3 Virtualization

Virtualization technology is one of the fundamental components of Cloud computing, especially in case
of infrastructure-based services. It allowS
creation of
vironment for running applicatiöns, even if they are secure, customizable, and isolated execution en
untrusted,
tions. At the basis of this technology, there the ability of a without affecting other user's applica
combination of software and hardware-to emulate an executing computer programor more in generala
that hosts such program. For example, running Windows OS on top environment separate from the one
of virtua! machine, which
running on Linux OS. Virtualization provides a great opportunity to build elastically scalable itself is
systems,
which are capable of provisioning additional capability with minimum costs. Therefore, it is widely used
to deliver customizable computing environment on demand.
This chapter discusses the fundamental concepts of virtualization, its evolution, and different models
and technologies used in Cloud computingenvironments.

3.1 INTRODUCTION
Virtualization is a large umbrela of technologies and concepts that are meant to provide an abstract
environment-whether virtual hardware or an operating system- -to run applications. This term is often
Synonymous wíth hardware virtualization, which plays afundamental role in efficiently delivering Infra
Structure-as-a-Service solutions for Cloud computing. In fact, virtualization technologies have a long trail
virtual environments
In ne history of computer science and have come into many flavors by providing
a operating system level,programming language level, and application level. Moreover, virtualization
for storage.
Iechnologies not only provide a virtual environment for executing applications, but also
memory, and networking.
explored and adopted, but in the last few
Since its inception, (virtualization has been sporadically
in leveraging this technology. Virtualization tech
years, there has been a consistent and arowing trend the confluence of different phenomena:
iologies have gained a renewed interested recently due to
Capacity. Nowadays, the aver
(a) Increased Performance andtoComputing
fulfill almost all the needs of everyday
computing, and
enough
3 end-User desktop PCis powerfulused. Almost all of these PCs have resources enough to host a virtu
le Is an extra capacity that is rarelyvirtual machine with aby far acceptable performance. Ihe same con
al machine manager and execute a PC market. where supercomputers can provide an immense
SI0eration applies to the high-end side of the of virtual machines.
the execution of hundreds or thousands
Compute power that can accommodate
 3.2
Mastering Cloud Computing

Underutilized
underutilization Hardware
is occurring
and Software Resources. Hardware
due to (1) the increased performance and computing capacity,
(b)
resources. Computers today are so powerful that in most
and soa
fraction of their capacity
sporadic use
is of
used by an application or the system. Moreover if we consider the
fect of limited or

structure of an enterprise,
there are a lot of
computers that are partially utilized, while
desktop Poo
cases ot
they cod ha
:
24/7/365 basis. As an example,
been used without interruption on
administrative staff for office automation
a
tasks are only used during work hours, while mostly requrer
main completely unused. Using
the IT infrastructure.
to deploy ofa completely
efficiency
these resources for other purposes
In order to transparently provide
after work

separate environment, which can be achieved through virtualization.

overnight Ihey
hours could
such a service it would be

(C) Lack of Space. The continuous need for additional capacity, whether thi.
necesar
quickly. Companies like Google and Microsoft
Compute power, makes data centers grow
infrastructure by building data centers, as large as
football fields, that are able to host
expand her
nodes. Although this is viable for IT giants, in most cases
center to accommodate additional resource capacity. This
enterprises cannot afford
condition along with thousands
building another
hardware
tion led to the diffusion of a technique called server
consolidation13, for which
virtualization underutlizZ
are fundamental.

(d) Greening Initiatives. Recently, companies are increasingly looking for

technologje
ways to
the amount of energy they consume and to reduce their carbon footprint. Data centers are onereduc
of the
major power consumers and contribute consistently to the impact that a company has on the
ment. Maintaining a data center operational does not only involve keeping servers on, but a lot ofenvionsron-
is also consumed for keeping them cool. Infrastructures for cooling have a significant impact nn
carbon footprint of a data center. Hence, reducing the number of servers through server consolitet
willdefinitely reduce the impact of cooling and power consumptionof a datacenter. Virtualizationte
nologies can provide an efficient way of consolidating servers.
(e) Rise of Administrative Costs. Power consumption and cooling costs have now be
come higher than the cost of the IT equipment. Moreover, the increased demand for additional capach
which translates into more servers in a data center, is also responsible for a significant increment in the
administrative costs. Computers, in particular servers, do not operate all on their Own, but they require
care and feeding from system administrators. Common system administration tasks include: hardware
monitoring; defective hardware replacement; server setup and updates; server resources monitoring
and backups. These are labor-intensive operations, and the higher the number of servers that
be managed, the higher the administrative costs. Virtualization can help in have to
quired servers for a given workload, thus reducing the cost of the reducing the number ot re
administrative persSonnel.
These can be considered the major causes for the diffusion of
together with them, the other kinds of virtualization. The first stephardware
towards
virtualization solutions alu
a consistent adoption ol
tualization technologies has been made with the wide spread of virtual machine
languages: in 1995, Sun released Java, which soon became popular among developers. based progran
The abilityto
integrate smallJava applications,called applets, made Java a very
ginning of the new millennium, Java played a successful platform and wiusegmen.
significant role in the
thus demonstrating that the existingtechnology was ready to supportapplication
the execution market codefor
of managed
server
enterprise class applications. In 2002, Microsoft released the first version of..NET framework, which was
Microsoft's alternative to the Java technology. Based on the same principles of Java, ability tosuppot
multiple programming languages and featuring a complete integration with other Microsoft technolo

13 Server consolidation is a
physical sever Servertechnique of aggregating multiple services and
on one differentsenes
derut1hzation. consolidation allows reducing the power applications, originally deployed on hardware.
consumption of a data center and resolving
 Virtualization 3.3
ae the .NET framework soon
icky became popular among
became the principal development platform for the
Microsoft world and
alonment at Google were baseddevelopers. In 2006, two of the three "official
on the virtual machine model: Java and languages" used for de
Wards virtualization from a programming Python. This trend of shifting
tochnology was ready to support virtualized language
solutions
perspective demonstrated an important fact: the
without a significant performance overhead. This
naVed the way to another and more radical form of
reguisite for any data center management infrastructurevirtualization that now has become a fundamental

3.2 CHARACTERISTICS OF VIRTUALIZED ENVIRONMENTS

Virtualization is a broad concept and it refers to the creation of a virtual version of something,
this is hardware, software environment, storage, or network. In a whether
virtualized environment, there are
three major components: guest, host, and virtualization layer. The guest represents the system compo
nent that interacts with the virtualization layer rather than with the host as it would normally happen. The
host represents the original environment where the guest is supposed to be managed.The virtualization
layer is responsible for recreating the same ora different environment where the guest will operate.

