“VMMs and hypervisors” -Network and Services...
Transcript of “VMMs and hypervisors” -Network and Services...
![Page 1: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/1.jpg)
Unit 2. “VMMs and hypervisors”2966-Network and Services Virtualisation2013-2014 – First semesterAssistant professor: Katja GillyDepartament: Physics and Computer Architectures
![Page 2: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/2.jpg)
Outline
• Introduction• Xen project• KVM• Vmware• Usages in server platforms• Usages in client platforms
![Page 3: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/3.jpg)
Outline
• Introduction• Xen project• KVM• Vmware• Usages in server platforms• Usages in client platforms
![Page 4: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/4.jpg)
• System virtual machines are capable of virtualising a full set of hardware resources, including a processor (or processors), memory and storage resources and peripheral devices.
• Constructed at ISA level
• Allow multiple OS environments, or support time sharing.
• Examples
IBM VM/360
VMware
Xen
KVM
OKL4
Introduction
![Page 5: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/5.jpg)
Main Theorem
• A virtual machine monitor can be constructed if the set of sensitive instructions is a subset of the set of privileged instructions
• Proof shows
1. Equivalence
• by interpreting privileged instructions and executing remaining instructions natively
2. Resource control
• by having all instructions that change resources trap to the VMM
3. Efficiency
• by executing all non-privileged instructions directly on hardware
• A key aspect of the theorem is that it is easy to check
Introduction
![Page 6: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/6.jpg)
• Emulation seems a good way to implement VMM.
We can run a guest OS above emulator.
Emulators can manage all hardware resource and arrange sharing resource to the guest OS
• However, there are rarely people using emulator as VMM.
• WHY?
Because emulation is quite SLOW!
It’s not Efficient!
• How to let it faster?
Don’t emulate everything. Just emulate some sensitive instructions which will directly access hardware resource.
Execute all non-privileged instructions directly on hardware
Emulation & virtualisation
![Page 7: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/7.jpg)
• Definition:
We run the guest OS without modified.
The guest OS doesn’t realise that it is running above VM rather than physical machine.
• Pro:
User can use any OS what he/she wants to install as guest OS
For those OS which is hard to patch (ex: Windows, because it’s hard to get its source code), user can only install them in full-virtualisation environment
• Con:
For non-virtualisable CPU, running guest OS without patched critical instruction need use Dynamic Binary Translation in the hypervisor. It costs a lot.
Even for the virtualisable or hardware assistant CPU, running an OS which doesn’t find out it's in VM rather in physical machine, it is still lots of computing resource. Using patched guest OS can avoid these resource wasting. And using full-virtualisation environment cannot gain the performance optimisation.
Full-virtualisation
![Page 8: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/8.jpg)
• Definition:
Run the guest OS which is patched for virtualisation.
The guest OS realises that it is running above VM rather than physical machine.
• Pro:
For non-virtualisable CPU, running guest OS with patched critical instruction can reduce lots of work for hypervisor. Let guest OS run faster.
Even for the virtualisable or hardware assistant CPU, running an OS which doesn’t find out it's in VM rather in physical machine, it is still lots of computing resource. Using patched guest OS can avoid these resource wasting.
• Con:
User cannot use any OS what he/she wants to install as guest OS
For those OS which is hard to patch (ex: Windows, because it’s hard to get its source code), user cannot install them as guest OS.
Para-virtualisation
![Page 9: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/9.jpg)
• According to the category from Popek and Goldberg in 1974, virtual machine monitor can be separate into two major type which are majorly category from where the hypervisor is.
