Download - Virtualization a Limitless World
-
8/2/2019 Virtualization a Limitless World
1/6
)Abstract:
Virtuali
suchas
Theusu
overall
)Introducti
Inthep
Oneop
machin
eachoth
were:
Virtuali
Robert
Machin
thetypi
Ashep
nonpri
privilag
softwar
instructi
softwar
Virtuali
thissoft
systems
operati
machin
switchin
Support
machin
ation,inco
ahardware
algoalofvir
ardwarere
on:
ast
ratingsyste
.Variousap
er.Machine
Lowserver
Overallincr
ationera
.Goldberg
sResearch.
Virtualma
calthirdgen
intsout,su
ilegedmod
dmodethe
nucleus(a
ionsormak
nucleusin
ationisaso
warelayerd
.The
Virtual
gsystems.
cannowh
gbehindsc
ingmultiple
canhostse
irtuali
puting,ist
platform,op
tualizationi
sourceutiliz
mononem
plicationsw
utilisation
tilization,a
aseinhard
escribesth
Hesaid:
hinesyste
erationarch
hsystemsh
.Inprivileg
yarenot.T
ologustok
supervisor
ordertoha
ftwarelayer
oesistodiv
izationLaye
achOShas
stanumbe
nes.
instanceso
veralLinux/
ation:
ecreation
eratingsyst
tocentraliz
ation.
achine,sot
ouldrunon
asverylow
nd
arecost,e
thenstate
swere
origi
itecturesan
adadualst
dmodealli
eo.sprovid
rnel).User
calls e.g.,
eprivileged
inbetween
idethereso
ris
in
charg
theillusiont
rofoperatin
Operating
Windowcop
ALimi
favirtual(
em,astorag
eadministr
heOShadc
thatmachin
,mosttime
c.
ofthingsin
nallydevelo
dMultipro
atehardwar
instructions
esasmallr
programsc
SVC's (anal
functions
themachin
urcesofthe
ofmultiple
hatitcontr
gsystemsb
ystems:Ho
ies.
less
atherthan
edeviceor
tivetasks
mpletecon
e,butthese
itwasbelo
his1974pa
pedto
corre
rammingo
eorganizati
areavailabl
sidentprog
uldexecute
logoustosy
.g.,I/O pe
andtheop
machinea
xingthe
har
lsthecomp
ecausethe
ogeneous
orld
ctual)versi
etworkres
hileimprovi
trolofther
application
25%.Othe
ertitledSu
ctsome
of
t
eratingsyst
naprivil
totheappl
amcalledt
thenonpri
temcalls)t
rformedon
eratingsyst
ongallthe
wareresou
letehardwa
irtualization
orHeteroge
nofsomet
urces.
ingscalabilit
esourcesin
scouldaffe
rdisadvanta
veyofVirtu
heshortco
emse.g. O
gedmode
licationwhil
eprivilege
vilegedhard
theprivile
theirbehalf
em.Essentia
guestopera
rcesto
seve
rebut,infa
layermake
neous,one
ing,
yand
hat
t
ges
al
ingsof
/360.
nda
innon
ware
ed
.
llywhat
ing
ral
t,the
sallthe
hysical
-
8/2/2019 Virtualization a Limitless World
2/6
)Hardware
x86mo
Thepro
Thegre
Thefig.
(reservecriticals
softwar
Thepro
fromac
process
Tocarry
recogni
Curre
task.Iti
privilegchanges
level.
