ISSN : 2347 - 8446 (Online) Computer Science & … · Computer Science & Technology (IJARCST 2014)...

ISSN : 2347 - 8446 (Online) ISSN : 2347 - 9817 (Print)

www.ijarcst.com

International Journal of Advanced Research inComputer Science & Technology (IJARCST 2014)

© 2014, IJARCST All Rights Reserved 134

Vol. 2 Issue Special 1 Jan-March 2014

A Study on System Virtualization TechniquesIS.Suresh, IIDr. M.Kannan

IAssociate Professor, Adhiyamaan College of Engineering,Hosur, Tamil Nadu, IndiaIIProfessor, Dept. of IT, Sri Ramakrishna Institute of Technology, Coimbatore, Tamil Nadu, India

I. IntroductionVirtualization was brought out in 1960 when IBM made a logical partition in their own VM/370 mainframe machines. The advent of distributed systems in the mid 1970 made virtualization less important. Then as desktop and server processing capacity has consistently increased year after year and low resource utilization put a thought of system virtualization. To get an idea of how virtualization is used in real life, let us consider partitioning one physical hard disk into logical partitions (drives: c:\, d:\, etc.,).The idea behind virtualization is to virtualize the underlying physical hardware or software resources either by software or hardware tricks. The virtualized environment is called as virtual machine (VM) or Guest and the virtualizing software is referred as virtualization layer or virtual machine monitor (VMM) or hypervisor. Each VM is a logical existence or imitation of underlying physical hardware (Host),and it mimics the real characteristics of host that is capable of running own OS (Guest OS)[1].VMM is responsible to create VMs and it manages them by multiplexing the VMs for execution, providing isolation, security and fair sharing of resources. Further, it is responsible to map a virtual machine’s virtual request to the physical request.VMM must prevent the VM from directly executing privileged instruction that would affect the state of the physical machines as a whole.Instead,it must intercept such instructions and emulate them so their effect is applied to the VM’s hardware, not the physical machine’s hardware. For example, issuing reboot command in a VM should reboot just the VM, no the entire host.The wide variety of virtualization applications made it a modern topic in the IT industry. Some of the areas, where production centers can get benefits are, 1) As more than one VM can be implemented in a single machine (server consolidation), physical space consumption and hardware costs could be reduced with better utilization of hardware. 2) VM is a collection of files; Like all other files it can be moved or copied from one place to another while it is running, (live migration) that enables load balancing, gives higher availability ,makes maintenance and manageability easier. 3) The poorly isolated nature of application process’s security depends on each other on the same machine, whereas, VM’s high level isolation among them could surpass this drawback and increase the security level, since malfunction or malicious software infection of one VM does not affect the another. 4) Running multiple OS simultaneously makes it simpler to switch between different OS

easily and quickly which is very useful for testing and debugging low level software and device drivers on the multiple platforms that helps in software development. Like other systems, virtualization has its own limitations as 1) Increased system complexity: Due to the lack of transparency into the lower layer, VMM software layering introduces inefficiencies and weakens raw performance. Additionally, the initial configuration of the VM environment and its application need more time. 2) As the virtualization products and types are enormous and vary for different applications, to address business needs, one need in depth knowledge to pick up the finest. 3) Depending on the chosen virtualization type either host machine or virtualization layer becomes the cause of failure, results in down fall of all VM [2].

Related workThis maturing technology attracted many researchers.Some of their related works are:The dated paper [1] reveals the internal core concepts behind implementing virtualization. It gives a good introduction and explains key architectural principles with best practices of a VMM, still being followed by the research community. In [3] the author has explored the basic design and architectural principles of accepted XEN hypervisor. Through the quantitative performance comparison of a XEN with other VMM, they report that XEN performs near to native and it is preferable. They have also quoted that recent CPU extensions/ improvements by Intel and AMD helps to run unmodified guest OS in XEN. But this in-depth article comparing VMs typically limited to a single technique. The paper [4] presents the results of a literature study answering, under which circumstances virtualization improves security and poses threat. Several recommendations are discussed concerning how to develop and use virtualization technology securely. Anyhow, this paper focuses on security characteristics than on characteristics inherent to technique. In [5] this paper authors investigate performance trade-offs between the matured software VMM with first generation Hardware assistance VMM by their architectural level experimental study. They have explored that hardware VMM often suffers lower performance than the pure software VMM, and they recommended new MMU Algorithms in the hardware level might narrow this gap. In [6] recent paper the author describes state-of-the-art features of VM system such as virtualization technology, resource scheduling, security, migration and performance evaluation techniques. To maximize the service

