VIRTUALIZATION BASICS

UNIT 2
VIRTUALIZATION BASICS
Virtual Machine Basics – Taxonomy of Virtual Machines – Hypervisor – Key
Concepts – Virtualization structure – Implementation levels of virtualization –
Virtualization Types: Full Virtualization – Para Virtualization – Hardware
Virtualization – Virtualization of CPU, Memory and I/O devices

VIRTUAL MACHINE BASICS

Virtual Machine can be defined as an emulation of the computer systems in computing.
Virtual Machine is based on computer architectures. It also gives the functionality of physical
computers. The implementation of VM may consider specialized software, hardware, or a
combination of both.

Virtualization makes it possible to create multiple virtual machines, each with their own
operating system (OS) and applications, on a single physical machine. A VM cannot interact
directly with a physical computer. Instead, it needs a lightweight software layer called a
hypervisor to coordinate between it and the underlying physical hardware. The hypervisor
allocates physical computing resources—such as processors, memory, and storage—to each
VM. It keeps each VM separate from others so they don’t interfere with each other.
Characteristics of Virtualization
It is a method of creating a virtual replica of computer resources, storage devices, and
hardware. It possesses the following qualities:
1. Instance Virtualization: The primary feature is that it virtualizes the whole platform. This
implies that an operating system is separated from the primary platform resources. Without
installing or purchasing additional hardware, it can virtualize the platform.
2. Vulnerability of Resources: It permits resource virtualization in addition to operating
system-wide virtualization. It permits the virtualization of particular system resources. These
include namespaces, storage, network resources, and more.

1
 VIRTUALIZATION BASICS

3. Virtualization of applications: The fact that it also virtualizes apps is another feature. It
refers to running a programme on various hardware or software. For instance, cross-platform
virtualization, portable programmes, etc.
4. Execution Control: The execution process is more controlled and secured when
virtualization is used in the environment. Additionally, it makes it possible to use more features.
These include loneliness, sharing, and other things.
5. Process transparency: The existence of transparency is one of the most crucial traits. The
procedure becomes more transparent and safe because it is moved entirely online. On virtual
machines, which represent a clean and regulated environment, all operations are carried out.
6. Observation of the Infrastructure: Continuous monitoring is made possible via
virtualization in the cloud. As a result, it is simple to keep tabs on all activities around-the-
clock.
Advantages of virtualization
1. Cheap: IT infrastructures find virtualization to be a more affordable implementation option
because it doesn't require the use or installation of actual hardware components.
2. Efficient: By downloading the new versions of the software and hardware from a third-party
supplier, efficient virtualization also enables automatic upgrades of both.
3. Disaster recovery: When servers are virtualized, disaster recovery is relatively simple
thanks to fast backup restoration and current snapshots of your virtual machines. Having the
flexibility level guarantees that the disaster recovery plan will be simpler to implement and will
have a 99% success rate.
4. Deployment: Resources may be deployed much more quickly when employing
virtualization technology. It is feasible to significantly reduce the amount of time required for
setting up physical devices or creating local networks.
5. Encourages digital entrepreneurship: Prior to widespread virtualization, the average
person found it nearly impossible to start a digital business.
6. Saves energy: Both individuals and businesses can save energy by using virtualization. The
rate of energy consumption can be reduced because no local hardware or software alternatives
are being employed.
7. Improved uptime: Virtualization technologies have increased uptime dramatically. An
uptime of 99.9999% is offered by some providers. Even low-cost carriers now offer uptime at
a rate of 99.99%.
8. Consistent cost: People and corporations can have predictable expenses for their IT
requirements because third-party vendors frequently offer choices for virtualization.

2
 VIRTUALIZATION BASICS

TAXONOMY OF VIRTUALIZATION

Types of Virtualization
The virtualization is of various types and they are as follows.
1. Application Virtualization
2. Network Virtualization
3. Desktop Virtualization
4. Storage Virtualization
5. Server Virtualization
6. Data virtualization

3
 VIRTUALIZATION BASICS

1. Application Virtualization:

Application virtualization helps a user to have remote access to an application from a

server. The server stores all personal information and other characteristics of the application
but can still run on a local workstation through the internet. An example of this would be a user
who needs to run two different versions of the same software. Technologies that use application
virtualization are hosted applications and packaged applications. Eg) virtualizing Microsoft
PowerPoint to run on Ubuntu over an Opera browser.
2. Network Virtualization:

The ability to run multiple virtual networks with each having a separate control and
data plan. It co-exists together on top of one physical network. It can be managed by individual
parties that are potentially confidential to each other. Network virtualization provides a facility
to create and provision virtual networks, logical switches, routers, firewalls, load balancers,
Virtual Private Networks (VPN), and workload security within days or even weeks. Eg) virtual
LAN (VLAN). A VLAN is a subsection of a local area network (LAN) created with software
that combines network devices into one group, regardless of physical location.

4
 VIRTUALIZATION BASICS

3. Desktop Virtualization:
Desktop virtualization allows the users’ OS to be remotely stored on a server in the data
center. It allows the user to access their desktop virtually, from any location by a different
machine. Users who want specific operating systems other than Windows Server will need to
have a virtual desktop. The main benefits of desktop virtualization are user mobility,
portability, and easy management of software installation, updates, and patches. Eg) The three
most popular types of desktop virtualization are Virtual desktop infrastructure (VDI), Remote
desktop services (RDS), and Desktop-as-a-Service (DaaS)

4. Storage Virtualization:

Storage virtualization is an array of servers that are managed by a virtual storage

system. The servers aren’t aware of exactly where their data is stored and instead function more
like worker bees in a hive. It makes managing storage from multiple sources be managed and
utilized as a single repository. storage virtualization software maintains smooth operations,
consistent performance, and a continuous suite of advanced functions despite changes, breaks
down, and differences in the underlying equipment.

