2. Contents - Virtualization
2
Virtualization
Types of Virtualization and Advantages
x86 Hardware Virtualizations
Virtualization Issues
Dockers
3. Cloud Computing - Enablers
3
Virtualization
Web 2.0 and social networking
Web Scaling
Hardware costs
Evolution of high speed communication technologies
4. Virtualization
4
A virtual machine (VM) is a software implementation of a machine (for
example, a computer) that executes programs like a physical machine
Each VM is fully protected and isolated copy of physical machine. It is used
to share the expensive hardware which helped to reduce costs and also
helped to improve the productivity as many users can concurrently used the
same hardware
Cloud Resource Virtualization
System security, as it allows isolation of services running on the same
hardware.
Performance and reliability, as it allows applications to migrate from one
platform to another.
The development and management of services offered by a provider.
Performance isolation
5. Virtualization
5
• Traditional environment
• 50 applications, DB’s require multiple machines based on Architecture
/platform
• High infrastructure and hardware cost
• Increasing complexity and High maintenance
• Multiple development environment
• Virtualization
• Isolation & encapsulation
• Scalability
• Containers
• software technology providing additional layer of abstraction and over OS
virtualization.
• Build once and deploy many times.
6. Virtualization Interfaces
6
Instruction Set Architecture (ISA)
Boundary between hardware and software.
Application Binary Interface (ABI)
regulates the inter-operation of binary code and development tools
in architecture-based execution environments
objects produced by the toolchain can work together with object libraries
from different producers
Application and the library modules to access the hardware;
ABI does not include privileged system instructions, instead it invokes
system calls.
Application Program Interface (API)
Set of instructions the hardware was designed to execute and gives the
application access to the ISA;
Includes HLL library calls which often invoke system calls.
7. Virtualization
7
Application Programming Interface, Application Binary Interface, and Instruction
Set Architecture .
An application uses library functions (A1), makes system calls (A2), and executes
machine instructions (A3).
8. Virtualization - Types
8
• Hardware Virtualization (system Virtualization)
• Guest running on the top of hardware
• Guest - operating system, Host -Physical computer hardware
• Virtual machine Manager(Hypervisor) allows the abstraction of the underlying physical
hardware
• It is program or a combination of software and hardware
• Provides direct ISA mapping to Virtual machines
• Type 1 (bare metal) and Type 2 (on OS) Hypervisor
• Hardware Assisted (Xen,VMWare) Full and Paravirtualization (Xen,VMWare, Wind
River).
• OS Virtualization (Process Virtualization)
• Create different and separated execution environments for applications concurrently.
• OS kernel allows for multiple isolated user space instances.
• Directly use OS calls without emulation
• Ex: Containers,
• Key building block in IaaS
• Programming language-level virtualization
9. Virtualization – Classification (Based on Usage)
9
• Server virtualization
• Abstracts the physical machine on which the software and operating system is
running on and provides an illusion that the software is running on a virtual
machine.
• Enables Infrastructure as a service model.
• VMware, Microsoft Hyper-V, Red Hat KVM and Citrix Xen
• Storage virtualization
• Uses virtualization to enable better functionality and more advanced features in
computer data storage systems.
• It can be defined as technique to abstract physical storage system from user’s
application and presented as logical entities hiding the complexities of accessing
them.
• It enables Storage as a service model.
• RAID array can sometimes be considered a type of storage virtualization.
Multiple physical disks in the array are presented to the user as a single storage
device that, in the background, replicates data to multiple disks in case of a single
disk failure
10. Virtualization – Classification (Based on Usage)
10
• Need for Server virtualization
• In the case of server consolidation, many small physical servers are replaced by one larger
physical server to increase the utilization of costly hardware resources such as CPU.
• Consolidating servers can also have the added benefit of reducing energy consumption.
• A virtual machine can be more easily controlled and inspected from outside than a
physical one, and its configuration is more flexible.
• A new virtual machine can be provisioned as needed without the need for an up-front
hardware purchase.
• A virtual machine can easily be relocated from one physical machine to another as needed.
• Need for Storage virtualization
Manage heterogeneous storage environments
11. Elements of Hardware (System)Virtualization
11
• Guest OS
• Software installed on either a virtual machine (VM) or partitioned disk that describes an
operating system that is different than the host operating system
• Virtual Machine Monitor (VMM) or hypervisor
• Hypervisor is an efficient Virtual Machine Manager (VMM) that is designed from the
ground up to run multiple high performant VMs
• Host OS
• Software installed on a computer that interacts with the underlying hardware and is usually
used to describe an operating system used in a virtualized server
12. Virtual Machine Monitor (VMM) or Hypervisor
12
• Multiple services to share the same platform.
• Live migration - the movement of a server from one platform to another.
• System modification while maintaining backward compatibility with the original system.
• Enforces isolation among the systems, thus security.
• Traps the privileged instructions executed by a guest OS and enforces the correctness and
safety of the operation.
• Traps interrupts and dispatches them to the individual guest operating systems.
