Cloud Computing

INT309

Cloud Resource Virtualization

Dr.HaiTao
[email protected]

Hai Tao - INT309 Cloud Computing 1

Resource virtualization
• Resource virtualization is a type of virtualization technique in which
physical hardware resources, such as memory, CPU, and storage, are
abstracted and made available to multiple virtual machines running in
the same environment.
• Resource virtualization is useful for creating high-performance
virtualized environments, as it allows multiple virtual machines to
utilize the same hardware resources and provides better resource
utilization.
• Additionally, resource virtualization can also improve scalability, as it
allows more virtual machines to be hosted on the same hardware.

Hai Tao - INT309 Cloud Computing 2

濣濴濺濸澳濅
Resource virtualization Characteristics
• Abstraction: Resource virtualization abstracts the underlying physical
resources and presents them as virtual resources that can be easily
managed and shared.
• Dynamic allocation: Resource virtualization allows for the dynamic
allocation of resources as needed, based on the requirements of the
tasks being executed.
• Isolation: Resource virtualization can be used to isolate resources and
create separate virtual environments for different applications or
users.
• Scalability: Resource virtualization allows for the scaling of resources
up or down as needed, without the need for physical reconfiguration.
Hai Tao - INT309 Cloud Computing 3
濣濴濺濸澳濆
Resource virtualization applications
• Cloud computing: Resource virtualization is a key component of cloud computing,
allowing for the creation of virtualized resources that can be easily shared and
managed.
• High-performance computing: Resource virtualization is often used in high-
performance computing to create a virtualized environment that can be used to
share and manage resources across multiple systems.
• Containerization: Resource virtualization is used in containerization to create
isolated environments for different applications or users, allowing them to run on
the same system without interfering with each other.
• Network Function Virtualization (NFV): Resource virtualization can be used to
virtualize network functions such as routers, firewalls, and load balancers,
enabling them to be managed and scaled dynamically.
• Examples: Some examples of resource virtualization software include VMware,
Hyper-V, and KVM.

Hai Tao - INT309 Cloud Computing 4

Performance and security isolation
• Performance and security isolation in cloud computing refers to the measures
taken to ensure that different components of a cloud-based system are isolated
from one another in terms of performance and security.
• This is especially important in multi-tenant cloud environments where multiple
users are sharing the same resources.
• Performance isolation ensures that one user's activity does not affect the
performance of other users, while security isolation ensures that one user's data
is not accessible to other users.
• To achieve this, cloud providers typically employ a combination of hypervisor-
based virtualization, container-based virtualization, and unikernel-based
virtualization.
• Cloud providers also employ other security measures, such as firewalls,
encryption, and access control, to further protect the system from malicious
actors.

Hai Tao - INT309 Cloud Computing 5

Virtual Machine
• A virtual machine (VM) is an
emulated version of a computer
system that runs on top of a
physical machine.
• VMs provide an isolated
environment for applications and
services to run in, and allow
multiple VMs to run on the same
physical machine.
• VMs are typically created using
a hypervisor, which is a type of
virtualization software that allows
multiple operating systems to run
on a single physical machine.

Hai Tao - INT309 Cloud Computing 6

Virtual Machine characteristics
• Isolation: Virtual machines provide isolation between the host operating system
and the guest operating system, allowing multiple operating systems to run on
the same physical hardware without interfering with each other.
• Hardware Abstraction: Virtual machines abstract the underlying hardware,
allowing the guest operating system to interact with virtual devices instead of
physical devices.
• Resource allocation: Virtual machines can be allocated a specific amount of
resources such as CPU, memory and storage, which can be adjusted dynamically
as needed.
• Snapshots: Virtual machines can be snapshotted, which allows for the saving of
the current state of the virtual machine, which can be used later to revert to that
state.
• Virtualization software examples: VMware, VirtualBox, Hyper-V

Hai Tao - INT309 Cloud Computing 7

Full virtualization
• Full virtualization simulates a complete set of hardware for each
virtual machine (VM).
• The guest operating system (OS) does not need to be modified to run
in the VM.
• The hypervisor intercepts and emulates privileged instructions,
allowing multiple guest OS to run on the same physical machine.
• Each VM runs its own complete OS, so it can run any software that
would run on a physical machine.

