Cloud

Computing

Module 2: Virtualization
• Virtualization technology is one of the fundamental components of cloud computing,
especially in regard to infrastructure-based services.
• Virtualization allows the creation of a secure, customizable, and isolated execution
environment for running applications, even if they are untrusted, without affecting other
users’ applications.
• The basis of this technology is the ability of a computer program—or a combination of
software and hardware—to emulate an executing environment separate from the one
that hosts such programs.
2.1
• ForIntroduction
example, we can run Windows OS on top of a virtual machine, which itself
is running on Linux OS.

• Virtualization is a large umbrella of technologies and concepts that are meant to provide
an abstract environment—whether
♣ Virtualization technologies provide virtual ahardware
virtual orenvironment
an operating for
system—to run
not only
applications.applications but also for storage, memory, and networking.
executing
• The term virtualization is often synonymous with hardware virtualization, which plays a
fundamental role in efficiently delivering Infrastructure-as-a-Service (IaaS) solutions
for cloud computing.

• Virtualization technologies have gained renewed interested recently due to the merging
o Underutilized hardware and software resources: Hardware and software
underutilization is occurring due to (1) increased performance and computing
capacity, and (2) the effect of limited use of resources.
 Computers today are so powerful that in most cases only a fraction of their
capacity is used by an application or the system.
 Moreover, if we consider the IT infrastructure of an enterprise, many computers
are only partially utilized.
o Lack of space. The continuous need for additional capacity, whether storage or
compute power, makes data centers grow quickly.
 Companies such as Google and Microsoft* expand their infrastructures by
building data centers as large as football fields that are able to host thousands of
nodes.
o Greening initiatives: Recently, companies are increasingly looking for ways to
reduce the amount of energy they consume and to reduce their carbon footprint*.
 Data centers are one of the major power consumers; they contribute consistently
to the impact that a company has on the environment.
 Maintaining a data center operation not only involves keeping servers on, but a
great deal of energy is also consumed in keeping them cool. Infrastructures for
cooling have a significant impact on the carbon footprint of a data centre.
o Rise of administrative costs: Power consumption and cooling costs have now
become higher than the cost of IT equipment.
 Moreover, the increased demand for additional capacity, which translates into
2.2 Characteristics of Virtualized Environments
• Virtualization is a broad concept and it refers to the creation of a virtual version of
something, whether this is hardware, software environment , storage, or network.
• In a virtualized environment, there are three major components: gust, host and
virtualization layer.
1. Guest: represents the system component that interact with the virtualization layer.
2. Host: represents the original environment where the guest is supposed to be
managed.
3. Virtualization layer: is responsible for recreating the same or a different
environment where the guest will operate.

