VIRTUALIZATION

DP@AOT
 Need For Virtualization
 Increased performance and computing capacity: Average end-user
desktop PC is powerful enough to meet almost all the needs of everyday
computing, with extra capacity that is rarely used.

 Underutilized hardware and software resources: Hardware and software

underutilization is occurring due to (1) increased performance and
computing capacity, and (2) the effect of limited or sporadic use of
resources.

 Lack of space: In most cases enterprises cannot afford to build another

data center to accommodate additional resource capacity. (Server
Consolidation)

 Greening initiatives

 Rise of administrative costs

DP@AOT
A Virtualization Reference Model

DP@AOT
 Characteristics of Virtualization
1. Increased security:
 All the operations of the guest are generally performed against the
virtual machine, which then translates and applies them to the
host., which allows the virtual machine manager to control and
filter the activity of the guest, thus preventing some harmful
operations from being performed.

 Resources exposed by the host can then be hidden or simply

protected from the guest.

DP@AOT
 Characteristics of Virtualization
2. Managed execution:
 Sharing: Virtualization allows the creation of a separate
computing environments within the same host.

 Aggregation: A group of separate hosts can be tied together and

represented to guests as a single virtual host. This function is
naturally implemented in middleware for distributed computing.

 Emulation: A completely different environment with respect to

the host can be emulated, thus allowing the execution of guest
programs requiring specific characteristics that are not present
in the physical host.

DP@AOT
 Characteristics of Virtualization

 Isolation: Allows multiple guests to run on the same host without

interfering with each other. Second, it provides a separation
between the host and the guest.

DP@AOT
 Characteristics of Virtualization
3. Performance tuning: Easier to control the performance of the guest
by finely tuning the properties of the resources exposed through the
virtual environment.

Note: Allows virtual machine managers such as Xen Hypervisor to stop

the execution of a guest operating system, move its virtual image into
another machine, and resume its execution in a completely
transparent manner. This technique is called virtual machine
migration.

4. Portability: In the case of a hardware virtualization solution, the

guest is packaged into a virtual image that, in most cases, can be safely
moved and executed on top of different virtual machines.

DP@AOT
Machine Reference Model

DP@AOT
 Machine Reference Model
 Virtualization techniques actually replace one of the layers and
intercept the calls that are directed towards it.

 ISA defines instruction set for the processor, registers, memory and
interrupt management.

 ISA is important for OS developer and developers of applications

that directly manage the underlying h/w.

 ABI covers the details such as low level data types, alignment, and
call conventions and defines a format for executable programs.

 ABI interface allows portability of applications and libraries across

operating systems that implement the same ABI.
DP@AOT
 Machine Reference Model
 The high-level abstraction is converted into machine-level
instructions to perform the actual operations supported by the
processor.

 Layered approach simplifies

i)development and implementation of computing systems
ii)Implementation of multitasking and the coexistence of multiple
executing environments
iii)provides ways to implement a minimal security model for managing
and accessing shared resources.

DP@AOT
 Hypervisors
 The hypervisor is generally a program or a combination of software
and hardware that allows the abstraction of the underlying physical
hardware.
Three criteria's established by Goldberg and Popek in 1974.
Equivalence: A guest running under the control of a virtual machine
manager should exhibit the same behavior as when it is executed
directly on the physical host.

Resource control: The virtual machine manager should be in complete

control of virtualized resources.

Efficiency. A statistically dominant fraction of the machine instructions

should be executed without intervention from the virtual machine
manager.
DP@AOT
Hypervisors

DP@AOT
 Hypervisors

 Managed by the operating system, which interact with it through

the ABI and emulate the ISA of virtual hardware for guest operating
systems. (Hosted Virtual Machine)

 Interact directly with the ISA interface exposed by the underlying

hardware, and they emulate this interface in order to allow the
management of guest operating systems. (Native virtual machine)

DP@AOT
Hypervisor Reference Architecture

DP@AOT
 Hypervisor Reference Architecture
 Dispatcher constitutes the entry point of the VMM and reroutes the
instructions issued by the virtual machine instance to other
modules.

 Whenever a virtual machine tries to execute an instruction that

results in changing the machine resources associated with that VM,
the allocator is invoked by the dispatcher.

 Interpreter module consists of interpreter routines. These are

executed whenever a virtual machine executes a privileged
instruction: a trap is triggered and the corresponding routine is
executed.

DP@AOT
 Hardware Virtualization

Provides ISA to virtual machines, which is the representation of the

hardware interface of a system(system
DP@AOT virtualization)
Taxonomy of Virtualization Techniques

DP@AOT
 Hardware Virtualization
Full virtualization:

 virtual machine managers are required to provide a complete

emulation of the entire underlying hardware.

 A simple solution to achieve full virtualization is to provide a virtual

environment for all the instructions, thus posing some limits on
performance.

 Not allowing potentially harmful instructions to be executed

directly on the host

DP@AOT
 Hardware Virtualization
Full virtualization:

 A key challenge is the interception of privileged instructions such as

I/O instructions: Since they change the state of the resources
exposed by the host, they have to be contained within the virtual
machine manager.

