22IPE508 CLOUD COMPUTING

UNIT III

Dr.M.Blessy Queen Mary

Assistant Professor
Department of IT
GCT, Coimbatore - 13
 VIRTUALIZATION
• Virtualization allows the creation of a secure,
customizable, and isolated execution
environment for running applications.
• The basis of this technology is the ability of a
computer program—or a combination of
software and hardware—to emulate an executing
environment separate from the one that hosts
such programs.
• For example, we can run Windows OS on top of a
virtual machine, which itself is running on Linux
OS.
• Virtualization is a large umbrella of
technologies and concepts that are meant to
provide an abstract environment—whether
virtual hardware or an operating system—to
run applications.
• Hardware virtualization- plays a fundamental
role in efficiently delivering Infrastructure-as-
a-Service (IaaS) solutions for cloud computing
• Virtualization technologies provide a virtual
environment for not only executing
applications but also for storage, memory, and
networking.
• Since its inception, virtualization has been
sporadically explored and adopted, but in the
last few years there has been a consistent and
growing trend to leverage this technology.
• Virtualization technologies have gained
renewed interested recently due to the
confluence of several phenomena:
• Increased performance and computing capacity. -
Nowadays, the average end-user desktop PC is powerful enough to
meet almost all the needs of everyday computing, with extra
capacity that is rarely used. Almost all these PCs have resources
enough to host a virtual machine manager and execute a virtual
machine with by far acceptable performance.