AbstractTaking something in one form and presenting into another form is referred as virtualization. The concept of virtualization is very broad and is applied to devices, machine stack, files, networks and storage systems.However,system virtualization’s ability for reducing and optimizing resource consumption towards sustainable computing, provides a mechanism to consolidated application along with existing OS,middleware,and communication environment on a single shared systems makes it hot topic in industry.Hence,this paper gives brief overview of x86 virtualization techniques that provides a high level description about virtualization including the concept of a virtual machine monitor(VMM), virtualization properties, and its applications. Further it contrast different form of x86 system level virtualization and suggests when and where a desirable technology is appropriate. And finally it concludes with a notion possible new directions that would be faced during the implementation of VMM and hardware architecture, to make them widely accepted.

Keywordsx86 Architecture; System Virtualization; Virtual Machine; Virtual Machine Monitor


www.ijarcst.com


© All Rights Reserved, IJARCST 2014135


performance, a review on resource architectural improvements done. Their criterion is similar to ours. Moreover this paper addresses identification and integration of multiple views.

Road MapThe rest of the paper is organized as follows. Section II gives an overview of x86 hardware architecture and emphasizes a number of challenges and requirements that slows down the design of an efficient virtualization. The software and hardware virtualization architectures are summarized in section III. Section IV discusses the similarities and differences of one another with respect to the VM architecture. In section VI, the paper is concluded, by discussing new directions and open problems in section V.

II. x86 Architectural overview and virtualization constarintsAs a background, this section covers x86 architectural overview, its virtualization issues and requirements. The server side leading IA-32 (that is, Intel and AMD) is evolved from 8086 and its descendant instruction set, generally known as x86 processors. The 32-bit extension of 64-bit x86 is termed x86-64.Though, x86 and x86-64 have architectural differences, they are not very different in principle. So, the information given in this paper applies to the architectures of both. Most of the conventional hardware architecture is designed to be configured and used by only one OS at a time. The x86 is not an exception to this. Its instruction set consists of three kinds of instructions namely privileged, sensitive and non-privileged instructions. To protect the valuable resources like cpu,memory,input and output devices from unauthorized access,x86 uses four modes of operation (protection mechanism) numbered from ‘0’(privilege level/root level) to ‘3’ (least privilege level/user mode), referred as ring. The ring ‘0’ is normally used by OS, user application is run in ring ‘3’ ,and the remaining are rarely used in commodity OS. The x86 CPU running mode, decides what code it will be able to execute and what not to do. To control the transfer of program execution between privilege levels, x86 uses interrupt and traps mechanism, while enables user mode tasks to call root mode system routines. On the hole, one can say that a conventional environment supports “single OS for single hardware with many applications”.Most prominent challenges involved in running many OS concurrently in a single system are, maintaining a separate state of the running VM, providing security and managing resource conflict problems under the shared resources. To address these virtualization issues of x86, Goldberg and Popek has examined certain VMM properties and sufficient conditions that allows computer architecture to support VM.They are:1) Efficiency: executes all non-sensitive instructions directly without VMM interpretation in both privileged and non-privileged modes. 2) Resource control: isolation of VM from one another and the VMM. 3) Equivalence: VM executes codes exactly like they would as a physical machine does [7]. In common, the non-privileged instructions are executed directly and certain privileged instruction must be trapped and simulated by VMM.But certain x86 instructions (say sensitive instructions[4]) deceive virtualization layer without suggesting the choice to trap that could violate the isolation property. Sensitive instructions are unprivileged but are capable of changing the CPU state. These non-virtualizable instructions have to be handled by the virtualization layer for safe execution, before they are executed. These limitations need certain tricks to achieve virtualization. In summary, a mechanism that

manages and monitors VM by intercepting privileged instructions and events is needed. The next section covers available software and hardware virtualization solutions.