• Type 1
a.k.a. “Bare-metal VMM”
• Type 2
a.k.a. “Hosted VMM”
Several types of VMM
![Page 10: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/10.jpg)
Bare-Metal VMM
![Page 11: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/11.jpg)
Bare-Metal VMM
• VMM is responsible for scheduling and managing the allocation of HW resources
• Example:
Xen
Hyper-V
VMware workstation
![Page 12: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/12.jpg)
Hosted VMM
![Page 13: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/13.jpg)
Hosted VMM
• VMM is built on top of an existing OS
• Installation process is similar to the installation of an APP
• Let the host OS to provide device drivers and other low-level services
• Can patch privileged instructions to VMM calls (traps), or using DBT techniques
• Example:
VMware player
KVM
Parallels
![Page 14: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/14.jpg)
Comparison with native and hosted VMs
Non-privilegedmodes
PrivilegedMode
Applications
OS
Traditionaluniprocessor
system
Hardware
VirtualMachine
VMM
Hardware
VirtualMachine
Host OS
Hardware
VMM
VirtualMachine
Host OS
Hardware
VMM
NativeVM system
User-modeHosted
VM system
Dual-modeHosted
VM system
![Page 15: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/15.jpg)
Outline
• Introduction• Xen project• KVM• Vmware• Usages in server platforms• Usages in client platforms
![Page 16: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/16.jpg)
04/02/14 17
Xen Project bio
• Xen project was created in 2003 at the University of Cambridge Computer Laboratory in what's known as the Xen Hypervisor project – Led by Ian Pratt with team members Keir Fraser, Steven Hand, and Christian
Limpach.
– This team along with Silicon Valley technology entrepreneurs Nick Gault and Simon Crosby founded XenSource which was acquired by Citrix Systems in October 2007
• The Xen® hypervisor is an open source technology, developed collaboratively by the Xen community and engineers (AMD, Cisco, Dell, HP, IBM, Intel, Mellanox, Network Appliance, Novell, Red Hat, SGI, Sun, Unisys, Veritas, Voltaire, and of course, Citrix)
• Xen is licensed under the GNU General Public License
• Xen supports Linux 2.4, 2.6, Windows and NetBSD 2.0
• Name from neXt gENeration virtualization
![Page 17: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/17.jpg)
04/02/14 18
Xen Components
A Xen virtual environment consists of several modules that provide the virtualisation environment:• Xen Hypervisor - VMM
• Domain 0
• Domain Management and Control
• Domain User, can be one of:– Paravirtualised Guest: the kernel is aware of virtualisation
– Hardware Virtual Machine Guest: the kernel runs natively
![Page 18: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/18.jpg)
04/02/14 19
Hypervisor - VMM
Domain 0
Domain Managemen
t and Control
Domain UParavirtual Guest
Domain UParavirtual Guest
Domain UParavirtual Guest Domain U
HVM Guest
Domain UHVM Guest
Domain UHVM Guest
Xen Components
![Page 19: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/19.jpg)
04/02/14 20
Xen Components
• When Xen boots, one of the first things it does is load a Domain 0 (dom0) guest kernel. Domain 0 is the first guest to run, and has elevated privileges.
• Domain 0 is very important to a Xen system. Xen does not include any device drivers by itself, nor a user interface. These are all provided by the operating system and userspace tools running in the dom0 guest
• The most obvious task performed by the dom0 guest is to handle devices. This guest runs at a higher level of privilege than others, and so can access the hardware
• In contrast, other domains are referred to as domain U (domU )—the “U” stands for unprivileged. However, it is now possible to delegate some of dom0’s responsibilities to domU guests, which blurs this line slightly.
![Page 20: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/20.jpg)
04/02/14 21
Xen Components
![Page 21: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/21.jpg)
04/02/14 22
Xen Components
• There are three components to any driver:
– The split driver
– The multiplexer
– The real driver
• The split driver is typically as simple as it can be. It is designed to move data from the domU guests to the dom0 guest, usually using ring buffers in shared memory.
• The real driver should already exist in the dom0 operating system, and so it cannot really be considered part of Xen.
• The multiplexer may or may not. In the example of networking, the firewalling component of the network stack already provides this functionality. In others, there may be no existing operating system component that can be pressed into use.