5
 VIRTUALIZATION BASICS

5. Server Virtualization:

This is a kind of virtualization in which the masking of server resources takes place.
Here, the central server (physical server) is divided into multiple different virtual servers by
changing the identity number, and processors. So, each system can operate its operating
systems in an isolated manner. Where each sub-server knows the identity of the central server.
It causes an increase in performance and reduces the operating cost by the deployment of main
server resources into a sub-server resource. It’s beneficial in virtual migration, reducing energy
consumption, reducing infrastructural costs, etc.
6. Data Virtualization:
This is the kind of virtualization in which the data is collected from various sources and
managed at a single place without knowing more about the technical information like how data
is collected, stored & formatted then arranged that data logically so that its virtual view can be
accessed by its interested people and stakeholders, and users through the various cloud services
remotely. Many big giant companies are providing their services like Oracle, IBM, At scale,
Cdata, etc.

6
 VIRTUALIZATION BASICS

Data virtualization and federation are two processes that are enabled by using software
tools to create a virtual semantic presentation of data. They enable applications to transparently
query data that is distributed across multiple storage platforms. If you’ve got data stored in an
Oracle database, and you’ve got another data set that is stored in a DB2 database, a data
federation mechanism will allow you to run a query against a virtual layer, or a semantic layer,
that looks like a single data model, but then the tool itself takes that query and breaks it down
into the query part that goes against the Oracle database and the query part that goes against
the DB2 database.
Levels of Virtual Machine
There are two different types of virtual machines. They are:
 Process Virtual Machine
 System Virtual Machine

1. Process Virtual Machine:

A process virtual machine is defined as a type of virtual machine that allows only a
single process to run as an application on the host system and provides a platform-independent
environment. A process VM gets created once the process is started and gets destroyed when
the process ends. Java Virtual Machine (JVM) is an example of a process virtual machine that
allows any operating system to run java applications. Example – Wine software in Linux helps
to run Windows applications. Example – Wine software in Linux helps to run Windows
applications.
A process virtual machine is sometimes known as MRE (Manages Runtime
Environment) or application virtual machine. It runs as a general application in the host
operating system and supports an individual process. These are created if that process begins
and destroyed if it exits. The purpose of the process VM is to facilitate a programming
environment that is platform-independent. It abstracts away all the information of the
underlying operating system or hardware. It allows the programs to be executed on any
platform in a similar way.

7
 VIRTUALIZATION BASICS

The process virtual machine has a special case for those systems that essence on the
communication mechanisms of the (heterogeneous potentially) computer clusters. These types
of virtual machines do not include any individual process, although one process/physical
machine inside the cluster. These clusters are created to mitigate the programming confluent
applications task by enabling the programmers to concentrate on algorithms instead of the
communication mechanisms given by the OS and interconnect. They don't hide a fact that
communication takes place and attempt to illustrate a cluster as an individual machine.
This system doesn't give a particular programming language, unlike other types of
process virtual machines, although, they are embedded within any existing language. Such any
system typically facilitates binding for many languages (like FORTRAN and C).
MPI (Message Passing Interface) and PVM (Parallel Virtual Machine). They are not
virtual machines strictly because various applications executing on the top still contain access
to every OS service. Thus, they are not restricted to the model of the system.
2. System Virtual Machine:
A system virtual machine is defined as a type of virtual machine that is fully virtualized
to substitute a physical machine. The physical resources of the host device are shared among
the multiple virtual machines. This process of virtualization depends upon a hypervisor that
runs on the top of the operating system.
Originally, a Virtual Machine was described by Goldberg and Popek as "an isolated
and efficient duplicate of an actual computer machine." The latest use combines virtual
machines that haven't any direct relation with actual hardware. Generally, the real world or
physical hardware (executing the virtual machine) is termed as the "host" and the VM copied
on the machine is generally termed as the "guest."

8
 VIRTUALIZATION BASICS

The host could emulate various guests, all of which could emulate distinct hardware
platforms and operating systems. A craving to execute more than one operating system was a
starting objective of the virtual machines. It allows time-sharing between many individual
tasking operating systems. A system VM can be could be considered the concept generalization
of virtual memory that preceded it historically.
CMS/CP of IBM, the initial systems that permit full virtualization, equipped to be
sharing by giving all users an individual-user OS (Operating System). The system VM
designated the user for writing privileged instructions inside the code. This type of method has
some advantages like including output/input devices not permitted by any standard system.
Memory over-commitment's new systems may be used for managing memory sharing
between several VMs over a single computer OS. It is because technology expands VM for
various virtualization purposes. It can be possible to distribute memory pages that include
identical contents for many VMs that execute on a similar physical machine. As a result,
mapping them to a similar physical page by a method called KSM (kernel-same page merging).
It is useful especially for various read-only pages, like those containing code segments.
It is a case for more than one VM executing the similar or same middleware components, web
servers, software libraries, software, etc. A guest OS doesn't require to be compliant with any
host hardware, hence making it feasible to execute distinct OS on a similar computer (such as
an operating system's prior version, Linux, or Windows) for supporting future software.
The virtual machine can be used for supporting isolated guest OS. It is popular
regarding embedded systems. A common use might be to execute the real-time operating
system with a preferred complicated operating system simultaneously such as Windows or
Linux.

