1. J.Jeysree

2. What is VirtualizationVirtualization is a technique ofabstracting physical resources in to logicalviewIncreases utilization and capability of ITresourceSimplifies resource management bypooling and sharing resourcesSignificantly reduce downtimePlanned and unplannedImproved performance of IT resources 3. What is a Virtual Machine ? 4. Why Virtualize?Consolidate resourcesServer consolidationClient consolidationImprove system managementFor both hardware and softwareFrom the desktop to the data centerImprove the software lifecycleDevelop, debug, deploy and maintain applications in virtualmachinesIncrease application availabilityFast, automated recovery 5. Consolidate resourcesServer consolidationreduce number of serversreduce space, power and cooling70-80% reduction numbers cited in industryClient consolidationdevelopers: test multiple OS versions, distributedapplication configurations on a single machineend user: Windows on Linux, Windows on Macreduce physical desktop space, avoid managing multiplephysical computers 6. Improve system managementData center managementVM portability and live migration a key enablerautomate resource scheduling across a pool of serversoptimize for performance and/or power consumptionallocate resources for new applications on the flyadd/remove servers without application downtimeDesktop managementcentralize management of desktop VM imagesautomate deployment and patching of desktop VMsrun desktop VMs on servers or on client machinesIndustrycited 10x increase in sys admin efficiency 7. Improve the software lifecycleDevelop, debug, deploy and maintain applications invirtual machinesPower tool for software developersrecord/replay application execution deterministicallytrace application behavior online and offlinemodel distributed hardware for multitier applicationsApplication and OS flexibilityrun any application or operating systemVirtual appliancesa complete, portable application execution environment 8. Increase application availabilityFast, automated recoveryautomated failover/restart within a clusterdisaster recovery across sitesVM portability enables this to work reliably acrosspotentially different hardware configurationsFault tolerancehypervisorbased fault tolerance against hardwarefailures [Bressoud and Schneider, SOSP 1995]run two identical VMs on two different machines,backup VM takes over if primary VMs hardware crashescommercial prototypes beginning to emerge (2008) 9. Virtualization Comes in ManyForms14Each application sees its own logicalmemory, independent of physical memoryVirtualMemoryEach application sees its own logicalnetwork, independent of physical networkVirtualNetworksEach application sees its own logicalserver, independent of physical serversVirtualServersEach application sees its own logicalstorage, independent of physical storageVirtualStorage 10. 15Memory VirtualizationEach application sees its own logicalmemory, independent of physical memoryVirtualMemoryBenefits of Virtual Memory Remove physical-memory limits Run multiple applications at oncePhysical memorySwap spaceAppAppApp 11. 16Network VirtualizationEach application sees its own logicalnetwork, independent of physical networkVirtualNetworksBenefits of Virtual Networks Common network links with access-controlproperties of separate linksManage logical networks instead ofphysical networks Virtual SANs provide similar benefitsfor storage-area networksVLAN A VLAN B VLAN CSwitchSwitch VLAN trunk 12. Server VirtualizationBefore Server Virtualization:ApplicationOperating system Single operating system image permachine Software and hardware tightly coupled Running multiple applications on samemachine often creates conflict Underutilized resourcesAfter Server Virtualization:App App AppOperating systemApp App AppOperating systemVirtualization layer Virtual Machines (VMs) breakdependencies between operating systemand hardware Manage operating system andapplication as single unit byencapsulating them into VMs Strong fault and security isolation Hardware-independent 13. Storage VirtualizationProcess of presenting a logical viewof physical storage resources tohostsLogical storage appears andbehaves as physical storage directlyconnected to hostExamples of storage virtualizationare:Host-based volume managementLUN creationTape virtualizationBenefits of storage virtualization:Increased storage utilizationAdding or deleting storage withoutaffecting applications availabilityNon-disruptive data migrationVirtualizationLayerServersHeterogeneous Physical Storage 14. DefinitionsVirtualizationA layer mapping its visible interface and resources onto theinterface and resources of the underlying layer or system on which itis implementedPurposesAbstraction to simplify the use of the underlying resource (e.g., byremoving