III. x86 virtualization techniquesAs discussed earlier, x86 hardware is not made to be virtualized. For this, various virtualization technologies are used to virtualize. Based on the working logic, architectural design, usage scenarios and control over the physical hardware it can be categorized into many types. This section gives the overview of these technologies.Let us understand some key concepts and terms a bit before delving into the working of virtualization. The terminologies introduced below are then used to compare the systems.1) Isolation: Any software problem that affects one VM does not affect another. 2) Portability: The evaluation of simplicity that allows one system architect to be mapped into another system architecture.3) Flexibility: Decoupling application from hardware.4) Complexity: The number and variety of components, their interactions, along with their rate of change. 5) Scalability: ability to scale to an order-of-magnitude more VM than existing VMM. 6) Availability: promptness for acceptable services.7) Reliability: stability of acceptable services.

A. Software SolutionsThis solution is implemented by virtualization layer software and does not require hardware architectural changes (flexibility). Here, virtualization is carried out on hardware architecture of machine stack and the created virtual environment satisfies Popek and Goldberg requirements. Based on the technique used to virtualize CPU resource, virtualization layer’s control over the physical hardware and amount of hardware and software execution portion, is categorized as full virtualization and paravirtualization.The related concepts emulation and OS virtualization are also discussed here.

1. Simulation/EmulationModeling any system architecture completely in software by virtualization layer (Complete Software Interpreter Machine) is simulation. If the implemented system architecture is not same as underlying machine, then it is emulation (e.g., Java Virtual Machine ) enables one system architecture (e.g., non-x86 platform) to be mapped to another system architecture (e.g., x86 platform).But the biggest drawback in using device emulation is performance degradation, lack of security isolation and to certain extent scalability in sharing.E.g., Crusoe, open source Plex86 and Bochs [8].

2. Full systemVirtualization: In this, virtualization layer runs as a part of host OS (Figure 1), which simulates the entire hardware. As, the virtual environment created is not aware that it is virtualized, the running guest OS imagine to have the same mode (ring ‘0’) offered as if it would be the only OS in the full system. As code executing in ring ‘0’ is generally allowed to execute any privileged instruction, a guest OS kernel must be reduced in rank from ring ‘0’ to ring ‘1’ to impose virtualization. This separation of privilege between the VMM and the guest OS is termed as ring compression[4]. All the sensitive instruction of guest OS are trapped and converted into equivalent safe instructions by run time binary translation. This allows guest OS to be different from host OS (good portability).


www.ijarcst.com




With this architecture,notice that the various hardware device drivers are part of the VMM,as well as many other components.It handles all the functions that one would generally expect in an OS,such as scheduling, memory management, file systems, the driver stacks for all supported hardware,management interfaces and so on. Some examples of virtualization product that apply this technique include: Virtual Box, VMware Products such as VMware Workstation and VMware ESX server, Microsoft Products Windows Virtual PC 7 and Hyper-V,and open source QEMU. Here server products VMware ESX Server and Hyper-V are capable of running on bare hardware.Here server products VMware ESX Server and Hyper-V are capable of running on bare hardware[9,10].

Fig. 1: A conceptual diagram of full virtualization architecture

3. ParavirtualizationThis technique is implemented by modifying/compiling guest OS and run it as an ordinary process without the need of hardware access. Here virtualization layer is called hypervisor (minimal OS), that runs directly on the bare hardware(Figure 2) which is responsible for scheduling resources and multiplexing VMs.Here, the virtual environment created is the modified version of underlying hardware, exposed with high level hypercall (similar to OS system call) that enables non virtualizable instructions to be executed directly which achieves near native performance. However, this method needs OS modification it cannot work for closed software like Windows OS.But unmodified guest OS are possible with sufficiently advanced hardware (refer Hardware Extensions). Notice that in this microkernel architecture, only the functions that are absolutely required to share the hardware among the VMs are contained in the hypervisor. The other required functions of an OS are found in the specialized administrative environment called Parent / Root partition that has direct access to the hardware devices in order to share them among the other VMs.The result is more virtualization friendly I/O device interface with lower overhead for communicating the I/O commands from the Guest OS and thus higher performance. Companies offering paravirtualization technique include UML, Virtual Iron and Open Source Xen[3].