9
 VIRTUALIZATION BASICS

HYPERVISOR
A hypervisor is the software layer that coordinates VMs. It serves as an interface
between the VM and the underlying physical hardware, ensuring that each has access to the
physical resources it needs to execute. It also ensures that the VMs don’t interfere with each
other by impinging on each other’s memory space or compute cycles.
A hypervisor, also known as a virtual machine monitor or VMM. The hypervisor is a
piece of software that allows us to build and run virtual machines which are abbreviated as
VMs. A hypervisor allows a single host computer to support multiple virtual machines (VMs)
by sharing resources including memory and processing.

Hypervisors simplify server management because VMs are independent of the host
environment. In other words, the operation of one VM does not affect other VMs or the
underlying hardware. Therefore, even when one VM crashes, others can continue to work
without affecting performance. This allows administrators to move VMs between servers,
which is a useful capability for workload balancing. Teams seamlessly migrate VMs from one
machine to another, and they can use this feature for fail-overs. In addition, a hypervisor is
useful for running and testing programs in different operating systems.
Hypervisors allow the use of more of a system's available resources and provide greater
IT versatility because the guest VMs are independent of the host hardware which is one of the
major benefits of the Hypervisor. In other words, this implies that they can be quickly switched
between servers. Since a hypervisor with the help of its special feature, it allows several virtual
machines to operate on a single physical server. So, it helps us to reduce:
 The Space efficiency
 The Energy uses
 The Maintenance requirements of the server.
Advantages of hypervisors
1. Speed: The hypervisors allow virtual machines to be built instantly unlike bare-metal
servers. This makes provisioning resources for complex workloads much simpler.

10
 VIRTUALIZATION BASICS

2. Efficiency: Hypervisors that run multiple virtual machines on the resources of a single
physical machine often allow for more effective use of a single physical server.
3. Flexibility: Since the hypervisor distinguishes the OS from the underlying hardware, the
program no longer relies on particular hardware devices or drivers, bare-metal hypervisors
enable operating systems and their related applications to operate on a variety of hardware
types.
4. Portability: Multiple operating systems can run on the same physical server thanks to
hypervisors (host machine). The hypervisor's virtual machines are portable because they are
separate from the physical computer.
Hypervisors are a key component of the technology that enables cloud computing since
they are a software layer that allows one host device to support several virtual machines at the
same time. Hypervisors allow IT to retain control over a cloud environment's infrastructure,
processes, and sensitive data while making cloud-based applications accessible to users in a
virtual environment.
Increased emphasis on creative applications is being driven by digital transformation
and increasing consumer expectations. As a result, many businesses are transferring their
virtual computers to the cloud. Having to rewrite any existing application for the cloud, on the
other hand, will eat up valuable IT resources and create infrastructure silos.
A hypervisor also helps in the rapid migration of applications to the cloud as being a
part of a virtualization platform. As a result, businesses will take advantage of the cloud's many
advantages, such as lower hardware costs, improved accessibility, and increased scalability,
for a quicker return on investment.
Types of Hypervisors

There are two types of hypervisors. They are

1. "Type 1" (also known as "bare metal")
2. "Type 2" (also known as "hosted").

11
 VIRTUALIZATION BASICS

TYPE 1
Type 1 or “bare-metal” hypervisors interact with the underlying physical resources,
replacing the traditional operating system altogether. They most commonly appear in virtual
server scenarios. The native or bare metal hypervisor, the Type 1 hypervisor is known by both
names.
It replaces the host operating system, and the hypervisor schedules VM services directly
to the hardware. The type 1 hypervisor is very much commonly used in the enterprise data
center or other server-based environments.
It includes KVM, Microsoft Hyper-V, and VMware vSphere. If we are running the
updated version of the hypervisor then we must have already got the KVM integrated into the
Linux kernel in 2007.

Bare-metal hypervisors run directly on the computing hardware. The most commonly
deployed type of hypervisor is the type 1 or bare-metal hypervisor, where virtualization
software is installed directly on the hardware where the operating system is normally installed.
Because bare-metal hypervisors are isolated from the attack-prone operating system, they are
extremely secure. In addition, they generally perform better and more efficiently than hosted
hypervisors. For these reasons, most enterprise companies choose bare-metal hypervisors for
data center computing needs.
Type 1 hypervisor, or a bare metal hypervisor, interacts directly with the underlying
machine hardware. A bare metal hypervisor is installed directly on the host machine’s physical
hardware, not through an operating system. In some cases, a type 1 hypervisor is embedded in
the machine’s firmware. The type 1 hypervisor negotiates directly with server hardware to
allocate dedicated resources to VMs. It can also flexibly share resources, depending on various
VM requests.

12
 VIRTUALIZATION BASICS

Type 1 hypervisors offer important benefits in terms of performance and security, while
they lack advanced management features. Following are the pros and cons of using this type of
hypervisor.
Advantages
1. VM Mobility - Type 1 hypervisors enable moving virtual machines between physical
servers, manually or automatically. This move is based on the resource needs of a VM at a
given moment and happens without any impact on the end-users. In case of a hardware failure,
management software moves virtual machines to a working server as soon as an issue arises.
The detection and restoration procedure takes place automatically and seamlessly.
2. Security - The type 1 hypervisor has direct access to hardware without an additional OS
layer. This direct connection significantly decreases the attack surface for potential malicious
actors.
3. Resource Over-Allocation - With type 1 hypervisors, you can assign more resources to
your virtual machines than you have. For example, if you have 128GB of RAM on your server
and eight virtual machines, you can assign 24GB of RAM to each. This totals 192GB of RAM,
but VMs themselves will not consume all 24GB from the physical server. The VMs detect they
have 24GB when they only use the amount of RAM they need to perform particular tasks.
Disadvantages
1. Limited functionality - Type 1 hypervisors are relatively simple and do not offer many
features. The functionalities include basic operations such as changing the date and time, IP
address, password, etc.
2. Complicated management - To create virtual instances, you need a management console
set up on another machine. Using the console, you can connect to the hypervisor on the server
and manage your virtual environment.
3. Price - Depending on what functionalities you need, the license cost for management
consoles varies substantially.
Type 1 Examples
There are many different hypervisor vendors available. Most provide trial periods to
test out their services before you buy them. These are the most common type 1 hypervisors:
1. VMware vSphere with ESX/ESXi
2. KVM (Kernel-Based Virtual Machine)
3. Microsoft Hyper-V
4. Oracle VM
5. Citrix Hypervisor (formerly known as Xen Server)

