Virtualization

Virtualization Reference Model

• In a virtualized environment there are three major components:
guest, host, and virtualization layer.
• The guest represents the system component that interacts with the
virtualization layer rather than with the host, as would normally
happen.
• The host represents the original environment where the guest is
supposed to be managed.
• The virtualization layer is responsible for recreating the same or a
different environment where the guest will operate.
 Increased Security
• A virtual machine (VM) is like a computer inside another
computer.
• VMs are managed by a hypervisor (virtual machine manager).
• They emulate hardware to allow isolation from the host machine.
• VMs provide a secure, controlled environment.
• Ideal for testing, running untrusted code, or creating isolated
systems.
• Represents the functions enabled by virtualization for managing
physical and virtual resources.
• Focuses on four key functions: Sharing, Aggregation, Emulation, and
Isolation.
1. Sharing
• Multiple virtual machines (VMs) share the same physical resource (e.g.,
a single server).
• Increases efficiency and reduces hardware costs.
• sharing is a particularly important feature in virtualized data centers,
where this basic feature is used to reduce the number of active servers
and limit power consumption.
• Example: A company runs different departmental apps on one server.
2. Aggregation
• Combines multiple physical resources into a single virtual resource.
• Creates the appearance of one powerful machine.
• This function is naturally implemented in middleware for distributed
computing, with a classical example represented by cluster management
software, which harnesses the physical resources of a homogeneous group
• of machines and represents them as a single resource.
• Example: Pooling multiple storage servers for a unified virtual storage system.
3. Emulation
• Simulates hardware to allow compatibility between different systems.
• Enables software designed for one type of hardware to run on another.
• The example of emulation is an arcade-game emulator that allows us to play
arcade games on a normal personal computer.
• Example: Running an ARM-based app on an x86 machine using emulation.
4. Isolation
• Ensures that each virtual machine operates independently.
• Prevents one VM from affecting others or the host system.
• Example: Running untrusted software in a VM for security testing.
 Taxonomy of Virtualization
Techniques
• Virtualization involves various emulation techniques applied across
different areas of computing.
• It helps emulate execution environments, storage, and networks.
• Classification of Virtualization Techniques
1. Based on the Service or Entity Being Emulated
• Execution Virtualization: Focuses on creating virtual environments to run
applications or operating systems.
• Storage Virtualization: Combines multiple physical storage devices into a
single virtual storage unit.
• Network Virtualization: Creates virtualized network resources like virtual
switches or virtual private networks (VPNs).
2. Execution Virtualization
• Oldest, most popular, and most developed area of virtualization.
• Requires deeper analysis and categorization.

