1 / 45

Virtual Machine Monitors

Virtual Machine Monitors. Bibliography. “Virtual Machine Monitors: Current Technology And Future Trends”, Mendel Rosenblum and Tal Garfinkel, IEEE Computer , May 2005

lathrop
Download Presentation

Virtual Machine Monitors

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Virtual Machine Monitors

  2. Bibliography • “Virtual Machine Monitors: Current Technology And Future Trends”, Mendel Rosenblum and Tal Garfinkel, IEEE Computer, May 2005 • “Xen and the Art of Virtualization”, P. Barham, R. Dragovic, K. Fraser, S. Hand, T. Harris, A Ho, R. Neugebauer, I. Pratt, A. Warfield, SOSP ’03. • The Definitive Guide to the Xen Hypervisor, David Chisnall, Prentice Hall, 2008. • “Scale and Performance in the Denali Isolation Kernel”, Andrew Whitaker, Marianne Shaw, and Steven D. Gribble, in System Design and Implementation (OSDI), Boston, MA, Dec. 2002. • Xen Homepage:http://www.cl.cam.ac.uk/research/srg/netos/xen/

  3. Outline • Overview • What is a virtual machine? • What is a virtual machine monitor (VMM)? • System or application virtual machines • History of Virtual Machines • Benefits of Virtual Machines • Issues and Implementation

  4. What is a Virtual Machine? • Several definitions and implementations. • Here, a virtual machine is an isolated environment that appears to be a whole computer, but actually only has access to a portion of the computer’s resources.

  5. A Formal Definition • “The environment in which a hosted operating system runs, providing the abstraction of a dedicated machine. A virtual machine may be identical to the underlying hardware (full virtualization) or it may differ slightly (paravirtualization).”www.linuxtopia.org/online_books/linux_virtualization/xen_3.0_user_guide/linux_virualization_xen_user_78.html

  6. What is a Virtual Machine Monitor? • A virtual machine monitor (VMM) is a thin software layer that runs directly on the bare hardware • It partitions the computer’s resources into one or more virtual machines • Each virtual machine appears to be running on the bare hardware. • End result – the appearance of multiple instances of the same computer, but all are supported on a single machine.

  7. Full Virtualization versus Paravirtualization • Full virtualization: each virtual machine runs on an exact copy of the underlying hardware. • Paravirtualization: the VMM modifies the underlying hardware somewhat • Because some aspects of the hardware can’t be virtualized • To present a simpler interface; improve performance.

  8. Application Guest OS1 VM1 Application Guest OS2 VM2 Application Guest OS3 VM3 Virtual machine layer - VMM Hardware layer

  9. Sometimes a virtual machine monitor is installed on an existing operating machine. More about this later. VM1 VM2 VMM Operating system Hardware layer

  10. VM – How They Work • When an application process makes a system call, it is received by its own OS, running (in user mode) on its private virtual machine. • When the “guest” OS tries to execute a privileged instruction, the virtual machine software traps the operation and ensures that it is executed correctly & safely • e.g., when a guest OS appears to execute an I/O system call, the “host” VM monitor is actually in charge.

  11. Virtualization versus Emulation • Virtualization presents multiple copies of the same hardware system. • Direct execution of code on the hardware • Emulation presents a model of another hardware system • Instructions are “emulated” in software – much slower than virtualization • Example: Microsoft’s VirtualPC can run on other chipsets than the x86 family; used on Mac hardware until Apple adopted Intel chips

  12. System & Process VMshttp://en.wikipedia.org/wiki/Virtual_machine • System virtual machine (hardware virtual machine) • Multiplex the underlying hardware • Each VM can run its own OS • Each VM is securely isolated from others • Process or application virtual machine • Runs inside a normal OS • Provides a platform-independent host for an application • For example, the Java Virtual Machine

  13. Virtual Machines – Examples • Denali was designed to support Internet services by providing a platform that allows a large number of servers to run on a single server machine. • Paravirtualizes x86 architecture to improve performance and scalability • “Isolation kernel”: isolates each server in a virtual machine to reduce the danger of sharing physical resources with untrusted servers.

