Virtualization Techniques for Clou

d Computing

Prof. Chih-Hung Wu
Dept. of Electrical Engineering
National University of Kaohsiung
Email: [email protected]
URL: http://www.johnw.idv.tw

ICAL

Outline

The needs of virtualization

The concepts
Types of virtualization
Issues in virtualization
Implementation cases
Conclusion

ICAL

In the computer-age

ICAL

A Lot of Servers/Machines...

Web server
Mail server
Database server
File server
Proxy server
Application server
and many others

ICAL

A Lot of Servers/Machines...

The data-centre is FULL

Full of under utilized servers
Complicate in management

Power consumption
Greater wattage per unit area than ever
Electricity overloaded
Cooling at capacity

Environmental problem
Green IT

ICAL

Virtualization
Virtualization -- the abstraction of computer resources.
Virtualization hides the physical characteristics of computing r
esources from their users, be they applications, or end users.
This includes making a single physical resource (such as a ser
ver, an operating system, an application, or storage device) ap
pear to function as multiple virtual resources; it can also includ
e making multiple physical resources (such as storage devices
or servers) appear as a single virtual resource.

ICAL

The Use of Computers

Applications

Operating
System

Hardware

ICAL

Virtualization

Applications

Operating
System
Hypervisor
Hardware

ICAL

Virtualization -- a Server for Multiple Applications/OS

Applications

Operating
System

Application
Application
Applications
Application
Application
Operating
Operating
Operating
Operating
System
Operating
System
System
System
System
Hypervisor

Hardware
Hardware
Hypervisor is a software program that manages multiple operating systems (or multiple instances of the
same operating system) on a single computer system.
The hypervisor manages the system's processor, memory, and other resources to allocate what each
operating system requires.
Hypervisors are designed for a particular processor architecture and may also be called virtualization
managers.

ICAL

Capacity Utilization
Virtualized system (high)
High utilized*
Low utilized

Stand alone system (low)

* But not overloaded

ICAL

Why now?

19601999
IBM, CP-40, CP/CMS, S/360-370, VM370, Virtua
l PC, VMware

20002005
IBM z/VM, Xen

2006
Intel VT-x
AMDs AMD-V

2008

ICAL

Hardware evolution

Faster CPU clock than ever

Though almost hit its top

More CPU cores in a single chip

4-core CPUs already in the market
6- or 8-core CPUs will be there soon

Multi-core architectures make parallel processi

ng more realizable
Virtualization support on chip from CPU manu
facturers (e.g., Intel, AMD)

ICAL

Software maturity

More than one credible player in the market

Available and stable open-sourced software
OS, DB, Web server, Java, PHP, gcc, etc.

Established and mature software standards

Web service, XML, SOAP, COM, etc.

ICAL

Types of Virtualization

Virtual memory
Desktop virtualization
Platform virtualization

Full virtualization
Paravirtualization
Hardware-assisted virtualization
Partial virtualization
OS-level virtualization
Hosted environment (e.g. User-mode Li
nux)

Storage virtualization
Network virtualization
Application virtualizationPortable applica

In this talk, we mainly focus on Platfor

m virtualization which is mostly related
to cloud-computing

Full virtualization
Binary transaltion
Hardware-assisted virtualization
Paravirtualization
OS-level virtualization
Hosted environment (e.g. User-mode Li
nux)

tion

Cross-platform virtualization
Emulation or simulation
Hosted Virtual Desktop

Category in Wiki

Hardware level
Operating system level
Application level

ICAL

Full Virtualization
A certain kind of virtual machine environment: one that provides a complet
e simulation of the underlying hardware.
The result is a system in which all software (including all OSs) capable of
execution on the raw hardware can be run in the virtual machine.
Comprehensively simulate all computing elements as instruction set, main
memory, interrupts, exceptions, and device access.
Full virtualization is only possible given the right combination of hardware
and software elements.
Full virtualization has proven highly successful
Sharing a computer system among multiple users
Isolating users from each other (and from the control program) and
Emulating new hardware to achieve improved reliability, security and producti
vity.

ICAL

Full Virtualization
It needs a single machine that could be multiplexed among many use
rs. Each such virtual machine had the complete capabilities of the un
derlying machine, and (for its user) the virtual machine was indistin
guishable from a private system.
Examples
First demonstrated with IBM's CP-40 research system in 1967
Re-implemented CP/CMS in IBM's VM family from 1972 to the present.
Each CP/CMS user was provided a simulated, stand-alone computer.