Figure 2.1: The

virtualization reference
model.
The advantages that are characterized by virtualized solutions are :
1. Increased security
• The ability to control the execution of a gust* Gust
in aiscompletely
a platform that helps founders
transparent manner
start, grow,execution
opens new possibilities for delivering a secure, controlled and fund environment.
their ventures
• Resources exposed by the host can then be with a network
hidden of partners
or simply and tools.
protected from
the guest. Moreover, sensitive information that is contained in the host can be
naturally hidden without the need of installing complex security policies.
• Both the JVM and .NET runtime provide extensive security policies for customizing
the execution environment of applications.
• Hardware virtualization solutions such as ‘Vmware Desktop’, ‘VirtualBox’ and
‘Parallels’ provide the ability to create a virtual computer with customized virtual
hardware on top of which a new OS can be installed.
2. Managed execution
• Virtualization of the execution
environment allow increased security
and provide a wide range of features:
i. Sharing: virtualization allows
the creation of a separate
computing environment within
the same host. In this way , it is
possible to fully exploit the Figure 2.2: Functions enabled by
capabilities of a powerful host, managed execution
i. Aggregation: A group of
separate hosts can be tied
together and represented
to gusts as a single virtual
host. This function is
naturally implemented in
middleware for distributed
computing.
ii. Emulation: A complete
different environment with
respect to the host can be
emulated, allowing the
execution of guests
requiring specific Figure 2.2: Functions enabled by
characteristics that are not managed execution
present in the physical
host.
iii. Isolation: Virtualization
allows providing guests-
whether they are OS,
applications or other
entities- with a complete
3. Portability
Portability applies in different ways in different type of
virtualization.
• In the case of hardware virtualization the guest is packaged
into a virtual image that can be safely move and executed on
top of different virtual machines.
• In case of programming level virtualization the binary code
representing application components can be run without any
recompilation on any implementation of the corresponding
virtual machine.
• Portability allows having our own system always with us and
ready to use.
2.3 Taxonomy/Classification of Virtualization Techniques
• Virtualization covers a wide range of
emulation techniques that are applied Emulation in cloud computing is the process
to different areas of computing. A of making one system imitate another.
classification of these techniques Emulation, as name suggests, is a technique in
helps us better understand their which Virtual machines simulates complete
characteristics and use. (see Figure hardware in software.
2.3)
• The first classification discriminates
against the service or entity that is
being emulated.
• Virtualization is mainly used to
emulate* execution environments,
storage, and networks.
• Among these categories, execution
virtualization constitutes the oldest,
most popular, and most developed
area.
• In particular we can divide these
Figure 2.3: A Taxonomy of Virtualization
execution virtualization techniques Techniques.
into two major categories by
2.3 Taxonomy/Classification of Virtualization Techniques
o System-level techniques are
implemented directly on hardware
and do not require—or require a
minimum of support from—an
existing operating system.
• Within these two categories we can
list various techniques that offer the
guest a different type of virtual
computation environment: bare
hardware, operating system
resources, low-level programming
language, and application libraries.

2.3.1 Execution Virtualization

• Execution virtualization includes all
techniques that aim to emulate an
execution environment that is
separate from the one hosting the Figure 2.3: A Taxonomy of Virtualization
virtualization layer. Techniques.
2.3 Taxonomy/Classification of Virtualization Techniques
• All these techniques concentrate their interest on providing support for the execution of
programs, whether these are the operating system, a binary specification of a program
compiled against an abstract machine model, or an application.
• Therefore, execution virtualization can be implemented directly on top of the hardware
by the operating system, an application, or libraries dynamically or statically linked to
an application
2.3.1.1 image.
Machine Reference Model
• Virtualizing an execution environment
at different levels of the computing
stack requires a reference model that
defines the interfaces between the
levels of abstractions, which hide
implementation details.
• From this perspective, virtualization
techniques actually replace one of the
layers and intercept the calls that are
directed toward it. Figure 2.4: A Machine Reference Model
• Therefore, a clear separation between
layers simplifies their implementation,
which only requires the emulation of
the interfaces and a proper interaction
2.3 Taxonomy/Classification of Virtualization Techniques
• At the bottom layer, the model for the
hardware is expressed in terms of the
Instruction Set Architecture (ISA),
which defines the instruction set for
the processor, registers, memory, and
interrupt management.
• ISA is the interface between hardware
and software, and it is important to
the operating system developer
(System ISA) and developers of Figure 2.4: A Machine Reference Model
applications
• The thatBinary
Application directly manage(ABI)
Interface the separates the operating system layer from the
underlying hardware
applications (Userwhich
and libraries, ISA). are managed by the OS.
• ABI covers details such as low-level data types, alignment, and call conventions and
defines a format for executable programs. System calls are defined at this level.
• The highest level of abstraction is represented by the Application Programming Interface
(API), which interfaces applications to libraries and/or the underlying operating system.
• For any operation to be performed in the application level API, ABI and ISA are
responsible for making it happen.
2.3 Taxonomy/Classification of Virtualization Techniques
2.3.1.2 Hardware-level Virtualization
• Hardware-level virtualization is a
virtualization technique that provides
an abstract execution environment in
terms of computer hardware on top of
which a guest operating system can
be run.
• In this model, the guest is
represented by the operating system,
the host by the physical computer
hardware, the virtual machine by its
emulation, and the virtual machine
manager by the hypervisor.
• The hypervisor is generally a
program or a combination of software
and hardware that allows the Figure 2.5: A Hardware Virtualization
abstraction of the underlying physical Reference Model
hardware.
2.3 Taxonomy/Classification of Virtualization Techniques
2.3.1.2 Hardware-level Virtualization
• Hardware-level virtualization is a
virtualization technique that provides
an abstract execution environment in
terms of computer hardware on top of
which a guest operating system can
be run.
• In this model, the guest is
represented by the operating system,
the host by the physical computer
hardware, the virtual machine by its
emulation, and the virtual machine
manager by the hypervisor.
• The hypervisor is generally a
program or a combination of software
and hardware that allows the Figure 2.5: A Hardware Virtualization
abstraction of the underlying physical Reference Model
hardware.
2.3 Taxonomy/Classification of Virtualization Techniques
♣ Hypervisors:
• A fundamental element of hardware
virtualization is the hypervisor, or
virtual machine manager (VMM).
• It recreates a hardware environment
in which guest operating systems are
installed.
• There are two major types of
hypervisor: Type I and Type II. (see
Figure 2.6) Figure 2.6: Hosted (left) and native (right) virtual
machines. This figure provides a graphical
Type I Hypervisors:
 Therefore, representation of the two types of hypervisors
they take the place of the operating systems and interact directly with the ISA
 It is run directly on top of the
interface exposed by the underlying hardware, and they emulate this interface in order
hardware.
to allow the management of guest operating systems.
 It is also called a native virtual machine since it runs natively on hardware.