Guest Virtual Image Applications Applications

gueGt mignt be
hey inurort oir vitho! >Cient 1,3uest anp!^
Userinteratt oi-h

Virtual Hardware|Virtual Storage Virtual Networking

Virtualization Layer
Software Emulation

Vrrrr s rUroirg N ohy

Physical Networking
Host
Physical Hardware Physical Storage

Fig. 3.1. Virtualization Reference Model.

applications and then implementations of the virtualization

diferent consti
Such ageneral abstraction finds popular is represented by hardware virtualization, which also guest
technology. The most intuitive and virtualization concept14, In case of hardware virtualization, the are
the These
tutes the original realization of comprising an operating system and installed applications. also called
IS represented by asystem
image by the virtualization layer,
is controlled and managed
hardware that
installed on top of virtual
systems to
mainframe era. The IBM CP/CMS mainframes were the first
systems at the
during the operating
Virtualization is a technology initially developedhypervisors. These systems were avalable to run multiple their applications.
14 versions of
hardware virtualization and customers to run previous
introduce the concept of backward compatible environment that allowed
same time and provided a
 34 Mastering Cloud lComputing
virtual machine manager. The host is instead represented by the physical hardware, and in some cases
the operating system, that defines the environment where the virtual machine manager is runnine
case of virtual storage, the guest might be client applications or users that interact with the virtual ct
age management software deployed on top of the real storage systerm. The caseof virtual networkingi
alsosimilar: the guestapplications and usersinteract with a virtual network, such as a Virtual Pri
Network (VPN), which is managed by specific software (VPN client) using the physical network available
on the node. VPNs are useful for creating the illusion of being within a different physical network and
thus accessingthe resources in it, which would be otherwise not available.
The main common characteristic of allthese different implementations is the fact that the virtual en.
vironment is created by means of a software program. The ability of emulate by software such a wioe
variety of environments creates a lot of opportunities, previously less attractive because of excessive
overhead introduced by the virtualization layer. The technologies of today allowa profitable use of virtu
alization, and make itpossible to fully exploit the advantages that come with it. Such advantages have
always been characteristics of virtualized solutions.

1. Increased Security
The ability to control the execution of a guest in a completely transparent manner opens new possibilities
for delivering a secure, controlled execution environment. The virtual machine represents an emulated
environment in which the guest is executed. All the operations of the guest are generally performed
against the virtual machine, which then translates and applies themn to the host. This level of indirection
allows the virtual machine manager to control and filter the activity of the guest, thus
harmful operations from being performed. Resources exposed by the host can then be preventing some
hidden or simply
protected from the guest. Moreover, sensitive information that is contained in the host
hidden without the need of installingcomplex security policies. Increased security is a can be naturally
dealingwith untrusted code. For example, applets downloaded from the Internet run inrequirement when
a sandboxed ver
sion of the Java Virtual Machine (JVM), which provides them with limited
system resources. Both the JVM and the .NET runtime provide extensive access to the hosting operating
izing the execution environment of applications. Hardware
security policies for custom
virtualization solutions, such as VMware
Desktop, VirtualBox, and Parallels provide the ability to create avirtual computer
hardware on top of which a new operating system can be installed. By default, the with customized virtual
by the virtual computer is completely separate from the one of the file system exposed
fect environment for running applications without affecting other host machine. This becomes the per
users in the environment.
2. Managed Execution
Virtualization of the execution environment does not
features can be implemented. In particular, sharing, only allow increased security but a wider range of
aggregation, emulation, and isolation are the most
relevant.

(a) Sharing. Virtualization allows the

creation of a separate computing environment within the
same host. In this way, it is possible to fully exploit the capabilities of a powerful guest, which
otherwise underutilized. As we will see in later chapters, would be
virtualized data centers, where this basic feature is used sharing is a particularly important feature
to reduce the number of active
limit power consumption. servers and
(b) Aggregation. It is
but virtualization also allows the not only possible to share the physical resource among several gue
can be tied together and aggregation, which is the
to guests as a singleopposite process. A group of separale
represented
mented in middleware for distributed virtual host. This function is naturally
management software, computing, and a classical example is
which
and represents them as a single harnesses the physical resources of a represerted by u
resource. homogeneous group of macim
 Virtualization 3.5

IIII Virtual
Resources

Sharing Aggregation Emulation Isolation Virtualization

Physical
Resources

Fig. 3.2. Functions Enabled by Managed Execution.

the virtualiza
(c) Emulation. Guests are executed within an environment that is controlled by
for controlling and tuning the environment that
tion layer, which utimately is a program. This allows different environment with respect to the host can be
is exposed to guests. For instance, a complete
requiring specific characteristics that are not present
emulated, thus allowing the execution of guests
the physical host. This feature becomes very useful for testing purposes where a specific guest has
architectures, and the wide range of options is not easily
to be validated against different platforms orhardware virtualization solutions are able to provide virtual
accessible during the development. Again, (SCSI) de
and emulate a particular kind of device such as Small Computer System Interface software,
hardware
having such hardware installed. Old and legacy without
vices for file I0, without the hosting machine emulated hardware
of current systems, can be run on
which does not meet the requirements hardware architecture
of changing their code. This is possible by either emulating the required
Windows 95/98. Another
any need
specific operating system sandbox, such as the MS-DOS mode in arcade games on a
or within a by arcade game emulators allowing playing
example of emulation is represented
normal personal computer.
systems, ap
guests--whether they are operatingexecuted.
Virtualization allows providing The
(d) Isolation. separate environment, in which they
complete
are
plications, or other entities- with a with an abstraction layer, which provides access to the underly
interacting same
guest performs its activity by benefits, for example, it allows multiple guests to run on the host
several separationbetween the
ing resources. Isolation brings
interfering with the other.Secondly, it providesa prevent harmful operations
host without each of them
machine can filter the activity of the guest and
and the guest. The virtual performance
against the host.
another important capability enabled by virtualization is and soft
hardware
Besides these characteristics, present time, given the considerable advances in by finely tun
at guest
tuning. This feature is a reality becomes easier to control the performance of the provides means to
virtualization. It environment. This
Ware supporting virtual
resources exposed through the more easily fulfills the service level agree
properties of the
Ing the Service infrastructure that virtualization solutions
effectively implement aQuality of instance, software implementing hardware machine or to set the
guest. For memory of the host
ment established for the system only a fraction of the Another advantage of managed execu
guest operating
Can expOse to a processor of the virtual
machine.
persisting it, and resuming
Inaximurm frequency of the capturing of the state of the guest, Hypervisor to stop the
it allows easy managers such as Xen
ion is that, sometimes,example, allows virtual machine and to resume
IS execution. This,for virtual image into another machine,
system, to move its virtual machine migration
GeCUtion of aguest operatingtransparent manner. This technique is called their efficiency in serving
completely optimizing
S execution in a important feature in virtualized data centers for
dnd constitutes an
applications demand.
 3.6 Mastering Cloud Computing