ICAL

Full Virtualization

Virtualization requirements (by Popek and Gol

dberg) :
Equivalence: a program running under the VMM s
hould exhibit a behavior essentially identical to tha
t demonstrated when running on an equivalent mac
hine directly;
Resource control (safety): the VMM must be in co
mplete control of the virtualized resources;
Efficiency: a statistically dominant fraction of mac
hine instructions must be executed without VMM i
ntervention.
VMM: Virtual Machine Monitor

ICAL

Full Virtualization -- challenge

Security issues -- Interception
Simulation of privileged operations -- I/O instructions
The effects of every operation performed within a given virtual machine m
ust be kept within that virtual machine virtual operations cannot be allow
ed to alter the state of any other virtual machine, the control program, or th
e hardware.
Some machine instructions can be executed directly by the hardware,
E.g., memory locations and arithmetic registers.

But other instructions that would "pierce the virtual machine" cannot be all
owed to execute directly; they must instead be trapped and simulated. Such
instructions either access or affect state information that is outside the virtu
al machine.
Some hardware is not easy to be used for full virtualization, e.g., x86

ICAL

Restrict on Intel IA32 Protection Rings

OS kernel
Level -0
Highest
privilege

OS services
(device driver, etc.)

Level-1
Level-2
Level-3
Lowest
privilege

Applications

ICAL

The challenges of x86 hardware virtualization

Ring 3

Application

Ring 2
Ring 1
Ring 0

OS

Hardware

Direct
Execution
of user and OS
Requests

ICAL

The Problems and the Solutions

Originally designed for personal use (PC)
Security problems caused by Interception and privile
ged operations becomes critical
Solutions to Full virtualization of x86 CPU
Full description of operations of all x86 hardware (but they
evolve)
Binary translation (almost established)
OS-assisted (or paravirtualization)
Hardware-assisted (future direction)

ICAL

Binary translation

Kernel code of non-virtualizable instructions are translated to replace with new

sequences of instructions that have the intended effect on the virtual hardware.
Each virtual machine monitor provides each Virtual Machine with all the servic
es of the physical system, including a virtual BIOS, virtual devices and virtuali
zed memory management.
This combination of binary translation and direct execution provides Full Virtu
alization as the guest OS is fully abstracted (completely decoupled) from the un
derlying hardware by the virtualization layer. The guest OS is not aware it is be
ing virtualized and requires no modification.
The hypervisor translates all operating system instructions on the fly and cache
s the results for future use, while user level instructions run unmodified at nativ
e speed.
Examples
VMware
Microsoft Virtual Server

ICAL

Binary translation

Ring 3

Application

Ring 2
Ring 1

Guest OS

Ring 0

VMM

Direct
Execution
of user and OS
Requests
Binary translation
of OS Requests

Hardware

VMM: Virtual Machine Monitor

ICAL

OS assisted (Paravirtualization)
Paravirtualization via an modified OS kernel as guest OS
It is very difficult to build the more sophisticated binary translation support
necessary for full virtualization.
Paravirtualization involves modifying the OS kernel to replace non-virtuali
zable instructions with hypercalls that communicate directly with the virtua
lization layer hypervisor.
The hypervisor also provides hypercall interfaces for other critical kernel o
perations such as memory management, interrupt handling and time keepin
g.
Paravirtualization is different from full virtualization, where the unmodifie
d OS does not know it is virtualized and sensitive OS calls are trapped usin
g binary translation.
Paravirtualization cannot support unmodified OS

Example:
Xen -- modified Linux kernel and a version of Windows XP

ICAL

OS assisted (Paravirtualization)

Ring 3

Application

Ring 2
Ring 1
Ring 0

Direct
Execution
of user and OS
Requests

Paravirtualized
Guest OS

Virtualization layer

Hardware

Hypercalls to the
Virtualization Layer
replace
non-virtualiable
OS instructions

VMM: Virtual Machine Monitor

ICAL

Hardware Assisted Virtualization

Also known as accelerated virtualization, hardware virtual machine
(Xen), native virtualization (Virtual iron).
Hardware switch supported by CPU, e.g.
Intel Virtualization Technology (VT-x)
AMDs AMD-V
target privileged instructions with a new CPU execution mode feature that al l
ows the VMM to run in a new root mode below ring 0.