• Controls the virtual memory management
• Maintains a shadow page table for each guest OS and replicates any modification made by
the guest OS in its own shadow page table.
• This shadow page table points to the actual page frame and it is used by the Memory
Management Unit (MMU) for dynamic address translation.
• Monitors the system performance and takes corrective actions to avoid performance
degradation. For example, the VMM may swap out a Virtual Machine to avoid thrashing.
13. Virtual Machine Monitor (VMM) or Hypervisor
13
• Partitioning Kernel
▪ “Partition” is isolation boundary
▪ Few virtualization functions; relies on virtualization stack
• Very thin layer of software
▪ Microkernel
▪ Highly reliable
▪ Basis for smaller Trusted Computing Base (TCB)
• No device drivers
▪ Drivers run in a partition
• Well-defined interface
▪ Allow others to create support for their OSes as guests
14. Virtual Machine Monitor (VMM) or Hypervisor
14
Monolithic and Microkernel hypervisor:
Single kernel
Simple kernel with partitioning functionality
15. Virtual Machine Monitor (VMM) or Hypervisor
15
Basic Functionalities of Hypervisors
CPU sharing –
virtual view of CPU to VMs (vCPU)
VMM or Hypervisor allots CPU to different VMs
Share Memory
Application access memory via Kernel and Hypervisor
Virtual Machines two level of indirection maintained by VMM
I/O Share
Guest kernel to convey an arbitrary location to device for writing
Each device defines its own protocol for talking to drivers
virtual device is substituted for its physical equivalent
16. Types of Hypervisors
16
Native hypervisor (Bare metal)
Native hypervisor run directly on top of physical hardware providing the features like IO
etc required by the applications.
Hosted hypervisor
Hosted hypervisors runs on top of operating system and uses features of operating
system.
Hosted hypervisors run on top of an existing OS and leverage the features of the
underlying OS.
Virtual machines run on top of the hosted hypervisor, which runs on top of an existing
OS.
Hybrid hypervisor.
Hybrid hypervisors runs directly on top of hardware and uses features of operating
system.
18. Techniques for Hypervisors- Full and Para Virtualization
18
Full virtualization
Guest OS can run unchanged under the VMM as if it was running directly on the hardware
platform.
Hypervisor provides complete abstraction, and the guest OSes don't know -- or care -- about the
presence of a hypervisor.
VM manager to translate back and forth between physical and virtual resources, like CPUs and
memory spaces
Requires a virtualizable architecture.
Examples: Vmware.
Paravirtualization
Guest operating system is modified to use only instructions that can be virtualized.
allowing an OS to actually recognize the presence of a hypervisor and communicate directly with
that hypervisor to share activity that would otherwise be complex and time-consuming for the
hypervisor's VM manager to handle
Guest VM OSes must be modified or adapted to implement an API capable of exchanging
hypercalls with the paravirtualization hypervisor
Reasons for paravirtualization:
Some aspects of the hardware cannot be virtualized.
Improved performance.
19. Techniques for Hypervisors
19
Trap and emulate virtualization
When CPU is running in user mode, some internal or external events, which need to be
handled in kernel mode, take place.
Then CPU will jump to hardware exception handler vector, and execute system operations in
kernel mode.
Ex:
System Call
Invoked by application in user mode.
For example, application ask OS for system IO.
Hardware Interrupts
Invoked by some hardware events in any mode.
For example, hardware clock timer trigger event.
Exception
Invoked when unexpected error or system malfunction occur.
For example, execute privilege instructions in user mode.
20. Techniques for Hypervisors
20
To make CPU virtualization to be efficient
We should make guest binaries run on CPU as fast as possible.
Theoretically, run all guest binaries natively, there will NO overhead at all.
But we cannot let guest OS handle everything, VMM should be able to control all
hardware resources.
Solution :
Ring Compression
Shift traditional OS from kernel mode(Ring 0) to user mode(Ring 1), and run VMM in
kernel mode.
Then VMM will be able to intercept all trapping event.
21. Techniques for Hypervisors
21
Guests continue execution until they try to access a
shared physical resource of the hardware (such as an I/O
device), or an interrupt is received.
When this happens, the hypervisor regains control and
mediates access to the hardware, or handles the
interrupt
privilege level or protection ring
x86 privilege levels, the mechanism whereby the OS and
CPU conspire to restrict what user-mode programs can
do
0 (most privileged) to 3 (least privileged)
All user code runs in ring 3 and all kernel code runs in
ring 0
If the guest tries to access a protected resource, such as
an I/O device, an interrupt takes place, and the
hypervisor regains control. The hypervisor then emulates
the I/O operation for the guest.
22. 22
Trap and Emulate Model
Let normal instructions of guest OS run directly on processor in user mode.
When executing privileged instructions, hardware will make processor trap into the
VMM.
The VMM emulates the effect of the privileged instructions for the guest OS and
return to guest.