Descri
theDPL
executi
compar
DPLisin
Reque
selector
withth
accesst
ofsuffic
CPL,the
doesno
privileg
Privileg
segmen
control
followin
Virtual
Eachvir
thepri
TheVM
Specificatio
es:Privilag
cessorsseg
ternumber
showshow
d
for
the
moftware,us
.(Systems
cessoruses
essingase
rdetectsa
outprivileg
esthefollo
tprivilegel
sstoredinb
level
of
thetheCPLwh
ptorprivileg
fieldofthe
gcodeseg
dtotheCP
terpreteddi
stedprivile
s.Itisstore
CPLtodete
oasegment
ientprivileg
RPLoverrid
taccessase
sforthats
levelsarec
tregister.T
amongcode
gsections.
achineM
tualmachin
arylinkbet
Mprimarily:
Presentse
IsolatesVM
ns:
elevels
entprotec
smeanless
heselevels
st
privilegeallytheker
hatuseonl
rivilegelev
mentwith
privilegelev
elevelchec
ingthreet
vel(CPL)
its0and1o
code
segmenprogram
elevel(DPL)
egmentor
entattemp
LandRPLof
ifferently,d
elevel(RPL
inbits0an
rmineifacc
hassufficie
elevel.That
estheCPL,
gmentonb
gment.
heckedwhe
echecksus
segments;t
nitor
interfaces
eenaVM
ulatedhard
fromtheh
tionmecha
rprivileges.
ofprivilege
code,
datanelofanop
2ofthe4p
lstopreve
greaterpri
elviolation,
ksbetween
pesofprivil
TheCPList
ftheCSand
nt
from
whcontrolistr
TheDPL
atedescrip
tstoaccess
thesegmen
pendingon
TheRPL
d1ofthese
esstoaseg
tprivileget
is,iftheRP
ndvicever
halfofana
nthesegme
edfordata
herefore,th
ithits
host
ndthehost
waretothe
ostOSandf
ismrecogni
anbeinter
,
and
stacks)ratingsyst
ossibleprivi
taprogram
ilege,exce
itgenerates
codesegme
legelevels:
heprivilege
SSsegment
ich
instructinsferredto
istheprivil
orforthes
asegment
torgatesel
thetypeof
isanoverri
gmentsele
entisallo
oaccessth
ofasegme
a.TheRPL
pplicationp
ntselector
ccessdiffer
etwokinds
systemvia
OSandhar
virtualmac
romeachot
zes4privile
retedasrin
is
used
for
m.Outerrin
legelevelss
ortaskope
tundercon
ageneralp
ntsanddata
levelofthe
registers.N
ns
are
beinacodeseg
gelevelof
gmentorg
rgate,the
ector(asde
segmentor
eprivilegel
tor.Thepro
ed.Evenif
segment,a
ntselectori
anbeused
rogramunle
fasegmen
fromthose
ofaccesses
hevirtual
m
ware,theV
ine
her
elevels,nu
gsofprotec
he
segmentgsareused
houldusele
ratingatal
rolledsitua
rotectionex
segments,t
currentlyex
ormally,the
fetched.
Tentwitha
segmento
te.Whent
PLofthese
cribedlater
atebeinga
evelthatis
cessorchec
heprogram
ccessisdeni
numericall
oinsureth
sstheprogr
descriptori
sedfortra
areconsider
achinemon
MMprovid
mberedfro
tion.Thece
s
containingforlesscriti
vels0and3
sserprivile
tions.When
ception(#G
heprocesso
ecutingpro
CPLisequa
e
processoifferentpri
gate.Itiss
ecurrently
gmentorga
inthissecti
ccessed.
ssignedtos
kstheRPLal
ortaskreq
ediftheRP
greaterth
tprivileged
amitselfha
isloadedint
sfersofpro
edseparate
itor(VMM).
sacrucialr
0to3.
ter
the
al
.)
elevel
the
).
r
ramor
ltothe
ilege
oredin
teis
on).The
egment
ong
esting
isnot
nthe
code
access
oa
gram
lyinthe
Being
ole.
-
8/2/2019 Virtualization a Limitless World
3/6
ThrottlesindividualVMaccesstosystemresources,preventinganunstableVMfrom
impactingsystemperformance
PasseshardwareinstructionstoandfromtheVMandthehostOS/hypervisorWhenfullvirtualizationisemployed,theVMMwillpresentacompletesetofemulatedhardwareto
theVM'sguestoperatingsystem.ThisincludestheCPU,motherboard,memory,disk,diskcontroller,
andnetworkcards.Forexample,MicrosoftVirtualServer2005emulatesanIntel21140NICcardand
Intel440BXchipset.Regardlessoftheactualphysicalhardwareonthehostsystem,theemulated
hardware
remains
the
same.
