webinar: intel®virtualization technology for embedded
TRANSCRIPT
1
Webinar:
Intel® Virtualization
Technology for Embedded
Applications
Tanveer Alam
Platform Architect
Intel Embedded and Communications Group
2
Legal Disclaimer
INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL® PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT.
UNLESS OTHERWISE AGREED IN WRITING BY INTEL, THE INTEL PRODUCTS ARE NOT DESIGNED NOR INTENDED FOR ANYAPPLICATION IN WHICH THE FAILURE OF THE INTEL PRODUCT COULD CREATE A SITUATION WHERE PERSONAL INJURY OR DEATH MAY OCCUR.
Intel may make changes to specifications and product descriptions at any time, without notice. Designers must not rely on theabsence or characteristics of any features or instructions marked "reserved" or "undefined." Intel reserves these for future definition and shall have no responsibility whatsoever for conflicts or incompatibilities arising from future changes to them. The information here is subject to change without notice. Do not finalize a design with this information.
The products described in this document may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request.
Contact your local Intel sales office or your distributor to obtain the latest specifications and before placing your product order.
Copies of documents which have an order number and are referenced in this document, or other Intel literature, may be obtained by calling 1-800-548-4725, or by visiting Intel's Web Site.
Intel® Virtualization Technology requires a computer system with an enabled Intel® processor, BIOS, virtual machine monitor (VMM) and, for some uses, certain computer system software enabled for it. Functionality, performance or other benefits will vary depending on hardware and software configurations and may require a BIOS update. Software applications may not be compatible with all operating systems. Please check with your application vendor.
Intel processor numbers are not a measure of performance. Processor numbers differentiate features within each processor family, not across different processor families. Click here for details.
All products, computer systems, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.
Intel, the Intel logo, Intel Atom, Intel Core, Pentium, and Xeon are trademarks or registered trademarks of Intel Corporation orits subsidiaries in the United States and other countries.
*Other names and brands may be claimed as the property of others.Copyright © 2010, Intel Corporation. All rights reserved.
3
Intel® vPro™ Technology for Embedded
What is Virtualization? Definitions
Benefits
What is Intel® Virtualization Technology (Intel® VT)? Hardware-assisted virtualization across the platform
Embedded Virtualization Segment-based Usage Models: Military, Aerospace and Government (MAG)
Embedded Medical
Telecoms
Industrial
Gaming
Implementing Intel VT
Platform Requirements
3
Agenda
4
Intel vPro Technology for Embedded
5
What is Virtualization ?
• Hardware and software-based
system configuration strategy
• Enables multiple software
environments to co-exist on the
same piece of hardware
• Creates separate, self-contained
“virtual” computer nodes called
Virtual Machines (VMs)
• Requires intermediary software
layer to manage the VMs:
Virtual Machine Monitor (VMM)
* Other names and brands may be claimed as the property of others.
VM0
Guest OS0
App App App
VM1
Guest OS1
App App App
New Layer of Software
Open Linux*Windows*
VMM is the intermediary software layer that manages
these virtual machines
Virtual Machine Monitor (VMM)
Physical Host Hardware
6
The Benefits of Virtualization
• Optimizes utilization of hardware
resources through system
consolidation
• Preserves legacy applications/code
when migrating to new systems
• Allows legacy and new applications
to co-exist without interference
• Eliminates/reduces system
downtime by enabling live migration
of running applications
• Reduces TCO
• Provides information assurance/data
integrity with multiple protected
domains
* Other names and brands may be claimed as the property of others.
VM0
Guest OS0
App App App
VM1
Guest OS1
App App App
Open Linux*Windows*
VMM is the intermediary software layer that manages
these virtual machines
Virtual Machine Monitor (VMM)
Physical Host Hardware
7
Virtualization DefinitionsPara-Virtualization
• OS and device drivers are “aware” they are being used in a virtualized environment
• Code modified to support a para-virtualized environment
• OS source code must be available to make these modifications
UnmodifiedOperating
System
Virtual Machine Monitor
ApplicationRing 3
Ring 1
Ring 0
Hardware
Operating
System
Driver
Front End
Application
Binary Patching
Full Virtualization
• OS and device drivers are unaware they are being used in a virtualized environment
• OS and drivers run in their original, native configuration
UnmodifiedOperating
System
Virtual Machine Monitor
ApplicationRing 3
Ring 0
Ring 0
Hardware with Intel®
Virtualization Technology
UnmodifiedOperating
System
Application
Ring 3
VMX Non RootMode
VMXRootMode
8
UnmodifiedOperating
System
VMM / Hypervisor
ApplicationRing 3
Ring 0
Hardware with Intel®
Virtualization Technology
UnmodifiedOperating
System
Application
VMX Non RootMode
VMXRootMode
Ring 0
Ring 3
Virtualization Definitions (Continued)
Virtual Machine Monitor (VMM)
Software intermediary layer manages OS attempts to access underlying hardware and redirects the call appropriately.