![Page 22: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/22.jpg)
04/02/14 23
Xen Hypervisor - VMM
• The hypervisor is Xen itself. • It goes between the hardware and the operating systems of the various
domains. • The hypervisor is responsible for:– Checking page tables– Allocating resources for new domains– Scheduling domains. – Booting the machine enough that it can start dom0.
• It presents the domains with a VirtualMachine that looks similar but not identical to the native architecture.
• Just as applications can interact with an OS by giving it syscalls, domains interact with the hypervisor by giving it hypercalls. The hypervisor responds by sending the domain an event, which fulfills the same function as an IRQ on real hardware.
• A hypercall is to a hypervisor what a syscall is to a kernel.
![Page 23: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/23.jpg)
04/02/14 24
Xen Hypervisor - VMM
• Thin, privileged abstraction layer between the hardware and operating systems
• Defines the virtual machine that guest domains see instead of physical hardware:
– Grants portions of physical resources to each guest
– Exports simplified devices to guests
– Enforces isolation among guests
![Page 24: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/24.jpg)
04/02/14 25
• The hypervisor executes privileged instructions, so it must be in the right place:
• x86 architecture provides 4 privilege levels / rings
• Most OSs were created before this implementation, so only 2 levels are used
• Xen provides 2 modes:– In x86 the applications are run at ring 3, the kernel at ring 1
and Xen at ring 0
– In x86 with VT-x, the applications run at ring 3, the guest at ring non-root-0 and Xen at ring root-0 (-1)
Restricting operations with Privilege Rings
![Page 25: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/25.jpg)
04/02/14 26
3
0
3
1
0
3
0
The Guest is moved to ring 1
Native Paravirtual x86
HVM x86
Applications Guest kernel (dom0 and dom U)
Hypervisor
The Hypervisor is moved to ring -1
Restricting operations with Privilege Rings
![Page 26: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/26.jpg)
04/02/14 27
• Domain 0 is a Xen required Virtual Machine running a modified Linux kernel with special rights to:– Access physical I/O devices• Two drivers are included in Domain 0 to attend requests from
Domain U PV or HVM guests
– Interact with the other Virtual Machines (Domain U)– Provides the command line interface for Xen daemons
• Due to its importance, the minimum functionality should be provided and properly secured
• Some Domain 0 responsibilities can be delegated to Domain U (isolated driver domain)
Domain 0
![Page 27: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/27.jpg)
04/02/14 28
Domain 0
Network backend driver
Block backend driver
Communicates directly with the local networking hardware to process all virtual machines
requests
Communicates with the local storage disk to read and write data from the drive based upon Domain
U requests
PV
HVM
Qemu-DMSupports HVM guests for
networking and disk access requests
Domain 0
![Page 28: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/28.jpg)
04/02/14 29
Domain Management and Control - Daemons
The Domain Management and Control is composed of Linux daemons and tools:• Xm– Command line tool and passes user input to Xend through XML RPC (creates and manages
guest VMs)
• Xend– Python application that is considered the system manager for the Xen environment (Daemon
to communicate with the hypervisor)
• Libxenctrl– A C library that allows Xend to talk with the Xen hypervisor via Domain 0 (privcmd driver
delivers the request to the hypervisor)
• Xenstored–Maintains a registry of information including memory and event channel links between
Domain 0 and all other Domains
• Qemu-dm– Supports HVM Guests for networking and disk access requests
![Page 29: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/29.jpg)
04/02/14 30
Domain U – Paravirtualised guests
• The Domain U PV Guest is a modified Linux, Solaris, FreeBSD or other UNIX system that is aware of virtualisation (no direct access to hardware)
• No rights to directly access hardware resources, unless especially granted
• Access to hardware through front-end drivers using the split device driver model
• Usually contains XenStore, console, network and block device drivers
• There can be multiple Domain U in a Xen configuration
![Page 30: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/30.jpg)
04/02/14 31
Domain U – Paravirtualised guests
Domain U - PV
Network front-end driver
Block front-end driver
Communicates with the Network backend driver in Domain 0
Communicates with the Block backend driver in Domain 0
Console driver
XenStore driver
Similar to a registry
![Page 31: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/31.jpg)
04/02/14 32
Domain U – HVM guests
• The Domain U HVM Guest is a native OS with no notion of virtualisation (sharing CPU time and other VMs running)
• An unmodified OS doesn’t support the Xen split device driver, Xen emulates devices by borrowing code from QEMU
• HVMs begin in real mode and gets configuration information from an emulated BIOS
• For an HVM guest to use Xen features it must use CPUID and then access the hypercall page
Domain U - HVM
Xen virtual firmware
Simulates the BIOS for the unmodified operating system to
read it during startup
![Page 32: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/32.jpg)
04/02/14 33
Pseudo-Physical to Memory Model
… …
… …
… …
Application
Kernel
Hypervisor
Virtual
Pseudo-physical
Machine
• In an operating system with protected memory, each application has it own address space. A hypervisor has to do something similar for guest operating systems.