4. OS VirtualizationHere, the goal is to virtualize operating environment (partition an OS environment) rather than the hardware. The technique is, within a single OS instance, using software defined boundaries, to create many private execution environments that have its own file system, identity and user accounts. Though, it achieves reliability, scalability and resource utilization, it fails to support heterogeneous kernel environments and offer weak isolation. This

is best suitable for sandboxing applications. Sample projects that implement this technique are FreeBSD ”Jail” , Parallels Virtuozzo Containers, Swsoft and open source OpenVZ[11] .

B. Hardware SolutionsIt provides hardware enhancements designed to help reduce the complexity and overhead of virtualization software and it is an attempt to maximize the benefits of virtualization while minimizing its drawbacks.

Fig. 2: A conceptual diagram of paravirtualization architecture

Let us have a look at hardware level virtualization support.

1. Hardware Extensions Intel and AMD have designed virtualizable architecture Intel VT-x[12] and AMD-V[13] respectively that give convenient mechanisms to create virtual environment while avoiding the need for traditional VMM interpretive software overhead. It provides resources for program execution in the form of instructions (VM Exit, VM Entry) and registers. The new super privilege mode ring ‘-1’ added inside ring ‘0’ that enables VMM and guest OS to use all the four rings.CPU switch between these modes (ring ‘-1’ and ring ‘0’) is called VMX transition, and two types of transition exist namely VM-Entry (ring ‘-1’ to ring ‘0’) and VM-Exit (ring ‘0’ to ring ‘-1’).The data structure Virtual Machine Control Structure (VMCS) is used to manage the state transitions. The guest OS runs in ring ‘0’ and operates as usual, without knowing that there is another layer (ring ‘-1’, where hypervisor runs) between it and the hardware. When guest OS makes privileged system call, the call goes to ring ‘-1’ rather than the actual hardware, where the VMM will seize it, recess the VM, execute the call and then recommence the VM when the call is done. These architectural extensions enable micro kernel VMM implementation. This in turn enables more comprehensive VMM system examination, which may give way better VMM security. The down side of this work is the need of modifying processor hardware and the expensive VM Exit.

IV. Discussion and ObservationThis section strives to compare and contrast various x86 virtualization techniques from various angles and give insights into the essential characteristics. The criteria for this comparison include performance, robustness, bond with the host OS, isolation, portability, resource requirement, performance operating cost, scalability, availability and flexibility. The tabular format (Table 1 (a) and Table 1 (b)) and Figure 3 gives a quick overview of critical features of each system and provides points for further examination.


www.ijarcst.com




A. Discussions

1. Virtual machine Vs Simulation and OS virtualization:System level virtualization and emulation are two different capabilities. System level virtualization exposes to VM the hardware architecture whereas emulation exposes to VM a non-compatible architecture compared to the physical hardware. Simulation gives portability whereas VM focuses on performance. From the Table 1 (a) one can see, both emulation and OS virtualization are highly similar to VM and provide the same advantage, but they are not popek and goldberg defined VM, which cannot run various OS and not suitable for server workloads. However, current system level virtualization solutions have a lot common concepts and similar implementation.

2. Full System Virtualization Vs Para Virtualization: Both are intended to implement popek defined VM. Considering the working logic, hosted architecture VMM runs as an application of host OS that enables it to reuse the host OS services such as memory management, scheduling and security. Here, the created VM environment is replica of underlying hardware and it is unaware of being virtualized. This VMM uses dynamic run-time translation method to convert sensitive instructions that do not need guest OS modification. Whereas, in paravirtualization the hypervisor (minimal-OS) directly runs on the bare hardware and the created VM (aware that it is virtualized) is a slightly modified version of running hardware. To achieve this, guest OS is slightly modified (compiled) such that all the sensitive instructions are safe to be executed which restricts guest OS to be open source that leads to poor portability. Like full virtualization, paravirtualization needs ring compression to separate privilege between hypervisor and the guest. If we consider performance paravirtualization achieves near native; But the extra indirection layer of VMM in hosted architecture leads to performance degradation. Moreover, in case of scalability, isolation strength paravirtualization dominates over hosted architecture. But when security and portability is concerned hosted architecture dominates. In a word, the paravirtualization

has several advantages over the full virtualization and the only downside of the design is portability.