details of the resources structure)Replication to create multiple instances of the resource (e.g., tosimplify management or allocation)Isolation to separate the uses which clients make of the underlyingresources (e.g., to improve security)Virtual Machine Monitor (VMM)A virtualization system that partitions a single physical machine into multiplevirtual machines.TerminologyHost the machine and/or software on which the VMM is implementedGuest the OS which executes under the control of the VMM 15. Properties of ClassicalVirtualizationEquivalence = FidelityProgram running under a VMM should exhibit abehavior identical to that of running on the equivalentmachineEfficiency = PerformanceA statistically dominant fraction of machineinstructions may be executed without VMMinterventionResource Control = SafetyVMM is in full control of virtualized resourcesExecuted programs may not affect the system resources 16. Evolution of Software solutions 1st Generation: Fullvirtualization (Binaryrewriting) Software Based VMware andMicrosoftTime 3rd Generation:Silicon-based(Hardware-assisted)virtualization Unmodified guest VMware and Xen onvirtualization-awarehardware platforms 2nd Generation:Paravirtualization Cooperativevirtualization Modified guest VMware, XenVirtualMachineVirtualMachine Dynamic TranslationOperating SystemHardwareVM VMHypervisorHardwareVirtualMachineVirtualMachine HardwareVirtualization LogicHypervisorServer virtualization approaches 17. Full Virtualization 1st Generation offering of x86/x64 servervirtualization Dynamic binary translation The emulation layer talks to an operatingsystem which talks to the computerhardware The guest OS doesn't see that it is used in anemulated environment All of the hardware is emulated including the CPU Two popular open source emulators are QEMU andBochsServer virtualization approachesVirtual MachineGuest OSDevice DriversEmulatedHardwareApp. AApp. BApp. CDevice DriversHost OSHardware 18. Para-Virtualization The Guest OS is modified and thus runkernel-level operations at Ring 1 (or 3) the guest is fully aware of how to processprivileged instructions thus, privileged instruction translation by theVMM is no longer necessary The guest operating system uses a specializedAPI to talk to the VMM and, in this way,execute the privileged instructions The VMM is responsible for handling thevirtualization requests and putting them tothe hardwareVirtual MachineGuest OSServer virtualization approachesApp. AApp. BApp. CDevice DriversSpecialized APIVirtual Machine MonitorDevice DriversHypervisorHardware 19. Server virtualization approachesHardware-assisted virtualization The guest OS runs at ring 0 The VMM uses processor extensions (such asIntel-VT or AMD-V) to intercept and emulateprivileged operations in the guest Hardware-assisted virtualization removes manyof the problems that make writing a VMM achallenge The VMM runs in a more privileged ring than 0, avirtual -1 ring is createdVirtual MachineGuest OSApp. AApp. BApp. CDevice DriversSpecialized APIVirtual Machine MonitorDevice DriversHypervisorHardware 20. System-level Design ApproachesFull virtualization (direct execution)Exact hardware exposed to OSEfficient executionOS runs unchangedRequires a virtualizable architectureExample: VMWare Paravirtualization OS modified to execute under VMM Requires porting OS code Execution overhead Necessary for some (popular)architectures (e.g., x86) Examples: Xen, DenaliCS5204 Operating Systems 21. CPU BackgroundVirtualization TechniquesSystem ISA VirtualizationInstruction InterpretationTrap and EmulateBinary Translation 22. Computer System OrganizationCPUMMUMemoryControllerLocal BusInterfaceHigh-SpeedI/O BusNIC Controller BridgeFrameBufferLANLow-SpeedI/O BusCD-ROM USB 23. CPU OrganizationInstruction Set Architecture (ISA)Defines:the state visible to the programmerregisters and memorythe instruction that operate on the stateISA typically divided into 2 partsUser ISAPrimarily for computationSystem ISAPrimarily for system resource management 24. User ISA - StateUser VirtualMemoryProgramCounterConditionCodesReg 0Reg 1Reg n-1FP 0FP 1FP n-1Special-PurposeRegistersGeneral-PurposeRegistersFloating PointRegisters 25. User ISA InstructionsInteger Memory Control Flow Floating PointAddSubAndCompareLoad byteLoad WordStore MultiplePushJumpJump equalCallReturnAdd singleMult. doubleSqrt doubleFetch Registers IssueIntegerIntegerMemoryFPTypical Instruction PipelineDecodeInstruction Groupings 26. System ISAPrivilege LevelsControl RegistersTraps and InterruptsHardcoded VectorsDispatch TableSystem ClockMMUPage TablesTLBI/O Device AccessUserSystemUserExtensionKernelLevel 0Level 1Level 2 27. OutlineCPU BackgroundVirtualization TechniquesSystem ISA VirtualizationInstruction InterpretationTrap and EmulateBinary Translation 28. Isomorphisme(Si)Si SjGuestV(Si) V(Sj)e(Si)Si SjHostFormally, virtualization involves the construction of anisomorphism from guest state to host state. 