• The triple indirection model is not necessarily required but it is more convenient from the performance point of view and modifications needed in the guest kernel.
• If the guest kernel needs to know anything about the machine pages, it has to use the translation table provided by the shared info page (rare)
![Page 33: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/33.jpg)
04/02/14 34
Pseudo-Physical to Memory Model
• There are variables at various places in the code identified as MFN, PFN, GMFN and GPFN
PFN (Page Frame Number) It means “some kind of page frame number”. The exact meaning depends on the context
MFN (Machine frame number) Number of a page in the (real) machine’s address space
GPFN (Guest page frame number)
These are page frames in the guest’s address space. These page addresses are relative to the local page tables
GMFN (Guest machine frame number)
This refers to either a MFN or a GPFN, depending on the architecture
![Page 34: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/34.jpg)
04/02/14 35
Virtual Ethernet interfaces
• Xen creates, by default, seven pair of "connected virtual ethernet interfaces" for use by dom0
• For each new domU, it creates a new pair of "connected virtual ethernet interfaces", with one end in domU and the other in dom0
• Virtualized network interfaces in domains are given Ethernet MAC addresses (by default xend will select a random address)
• The default Xen configuration uses bridging (xenbr0) within domain 0 to allow all domains to appear on the network as individual hosts
![Page 35: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/35.jpg)
04/02/14 36
OFF RUNNING
SUSPENDED
PAUSED
Turn on
Turn off
Resume
PauseStart (paused)
Stop
Turn off
Wake Sleep
Migrate
The Virtual Machine lifecycle
Xen provides 3 mechanisms to boot a VM:
• Booting from scratch (Turn on)
• Restoring the VM from a previously saved state (Wake)
• Clone a running VM (only in XenServer)
![Page 36: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/36.jpg)
Outline
• Introduction• Xen project• KVM• Vmware• Usages in server platforms• Usages in client platforms
![Page 37: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/37.jpg)
04/02/14 38
KVM Overview
• It is a VMM built within the Linux kernel– The name stands for Kernel Virtual Machines– It is included in mainline Linux, as of 2.6.20
• It offers full-virtualisation– Para-virtualisation support is in alpha state
• It works *only* in platforms with hardware-assisted virtualisation– Currently only Intel-VT and AMD-V – Recently also s390, PowerPC and IA64
• Decision taken to achieve a simple design– No need to deal with ring aliasing problem,– Nor excessive faulting avoidance– Nor guest memory management complexity– Etc
![Page 38: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/38.jpg)
04/02/14 39
Why KVM?
• Today’s hardware is becoming increasingly complex–Multiple HW threads on a core–Multiple cores on a socket–Multiple sockets on a system– NUMA memory models (on-chip memory controllers)
• Scheduling and memory management is becoming harder accordingly• Great effort is required to program all this complexity in hypervisors– But an operating system kernel already handles this complexity– So why no reuse it?
