[Type the document title]

Operating System Level

This refers to an abstraction layer between traditional OS and user applications. OS-level
virtualization creates isolated containers on a single physical server and the OS instances to
utilize the hardware and software in data centers. The containers behave like real servers.
OS-level virtualization is commonly used in creating virtual hosting environments to allocate
hardware resources among a large number of mutually distrusting users

Library Support Level

Most applications use APIs exported by user-level libraries rather than using lengthy system
calls by the OS. Since most systems provide well-documented APIs, such an interface
becomes another candidate for virtualization. Virtualization with library interfaces is
possible by controlling the communication link between applications and the rest of a
system through API hooks

User-Application Level
Virtualization at the application level virtualizes an application as a VM. On a traditional OS,
an application often runs as a process. Therefore, application-level virtualization is also
known as process-level virtualization. The most popular approach is to deploy high level
language (HLL) VMs. Other forms of application-level virtualization are known as application
isolation, application sandboxing, or application streaming. The process involves wrapping
the application in a layer that is isolated from the host OS and other applications. The result
is an application that is much easier to distribute and remove from user workstations

[Type text] Page 1

 [Type the document title]

3.1.2 VMM Design Requirements and Providers

Hardware-level virtualization inserts a layer between real hardware and traditional

operating systems. This layer is commonly called the Virtual Machine Monitor (VMM) and it
manages the hardware resources of a computing system. Each time programs access the
hardware the
VMM captures the process.

There are three requirements for a VMM.

 First, a VMM should provide an environment for programs which is essentially
identical to the original machine
 . Second, programs run in this environment should show, at worst, only minor
decreases in speed.
 Third, a VMM should be in complete control of the system resources. Any program
run under a VMM should exhibit a function identical to that which it runs on the
original machine directly

Complete control of these resources by a VMM includes the following aspects:

(1) The VMM is responsible for allocating hardware resources for programs;
(2) it is not possible for a program to access any resource not explicitly allocated to it; and
(3) it is possible under certain circumstances for a VMM to regain control of resources
already allocate

If a processor is not designed to support virtualization primarily, it is necessary to modify the

hardware to satisfy the three requirements for a VMM. This is known as hardware-assisted
virtualization.

Virtualization Support at the OS Level

With the help of VM technology, a new computing mode known as cloud computing is
emerging.
Cloud computing is transforming the computing landscape by shifting the hardware and
staffing costs

[Type text] Page 2

 [Type the document title]

of managing a computational center to third parties, just like banks

1.Why OS-Level Virtualization?

Operating system virtualization inserts a virtualization layer inside an operating system to

partition a machine’s physical resources. It enables multiple isolated VMs within a single
operating system kernel. This kind of VM is often called a virtual execution environment
(VE), Virtual Private System (VPS), or simply container.

From the user’s point of view, VEs look like real servers. This means a VE has its own set of
processes, file system, user accounts, network interfaces with IP addresses, routing tables,
firewall rules, and other personal settings. Although VEs can be customized for different
people, they share the same operating system kernel. Therefore, OS-level virtualization is
also called single-OS image virtualization.

Figure 3.3 illustrates operating system virtualization from the point of view of a machine
stack.

[Type text] Page 3

 [Type the document title]

2 Advantages of OS Extensions

Compared to hardware-level virtualization, the benefits of OS extensions are twofold:

 VMs at the operating system level have minimal startup/shutdown costs, low
resource requirements, and high scalability; and
 for an OS-level VM, it is possible for a VM and its host environment to synchronize
state changes when necessary.
These benefits can be achieved via two mechanisms of OS-level virtualization:

 All OS-level VMs on the same physical machine share a single operating system
kernel
 Virtualization layer can be designed in a way that allows processes in VMs to access
as many resources of the host machine as possible

3. Disadvantages of OS Extensions

[Type text] Page 4

 [Type the document title]

The main disadvantage of OS extensions is that all the VMs at operating system level on a
single container must have the same kind of guest operating system. That is, although
different OS-level VMs may have different operating system distributions; they must pertain
to the same operating system family

4. Middleware Support for Virtualization

Library-level virtualization is also known as user-level Application Binary Interface (ABI) or

API emulation. This type of virtualization can create execution environments for running
alien programs on a platform rather than creating a VM to run the entire operating system.
API call interception and remapping are the key functions performed.