29. Virtualizing the System ISAHardware needed by monitorEx: monitor must control real hardware interruptsAccess to hardware would allow VM to compromiseisolation boundariesEx: access to MMU would allow VM to write any pageSoAll access to the virtual System ISA by the guest must beemulated by the monitor in software.System state kept in memory.System instructions are implemented as functions in themonitor. 30. Example: CPUStatestatic struct {uint32 GPR[16];uint32 LR;uint32 PC;int IE;int IRQ;} CPUState;void CPU_CLI(void){CPUState.IE = 0;}void CPU_STI(void){CPUState.IE = 1;}Goal for CPU virtualization techniquesProcess normal instructions as fast as possibleForward privileged instructions to emulation routines 31. Instruction InterpretationEmulate Fetch/Decode/Execute pipeline in softwarePostivesEasy to implementMinimal complexityNegativesSlow! 32. Trap and EmulateGuest OS + ApplicationsPageFaultUndefInstrvIRQMMUEmulationCPUEmulationI/OEmulationVirtual Machine MonitorPrivileged Unprivileged 33. CPU ArchitectureWhat is trap ?When CPU is running in user mode, some internal or externalevents, which need to be handled in kernel mode, take place.Then CPU will jump to hardware exception handler vector, andexecute system operations in kernel mode.Trap types :System CallInvoked by application in user mode.For example, application ask OS for system IO.Hardware InterruptsInvoked by some hardware events in any mode.For example, hardware clock timer trigger event.ExceptionInvoked when unexpected error or system malfunction occur.For example, execute privilege instructions in user mode. 34. Trap and Emulate ModelIf we want CPU virtualization to be efficient, how shouldwe implement the VMM ?We should make guest binaries run on CPU as fast aspossible.Theoretically speaking, if we can run all guest binariesnatively, there will NO overhead at all.But we cannot let guest OS handle everything, VMM shouldbe able to control all hardware resources.Solution :Ring CompressionShift traditional OS from kernel mode(Ring 0) to user mode(Ring 1),and run VMM in kernel mode.Then VMM will be able to intercept all trapping event. 35. Trap and Emulate ModelVMM virtualization paradigm (trap and emulate) :1. Let normal instructions of guest OS run directly onprocessor in user mode.2. When executing privileged instructions, hardware willmake processor trap into the VMM.3. The VMM emulates the effect of the privileged instructionsfor the guest OS and return to guest. 36. Trap and Emulate ModelTraditional OS :When applicationinvoke a system call :CPU will trap tointerrupt handler vectorin OS.CPU will switch tokernel mode (Ring 0)and execute OSinstructions.When hardware event :Hardware will interruptCPU execution, andjump to interrupthandler in OS. 37. Trap and Emulate ModelVMM and Guest OS :System CallCPU will trap to interrupthandler vector of VMM.VMM jump back into guest OS.Hardware InterruptHardware make CPU trap tointerrupt handler of VMM.VMM jump to correspondinginterrupt handler of guest OS.Privilege InstructionRunning privilege instructionsin guest OS will be trapped toVMM for instruction emulation.After emulation, VMM jumpback to guest OS. 38. De-privilegingVMM emulates the effect onsystem/hardware resources ofprivileged instructions whose executiontraps into the VMMaka trap-and-emulateTypically achieved by running GuestOSat a lower hardware priority level thanthe VMMProblematic on some architectureswhere privileged instructions do nottrap when executed at deprivilegedpriorityvmmresourceprivilegedinstructionGuestOStrapresourceemulate changechange 39. Issues with Trap and EmulateNot all architectures support itTrap costs may be highMonitor uses a privilege levelNeed to virtualize the protection levels 40. Binary TranslatorGuestCodeTranslatorTranslatioTC nCalloutsIndexCacheCPUEmulationRoutines 41. Storage VirtualizationProcess of presenting a logical view of physical storageresources to hostsLogical storage appears and behaves as physical storagedirectly connected to hostExamples of storage virtualization are:Hostbased volume managementLUN creationTape virtualizationBenefits of storage virtualization:Increased storage utilizationAdding or deleting storage without affecting applicationsavailabilityNondisruptive data migration 42. SNIA Storage Virtualization TaxonomyStorageVirtualizationBlockVirtualizationDiskVirtualizationFile System,File/recordVirtualizationOther DeviceVirtualizationTape, Tape Drive,Tape LibraryVirtualizationNetworkBased VirtualizationStorage Device/StorageSubsystem VirtualizationHost BasedVirtualizationIn-bandVirtualizationOut-of-bandVirtualizationWhat is createdWhere it is doneHow it