CV-Module 2
CV-Module 2
virtualization
• Virtualizing x86 computer architectures
involves creating virtual instances of x86-
based systems, allowing multiple
operating systems or applications to run
concurrently on the same physical
hardware.
• This concept is central to modern cloud
computing, where virtualization plays a
key role in resource optimization,
scalability, and flexibility.
• In the late 1990s when internet consumption was booming
and microprocessors were growing by Moore’s law, A need to
build large scale systems was arising.
• Instead of adding more physical machines for running
applications, businesses like IBM started building
virtualization solutions to run many operating systems on
their single powerful mainframes.
• Datacenters expanded in capacity comprising thousands of
physical machines serving applications on the internet.
Instead of providing a single physical machine to each user,
many virtualized systems running on each machine offered a
cheaper and more efficient solution revolutionizing the
industry.
• VMWare arose to the technological forefront of virtualization
with their state of the art server and desktop virtualization
offerings.
Methods for Virtualizing x86 Computers:
1.Hypervisor:
1. This is software that manages virtual machines.
2. There are two types:
1.Type-1 hypervisor: Runs directly on the computer's hardware.
2.Type-2 hypervisor: Runs on top of an operating system.
2.Virtual Operating Systems:
1. These are operating systems that run within a virtual machine.
2. Examples include VirtualBox, VMware Workstation, and KVM.
Benefits of Virtualizing x86 Computers:
•Running multiple operating systems on a single computer: Create different
computing environments using various operating systems.
•Isolation: Protect different applications from each other.
•Testing and development: Test new operating systems, applications, or software in
a safe environment.
•Resource management: Efficiently utilize the computer's resources.
Tools for Virtualizing x86 Computers:
•VirtualBox: A free and open-source virtual operating system created by Oracle
Corporation.
•VMware Workstation: A commercial virtual operating system created by VMware,
Inc.
•KVM: A virtual operating system built into the Linux kernel.
Virtualized Ubuntu 16 running via VMWare on Windows 10 (lscpu lists the OS as
fully virtualized)
Advantages of Virtualization
• Using VMWare or Virtualbox software, a desktop computer can
run many operating systems at the same time at near-native
performance.
• Developers can have multiple virtual machines running various
environments required for development and testing.
• A developer on Windows can develop Linux applications as if
they were running it natively. Production environments can be
simulated on local systems easily with virtualized systems.
• Server virtualization enables datacenters to efficiently utilize
hardware resources by running multiple operating systems
provisioned to many users running on a single machine.
• Amazon EC2 is the cloud compute service on Amazon Web
Services, They use a modified Xen Server based system to
provision and manage virtual machines across their
datacenters efficiently.
Virtualization of Hardware
• Various hardware components constitute a computer, the job of
virtualization software is to emulate the hardware identically in
software.
• This emulated computer system is identical to the one running
the host and exposes identical interfaces.
• Virtualization Software executes the code for a guest operating
system as it might be running on actual hardware and thus be
able to run multiple operating systems on the same machine.
• The difficult problem is to emulate all the aspects of the
hardware identically and efficiently.
• The CPU, Memory and Device I/O are the major components
needed to be virtualized by virtualization software.
• This emulation poses several technical challenges in
performance, isolation, and security.
• Hypervisor: It is an application that manages many virtual
machines running on the system.
It is either executed as a separate OS on the hardware directly
called a Type 1 Hypervisor.
Otherwise, it can run inside another operating system as an
application called a Type 2 Hypervisor.
•
Microsoft’s Hyper-V, The Xen Project are examples of Type 1
hypervisors.
•
VirtualBox, VMWare Workstation, QEMU are examples
of Type 2 hypervisors.
• Host Operating System: The operating system via
which the Virtual Machines are run. For Type 1
Hypervisors, as in Hyper-V, the hypervisor itself is
the Host OS which schedules the virtual
machines and allocates memory. For Type 2
hypervisors, the OS on which the hypervisor
applications run is the Host OS.