ThenextsignificantroleoftheVMMistoprovideisolation.TheVMMhasfullcontrolofthephysical
hostsystem'sresources,leavingindividualvirtualmachineswithaccessonlytotheiremulated
hardwareresources.TheVMMcontainsnomechanismsforinterVMcommunication,thusrequiring
thattwovirtualmachineswishingtoexchangedatadosooverthenetwork.
AnothermajorroleoftheVMMistomanagehostsystemresourceaccess.Thisisimportant,asit
canpreventoverutilizationofoneVMfromstarvingouttheperformanceofotherVMsonthesame
host.Throughthesystemconfigurationconsole,systemhardwareresourcessuchastheCPU,
network,anddiskaccesscanbethrottled,withmaximumusagepercentagesassignedtoeach
individualVM.ThisallowstheVMMtoproperlyscheduleaccesstohostsystemresourcesaswellas
toguaranteethatcriticalVMswillhaveaccesstotheamountofhardwareresourcestheyneedto
sustain
their
operations.
ClassicallytherearetwotypesofVMM.
AtypeIIVMMisonethatrunsontopofahostingoperatingsystemandthenspawnshigherlevelvirtualmachines. ExamplesoftypeIIVMMsincludetheJavaVMand.Netenvironment. These
VMMsmonitortheirvirtualmachinesandredirectrequestsforresourcetoappropriateAPIsinthe
hostingenvironment(withsomelevelofprocessinginbetween).
AtypeIVMMisonethatrunsdirectlyonthehardwarewithouttheneedofahostingoperatingsystem. TypeIVMMsarealsoknownas'hypervisors' sotheonlytruedifferencebetweenaVMM
andahypervisoriswhereitruns. Thefunctionalityprovidedbybothisequitable. ExamplesoftypeI
VMMsincludethemainframevirtualizationsolutionsofferedbycompaniessuchasAmdahland
IBM,andonmoderncomputersbysolutionslikeVMwareESX,XenandWindowsvirtualization.
HypervisorTheprimaryroleofthehypervisoristoworkwiththeVMMtocoordinateaccesstothephysicalhost
system'shardwareresources.ThisincludesschedulingaccesstotheCPUaswellasthedriversfor
communicationwiththephysicaldevicesonthehost,suchasitsnetworkcards.
Thetermhypervisorisusedtodescribealightweightoperatingshellthathasthesolepurposeof
providingVMhostingservices.ThehypervisordiffersfromatraditionalOSinthattheOSmaybe
designedforotherrolesonthenetwork.AsitistailoredtoVMhosting,ahypervisorsolution
generallyoffersbetterperformanceandshouldhavefewersecurityvulnerabilitiesbecauseitruns
fewservicesandcontainsonlyessentialcode.Hypervisorswrittenforhardwareassisted
virtualizationcanembedthemselvesmuchdeeperintothesystemarchitectureandoffersuperior
performanceimprovementsasaresult.
LikeanytraditionalOS,ahypervisorbasedOSstillcontainsitsownoperatingsystemcode;
therefore,maintainingsecurityupdatesisstillimportant.UnlikeatraditionalOS,hypervisorsare
vendorspecific,soanyneededhypervisorpatchesorsecurityupdateswillcomedirectlyfromthe
virtualizationsoftwarevendor.Becausehypervisorsarevendorcentric,individualdevicesupport
oftencomesdirectlyfromthevirtualizationvendors.Hence,itisimportantfortheorganizationto
ensurethatanyplannedvirtualizationproductsarecompatiblewithitsexistingorplannedsystem
hardware.WhenhostingVMsonatraditionalOSsuchasSUSELinuxEnterpriseServerorWindows
ServerLonghorn,theorganizationwillfindthatwhilethehostOShasalargerfootprintthana
hypervisor,it
does
provide
additional
flexibility
with
hardware
devices.