is implemented 43. Storage Virtualization Requires aMulti-Level ApproachServerStorageNetworkStoragePath managementVolume managementReplicationPath redirectionLoad balancing - ISL truckingAccess control - ZoningVolume management - LUNsAccess controlReplicationRAID 44. serverWith traditional storage hardware devices that connecteddirectly to servers, the actual magnetic disk was presentedto servers and their operating systems as LUNs, where thedisk was arranged into sectors comprised of a number offixed size blocks.To allow applications to not only store, but findinformation easily, the operating system arranged theseblocks into a filesystemMuch like a paper based filing system, a file system issimply a logical way of referencing these blocks into aseries of unique files, each with a meaningful name andtype so they can be easily accessed. 45. Storage NetworkNetworkbased storage virtualization embeds theintelligence, managing the storage resources in thenetworklayer.Abstracting the view of real storage resources betweenthe server and the storage array , either inband oroutofband. 46. Storage VirtualizationConfigurationServersStorageNetworkStorageArraysVirtualizationApplianceOut-of-Band(a)ServersStorageNetworkStorageArraysIn-Band(b)VirtualizationAppliance(a) In out-of-band implementation, the virtualized environment configuration is stored external to the data path(b) The in-band implementation places the virtualization function in the data path 47. In-Band-ApproachThe inband approach, sometimes referred to assymmetric.It embeds the virtualization functionality in the I/O(input/output) path between the server and storagearray.It can be implemented in the SAN switchesthemselves. 48. In-Band-ApproachAll I/O requests, along with the data, pass through thedevice, with the server interacting with thevirtualization device, never directly with the storagedevice.The virtualization device analyzes the request,consults its mappingtables, and, inturn, performs I/Oto the storage device.These devices not only translate storage requests butare also able to cache data with the ironboardmemory. 49. It also providesMetrics on dataUsageManage replication servicesOrchestrate data migrationImplement thin provisioning. 50. Out-Of-Band ApproachThe outofband approach, sometimes referred to asasymmetricIt does not strictly reside in the I/O path like theinband approach.The servers maintain direct interaction with thestorage array through the intelligent switch.The outofband appliance maintains a map (oftenreferred to as metadata ) of all the storage resourcesconnected in the SAN and instructs the server whereto find it. 51. Out-Of-Band ApproachIt uses special software or an agent, as instructionsneed to be sent through the SAN to make it work.Functions such as caching of data are not possible.However, only the inband approach increasedperformance. 52. Pros and ConsBoth inband and outofband approaches providevirtualization with the ability to:1. Pool heterogeneous vendor storage products in aseamless accessible pool.2.Perform replication between nonlike devices.3.Provide a single management interface 53. Pros and ConsImplementation can be very complex because thepooling of storage requires the storage extents to beremapped into virtual extents.Clustering is needed to protect the mapping tablesand maintain cache consistency which can be veryrisky.The I/O can suffer from latency, impactingperformance and scalability due to the multiple stepsrequired to complete the request 54. Pros and ConsDecoupling the virtualization from the storage once ithas been implemented is impossible because all themetadata resides in the appliance.Solutions on the market only exist for fibrechannel(FC) based SANs. These devices are not suitable forInternet protocol (IP) based SANs.Since both approaches are dependent on the SAN, theyrequire additional switch ports, which involvesadditional zoning complexity 55. Pros and ConsWhen migrating data between storage systems, thevirtualization appliance must read and write the datathrough the SAN, check status coming back, andmaintain a log for any changes during the move thatimpact performance.Specialized software needs to be installed on allservers , making it difficult to maintain. 56. Storage controllerEnterpriseclass storage arrays, which have featuresand capability suitable for large organizations, havealways featured virtualization capabilities (some morethan others) to enhance the physical storage resource.One example of this is RAID, for providing dataprotection from disk failures 57. Storage controllerMany enterpriseclass devices incorporatesophisticated switching architectures.with multiple physical connections to disk drives.The external storage assets presented to it are thendiscovered and managed in the same way as internaldisks 58. Storage controllerThis approach has a number of benefits, including notrequiring a remapping of LUNs and increasing extents.Once virtualized in this manner, the sophisticatedmicrocode software that resides on the storagecontroller presents the external storage. 