• Guest Operating System: The operating system
that uses virtualized hardware. It can be either
Fully Virtualized or Para Virtualized. An
enlightened guest OS knows that its a virtualized
system which can improve performance.
• Virtual Machine Monitor: VMM is the application that
virtualizes hardware for a specific virtual machine and
executes the guest OS with the virtualized hardware.
• Full Virtualization: The guest OS is presented an
identical CPU and hardware as the original host. This is
difficult to achieve on x86 without hardware support as
some components like the memory management unit is
difficult to simulate.
• Para Virtualization: The code of the guest operating
systems is modified. The interfaces for user
applications don’t change but the kernel uses modified
interfaces to interact with the hypervisor to access
certain functions of the system. This improves
virtualization performance.
Emulating the CPU
• Emulating the CPU is executing the instructions present
in the Guest OS program.
• This can be done by directly executing the memory
containing these instructions.
• We need to make sure that the guest OS is not able to
manipulate the system outside of regions of its memory
and it cannot modify sensitive parts of the host system
like the segment descriptors, memory management
registers, etc.
• A situation which allows this is a vulnerability and is
called a VM Escape, allowing the guest OS to escape the
isolation of the virtual machine.
Binary Translation
• The first virtualization software were based on Binary
Translation or BT, It trapped the execution of the instructions
from the guest OS and translated them as required.
• If it required execution of sensitive instructions, it will
convert the instructions to use a different instruction in
actual execution and return the data as defined in the Virtual
Machine Monitor.
• The extra overhead in translation due to high amount of
context switching between the guest and the host for
translating instructions lead to performance degradation in
binary translation.
• The evolution of an x86 virtual machine monitor is an
excellent paper from VMWare highlighting the details and
challenges of binary translation.
Hardware Assisted Virtualization
• To overcome the lack of performance in binary translation, CPU makers
added virtualization support to the hardware which provided various features
like hardware isolation of virtual machines, hardware paging and memory
management for individual virtual machines.
• This enables a virtual machine to run at near-native speeds. Intel VT-x
introduces new instructions to x86 enabling virtualization support in the
hardware.
• This hardware support brings the concepts of hosts and guests to the
hardware enabling the CPU to virtualize its components like the MMU, TLB’s,
etc to each virtual machine automatically. This makes full virtualization
possible and virtual machines can execute at near-native performance.
• The amount of context switching between the guest to host OS decreases
and most of the guest OS executes directly on the CPU rather than via the
host OS.
• With hardware virtualization, the hardware can virtualize the virtualization
extensions themselves allowing recursive virtualization.
• The nested virtual machines run at the same level as the first guest OS
Emulating the memory
• An operating system uses virtual memory to create
address spaces and processes.
• The address space is a virtual and contiguous piece of memory
for every process realized using paging and can be as large as
128 terabytes. This is called Virtual Memory.
• Implementing virtual memory systems in software is inefficient
thus many CPUs come with an inbuilt Memory Management Unit
which gives hardware assistance in creating virtual memory
systems by providing hardware page tables and
translation lookaside buffers.
The x86 architecture supports virtual memory with an MMU consisting of
a TLB and a hardware page table walker. The walker fills the TLB by
traversing hierarchical page tables, in physical memory.
• The Translation Lookaside Buffer (TLB) caches page
table entries resolving to physical addresses.
• As the TLB fills up with entries performance of the
system increases as it less frequently incurs the penalty
of traversing the page table structures filling the page
table entry in the TLB.
• The VMM virtualizes the MMU of the CPU in the software using
the virtual memory mechanisms of the host OS.
3.Paravirtualization:
Paravirtualization involves modifying the guest operating
system to work with the hypervisor.
This reduces overhead by allowing the guest OS to directly
communicate with the hypervisor, optimizing performance.
Examples include Xen with a paravirtualized Linux kernel.