Hypervisor/Thin-Hypervisor
Non-hosted – or “thin” – VMM that functions as a pure interface between the hardware and the OS. Also known as a Thin-Hypervisor.
9
“Hypervisor” Variants Used in Embedded Virtualization
Multi-Core Intel® Architecture with Intel® Virtualization Technology
Hypervisor
Applications
Guest
OS1
Applications
Guest
OS2
Applications
Guest
OSn…..
Type 1 (Native, Bare-Metal,..)
A pure Hypervisor that runs directly on the hardware and hosts Guest OS’s.
Examples: WindRiver* Hypervisor, Green Hills*’ Integrity*, LynuxWorks*’ LynxSecure*, Real-Time System’s RTS-Hypervisor; Xen and KVM (open source)
Host OS Host OS Service’s
Multi-Core Intel ® Architecture with Intel ® Virtualization Technology
Hypervisor
Applications
Guest
OS1
Applications
Guest
OS2
Applications
Guest
OSn…..
Type 2 (Hosted…)
A Hypervisor that runs within a Host OS and hosts Guest OS’s inside of it, using the host OS services to provide the virtual environment.
Examples : Microsoft* HyperV, TenAsys* eVMVMware VMPlayer/Workstation, QEMU (open source).
* Other names and brands may be claimed as the property of others.
10
What is Intel® Virtualization
Technology – or Intel® VT?
11
Intel® VT-d
Hardware-based virtualization assistance found in Intel® chipsets
Intel® VT-c
Virtualization technology built into Intel ®
networking and I/O devices
Intel® Virtualization Technology
Intel® VT-x
Technology built into Intel® 64-bit and 32-bit
processors
Chipset Network
Intel® VT-x: Intel® Virtualization Technology (Intel® VT) for IA-32, Intel® 64 and Intel® ArchitectureIntel® VT-d: Intel® Virtualization Technology (Intel® VT) for Directed I/O Intel® VT-c: Intel® Virtualization Technology (Intel® VT) for Connectivity
Processor
Intel® Virtualization Technology (Intel® VT)
Hardware-assistance for virtualization, offered across the entire hardware platform (CPU, Chipset, I/O)
12
Intel ® VT provides hardware assistance to the virtualization software, reducing its size and complexity and enabling lower cost, more efficient,
secure, and powerful virtualization solutions.
Intel® Virtualization Technology: Virtualization Across the Platform
MemoryProcessors I/O Devices
Storage
Network
…
ProcessorVirtualization
MemoryVirtualization
I/O DeviceVirtualization
BinaryTranslation
RingDeprivileging
Page-tableShadowing
I/O DMARemapping
InterruptRemapping
I/O DeviceEmulation
VT-x EPT VT-d VT-c
Intel VT-xConfiguration
EPTConfiguration
DMA and Interrupt RemapConfiguration
SharableI/O Config
Intel® VT-x: Intel® Virtualization Technology (Intel® VT) for IA-32, Intel® 64 and Intel® ArchitectureIntel® VT-d: Intel® Virtualization Technology (Intel® VT) for Directed I/O Intel® VT-c: Intel® Virtualization Technology (Intel® VT) for Connectivity
VM0
OS
Apps
VM1
OS
Apps
VM2
OS
Apps
VMn
OS
Apps
13
VMMSoftware
Software-only VMMsBinary translationParavirtualization
IO-Device Emulation
Simpler and moreSecure VMMs
through foundationof virtualizable ISA
Better I/O andCPU Performanceand Robustness vihardware support
Vector 3:I/O Device Focus
Assists for endpoint I/O device sharing:
Support for PCI-SIG Standards
Network Virtualization (VMDq)
Richer IO-deviceFunctionality
and Sharing forlegacy and
paravirtualized OSes
Vector 1:Processor Focus
Vector 2:Platform Focus
Baseline Infrastructure: DMA Remapping
Performance Assists: EPT
APIC TPR
VPIDs µ-Arch Opt.