13
 VIRTUALIZATION BASICS

Type 2
Type 2 hypervisors run as an application on an existing OS. Most commonly used on
endpoint devices to run alternative operating systems, they carry a performance overhead
because they must use the host OS to access and coordinate the underlying hardware resources.

Hosted hypervisors run on top of the operating system (OS) of the host machine.
Although hosted hypervisors run within the OS, additional (and different) operating systems
can be installed on top of the hypervisor. The downside of hosted hypervisors is that latency is
higher than bare-metal hypervisors. This is because communication between the hardware and
the hypervisor must pass through the extra layer of the OS. Hosted hypervisors are sometimes
known as client hypervisors because they are most often used with end users and software
testing, where higher latency is less of a concern.
Hardware acceleration technology improves the processing speed of both bare-metal
and hosted hypervisors, allowing them to build and handle virtual resources more quickly. On
a single physical computer, all types of hypervisors will operate multiple virtual servers for
multiple tenants. Different businesses rent data space on various virtual servers from public
cloud service providers. One server can host multiple virtual servers, each of which is running
different workloads for different businesses.
Advantages
Such kind of hypervisors allows quick and easy access to a guest Operating System
alongside the host machine running. These hypervisors usually come with additional useful
features for guest machines. Such tools enhance the coordination between the host machine
and the guest machine.

14
 VIRTUALIZATION BASICS

Disadvantages
Here there is no direct access to the physical hardware resources so the efficiency of
these hypervisors lags in performance as compared to the type-1 hypervisors, and potential
security risks are also there an attacker can compromise the security weakness if there is access
to the host operating system so he can also access the guest operating system.
Type 2 Examples
1. Oracle VM VirtualBox
2. VMware Workstation Pro/VMware Fusion
3. Windows Virtual PC
4. Parallels Desktop
Hypervisor Reference Model:

There are 3 main modules coordinates in order to emulate the underlying hardware:
1. Dispatcher: The dispatcher behaves like the entry point of the monitor and reroutes the
instructions of the virtual machine instance to one of the other two modules.
2. Allocator: The allocator is responsible for deciding the system resources to be provided to
the virtual machine instance. It means whenever a virtual machine tries to execute an
instruction that results in changing the machine resources associated with the virtual machine,
the allocator is invoked by the dispatcher.
3. Interpreter: The interpreter module consists of interpreter routines. These are executed,
whenever a virtual machine executes a privileged instruction.

15
 VIRTUALIZATION BASICS

VIRTUALIZATION STRUCTURE
A virtualization architecture is a conceptual model of a virtual infrastructure that is most
frequently applied in cloud computing. Virtualization itself is the process of creating and
delivering a virtual rather than a physical version of something. This could be a desktop, an
operating system (OS), a server, a storage device or network resources. The architecture clearly
specifies the arrangement and interrelationships among the particular components in the virtual
environment.
Before virtualization, the operating system manages the hardware. After virtualization,
a virtualization layer is inserted between the hardware and the operating system. In such a case,
the virtualization layer is responsible for converting portions of the real hardware into virtual
hardware. Therefore, different operating systems such as Linux and Windows can run on the
same physical machine, simultaneously.
Depending on the position of the virtualization layer, there are several classes of VM
architectures, namely the hypervisor architecture, paravirtualization, and host-based
virtualization. The hypervisor is also known as the VMM (Virtual Machine Monitor). They
both perform the same virtualization operations. The basic three architectures are
1. Hypervisor and Xen Architecture
2. Binary Translation with Full Virtualization
3. Para-Virtualization with Compiler Support
Hypervisor and Xen Architecture
The hypervisor supports hardware-level virtualization on bare metal devices like CPU,
memory, disk and network interfaces. The hypervisor software sits directly between the
physical hardware and its OS. This virtualization layer is referred to as either the VMM or the
hypervisor. The hypervisor provides hyper calls for the guest OSes and applications.
Depending on the functionality, a hypervisor can assume a micro-kernel architecture like the
Microsoft Hyper-V. Or it can assume a monolithic hypervisor architecture like the VMware
ESX for server virtualization.
The Xen Architecture
Xen is an open source hypervisor program developed by Cambridge University. Xen is
a micro-kernel hypervisor, which separates the policy from the mechanism. The Xen
hypervisor implements all the mechanisms, leaving the policy to be handled by Domain 0, as
shown in Figure 3.5. Xen does not include any device drivers natively. It just provides a
mechanism by which a guest OS can have direct access to the physical devices. As a result, the
size of the Xen hypervisor is kept rather small. Xen provides a virtual environment located
16
 VIRTUALIZATION BASICS

between the hardware and the OS. A number of vendors are in the process of developing
commercial Xen hypervisors, among them are Citrix XenServer and Oracle VM.