• Underutilized hardware and software resources. - Hardware

and software underutilization is occurring due to
(1) increased performance and computing capacity, and
(2) the effect of limited or sporadic use of resources.
Computers today are so powerful that in most cases only a fraction
of their capacity is used by an application or the system.
To transparently provide such a service, it would be necessary to
deploy a completely separate environment, which can be
achieved through virtualization.
• Lack of space.
Need for additional capacity, - makes datacenters grow quickly.
Companies such as Google and Microsoft expand their infrastructures
Although this is viable for IT giants, in most cases enterprises cannot
afford to build another datacenter to accommodate additional
resource capacity.
This condition, along with hardware underutilization, has led to the
diffusion of a technique called server consolidation, for which
virtualization technologies are fundamental.
• Greening initiatives. – Maintaining a data center operation not only
involves keeping servers on, but a great deal of energy is also
consumed in keeping them cool.
Infrastructures for cooling have a significant impact on the carbon
footprint of a data center. Hence, reducing the number of servers
through server consolidation will definitely reduce the impact of
cooling and power consumption of a data center.
Virtualization technologies can provide an efficient way of consolidating
servers.
• Rise of administrative costs - Power consumption and
cooling costs have now become higher than the cost of IT
equipment.
• Moreover, the increased demand for additional capacity,
which translates into more servers in a data center, is also
responsible for a significant increment in administrative
costs.
• Common system administration tasks include hardware
monitoring, defective hardware replacement, server setup
and updates, server resources monitoring, and backups.
• These are labor-intensive operations, and the higher the
number of servers that have to be managed, the higher the
administrative costs.
• Virtualization can help reduce the number of required
servers for a given workload, thus reducing the cost of the
administrative personnel
 CHARACTERISTICS OF VIRTUALIZED
ENVIRONMENTS
• In a virtualized environment there are three
major components: guest, host, and virtualization
layer.
• The guest represents the system component that
interacts with the virtualization layer rather than
with the host.
• The host represents the original environment
where the guest is supposed to be managed.
• The virtualization layer is responsible for
recreating the same or a different environment
where the guest will operate
• In the case of hardware virtualization, the guest is
represented by a system image comprising an
operating system and installed applications.
• These are installed on top of virtual hardware
that is controlled and managed by the
virtualization layer, also called the virtual machine
manager.
• The host is instead represented by the physical
hardware, and in some cases the operating
system, that defines the environment where the
virtual machine manager is running.
• In the case of virtual storage, the guest might be
client applications or users that interact with the
virtual storage management software deployed
on top of the real storage system.
• The case of virtual networking is also similar: The
guest— applications and users—interacts with a
virtual network, such as a virtual private network
(VPN), which is managed by specific software
(VPN client) using the physical network available
on the node.
• VPNs are useful for creating the illusion of being
within a different physical network and thus
accessing the resources in it, which would
otherwise not be available
• The main common characteristic of all these
different implementations is the fact that the
virtual environment is created by means of a
software program.
• The ability to use software to emulate such a
wide variety of environments creates a lot of
opportunities.
 Increased Security
• The ability to control the execution of a guest in a
completely transparent manner opens new pos
sibilities for delivering a secure, controlled execution
environment.
• The virtual machine represents an emulated
environment in which the guest is executed.
• All the operations of the guest are generally performed
against the virtual machine, which then translates and
applies them to the host.
• This level of indirection allows the virtual machine
manager to control and filter the activity of the guest,
thus preventing some harmful operations from being
performed.
• Resources exposed by the host can then be hidden or
simply protected from the guest.
• Hardware virtualization solutions such as
VMware Desktop, VirtualBox, and Parallels
provide the ability to create a virtual computer
with customized virtual hardware on top of which
a new operating system can be installed.
• By default, the file system exposed by the virtual
computer is completely separated from the one
of the host machine.
• This becomes the perfect environment for
running applications without affecting other
users in the environment.
 Managed Execution
• Virtualization of the execution environment not only
allows increased security, but a wider range of features
also can be implemented.
• Sharing, aggregation, emulation, and isolation are the
most relevant features
• Sharing. Virtualization allows the creation of a separate
computing environments within the same host.
• Aggregation. Not only is it possible to share physical
resource among several guests, but virtualization also
allows aggregation, which is the opposite process.
• A group of separate hosts can be tied together and
represented to guests as a single virtual host.
• Emulation. Guest programs are executed within an environment
that is controlled by the virtualization layer, which ultimately is a
program.
• This allows for controlling and tuning the environment that is
exposed to guests.
• Isolation. Virtualization allows providing guests—whether they
are operating systems, applications, or other entities—with a
completely separate environment, in which they are executed.
• The guest program performs its activity by interacting with an
abstraction layer, which provides access to the underlying
resources.
• Isolation brings several benefits; for example, it allows multiple
guests to run on the same host without interfering with each
other. Second, it provides a separation between the host and the
guest.
• The virtual machine can filter the activity of the guest and
prevent harmful operations against the host.
• Besides these characteristics, another important
capability enabled by virtualization is perfor
mance tuning.
• This feature is a reality at present, given the
considerable advances in hardware and software
supporting virtualization.
• It becomes easier to control the performance of
the guest by finely tuning the properties of the
resources exposed through the virtual
environment.
 Portability
• The concept of portability applies in different
ways according to the specific type of
virtualization considered.
• In the case of a hardware virtualization
solution, the guest is packaged into a virtual
image that, in most cases, can be safely
moved and executed on top of different
virtual machines.
• Virtual images are generally proprietary formats that
require a specific virtual machine manager to be
executed.
• In the case of programming-level virtualization, as
implemented by the JVM or the .NET runtime, the binary
code representing application components (jars or
assemblies) can be run without any recompilation on any
implementation of the corresponding virtual machine.
• This makes the application development cycle more
flexible and application deployment very straightfor
