Virtualization a Limitless World

Download Virtualization a Limitless World

Post on 05-Apr-2018

214 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • 8/2/2019 Virtualization a Limitless World

    1/6

    )Abstract:

    Virtuali

    suchas

    Theusu

    overall

    )Introducti

    Inthep

    Oneop

    machin

    eachoth

    were:

    Virtuali

    Robert

    Machin

    thetypi

    Ashep

    nonpri

    privilag

    softwar

    instructi

    softwar

    Virtuali

    thissoft

    systems

    operati

    machin

    switchin

    Support

    machin

    ation,inco

    ahardware

    algoalofvir

    ardwarere

    on:

    ast

    ratingsyste

    .Variousap

    er.Machine

    Lowserver

    Overallincr

    ationera

    .Goldberg

    sResearch.

    Virtualma

    calthirdgen

    intsout,su

    ilegedmod

    dmodethe

    nucleus(a

    ionsormak

    nucleusin

    ationisaso

    warelayerd

    .The

    Virtual

    gsystems.

    cannowh

    gbehindsc

    ingmultiple

    canhostse

    irtuali

    puting,ist

    platform,op

    tualizationi

    sourceutiliz

    mononem

    plicationsw

    utilisation

    tilization,a

    aseinhard

    escribesth

    Hesaid:

    hinesyste

    erationarch

    hsystemsh

    .Inprivileg

    yarenot.T

    ologustok

    supervisor

    ordertoha

    ftwarelayer

    oesistodiv

    izationLaye

    achOShas

    stanumbe

    nes.

    instanceso

    veralLinux/

    ation:

    ecreation

    eratingsyst

    tocentraliz

    ation.

    achine,sot

    ouldrunon

    asverylow

    nd

    arecost,e

    thenstate

    swere

    origi

    itecturesan

    adadualst

    dmodealli

    eo.sprovid

    rnel).User

    calls e.g.,

    eprivileged

    inbetween

    idethereso

    ris

    in

    charg

    theillusiont

    rofoperatin

    Operating

    Windowcop

    ALimi

    favirtual(

    em,astorag

    eadministr

    heOShadc

    thatmachin

    ,mosttime

    c.

    ofthingsin

    nallydevelo

    dMultipro

    atehardwar

    instructions

    esasmallr

    programsc

    SVC's (anal

    functions

    themachin

    urcesofthe

    ofmultiple

    hatitcontr

    gsystemsb

    ystems:Ho

    ies.

    less

    atherthan

    edeviceor

    tivetasks

    mpletecon

    e,butthese

    itwasbelo

    his1974pa

    pedto

    corre

    rammingo

    eorganizati

    areavailabl

    sidentprog

    uldexecute

    logoustosy

    .g.,I/O pe

    andtheop

    machinea

    xingthe

    har

    lsthecomp

    ecausethe

    ogeneous

    orld

    ctual)versi

    etworkres

    hileimprovi

    trolofther

    application

    25%.Othe

    ertitledSu

    ctsome

    of

    t

    eratingsyst

    naprivil

    totheappl

    amcalledt

    thenonpri

    temcalls)t

    rformedon

    eratingsyst

    ongallthe

    wareresou

    letehardwa

    irtualization

    orHeteroge

    nofsomet

    urces.

    ingscalabilit

    esourcesin

    scouldaffe

    rdisadvanta

    veyofVirtu

    heshortco

    emse.g. O

    gedmode

    licationwhil

    eprivilege

    vilegedhard

    theprivile

    theirbehalf

    em.Essentia

    guestopera

    rcesto

    seve

    rebut,infa

    layermake

    neous,one

    ing,

    yand

    hat

    t

    ges

    al

    ingsof

    /360.

    nda

    innon

    ware

    ed

    .

    llywhat

    ing

    ral

    t,the

    sallthe

    hysical

  • 8/2/2019 Virtualization a Limitless World

    2/6

    )Hardware

    x86mo

    Thepro

    Thegre

    Thefig.

    (reservecriticals

    softwar

    Thepro

    fromac

    process

    Tocarry

    recogni

    Curre

    task.Iti

    privilegchanges

    level.

    Descri

    theDPL

    executi

    compar

    DPLisin

    Reque

    selector

    withth

    accesst

    ofsuffic

    CPL,the

    doesno

    privileg

    Privileg

    segmen

    control

    followin

    Virtual

    Eachvir

    thepri

    TheVM

    Specificatio

    es:Privilag

    cessorsseg

    ternumber

    showshow

    d

    for

    the

    moftware,us

    .(Systems

    cessoruses

    essingase

    rdetectsa

    outprivileg

    esthefollo

    tprivilegel

    sstoredinb

    level

    of

    thetheCPLwh

    ptorprivileg

    fieldofthe

    gcodeseg

    dtotheCP

    terpreteddi

    stedprivile

    s.Itisstore

    CPLtodete

    oasegment

    ientprivileg

    RPLoverrid

    taccessase

    sforthats

    levelsarec

    tregister.T

    amongcode

    gsections.

    achineM

    tualmachin

    arylinkbet

    Mprimarily:

