host machine for higher efficiency. Other critical instructions should
be handled carefully for correctness and stability. The critical instructions are divided into three
categories: privileged instructions, control-sensitive instructions, and behavior-sensitive
instructions. Privileged instructions execute in a privileged mode and will be trapped if
executed outside this mode. Control-sensitive instructions attempt to change the configuration

25 26
 The guest OS continues to control the mapping of virtual addresses to the physical memory
addresses of VMs. The MMU already handles virtual-to-physical translations as defined by the
OS. Then the physical memory addresses are translated to machine addresses using another set
of page tables defined by the hypervisor. Processors use TLB hardware to map the virtual
memory directly to the machine memory to avoid the two levels of translation on every access.
When the guest OS changes the virtual memory to a physical memory mapping, the VMM
updates the shadow page tables to enable a direct lookup.
Example: Extended Page Table by Intel for Memory Virtualization
• In Figure, the page tables of the guest OS and EPT are all four-level.
• When a virtual adderss needs to be translated, the CPU will first look for the L4 page table
pointed to by Guest CR3. Since the address in Guest CR3 is a physical address in the guest
OS, the CPU needs to convert the Guest CR3 GPA to the host physical address (HPA)
using EPT. 2.7.4 I/O Virtualization
• In this procedure, the CPU will check the EPT TLB to see if the translation is there. If I/O virtualization involves managing the routing of I/O requests between virtual devices
there is no required translation in the EPT TLB, the CPU will look for it in the EPT. If the and the shared physical hardware. At the time of this writing, there are three ways to
CPU cannot find the translation in the EPT, an EPT violation exception will be raised. implement I/O virtualization: full device emulation, para-virtualization, and direct I/O.
• When the GPA of the L4 page table is obtained, the CPU will calculate the GPA of the L3 Full device emulation is the first approach for I/O virtualization. Generally, this
page table by using the GVA and the content of the L4 page table. If the entry approach emulates well-known, real-world devices. All the functions of a device or bus
corresponding to the GVA in the L4 page table is a page fault, the CPU will generate a infrastructure, such as device enumeration, identification, interrupts, and DMA, are replicated
page fault interrupt and will let the guest OS kernel handle the interrupt. in software. This software is located in the VMM and acts as a virtual device. The I/O access
• When the PGA of the L3 page table is obtained, the CPU will look for the EPT to get the requests of the guest OS are trapped in the VMM which interacts with the I/O devices.
HPA of the L3 page table, as described earlier. To get the HPA corresponding to a GVA, Full device emulation
the CPU needs to look for the EPT five times, and each time, the memory needs to be
accessed four times. Therefore, there are 20 memory accesses in the worst case, which is
still very slow. To overcome this shortcoming, Intel increased the size of the EPT TLB to
decrease the number of memory accesses.