Type II Hypervisors:
 It require the support of an operating system to provide virtualization services.
2.3 Taxonomy/Classification of Virtualization Techniques
 This means that they are programs
managed by the operating system, which
interact with it through the ABI and
emulate the ISA of virtual hardware for
guest operating systems.
 It is also called a hosted virtual machine
since it is hosted within an operating
system.
Figure 2.6: Hosted (left) and native (right) virtual machines. This
figure provides a graphical representation of the two types of
Three main modules coordinate hypervisors
their activity in order to emulate
the underlying hardware:
1. Dispatcher : The dispatcher constitutes the entry point of the
monitor and re-routes the instructions issued by the virtual
machine instance to one of the two other modules.
2. Allocator : The allocator is responsible for deciding the system
resources to be provided to the VM: whenever a virtual
machine tries to execute an instruction that results in changing
the machine resources associated with that VM, the allocator is
invoked by the dispatcher.
Figure 2.7: A Hypervisor Reference 3. Interpreter : This module consists of interpreter routines. These
Architecture. are executed whenever a virtual machine executes a privileged
instruction: a trap is triggered and the corresponding routine is
2.3 Taxonomy/Classification of Virtualization Techniques
♣ Hardware Virtualization Techniques:
a. Hardware-assisted virtualization:
• This term refers to a scenario in which the hardware provides architectural support
for building a virtual machine manager able to run a guest operating system in
complete isolation.
b. Full virtualization:
• Full virtualization refers to the ability to run a program, most likely an operating
system, directly on top of a virtual machine and without any modification, as
though it were run on the raw hardware. To make this possible, virtual machine
managers are required to provide a complete emulation of the entire underlying
hardware.
• The advantage of full virtualization is complete isolation, which leads to enhanced
security, ease of emulation of different architectures, and coexistence of
different systems on the same platform.
• A successful and efficient implementation of full virtualization is obtained with a
combination of hardware and software, not allowing potentially harmful
instructions to be executed directly on the host.
c. Paravirtualization:
• It expose a software interface to the virtual machine that is slightly modified from the
host and, as a consequence, guests need to be modified.
2.3 Taxonomy/Classification of Virtualization Techniques
• To take advantage of such an opportunity, guest operating systems need to be modified and
explicitly ported by remapping the performance-critical operations through the virtual machine
software interface.
• This is possible when the source code of the operating system is available, and this is the
reason that paravirtualization was mostly explored in the open-source and academic
environment.
2.3 Taxonomy/Classification of Virtualization Techniques
d. Partial virtualization:
• It provides a partial emulation of the underlying hardware, thus not allowing the
complete execution of the guest operating system in complete isolation.
• It allows many applications to run transparently, but not all the features of the
operating system can be supported, as happens with full virtualization.
• An example of partial virtualization is address space virtualization used in time-
sharing systems; this allows multiple applications and users to run concurrently in
a separate memory space, but they still share the same hardware resources (disk,
processor, and network).