3. Software Vs Hardware assistance Virtual Machine: Hardware assisted virtualization enables transparent resource sharing improving their virtualization. This reduces the hypervisor logic (minimal code) and enables high level security code inclusion. But, hardware extensions are not full. Compared to software virtualization, the operating cost of VM-Exits are relatively high. This causes trouble for resources whose emulation needs high number of traps[5]. Similarly, for some workloads,the hypervisor still has lots of work to do to poise I/O operations, adding overhead to each I/O call. Because, current practice of system design extends this to CPUs only. Other resources, specifically the memory management, I/O devices are ill-designed for concurrent access. A solution currently in development creates a virtual mapping of I/O devices.

B. ObservationsBased on the classification, technical studies, we notice some of the findings from different virtual machine systems that may help in future for new development and improvement on existing systems.All levels of virtualization will bring particular benefits with its introduction into the datacenter. Various level of virtualization can differ in isolation strength, resource requirement, performance overhead, scalability and elasticity. (i.e., when virtualization layer is nearer to the host, the created VM are better isolated from one another and better separated from the host machine but with more resource necessities and less flexibility).One could see that a specific class of application is better suited (say paravirtualization good for compute bound application) to a particular type of virtualization scheme or implementation. Hence, system virtualization on the emerging hardware advancement is a promising technology that has solutions for many of the data center issues. The primary negative aspects of virtualization are increased system complexity, performance overhead imposed by the VMM and potentially new vulnerabilities.

Table 1(a).Software Techniques Comparisons


www.ijarcst.com




However, it is obvious that virtualization penalty is not that significant compared to the benefits attained. Hence one could say with careful consideration, planning and by using a composition of techniques large data center can get benefit from virtualization.

Table 1(b). Hardware Techniques

V. Open challengesThe overall fairness and performance of the virtual machine system depends on many architectural factors such as scheduling, input/output, resource management, security, virtual machine management and hardware improvements that need further examination. Following section reviews sampling of research issues in the area of the problems.

A. SchedulingThough the work on scheduling is an aged area the virtualization systems present exclusive uniqueness that requires re-evaluation. Process scheduling tools will need to be improved to support integrated scheduling (global scheduler) at the virtualization layer level and at the VM level for individual partitions. Further, there is significant work needed to reduce the context switch overhead among Guest OS, VMM and host OS to lower virtualization performance penalty [14].

Fig. 3. Relative performance and flexibility in x86 virtualization techniques

B. Input and Output:Device access may be considerably slower in a virtual environment. For server environments where richer and more diverse collection of input and output are used,VMM need an efficient mechanism for routing device completion interrupts to the correct VM.Great work is needed to develop more virtualization friendly input and output device interfaces with minimum overhead for communicating the input and output commands from the guest OS, to achieve high performance[10].

C. Resource management:Allocation of resources based on VM resource requirements, resource capabilities in a virtualization environment is complex. The more precise the allocation process, the more efficient the resource utilization is, and ultimately the performance. There are provisions needed for adaptive feed back driven (user behavior based) dynamic resource controller that can give flexible resource management of VMM and dynamic adaptability to larger workloads [6].

D. Security:Security violations such as utilizable flaw in virtualization layer, the existence of underground channels and the opportunity of new vulnerabilities are unbearable in virtualization environment. Regular patches can overcome the problem, but increased code complexity leads to higher portability of errors. The solution to the security vulnerabilities is that VMM is supposed to be very little and easy[4].

E. Host OS:The performance of the virtual server host determines the performance of every virtual server guest on that host. As the VMM uses only a small number of system calls and abstractions in the host OS, reducing the size of the host OS will help make a speedy and trusted foundation for VM services [14].

F. Migration:Live migration makes backup and restore work easier with zero down time. But it requires host1 and host2 processor architecture to be the same. A more sophisticated technique that permits guests to move around between dissimilar processors is needed[15].

G. Management:Managing heterogeneous virtual environments under a single roof is a challenging task. For that, we will need single pane of glass to manage the virtual infrastructure, including the storage and network elements that are hooked into the VM. Additionally, we require advanced system monitoring tools to provide finer details on resource usage in various parts of the system [6].