3. Portability
ways, according to the specific type of
The concept of portability applies in different solution, the guest is packaged into a
sidered. In the case of a hardware virtualization
in most of the cases, can be safely moved and
executed on top of different virtual
machines. vivritrutualalizimatiageon thcon-at.
the file size,
ent computers.
this happens
Virtual
with
images
the
are
same simplicity
generally
with
proprietary
which we can display a
formats that require a specific in for picture image .Except
Virtual dif er-
manager to be executed. In the case of programminglevel
virtualization, as
or the .NET runtime, the binary code representing application components (jars or
implemented by the machiJvMne
run without any recompilation on any implementation of the corresponding virtua machine. can be assemblies),
the application development cycle more flexible and application deployment very This makes
straiwithghtforward:
version of the application, in most of the cases, is able to run on different platforms no One
Finally, portability allows having your own system always with youand ready to use, given thatchanges. th
quired virtual machine manager is available. This requirement is in general less stringent tthan having al
the applications and services you need available anywhere you go.

3.3 TAXONOMY OF VIRTUALIZATION TECHNIQUES

Virtualization covers a wide range of enmulation techniques that are appliedto different
classification of these techniques helps to better understand their characteristics areas
ing. A of comput-
and use

How it is done?
Technique Virtualization Model

Emulation Application

Execution
Process Level
Environment High-Level VM Programming
Language

Storage
Virtualization Multiprogramming Operating
System
Network
Hardware-assisted
Virtualization

Full Virtualization
System Level
Hardware

Paravirtualization
Partial Virtualization
Fig. 3.3. Taxonamy of Virtualizatian Techniques.
The first classification
is mainly used to discriminates against the service or entity that is being
emulate execution environments, storage, and
execution virtualization constitutes emulated. Virtualizatio
deserves a major the oldest, most networks. Among these categoie
popular, and most developed area.
tion virtualization investigation and a further
categorization.
techniques into two major categories, In Thererore
by particular,thewe can divide these exe
considering type of host they requ
 Process level
Ethe techniques
hardware. Systemn
are
levelimplemented on top of an Virtualization 3.7
require a minimum
support techniques are implemented existing operating system, , which has full control
from-an
different techniques, which offer to existing operating system.directly on hardware and do not
bordware, operating system the guest a
different type
Within these two
of virtual categories requireor
we can list
resOurces, low-level programming language,Computation
and environment: bare
3.3.1 Execution Virtualization application libraries.
Execution virtualization
hat is separate includes all
from the one hostingthose techniques whose aim is to emulate an execution environment
ast onproviding support for the virtualization layer. Allthese techniques
the execution of concentrate theira inter
enecification of a program compiled againstprograms,
an
whether these are the operating system, binary
abstract machine model, or an application.
execution virtualization can be
implemented
application, or libraries dynamicaly directly on top of the Therefore,
or statically linked against an hardware, by the operating system., an
application image.
1, Machine Reference Model
Virtualizing an execution environment at
model that defines the interfaces between different levels of the computing stack
the levels of abstractions, which hide requires reference
a
From this perspective, virtualization techniques actually replace one of the implementation details.
that are directed towards it. Therefore, a clear separation layers and intercept the calls
between layers simplifies their implementation,
which only requires the emulationof the interfaces and a proper interaction with the underlying layer.

Applications Applications

APIcalls
API
Libraries Libraries

User
ABI System calls ISA
User
dodohipes. Operative System Do ISA
Operative System
at ISA
ISA
Hardware
Hardware

Fig. 3.4. Machine Reference Madel.

reference model described in Fig. 3.4. At
of the
can be expressed in terms the(Instruction Set Architecture
Modern computing systems for the hardware is expressed in terms of manage
and interruptsdeveloper
layer, the model processor, registers, memory,
the bottom instruction set for the important for the OS
defines the software, and it is
(/SA), which
interface between hardware and the underlying hardware (User SA).
ment. ISA is the applications that directly manage the applications and
developers of system layer from
(System ISA), and Interface (ABI) separatesthe operating as low-level data types, alignment,and
Binary details such this level.
Ine Application managed by the OS.ABIcovers programs.(System calls are defined atimplement
Moraries, which are defines a format for executable
libraries across operating systems that Interface
callconventions
and
portability of applications and
by the Application Programming
allows represented system.
Tnis interface highest level of abstraction isand/or the underlying operatingare responsible to make
The and ISA
ne same ABI. intefaces applications to libraries
application level API, ABlinstructions to perform the actual
(API), which to
the
be performedisinconverted into
machine-level
operation
For any
The high-level abstraction
I happen. CónNIKC
 3.8 Mastering Cloud Computing
processor registers ,
processor. The machine-level resources such as CPU. This lae
operations supported by the perform the operation in the hardware levelof implementation o
are used to
main memory capacitiesdevelopment and implementation of computing systems,such the
approach simplifies the In fact, a model not on
of multiple executing environments. a
also provides ways for implementino
multi-tasking, and the co-existence
entire computing stack, but
requires limited knowledge of the and aCcessing shared resources
minimal securitymodel for
managing into different seCurit.
the instruction set exposed by the hardware has been divided between priviled
For this purpose, can be made
with them.The first distinctioninstructions
classes,which define who can operate Non-privileged instructions are those that can be used with
instructions. contains for
and non-privileged
other tasks because they do not access shared resources. This category that are
out interftering with
fixed point, and arithmetic instructions. Privileged instructions are those(behavior
example, all the floating, mostly used for sensitive operations,which
expose
executed under specificrestrictions and areprivileged state. For instance, behavior-sensitive instructións
sensitive) or modify (control sensitive) the control-sensitive instructions alter the state of the
CPUregisters
are those that operate on the I/O, while implement a finer
architecture feature more than one class of privileged instructions and features a
Some types of accessed. For instance, a possible implementation
controlon how these instructions can be ing 2, and Ring
form of ring based security: Ring 0, Ring 1, 0 is used by the
hierarchy of privileges (see Figure 3.5) in the the Ring 3 in the least privileged level. Ring
and
3; Ring 0 is in the most privileged level, the OS level services, and Ring 3 is used by the user. Recent
kernel of the OS, Rings 1and 2 are used by user mode.
for the supervisor mode and Ring 3 for
systems support only two levels with Ring 0
Nerpn outinkr/(nna Least privileged mode
(user mode)

Ring 3
Privileged modes
Ring 2
Ring 1
Ring 0

Most privileged mode

(supervisor mode)

Fig. 3.5. Security Rings and Privileged Modes.

