20/01/2024
Virtualization
Concepts
What is Virtualization
Virtualization abstracts the underlying resources and
simplifies their use, isolates users from one another,
and supports replication, which, in turn, increases
the elasticity of the system.
Virtualization is a critical aspect of cloud computing,
equally important to the providers and consumers of
cloud services, and plays an important role in:
Performance and reliability because it allows
applications to migrate from one platform to another.
The development and management of services offered
by a provider.
Performance isolation.
1
� 20/01/2024
What is Virtualization
Virtualization simulates the interface to a physical object by any one of
four means:
1. Multiplexing. Create multiple virtual objects from one
instance of a physical object. For example, a processor is
multiplexed among a number of processes or threads.
2. Aggregation. Create one virtual object from multiple
physical objects. For example, a number of physical disks
are aggregated into a RAID disk.
3. Emulation. Construct a virtual object from a different
type of physical object. For example, a physical disk
emulates a random access memory.
4. Multiplexing and emulation. Examples: Virtual memory
with paging multiplexes real memory and disk, and a
Virtual address emulates a real address; TCP emulates a
reliable bit pipe and multiplexes a physical communication
channel and a processor.
What is Virtualization
BefOl"e VlrtuallzaUon: After Vlrtuallzatlon:
• SingMos '"'ave pamacNne • ""dw ..,.. Inde~ of opM"ltrng
• SoEn-",and Nmw- tighllycoup&ed ¥1,"" and .ppIk.tion ..
• R"nnlfIQ"",hJPIOe .. ppIIc;.tiofu on ........ madW.
."_,,.,.. .. OI)n#Iia
.,..,~
•vnu.1rnxhinM can t. prorit,loMCi to any
• CAn INnagoI' OS and apP\carion aa .. ~
"nit by enops ..... ing tlwm Into vinlJ&l
"""',_
2
� 20/01/2024
Virtualization Concept
Virtual Resources
IXlSubstitutes for real resources: same interfaces/functions, different attributes.
IXlOften of part of the underlying resource, but may span multiple resources.
Virtualization - a substitution process
IXlCreates virtual resources from real resources.
IXlPrimarily accomplished with software and/or firmware.
IXlSeparates presentation of resources to users from actual resources
IXlAggregates pools of resources for allocation to users as virtual resources
5
Virtualization how
Virtualization… How?
By adding a layer
between execution
stack layers.
Types of Virtualization
3
� 20/01/2024
Virtualization how
Hardware-level Applications
virtualization
VMM* is placed between the
hardware and the OS.
Could provide a different ISA.
e.g. Emulators.
Tasks:
Maps virtual resources to real
ones.
Translate virtual instructions to
real one
* VMM = Virtual Machine
Monitor
Virtualization how
System-level AppI.icaliODS
virtualization
placed between the OS
and other OS e.g. VMware
Wks and UML
Enable several OS to run
on single hardware.
Terminology
Host OS
Guest OS
Guest OS and VM run in
Application privilege ring.
4
� 20/01/2024
Virtualization how
Application- Applications
level
virtualization
VM is placed between the OS and
the applications.
e.g. Java Virtual Machine (JVM)
Provide same interface to all
Application, irrespective of OS.
Provide Application Sand-boxing.
Tasks:
Translate Application byte code
to
OS-specific executable.
Memory virtualization
Beyond CPU virtualization, This involves sharing the
physical system memory and dynamically allocating it to
virtual machines.
The operating system keeps mappings of virtual page
numbers to physical page numbers stored in page
tables.
All modern x86 CPUs include a memory management
VM1 VM2
unit (MMU) and a translation look-aside buffer (TLB) to
optimize virtual memory performance.
Process I Process 2 Process 1 Process 2
~Vlrtual
Memory
10
5
� 20/01/2024
Device and I/O Virtualization
The final component The hypervisor
required beyond CPU virtualizes the
and memory physical hardware and
virtualization is device
presents each virtual
and I/O virtualization.
machine with a
This involves managing standardized set of
the routing of I/O virtual devices as
requests between virtual seen in Figure
devices and the shared
physical hardware
11
Network Functions
Virtualization
Network functions virtualization (NFV) (also known as virtual network
function (VNF)) offers a new way to design, deploy and manage networking
services.
NFV decouples the network functions, such as network address translation
(NAT), firewalling, intrusion detection, domain name service (DNS), and
caching, to name a few, from proprietary hardware appliances so they can
run in software.
It’s designed to consolidate and deliver the networking components needed
to support a fully virtualized infrastructure – including virtual servers,
storage, and even other networks.