The core components of a Xen system are the hypervisor, kernel, and applications. The
organization of the three components is important. Like other virtualization systems, many
guest OSes can run on top of the hypervisor. However, not all guest OSes are created equal,
and one in particular controls the others. The guest OS, which has control ability, is called
Domain 0, and the others are called Domain U. Domain 0 is a privileged guest OS of Xen. It
is first loaded when Xen boots without any file system drivers being available. Domain 0 is
designed to access hardware directly and manage devices. Therefore, one of the responsibilities
of Domain 0 is to allocate and map hardware resources for the guest domains (the Domain U
domains).
Binary Translation with Full Virtualization
Depending on implementation technologies, hardware virtualization can be classified
into two categories.
1. Full virtualization and
2. Host-based virtualization.
Full virtualization does not need to modify the host OS. It relies on binary translation
to trap and to virtualize the execution of certain sensitive, non virtualizable instructions. The
guest OSes and their applications consist of noncritical and critical instructions. In a host-based
system, both a host OS and a guest OS are used. A virtualization software layer is built between
the host OS and guest OS. These two classes of VM architecture are introduced next.
Full Virtualization
With full virtualization, noncritical instructions run on the hardware directly while
critical instructions are discovered and replaced with traps into the VMM to be emulated by
software. Both the hypervisor and VMM approaches are considered full virtualization. Why
are only critical instructions trapped into the VMM? This is because binary translation can

17
 VIRTUALIZATION BASICS

incur a large performance overhead. Noncritical instructions do not control hardware or

threaten the security of the system, but critical instructions do. Therefore, running noncritical
instructions on hardware not only can promote efficiency, but also can ensure system security.
Host-Based Virtualization
An alternative VM architecture is to install a virtualization layer on top of the host OS.
This host OS is still responsible for managing the hardware. The guest OSes are installed and
run on top of the virtualization layer. Dedicated applications may run on the VMs. Certainly,
some other applications can also run with the host OS directly.

This host-based architecture has some distinct advantages, as enumerated next. First,
the user can install this VM architecture without modifying the host OS. The virtualizing
software can rely on the host OS to provide device drivers and other low-level services. This
will simplify the VM design and ease its deployment.
Second, the host-based approach appeals to many host machine configurations.
Compared to the hypervisor/VMM architecture, the performance of the host-based architecture
may also be low. When an application requests hardware access, it involves four layers of
mapping which downgrades performance significantly. When the ISA of a guest OS is different
from the ISA of the underlying hardware, binary translation must be adopted. Although the
host-based architecture has flexibility, the performance is too low to be useful in practice.
Para-Virtualization with Compiler Support
Para-virtualization needs to modify the guest operating systems. A para-virtualized VM
provides special APIs requiring substantial OS modifications in user applications. Performance
degradation is a critical issue of a virtualized system. No one wants to use a VM if it is much
slower than using a physical machine. The virtualization layer can be inserted at different
positions in a machine soft-ware stack. However, para-virtualization attempts to reduce the
virtualization overhead, and thus improve performance by modifying only the guest OS kernel.

18
 VIRTUALIZATION BASICS

Figure above (a) illustrates the concept of a para virtualized VM architecture. The guest
operating systems are para-virtualized. They are assisted by an intelligent compiler to replace
the non virtualizable OS instructions by hyper calls as illustrated in Figure above (b). The
traditional x86 processor offers four instruction execution rings: Rings 0, 1, 2, and 3. The lower
the ring number, the higher the privilege of instruction being executed. The OS is responsible
for managing the hardware and the privileged instructions to execute at Ring 0, while user-
level applications run at Ring 3. Best example is KVM.
KVM (Kernel-Based VM)
This is a Linux para-virtualization system—a part of the Linux version 2.6.20 kernel.
Memory management and scheduling activities are carried out by the existing Linux kernel.
The KVM does the rest, which makes it simpler than the hypervisor that controls the entire
machine. KVM is a hardware-assisted para-virtualization tool, which improves performance
and supports unmodified guest OSes such as Windows, Linux, Solaris, and other UNIX
variants.
Para-Virtualization with Compiler Support
Unlike the full virtualization architecture which intercepts and emulates privileged and
sensitive instructions at runtime, para-virtualization handles these instructions at compile time.
The guest OS kernel is modified to replace the privileged and sensitive instructions with hyper
calls to the hypervisor or VMM. Xen assumes such a para-virtualization architecture.
The guest OS running in a guest domain may run at Ring 1 instead of at Ring 0. This
implies that the guest OS may not be able to execute some privileged and sensitive instructions.
The privileged instructions are implemented by hyper calls to the hypervisor. After replacing
the instructions with hyper calls, the modified guest OS emulates the behavior of the original
guest OS. On an UNIX system, a system call involves an interrupt or service routine. The
hypercalls apply a dedicated service routine in Xen.

19
 VIRTUALIZATION BASICS

VMware ESX Server for Para-Virtualization

VMware pioneered the software market for virtualization. The company has developed
virtualization tools for desktop systems and servers as well as virtual infrastructure for large
data centers. ESX is a VMM or a hypervisor for bare-metal x86 symmetric multiprocessing
(SMP) servers. It accesses hardware resources such as I/O directly and has complete resource
management control. An ESX-enabled server consists of four components: a virtualization
layer, a resource manager, hardware interface components, and a service console, as shown in
Figure below. To improve performance, the ESX server employs a para-virtualization
architecture in which the VM kernel interacts directly with the hardware without involving the
host OS.