Privileged and sensitive calls are set to automatically trap to the hyp
ervisor, removing the need for either binary translation or paravirtua
lization.
The guest state is stored in Virtual Machine Control Structures (VTx) or Virtual Machine Control Blocks (AMD-V).
High hypervisor to guest transition overhead and a rigid programmi
ng model

ICAL

Hardware Assisted Virtualization

Ring 3
Non-root
Mode
Privilege
Levels

Ring 2
Ring 1
Ring 0

Root Mode
Privilege
Levels

Application

Direct
Execution
of user and OS
Requests

Guest OS
VMM

Hardware

OS requests traps
to VMM without
binary translation
or paravirtualization

VMM: Virtual Machine Monitor

ICAL

OS-Level Virtualization

OS-level virtualization
kernel of an OS allows for multiple is
olated user-space instances, instead of
just one.
Each OS instance looks and feels like
a real server

OS virtualization virtualizes servers on t

he operating system (kernel) layer. This
creates isolated containers on a single p
hysical server and OS instance to utilize
hardware, software, data center and man
agement efforts with maximum efficien
cy.
OS-level virtualization implementations
that are capable of live migration can be
used for dynamic load balancing of cont
ainers between nodes in a cluster.

OS-Level Virtualization
OS
OS
OS
Container 1 Container 2 Container 3
OS virtualization
layer

Standard
Host OS
Hardware

ICAL

Confusion
OS-Level Virtualization. A type of server virtualization techn
ology which works at the OS layer. The physical server and si
ngle instance of the operating system is virtualized into multip
le isolated partitions, where each partition replicates a real ser
ver. The OS kernel will run a single operating system and prov
ide that operating system functionality to each of the partition
s.
Operating system virtualization refers to the use of software to
allow system hardware to run multiple instances of different o
perating systems concurrently, allowing you to run different ap
plications requiring different operating systems on one comput
er system. The operating systems do not interfere with each ot
her or the various applications.

ICAL

Application virtualization
Application runs on
Different OS, platform, etc.
Same OS, different version/framework
Encapsulation of OS/platform
Improve portability, manageability and compatibility of applicati
ons

A fully virtualized application is not installed in the tradition

al sense, although it is still executed as if it is (runtime virtu
alization)
Full application virtualization requires a virtualization layer.

ICAL

Memory Virtualization

Not only virtual memory

Hardware support
e.g., x86 MMU and TLB

To run multiple virtual machines on a single system, another level of memory virtu
alization is required.
The VMM is responsible for mapping guest physical memory to the actual machine
memory, and it uses shadow page tables to accelerate the mappings.

VM2

VM1
Process 1

Process 2

Process 1

Process 2

Virtual memory
Physical memory

Machine memory

ICAL

Device and I/O Virtualization

VMM supports all device/IO drivers

Physically/virtually existed

Source: VMware white paper, Understanding Full Virtualization, Paravirtualization, and Hardware Assist

ICAL

Techniques for X86 virtualization

Full Virtualization with

Binary Translation

Hardware Assisted
Virtualization

OS Assisted Virtualization
/ Paravirtualization

Technique

Binary Translation and

Direct Execution

Exit to Root Mode on

Privileged Instructions

Hypercalls

Guest
Modification
/
Compatibility

Unmodified Guest OS
Excellent compatibility

Unmodified Guest OS
Excellent compatibility

Guest OS codified to
issue Hypercalls so it
can't run on Native
Hardware or other
Hypervisors Poor
compatibility;
Not available on Windows
OSes

Performance

Good

Fair Current performance

lags Binary Translation
virtualization on various
workloads but will
improve over time

Better in certain cases

Used By

VMware, Microsoft,
Parallels

VMware, Microsoft,
Parallels, Xen

VMware, Xen

Guest OS
yes
yes
XenLinux runs only on
Hypervisor
Xen Hypervisor
Independent
VMI-Linux is Hypervisor
and Hardware Assist
agnostic
? Source: VMware white paper, Understanding Full Virtualization, Paravirtualization,