•♣ Operating
OperatingSystem-level Virtualization:
system-level virtualization offers the
opportunity to create different and separated
execution environments for applications that are
managed concurrently.
• Differently from hardware virtualization, there is no
virtual machine manager or hypervisor, and the
virtualization is done within a single operating
system, where the OS kernel allows for multiple
isolated user space instances.
• The kernel is also responsible for sharing the
2.3 Taxonomy/Classification of Virtualization Techniques
• This virtualization technique can be considered an evolution of the chroot mechanism
in Unix systems.
o The chroot operation changes the file system root directory for a process and its
children to a specific directory.
o As a result, the process and its children cannot have access to other portions of the
file system than those accessible under the new root directory. Because Unix
systems also expose devices as parts of the file system, by using this method it is
possible to completely isolate a set of processes.
• Examples of operating system-level virtualizations are FreeBSD Jails, IBM Logical
Partition (LPAR), SolarisZones and Containers, Parallels Virtuozzo Containers, OpenVZ,
iCore Virtual Accounts, Free Virtual Private Server (FreeVPS), and others.

2.3.1.3 Programming Language-level Virtualization

• It is mostly used to achieve ease of deployment of applications, managed execution, and
portability across different platforms and operating systems.
• It consists of a virtual machine executing the byte code of a program, which is the
result of the compilation process.
• Compilers implemented and used this technology to produce a binary format
representing the machine code for an abstract architecture.
• The characteristics of this architecture vary from implementation to implementation.
2.3 Taxonomy/Classification of Virtualization Techniques
• The main advantage of programming-level virtual machines, also called process virtual
machines, is the ability to provide a uniform execution environment across different
platforms.
• Programs compiled into byte code can be executed on any operating system and
platform for which a virtual machine able to execute that code has been provided.

2.3.1.4 Application-level Virtualization

• Application-level virtualization is a technique allowing applications to be run in runtime
environments that do not natively support all the features required by such applications.
• In this scenario, applications are not installed in the expected runtime environment but
are run as though they were.
• In general, these techniques are mostly concerned with partial file systems, libraries,
and operating system component emulation. Such emulation is performed by a thin
layer—a program or an operating system component—that is in charge of executing the
application.
• One of the following strategies can be implemented:
o Interpretation: In this technique every source instruction is interpreted by an emulator for
executing native ISA instructions, leading to poor performance. Interpretation has a minimal
startup cost but a huge overhead, since each instruction is emulated.
o Binary translation: In this technique every source instruction is converted to native
instructions with equivalent functions. After a block of instructions is translated, it is cached and
2.3 Taxonomy/Classification of Virtualization Techniques
2.3.2 Other Types of Virtualization
• Other than execution virtualization, other types of virtualization provide an abstract
environment to interact with. These mainly cover storage, networking, and client/server
interaction.

a. Storage Virtualization
• It is a system administration practice that allows decoupling the physical organization of
the hardware from its logical representation.
• Using this technique, users do not have to be worried about the specific location of their
data, which can be identified using a logical path.
• Storage virtualization allows us to harness a wide range of storage facilities and
represent them under a single logical file system.
• There are different techniques for storage virtualization, one of the most popular being
network-based virtualization by means of storage area networks (SANs).
• SANs use a network-accessible device through a large bandwidth connection to provide
storage facilities.

b. Network Virtualization
• It combines hardware appliances and specific software for the creation and management
of a virtual network.
2.3 Taxonomy/Classification of Virtualization Techniques
• The result of external network virtualization is generally a virtual LAN (VLAN).
• A VLAN is an aggregation of hosts that communicate with each other as though they
were located under the same broadcasting domain.
• Internal network virtualization is generally applied together with hardware and operating
system level virtualization, in which the guests obtain a virtual network interface to
communicate with.
• There are several options for implementing internal network virtualization: The guest can
share the same network interface of the host and use Network Address Translation (NAT)
to access the network; the virtual machine manager can emulate, and install on the host,
an additional network device, together with the driver; or the guest can have a private
network only with the guest.