    Presentse

    IsolatesVM

    ns:

    elevels

    entprotec

    smeanless

    heselevels

    st

    privilegeallytheker

    hatuseonl

    rivilegelev

    mentwith

    privilegelev

    elevelchec

    ingthreet

    vel(CPL)

    its0and1o

    code

    segmenprogram

    elevel(DPL)

    egmentor

    entattemp

    LandRPLof

    ifferently,d

    elevel(RPL

    inbits0an

    rmineifacc

    hassufficie

    elevel.That

    estheCPL,

    gmentonb

    gment.

    heckedwhe

    echecksus

    segments;t

    nitor

    interfaces

    eenaVM

    ulatedhard

    fromtheh

    tionmecha

    rprivileges.

    ofprivilege

    code,

    datanelofanop

    2ofthe4p

    lstopreve

    greaterpri

    elviolation,

    ksbetween

    pesofprivil

    TheCPList

    ftheCSand

    nt

    from

    whcontrolistr

    TheDPL

    atedescrip

    tstoaccess

    thesegmen

    pendingon

    TheRPL

    d1ofthese

    esstoaseg

    tprivileget

    is,iftheRP

    ndvicever

    halfofana

    nthesegme

    edfordata

    herefore,th

    ithits

    host

    ndthehost

    waretothe

    ostOSandf

    ismrecogni

    anbeinter

    ,

    and

    stacks)ratingsyst

    ossibleprivi

    taprogram

    ilege,exce

    itgenerates

    codesegme

    legelevels:

    heprivilege

    SSsegment

    ich

    instructinsferredto

    istheprivil

    orforthes

    asegment

    torgatesel

    thetypeof

    isanoverri

    gmentsele

    entisallo

    oaccessth

    ofasegme

    a.TheRPL

    pplicationp

    ntselector

    ccessdiffer

    etwokinds

    systemvia

    OSandhar

    virtualmac

    romeachot

    zes4privile

    retedasrin

    is

    used

    for

    m.Outerrin

    legelevelss

    ortaskope

    tundercon

    ageneralp

    ntsanddata

    levelofthe

    registers.N

    ns

    are

    beinacodeseg

    gelevelof

    gmentorg

    rgate,the

    ector(asde

    segmentor

    eprivilegel

    tor.Thepro

    ed.Evenif

    segment,a

    ntselectori

    anbeused

    rogramunle

    fasegmen

    fromthose

    ofaccesses

    hevirtual

    m

    ware,theV

    ine

    her

    elevels,nu

    gsofprotec

    he

    segmentgsareused

    houldusele

    ratingatal

    rolledsitua

    rotectionex

    segments,t

    currentlyex

    ormally,the

    fetched.

    Tentwitha

    segmento

    te.Whent

    PLofthese

    cribedlater

    atebeinga

    evelthatis

    cessorchec

    heprogram

    ccessisdeni

    numericall

    oinsureth

    sstheprogr

    descriptori

    sedfortra

    areconsider

    achinemon

    MMprovid

    mberedfro

    tion.Thece

    s

    containingforlesscriti

    vels0and3

    sserprivile

    tions.When

    ception(#G

    heprocesso

    ecutingpro

    CPLisequa

    e

    processoifferentpri

    gate.Itiss

    ecurrently

    gmentorga

    inthissecti

    ccessed.

    ssignedtos

    kstheRPLal

    ortaskreq

    ediftheRP

    greaterth

    tprivileged

    amitselfha

    isloadedint

    sfersofpro

    edseparate

    itor(VMM).

    sacrucialr

    0to3.

    ter

    the

    al

    .)

    elevel

    the

    ).

    r

    ramor

    ltothe

    ilege

    oredin

    teis

    on).The

    egment

    ong

    esting

    isnot

    nthe

    code

    access

    oa

    gram

    lyinthe

    Being

    ole.

  • 8/2/2019 Virtualization a Limitless World

    3/6

    ThrottlesindividualVMaccesstosystemresources,preventinganunstableVMfrom

    impactingsystemperformance

    PasseshardwareinstructionstoandfromtheVMandthehostOS/hypervisorWhenfullvirtualizationisemployed,theVMMwillpresentacompletesetofemulatedhardwareto

    theVM'sguestoperatingsystem.ThisincludestheCPU,motherboard,memory,disk,diskcontroller,

    andnetworkcards.Forexample,MicrosoftVirtualServer2005emulatesanIntel21140NICcardand

    Intel440BXchipset.Regardlessoftheactualphysicalhardwareonthehostsystem,theemulated

    hardware

    remains

    the

    same.

    ThenextsignificantroleoftheVMMistoprovideisolation.TheVMMhasfullcontrolofthephysical

    hostsystem'sresources,leavingindividualvirtualmachineswithaccessonlytotheiremulated

    hardwareresources.TheVMMcontainsnomechanismsforinterVMcommunication,thusrequiring

    thattwovirtualmachineswishingtoexchangedatadosooverthenetwork.

    AnothermajorroleoftheVMMistomanagehostsystemresourceaccess.Thisisimportant,asit

    canpreventoverutilizationofoneVMfromstarvingouttheperformanceofotherVMsonthesame

    host.Throughthesystemconfigurationconsole,systemhardwareresourcessuchastheCPU,

    network,anddiskaccesscanbethrottled,withmaximumusagepercentagesassignedtoeach

    individualVM.ThisallowstheVMMtoproperlyscheduleaccesstohostsystemresourcesaswellas

    toguaranteethatcriticalVMswillhaveaccesstotheamountofhardwareresourcestheyneedto

    sustain

    their

    opera