The VMM layer virtualizes the physical hardware resources such as CPU, memory,
network and disk controllers, and human interface devices. Every VM has its own set of virtual
hardware resources. The resource manager allocates CPU, memory disk, and network
bandwidth and maps them to the virtual hardware resource set of each VM created. Hardware
interface components are the device drivers and the VMware ESX Server File System. The
service console is responsible for booting the system, initiating the execution of the VMM and
resource manager, and relinquishing control to those layers. It also facilitates the process for
system administrators.
IMPLEMENTATION LEVELS OF VIRTUALIZATION
Virtualization is technology that you can use to create virtual representations of servers,
storage, networks, and other physical machines. Virtual software mimics the functions of
physical hardware to run multiple virtual machines simultaneously on a single physical
machine. Virtualization is not that easy to implement. A computer runs an OS that is configured
to that particular hardware. Running a different OS on the same hardware is not exactly

20
 VIRTUALIZATION BASICS

feasible. To tackle this, there exists a hypervisor. What hypervisor does is, it acts as a bridge
between virtual OS and hardware to enable its smooth functioning of the instance. There are
five levels of virtualizations available that are most commonly used in the industry. These are
as follows:
1. Instruction Set Architecture Level (ISA)
2. Hardware Abstraction Level (HAL)
3. Operating System Level
4. Library Level
5. Application Level

1. Instruction Set Architecture Level (ISA)

At the ISA level, virtualization is performed by emulating a given ISA by the ISA of
the host machine. For example, MIPS binary code can run on an x86-based host machine with
the help of ISA emulation. With this approach, it is possible to run a large amount of legacy
binary code writ-ten for various processors on any given new hardware host machine.
Instruction set emulation leads to virtual ISAs created on any hardware machine.
The basic emulation method is through code interpretation. An interpreter program
interprets the source instructions to target instructions one by one. One source instruction may
require tens or hundreds of native target instructions to perform its function. Obviously, this

21
 VIRTUALIZATION BASICS

process is relatively slow. For better performance, dynamic binary translation is desired. This
approach translates basic blocks of dynamic source instructions to target instructions. The basic
blocks can also be extended to program traces or super blocks to increase translation efficiency.
Instruction set emulation requires binary translation and optimization. A virtual instruction set
architecture (V-ISA) thus requires adding a processor-specific software translation layer to the
compiler.
2. Hardware Abstraction Level
Hardware-level virtualization is performed right on top of the bare hardware. On the
one hand, this approach generates a virtual hardware environment for a VM. On the other hand,
the process manages the underlying hardware through virtualization. The idea is to virtualize a
computer’s resources, such as its processors, memory, and I/O devices. The intention is to
upgrade the hardware utilization rate by multiple users concurrently. The idea was
implemented in the IBM VM/370 in the 1960s. More recently, the Xen hypervisor has been
applied to virtualize x86-based machines to run Linux or other guest OS applications.
3. Operating System Level
This refers to an abstraction layer between traditional OS and user applications. OS-level
virtualization creates isolated containers on a single physical server and the OS instances to
utilize the hard-ware and software in data centers. The containers behave like real servers. OS-
level virtualization is commonly used in creating virtual hosting environments to allocate
hardware resources among a large number of mutually distrusting users. It is also used, to a
lesser extent, in consolidating server hardware by moving services on separate hosts into
containers or VMs on one server.
4. Library Support Level
Most applications use APIs exported by user-level libraries rather than using lengthy
system calls by the OS. Since most systems provide well-documented APIs, such an interface
becomes another candidate for virtualization. Virtualization with library interfaces is possible
by controlling the communication link between applications and the rest of a system through
API hooks. The software tool WINE has implemented this approach to support Windows
applications on top of UNIX hosts. Another example is the vCUDA which allows applications
executing within VMs to leverage GPU hardware acceleration.
5. User-Application Level
Virtualization at the application level virtualizes an application as a VM. On a
traditional OS, an application often runs as a process. Therefore, application-level
virtualization is also known as process-level virtualization. The most popular approach is to

22
 VIRTUALIZATION BASICS

deploy high level language (HLL) VMs. In this scenario, the virtualization layer sits as an
application program on top of the operating system, and the layer exports an abstraction of a
VM that can run programs written and compiled to a particular abstract machine definition.
Any program written in the HLL and compiled for this VM will be able to run on it. The
Microsoft .NET CLR and Java Virtual Machine (JVM) are two good examples of this class of
VM.
VIRTUALIZATION TYPES

Full Virtualization
Full Virtualization was introduced by IBM in the year 1966. It is the first software
solution for server virtualization and uses binary translation and direct approach techniques. In
full virtualization, guest OS is completely isolated by the virtual machine from the
virtualization layer and hardware. Microsoft and Parallels systems are examples of full
virtualization.

23
 VIRTUALIZATION BASICS

We can virtualize any operating system using a combination of binary translation and
direct execution techniques. This approach translates kernel code to replace non virtualizable
instructions with new sequences of instructions that have the intended effect on the virtual
hardware. Meanwhile, user level code is directly executed on the processor for high
performance virtualization.
Each virtual machine monitor (VMM) provides each Virtual Machine with all the
services of the physical system, including a virtual BIOS, virtual devices and virtualized
memory management. This combination of binary translation and direct execution provides
Full Virtualization as the guest OS is fully abstracted (completely decoupled) from the
underlying hardware by the virtualization layer.
The guest OS is not aware it is being virtualized and requires no modification. Full
virtualization is the only option that requires no hardware assist or operating system assist to
virtualize sensitive and privileged instructions. The hypervisor translates all operating system
instructions on the fly and caches the results for future use, while user level instructions run
unmodified at native speed. Full virtualization offers the best isolation and security for virtual
machines, and simplifies migration and portability as the same guest OS instance can run
virtualized or on native hardware.
Para Virtualization
Paravirtualization refers to communication between the guest OS and the hypervisor to
improve performance and efficiency. Paravirtualization involves modifying the OS kernel to
replace nonvirtualizable instructions with hypercalls that communicate directly with the
virtualization layer hypervisor.