Hai Tao - INT309 Cloud Computing 8

Page 8
Paravirtualization
• Paravirtualization is a technique where the guest OS is modified to
run on a virtualized environment.
• The guest OS is aware of the hypervisor and can communicate with it
directly, allowing for better performance and reduced overhead.
• The hypervisor acts as a coordinator for the various virtualized
environments.
• Paravirtualization is useful when running multiple instances of the
same operating system type, such as running multiple Linux instances
on a single host.

Hai Tao - INT309 Cloud Computing 9

Page 9
Hardware support for virtualization
• Hardware support for virtualization refers to the capability of the
computer's hardware to assist in the virtualization process, such as
providing virtualization-specific instructions to the CPU, or providing
virtualized versions of devices like network interfaces and storage
controllers.
• Types of Hardware support for virtualization:
• CPU virtualization support: Intel VT-x and AMD-V
• I/O virtualization support: SR-IOV and PCI Passthrough

Hai Tao - INT309 Cloud Computing 10

Page 10
Hardware support for virtualization
• CPU virtualization support:
• provides virtualization-specific instructions to the CPU
• allows the hypervisor to more efficiently manage the virtualized environment
• I/O virtualization support:
• provides virtualized versions of devices like network interfaces and storage
controllers
• allows for more efficient communication between the virtual machines and
the physical hardware

Hai Tao - INT309 Cloud Computing 11

Kernel-based Virtual Machine (KVM)
• Kernel-Based Virtual Machine (KVM) is an open source virtualization technology that
turns Linux into a hypervisor.
• It allows multiple guest operating systems to run on a single physical machine, allowing
for the guest operating systems to be completely isolated from one another.
• KVM also provides hardware-assisted virtualization, which allows for greater efficiency in
terms of resource utilization, as well as better resource isolation, as the guest operating
system can be configured to run in its own virtual environment.
• Supports live migration, which allows for the movement of running virtual machines
from one physical host to another without interruption
• Used in embedded systems to provide virtualization capabilities in resource-constrained
environments.
• Type-2 hypervisor
• Full virtualization solution
• VMs run as regular Linux processes

Hai Tao - INT309 Cloud Computing 12

Kernel-based Virtual Machine

(a) KVM organization; KVM runs inside Linux

as a driver handling the new virtualization
instructions exposed by hardware; the IOthread
generates requests on the guest’s behalf to the
host; it also handles events.
(b) Multiple VMs running under KVM.

Hai Tao - INT309 Cloud Computing 13

Hypervisor
• A hypervisor is a type of virtualization software that allows multiple
operating systems to run on a single physical machine.
• It acts as a thin layer between the hardware and the operating
systems, providing hardware virtualization and allowing multiple
virtual machines to run simultaneously on the same physical
machine.
• Hypervisors typically use hardware-assisted virtualization to improve
performance and provide a more secure environment for running
multiple virtual machines.
• Examples of hypervisors include VMware, Hyper-V, and Xen.
Hai Tao - INT309 Cloud Computing 14
Page 14
Xen—a hypervisor-based on paravirtualization
• A bare-metal hypervisor (Type-1 hypervisor) that runs directly on the host's
hardware
• Xen is a type of hypervisor that is based on paravirtualization.
• This means that rather than emulating the underlying hardware, Xen uses a
modified version of the operating system as a guest virtual machine that is
optimized for the host system.
• This allows for improved performance and scalability, as well as better
resource utilization.
• Additionally, Xen also provides a secure environment for running multiple
virtual machines on the same system.
• Xen is often used on servers, as it allows multiple operating systems to run
on the same physical machine.