It utilizes standard IT virtualization technologies that run on high-volume
service, switch and storage hardware to virtualize network functions.
It is applicable to any data plane processing or control plane function in
both wired and wireless network infrastructures
12
6
� 20/01/2024
Network Functions
Virtualization
True Network Virtualization
Logical Topology
UidoNat aduhoo dlagramprow:lgd by Midckulll
13
Virtual machine monitors/
Hypervisors
A virtual machine monitor (VMM), also called a hypervisor,
is the software that securely partitions the resources of a
computer system into one or more virtual machines.
A guest operating system is an operating system that runs
under the control of a VMM rather than directly on the
hardware.
The VMM runs in kernel mode, whereas a guest OS runs in
user mode.
Sometimes the hardware supports a third mode of
execution for the guest OS.
VMMs allow several operating systems to run concurrently
on a single hardware platform; at the same time, VMMs
enforce isolation among these systems, thus enhancing
security.
14
7
� 20/01/2024
Virtual machine monitors/
Hypervisors
A VMM controls how the guest operating system uses the hardware resources.
The events occurring in one VM do not affect any other VM running under the
same VMM.
At the same time, the VMM enables:
Multiple services to share the same platform.
The movement of a server from one platform to another, the so-called live migration.
System modification while maintaining backward compatibility with the original
system.
When a guest OS attempts to execute a privileged instruction, the VMM traps the
operation and enforces the correctness and safety of the operation.
The VMM guarantees the isolation of the individual VMs, and thus ensures
security and encapsulation, a major concern in cloud computing.
15
Virtual machine monitors/
Hypervisors
At the same time, the VMM monitors system performance and takes corrective
action to avoid performance degradation; for example, the VMM may swap out a
VM(copies all pages of that VM from real memory to disk and makes the real
memory frames available for paging by other VMs) to avoid thrashing.
A VMM virtualizes the CPU and memory. For example, the VMM traps interrupts
and dispatches them to the individual guest operating systems.
If a guest OS disables interrupts, the VMM buffers such interrupts until the guest
OS enables them.
The VMM maintains a shadow page table for each guest OS and replicates any
modification made by the guest OS in its own shadow page table.
This shadow page table points to the actual page frame and is used by the
hardware component called the memory management unit (MMU) for dynamic
address translation. 16
8
� 20/01/2024
Type 1 hypervisors
Type 1 hypervisor is installed directly on bare-
metal hardware, it doesn't require an additional OS, it is
the OS, even it is a light or minimal OS
Examples:
HyperOne, Xen, PikeOS, OKL4, Vmware ESX
Advantages:
System is thin, the hypervisor has direct access to the HW
higher density hardware.
Disadvantages:
HW should support virtualization technology,
costlier and Really bad console interface.
17
Type 1 hypervisors
Type 1 hypervisor
Operating system 1 Operating system 2
Hypervisor
Hardware
Figure 2. AType 1 01' bare-metal hypervisor sits directly 011 the host
hardware,
18
9
� 20/01/2024
Type2 Hypervisors
Type 2 hypervisor
Type 2 is more of an application installed on an operating
system and not directly on the bare-metal.
EX. VirtualBox and Vmware Workstation
Advantages:
Run on a greater array of HW because the underlying Host OS
is controlling HW access,
Easy user interface, Data can be secured on the desktop
Disadvantages:
Decreased security, Loss of Centralized Management, Lower
VM Density,
Cannot support as many VMs are the first type.
19
Type2 Hypervisors
Type 2 hypervisor
-
Operating system 2 (guest)
Operating system 1 (host)
Hypervisor •
Hardware
Ftgure 1, A Type 2 hypervtsor l'UllS as an application on a host
operanng system,
20
10
� 20/01/2024
Virtual Machines
A virtual machine (VM) is an isolated environment that
appears to be a whole computer but actually only has
access to a portion of the computer resources
Each VM appears to be running on the bare hardware,
giving the appearance of multiple instances of the same
computer, though all are supported by a single physical
system
21
Key Concepts: Process vs.
System
·Thereare two kinds of virtual machines: process and system.
Process virtual machine can support an individual process .
• System virtual machine can run a complete as plus environment.
W32I W32
Java JIIVa
App Aw
Native Netive
:.a:;e l\;:e f-:-:--+-7-:-:--1 App App \\rindows
VM VM VMM
Linux Linux
x86 186
Process VM System VM
E.g. running an x86 E.g. running an instance of Linux its (and
application on a PowerPc applications) on Windows
22
11
� 20/01/2024
VM Taxonomy
Process VMs System VMs
different II ~di".:~ent
same/SA /SA same/s~ ~
Multi IA-32 EL IBM VM/370 VirtualPC for Mac
programmed
Systems
HP VMware Wks Transmeta
Java VM
Dynamo
23
Challenges of virtualization
Performance degradation -
As it interposes and abstraction layer between guest &
host.