ICAL

Virtualization

Binary translation is the most established techn

ology for full virtualization
Hardware assist is the future of virtualization,
but it still has a long way to go
Paravirtualization delivers performance benefit
s with maintenance costs
Xen
VMWare

ICAL

Issues in Virtualization for Cloud-Computing

Aspects and expectation from

End-user
Operator/Manager

Virtualization

ICAL

Issues in Virtualization for Cloud-Computing

Virtualization implemented on
a single machine (with multi-core CPUs)
a cluster of machines (with multi-core CPUs)

The state-of-the-art
Running a Xen or a cluster of Xens

Applications
Application
Application
Application
Application

Virtualization

Operating
Operating
System
Operating
Operating
System
Operating
System
System
System
Hypervisor
Hardware

or

Application
Applications
Application
Application
Application
Application
Application
Application
Application
Operating
Operating
OperatingOperating
Operating
Operating
System
System
Operating
Operating
System
Operating
System
System
System
System
System
System

or

Hypervisor
Hardware

Hardware

Hardware

ICAL

Issues in Virtualization for Cloud-Computing

Abiquo/abicloud may provide partial solutions

Applications
Application
Application
Application
Application

Applications
Application
Application
Application
Application

Operating
Operating
System
Operating
Operating
System
Operating
System
System
System

Operating
Operating
System
Operating
Operating
System
Operating
System
System
System

Hypervisor

Hypervisor

Hardware

Hardware

Applications
Application
Application
Application
Application

Applications
Application
Application
Application
Application

Operating
Operating
System
Operating
Operating
System
Operating
System
System
System

Operating
Operating
System
Operating
Operating
System
Operating
System
System
System

Hypervisor

Hypervisor

Hardware

Hardware

Management
System

Virtualization

ICAL

Running multiple OS and applications

Virtualization: One physical

hardware can run multiple
OS and applications
through a hypervisor.
A hypervisor is the
virtualization manager
on a physical hardware.

Applications
Application
Application
Application
Application
Operating
Operating
System
Operating
System
Operating
Operating System
System
System

Hypervisor

Hardware

ICAL

Popular hypervisors

Xen
KVM
QEMU
virtualBox
VMWare
Xen is the selected hypervisor of the project.

ICAL

Steps to use Xen

Connect to a Xen host (i.e., a physical hardwar

e + Xen + Dom0 OS) via ssh.
Use xen-tools to create (xen-create-image), list
(xen-list-images) and delete (xen-delete-imag
e) images of virtual machines.
Use the xm tool to manage (create, list and shu
tdown) DomU guests.

ICAL

Issues related to clouds with Xen

Xen-tools and xm are great for a single machin

e, but
Todays private or public clouds often include
hundreds or thousands of machines.
How to manage the cloud effectively and effici
ently becomes a central issue in cloud computi
ng.

ICAL

Objectives of managing clouds

Easy-to-use client interface

Effective and efficient management of cloud in
frastructure
Scalable deployment
Robust performance
Other nice characteristics associated with infor
mation systems management

ICAL

Some solutions for managing clouds

abiCloud is the topic of this class.

EUCALYPTUS, originating in the CS departm
ent of UC Santa Barbara, is an open source sof
tware infrastructure for implementing cloud co
mputing on clusters.
OpenNebula is an open source virtual infrastru
cture engine that enables the dynamic deploym
ent and replacement of virtualized service with
in and across sites.
Other solutions from Citrix, Microsoft, Sun,

ICAL

Why use abiCloud?

Open platform
Rich web interface for managing the cloud in
frastructure
Deploy a new service by dragging and droppi
ng a virtual machine with the web interface

ICAL

Issues in Virtualization for Cloud-Computing

Software deployment
Open-source
Commercial products
Re-installation or not

Compatibility
Legacy software/database

Copyright patent problem

Full virtualization
Hardware ISA?

Paravirtualization
Modifiable OS?

Hardware assisted virtualization

Problem model
Re-write

ICAL

Issues in Cloud-API

ICAL

Issues in Virtualization for Cloud-Computing

There are more problems

The answer is hidden behind the cloud

ICAL

Reference

VMWare
IBM
Miscrosoft
Intel
AMD
http://www.xen.org/
http://en.wikipedia.org/
http://www.parallels.com/
http://www.webopedia.com/