Categories of Execution Virtualization

• Classified based on the type of host environment they use:
1. Process-Level Virtualization
• Implemented on top of an existing operating system.
• Relies on the OS to control the hardware.
• Example: Docker containers, which virtualize applications on top of an OS.
2. System-Level Virtualization
• Implemented directly on hardware, with minimal or no support from the OS.
• Example: Hypervisors like VMware ESXi and Microsoft Hyper-V that run directly on
hardware.
Machine Reference Model
• Virtualizing an execution environment involves replacing one
layer of the computing stack with virtualization techniques.
• The goal is to Simplify system design by hiding implementation
details and managing the interaction between different layers of
abstraction.
• Computing systems use a layered reference model to structure
hardware and software interactions.
• Layers of the stack (bottom to top):
1. Instruction Set Architecture (ISA): Defines hardware-level
instructions and registers.
2. Application Binary Interface (ABI): Separates OS from applications;
handles portability of apps.
3. Application Programming Interface (API): Interfaces applications
with libraries or the OS.
1. Instruction Set Architecture (ISA)
• Acts as the interface between hardware and software.
• Two types:
System ISA: For OS developers (handles CPU, memory, and interrupts).
User ISA: For developers managing hardware resources directly.
2. Application Binary Interface (ABI)
• Separates the OS from applications and libraries.
• Covers low-level details like data types, system calls, and call
conventions.
• Enables portability across OS implementations that use the same ABI.
3. Application Programming Interface (API)
• High-level interface for applications to interact with the OS or
libraries.
• Converts API-level operations into machine-level instructions.
 Privileged and Non-privileged
Instructions
1. Nonprivileged Instructions
• Do not interfere with shared resources.
• Examples: Arithmetic operations, floating-point calculations.
• Accessible without restrictions.
2. Privileged Instructions
• Access or modify critical hardware resources.
• Two categories
Behavior-sensitive: Operate on I/O devices.
Control-sensitive: Modify CPU registers.
• Executed only in supervisor mode to prevent harmful actions.
Security Rings and Privilege
Modes
• Ring-Based Security Model
• Privilege levels define who can execute specific instructions.
• Example: Four rings (Ring 0 to Ring 3).
• Ring 0: Highest privilege (kernel operations).
• Ring 3: Lowest privilege (user applications).
• Modern Systems: Typically implement only two levels:
• Ring 0: Supervisor (kernel) mode.
• Ring 3: User mode.
1. Supervisor Mode (Ring 0)
• Allows execution of all instructions (privileged and nonprivileged).
• Used by the OS or hypervisor for sensitive hardware operations.
2. User Mode (Ring 3)
• Restricts execution of privileged instructions.
• Protects system resources from unauthorized access.
Hardware-Level Virtualization
• Key Components are as follows:
1.Storage
• Physical storage holds the virtual images that contain the OS, applications,
and data needed by the VM. A virtual image is essentially a file that simulates
an entire disk.
2.Virtual Image
• A pre-configured file that can represent an OS, applications, and their
associated data. When loaded, it forms the basis of the virtual machine.
3.Guest
• Represents the virtualized OS (guest OS) that is running inside the virtual
machine. It interacts as though it is running on real hardware, but is in fact
interacting with virtualized resources.
4. VMM (Virtual Machine Monitor)
• Also known as the hypervisor, this is the core component responsible
for managing the interaction between the virtual machines and the
physical hardware. It acts as an intermediary, providing isolation and
resource allocation.
• Functions include:
• Binary translation, where the hypervisor translates instructions from the
guest OS into instructions the host can execute.
• Instruction mapping and interpretation to ensure compatibility between the
guest OS and host hardware.
• Host emulation, enabling the VM to access hardware-like resources.
5. Virtual Machine
• This block represents the entire virtualized system, containing the
guest OS, applications, and resources.
• The VMM facilitates its operation by translating or emulating
hardware instructions.
6. Host
• The physical machine that provides the actual computing resources
(CPU, memory, disk, and network) to support virtualization.
• It runs the hypervisor and manages the virtual machines.
• Workflow:
1.Storage → Virtual Image → Guest
1. A virtual image stored on physical storage is loaded into memory to run as a
virtual machine (Guest OS).
2.Guest ↔ Virtual Machine ↔ VMM ↔ Host
1. The guest interacts with the virtual machine as though it's running on
hardware. The VMM translates and maps instructions between the guest and
the host.
2. This translation allows the virtual machine to run on hardware that may differ
from what the guest OS expects.
 Hypervisors
• A fundamental element of hardware virtualization is the hypervisor, or
virtual machine manager (VMM). It recreates a hardware environment in
which guest operating systems are installed.
• There are two major types of hypervisor: Type I and Type II.
Type I hypervisors run directly on top of the hardware. Therefore, they take the
place of the operating systems and interact directly with the ISA interface exposed
by the underlying hardware, and they emulate this interface in order to allow the
management of guest operating systems. This type of hypervisor is also called a
native virtual machine since it runs natively on hardware.
Type II hypervisors require the support of an operating system to provide
virtualization services. This means that they are programs managed by the
operating system, which interact with it through the ABI and emulate the ISA of
virtual hardware for guest operating systems. This type of hypervisor is also called a
hosted virtual machine since it is hosted within an operating system.
VMware workstation Architecture (End-
User Virtualization)
Server Virtualization
Vmware ESXi Server Architecture
 Infrastructure Virtualization
• VMware provides a set of products covering the entire stack of cloud
computing, from infrastructure management to Software-as-a-Service
solutions hosted in the cloud.