 The principal advantage of full virtualization is complete isolation,

which leads to enhanced security, ease of emulation of different
architectures, and coexistence of different systems on the same
platform.

DP@AOT
 Hardware Virtualization
Paravirtualization:
 Enables the execution of performance-critical operations directly
on the host, thus preventing performance losses that would
otherwise be experienced in managed execution.

 Non-transparent virtualization solution that allows implementing

thin virtual machine managers

 Expose a software interface to the virtual machine that is slightly

modified from the host and, as a consequence, guests need to be
modified.

 Allows a simpler implementation of VMM that have to simply

transfer the execution of these operations, which were hard to
virtualize, directly to the host. DP@AOT
 Hardware Virtualization
Paravirtualization:

 Guest OS need to be modified and explicitly ported by remapping

the performance-critical operations through the virtual machine
software interface.

 Possible when the source code of the operating system is available,

and this is the reason that Paravirtualization was mostly explored in
the open source and academic environment.

 Example: Successfully used by Xen for providing virtualization

solutions for Linux-based operating systems specifically ported to
run on Xen hypervisors
DP@AOT
 Hardware Virtualization
Partial virtualization:
 Provides a partial emulation of the underlying hardware, not
allowing the complete execution of the guest operating system in
complete isolation.

 Allows many applications to run transparently, but not all the

features of the operating system can be supported, as happens
with full virtualization.

 Example: Address space virtualization used in time-sharing systems;

this allows multiple applications and users to run concurrently in a
separate memory space, but they still share the same hardware
resources (disk, processor, and network).
DP@AOT
 Emulation
• Emulation, in a software context, is the use of an application
program or device to imitate the behavior of another program or
device.

• Running an operating system on a hardware platform for which it

was not originally engineered.

• Running arcade or console-based games upon desktop computers.

• Running legacy applications on devices other than the ones for

which they were developed.

• Running application programs on different operating systems other

than those for which they were originally written.
DP@AOT
 Emulation

• For e.g, running Windows applications on Linux computers. Virtual

PC is another example of an emulator that allows Macs to run
Windows XP, though the addition of Boot Camp to next-generation
Intel-based Macs has removed the need for that application in the
Macintosh environment in the future.

• In server virtualization, emulation is a synonym for virtual

environment. A virtual environment can also be referred to as a
partition, guest, instance or container.

DP@AOT
 Operating system-level virtualization

 create different and separated execution environments for

applications that are managed concurrently.

 Differently from hardware virtualization, there is no virtual machine

manager or hypervisor, and the virtualization is done within a single
operating system, where the OS kernel allows for multiple isolated
user space instances.

 The kernel is also responsible for sharing the system resources

among instances and for limiting the impact of instances on each
other.

DP@AOT
 Operating system-level virtualization
 A user space instance in general contains a proper view of the file
system, which is completely isolated, and separate IP addresses,
software configurations, and access to devices.

 Imposes little or no overhead because applications directly use OS

system calls and there is no need for emulation.

 operating system-level virtualization does not expose the same

flexibility of hardware virtualization, since all the user space
instances must share the same operating system.

 Example: FreeBSD Jails, IBM Logical Partition (LPAR), SolarisZones,

Free Virtual Private Server (FreeVPS) etc. Solaris and OpenVZ, allow
for different versions of the same operating system to operate
concurrently.
DP@AOT
Operating system-level virtualization

DP@AOT
Programming language level virtualization

 Programming language level virtualization is mostly used to achieve

ease of deployment of applications, managed execution, and
portability across different platforms and OS’s.

 Consists of a virtual machine executing the byte code of a program,

which is the result of the compilation process.

 Compilers implemented and used this technology to produce a

binary form at representing the machine code for an abstract
architecture.

DP@AOT
Programming language level virtualization
 The JVM was originally designed for the execution of programs
written in the Java language, but other languages such as Python,
Pascal, Groovy, and Ruby were made available.

 The ability to support multiple programming languages has been

one of the key elements of the Common Language
Infrastructure(CLI), which is the specification behind .NET
Framework.

 Both Java and the CLI are stack-based virtual machines: The
reference model of the abstract architecture is based on an
execution stack that is used to perform operations.

DP@AOT
Programming language level virtualization
 The byte code generated by compilers for these architectures
contains a set of instructions that load operands on the stack,
perform some operations with them, and put the result on the
stack.

 Instructions for invoking methods and managing objects and classes

are included.

 Stack-based virtual machines possess the property of being easily

interpreted and executed simply by lexical analysis and hence are
easily portable over different architectures.

DP@AOT
Programming language level virtualization

 In register-based virtual machines, in which the reference model is

based on registers. This kind of virtual machine is closer to the
underlying architecture we use today.

 Example of a register based virtual machine is Parrot, a

programming level virtual machine that was designed to support
the execution of PERL.

 The main advantage of programming level virtual machines, also

called process virtual machines, is the ability to provide a uniform
execution environment across different platforms.

DP@AOT
Programming Language Virtualization: CLI

DP@AOT
 Application level virtualization
 Application-level virtualization is a technique allowing applications
to be run in runtime environments that do not natively support all
the features required by such applications.