59. Controllerbased storage virtualization allows external storage toappear as if its internal. 60. Storage controllerLeveraging mature enterprise class features, data canbe migrated non-disruptively from one pool toanother, and replication can take place between non-like and like storage.Partitioning can be implemented to allocate resourcessuch as ports, cache, and disk pools to particularworkloads 61. AdvantagesCapabilities such as replication, partitioning,migration, and thin provisioning are extended tolegacy storage arrays.Heterogeneous data replication between non-likevendors or different storage classes reduces dataprotection costs.Interoperability issues are reduced as the virtualizedcontroller mimics a server connection to externalstorage 62. Block-Level Storage VirtualizationTies together multipleindependent storage arraysPresented to host as a singlestorage deviceMapping used to redirectI/O on this device tounderlying physical arraysDeployed in a SANenvironmentNon-disruptive data mobilityand data migrationEnable significant cost andresource optimizationServersVirtualization Applied at SAN LevelHeterogeneous Storage Arrays 63. File-Level VirtualizationBefore File-Level VirtualizationClients ClientsIPNetworkStorageArrayFileServerNAS Devices/PlatformsFileServer Every NAS device is an independententity, physically and logically Underutilized storage resources Downtime caused by data migrationsAfter File-Level VirtualizationClients ClientsIPNetworkStorageArrayFileServerNAS Devices/PlatformsVirtualizationApplianceFileServer Break dependencies between end-useraccess and data location Storage utilization is optimized Nondisruptive migrations 64. Storage Virtualization ChallengesScalabilityEnsure storage devices perform appropriate requirementsFunctionalityVirtualized environment must provide same or betterfunctionalityMust continue to leverage existing functionality on arraysManageabilityVirtualization device breaks end-to-end view of storageinfrastructureMust integrate existing management toolsSupportInteroperability in multivendor environment 65. Network Virtualization for DummiesMaking a physical network appear as multiple logicalones 66. Why Virtualize ?Internet is almost ossifiedLots of band-aids and makeshift solutions (e.g. overlays)new architecture (aka clean-slate) is neededHard to come up with a one-size-fits-all architectureAlmost impossible to predict what future might unleashWhy not create an all-sizes-fit-into-one instead!Open and expandable architectureTestbed for future networking architectures andprotocols 67. Related ConceptsVirtual Private Networks (VPN)Virtual network connecting distributed sitesNot customizable enoughActive and Programmable NetworksCustomized network functionalitiesProgrammable interfaces and active codesOverlay NetworksApplication layer virtual networksNot flexible enough 68. Network Virtualization ModelBusiness ModelArchitectureDesign PrinciplesDesign Goals 69. Business Model 70. Architecture 71. Design Principle 72. Design GoalsFlexibilityService providers can choosearbitrary network topology,routing and forwarding functionalities,customized control and data planesNo need for co-ordination with othersIPv6 fiasco should never happen againManageabilityClear separation of policy from mechanismDefined accountabilityof infrastructure and service providersModular management 73. Design GoalsScalabilityMaximize the number of co-existing virtual networksIncrease resource utilization and amortize CAPEX andOPEXSecurity, Privacy, and IsolationComplete isolation between virtual networksLogical and resourceIsolate faults, bugs, and misconfigurationsSecured and private 74. Design GoalsProgrammabilityOf network elements e.g. routersAnswer How muchand howEasy and effective without being vulnerable to threatsHeterogeneityNetworking technologiesOptical, sensor, wireless etc.Virtual networks 75. Design GoalsExperimental and Deployment FacilityPlanetLab, GENI, VINIDirectly deploy services in real world from the testingphaseLegacy SupportConsider the existing Internet as a member of thecollection of multiple virtual InternetsVery important to keep all concerned parties satisfied 76. Existing ProjectsFour general categories1.Networking technologyIP (X-Bone), ATM (Tempest)2.Layer of virtualizationPhysical layer (UCLP), Application layer (VIOLIN)3.Architectural domainNetwork resource management (VNRMS), Spawningnetworks (Genesis)4.Level of virtualizationNode virtualization (PlanetLab), Full virtualization (Cabo)