23. 23
Trap and Emulate Model
• VMM and Guest OS :
System Call
• CPU will trap to interrupt handler vector of
VMM.
• VMM jump back into guest OS.
Hardware Interrupt
• Hardware make CPU trap to interrupt
handler of VMM.
• VMM jump to corresponding interrupt
handler of guest OS.
Privilege Instruction
• Running privilege instructions
in guest OS will be trapped to VMM for
instruction emulation.
• After emulation, VMM jump back to guest
OS.
24. 24
Trap and Emulate Model
Limitations:
Some amount of performance overhead incurred due to this technique
Not all architectures are suitable for implementing trap and emulate virtualization.
Some commands executed in privilege mode to non privilege mode using the
classical trap and emulate technique will not serve the purpose
Binary translation
Hypervisor includes a binary translator which replaces the sensitive instructions by
equivalent
non-sensitive instructions at run-time, and leaves non-sensitive instructions unchanged
Paravirtualization:
The guest is modified (re-written) not to use the sensitive instruction, but to directly
invoke hypervisor APIs
25. Hardware Support for Virtualization
25
Intel and AMD created new processor extensions to support virtualization in the hardware
VT-x, an Intel technology that helps virtualize Intel x86 processors
Extended Page Tables (EPT) which helps virtualize memory
VT-d, a technology to assist in the virtualization of I/O
VMX root operation and VMX non-root operation
Hypervisors are intended to execute in VMX root operation, which is almost identical to
normal execution in earlier x86 processors without VT-x.
Guests execute in VMX non-root operation, which has been defined to help support
virtualization.
26. Virtualization- Advantages
26
• Multiple OS environments can co-exist on the same primary hard drive. Regardless of the
system, all files are stored on the hard drive of the host OS.
• Application provisioning, maintenance, high availability and disaster recovery are inherent
in the virtual machine software selected.
• Can provide emulated hardware environments different from the host's instruction set
architecture (ISA), through emulation or by using just-in-time compilation.
27. Virtualization- Limitations
27
• A virtual machine is less efficient than an actual machine when it accesses the host hard
drive indirectly.
• When multiple VMs are concurrently running on the hard drive of the actual host, adjunct
virtual machines may exhibit a varying and/or unstable performance (speed of execution
and malware protection). This depends on the data load imposed on the system by other
VMs, unless the selected VM software provides temporal isolation among virtual machines.
• Malware protections for VMs are not necessarily compatible with the "host", and may
require separate software.
28. Container
28
• Containers and VMs
• To isolate an application and its dependencies into a self-contained unit that can run
anywhere
• Remove the need for physical hardware, allowing for more efficient use of computing
resources, both in terms of energy consumption and cost effectiveness.
• Containers
• virtualize at the operating system level, with multiple containers running atop the OS
kernel directly
• container provides operating-system-level virtualization by abstracting the “user
space”
• ability to create predictable environments that are isolated from other applications
• run virtually anywhere, greatly easing development and deployment
• virtualize CPU, memory, storage, and network resources at the OS-level, providing
developers with a sandboxed view of the OS logically isolated from other applications.
• Ex: Docker, LXC, Kubernetes, FreeBSD Jails etc..
29. Docker
29
• Provide a uniformed wrapper around a software package
• Build, Ship and Run Any App, Anywhere
• Virtualization of application instead of hardware
• Runs on top of the core OS (Linux or Windows)
• Doesn’t require dedicated CPU, Memory, Network —managed by core OS
• Similar to shipping containers: The container is always the same, regardless of the contents
and thus fits on all trucks, cranes, ships
• Docker
• Containerization platform that packages your application and all its dependencies
together in the form of a docker container to ensure that your application works
seamlessly in any environment
• Docker Container
• Standardized unit which can be created on the fly to deploy a particular application or
environment
Docker Engine
• Docker application that is installed on your host machine. It works like a client-server
application which uses
[www.docker.com]
30. Docker
30
• Docker Image
• Template which is used to create Docker Containers. They are the building blocks
of a Docker Container
• Docker Registry
• Docker Images are stored. The Registry can be either a user’s local repository or a
public repository like a Docker Hub
• Docker Architecture
Docker client - trigger Docker
commands,
Docker Host – running the Docker
Daemon
Docker Registry – storing Docker
Images.
The Docker Daemon running within
Docker Host is responsible for the
images and containers
31. Docker Vs VM
31
Virtual Machines are slow and take a lot of time to boot.
Containers are fast and boots quickly as it uses host operating system and shares the relevant libraries.
Containers do not waste or block host resources unlike virtual machines.
Containers have isolated libraries and binaries specific to the application they are running.
Containers are handled by Containerization engine.
Docker is one of the containerization platforms which can be used to create and run containers
Consistent runtime environment, Application sandboxing, low overhead, occupies less disk size and
resource saving
32. Summary
32
Virtualization – System and Process
VMM or Hypervisor
Guest OS and Host OS
API,ABI and ISA
Trap and Emulate, Binary Translation, Full, Paravirtualization
Docker Container