1、Chapter 16: Virtual Machines,Chapter 16: Virtual Machines,Overview History Benefits and Features Building Blocks Types of Virtual Machines and Their Implementations Virtualization and Operating-System Components Examples,Chapter Objectives,To explore the history and benefits of virtual machinesTo di
2、scuss the various virtual machine technologiesTo describe the methods used to implement virtualizationTo show the most common hardware features that support virtualization and explain how they are used by operating-system modules,Overview,Fundamental idea abstract hardware of a single computer into
3、several different execution environments Similar to layered approach But layer creates virtual system (virtual machine, or VM) on which operation systems or applications can run Several components Host underlying hardware system Virtual machine manager (VMM) or hypervisor creates and runs virtual ma
4、chines by providing interface that is identical to the host (Except in the case of paravirtualization) Guest process provided with virtual copy of the host Usually an operating system Single physical machine can run multiple operating systems concurrently, each in its own virtual machine,System Mode
5、ls,(a) Nonvirtual machine,(b) Virtual machine,Implementation of VMMs,Vary greatly, with options including: Type 0 hypervisors - Hardware-based solutions that provide support for virtual machine creation and management via firmware IBM LPARs and Oracle LDOMs are examples Type 1 hypervisors - Operatin
6、g-system-like software built to provide virtualization Including VMware ESX, Joyent SmartOS, and Citrix XenServer Type 1 hypervisors Also includes general-purpose operating systems that provide standard functions as well as VMM functions Including Microsoft Windows Server with HyperV and RedHat Linu
7、x with KVM Type 2 hypervisors - Applications that run on standard operating systems but provide VMM features to guest operating systems Includeing VMware Workstation and Fusion, Parallels Desktop, and Oracle VirtualBox,Implementation of VMMs (cont.),Other variations include: Paravirtualization - Tec
8、hnique in which the guest operating system is modified to work in cooperation with the VMM to optimize performance Programming-environment virtualization - VMMs do not virtualize real hardware but instead create an optimized virtual system Used by Oracle Java and Microsoft.Net Emulators Allow applic
9、ations written for one hardware environment to run on a very different hardware environment, such as a different type of CPU Application containment - Not virtualization at all but rather provides virtualization-like features by segregating applications from the operating system, making them more se
10、cure, manageable Including Oracle Solaris Zones, BSD Jails, and IBM AIX WPARs Much variation due to breadth, depth and importance of virtualization in modern computing,History,First appeared in IBM mainframes in 1972 Allowed multiple users to share a batch-oriented system Formal definition of virtua
11、lization helped move it beyond IBM A VMM provides an environment for programs that is essentially identical to the original machine Programs running within that environment show only minor performance decreases The VMM is in complete control of system resources In late 1990s Intel CPUs fast enough f
12、or researchers to try virtualizing on general purpose PCs Xen and VMware created technologies, still used today Virtualization has expanded to many OSes, CPUs, VMMs,Benefits and Features,Host system protected from VMs, VMs protected from each other I.e. A virus less likely to spread Sharing is provi
13、ded though via shared file system volume, network communication Freeze, suspend, running VM Then can move or copy somewhere else and resume Snapshot of a given state, able to restore back to that state Some VMMs allow multiple snapshots per VM Clone by creating copy and running both original and cop
14、y Great for OS research, better system development efficiency Run multiple, different OSes on a single machine Consolidation, app dev, ,Benefits and Features (cont.),Templating create an OS + application VM, provide it to customers, use it to create multiple instances of that combination Live migrat
15、ion move a running VM from one host to another! No interruption of user accessAll those features taken together - cloud computing Using APIs, programs tell cloud infrastructure (servers, networking, storage) to create new guests, VMs, virtual desktops,Building Blocks,Generally difficult to provide a
16、n exact duplicate of underlying machine Especially if only dual-mode operation available on CPU But getting easier over time as CPU features and support for VMM improves Most VMMs implement virtual CPU (VCPU) to represent state of CPU per guest as guest believes it to be When guest context switched
17、onto CPU by VMM, information from VCPU loaded and stored Several techniques, as described in next slides,Building Block Trap and Emulate,Dual mode CPU means guest executes in user mode Kernel runs in kernel mode Not safe to let guest kernel run in kernel mode too So VM needs two modes virtual user m