H. Hardware:Speaking of hardware, the first generation hardware extensions are yet to be nurtured. Firstly, moving a majority of the VMM monitoring and control overhead to hardware has the net effect of increasing the band-width available to the individual VM, it makes VMM lowest possible generic and stable layer to manage VM running on a machine.Secondly,efforts are needed to implement some memory management and I/O in hardware, which can greatly accelerate hardware virtualization since these tasks no longer need to be performed by virtualization layer that can eliminate the overhead caused by VM Exits and page table access(i.e., at the


www.ijarcst.com




processor and device level, continued stepping up of virtualization features such as partial implementation of the VM code and protection are anticipated in the near future)[5].

VI. ConclusionIn this article, an examination on the basic principles behind each virtualization approach is presented and their strengths and weaknesses are compared. As described in the paper, though there are extreme advantages in using a virtualization, there are yet many practical problems that have to be solved. It is assured that this study will not only give the groundwork for understanding virtualization mechanism, but will also motivate other researches to take up the challenges in order to look into some of the problems discussed as well as other problems concerning virtualization.

References[1] R. Goldberg,“Survey of Virtual Machine Research”, IEEE

Computer, pp.34 - 45, June 1974.[2] A.Mann. The pros and cons of virtualization.BTQ.

Online, 2007. http://www.btquarterly.com/?mc=pros-cons virtualization\&page= virt-view%research. Cited 24 Dec.2013.

[3] P. Barham, B. Dragovic et al, “Xen and the Art of Virtualization”,In Proceedings of the 19th ACM Symposium on Operating Systems Principles,Oct.2003.

[4] J. S. Robin and C. E. Irvine, “Analysis of the Intel Pentium's ability to support a secure virtual machine monitor”, Proceedings of the 9th USENIX Security Symposium, pp. 129-144, August 2000.

[5] K. Adams and O. Agesen, “A comparison of software and hardware techniques for x86 virtualization”, In Proceedings of the 12th international Conference on Architectural Support For Programming Languages and Operating Systems, pp.2-13,ACM Press, 2006.

[6] M. Rosenblum and T. Garfinkel, “Virtual Machine Monitors: Current Technology and Future Trends”,IEEE Computer,vol.35,no.5,pp.39-47, 2005.

[7] G. J. Popek and R. P. Goldberg, “Formal Requirements for Virtualizable Third Generation Architectures”, Communications of the ACM,vol.17,no.7, pp. 412-421, ACM Press, July 1974.

[8] E.Mallach,“On the Relationship Between Virtual Machines and Emulators”,Proceedings of the Workshop on Virtual Computer Systems, pp.117-126,1973.

[9] J. E. Smith and R. Nair, “The architecture of virtual machines”, Computer, IEEE Computer Society Press,vol.38,no.5,pp. 32-38,May 2005.

[10] J. Sugerman, G. Venkitachalam et al., “Virtualizing I/O Devices on VMware Workstation’s Hosted Virtual Machine Monitor”,In Proceedings of the USENIX Annual Technical Conference, 2001.

[11] Solaris containers: Server virtualization and manageability,Online http://www.sun.com/software/whitepapers/solaris10/grid containers.pdf .Cited 4 Sep 2013.

[12] R.Uhlig, et.al, “Intel Virtualization Technology“, Computer, vol. 38, no. 5, pp. 48-56, May 2005.

[13] Advanced Micro Devices Inc., “AMD I/O-virtualization Technology(IOMMU) Specification”, 2006.

[14] S. King, G. Dunlap et al,”Operating System Support for Virtual Machines”, In Proceedings of the 2003 Annual

USENIX Technical Conference,June 2003.[15] P. Chen and B. Nobel, “When virtual is better than real”,

In Proceedings of the 8th IEEE Workshop on Hot Topics on Operating Systems, May 2001.

ISSN : 2347 - 8446 (Online) Computer Science & … · Computer Science & Technology (IJARCST 2014)...

Documents

Transcript of ISSN : 2347 - 8446 (Online) Computer Science & … · Computer Science & Technology (IJARCST 2014)...