• KVM makes use of all the fine-tuning work that has gone (and is going) into the Linux kernel, applying it to a virtualised environment
• Minimal footprint– Less than 10K lines of kernel code– Implemented as a Linux’s module
![Page 39: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/39.jpg)
04/02/14 40
How does it work?
• A normal Linux process has two modes of execution: kernel and user– KVM adds a third mode: guest mode
• A virtual machine in KVM will be “seen” as a normal Linux process– A portion of code will run in user mode: performs I/O on behalf of the
guest
– A portion of code will run in guest mode: performs non-I/O guest code
![Page 40: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/40.jpg)
04/02/14 41
guest mode
With its own 4 rings
How does it work?
![Page 41: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/41.jpg)
04/02/14 42
Key features
• Simpler design: Kernel+Userspace (vs. Hypervisor + Kernel + Userspace)– Avoids many context switches– Code reuse (today and tomorrow)– Easy management of VMs (standard process tools)
• Supports Qcow2 and Vmdk disk image formats– “Growable” formats (copy-on-write)
• Advanced guest memory management– Increased VM density with KSM (under development)
• KSM is a kernel module to save memory by searching and merging identical pages inside one or more memory areas
– Guest’s page swapping allowed
![Page 42: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/42.jpg)
04/02/14 43
Future trends
• Para-virtualisation support (Windows & Linux)– virtIO devices already included in Linux’s mainline as of
2.6.25
• Storage– Many similar guests cause a lot of duplicate storage
– Current solution: baseline + delta images• Delta degrades overtime (needs planning)
• Disk-in-file is overheady
![Page 43: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/43.jpg)
Outline
• Introduction• Xen project• KVM• Vmware• Usages in server platforms• Usages in client platforms
![Page 44: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/44.jpg)
04/02/14 46
VMware
• In 1998, VMware created a solution to virtualise the x86 platform, creating the market for x86 virtualisation
• The solution was a combination of binary translation and direct execution on the processor
• Nonvirtualisable instructions are replaced with new sequences of instructions
• User level code is directly executed on the processor• Each VMM provides each VM with all the services of the physical
system, including a virtual BIOS, virtual devices and virtualised memory management
![Page 45: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/45.jpg)
04/02/14 47
VMware
![Page 46: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/46.jpg)
04/02/14 48
VMware
Basic properties:• Separate OS and hardware –
break hardware dependencies
• OS and Application as single unit by encapsulation
• Strong fault and security isolation
• Standard, HW independent environments can be provisioned anywhere
• Flexibility to choose the right OS for the right application
![Page 47: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/47.jpg)
04/02/14 49
Vmware major products
VMware Server • A free-of-charge virtualisation-software server suite• Run multiple servers on your server• Hosted architecture• Available for Linux hosts and Windows hosts
VMware ESX Server• An enterprise-level computer virtualisation product• Quality of service• High-performance I/O• Host-less architecture ( bare-metal )
![Page 48: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/48.jpg)
VMware ESX architecture
![Page 49: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/49.jpg)
04/02/14 51
VMware ESX architecture
• Datacenter-class virtualisation platform used by many enterprise customers for server consolidation
• Runs directly on a physical server having direct access to the physical hardware of the server
Parts:• Virtualisation layer (VMM/VMKernel): implements the idealised hardware
environment and virtualises the physical hardware devices • Resource Manager: partitions and controls the physical resources of the
underlying machine • Hardware interface components: enable hardware-specific service delivery• Service Console: boots the system, initiates execution of the virtualisation