18、ode and virtual kernel mode Both of which run in real user mode Actions in guest that usually cause switch to kernel mode must cause switch to virtual kernel mode,Trap-and-Emulate (cont.),How does switch from virtual user mode to virtual kernel mode occur? Attempting a privileged instruction in user
19、 mode causes an error - trap VMM gains control, analyzes error, executes operation as attempted by guest Returns control to guest in user mode Known as trap-and-emulate Most virtualization products use this at least in part User mode code in guest runs at same speed as if not a guest But kernel mode
20、 privilege mode code runs slower due to trap-and-emulate Especially a problem when multiple guests running, each needing trap-and-emulate CPUs adding hardware support, mode CPU modes to improve virtualization performance,Trap-and-Emulate Virtualization Implementation,Building Block Binary Translatio
21、n,Some CPUs dont have clean separation between privileged and nonprivileged instructions Earlier Intel x86 CPUs are among them Earliest Intel CPU designed for a calculator Backward compatibility means difficult to improve Consider Intel x86 popf instruction Loads CPU flags register from contents of
22、the stack If CPU in privileged mode - all flags replaced If CPU in user mode - on some flags replaced No trap is generated,Binary Translation (cont.),Other similar problem instructions we will call special instructions Caused trap-and-emulate method considered impossible until 1998 Binary translatio
23、n solves the problem Basics are simple, but implementation very complex If guest VCPU is in user mode, guest can run instructions natively If guest VCPU in kernel mode (guest believes it is in kernel mode) VMM examines every instruction guest is about to execute by reading a few instructions ahead o
24、f program counter Non-special-instructions run natively Special instructions translated into new set of instructions that perform equivalent task (for example changing the flags in the VCPU),Binary Translation (cont.),Implemented by translation of code within VMM Code reads native instructions dynam
25、ically from guest, on demand, generates native binary code that executes in place of original code Performance of this method would be poor without optimizations Products like VMware use caching Translate once, and when guest executes code containing special instruction cached translation used inste
26、ad of translating again Testing showed booting Windows XP as guest caused 950,000 translations, at 3 microseconds each, or 3 second (5 %) slowdown over native,Binary Translation Virtualization Implementation,Nested Page Tables,Memory management another general challenge to VMM implementations How ca
27、n VMM keep page-table state for both guests believing they control the page tables and VMM that does control the tables? Common method (for trap-and-emulate and binary translation) is nested page tables (NPTs) Each guest maintains page tables to translate virtual to physical addresses VMM maintains
28、per guest NPTs to represent guests page-table state Just as VCPU stores guest CPU state When guest on CPU - VMM makes that guests NPTs the active system page tables Guest tries to change page table - VMM makes equivalent change to NPTs and its own page tables Can cause many more TLB misses - much sl
29、ower performance,Building Blocks Hardware Assistance,All virtualization needs some HW support More support - more feature rich, stable, better performance of guests Intel added new VT-x instructions in 2005 and AMD the AMD-V instructions in 2006 CPUs with these instructions remove need for binary tr
30、anslation Generally define more CPU modes “guest” and “host” VMM can enable host mode, define characteristics of each guest VM, switch to guest mode and guest(s) on CPU(s) In guest mode, guest OS thinks it is running natively, sees devices (as defined by VMM for that guest) Access to virtualized dev
31、ice, priv instructions cause trap to VMM CPU maintains VCPU, context switches it as needed HW support for Nested Page Tables, DMA, interrupts as well over time,Nested Page Tables,Types of Virtual Machines and Implementations,Many variations as well as HW details Assume VMMs take advantage of HW feat
32、ures HW features can simplify implementation, improve performance Whatever the type, a VM has a lifecycle Created by VMM Resources assigned to it (number of cores, amount of memory, networking details, storage details) In type 0 hypervisor, resources usually dedicated Other types dedicate or share r
33、esources, or a mix When no longer needed, VM can be deleted, freeing resouces Steps simpler, faster than with a physical machine install Can lead to virtual machine sprawl with lots of VMs, history and state difficult to track,Types of VMs Type 0 Hypervisor,Old idea, under many names by HW manufactu
34、rers “partitions”, “domains” A HW feature implemented by firmware OS need to nothing special, VMM is in firmware Smaller feature set than other types Each guest has dedicated HW I/O a challenge as difficult to have enough devices, controllers to dedicate to each guest Sometimes VMM implements a cont