24
 VIRTUALIZATION BASICS

The hypervisor also provides hypercall interfaces for other critical kernel operations
such as memory management, interrupt handling and time keeping. Paravirtualization is
different from full virtualization, where the unmodified OS does not know it is virtualized and
sensitive OS calls are trapped using binary translation.
The performance advantage of paravirtualization over full virtualization can vary
greatly depending on the workload. As paravirtualization cannot support unmodified operating
systems, its compatibility and portability is poor. Paravirtualization can also introduce
significant support and maintainability issues in production environments as it requires deep
OS kernel modifications.
The open source Xen project is an example of paravirtualization that virtualizes the
processor and memory using a modified Linux kernel and virtualizes the I/O using custom
guest OS device drivers. While it is very difficult to build the more sophisticated binary
translation support necessary for full virtualization, modifying the guest OS to enable
paravirtualization is relatively easy. There are minimal, non-intrusive changes installed into the
guest OS that do not require OS kernel modification.
Hardware Assisted Virtualization
Hardware vendors are rapidly embracing virtualization and developing new features to
simplify virtualization techniques. First generation enhancements include Intel Virtualization
Technology (VT-x) and AMD’s AMD-V which both target privileged instructions with a new
CPU execution mode feature that allows the VMM to run in a new root mode below ring 0.
Privileged and sensitive calls are set to automatically trap to the hypervisor, removing the need
for either binary translation or paravirtualization. The guest state is stored in Virtual Machine
Control Structures (VT-x) or Virtual Machine Control Blocks (AMD-V).

25
 VIRTUALIZATION BASICS

Also known as native virtualization, in this technique, underlying hardware provides

special CPU instructions to aid virtualization. This technique is also highly portable as the
hypervisor can run an unmodified guest OS. This technique makes hypervisor implementation
less complex and more maintainable.
Uses the computer's hardware to help build and manage a fully virtualized VM. This
type of virtualization is called hardware-assisted virtualization. In 1972, IBM came out with
the IBM System/370, which was the first computer with hardware-based virtualization. In order
to make a VMM in software, the host system had to do a lot of work. Designers soon realized
that virtualization functions could be done far more quickly and efficiently in hardware than in
software. This led to the development of command sets for Intel and AMD processors, such as
Intel VT and AMD-V extensions.
So, the hypervisor can just call the processor, which then does all the work of making
and maintaining VMs. A lot of the system's overhead has been cut, which means that the host
system can host more VMs and provide better VM performance for demanding tasks. Using
hardware to help you virtualize is the most common way to do it.
VIRTUALIZATION OF CPU, MEMORY AND I/O DEVICES
To support virtualization, processors such as the x86 employ a special running mode
and instructions, known as hardware-assisted virtualization. In this way, the VMM and guest
OS run in different modes and all sensitive instructions of the guest OS and its applications are
trapped in the VMM. To save processor states, mode switching is completed by hardware. For
the x86 architecture, Intel and AMD have proprietary technologies for hardware-assisted
virtualization.
CPU Virtualization
CPU Virtualization emphasizes running programs and instructions through a virtual
machine, giving the feeling of working on a physical workstation. All the operations are
handled by an emulator that controls software to run according to it. Nevertheless, CPU
Virtualization does not act as an emulator.
CPU Virtualization is one of the cloud-computing technology that requires a single
CPU to work, which acts as multiple machines working together. Virtualization mainly focuses
on efficiency and performance-related operations by saving time. When needed, the hardware
resources are used, and the underlying layer process instructions to make virtual machines
work.
A VM is a duplicate of an existing computer system in which a majority of the VM
instructions are executed on the host processor in native mode. Thus, unprivileged instructions

26
 VIRTUALIZATION BASICS

of VMs run directly on the host machine for higher efficiency. Other critical instructions should
be handled carefully for correctness and stability.
The critical instructions are divided into three categories: privileged instructions,
control-sensitive instructions, and behavior-sensitive instructions. Privileged instructions
execute in a privileged mode and will be trapped if executed outside this mode. Control-
sensitive instructions attempt to change the configuration of resources used. Behavior-sensitive
instructions have different behaviors depending on the configuration of resources, including
the load and store operations over the virtual memory.
A CPU architecture is virtualizable if it supports the ability to run the VM’s privileged
and unprivileged instructions in the CPU’s user mode while the VMM runs in supervisor mode.
When the privileged instructions including control- and behavior-sensitive instructions of a
VM are executed, they are trapped in the VMM. In this case, the VMM acts as a unified
mediator for hardware access from different VMs to guarantee the correctness and stability of
the whole system.
However, not all CPU architectures are virtualizable. RISC CPU architectures can be
naturally virtualized because all control- and behavior-sensitive instructions are privileged
instructions. On the contrary, x86 CPU architectures are not primarily designed to support
virtualization. This is because about 10 sensitive instructions, such as SGDT and SMSW, are
not privileged instructions. When these instructions execute in virtualization, they cannot be
trapped in the VMM.