layer and resource manager, and relinquishes control to those layers• Add – Virtual Centre / Lab manager
![Page 50: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/50.jpg)
04/02/14 52
VMware ESX architecture
![Page 51: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/51.jpg)
04/02/14 53
Primary method of interaction with
virtual infrastructure
(console and GUI)
Virtualisation layer that abstracts the
processor, memory, storage, and networking resources of the physical
host intomultiple virtual
machines
Centrallymanages the VMware ESX Server hosts
Organises all theconfiguration data
for the virtual infrastructure environment
AuthorisesVirtualCenter Servers and
ESX Server hosts appropriately for the
licensingagreement
VI Client from theVirtualCenter Server or ESX Server hosts
VMware default deployment
![Page 52: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/52.jpg)
04/02/14 54
VMware for free
• VMware provides freeware Server and Workstation virtualisation solutions• VMware Server:
– Is a free desktop application that lets you run virtual machines on your Windows or Linux PC
– Lets you use host machine devices, such as CD and DVD drives, from the virtual machine
– Datasheet or FAQ page is available
– Different Virtual Appliances are provided for free
• VMware Player:– Similar to VMware Server but limited to run pre-built virtual appliances
![Page 53: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/53.jpg)
Outline
• Introduction• Xen project• KVM• Vmware• Usages in server platforms• Usages in client platforms
![Page 54: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/54.jpg)
04/02/14 56
Virtualisation in servers
![Page 55: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/55.jpg)
04/02/14 57
Workload Consolidation description
HWn
…
HW0
VM1 VMn
OS
App
OS
App …
HW
VM1 VMn
VMM
OS
App
OS
App
Hardware is more stressed:
- More intense IO- More intense mem usage
Focus in Equivalence
prop
• Too many servers: Hot and underutilised– Server virtualisation consolidates many systems onto one physical platform– Higher physical resource utilization
• Improved utilization: Several users with different OS requirements can more easily share a virtualised server– It allows to run legacy and new operating systems concurrently
![Page 56: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/56.jpg)
04/02/14 58
Workload Consolidation pros/cons
• Pros:– Each application can run in a separate environment delivering true isolation– Cost Savings: Power, space, cooling, hardware, software and management– Ability to run legacy applications in legacy OSs– Ability to run through emulation legacy applications in legacy HW
• Cons:– Disk and memory footprint increase due to multiples OSs– Performance penalty caused by resource sharing management
Workload consolidation provides the basis most usages/benefits of virtualisation
![Page 57: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/57.jpg)
04/02/14 59
…
HW
VM1 VMn
VMM
OS
App
OS
App
HWn
…
OS
App AppFocus in
Efficiency prop
(P&G)
Workload Isolation
• Virtualisation can improve overall system security and reliability by isolating multiple software stacks in their own VMs
– Security: intrusions can be confined to the VM in which they occur
– Reliability: software failures in one VM do not affect the other VMs
– As a side effect, if the hypervisor or drivers are compromised, the whole VMs can be compromised (equivalent to BIOS attack)
![Page 58: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/58.jpg)
04/02/14 60
Workload migration for dynamic load balancing
…
HW0
VM1VM1 VMnVMn
VMM
OS
App
OS
App …
HWn
VM1VM1 VMnVMn
VMM
OS
App
OS
App
What happens with the established connections, mem pages, disk?
• If a given application needs more resources, it could be easily moved to other physical host with more power
• Several application replicas can be started in different physical machines and split the workload among them–While the applications should be engineered for this behaviour, the
deployment is simplified
![Page 59: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/59.jpg)
04/02/14 61
Workload migration for disaster recovery
HW0
VMM
VM1VM1
OS
App
HW0
VMM
VMn
OS
App
HW
VMM
VMn’
OS
App
VM1’VM1’
OS
App
How often should the VMM store the VM’s status?