Allthe current systems support at least two different execution modes: supervisor mode and user mode.
The first mode denotes an execution mode where all the instructions (privileged and non-privileged)
can be executed without any restriction. This mode is also called master mode, or kernel mode and it is
generally used by the operatingsystem (or the hypervisor) to perform sensitive operations on hardware
level resources. In user mode, there are restrictions to control the machine level resources. Ifcode run
ning in user mode invokes the privileged instructions, hardware interrupts occur, and trap the potentially
harmful execution of the instruction. Despite this, there might be some instructions that can be invoked
as privileged instructions under some condition and non-privileged instructions under other conditions.
The distinction between user and supervisor mode allows us to understand the role of the hypervisor
and why it is called so. Conceptually, the hypervisor runs above the supervisor mode and from here, the
prefix hyper- is used. In reality, hypervisors are run in supervisor mode, and the division between prv
leged and non-privileged instructions has posed chalenges in designing virtual machine managers. It is
 Virtualization 3.9
ncted that all the sensitive instructions are
mode in order tO avoid traps. This is because,executed in privileged mode., which requires a supervisor
and manage the status oT the CPU tor guest without this assumption, it is impossible to fully emulate
operating systems. Unfortunately, this is not true for the
iainal ISA, which allows 17 sensitive instructions to be called in User mode. This prevents
erating systems managed by asingle hypervisor to be isolated from multiple op
each
access the privileged state of the processor and change it15, More recent other, since they are able to
MT andAMD Pacifica) have solved this problem by implementations of ISA (Untel
redesigning such instructions
Bykeeping in mind this reference model, it is possible to explore and as privileged ones.
better understand the different
tochnigues utilized to virtualize execution environment and their relations to the other
the system.
components of

2. Hardware-Level Virtualization
Hardware-level virtualization is avirtualization technique that provides an abstract execution environ
ment in terms of computer hardware, on top of which a guest operating system can be run. In this
model, the guest is represented by the operating system, the host by the physical computer hardware,
the virtual machine by its emulation, and virtual machine manager by the hypervisor. The hypervisor
is generally aprogram, or a combination of software and hardware, that allows the abstraction of the
underlyingphysical hardware.

Guest
In memory
representation

Virtual Image
Storage

VMM Host emulation

Virtual Machine

binary translation
instruction mapping
interpretation

Host

Virtualization Reference Madel.

Fig. 3.6. Hardware

code is run in user

mode in order to
operating system mode (i.e., imple
the entire guestinstructions that can be called in user
hypervisor-managed environment, sensitive
tIs expected that in CPU. If there are isolate the yuest OS.
directly accessing the status of the anymore to completely
Prevent it from instructions), it is not possible
mented as non-privileged
 Mastering llud onputinu
provides ISA to vitual
alo callod systenm virtuallzatlon, sinc0 |
virtualization in Is to differentate fom
Hardwaro-level
representation of the hardware intertace of a syslom This
chines,which is the machines.
which expose ABIto virtual
process virtual achines,
(VAA
Hypervisors hardware virtualization is the hypervisor, orVirtual Machine Manager
of are two rmai.
A fundamental elementenvironment, where guest operalng aystems are installed. There
It recreates a hardware I.
types of hypervisors: Type and Type the on
run directly on top of the hardwaro. Thorefore, hey take the place of and
Type l hypervisors hardware.
ISA Intortaco oxposed by the underlying
erating systems, interact directly with the managemont of guesl operating systeS, This type of
emulate this intertace in order to allow the on hardware.
machine, since it runs natlvely
hypervisors is also called native virtual virtualization services
llhypervisorS require the support of an operating system to provide interact with it
Type managed by the oporating systom, which
means that they are programs
This hardware for guest operating systerns. This type o
through the ABI, and emulate the ISA of virtual since it is hosted within an operating systerm
hypervisors is also called hosted virtual machino,

VM VM VM VM

ISA

Virtual Machine Manager VM VM VM VM

ISA
ABI

Virtual Machine Manager

Operative System

ISA
ISA

Hardware
Hardware

Fig.3.7. Hosted (left) and Native (right) Virtual Machine.

Conceptually, a virtual machine manager internally organized as described in Fig. 3.8. Three main
modules coordinate their activity in order to emulate the underlying hardware: dispatcher, allocator,
instructions
and interpreter. The dispatcher constitutes the entry point of the monitor and reroutes the
issued by the virtual machine instance to one of the two other modules. The allocator is responsible for
deciding the system resources to be provided to the VM: whenever a virtual machine tries to execute
an instruction that results in changing the machine resources associated with that VM, the allocator is
invoked by the dispatcher. The interpreter module consists of interpreter routines. These are executed
whenever a virtual machine executes a privileged instruction: a trap is triggered and the corresponding
routine is executed.
The design and architecture of avirtual machine manager, together with the underlying hardware design
of the host machine, determine the full realization of hardware virtualization, where a guest operating
system can be transparently executed on top of a VMM as if it was run on the underlying hardware.
The criteria that need to be met by a virtual machine manager to efficiently support virtualization were
established by Goldberg and Popek in 1974 (23]. Three properties have to be satisfied:
Equivalence: a guest running under the control of a virtual machine manager should exhibit the
same behavior as when executed directly on the physical host.

ust
 Virtualization 3.1

cource ConTrOI. The virtual machine manager should be in complete control of virtualized
resources.

Efficiency. Astatistically dominant fraction of the machine instructions should be executed without
intervention from the virtual machine manager.

The maior factor that determines whether these properties are satisfied is represented by the layout of
Ao ISA Of the host running a virtual machine manager. Popek and Goldberg provided a classification of
instruction, set, and proposed three theorems that define the properties that hardware instructions
dtosatisfy in order to efficiently support virtualization.