c. Desktop Virtualization
• It abstracts the desktop environment available on a personal computer in order to
provide access to it using a client/server approach.
• Desktop virtualization provides the same out-come of hardware virtualization but serves
a different purpose. Similarly to hardware virtualization, desktop virtualization makes
accessible a different system as though it were natively installed on the host, but this
system is remotely stored on a different host and accessed through a network
connection.
2.3 Taxonomy/Classification of Virtualization Techniques
• Although the term desktop virtualization strictly refers to the ability to remotely access a
desktop environment, generally the desktop environment is stored in a remote server or
a data center that provides a high-availability infrastructure and ensures the accessibility
and persistence of the data.
• The advantages of desktop virtualization are high availability, persistence, accessibility,
and ease of management.
• The basic services for remotely accessing a desktop environment are implemented in
software components such as Windows Remote Services, VNC, and X Server.
• Infrastructures for desktop virtualization based on cloud computing solutions include Sun
Virtual Desktop Infrastructure (VDI), Parallels Virtual Desktop Infrastructure (VDI), Citrix
XenDesktop, and others.

d. Application Server Virtualization

• It abstracts a collection of application servers that provide the same services as a single
virtual application server by using load-balancing strategies and providing a high-
availability infrastructure for the services hosted in the application server.
• This is a particular form of virtualization and serves the same purpose of storage
virtualization: providing a better quality of service rather than emulating a different
environment.
2.4 Virtualization and Cloud Computing
• Virtualization plays an important role in cloud computing , it allows for the appropriate
degree of customization, security, isolation, and manageability that are fundamental for
delivering IT services on demand.
• Virtualization technologies are primarily used to offer configurable computing
environments and storage.
• Hardware and programming language virtualization are the techniques adopted in cloud
computing.
• Hardware virtualization is an enabling factor for solutions in IaaS.
• Programming language virtualization leveraged in PaaS.
• Virtualization simplify the leasing of services and their accountability on the vendor side.
• Server consolidation and virtual machine migration are principally used in the case of
hardware virtualization (Figure 2.8).

Server consolidation
• It allows reducing the number of active resources by aggregating virtual machines over
smaller number of resources that become fully utilized.
• It allows reducing the power consumption of a data center and resolving hardware
underutilization.

Live migration
2.4 Virtualization and Cloud Computing
• It is important to notice that cloud
computing is strongly leveraged for the
development of applications that need to
scale on demand.
• In most cases, this is because
applications have to process increased
workloads or serve more requests, which
makes them server applications.
• In this scenario, it is evident that live
migration offers a better solution because
it does not create any service interruption
during consolidation.

Figure 2.8: Live Migration and Server

Consolidation
2.5 Pros and Cons of Virtualization
Virtualization has now become extremely popular and widely used, especially in
cloud computing. The primary reason for its wide success is the elimination of technology
barriers that prevented virtualization from being an effective and viable solution in the
past. The most relevant barrier has been performance.

Advantages of Virtualization:
1. Managed execution and isolation: These characteristics allow building secure and
controllable computing environments. This enables fine tuning of resources , which is
very important in server consolidation scenario.
2. Portability: Virtual machine instances are normally represented by one or more files
that can be easily transported with respect to physical systems. Java programs are
“compiled once and run everywhere” –they only require the java virtual machine to be
installed on the host.
3. Self-containment: Contribute to reduce the costs for maintenance , since the number
of hosts is expected to be lower than the number of virtual machine instances.
4. Efficient use of resources: Multiple systems can securely coexist and share the
resources of the underlying host, without interfering with each other. Thus save energy
consumption and have less impact on the environment.