27 28
 • SV-IO defines one virtual interface (VIF) for every kind of virtualized I/O device, such
as virtual network interfaces, virtual block devices (disk), virtual camera devices, and
others. The guest OS interacts with the VIFs via VIF device drivers. Each VIF consists of
two message queues. One is for outgoing messages to the devices and the other is for
incoming messages from the devices. In addition, each VIF has a unique ID for
identifying it in SV-IO.
VMware Workstation for I/O Virtualization
• The VMware Workstation runs as an application. It leverages the I/O device support in
guest OSes, host OSes, and VMM to implement I/O virtualization. The application portion
(VMApp) uses a driver loaded into the host operating system (VMDriver) to establish the
privileged VMM, which runs directly on the hardware.
Device emulation for I/O virtualization implemented inside the middle layer that
• A given physical processor is executed in either the host world or the VMM world, with
maps real I/O devices into the virtual devices for the guest device driver
the VMDriver facilitating the transfer of control between the two worlds. The VMware
to use.
Workstation employs full device emulation to implement I/O virtualization. Figure shows
The para-virtualization method of I/O virtualization is typically used in Xen. It is also known
the functional blocks used in sending and receiving packets via the emulated virtual NIC.
as the split driver model consisting of a frontend driver and a backend driver. The frontend
driver is running in Domain U and the backend driver is running in Domain 0.They interact
with each other via a block of shared memory. The frontend driver manages the I/O requests
of the guest OSes and the backend driver is responsible for managing the real I/O devices and
multiplexing the I/O data of different VMs.
Direct I/O virtualization lets the VM access devices directly. It can achieve close-to-native
performance without high CPU cost.
• For example, when a physical device is reclaimed (required by workload migration) for
later reassignment, it may have been set to an arbitrary state (e.g., DMA to some arbitrary
memory locations) that can function incorrectly or even crash the whole system. Since
software-based I/O virtualization requires a very high overhead of device emulation,
hardware-assisted I/O virtualization is critical.
• Intel VT-d supports the remapping of I/O DMA transfers and device- generated
interrupts. The architecture of VT-d provides the flexibility to support multiple usage
models that may run unmodified, special-purpose, or “virtualization-aware” guest OSes.
• Another way to help I/O virtualization is via self-virtualized I/O (SV-IO). The key idea
of SV-IO is to harness the rich resources of a multicore processor. All tasks
• The virtual NIC models an AMD Lance Am79C970A controller. The device driver for a
associated with virtualizing an I/O device are encapsulated in SV-IO. It provides
Lance controller In the guest OS initiates packet transmissions by reading and writing a
virtual devices and an associated access API to VMs and a management API to the VMM.

29 30

sequence of virtual I/O ports; each read or write switches back to the VMApp to emulate
the Lance port accesses.
• When the last OUT instruction of the sequence is encountered, the Lance emulator calls a
normal write() to the VMNet driver. The VMNet driver then passes the packet onto the
network via a host NIC and then the VMApp switches back to the VMM. The switch raises
a virtual interrupt to notify the guest device driver that the packet was sent. Packet receives
occur in reverse.
2.7.5 Virtualization in Multi-Core Processors
Virtualizing a multi-core processor is relatively more complicated than virtualizing a unicore
processor. Though multicore processors are claimed to have higher performance by
integrating multiple processor cores in a single chip, muti-core virtualization has raised some
new challenges to computer architects, compiler constructors, system designers, and
application programmers. There are mainly two difficulties: Application programs must be
parallelized to use all cores fully, and software must explicitly assign tasks to the cores,
which is a very complex problem.
Physical versus Virtual Processor Cores
This technique alleviates the burden and inefficiency of managing hardware resources by
software. It is located under the ISA and remains unmodified by the operating system or
VMM (hypervisor).
Multicore virtualization method that exposes four VCPUs to the software, when only
three cores are actually present.
Level 2
a virtual hierarchy can adapt to fit how the work is space shared for improved performance and
performance isolation.
• Figure illustrates a logical view of such a virtual cluster hierarchy in two levels. Each
VM operates in a isolated fashion at the first level. This will minimize both miss access
time and performance interference with other workloads or VMs.
• Moreover, the shared resources of cache capacity, inter-connect links, and miss handling
are mostly isolated between VMs. The second level maintains a globally shared memory.
This facilitates dynamically repartitioning resources without costly cache flushes.
Furthermore, maintaining globally shared memory minimizes changes to existing system
software and allows virtualization features such as content-based page sharing.
• A virtual hierarchy adapts to space-shared workloads like multiprogramming and server
consolidation. Figure shows a case study focused on consolidated server workloads
in a tiled architecture. This many-core mapping scheme can also optimize for space-
shared multiprogrammed workloads in a single-OS environment.