27
 VIRTUALIZATION BASICS

Although x86 processors are not virtualizable primarily, great effort is taken to
virtualize them. They are used widely in comparing RISC processors that the bulk of x86-based
legacy systems cannot discard easily. Virtualization of x86 processors is detailed in the
following sections. Intel’s VT-x technology is an example of hardware-assisted virtualization,
as shown in Figure above. Intel calls the privilege level of x86 processors the VMX Root Mode.
In order to control the start and stop of a VM and allocate a memory page to maintain the CPU
state for VMs, a set of additional instructions is added. At the time of this writing, Xen, VMware,
and the Microsoft Virtual PC all implement their hypervisors by using the VT-x technology.
Memory Virtualization
Memory virtualization refers to centrally managing the physical memory of a PM and
dividing the physical memory into multiple virtual memory spaces for multiple VMs uses
memory virtualization to share the physical system memory and dynamically allocates memory
to VMs.
Virtual memory virtualization is similar to the virtual memory support provided by
modern operating systems. In a traditional execution environment, the operating system
maintains mappings of virtual memory to machine memory using page tables, which is a one-
stage mapping from virtual memory to machine memory. All modern x86 CPUs include a
memory management unit (MMU) and a translation lookaside buffer (TLB) to optimize virtual
memory performance. However, in a virtual execution environment, virtual memory
virtualization involves sharing the physical system memory in RAM and dynamically
allocating it to the physical memory of the VMs.
That means a two-stage mapping process should be maintained by the guest OS and the
VMM, respectively: virtual memory to physical memory and physical memory to machine
memory. Furthermore, MMU virtualization should be supported, which is transparent to the
guest OS. The guest OS continues to control the mapping of virtual addresses to the physical
memory addresses of VMs. But the guest OS cannot directly access the actual machine
memory. The VMM is responsible for mapping the guest physical memory to the actual
machine memory.
The figure below shows the two-level memory mapping procedure. Since each page
table of the guest OSes has a separate page table in the VMM corresponding to it, the VMM
page table is called the shadow page table. Nested page tables add another layer of indirection
to virtual memory. The MMU already handles virtual-to-physical translations as defined by the
OS. Then the physical memory addresses are translated to machine addresses using another set
of page tables defined by the hypervisor. Since modern operating systems maintain a set of

28
 VIRTUALIZATION BASICS

page tables for every process, the shadow page tables will get flooded. Consequently, the
performance overhead and cost of memory will be very high.

VMware uses shadow page tables to perform virtual-memory-to-machine-

memory address translation. Processors use TLB hardware to map the virtual memory directly
to the machine memory to avoid the two levels of translation on every access. When the guest
OS changes the virtual memory to a physical memory mapping, the VMM updates the shadow
page tables to enable a direct lookup. The AMD Barcelona processor has featured hardware-
assisted memory virtualization since 2007. It provides hardware assistance to the two-stage
address translation in a virtual execution environment by using a technology called nested
paging.
I/O Virtualization
I/O virtualization involves managing the routing of I/O requests between virtual devices
and the shared physical hardware. At the time of this writing, there are three ways to implement
I/O virtualization: full device emulation, para-virtualization, and direct I/O. Full device
emulation is the first approach for I/O virtualization. Generally, this approach emulates well-
known, real-world devices.

29
 VIRTUALIZATION BASICS

All the functions of a device or bus infrastructure, such as device enumeration,

identification, interrupts, and DMA, are replicated in software. This software is located in the
VMM and acts as a virtual device. The I/O access requests of the guest OS are trapped in the
VMM which interacts with the I/O devices. The full device emulation approach is shown in
Figure above.
A single hardware device can be shared by multiple VMs that run concurrently.
However, software emulation runs much slower than the hardware it emulates. The para-
virtualization method of I/O virtualization is typically used in Xen. It is also known as the split
driver model consisting of a frontend driver and a backend driver. The frontend driver is
running in Domain U and the backend driver is running in Domain 0. They interact with each
other via a block of shared memory. The frontend driver manages the I/O requests of the guest
OSes and the backend driver is responsible for managing the real I/O devices and multiplexing
the I/O data of different VMs. Although para-I/O-virtualization achieves better device
performance than full device emulation, it comes with a higher CPU overhead.
Direct I/O virtualization lets the VM access devices directly. It can achieve close-to-
native performance without high CPU costs. However, current direct I/O virtualization
implementations focus on networking for mainframes. There are a lot of challenges for
commodity hardware devices. For example, when a physical device is reclaimed (required by
workload migration) for later reassignment, it may have been set to an arbitrary state (e.g.,
DMA to some arbitrary memory locations) that can function incorrectly or even crash the whole
system. Since software-based I/O virtualization requires a very high overhead of device
emulation, hardware-assisted I/O virtualization is critical. Intel VT-d supports the remapping
of I/O DMA transfers and device-generated interrupts. The architecture of VT-d provides the
flexibility to support multiple usage models that may run unmodified, special-purpose, or
“virtualization-aware” guest OSes.
Another way to help I/O virtualization is via self-virtualized I/O (SV-IO) [47]. The key
idea of SV-IO is to harness the rich resources of a multicore processor. All tasks associated
with virtualizing an I/O device are encapsulated in SV-IO. It provides virtual devices and an
associated access API to VMs and a management API to the VMM. SV-IO defines one virtual
interface (VIF) for every kind of virtualized I/O device, such as virtual network interfaces,
virtual block devices (disk), virtual camera devices, and others. The guest OS interacts with the
VIFs via VIF device drivers. Each VIF consists of two message queues. One is for outgoing
messages to the devices and the other is for incoming messages from the devices. In addition,
each VIF has a unique ID for identifying it in SV-IO.

30