Scribd
Upload
26 views

Virtualization Structure and Tools

Uploaded by

Jeevanandhams
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
26 views

Virtualization Structure and Tools

Uploaded by

Jeevanandhams
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 16

Virtualization Structures /

Tools and Mechanisms

8-Feb-19 VIRTUALIZATION Dr.S.Sundararajan 1


Virtualization
 hypervisor provides hypercalls for the guest
OSes and applications
 A hypervisor can assume a micro-kernel
architecture Or it can assume a monolithic
hypervisor
 Micro-kernel hypervisor includes only the
basic and unchanging functions
 device drivers and other changeable
components are outside the hypervisor
 Monolithic hypervisor implements all the
aforementioned functions, including those of the
device drivers
8-Feb-19 VIRTUALIZATION Dr.S.Sundararajan 2
Xen Architecture
 VMM, which Allows users to dynamically instantiate an
operating system
 Hosts operating systems like Linux and Windows
 Multiple operating systems can run simultaneously and
perform different tasks
 completely software based and requires no special
hardware support

8-Feb-19 VIRTUALIZATION Dr.S.Sundararajan 3


Xen Architecture
 Support unmodified application binaries

 implements all the mechanisms, leaving the policy to be


handled by Domain 0,

 Core components of a Xen system are the hypervisor,


kernel, and applications

 Not all guest OSes are created equal, and one in


particular controls the others

 guest OS, which has control ability, is called Domain 0,


and the others are called Domain U

8-Feb-19 VIRTUALIZATION Dr.S.Sundararajan 4


Xen Architecture
 Domain 0 is a privileged guest OS which is first loaded
when Xen boots without any file system driver

 Use para-virtualization to provide high performance and


good resource isolation
• The guest operating system has to be modified to run on
the Virtual Machine Monitor.
• Specifically, the guest OS can no longer execute in ring 0,
because that ring is now occupied by the VMM.
• The guest OS has to be modified to run outside of ring 0

8-Feb-19 VIRTUALIZATION Dr.S.Sundararajan 5


Xen Architecture

8-Feb-19 VIRTUALIZATION Dr.S.Sundararajan 6


Xen Architecture

8-Feb-19 VIRTUALIZATION Dr.S.Sundararajan 7


Xen Architecture
 Domain 0 is designed to access hardware
directly and manage devices.
 So, one of the responsibilities of Domain 0 is
to allocate and map hardware resources for the
guest domains
 Domain 0, behaving as a VMM, allows users to
create, copy, save, read, modify, share, migrate,
and roll back VMs as easily as manipulating a file,
 If Domain 0 is compromised, the hacker can
control the entire system. So, in the VM system,
security policies are needed to improve the
security of Domain 0
8-Feb-19 VIRTUALIZATION Dr.S.Sundararajan 8
Binary Translation with Full Virtualization

 Depending on implementation technologies,


hardware virtualization may be either full
virtualization and host-based virtualization
 Full virtualization does not need to modify the
host OS.
 It relies on binary translation to trap and to
virtualize the execution of certain sensitive,
nonvirtualizable instructions
 noncritical instructions run on the hardware
directly while critical instructions are
discovered and replaced with traps into the
VMM to be emulated by software
8-Feb-19 VIRTUALIZATION Dr.S.Sundararajan 9
Binary Translation with Full Virtualization

 VMM scans instruction


stream and identifies the
privileged, control and
behavior-sensitive instructions
 When these instructions
are identified, they are
trapped into VMM, which
emulates the behavior of
these instructions.
 This method used in this emulation is called
binary translation
VIRTUALIZATION
8-Feb-19 10
Dr.S.Sundararajan
Host Based Virtualization

 Dedicated applications may run on the VMs.


 Certainly, some other applications can also run
with the host OS directly
 host-based architecture has flexibility

VIRTUALIZATION
8-Feb-19 11
Dr.S.Sundararajan
Para Virtualization

 Needs to modify the guest OS


 para-virtualization attempts to reduce the
virtualization overhead, and thus improve
performance by modifying only the guest OS kernel

VIRTUALIZATION
8-Feb-19 12
Dr.S.Sundararajan
Para Virtualization

 The guest OSes are para-virtualized. They are


assisted by an intelligent compiler to replace the
nonvirtualizable OS instructions by hypercalls as
illustrated
 traditional x86 processor offers four instruction
execution rings: Rings 0, 1, 2, and 3.
 The lower the ring number, the higher the privilege
of instruction being executed. The OS is responsible
for managing the hardware and the privileged
instructions to execute at Ring 0, while user-level
VIRTUALIZATION
applications run at Ring 3 13
Para Virtualization

VIRTUALIZATION
8-Feb-19 14
Dr.S.Sundararajan
Para Virtualization with Compilation
Support
 Para-virtualization handles these instructions at
compile time.
 The guest OS kernel is modified to replace the
privileged and sensitive
 Guest OS running at Ring 1 instead of at R 0.
 It implies that the guest OS may not be able to
execute some privileged and sensitive instructions.

VIRTUALIZATION
8-Feb-19 15
Dr.S.Sundararajan
Para Virtualization with Compilation
Support
 The privileged instructions are implemented by
hypercalls to the hypervisor.
 After replacing the instructions with hyper calls, the
modified guest OS emulates the behavior of the
original guest OS

VIRTUALIZATION
8-Feb-19 16
Dr.S.Sundararajan

You might also like