Bothhypervisorsandoperatingsystemshavetheirstrengthsandweaknesses.Operatingsystems
providegreaterdevicesupportthanhypervisors,butalsorequireattentiontoensurethattheyare
currentonallpatchesandsecurityupdates.Hypervisorsrunonminimaldiskandstorageresources,
butpatchesanddevicedriversmustcomedirectlyfromthevirtualizationsoftwarevendor.
-
8/2/2019 Virtualization a Limitless World
4/6
VMMv
Therea
Machin
monitor
theVM
provide
Compar
Operati
whichis
deviced
Inavirt
anddev
VMMru
theVM
access.I
wouldn
paravirt
)Generatio
Basedo
categori
Full
fullvirt
environ
virtualiz
several
memor
machin
capable
operati
standal
Para
paravi
machin
modifie
operati
virtualiz
guest(s)
thevirt
may
allfromth
machin
Hypervisor
reanumber
Monitor'.
ingandenf
keepstra
resources,
ingTraditio
gsystemsd
wherethey
riveraccess
alizedenvir
icedrivers.
nsallVMsa
mustprov
Iftheguest
otbeneces
ualizationc
nsofVirtua
ntheextent
esbasedon
irtualizatio
ualizationis
ent,namel
ationrequir
irtualmach
access,and
,andthatis
ofexecutio
gsystems.
oneusecan
Virtualizati
tualizationi
sthatissim
dinterfacei
nswhichar
edenviron
andhostto
aldomain(
w
thevirtuavirtualdo
executioni
ofdifferent
Inthesimpl
rcingpolicy
kofeveryth
redirects
th
alx86Arch
esignedfor
runprivileg
tosystemh
onment,th
achVMcan
tRing1.Be
idetranslati
Skerneldi
aryandthu
mesintopl
lization
ofvirtualiz
theirgener
,
avirtualiza
ly,onethati
sthatever
inesinclu
whatevero
intendedt
ontheraw
heobvious
successfull
n,
savirtualiza
ilarbutnoti
toreducet
esubstantia
ent.Thepa
requestand
hereexec
l
machine
aintotheh
nsidethevi
programsa
stterms t
onthevirtu
inghappeni
virtual
ma
itecturean
x86/x64en
edOSinstru
ardware.Ap
VMMruns
notbegive
auseprivile
oninorder
notdeman
sperforman
y.
tion,thew
tions:
iontechniq
sacomplet
salientfea
ingthefulli
therelemen
runinavir
hardwarec
testofvirtu
runinside
tiontechniq
denticaltot
heportion
llymorediff
ravirtualizati
acknowled
tionperfor
onitor(VMostdomain)
tualguest
ndimpleme
eVMMist
almachines
nginsideof
hine
to
res
Virtualize
ironments
ctions.Privil
plicationsr
atRing0al
fullaccess
gedinstructi
otrickth
dRing0acc
cewouldim
rldofvirtu
eusedtop
simulation
ureoftheh
nstructions
tsareused
ualmachin
anberunin
lizationis
virtualma
uethatpres
hatoftheu
ftheguest'
iculttoruni
ionprovides
ethesetas
anceiswo
)
to
be
sim,and/orred
ntationstha
epieceofs
forwhichit
avirtualma
urces,
or
de
ResourceA
rewrittent
egedinstru
natRing3.
ngwiththe
oRing0wi
ionswithint
guestinto
essinthefir
provesubst
izationisdi
rovideacer
oftheunde
ardwarebe
et,input/ou
bythesoftw
.Insuchan
thevirtual
hetherano
hine.