• High Availability: if an application goes down, it is not necessary to wait for the reboot of the operating system/application–Virtualisation allows to immediately put another replica up–State-less applications can be immediately restored from snapshots–Disk images should exist in external network storage (SAN, NAS)
![Page 60: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/60.jpg)
04/02/14 62
HW0
VMM
VM1
OS
App
HW0
VMM
VM2
OS
App
OS
App
Gold ImageGold Image
OS
App
HW1
VMM
VMn
OS
App
VM3VM3
OS
App
OS
App
OS
App
OS
App
Deployment of standard environments
• Service providers usually offer some standard services– Standard images can be provided instantaneously– Simplifies deployment procedures: everything is stored in a file that
represents the VM– Easier backward compatibility (Gold Image 1, 2, 3, etc)
Deployment of standard environments
![Page 61: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/61.jpg)
04/02/14 63
HW
VMM
OS
App
OS
App
Test and deployment
• Development and testing environments– A VM with standard tools is distributed amongst developers– Releasing new revisions of tools, patches, etc. is very simple
• Business Agility and Productivity– It allows to easily transform environments (Development to test, back to
development, etc)
• Deployment of Patches in controlled environments• Allows for testing in production hardware before formal activation
![Page 62: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/62.jpg)
04/02/14 64
Virtu
al A
pp
lian
ce
Virtual Machine
Soft
ware
Ap
plia
nce
App.
Middleware
Fully pre-installed and pre-configured application
and operating system environmentVirtual Platform
OS
A software appliance is a software
application combined with a tailored
operating system
Virtual appliances
• The convergence of virtual machine technology and a new initiative by several tool vendors is giving birth to this new form of software packaging called Virtual Appliance
– Software appliance that includes necessary components to run in a virtual computing environment (VMware, Xen, Virtual Iron, …)
– Both, software and virtual appliances, are aimed to eliminate the installation, configuration and maintenance costs associated with running complex stacks of software
![Page 63: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/63.jpg)
Outline
• Introduction• Xen project• KVM• Vmware• Usages in server platforms• Usages in client platforms
![Page 64: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/64.jpg)
04/02/14 66
HW
VMMOS
App
HW
OS
Game
Windows games emulation in Mac
• Games are very dependant of the platform for which they were programmed– Creating games for each platform is too costly
• Minimal emulation is needed for minimal performance degradation
![Page 65: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/65.jpg)
04/02/14 67
HW
VMM
OS
App
OS
App
Test and Development – also for clients
• Development and testing environments– A VM with standard tools is distributed amongst developers– Releasing new revisions of tools, patches, etc. is very simple
• Business Agility and Productivity– It allows to easily transform environments (Development to test, back to
development, etc)
• Deployment of Patches in controlled environments• Simplifies testing of P2P applications
![Page 66: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/66.jpg)
04/02/14 68
HW
OS
VM1’HW (new)
VMM
VM2
OS
App
VM1VM1
OS
App
App
HW
OS
VM2’ App
Connectivity becomes the critical path
Desktop infrastructure management
• Migration to new hardware due to OS compatibility is too costly– Windows Vista slow adoption is an example– Gradual upgrade can be implemented
• Desktops are underutilised (as opposed to previous)– Consolidate in the server, run remotely in the client
![Page 67: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/67.jpg)
04/02/14 69
HW (personal)
VMMHW (corporation)
VMM
VM2
OS
App
VM1VM1
OS
App
HW (personal)
VMM
OS
Personal
OS
Corp
Connectivity becomes the critical path
OS
Personal
OS
Corp
My corporate PC within my PC
• Users sharing their own PC with the corporate– A VM for own work
– A VM for corporate usages
– Can be extended to more profiles (secure, entertainment, etc)
• Temporary remote employees are given a VM with expiration date
![Page 68: “VMMs and hypervisors” -Network and Services Virtualisationocw.umh.es/ingenieria-y-arquitectura/network_ and... · Unisys, Veritas, Voltaire, and of course, Citrix) • Xen is](https://reader036.fdocuments.us/reader036/viewer/2022070718/5ede0876ad6a402d66694c5b/html5/thumbnails/68.jpg)
Bibliography
• Books :– The definite guide to Xen Hypervisor. David Chisnall.
Prentice Hall
• Other resources :– Lecture slides of “Virtual Machine” course (5200) in
NCTU
– KVM web page: http://www.linux-kvm.org
– VMware web page: http://www.vmware.com