Close basicprocessor
“virtualization holes”in IA-32 CPUs
Enhanced support for: APIC Virtualization VM Switching
Misc Other
Enhanced Platform Support:
Interrupt Remapping
Perf Enhancements
PCI-SIG compliance
Intel® VT-x: Intel® Virtualization Technology (Intel® VT) for IA-32, Intel® 64 and Intel® ArchitectureIntel® VT-d: Intel® Virtualization Technology (Intel® VT) for Directed I/O Intel® VT-c: Intel® Virtualization Technology (Intel® VT) for Connectivity
Intel® VT Development RoadmapVMM software evolution over time with Intel® Virtualization Technology hardware support
VT-c
VT-d
VT-x
14
Usage Models for
Intel® Virtualization Technology
15
Embedded Virtualization Usage Models
Legacy OS(Single threaded:
OS/RTOS)
Real Time KernelUser Space
Hypervisor
Embedded OS withGUI, calendar,
voice mail,games etc.
CPU 1
Thin Hypervisor
Media (Phone, Video)
Application
CPU 0
Antenna
Linux* X-windows
MS Windows*
Legacy OS Consolidation
Performance-Critical Application Separation
Trusted/Open Application Integration
RTOS & GPOS Consolidation
Thin Hypervisor
Legacy OS(Single threaded
OS/ RTOS )Guest OS
StandardNetBSD
Modified NetBSD*SMP kernel
IP Stack Changes
Hypervisor
CPU 1 CPU 0
NIC Chipset
CPU 1 CPU 0
NIC Chipset
VT-x & VT-d enabledMulti-Core Intel® Architecture
API Real Time Process
VT-x & VT-d enabledMulti-Core Intel Architecture
VT-x & VT-d enabled Multi-Core Intel Architecture VT-x & VT-d enabled Multi-Core Intel Architecture
* Other names and brands may be claimed as the property of others.VT-x: Intel® Virtualization Technology (Intel® VT) for IA-32, Intel® 64 and Intel® ArchitectureVT-d: Intel® Virtualization Technology (Intel® VT) for Directed I/O
16
Embedded Virtualization Usage Model Applicability by Segment
Milita
ry, A
ero
space &
G
overn
ment (M
AG
)
Reta
il
Sto
rage
Em
bedded G
am
ing
Em
bedded M
edic
al
Industria
l Contro
l / Auto
matio
n
Media
Phone
Tele
com
munic
atio
n /
Route
rs / A
pplia
nces
In-V
ehic
le
Info
tain
ment
Dig
ital S
ignage
Hom
e/ B
uild
ing
Auto
matio
n
Dig
ital S
urv
eilla
nce
GPOS and RTOS Consolidation
Legacy OS Consolidation
Trusted & Open Application Integration
Performance Critical Application Separation
Applicable Less LikelyLegend : Potential
Embedded Usage Model’s
Embedded Application Segments
Virtualization usage models, Applicability and Value varies by segment
17
Embedded Virtualization
Applications
• Military, Aerospace, Government (MAG)• Embedded Medical• Embedded Telecoms• VoIP, Video and Converged Communications• Industrial• Embedded Gaming
18
Military, Aerospace, Government (MAG)Information Assurance: Multiple Levels of Security on a Single Platform
Intel® VT Solution:
Problem:
• Need for information
assurance
• Consolidate multiple
security level platforms
into a single platform
• Create separate domains
for all applications and
OS’s
• Isolate network traffic
and access domains Top SecretSecretUnclassified
* Other names and brands may be claimed as the property of others.
Secret Top Secret Unclassified Optional System Management
App
App
App
App
App
App
App
App
App
App
Linux*
Virtual BOIS/Driver
RTOS
Virtual BOIS/Driver
Windows*
Virtual BOIS/Driver
Unmodified Linux*
Virtual BOIS/Drivers
Middleware Secure Middleware
Light weight-Highly Trusted Separation Kernel (Virtual Machine Monitor)
PhysicalMemory
AssignedDevices
Shared Devices
Cores 0 1 2 3
Non Root Mode
Root Mode
Rin
g 3
Rin
g 0
Rin
g 0
P
19
* Other names and brands may be claimed as the property of others.
RTOS
Data,Streaming
Voice &Video
over IP
Real-TimeSystem Control
Signal Processing(Visual
Enhancement)
Multi-Core Intel® Architecture withIntel® VT
Thin Hypervisor
GPOS (Windows*,
Linux*)
Non-Real TimeApplications
(Maps, Navigation,Visibility, etc.)
Military, Aerospace, Government (MAG) - continuedReal-Time and Non Real-Time Application Convergence
Problem:
• Multiple systems needed for
real-time/mission-critical control
and communication applications
• Converge communication applications and real-
time system control and applications (e.g.
maps, navigation) on fewer hardware platforms
• Same reliability packed on less hardware
Intel® VT Solution:
20
* Other names and brands may be claimed as the property of others.