4. Hardware-Assisted Virtualization:
Modern x86 processors include virtualization extensions (e.g., Intel VT-
x and AMD-V) that enhance the performance and security of VMs.
These extensions allow the hypervisor to efficiently manage VMs by
offloading certain tasks to the hardware.
5.Nested Virtualization:
Nested virtualization allows a VM to run as a hypervisor and create
additional VMs. This is particularly useful for testing and development
environments where virtualization environments need to be replicated.
6. Memory Virtualization:
Virtual memory management allows VMs to use memory resources
efficiently. Techniques like memory overcommitment and ballooning
are used to optimize the use of physical memory among multiple VMs.
7.I/O Virtualization:
I/O virtualization abstracts physical input/output devices,
enabling VMs to share and access physical devices like network
interfaces and storage.
8. Storage Virtualization:
Storage virtualization abstracts physical storage devices,
allowing them to be managed and allocated dynamically to VMs.
Virtual disk files (e.g., VMDK, VHD) represent the storage used
by VMs.
Applications and Benefits:
•Server Consolidation: Reducing the number of
physical servers by running multiple VMs on a
single server.
•Disaster Recovery: VMs can be easily backed up
and restored, improving business continuity.
•Scalability: Virtual environments can be scaled up
or down quickly by adding or removing VMs.
•Resource Optimization: Efficient use of CPU,
memory, and storage resources across multiple
workloads.
• MMU (Memory Management Unit) virtualization
is a critical aspect of virtualizing computer
systems, particularly in x86 architectures.
• The MMU is responsible for translating virtual
memory addresses used by applications into
physical memory addresses used by the
hardware.
• In a virtualized environment, MMU
virtualization ensures that each virtual
machine (VM) can manage its memory
independently while sharing the underlying
physical memory with other VMs.
• Key Concepts in MMU Virtualization:
1.Shadow Page Tables:
1.In early virtualization implementations, the
hypervisor used shadow page tables to manage
the virtual-to-physical address translation for each
VM. The hypervisor would maintain a copy of the
guest OS's page tables (called shadow page
tables) that maps guest virtual addresses to host
physical addresses.
2.The hypervisor intercepts memory operations by
the guest OS, updating the shadow page tables
accordingly. This approach ensures that the guest
OS remains unaware that it is running in a
• CPU virtualization is a key component of
modern virtualization technologies that
allows multiple operating systems and
applications to run concurrently on a single
physical CPU by abstracting and sharing the
CPU's resources.
• This capability is fundamental to enabling
virtual machines (VMs) to operate as if they
have dedicated access to the CPU, even
though they are sharing it with other VMs.
Key Concepts in CPU Virtualization:
1.Hypervisor (Virtual Machine Monitor - VMM):
1. The hypervisor is the layer of software that manages CPU virtualization. It acts as an
intermediary between the physical CPU and the virtual machines, ensuring that each
VM gets its fair share of CPU resources.
2.Type 1 Hypervisor (Bare-metal): Runs directly on the physical hardware (e.g.,
VMware ESXi, Microsoft Hyper-V).
3.Type 2 Hypervisor (Hosted): Runs on top of a host operating system (e.g., VMware
Workstation, Oracle VirtualBox).
2.CPU Scheduling:
1. The hypervisor schedules CPU time for each VM, ensuring that multiple VMs can share
the same physical CPU without interfering with each other. This involves allocating
CPU cycles to VMs based on their needs and the overall load on the system.
2. The hypervisor uses various scheduling algorithms, such as round-robin or priority-
based scheduling, to manage how CPU resources are distributed among VMs.
3.Full Virtualization:
1. In full virtualization, the hypervisor creates a complete virtual environment that
emulates the underlying hardware, allowing unmodified guest operating systems to
run. This includes virtualizing the CPU so that the guest OS behaves as though it has
direct access to a physical CPU.
2. The hypervisor traps and emulates privileged CPU instructions that cannot be directly
4. Paravirtualization:
1. In paravirtualization, the guest OS is aware that it is running in a virtualized
environment and is modified to interact with the hypervisor more efficiently.
