ppt
DESCRIPTION
TRANSCRIPT
Survey of SystemVirtualization Techniques
Paper by Robert RosePresentation by Wesley Peck
April 24, 2007
Overview
• What and Why of Virtualization
• Requirements of a Virtual Machine
• Basic Virtualization Techniques
• Architecture Comparisons
• Virtual Machine Implementations
Questions
What is a Virtual Machine
• What is virtualization?
• An isolated and protected copy
Separation of Resources from Physical Delivery
Why use Virtualization
• Why is it useful?
• Isolation
• Encapsulation
• Load Balancing
• Migration
• Fault Tolerance
• Scalability
• Suspend/Resume
Checkpointing
Virtual Machine Monitors
• The VMM is the software behind the virtual machine
• It hosts multiple guest OS instances
Each instance gets its own virtual cpu, virtual memory, virtual disk, etc.
Requirements
• For any computer a virtual machine monitor may be constructed if the set of sensitive instructions for that computer is a subset of the set of privileged instructions — Popek and Goldberg
Extremely complicated way of saying that the virtual machine needs a way of determining when a guest executes privileged instructions.
Characteristics
• Programs run under the VMM should exhibit identical effects (sans timing)
• Most guest instructions should be executed by the physical processor
• The VMM maintains complete control of the system resources
The VMM should be as simple as possible
Implementation Strategies
• Emulation
• Complete software representation
• Full System Virtualization
• Virtual replica of all hardware
• Paravirtualization
Present a different virtual architecture
Basic CPU Virtualization
• VMM runs in most privileged mode
• VMM can maintain complete control
• Guest OS runs in an unprivileged mode
• Privileged instructions will trap
VMM then emulates the required instruction in a safe manner
Basic Memory Virtualization
• VMM maintains a “shadow” page table
• Guest OS establishes a mapping
• VMM detects changes, updates shadow
• Hardware uses shadow page table
• VMM can over commit memory
Just like normal virtual memory
Why “Basic” Doesn’t Work
• Architectures not designed for virtualization
• Unprivileged privileged instructions
• Performance implications
• Traps are slow
• Wasted resources from redundant code
Lack of information leads to ineffectiveness
Virtualizing System/370
• First VMM was CP-67 for System/360
• Its performance was less than desirable
• IBM decides to tailor the architecture for running virtual machines
• Result is VM/370, a VMM forSystem/370 Extended Architecture
Virtualizing System/370
• Virtual Machine Assist
• Extended Control Program Support
• Shadow Table Bypass
These hardware assists greatly enhanced performance
Virtualizing IA-32
• The IA-32 was not designed to be virtualized
• Many protected instructions are not required to be executed in protected mode
There are a great deal of devices which must be supported
Virtualizing IA-32
• Non-sensitive, non-protected instructions executed directly
• Sensitive, privileged instructions trap
Sensitive, non-privileged instructions detected
Virtualizing IA-64
• Virtualization of the IA-64 architecture faces many of the same problems as the IA-32
Exception is IA-64’s support for ring compression
VMWare VMM
• VMWare is one of the most popular full system virtualization tools available
• Supports both a hosted environment approach and a hypervisor approach
• For performance enhancements operating system drivers are installed by VMWare
Generic devices are exported to Guest
VMWare Virtualization
• CPU: Direct Execution w/ Binary Translation
• MEM: Shadow Table w/ Ballooning Driver
I/O: Hosted Architecture or Limited Support
Benefits and Drawbacks
• Unmodified applications and operating systems can run on the VMM
• Performance can suffer because of the need to emulate protected operations
• Especially bad on the IA-32
• Virtual Memory Especially Difficult
Special tricks can be employed
Denali
• Provides minimalistic, fast containers for virtual machines
Provides its own virtual architecture instead of using the underlying system architecture
Denali Virtualization
• CPU: Direct Execution w/ Extensions
• Idle loop instruction
• Interrupt Queueing
• New Interrupt Semantics
• MEM: Eliminates Virtual Memory
I/O: Generic I/O support for Devices
Xen
• Goal is to paravirtualize commodity operating systems (e.g. Linux)
• Application level binary compatibility
Xen has meet most of its goals and provides ports of Linux, BSD, and Windows
The Xen Difference
• Some times keeping the Guest OS completely “in the dark” is bad
• Completely hiding the virtualization of resources from a guest risks both performance and correctness
Example: Timing
Xen Virtualization
• CPU: Direct Execution
• Guest executes in ring 1
• Exception handlers registered with Xen
• MEM: Guest maintains page tables
• I/O: Shared Asynchronous Descriptor Rings
Lightweight event system
References
• Robert Rose, “Survey of System Virtualization Techniques”
• Mendel Rosenblum et al., “Virtual Machine Monitors: Current Technology and Future Trends”, IEEE Computer, May 2005, Issue 5, pg. 39-47
• Paul Barham et al., “Xen and the Art of Virtualization”, SOSP’03, pg. 164-177
VMWare, “Virtualization Overview”, Whitepaper
Questions?