Virtual Hierarchy
The emerging many-core chip multiprocessors (CMPs) provides a new computing landscape.
To optimize for space-shared workloads, they propose using virtual hierarchies to overlay a
coherence and caching hierarchy onto a physical processor. Unlike a fixed physical hierarchy,

31 32

FIGURE: CMP server consolidation by space-sharing of VMs into
many cores forming multiple virtual clusters to execute
various workloads.
Virtual clusters and resource management?
A physical cluster is a collection of servers (physical machines) interconnected by a
physical network such as a LAN.
Virtual clusters are built with VMs installed at distributed servers from one or more
physical clusters. The VMs in a virtual cluster are interconnected logically by a virtual network
across several physical networks. Each virtual cluster is formed with physical machines or a
VM hosted by multiple physical clusters. The virtual cluster boundaries are shown as distinct
boundaries.
33
The provisioning of VMs to a virtual cluster is done dynamically to have the following
Interesting properties:
• The virtual cluster nodes can be either physical or virtual machines. Multiple VMs running
with different OSes can be deployed on the same physical node.
• A VM runs with a guest OS, which is often different from the host OS, that manages the
resources in the physical machine, where the VM is implemented.
• The purpose of using VMs is to consolidate multiple functionalities on the same server. This
will greatly enhance server utilization and application flexibility.
• VMs can be colonized (replicated) in multiple servers for the purpose of promoting distributed
parallelism, fault tolerance, and disaster recovery.
• The size (number of nodes) of a virtual cluster can grow or shrink dynamically, similar to the
way an overlay network varies in size in a peer-to-peer (P2P) network.
• The failure of any physical nodes may disable some VMs installed on the failing nodes. But
the failure of VMs will not pull down the host system.
34
 Table 2.9 Virtualized Resources in Compute, Storage, and Network Clouds

Provider AWS Microsoft Azu re GAE

Compute x86 instruction set, Xen Common language Predefined application
cloud with VMs, resource elasticity runtime VMs pro- framework handlers
virtual cluster allows scalability visioned by decla- written in Python,
of servers through virtual cluster, or rative descriptions. automatic scaling up and
a third party such as down, server failover
RightScale must provide nconsistent with the web
the cluster. applications
A Virtual Clusters based on Application Partitioning: torage cloud Models for block store SQL Data Services MegaStore/BigTable
Parallax Providing Virtual Disks to Clients VMs from a Large Common Shared Physical Disk. with virtual (EBS) and augmented (restricted view of
2.7.6 Hardware Virtualization storage key/blob store SQL Server),
• In many cloud computing systems, virtualization software is used to virtualize (SimpleDB), utomatic Azure storage
the hardware. System virtualization software is a special kind of software which scaling varies from EBS service.
simulates the execution of hardware and runs even unmodified operating to fully automatic
systems. (SimpleDB, S3).
• Cloud computing systems use virtualization software as the running environment Network Declarative IP-level Automatic with Fixed topology to
for legacy software such as old operating systems and unusual applications. cloud topology; placement user's declarative accommodate three-tier
• Virtualization software is also used as the platform for developing new cloud services details hidden, security descriptions or web app. structure,
applications that enable developers to use any operating systems and groups restricting roles of app. scaling up and down is
programming environments they like. communication, avai- components. automatic and
• The development environment and deployment environment can now be the lability zones isolate programmer-invisible
same, which eliminates some runtime problems. network failure, elastic IP
• Some cloud computing providers have used virtualization technology to provide applied.
this service for developers. As mentioned before, system virtualization
software is considered the hardware analog mechanism to run an unmodified Using VMs in a cloud computing platform ensures extreme flexibility for users. As the
computing resources are shared by many users, a method is required to maximize the users’
operating system, usually on bare hardware directly, on top of software.
privileges and still keep them separated safely.
• Table 2.9 lists some of the system virtualization software in wide use at the time
• Traditional sharing of cluster resources depends on the user and group mechanism
of this writing. Currently, the VMs installed on a cloud computing platform are
on a system. Such sharing is not flexible. Users cannot customizethe system for
mainly used for hosting third-party programs. VMs provide flexible runtime
their special purposes. Operating systems cannot be changed. The separation is
services to free users from worrying about the system environment.
not complete.

35 36
• The virtualized infrastructure (black box in the middle) is built with many
virtualizing integration managers. These managers handle loads, resources,
security, data, and provisioning functions.
• Figure 2.22 shows two VM platforms. Each platform carries out a virtual solution
to a user job. All cloud services are managed in the boxes at the top.

37