 Applications are not installed in the expected runtime environment

but are run as though they were.

 In general, these techniques are mostly concerned with partial file

systems, libraries, and OS component emulation.

 Such emulation is performed by a thin layer- a program or an OS

component- that is in charge of executing the application.

DP@AOT
 Application level virtualization
 Example: Wine, which is a software application allowing Unix like
OS to execute programs written for the Microsoft Windows
platform.

 Wine features a software application acting as a container for the

guest application and a set of libraries, called Winelib, that
developers can use to compile applications to be ported on Unix
systems. Wine takes its inspiration from a similar product from Sun,
Windows Application Binary Interface(WABI),

 Which implements the Win16API specifications on Solaris.

 A similar solution for the MacOSX environment is CrossOver, which
allows running Windows applications directly on the MacOSX
operating system. DP@AOT
 Application level virtualization
 Interpretation: Every source instruction is interpreted by an
emulator for executing native ISA instructions, leading to poor
performance. Interpretation has a minimal startup cost but a huge
overhead, since each instruction is emulated.

 Binary translation: Every source instruction is converted to native

instructions with equivalent functions. After a block of instructions
is translated, it is cached and reused.

 Binary translation has a large initial overhead cost, but overtime it

is subject to better performance, since previously translated
instruction blocks are directly executed.

DP@AOT
 VMware vSphere

• VMware vSphere is a management infrastructure framework that

virtualizes system, storage, and networking hardware to create
cloud computing infrastructures.

• vSphere is the branding for a set of management tools and a set

of products previously labeled VMware Infrastructure.

• vSphere provides a set of services that applications can use to

access cloud resources.

DP@AOT
 VMware vSphere
 VMware vCompute: A service that aggregates servers into an
assignable pool

 VMware vStorage: A service that aggregates storage resources

into an assignable pool

 VMware vNetwork: A service that creates and manages virtual

network interfaces

 Application services: Such as HA (High Availability) and Fault

Tolerance
 vCenter Server: A provisioning, management, and monitoring
console for VMware cloud infrastructures

DP@AOT
VMware vSphere

DP@AOT
 Machine Imaging
• Provides system portability, instantiate applications, and provision
and deploy systems in the cloud and Stores the state of a systems
using a system image

• A system image makes a copy or a clone of the entire computer

system inside a single container such as a file.

• The system imaging program is used to make this image and can be
used later to restore a system image.

• Amazon Machine Image (AMI) used by Amazon Web Services to

store copies of a virtual machine.

DP@AOT
 Machine Imaging
• AMI is a file system image that contains an operating system, all
appropriate device drivers, and any applications and state
information that the working virtual machine would have.

• The AMI file system is not a standard bit-for-bit image of a system

that is common to many disk imaging programs. AMI omits the
kernel image and stores a pointer to a particular kernel that is part
of the AWS kernel library.

DP@AOT
 Machine Imaging
• Files in AMI are compressed and encrypted, and an XML file is
written that describes the AMI archive. AMIs are typically stored in
your Amazon S3 buckets as a set of 10MB chunks.

• Machine images are sometimes referred to as “virtual

appliances”—systems that are meant to run on virtualization
platforms. AWS EC2 runs on the Xen hypervisor, for example.

DP@AOT
 Machine Imaging
• The term virtual appliance is meant to differentiate the software
image from an operating virtual machine.

• The system image contains the operating system and applications

that create an environment.

• Most virtual appliances are used to run a single application and are
configurable from a Web page. Virtual appliances are a relatively
new paradigm for application deployment.

DP@AOT
AMI Lifecycle

DP@AOT
 OVF
The Specification describes an open, secure, portable, efficient and
extensible format for the packaging and distribution of Virtual
Appliances to be run in virtual machines.

• Optimized for distribution : OVF supports content verification and

integrity checking based on industry-standard public key
infrastructure, and it provides a basic scheme for management of
software licensing.

• Optimized for a simple, automated user experience: Supports

validation of the entire package and each VM during the
installation phases of the VM lifecycle management process.
packages the information that a virtualization platform can use to
streamline the installation experience.
DP@AOT
 OVF
• Supports both single VM and multiple-VM configurations :
Supports both standard single VM packages and packages
containing complex, multi-tier services consisting of multiple
interdependent VMs.

• Portable VM packaging : Supports the full range of virtual hard

disk formats used for hypervisors today, and it is extensible, which
allow it to accommodate formats that may arise in the future.

DP@AOT
 OVF
• Vendor and platform independent : OVF does not rely on the use
of a specific host platform, virtualization platform, or guest
operating system.

• Extensible : Designed to be extended as the industry moves

forward with virtual appliance technology.

• Localizable : Supports user-visible descriptions in multiple locales,

and it supports localization of the interactive processes during
installation of an appliance.

DP@AOT
 OVF
• Open standard : OVF has arisen from the collaboration of key
vendors in the industry, and it is developed in an accepted industry
forum as a future standard for portable virtual machines.

Note: It is not an explicit goal for OVF to be an efficient execution

format. A hypervisor is allowed but not required to run software in
virtual machines directly out of the Open Virtualization Format

DP@AOT