Virtual Machine Instance

ISA
Instructions (1SA)

Interpreter
Dispatcher
Routines

Allocator

Virtual Machine Manager

Reference Architecture.
Fig. 3.8. Hypervisor
computer, a VMM may be constructed ifthe
conventional third-generation privileged instructions. resourc
Theorem 1: For any that computer is a subset of the set of of the system
sensitive instructions for instructions that change the configuration machine manager.
set of establishes that all the the virtual
This theorem be executed under the control of would reveal the presence of
mode and instructions that
from the user those performance
es should trap efficiently control only instructions without considerable
This allows
hypervisors to
all the rest of the is in the most
the hypervisorintervention
executing property when of
layer while resource control without the
an abstraction always guarantees the must be executed same in both
loss. The theorem The non-privileged instructions the output of the code is the
Privileged mode (Ring
0). good since
equivalence property also holds
hypervisor. The changed.
cases because the
code is not
computer is recursively virtualizable if:
third-generation
Aconventional
Theorem 2:
for it.
and be constructed another virtual ma
itis virtualizable,any timing dependencies can manager on top of can
aVMM without running a virtual machine the underlying resources
ability of capacity of
virtualization is the hypervisors as long as the recursive virtualization.
necursiVe nesting
This allows aprerequisite to
Cnine manager.that. Virtualizable hardware is
accommodate
 312 Mastering (oud Computiny

Privileged Instructions

Sensitive Instructions

User Instructions
Fig. 3.9. Virtualizable Computer (left) and Non Virtualizable Computer (right).
Theorem 3: Ahybrid VMM may be
constructed for any conventional third generation machine, in
which the set of user sensitive instructions are a
There is another term called Hybrid Virtual subset of the set of privileged instructions.
machine system. In case of HVM, more instructions Machine (HVM), which is less efficient than the virtual
are interpreted rather than
All instructions in virtual
supervisor mode are interpreted. Whenever there is an being executed directly.
havior sensitive or control sensitive attempt to execute a be
via atrap. Here, all sensitive instruction, HVM controls the execution directly
instructions are caught by HVM that are simulated. or gains the control
This reference model represents what we
ecute a guest operating system in completegenerally consider classic virtualization, ie., the ability to exX
isolation.
includes several strategies that differentiate from each To a greater extent, hardware-level virtualization
the underlying hardware, what is actually other on- which kind of support is
abstracted from the expected from
host, and whether the guest should be
modified or not.

3. Hardware
(a)
Virtualization Techniques
Hardware-assisted Virtualization.
hardware provides architectural support This term refers to a scenario in which the
for building a virtual machine
erating system in complete isolation. This technique was manager able to run a guest op
At present, examples of originally introduced in the IBM System/370.
hardware-assisted virtualization
ture introduced with Intel VT (formerly known as are the extensions to the x86-64 bit architec
Vanderpoo) AMD V(formerly known as Pacifica).
These extensions,which differ between the two vendors, and
are meant to reduce the performance penalties
experienced by emulating x86 hardware with hypervisors. Before
virtualization software emulation of x86 hardware was significantlythecostlyintroduction of hardware-assisted
from the performance point of
view. Thereáson for this is that, by design, the x86
architecture
troduced by Popek and Goldberg, and early products were using binary
did not meet the formal requirements in
sensitive instruction and provide an emulated version. Products such astranslation in order to trap some
VMware Virtual Platform, intro
duced in 1999 by VMware who pioneered the field of x86
virtualization,
After 2006, Antel and AMD introduced processor extensions and a wide range were based on this technique.
of virtualization solutions
took advantage of them: Kernel-based Virtual Machine (KVM), VirtualBox, Xen, VMware, Hyper-V, Sun
xVM, Parallels, and others.)
(b) Fuli Virtualization.
ar nperating system, on top of a Full virtualizationreters to the
on the raw hardware In order to virtual machine directty and ablity of nurnng a prograr
acomplete emulation of the entiremake this pussible. virtual without ary mogfcation as twere run
mostkey
complete isolation, wnicn leads to underlying hardware Thermachine princpal managers
advanta0e
are reguired to provide
cOexistence of dMerent
5ystems on
enhanced
the
security. ease of enulation of gferentof ful virtualzation is
sion solutions, it poses
important
same platforn Whereas t is a
concerns desired goal archtectures
for mary
and
ienne the interCepion of
is on performanCe and technical imolementation Avrtualiza
of the resources privileged instructions
by the host, they have tosuch as /O instructions since they change the
Key cha
exposed
cimple solution toachieve fuli be contained within the stae
onsingsome limíts to the virtualization is to provide a virtual machine manager A
performance. Asuccessful and vitual environment for all the instruct0ns us
cbtained with a combination of hardware and efficient
executed directly on the host. This is what is software allowing notimplernentation
of full
vituazation s
potentially harmfu instructions
accomplished througth to be
(c) Paravirtualization. This is a not hardware-assisted virtualization
ingthin virtual machine
managers. transparent virtuaiization solution that alows implement
fual machine that is slightly Paravirtualization technigues expose a software interface to the vir
modified from the host and, as a
Theaim of
paravirtualization is to provide the capability to consequence. quests need to be modithed
0peration directly on the host, thus preventing demand the execution of perfomance critical
ir managed execution. This allows a performance losses that would otherwise be experienced
simplytransfer the execution ofthesesimpler implementation of vírtual machine managers that have to
operations, which were hard to virtualize. directly tothe host in
order to take advantage of such opportunity,
ported by guest operating systems need to be modified and
remapping the performance critical explicitly
This is possible when the source Code of the operations through the virtual machine software interface
operating system is available, and this is the reason why
paravirtualization was mostly explored in the open source and
technique was initially applied in the IBM VM operating system academic environment. Whereas this
families, the term paravirtualization
was introduced in literature in the Denali[24] project at the
has beern successfully used by Xen for providing University of Washington. This technique
virtualization
tems specifically ported to run on Xen hypervisors. Operating solutions for Linux-based operating sys
systems that cannot be ported, can still
take advantage of paravirtualization by using ad-hoc device drivers that remap the
instructions to the paravirtualization APis exposed by the hypevisor. This solution execution of critical
is provided by Xen
for running Windows-based operating systems on x86 architectures. Other
solutions using paravirtual
ization include: VMWare, Parallels, and some solutions for embedded and real-time
as TRANGO, Wind River, and XtratuM.
envircnmert such

(d) Partial Virtualization. Partial virtualization provides a pariai eiriulaticn of the underlying
hardware, thus not allowingthe complte execution of the guest operating system in complete isolation.
Partial virtualization allows many applicationsto run transparently but not all the features of the operat
ing system can be supported as heppens with full virtualization. An example of patial virtualization is
address space virtualization used in time-sharing systems: this allows multip!le appiications and users
to run concurrently in a separate emory space, but they still share the same hardware resources
(disk, proces sor, and network). Historically, partial virtualizatioin has been an important milestone for
achieving fullvirtualization, and it was implemented on the experinnenta! /B:M M44144X. Address space
virtualization is a common feature of contemporary operating systems.