ward: One version of the application, in most cases, is
able to run on different platforms with no changes.
• Finally, portability allows having your own system always
with you and ready to use as long as the required virtual
machine manager is available
Taxonomy of virtualization techniques
Taxonomy of virtualization techniques
• Virtualization is mainly used to emulate execution
environments, storage, and networks
• Execution virtualization – 2 categories
• Process level techniques are implemented on top
of an existing operating system, which has full
control of the hardware
• System level techniques are implemented directly
on hardware and do not require—or require a
minimum of support from—an existing operating
system.
 Execution Virtualization
• Execution virtualization includes all techniques that
aim to emulate an execution environment that is
separate from the one hosting the virtualization layer.
• All these techniques concentrate their interest on
providing support for the execution of programs, -
operating system, a binary specification of a program
compiled against an abstract machine model, or an
application.
• Therefore, execution virtualization can be implemented
directly on top of the hardware by the operating
system, an application, or libraries dynamically or
statically linked to an application image
Machine reference model
• At the bottom layer, the model for the hardware
is expressed in terms of the Instruction Set
Architecture (ISA), which defines the instruction
set for the processor, registers, memory, and
interrupt management.
• ISA is the interface between hardware and
software, and it is important to the operating
system (OS) developer (System ISA) and
developers of applications that directly manage
the underlying hardware (User ISA).
• The application binary interface (ABI) separates the
operating system layer from the applications and
libraries, which are managed by the OS.
• ABI covers details such as low-level data types,
alignment, and call conventions and defines a format for
executable programs. System calls are defined at this
level.
• This interface allows portability of applications and
libraries across operating systems that implement the
same ABI. The highest level of abstraction is represented
by the application programming interface (API), which
interfaces applications to libraries and/or the underlying
operating system.
• Instruction set exposed by the hardware has been
divided into different security classes that define who
can operate with them.
• The first distinction can be made between privileged
and nonprivileged instructions.
• Nonprivileged instructions are those instructions that
can be used without interfering with other tasks
because they do not access shared resources.
• Privileged instructions are those that are executed
under specific restrictions and are mostly used for
sensitive operations, which expose (behavior-sensitive)
or modify (control-sensitive) the privileged state.
• Possible implementation features a hierarchy of
privileges in the form of ring-based security: Ring
0, Ring 1, Ring 2, and Ring 3;
• Ring 0 is in the most privileged level and Ring 3 in
the least privileged level.
• Ring 0 is used by the kernel of the OS, rings 1 and
2 are used by the OS-level services, and Ring 3 is
used by the user.
• Recent systems support only two levels, with Ring
0 for supervisor mode and Ring 3 for user mode.
• All the current systems support at least two different execution
modes: supervisor mode and user mode. The first mode denotes
an execution mode in which all the instructions (privileged and
nonprivi leged) can be executed without any restriction.
• This mode, also called master mode or kernel mode, is generally
used by the operating system (or the hypervisor) to perform
sensitive operations on hardware level resources.
• In user mode, there are restrictions to control the machine-level
resources.
• If code running in user mode invokes the privileged instructions,
hardware interrupts occur and trap the potentially harmful
execution of the instruction.
• The distinction between user and supervisor mode
allows us to understand the role of the hypervisor and
why it is called that.
• Conceptually, the hypervisor runs above the supervisor
mode, and from here the prefix hyper- is used.
• In reality, hypervisors are run in supervisor mode, and
the division between privileged and nonprivileged
instructions has posed challenges in designing virtual
machine managers.
• It is expected that all the sensitive instructions will be
executed in privileged mode, which requires supervisor
mode in order to avoid traps.
 Hardware level virtualization
• Hardware-level virtualization is a virtualization
technique that provides an abstract execution
environment in terms of computer hardware on
top of which a guest operating system can be run.
• In this model, the guest is represented by the
operating system, the host by the physical
computer hardware, the virtual machine by its
emulation, and the virtual machine manager by
the hypervisor
• The hypervisor is generally a program or a
combination of software and hardware that
allows the abstraction of the underlying physical
hardware.
• Hardware-level virtualization is also called system
virtualization, since it provides ISA to virtual
machines, which is the representation of the
hardware interface of a system.
• This is to differentiate it from process virtual
machines, which expose ABI to virtual machines.
 Hypervisors
• Hypervisors A fundamental element of
hardware virtualization is the hypervisor, or
virtual machine manager (VMM). It recreates
a hardware environment in which guest
operating systems are installed.
• There are two major types of hypervisor: Type
I and Type II
• Type I hypervisors run directly on top of the
hardware. Therefore, they take the place of the
operating systems and interact directly with the
ISA interface exposed by the underlying
hardware, and they emulate this interface in
order to allow the management of guest
operating systems.
• This type of hypervisor is also called a native
virtual machine since it runs natively on
hardware.
• Type II hypervisors require the support of an
operating system to provide virtualization
services. This means that they are programs
managed by the operating system, which interact
with it through the ABI and emulate the ISA of
virtual hardware for guest operating systems.
• This type of hypervisor is also called a hosted
virtual machine since it is hosted within an
operating system.
Hypervisor – ref. architecture
• Three main modules, dispatcher, allocator, and interpreter,
coordinate their activity in order to emulate the underlying
hardware.
• The dispatcher constitutes the entry point of the monitor
and reroutes the instructions issued by the virtual machine
instance to one of the two other modules.
• The allocator is responsible for deciding the system
resources to be provided to the VM: whenever a virtual
machine tries to execute an instruction that results in
changing the machine resources associated with that VM,
the allocator is invoked by the dispatcher. The interpreter
module consists of interpreter routines.
• These are executed whenever a virtual machine executes a
privileged instruction: a trap is triggered and the
corresponding routine is executed.
• The criteria that need to be met by a virtual machine
manager to efficiently support vir tualization
• Three properties have to be satisfied:
Equivalence. A guest running under the control of a
virtual machine manager should exhibit the same
behavior as when it is executed directly on the physical
host.
Resource control. The virtual machine manager should be
in complete control of virtualized resources.
Efficiency. A statistically dominant fraction of the machine
instructions should be executed without intervention
from the virtual machine manager.