entsasoftw
nderlyingha
execution
navirtuale
speciallyde
s,whichw
se).Asucce
pler
(by
reloucetheove
usethem
oftwareres
isresponsib
hine,and
nies
access
ccess
havefulla
tionsinclud
hostoperat
houtinduci
heguestex
elievingth
stplace,the
antially.Thi
idedintoth
ainkindof
rlyinghard
reflectedint
putoperati
arethatrun
environme
achineand
peratingsys
areinterfac
rdware.The
imespentp
vironment
fined'hook
uldotherwi
ssfulparavir
cating
execuallperform
niker'Virtu
onsiblefor
le. Thisme
hennecess
o
resources
ccesstoRin
eOSkernel
ingsystem's
gconflicts,
ecttoruna
tithasRing
nthetransl
iswhere
reemajor
irtualmach
are.Full
ooneof
ons,interru
sonthebar
t,anysoftw
,inparticul
temintende
etovirtual
intentofth
erforming
comparedt
'toallowth
sebeexecu
tualizedpla
tion
of
critiancedegrad
l
nsthat
ry
.
0,
nd
kernel
sothe
tRing0,
0
tion
ne
ts,
e
are
r,any
dfor
anon
e
edin
form
al
tasks
ationof
-
8/2/2019 Virtualization a Limitless World
5/6
Hard
hardw
virtualiz
virtualiz
unmodi
comple
V)in
20
ithard
5)Concl
We
sce
Wi
Ne
asp
Referen
Website
1)http:
2)http:
3)http:
4)http:
5)http:
6)
www
Papers:
XenPaul BarhAlex Ho,
wareassiste
areassisted
ationusing
ationisuse
iedguesto
eisolation.
6.Hardwararevirtual
usion
cantakevir
nerios,itss
hvariousty
worketc,it
ectoflife.
ces:
s:
/www.kern
/blogs.msd
/en.wikiped
/en.wikiped
/en.wikiped
.vmware.co
nd theam_, Boris Draolf Neugebaue
dvirtualizat
virtualizati
elpfromha
tosimulate
eratingsyst
Hardwarea
assisted
vi
achine(HV
tualization
copeisund
pesofvirtu
application
lthread.co
.com/b/virt
ia.org/wiki/
ia.org/wiki/
ia.org/wiki/
rt of Virovic, Keir Frasry, Ian Pratt, A
ion.
nisaplatfo
rdwarecap
acomplete
em(usingth
sistedvirtu
tualizationi
M),VirtualI
saneverlas
ubtedlyexp
lizationslik
andecono
/publicatio
ual_pc_guy
irtualizatio
86_virtuali
Operating_s
tualizatir, Steven Han
drew War_eld
rmvirtualiz
bilities,pri
hardwaree
esameinst
lizationwa
salso
know
oncallsitn
tingtechnol
ectedtobe
Hardware,
icnature
ns/virtualiza
archive/20
n
zation
ystemlevel
n, Tim Harris,
tionapproa
arilyfromt
nvironment,
uctionseta
addedtox
asaccelertivevirtuali
ogyandwit
omeexpon
Desktop,M
illdefinitely
tion/
6/07/10/66
virtualizati
chthatenab
hehostpro
orvirtualm
thehostm
6processor
tedvirtuali
zation.
theadvan
ntially mor
mory,Soft
bringtheb
1958.aspx
n
lesefficient
essors.Full
achine,inw
achine)exe
s(IntelVTx
ation;Xenca
ementinot
ewidespre
are,Dataa
onspreadi
full
hichan
utesin
rAMD
lls
her
d.
nd
every
-
8/2/2019 Virtualization a Limitless World
6/6
University of Cambridge Computer Laboratory15 JJ Thomson Avenue, Cambridge, UK, CB3 0FD
Personalthanksto:
1)Mr.Saurabh Singh(BrainSoft,Noida)
2)Mr.Abhay
Verma
(IT
VIII
Semester,
AKGEC)
SubmittedBy:
AnkurVerma
B.TechVISemester
Emailid:[email protected]
Contact:8860016877
ComputerScienceEngineeringDepartment
AjayKumarGargEngineeringCollege
Ghaziabad
Digitally signed by Ankur
Verma
Date: 2012.04.30 07:50:14
+05'30'