VT-x: Intel® Virtualization Technology (Intel® VT) for IA-32, Intel® 64 and Intel® ArchitectureVT-d: Intel® Virtualization Technology (Intel® VT) for Directed I/O
Embedded MedicalConsolidate Real-Time Control, HMI and GUI on One Hardware Platform
Problem:
• Add new features
• Maintain FDA and safety compliance
• Reduce costs of certification
• Portability
• Consolidate real-time control, HMI and
GUI onto a single platform
• Fewer hardware components = smaller
system
• Easier to upgrade, add new features
Intel® VT Solution:
21
Embedded TelecomsUpgrade to New Hardware, Preserve Legacy OS and Applications
VT-x: Intel® Virtualization Technology (Intel® VT) for IA-32, Intel® 64 and Intel® ArchitectureVT-d: Intel® Virtualization Technology (Intel® VT) for Directed I/O
Thin Hypervisor
LegacyOS
(Ex. VxWorks*)
LegacyOS
(Ex. QNX*)Guest OS
Intel® VT Solution:
Problem:
• Legacy OS and applications are single
threaded
• Extensive repository of legacy code is
irreplaceable
• Porting to a modern OS is not an option
• Migrate single-threaded legacy applications
to next-generation multi-core platforms
• Consolidate legacy applications and OS’s on one platform
• Use VMs to emulate legacy environment; other VMs can host new applications
• Preserve legacy code base
• Increase system performance via next-generation multi-core Intel® architecture
* Other names and brands may be claimed as the property of others.
VT-x & VT-d enabled Multi-CoreIntel® Architecture
22
User Space
StandardNetBSD
Modified NetBSD*SMP kernel
IP Stack Changes
Xen*/KVM* Virtual Machine Monitor
Embedded Telecoms - continuedSeparate Performance-Critical Applications on the Platform
Intel® VT Solution:
Problem:
• Kernel modifications create
dependencies that prohibit moving
to latest distributions
• Performance-critical application separation
• Host legacy modified kernel beside standard distribution on open source hypervisor
• Revalidation of changes is not required
• Open source approach is maintained
VT-x: Intel® Virtualization Technology (Intel® VT) for IA-32, Intel® 64 and Intel® ArchitectureVT-d: Intel® Virtualization Technology (Intel® VT) for Directed I/O
* Other names and brands may be claimed as the property of others.
VT-x & VT-d enabled Multi-CoreIntel® Architecture
23
Thin Hypervisor
Cell Phone Application
Embedded OS with GUI, calendar,
voice mail, games etc..
Cell Network
VoIP, Media and Converged CommunicationsSafely Host Trusted and Open Applications on One Platform
CPU 1 CPU 0
AntennaIntel® VT Solution:
Problem:
• Platform must offer reliability and
QOS with the flexibility of new
application hosting
• Create closed VMs for call control and critical
applications; open VM for application development
Solves the problem of “un-trusted” software
Reduces platform complexity
Separates functionality
Enables new x86 application development
Multi-Core Intel® Architecture with Intel® Virtualization Technology
24
IndustrialConsolidate RTOS and GPOS on One Hardware Platform to Save Cost
VT-x: Intel® Virtualization Technology (Intel® VT) for IA-32, Intel® 64 and Intel® ArchitectureVT-d: Intel® Virtualization Technology (Intel® VT) for Directed I/O * Other names and brands may be claimed as the property of others.
ITNetwork
Real Time Kernel
Hypervisor
Linux* X-windows
MS Windows*
CPU 1 CPU 0
API Real Time Process
NIC Chipset Intel® VT Solution:
Problem:
● Competitive pricing pressure requires reduced platform cost
● Real-time processes require determinism
● RTOS/GPOS consolidation● Run real-time control and GUI on
the same platform● Reduce hardware CapEx/OpEx
VT-x & VT-d enabled Multi-Core Intel® Architecture
25
Embedded GamingEnabling support for next gen platforms and OSes while providing a transition path for legacy applications
* Other names and brands may be claimed as the property of others.
Intel® VT Solution:
Problem:
• Support transition to newer
generation platforms.
• Support for older generation OS
and games on new hardware.
• Consolidate and increase
performance.
• Use Intel® VT to run two concurrent
Oses on the same gaming machine.
• Use VT-d technology to directly assign
video hardware (both discrete and
native) to guest operating systems.