Hai Tao - INT309 Cloud Computing 15

Page 15
Xen for x86 architecture

The management OS dedicated to the execution of Xen control functions and privileged instructions
Hai Tao - INT309 Cloud Computing 16
Optimization of network virtualization in Xen 2.0
• Optimization of network virtualization in Xen 2.0 involves taking advantage
of the built-in features of the hypervisor to improve the performance of
the network .
• This can include using techniques like multi-threading, packet filtering,
packet scheduling, congestion control, and network virtualization.
• Additionally, optimizing Xen 2.0's network virtualization also involves
configuring the virtual switch, virtual machine settings, and other settings
to ensure maximum performance.
• Optimization of the network virtualization can also involve making use of
specialized hardware and software tools available to further improve the
performance.

Hai Tao - INT309 Cloud Computing 17

Page 17
Nested virtualization
• Nested virtualization is a technique that allows a virtual machine to run on
another virtual machine (VM) or hypervisor.
• This can be done to run multiple virtual machines on a single physical
system or to run virtual machines on virtual machines.
• The nested virtualization is achieved by running a hypervisor within a
virtual machine and then running additional virtual machines on top of this
nested hypervisor.
• This technique can be used to gain greater performance or to make use of
specialized hardware that may not be available on the host system.
• Additionally, this technique can also be used for testing and debugging
purposes.

Hai Tao - INT309 Cloud Computing 18

濣濴濺濸澳濄濋
Nested virtualization

Hai Tao - INT309 Cloud Computing 19

Trusted kernel-based virtual machine for armv8
• A trusted kernel-based virtual machine (KVM) for ARMv8 is a secure system
for running multiple virtual machines on the same physical hardware.
• This allows for improved system security and resource utilization.
• A trusted KVM for ARMv8 is typically used on embedded systems and runs
on top of an ARM Trusted Firmware (ATF) which is responsible for
initializing the hardware and configuring the secure environment.
• The KVM can then be used to create and manage multiple secure virtual
machines, allowing for the secure execution of different applications.
• Additionally, the KVM provides isolation between the applications running
on the virtual machines, further improving system security.

Hai Tao - INT309 Cloud Computing 20

Page 20
Paravirtualization of Itanium architecture
• Paravirtualization of Itanium architecture is a technique that allows
software applications to be run on Itanium processors in a virtualized
environment.
• This technique involves modifying the guest operating system to
replace certain privileged instructions with hypercalls that invoke the
hypervisor.
• This allows the virtualized application to access the resources of the
underlying hardware in a more efficient manner.
• Additionally, paravirtualization also allows for improved performance
and scalability of the system by reducing the number of context
switches and memory accesses required.
Hai Tao - INT309 Cloud Computing 21
Page 21
Performance comparison of virtual machines
• A performance comparison of virtual machines involves evaluating the
performance of a virtual machine against a physical machine in terms of
speed, scalability, resource utilization, and other factors.
• This comparison can help to determine which type of machine is best
suited for a particular application or workload.
• The performance of a virtual machine can be affected by the type of
hypervisor used, the number of virtual machines running on the same
physical machine, and the type of hardware used.
• Additionally, the performance of a virtual machine can also be affected by
the software and configurations used.
• It is important to keep these factors in mind when comparing the
performance of virtual machines to physical machines.

Hai Tao - INT309 Cloud Computing 22

Page 22
The darker side of virtualization
• The darker side of virtualization refers to the potential security risks that come with the
increased use of virtual machines.
• These risks include the potential for malicious actors to gain access to the underlying
hardware and resources of the host machine or other virtual machines running on the
same system.
• Additionally, virtual machines can also be vulnerable to malware, ransomware, and other
malicious attacks.
• Furthermore, virtual machines can also be used to hide malicious activity or to launch
attacks against other networks and systems.
• To mitigate these risks, organizations should employ strong security measures, such as
firewalls, antivirus software, and intrusion detection systems, when using virtual
machines.
• Additionally, organizations should also ensure that they are aware of all the virtual
machines running on their systems, and that those machines are properly secured and
patched.

Hai Tao - INT309 Cloud Computing 23

 The darker side of virtualization

The insertion of a Virtual-Machine Based Rootkit (VMBR) as the lowest layer of the software stack running on the
physical hardware; (a) below an OS; (b) below a legitimate hypervisor. The VMBR enables a malicious OS to run
secretly and makes it invisible to the genuine or the guest OS and to the application.
Hai Tao - INT309 Cloud Computing 24