Inefficiency and degraded user experience
Some of specific features of the host is unexposed.
Security holes and new threats
Case 1 – emulating a host in a completely transparent
manner.
Case 2 - H/w virtualization , malicious programs can
preload themselves before the OS and act as a thin VMM.
24
12
� 20/01/2024
Major Vendors of Hypervisor
~KVM OpenVZ
EMU Microsoft
Hyper-V
. AenServer
CiTRlX'V
Container -
LC~:''..·...,,-; r"
'._./
~
"';; // (.O.(J)~i)(tllf
,.,j\_.,\,:::~~\.:)
Technology
26
13
� 20/01/2024
Docker containers
PACKAGE YOUR APPLICATION INTO A STANDARDIZED UNIT
FOR SOFTWARE DEVELOPMENT
Docker containers wrap a piece of software in a
complete filesystem that contains everything needed to
run: code, runtime, system tools, system libraries –
anything that can be installed on a server.
This guarantees that the software will always run the
same, regardless of its environment.
27
Docker containers
LIGHTWEIGHT
Containers running on a single machine share the same
operating system kernel; they start instantly and use less RAM.
Images are constructed from layered file systems and share
common files, making disk usage and image downloads much
more efficient.
OPEN
Docker containers are based on open standards, enabling
containers to run on all major Linux distributions and on
Microsoft Windows -- and on top of any infrastructure.
SECURE BY DEFAULT
Containers isolate applications from one another and the
underlying infrastructure, while providing an added layer of
protection for the application.
28
14
� 20/01/2024
Docker containers
ACCELERATE DEVELOPERS
Stop wasting hours setting up developer environments,
spinning up new instances, and making copies of production
code to run locally. With Docker, you simply take copies of
your live environment and run them on any new endpoint
running a Docker engine.
EMPOWER CREATIVITY
The isolation capabilities of Docker containers free developers
from constraints: they can use the best language and tools for
their application services without worrying about causing
internal tooling conflicts.
DISTRIBUTE & SHARE CONTENT
Store, distribute, and manage Docker images in Docker Hub
with your team. Image updates, changes, and history are
automatically shared across your organization.
29
COMPARING CONTAINERS AND
VIRTUAL MACHINES
Containers and virtual machines have similar resource isolation and allocation
benefits -- but a different architectural approach allows containers to be
more portable and efficient.
VIRTUAL MACHINES CONTAINERS
Virtual machines include the Containers include the application
application, the necessary binaries
and all of its dependencies --but
and libraries, and an entire guest
share the kernel with other
operating system -- all of which can
containers, running as isolated
amount to tens of GBs.
processes in user space on the host
operating system.
Docker containers are not tied to
any specific infrastructure: they run
on any computer, on any
infrastructure, and in any cloud.
30
15
� 20/01/2024
COMPARING CONTAINERS AND
VIRTUAL MACHINES
VIRTUAL MACHINES CONTAINERS
31
OPEN Container initiative
The Open Container Initiative (OCI) is a lightweight, open
governance structure (project), formed under the auspices
of the Linux Foundation, for the express purpose of
creating open industry standards around container formats
and runtime.
The OCI was launched on June 22nd 2015.
This entire workflow should support the UX that users have
come to expect from container engines like Docker and rkt:
primarily, the ability to run an image with no additional
arguments:
docker run example.com/org/app:v1.0.0
rkt run example.com/org/app,version=v1.0.0
32
16
� 20/01/2024
OPEN Container initiative
Ye!r:~. "APCERA Opprenda I'" aqua ~at&t .,,'0110.
CISCO
,,~~~
EMc'
!®:c_ln-" Oeore
facebook FUJITSU gOUlman
acns Google
OATERA
•
e ,_
_.- oocter
~!. --- -
Infoblox.' @ OJoyent liII
IUSMATIC
,
tiiIIKyup
Pivotal
~
MESOSPHERE
;:;OLYVERSE
DMIaosoft
'I J)OffWOlX ....
RANCHfR
Nl)1;6.N'K
",edhat
~
aQIIIlr.JIoo
resm.io
! ~U5E Osysdig 8 'ock
~
IE Verizonlabs -.:I,rtuozzovmware- l!>- m:::I:;::-
33
17