4. Operating System Level Virtualization

Operating system level virtuaization offers the opportunity to create different and separated execution
environments for applications that are managed concurrently. It is different from hardware virtualiza
tion--there is no virtual machine manager or hypervisor, and the virtualization is done within a single
The kernel
operating system, where the OS kernel allows for multiple isolated user space instances.
the impact of in
IS also responsible for sharing the system resources among instances and for limitingfile
a proper viewW of the system which
Stances on each other. A user space instance in general contains
 Virtualization 3.15

the Java plaform and the .NET framework represent the most popular technologies for enterprise ap
plication development.
Both Java and the CLI are stack-based virtual machines: the reference model of the abstract archi
tecture is based on an execution stack that is used to perform operations. The byte code generated by
compilers for these architectures contains aset of instructions that load operand on the stack, pertorm
some operations with them, and put the result on the stack. Additionally, specific instructions for invok
ing methods, and managing object and classes are included. Stack based virtual machines possess the
easily por
property of being easily interpreted andexecuted simply by lexical analysis, and hence to bemachines, in
table over different architectures. An alternative solution is offered by register-based virtual
closer to the underlying
which the reference model is based on registers. This kind of virtual machine is
Parrot-a programming
architecture we use today. An example of register-based virtual machine is
of PERL, and then generalized to host
level virtual machine, originally designed to support the execution
the execution of dynamic languages.
machines, also called process virtual machines, is
The main advantage of programming-level virtual
across different a platforms. Programs compiled
the ability of providing a uniform execution environment machine
operating system, and a platform, for which a virtual
into byte code can be executed on any this simpli
a development life cycle point of view,
able to execute that code, has been provided. From versions of the
the development and deployment efforts since it is not necessary to provide different
fies is
The implementation of the virtual machine for different platforms is stilla costly task but it
same code. more control over
Moreover, process virtual machines allow for
done once and not for any application. memory. Security is another
execution of programs since they do not provide direct access to the process virtual
the
managed programming languages; by filtering the /O operations, the .NET provide
advantage point of both Java and
machine can easily support sandboxingpolicies of applications. As an example, frameworks. All these advan
pluggable security and code access security
an infrastructure for expose an
prize: performance. Virtual machine programming languages generally This performance
tages come with a languages compiled against the real
architecture.
inferior performance, if compared to high compute power available on average processors makes it
difference is getting smaller, and the
even less important.
called high-level virtual machines, since high-level program
Implementations of this model are also dynamically translated
compiled to a conceptual ISA, which is further interpreted or
ming languages are instruction of the hosting platform.
against the specific

Applic ation-Level Virtualization environments

6. virtualization is a technique allowing applications to be run on runtime applications
this scenario,
Application-level applications. In
support all the features required by such general, these tech
which do not natively environment, but run as if they were. In emula
are not installed in the
expected runtime
libraries, and operating system component
systems, that is
niques are mostly concerned
with partial file
program or an operating system componentcompiled
peformed by a thin layer-a program binaries
tion. Such emulation is application. Emulation can also be used to execute strategies can be implemented:
the
in charge of executing architectures. In this case, one of the following
for differant hardware instruction is interpreted byemulator
for
every source startup cost
In this technique, performance. Interpretation has a minimal
(a) Interpretgtion. instructions leading to poor
executingnative lSA is emulated.
overhead since each instruction to native in
source instruction is converted
but a huge
technique, every and reused.
Translation. In this instructions is translated, it is cachedperformance.
(b) Binary functions. After a block of better
is subject to a
structions with eguivalentlarge initial overhead cost but over time it
a executed.
Binary translation has blocks are directly
previously translated instruction
virtualizati n. The former simply allowS
Since hardware-level a complete
described above, is different fromdifferent hardware, while the lattar emulates
Emulation, as against a
execution of a program compiled operating system can be installed.
the where an entire
hardware environment
 3.16 Mastering lCloud Computing
solution in the case of missing libraries in the host onerot
Application virtualization is a good or library calls can
replacement library can be linked with the application, this case
system: in this case, a
functions available in the host system. Another advantage is that, in environr
remapped to existing the run-time
since itprovides a partial emulation of
virtual machine nanager is much lighter Moreover, this technique allows incormpatible applications to
virtualization.
if compared to hardware programming-levelvirtualization, which works across all the applications dew
it sunro
together. Compared to
machine, application-level virtualization works for a specificenvironment:
oped for that virtual a specific environment. virtualization is Wine, which is a sofwo..
all the applications that run on top ofimplementing application
One of the most popular solution systems to execute programs written for the Microsoft WindoM
application allowing Unix-like operating acting as
a setrt
acontainer for the guest application andsysterme
platform. Wine features a software application Unix
to compile applications to be ported on
libraries, called Winelib, that developers can use Sun: WABI (Windows Applicatiorn Binary Interface
Wine takes inspiration from asimilar product from environ.
which implements the Win 16 APl specifications on Solaris. A similar solution for the Mac OS X
applications directly on the Mac OS X operating sys.
ment is CrossOver, which allows running Windows which allow:: capturing the setup of an installed
tem. VMware ThinAppis another product in this area, fron th.chosting operating system.
application, and packaging it into an executable image isolated

3.3.2 Other Types of Virtualization

other types of virtualization which provide an abstract
Other than execution virtualization, there exist client-server interaction.
environnment to interact with. These mainly cover storage, networking, and
1. Storage Virtualization
Storage virtualization is a system administration practice that allows decoupling the physicalorganization
worried
of the hardware from its logical representation. By using this technique, users do not have to be
about the specific location of their data, which can be identified by using a logical path. Storage virtual
ization allows harnessing a wide range of storage facilities and representing them under a single logicYl
file system. There are different techniques for storage virtualization. One of the most popular includes
network-based virtualization by means of Storage Area Networks (SANs). Storage Area Networks use a
network accessible device through a large bandwidth connection to provide storage facilities.
2. Network Virtualization
Network virtualization combines hardware appliances and specific software for the creation and man
agement of a virtual network. Network virtualization can aggregate different physical networks into a
single logical network (external network virtualization), or provide network like functionality to an op
eratingsystem partition (internal network virtualization). The result of external network virtualization is
generally a Virtual LAN (VLAN). A VLAN is an aggregation of hosts that communicate with each other
as if they were located under the same broadcastingdomain. Internalnetwork virtualization is generally
applied together with hardware and operating system level virtualization in which the guests obtain a vir
tual network interface to communicate with. There are several options for implementing internal network
virtualization: the guest can share the same network interface of the host and use NAT toaccess the
network; the virtual machine manager can emulate, and install on the host, an additional network device
together with the driver; or the guest can have a private network only with the guest.