35、rol partition running daemons that other guests communicate with for shared I/O Can provide virtualization-within-virtualization (guest itself can be a VMM with guests Other types have difficulty doing this,Type 0 Hypervisor,Types of VMs Type 1 Hypervisor,Commonly found in company datacenters In a s
36、ense becoming “datacenter operating systems” Datacenter managers control and manage OSes in new, sophisticated ways by controlling the Type 1 hypervisor Consolidation of multiple OSes and apps onto less HW Move guests between systems to balance performance Snapshots and cloning Special purpose opera
37、ting systems that run natively on HW Rather than providing system call interface, create run and manage guest OSes Can run on Type 0 hypervisors but not on other Type 1s Run in kernel mode Guests generally dont know they are running in a VM Implement device drivers for host HW because no other compo
38、nent can Also provide other traditional OS services like CPU and memory management,Types of VMs Type 1 Hypervisor (cont.),Another variation is a general purpose OS that also provides VMM functionality RedHat Enterprise Linux with KVM, Windows with Hyper-V, Oracle Solaris Perform normal duties as wel
39、l as VMM duties Typically less feature rich than dedicated Type 1 hypervisorsIn many ways, treat guests OSes as just another process Albeit with special handling when guest tries to execute special instructions,Types of VMs Type 2 Hypervisor,Less interesting from an OS perspective Very little OS inv
40、olvement in virtualization VMM is simply another process, run and managed by host Even the host doesnt know they are a VMM running guests Tend to have poorer overall performance because cant take advantage of some HW features But also a benefit because require no changes to host OS Student could hav
41、e Type 2 hypervisor on native host, run multiple guests, all on standard host OS such as Windows, Linux, MacOS,Types of VMs Paravirtualization,Does not fit the definition of virtualization VMM not presenting an exact duplication of underlying hardware But still useful! VMM provides services that gue
42、st must be modified to use Leads to increased performance Less needed as hardware support for VMs grows Xen, leader in paravirtualized space, adds several techniques For example, clean and simple device abstractions Efficient I/O Good communication between guest and VMM about device I/O Each device
43、has circular buffer shared by guest and VMM via shared memory,Xen I/O via Shared Circular Buffer,Types of VMs Paravirtualization (cont.),Memory management does not include nested page tables Each guest has own read-only tables Guest uses hypercall (call to hypervisor) when page-table changes needed
44、Paravirtualization allowed virtualization of older x86 CPUs (and others) without binary translation Guest had to be modified to use run on paravirtualized VMM But on modern CPUs Xen no longer requires guest modification - no longer paravirtualization,Types of VMs Programming Environment Virtualizati
45、on,Also not-really-virtualization but using same techniques, providing similar features Programming language is designed to run within custom-built virtualized environment For example Oracle Java has many features that depend on running in Java Virtual Machine (JVM) In this case virtualization is de
46、fined as providing APIs that define a set of features made available to a language and programs written in that language to provide an improved execution environment JVM compiled to run on many systems (including some smart phones even) Programs written in Java run in the JVM no matter the underlyin
47、g system Similar to interpreted languages,Types of VMs Emulation,Another (older) way for running one operating system on a different operating system Virtualization requires underlying CPU to be same as guest was compiled for Emulation allows guest to run on different CPU Necessary to translate all
48、guest instructions from guest CPU to native CPU Emulation, not virtualization Useful when host system has one architecture, guest compiled for other architecture Company replacing outdated servers with new servers containing different CPU architecture, but still want to run old applications Performa
49、nce challenge order of magnitude slower than native code New machines faster than older machines so can reduce slowdown Very popular especially in gaming where old consoles emulated on new,Types of VMs Application Containment,Some goals of virtualization are segregation of apps, performance and reso
50、urce management, easy start, stop, move, and management of them Can do those things without full-fledged virtualization If applications compiled for the host operating system, dont need full virtualization to meet these goals Oracle containers / zones for example create virtual layer between OS and
51、apps Only one kernel running host OS OS and devices are virtualized, providing resources within zone with impression that they are only processes on system Each zone has its own applications; networking stack, addresses, and ports; user accounts, etc CPU and memory resources divided between zones Zone can have its own scheduler to use those resources,