3.2 VIRTUALIZATION STRUCTURES/TOOLS AND MECHANISMS

In general, there are three typical classes of VM architecture. In such a case, the
virtualization layer is responsible for converting portions of the real hardware into virtual
hardware. Therefore, different operating systems such as Linux and Windows can run on the
same physical machine, simultaneously

1. Hypervisor and Xen Architecture:

 The hypervisor supports hardware-level virtualization (see Figure 3.1(b)) on bare
metal devices like CPU, memory, disk and network interfaces. The hypervisor
software sits directly between the physical hardware and its OS. This virtualization
layer is referred to as either the VMM or the hypervisor.
 The hypervisor provides hypercalls for the guest OSes and applications Depending on
the functionality, a hypervisor can assume a micro-kernel architecture like the
Microsoft Hyper-V. Or it can assume a monolithic hypervisor architecture like the
VMware ESX for server virtualization.
The Xen Architecture:
Xen is an open source hypervisor program developed by Cambridge University. Xen is a
microkernel hypervisor, which separates the policy from the mechanism

[Type text] Page 5

 [Type the document title]

2. Binary Translation with Full Virtualization

Depending on implementation technologies, hardware virtualization can be classified into
two categories: full virtualization and host-based virtualization.

 Full virtualization does not need to modify the host OS. It relies on binary translation
to trap and to virtualize the execution of certain sensitive, non virtualizable
instructions. The guest OS and their applications consist of noncritical and critical
instructions.
 In a host-based system, both a host OS and a guest OS are used. A virtualization
software layer is built between the host OS and guest OS.

Full Virtualization

With full virtualization, noncritical instructions run on the hardware directly while
critical instructions are discovered and replaced with traps into the VMM to be
emulated by software. Both the hypervisor and VMM approaches are considered full
virtualization.

Binary Translation of Guest OS Requests Using a VMM:

 This approach was implemented by VMware and many other software companies.
As shown in Figure 3.6,
 VMware puts the VMM at Ring 0 and the guest OS at Ring 1. The VMM scans the
instruction stream and identifies the privileged, control- and behavior-sensitive
instructions. When these instructions are identified, they are trapped into the VMM,
which emulates the behavior of these instructions. The method used in this
emulation is called binary translation.

 Therefore, full virtualization combines binary translation and direct execution. The
guest OS is completely decoupled from the underlying hardware. Consequently, the
guest OS is unaware that it is being virtualized

[Type text] Page 6

 [Type the document title]

Host-Based Virtualization

An alternative VM architecture is to install a virtualization layer on top of the host OS. This host OS is still
responsible for managing the hardware. The guest OS are installed and run on top of the virtualization layer.
Dedicated applications may run on the VMs. Certainly, some other applications can also run with the host OS
directly This host based architecture has some distinct advantages,

 First, the user can install this VM architecture without modifying the host OS.
 Second, the host-based approach appeals to many host machine configurations

3. Para-Virtualization with Compiler Support

Para-virtualization needs to modify the guest operating systems. A para-virtualized VM

provides special APIs requiring substantial OS modifications in user applications.
Figure 3.7 illustrates the concept of a para-virtualized VM architecture. The guest operating
systems are para-virtualized. They are assisted by an intelligent compiler to replace the
nonvirtualizable OS instructions by hypercalls as illustrated in Figure 3.8.

The traditional x86 processor offers four instruction execution rings: Rings 0, 1, 2, and 3. The
lower the ring number, the higher the privilege of instruction being executed. The OS is
responsible for managing the hardware and the privileged instructions to execute at Ring 0,
while user-level applications run at Ring 3.

3.3 VIRTUALIZATION OF CPU, MEMORY, AND I/O DEVICES

[Type text] Page 7

 [Type the document title]

1. Para-Virtualization Architecture

 According to the x86 ring definition, the virtualization layer should also be installed
at Ring 0. Different instructions at Ring 0 may cause some problems. In Figure 3.8,
we show that para-virtualization replaces nonvirtualizable instructions with
hypercalls that communicate directly with the hypervisor or VMM. However, when
the guest OS kernel is modified for virtualization, it can no longer run on the
hardware directly.

 Disadvantages of Para virtualization:

Although para-virtualization reduces the overhead, it has incurred other problems.
First, its compatibility and portability may be in doubt, because it must support the
unmodified OS as well. Second, the cost of maintaining para-virtualized OSes is high,
because they may require deep OS kernel modifications

2. KVM (Kernel-Based VM)

This is a Linux para-virtualization system—a part of the Linux version 2.6.20 kernel.
Memory management and scheduling activities are carried out by the
existing Linux kernel. The KVM does the rest, which makes it simpler than the
hypervisor that controls the entire machine

3. Para-Virtualization with Compiler Support

Unlike the full virtualization architecture which intercepts and emulates privileged and
sensitive instructions at runtime, para-virtualization handles these instructions at compile
time. The guest OS kernel is modified to replace the privileged and sensitive instructions
with hypercalls to the hypervisor or VMM. Xen assumes such a para-virtualization
architecture.

[Type text] Page 8

 [Type the document title]

[Type text] Page 9