This reduces the overhead of CPU virtualization by allowing the guest OS to
communicate directly with the hypervisor for certain tasks.
• 5. Hardware-Assisted Virtualization:
• Modern CPUs include hardware features designed to improve the
efficiency of CPU virtualization. Intel VT-x and AMD-V are examples of
such technologies.
• Intel VT-x and AMD-V: These extensions provide support for trapping
and executing privileged instructions directly in hardware, reducing the
need for the hypervisor to emulate these instructions, which
significantly improves performance.
• VMCS (Virtual Machine Control Structure) and VMCB (Virtual
Machine Control Block): Structures used by Intel and AMD,
respectively, to manage the state of VMs, including the CPU state,
making context switches between VMs more efficient.
6. Nested Virtualization:Nested virtualization allows a VM to run
as a hypervisor itself, creating additional VMs. This is particularly
useful in development, testing, and training environments where
you need to simulate complex virtualization scenarios.
1. Device Emulation:
How It Works: The hypervisor emulates physical devices and presents them as
virtual devices to the guest operating systems. This allows the VMs to interact
with standard hardware devices without being aware that they are virtualized.
Example: A network interface card (NIC) in the host machine can be emulated
by the hypervisor and appear as a virtual NIC in each VM.
2. Para-Virtualized Drivers:
How It Works: Instead of fully emulating hardware devices, the hypervisor uses
para-virtualized drivers, which are optimized for virtual environments. These
drivers are aware of the virtualized nature of the I/O and interact directly with
the hypervisor, bypassing some of the overhead associated with full emulation.
Example: Virtio drivers in KVM or Xen hypervisors provide efficient I/O
performance for VMs by communicating directly with the hypervisor.
3. Direct Device Assignment (PCI Passthrough):
How It Works: With direct device assignment, a physical I/O device, such as a PCI or PCIe device,
is directly assigned to a VM, allowing the VM to have near-native performance by bypassing the
hypervisor. The VM interacts with the hardware as if it were physically connected to it.
Example: A GPU or a high-performance NIC can be directly assigned to a VM for tasks that require
high throughput or low latency.
Limitations: This method sacrifices some flexibility, as the device is dedicated to a single VM, and
other VMs cannot use it simultaneously.
How It Works: SR-IOV is a hardware-based technology that allows a single physical PCIe device,
such as a NIC, to appear as multiple separate virtual devices (Virtual Functions, or VFs) to the VMs.
Each VF can be assigned directly to a VM, allowing high-performance I/O with minimal overhead.
Example: A physical NIC with SR-IOV can create multiple virtual NICs, each of which can be
directly assigned to different VMs, providing each VM with its own isolated network interface.
Benefits: SR-IOV provides the performance benefits of direct device assignment while maintaining
the flexibility to share the physical device among multiple VMs.
5. Network and Storage Virtualization:
Network Virtualization: Abstracts physical network components to
create virtual networks that can be managed and allocated to VMs.
Technologies like virtual switches, VLANs, and VXLANs enable network
traffic between VMs and external networks to be managed efficiently.
Storage Virtualization: Abstracts physical storage devices to create
virtual storage pools that can be allocated to VMs. Technologies like virtual
SANs (vSANs), iSCSI, and virtual disks enable flexible and scalable storage
management for VMs.
6. I/O Virtualization Frameworks:
How It Works: I/O virtualization frameworks, such as VMware's vSphere
and Microsoft's Hyper-V, provide comprehensive tools and services to
manage I/O virtualization. These frameworks include features like virtual
networking, virtual storage management, and automated provisioning of
I/O resources.
Virtualization is used to create a virtual version of an underlying service With
the help of Virtualization, multiple operating systems and applications can
run on the same machine and its same hardware at the same time,
increasing the utilization and flexibility of hardware. It was initially
developed during the mainframe era.