3. Desktop Virtualization
Desktop virtualization abstracts the desktop environment available on a personal computer in orde
provide access to it by using a client-server approach. Desktop virtualization provides the same outco
of hardware virtualization but serves a different purp0se. Similarly to
hardware virtualization, it man
accessible a different system, as if it was natively installed n the host, but this system is remoley
 in sandboxed isolationtransparently
computing reducing
withsharing.
environ resources stopping
of control the
serhighof service
of on vironmerts
feature, in Infrastructure
techadopted leveraged de
side. movement
While
virtualization high ac iS thevirtual
environment, theremotely
virtualization soluCitrix
Remote
form degree
services of interfering moving
3,17 environrment in same virtualization opportunity
vendor
a
provide to
the disCUSs (VDI),
cornputing a
complimentary controllable
suchallows are temporarily
provides connects
everywhere. providing
of
particular techniques allows of instances
for Windows quality appropriate and large and
Virtualzation leverages the IT en technology the performedof number the
desktop desktop
to
fundarnental
desktop
will
services Intrastructure provide COMPUTING computing
delivering the customizable
a
also
on the
themevidence
itbecausewhile control
whichdata. desktopclient Cloud anda better execution
in featuring
virtualization
accountability
as: solutions gives and without smaller by
machine
from
the user
we
of basic such
is
thatstrategies the the consolidation,
finer
either
Moreover, a center a As on Thisa a
configurable a is isolated underutilized,
access
accessible of
when
specificthe advantages basedDesktop servers
providing for for is cases,
are is companies
virtualization alsowhich no
resource
is
persistence
management.
The components server. fundamental
allows and virtualization
for a be a virtual impact:
aperforming
data which
demand factor
offering virtualization
Moreover,consolidation,
creatingwill over
remotelyvirtualization
connection, technology.
virtuali1zation balancing the environment their
a systems. there
a
environment
or
server:in
The
Virtual application
application CLOUD
virtualizatiorn: it
since offer enabling same machines As minimum
server
scenario of of for and migration.
most enough,
are
to
server
the on
of
startedcomputer.
software Virtualization are language language
capability
opportunity
workloads.
services
allows by
same Parallels load to computing
computing, demand, the resources as or
in computing knownawithresources,
abilityandhardware ease that
retwork
remote
this
computing desktop of the used an of virtualization
with virtual
using storage
collection AND and,
manageability means capable
desktop accessibility theand andof in is programming environments machine
the his useimplemented (VDI), in
hosted popular programming
primarily virtualization
the
business of on aggregating
also
applied
a on virtual cases, hugeleasing when
thrOugh to a
in
refers
supporting
loaded accessibility,
hosted on the
for
Infrastructures
by VIRTUALIZATION
of environment. Cloud virtual computation
by
are
new
same stored Cloud
tasks Infrastructure server
a purpose process systems is
attractive virtual
be the
the prevent abstracts
services arelessbuilding bothattractive Since resources practice
is in and the can
accessed
the strictly
is ensures environments
thattypical
daily are ation-Server application role technologies
is
of
roleandHardware
while simplifying these by called to
consolidation
infrastructure virtualization users.
and forcomputing particularly
same isolation, In resources data
makingenvironment
thehardware
image persistence,
environment important when offerings.
the can the
virtualization different segment, This
virtualization" a
issues
Desktop
Server. enabler serve
an sustain service
underlying is its
and and is performing for the
infrastructure
availability is
needed systems. instances
utilized. moving
of machine
This virtualserves security, important
constituted
thus
Platform-as-a-Service
host infrastructure,
desktop others. Virtualization
Network these,market to an efficient to environments,
problem
possible active
an a
emulating an
desktop environment.
availability,X Virtual
security computing
different
"desktop
scenario,
desktop
and
Applic Application-server
single and
plays naturally computing ablecontrol, being theis fully and
opportunity machine
virtual
multiple for
and customization, Among
Particularly
the the VNC, V Virtualization as-a-Service infrastructure
environment more If ofnumber
other. become
execution
chapter, Sun
infrastructurea XenDesktop virtualization storage. Besides
finer is
a than
a
on addresses availability
nenerally, a accessing
Services, 34 demand. is Cloud
signing it
which niques.
term this in desktop high are: as ments, Virtual
to Cloud a each lable
etored In cessstored 4.
tions vices rather and and Thisthethat
the are:next to Its
interruption
solidation.
during them
mand, ture countability tieseasily
infrastructure
complementary
services--on
17 mainframe Server
tion
It of Finally, Storage instance.
instance 3.8
server In is to even complex
important
most the partitionable
secure
applications. consolidation
ofprovider, Cloud of virtualization though VM VM Computloiudng
the era. VM VM
towhileMastering
to demand, such andfeaturing implemnent
cases,notice The to it it
In
computing protect into the (running)Server A VM VM (running)Server A is
and service. is VM
this this that ability technically and running.
opens slices. execution
huge
SCenario, isaccessed constitutes but
because Cloud the virtual VM VM
to VM
computing threvamps
e storage Manager
Machine
Virtual | more This
recreate hostingThese Manager
Machine
Virtual
It machine Fig.
applications is by virtualization.possible Migration
After Migration
Before
path 3.10. efficient
second
evident an
is ato slices
facilities,
thin infrastructure
the the interesting
thatstrongly also
migration Live since
having techniques
have client concept entire can
live Migration
leveraged to
can in there
be Even case
migration over opportunity
process harness
Computinga ofdynamic
complete are are and is is
in of no
for adesktop thisprincipally Server VM known
increased
offers the
capable available programming
andthesecase, Consolidetion. (running)Server B Server B
(running) disruption
evelopment a virtual given as
stack-from VM
better virtualization, offered
workloads lnternet facilities live
olution
asvendors by used of
computer wellvirtualization the
migration,
of as
language in
pplications or
connection. into activity
sinceserve as backed a case
infrastructure service.
it hostedinitiallymethods virtual a and
doesmnore virtualization. of machine, the of
hardware the in
need
that technologies, by
not general,
equests, introduceinl on Again, virtual
forstoragelarge
Create the to
to an 0s
compuuy virtualiza
any which Scale edsy oppO more
inappl
frastircucation sevi
on Oe
serc makes de
 Virtualization 3.19
3.5 PROS AND CONS OF
Virtualization has now become extremely
VIRTUALIZATION
The primary reason of its wide success popular and is largely used, especially in Cloud
is the elimination of
technology barriers computing
the past. The most relevant barrier has that made virtualization
not an effective and viable solution in
the capillary dffusion of the Internet been performance. Today,
have made virtualization an interesting connection and the advancement in the computing technology.
opportunity to deliver on demand IT
Despite its renewed popularity, this technology has benefits and also infrastructure and services.
drawbacks.
1. Advantages of Virtualization
Managed execution and isolation are perhaps the most important advantages of virtualization. In the
case of techniques supporting the creation of virtualized execution environment, these two character
istics allow building secure and controllable computing environments. Avirtual execution environment
can be configured as a sandbox, thus preventing any harmful operation to cross the borders of the
virtual host. Moreover, allocation of resources and their partitioning among different guests is simpll
fied, being the virtual host controlled by a program. This enables fine tuning of resources, which is very
important in a server consolidation scenario, and that is also a requirement for an efective quality of
service.
Portability is another advantage of virtualization, especially for execution virtualization techniques.
Virtual machine instances are normally represented by one or more files that can be easily transported
with respect to physical systems. Moreover, they also tend to be self-contained since they do not have
other dependencies besides the virtual machine manager for their use. Portability and self-containment
simplify their administration. Java programs are "compiled once and run everywhere"-they only requireIt
hardware-level virtualization.
the Java virtual machine to be installed on the host. The same applies to
virtual machine instance, and bring
is, in fact, possible to build our own operating environment within a for migration
This concept is also an enabler
it with us wherever we go, as if we had our own laptop.
techniques in aserver consolidation scenario.
the costs for maintenance, since the num
Portability and self-containment also contribute to reduce the guest
of hosts is expected to be lower than the number of virtual machine instances. Beingcomponent
ber part of the virtual instance itself, there is no
executed in a virtual environment,which is often Moreover, it is expected to have fewer virtual machine
over time.
that is subject to change or damage managed.
of virtual machine instances
managers with respect to the number possible to achieve amore efficient use of
resources. Multiple
is
Finally, by means of virtualization, it
the resources of the underlying host, without interfering with
share number of active
systems can securely coexist and consolidation, which allows adjusting the
for server opportu
each other. This is a prerequisiteaccording to the current load of the system, thus creating the
physical resources dynamically,consumption, and have less impact on the environment.
energy
nity to save in terms of
the Coin: Disadvantages
Side of
2. The Other downsides. The most evident is represented decrease of guest
by a performance suboptimal use of
Virtualization has also virtualization layer. Also,
the
result of the intermediation performed by virtualization management software can lead to
Systems,as a layer introduced by experience. Less evident. but perhaps more
of the abstraction different
the host, becauseutilization of the host or a degraded user due to the ability of emulating a
avery inefficient which are mostly
are the implications on security,
dangerOus,
execution environment. major concerns
definitely one of thelayer
Performance is abstraction between the
Degradation. interposes an
(a) Performance technology. Since virtualization experienced by the guest.
Wnen using
virtualization
latencies and delays can be
increased
guest and the host.
 Mastering Cloud Computing intermediate
3.20
case of hardware
virtualization, where the performance emulates abare
For instance,in
entire system can be installed, the causes of
following activities:
can be degradation machinety
of which an introduced by the
overhead
by the virtual processor Th
Maintaining the status of
(trap and simulate
privileged| instructiorns)
instructions not
Support of privileged VM be