  14. History - Why VMM’s? • Early computers were large (mainframes) and expensive • VMM approach allowed the machine to be safely multiplexed among many different applications • As an alternative to multiprogramming

  15. Virtual Machines - History • Early example: the IBM 370 • VM/370 is the virtual machine monitor • As each user logs on, a new “virtual machine” is created • CMS, a single-user, interactive OS was commonly run as the OS • Separation of powers: • Virtual machine interacts with user applications • Virtual machine monitor manages hardware resources

  16. History – 1980s & 1990s • As hardware got cheaper and operating systems became better equipped to handle multitasking, the original motivation went away. • Hardware platforms gradually eliminated hardware support for virtualization. • And then …

  17. History – late 90s to today • Massively parallel processors (MPPs) were developed during the 1990s; they were hard to program and did not support existing operating systems • Researchers at Stanford used virtualization to make MPPs look more like traditional machines • Result: VMware Inc. – supplier of VMMs for commodity hardware

  18. Rationale for VMMs Today • Today, security and encapsulation are the most important reasons for using VMMs • “…VMMs give operating systems developers another opportunity to develop functionality no longer practical in today’s complex and ossified operating systems, where innovation moves at a geologic pace.” [1]

  19. Example Virtual Machine Systems • VMware: commercial product, derived from research done at Stanford • Xen: open source, Cambridge University, widely used in research and academia • Denali: University of Washington, focuses on support for Internet services

  20. Reasons for Adopting VMM’s • Security and isolation • Ability to support several operating systems at the same time • Ability to experiment with new operating systems, or modifications of existing systems, while maintaining backward compatibility with existing operating systems.

  21. Security and Isolation • Applications running on a virtual machine are more secure than those running directly on hardware machines. • VMM controls how guest operating systems use hardware resources; what happens in one VM doesn’t affect any other VM: “…by virtualizing all hardware resources, a VMM can prevent one VM from even naming the resources of another VM, let alone modifying them.” [4]

  22. Encapsulation • The software state of a virtual machine isn’t dependent on the underlying hardware. • Rosenblum and Garfinkel [1] point out that this makes it possible to suspend and resume entire virtual machines and even move them to other platforms • For load balancing • For system maintenance • Etc.

  23. Servers • Conventionally, servers run on dedicated machines. • Protects against another server/application crashing the OS • But … wasteful of hardware resources • VMM technology makes it possible to support multiple servers, each running on its own VM, on a single hardware platform.

  24. Desirable Qualities • A good VMM • Doesn’t require applications to be modified • Doesn’t severely affect performance • Is not complex/error prone

  25. Implementation Issues • Enforce VMM control of hardware by preventing guest OS from executing privileged instructions. • Virtualize CPU • Virtualize memory

  26. CPU Virtualization • Basic technique: direct execution • The virtual machine executes on the real machine, but the VMM exercises control over privileged instructions • VMM runs in privileged (kernel) mode. • Guest OS executes all its code, privileged and unprivileged, in user mode. • If the guest OS tries to execute a privileged instruction the CPU traps to the VMM which executes the privileged operation.

  27. Protection Rings • Intel chips have 3 protection modes: • 0: equivalent to kernel mode; can execute all privileged instructions • 1: cannot execute privileged instructions but highter priority than user level • 2: where user processes run • Normally, only rings 0 and 2 are used. • Xen runs the guest OS in level 1

  28. Example: Disable Interrupts [1] • If a guest OS tries to disable interrupts, the instruction is trapped by the VMM which makes a note that interrupts are disabled for that virtual machine • If interrupts arrive for that machine, they are buffered at the VMM layer until the guest OS enables interrupts.

  29. Direct Execution Not Always Possible • Modern CPUs, esp. x86 architectures, have not been designed for virtualization. • Example: POPF (pop CPU flags from stack) • If executed in user mode, no trap - just ignore • In this case, direct execution fails – Guest OS assumes flags have been popped, but they haven’t

  30. Two Ways to Handle Non-virtualizable Instructions • Paravitualization • Modify VMM interface to use instructions that can be virtualized • Xen, Denali • Binary Translation • Monitor execution of kernel code and replace non-virtualizable instructions with other instructions • VMware

  31. Paravirtualization • Rewrite portions of the guest OS to delete this kind of instruction; replace with other instructions that are virtualizable. • Paravirtualization affects the guest OS, but not applications that run on it – the API is unchanged

  32. Binary Translation • Combines direct execution with on-the-fly binary translation (a form of emulation). • When the guest OS executes “privileged” code, the DBT (dynamic binary translator) replaces non-virtualizable instructions with equivalent code. • Paravirtualization changes the source code of a guest OS; binary translation changes the binary code as it executes.

