Survey of SystemVirtualization Techniques

Paper by Robert RosePresentation by Wesley Peck

April 24, 2007

Overview

• What and Why of Virtualization

• Requirements of a Virtual Machine

• Basic Virtualization Techniques

• Architecture Comparisons

• Virtual Machine Implementations

Questions

What is a Virtual Machine

• What is virtualization?

• An isolated and protected copy

Separation of Resources from Physical Delivery

Why use Virtualization

• Why is it useful?

• Isolation

• Encapsulation

• Load Balancing

• Migration

• Fault Tolerance

• Scalability

• Suspend/Resume

Checkpointing

Virtual Machine Monitors

• The VMM is the software behind the virtual machine

• It hosts multiple guest OS instances

Each instance gets its own virtual cpu, virtual memory, virtual disk, etc.

Requirements

• For any computer a virtual machine monitor may be constructed if the set of sensitive instructions for that computer is a subset of the set of privileged instructions — Popek and Goldberg

Extremely complicated way of saying that the virtual machine needs a way of determining when a guest executes privileged instructions.

Characteristics

• Programs run under the VMM should exhibit identical effects (sans timing)

• Most guest instructions should be executed by the physical processor

• The VMM maintains complete control of the system resources

The VMM should be as simple as possible

Implementation Strategies

• Emulation

• Complete software representation

• Full System Virtualization

• Virtual replica of all hardware

• Paravirtualization

Present a different virtual architecture

Basic CPU Virtualization

• VMM runs in most privileged mode

• VMM can maintain complete control

• Guest OS runs in an unprivileged mode

• Privileged instructions will trap

VMM then emulates the required instruction in a safe manner

Basic Memory Virtualization

• VMM maintains a “shadow” page table

• Guest OS establishes a mapping

• VMM detects changes, updates shadow

• Hardware uses shadow page table

• VMM can over commit memory

Just like normal virtual memory

Why “Basic” Doesn’t Work

• Architectures not designed for virtualization

• Unprivileged privileged instructions

• Performance implications

• Traps are slow

• Wasted resources from redundant code

Lack of information leads to ineffectiveness

Virtualizing System/370

• First VMM was CP-67 for System/360

• Its performance was less than desirable

• IBM decides to tailor the architecture for running virtual machines

• Result is VM/370, a VMM forSystem/370 Extended Architecture

Virtualizing System/370

• Virtual Machine Assist

• Extended Control Program Support

• Shadow Table Bypass

These hardware assists greatly enhanced performance

Virtualizing IA-32

• The IA-32 was not designed to be virtualized

• Many protected instructions are not required to be executed in protected mode

There are a great deal of devices which must be supported

Virtualizing IA-32

• Non-sensitive, non-protected instructions executed directly

• Sensitive, privileged instructions trap

Sensitive, non-privileged instructions detected

Virtualizing IA-64

• Virtualization of the IA-64 architecture faces many of the same problems as the IA-32

Exception is IA-64’s support for ring compression

VMWare VMM

• VMWare is one of the most popular full system virtualization tools available

• Supports both a hosted environment approach and a hypervisor approach

• For performance enhancements operating system drivers are installed by VMWare

Generic devices are exported to Guest

VMWare Virtualization

• CPU: Direct Execution w/ Binary Translation

• MEM: Shadow Table w/ Ballooning Driver

I/O: Hosted Architecture or Limited Support

Benefits and Drawbacks

• Unmodified applications and operating systems can run on the VMM

• Performance can suffer because of the need to emulate protected operations

• Especially bad on the IA-32

• Virtual Memory Especially Difficult

Special tricks can be employed

Denali

• Provides minimalistic, fast containers for virtual machines

Provides its own virtual architecture instead of using the underlying system architecture

Denali Virtualization

• CPU: Direct Execution w/ Extensions

• Idle loop instruction

• Interrupt Queueing

• New Interrupt Semantics

• MEM: Eliminates Virtual Memory

I/O: Generic I/O support for Devices

Xen

• Goal is to paravirtualize commodity operating systems (e.g. Linux)

• Application level binary compatibility

Xen has meet most of its goals and provides ports of Linux, BSD, and Windows

The Xen Difference

• Some times keeping the Guest OS completely “in the dark” is bad

• Completely hiding the virtualization of resources from a guest risks both performance and correctness

Example: Timing

Xen Virtualization

• CPU: Direct Execution

• Guest executes in ring 1

• Exception handlers registered with Xen

• MEM: Guest maintains page tables

• I/O: Shared Asynchronous Descriptor Rings

Lightweight event system

References

• Robert Rose, “Survey of System Virtualization Techniques”

• Mendel Rosenblum et al., “Virtual Machine Monitors: Current Technology and Future Trends”, IEEE Computer, May 2005, Issue 5, pg. 39-47

• Paul Barham et al., “Xen and the Art of Virtualization”, SOSP’03, pg. 164-177

VMWare, “Virtualization Overview”, Whitepaper

Questions?