Disadvantages of Virtualization:
2.5 Pros and Cons of Virtualization
• For instance, in the case of hardware virtualization, where the intermediate emulates a
bare machine on top of which an entire system can be installed, the causes of
performance degradation can be traced back to the overhead introduced by the
following activities:
o Maintaining the status of virtual processors
o Support of privileged instructions (trap and simulate privileged instructions)
o Support of paging within VM
o Console functions
• Furthermore, when hardware virtualization is realized through a program that is installed
or executed on top of the host operating systems, a major source of performance
degradation is represented by the fact that the virtual machine manager is executed
and scheduled together with other applications, thus sharing with them the resources of
the host.
• Similar consideration can be made in the case of virtualization technologies at higher
levels, such as in the case of programming language virtual machines (Java, .NET, and
others).
• Binary translation and interpretation can slow down the execution of managed
applications.

2. Inefficiency and degraded user experience

2.5 Pros and Cons of Virtualization
• In the case of programming-level virtual machines, some of the features of the
underlying operating systems may become inaccessible unless specific libraries are
used.

3. Security holes and new threats

• Virtualization opens the door to a new and unexpected form of phishing.
• The capability of emulating a host in a completely transparent manner led the way to
malicious programs that are designed to extract sensitive information from the guest.
• In the case of hardware virtualization, malicious programs can preload themselves
before the operating system and act as a thin virtual machine manager toward it.
• The operating system is then controlled and can be manipulated to extract sensitive
information of interest to third parties.
• The same considerations can be made for programming-level virtual machines: Modified
versions of the runtime environment can access sensitive information or monitor the
memory locations utilized by guest applications while these are executed.
• To make this possible, the original version of the runtime environment needs to be
replaced by the modified one, which can generally happen if the malware is run within
an administrative context or a security hole of the host operating system is exploited.
2.6 Technology Examples
A wide range of virtualization technology is available especially for virtualizing
computing environments.

1. Xen: Paravirtualization
• Xen is an open-source initiative implementing a virtualization platform based on
paravirtualization.
• Initially developed by a group of researchers at the University of Cambridge in the UK.
• Xen-based technology is used for either desktop virtualization or server virtualization,
and recently it has also been used to provide cloud computing solutions by means of
Xen Cloud Platform (XCP).
• At the basis of all these solutions is the Xen Hypervisor, which constitutes the core
technology of Xen.
• Recently Xen has been advanced to support full virtualization using hardware-assisted
virtualization.
• Xen is the most popular implementation of paravirtualization, which, in contrast with full
virtualization, allows high-performance execution of guest operating systems.
• A Xen-based system is managed by the Xen hypervisor, which runs in the highest
privileged mode and controls the access of guest operating system to the underlying
hardware.
• Figure 2.9 describes the architecture of Xen and its mapping onto a classic x86 privilege
2.6 Technology Examples
• Many of the x86 implementations
support four different security levels,
called rings, where Ring 0 represent
the level with the highest privileges
and Ring 3 the level with the lowest
ones.
• Almost all the most popular operating
systems, except OS/2, utilize only two
levels: Ring 0 for the kernel code, and
Ring 3 for user application and
nonprivileged OS code.
• This provides the opportunity for Xen
to implement virtualization by
Figure 2.9: Xen architecture and guest OS
executing the hypervisor in Ring 0,
management.
Domain 0, and all the other domains
running guest operating systems—
• This allows
generally Xen totomaintain
referred as Domainthe U—n
ABI unchanged, thus allowing an easy switch to Xen-
virtualized
Ring 1, whilesolutions
the userfrom an application
applications are point of view. Because of the structure of the
x86 instruction
run in Ring 3. set, some instructions allow code executing in Ring 3 to jump into Ring 0
(kernel mode).
2.6 Technology Examples
• Such operation is performed at the hardware level and therefore within a virtualized
environment will result in a trap or silent fault, thus preventing the normal operations
of the guest operating system, since this is now running in Ring 1.
• This condition is generally triggered by a subset of the system calls. To avoid this
situation, operating systems need to be changed in their implementation, and the
sensitive system calls need to be reimplemented with hypercalls, which are specific
calls exposed by the virtual machine interface of Xen.