  33. Comparison • Paravirtualization is more efficient, but requires modification to the guest OS • Paravirtualization also allows more efficient interfaces, in some cases • Binary translation is backward-compatible but has some extra overhead of run-time translation the first time an instruction is encountered. • Once translated, code is saved and used again if needed.

  34. Techniques – Hardware Support • AMD and Intel have added extensions to support virtualization. • New execution mode (-1) • Allows guest OS to run in execution ring 0 and VMM in yet a higher privileged mode • Flags to indicate if running in this mode • Will reduce the number of traps and the time to process a trap • Will support direct execution of all instructions

  35. Memory Virtualization • VMM maintains a shadow page table for each virtual machine. • When the guest OS makes an entry in its own page table, the VMM makes the same entry in the shadow table. • Shadow page table points to actual page frame • The hardware MMU uses the shadow page table when it translates virtual addresses.

  36. Paging Out the Virtual Machine • The VMM can swap one virtual machine (or parts thereof) to disk and swap in another. • Reduces the hardware requirements for a given workload • Particularly useful in environments where many servers are required, but only a few are used frequently. (Web services, for ex.)

  37. Challenges • It would make sense to let the virtual machine operating system decide which of its pages to swap out • VMware’s ESX Server uses the concept of a balloon process, running inside the guest OS, as a conduit for pages to be removed [1].

  38. Balloon Process • When the VMM wants to swap out pages from a VM it notifies the balloon process to allocate more memory to itself. • In order to get more memory for the balloon process, the guest OS must “page out” unused portions of other processes to its virtual disk. • The VMM now knows which pages the guest OS thinks it can do without.

  39. Other Virtual Memory Challenges • VMware tracks duplicate pages in different virtual machines • To avoid duplication, it only stores one copy of the actual page with pointers from the shadow page tables in sharing processes. • Copy-on-write policy • Xen focuses on total isolation of each virtual machine, which means no sharing

  40. Virtual Machines - Examples • VMware, a publicly held company, has two lines of products: • Desktop : VMware Workstation can run multiple different operating systems on a single PC. Runs in between the virtual machines and the native (host) OS. • VMware Fusion (for Mac-Intel platform) • VMware ESX Server, VMware Server run directly on hardware;

  41. Hosted versus Non-hosted VMM • Hosted has 3 advantages [1] • VMM is no harder to install than any other application • The VMM can use the host OS scheduler, pager, etc. and focus primarily on isolation • I/O support is better: the VMM can use the device drivers that are designed to work with the host OS rather than having to provide its own.

  42. Hosted versus Non-hosted VMM • Disadvantage [1] • I/O overhead is “greatly increased”: requests go from guest OS to VMM to host OS and down eventually to the device driver. • Too much for servers • More difficult to provide complete isolation, so not appropriate for servers from a security perspective.

  43. Virtual Machines - Examples • Xen is an open-source VM system for PCs • Designed to support execution of Linux, BSD Unix, Windows simultaneously on the same platform • Objective of original project: efficient hosting of up to 100 virtual machines • XenSource, Inc. provides products based on Xen and recently entered the server market in a big way.

  44. Denali • Problem addressed: hosting Internet services economically • Goal: to allow new services to hosted on third-party servers. • Requires assurances that one server won’t interfere with another. • Encapsulation of VMM model very important

  45. Isolation Kernel • “An OS structure for isolating untrusted software services” • Based on 4 principles: • Expose low-level resources rather than high-level abstractions • Prevent direct sharing by exposing only private, virtualized namespaces • Keeps one VM from “… even naming the resources of another VM, let alone modifying them”. [4]

More Related