Thin Hypervisor
Windows New Gen Games
Legacy Games
Full GFX OS(Windows*)
Legacy OS (QNX*, DOS*)
Multi-Core Intel® Architecture withIntel® VT
Gfx
passth
rou
gh
Gfx
passth
rou
gh
Native GfxDiscreet Gfx
26
Implementing Intel®
Virtualization Technology
27
VT-x: Intel® Virtualization Technology (Intel® VT) for IA-32, Intel® 64 and Intel® Architecture +Intel® Core™ i3 does not support VT-dVT-d: Intel® Virtualization Technology (Intel® VT) for Directed I/O
Hardware and Software Components Needed
Component Feature Needed
Hardware Components
Processor Intel® VT-x enabled (support for VMX operations)
Chipset Intel® VT-d enabled
Software Components
BIOSSupport for enabling Intel® Virtualization Technology
VMM/HypervisorCheck for your Operating System support for the VMM selected, “Refer to the next slide for more details”
The newer generation, Intel® Core™ i7, i5, i3+ family of products and Intel® Core™ 2 Duo and their corresponding chipsets have “Intel® Virtualization Technology” already built-in . However,
this still requires BIOS enabling and board vendor/OEM validation.
28
The Guest Domain should now start up
For more details/resources and installation “How To” visit: http://www.linux-kvm.org/page/Downloads
Example of Enabling Virtualization on an Intel® VT Supported Platform
* Other names and brands may be claimed as the property of others.
Step 1: Download KVM* source “kvm-release.tar.gz” at the following link
http://www.linux-kvm.org/page/Downloads
KVM (Kernel-based Virtual Machine) is an open source free-to-download VMM
Step 2: Unpack and configure KVM components
Step 3: Create a disk image for the guest
Step 4: Install the Guest Operating System
4a: Insert Linux*/Windows* installation CD into the CDROM
4b: Execute the command for installing the OS (Refer to the link below)
4c: Follow the normal installation procedure
Step 5: Run the newly installed Guest OS
5a: Execute the command to start the OS (Refer to the link below)
29
Intel® TXT and Intel® VT Technologies
MVMM
VM0
App0 App[n-1] Appn
MVMM
VM0
App0
VM1 VM(n)
Appn
OR
App0
Single Domain & Security Multiple Domains, Varying Security
Intel® VT is a prerequisite for implementing Intel® TXT
Securethis criticalVMM/Hypervisor with Intel® TXT
30
VirtualMachines(VMs)
VMM(a.k.a.,hypervisor)
PhysicalPlatformResources
Intel® VT-x: Intel® Virtualization Technology (Intel® VT) for IA-32, Intel® 64 and Intel® ArchitectureIntel® VT-d: Intel® Virtualization Technology (Intel® VT) for Directed I/O Intel® VT-c: Intel® Virtualization Technology (Intel® VT) for Connectivity
Bringing it all together…
MemoryProcessors I/O Devices
Storage
Network
Processor Virtualization Memory Virtualization I/O Device Virtualization
BinaryTranslation
RingDeprivileging
Page-tableShadowing
I/O DMARemapping
InterruptRemapping
I/O DeviceEmulation
Higher-level VMM Functions:Resource Discovery / Provisioning / Scheduling / User Interface
…VM0
OS
Apps
VM1
OS
Apps
VM2
OS
Apps
VMn
OS
Apps
VT-x EPT VT-d VT-c
VT-xConfiguration
EPTConfiguration
SharableI/O Config
PCI SIG
DMA and Interrupt RemapConfiguration
31
Key Takeaways
* Other names and brands may be claimed as the property of others.
Virtualization technology enables abstraction of the platform to allow various software environments to co-exist and make use of hardware resources
“Virtualization usage models” and a “VMM Ecosystem” exists specifically for embedded solutions
Embedded designs can save CapEx/OpEx with virtualization
Virtualization allows preservation of legacy OS and applications, and opens new opportunities for embedded customers to create value
Intel supports its virtualization technology across all platform roadmaps: Intel®
Atom™ processor (excluding VT-d) to Intel® Xeon® processor
32
Key Takeaways
* Other names and brands may be claimed as the property of others.
33
For more information visit the following links:
• Intel® Virtualization Technologywww.intel.com/technology/virtualization
• Intel® Virtualization Technology for Connectivity (Intel® VT-c)
www.intel.com/network/connectivity/solutions/virtualization.htm
• Intel® Technology Journal featuring Intel® Virtualization Technology
www.intel.com/technology/itj/2006/v10i3/
• Intel® 64 and IA-32 Architectures Software Developer's Manuals
http://www.intel.com/products/processor/manuals/index.htm
• Intel® Virtualization Developer Community
www.intel.com/software/virtualization
• Intel® Embedded Design Center
http://edc.intel.com/
• Intel® Embedded and Communications Alliance
www.intel.com/design/network/ica/index.htm
34