" Support of paging within inti

Console functions
is realized through aprogram that is instaled or executed t
virtualization
the host operating systems, a major source of performance degradation is represented by he 'ar, of
Also, when hardware
the virtual machine manager is executed and scheduled together with other applications, thus
th
th
with Similar
them theconsideration canthebehost.
resources of made in case of virtualization technologies at higher leves, suh,
the case of programminglanguage virtual machines (Java, .NET, and others). Binary translatir
applications.
filtered by thecan
interpretation slow down the execution of managed being their
runtime environment, access to memory and other phhysical resources can regr:
Moreover,
degradation. T
SOurces performance
Theseof concerns are becoming less andless important, thanks to the technology advancements.
the everincreasing computational power available today. For example, specific techniques of har,
pertormance of guest exeCution bu.
virtualization such as paravitualization can increase the 3
most of the guest execution to the host without any change. In the case of programming ievel i
native Code is offered as an optionb
machines such as the JVM or the .NET, Compilation to
X

mance is a serious concern.

(b) Inefficiency and Degraded User Experience. Virtualization can somer

host. In particular, some of the specific features of the host canmr
lead to an inefficient use of the
exposed by the abstraction layer and they become inaccessible. In the case of hardware virtualz R
this could happen when for device drivers,: the virtual machine can sometimes just provide a
graphic card which maps only a subset of the features available in the host. In the case of prograr a

levelvirtual machines, some of the features of the underlying operating systems may becomeina:
sible, unless specific libraries are used. For example, in the first version of Java, the support for gr.
programming was very limited, and the look and feel of applications was very poor, if compared to re W
applications. These issues have been resolved by providing a new framework for designing the
interface- Swing, -and further improvements have been done by integrating support for the O*s X
libraries into the Software Development Kit. C

(c) Security Holes and New Threats. Vitualization opens the door to a new
pected form of phishingl, The capability of emulating a host in acomplete transparent mal
the way to malicious programs which are designed to extract sensitive information from ey
In the case of hardware virtualization, malicious programs can preload themselves beforethe
erating system, and act as athin virtual machine manager towards it. The operating Systemis
controlled, and can be manipulated in order to extract sensitive information of interest forthirdpa
Examples of these kind of malware are BluePill and SubVirt. BluePill is a malware targetingthe re
processor family and moves the execution of the instaled OS within a virtual machine. Theorigita
sion of SubVirt was developed as a prototype by Microsoft through collaboration with MichiganU k
sity. SubVirt infects the guest OS Controlofthe
and when the virtual fo
machine rebooted, it gains
is
18 Phishing is a
term
Words, by recreating an that identifies a malicious practice aimed at
names
an'

most commonly used in environment identical in functionalities and capturing sensitive information, suchthis
the Web, where
as information.
user Prs
toa appearance
the Originalonear"
purpose is to data. the user is to the one that manages
her confidentialcollect information to impersonate redirected
the user againstmalicious Website
the original
that is a replica of the
abank Website)
and
aces

Website (e.9-,