Cloud Computing 1

Unit- III
Virtual Machines and Virtualization

Syllabus : Implementation levels of virtualization: levels of virtualization implementation,

VMM design requirements and providers, virtualization support at the OS level,
virtualization structures/tools and mechanisms: Hypervisor and Xen architecture, binary
transition with full virtualization, para-virtualization with compiler support.

IMPLEMENTATION LEVELS OF VIRTUALIZATION:

 Virtualization is a computer architecture technology by which multiple virtual machines

(VMs) are multiplexed in the same hardware machine. The idea of VMs can be dated back to
the 1960s.
 The purpose of a VM is to enhance resource sharing by many users and improve computer
performance in terms of resource utilization and application flexibility. Hardware resources
(CPU, memory, I/O devices, etc.) or software resources (operating system and software
libraries) can be virtualized in various functional layers.
 This virtualization technology has been revitalized as the demand for distributed and cloud
computing increased sharply in recent years . The idea is to separate the hardware from the
software to yield better system efficiency.

Levels of Virtualization Implementation:

 A traditional computer runs with a host operating system specially tailored for its hardware
architecture, as shown in Figure .
 After virtualization, different user applications managed by their own operating systems
(guest OS) can run on the same hardware, independent of the host OS. This is often done by
adding additional software, called a virtualization layer .This virtualization layer is known as
hypervisor or virtual machine monitor (VMM).

IV Year –II- 2020- C

 Cloud Computing 2

Instruction Set Architecture Level:

 At the ISA level, virtualization is performed by emulating a given ISA by the ISA of the host
machine. For example, MIPS binary code can run on an x86-based host machine with the
help of ISA emulation.
 With this approach, it is possible to run a large amount of legacy binary code written for
various processors on any given new hardware host machine.
 Instruction set emulation leads to virtual ISAs created on any hardware machine. The basic
emulation method is through code interpretation. An interpreter program interprets the source
instructions to target instructions one by one.

IV Year –II- 2020- C

 Cloud Computing 3

Hardware Abstraction Level Hardware:

 Level virtualization is performed right on top of the bare hardware. On the one hand, this
approach generates a virtual hardware environment for a VM. On the other hand, the process
manages the underlying hardware through virtualization.
 The idea is to virtualize a computer’s resources, such as its processors, memory, and I/O
devices. The intention is to upgrade the hardware utilization rate by multiple users
concurrently.

Operating System Level:

 This refers to an abstraction layer between traditional OS and user applications. OS-level
virtualization creates isolated containers on a single physical server and the OS instances to
utilize the hardware and software in data centers.

 The containers behave like real servers. OS-level virtualization is commonly used in creating
virtual hosting environments to allocate hardware resources among a large number of
mutually distrusting users.

Library Support Level:

 Most applications use APIs exported by user-level libraries rather than using lengthy system
calls by the OS.
 Virtualization with library interfaces is possible by controlling the communication link
between applications and the rest of a system through API hooks.
 The software tool WINE has implemented this approach to support Windows applications on
top of UNIX hosts.

User-Application Level:

 Virtualization at the application level virtualizes an application as a VM. On a traditional

OS, an application often runs as a process.
 Therefore, application-level virtualization is also known as Virtual Machines and
Virtualization of Clusters and Data Centers process-level virtualization.
 The most popular approach is to deploy high level language (HLL) VMs. In this scenario, the
virtualization layer sits as an application program on top of the operating system, and the

IV Year –II- 2020- C

 Cloud Computing 4

layer exports an abstraction of a VM that can run programs written and compiled to a
particular abstract machine definition.

VMM Design Requirements and Providers:

 As mentioned earlier, hardware-level virtualization inserts a layer between real hardware and
traditional operating systems.
 This layer is commonly called the Virtual Machine Monitor (VMM) and it manages the
hardware resources of a computing system. Each time programs access the hardware the
VMM captures the process.
 In this sense, the VMM acts as a traditional OS.
 One hardware component, such as the CPU, can be virtualized as several virtual copies.
Therefore, several traditional operating systems which are the same or different can sit on the
same set of hardware simultaneously.

There are three requirements for a VMM:..

 Three main modules, dispatcher, allocator, and interpreter, coordinate their activity in order
to emulate the underlying hardware.
 The dispatcher constitutes the entry point of the monitor and reroutes the instructions issued
by the virtual machine instance to one of the two other modules.
 The allocator is responsible for deciding the system resources to be provided to the VM:
whenever a virtual machine tries to execute an instruction that results in changing the
machine resources associated with that VM, the allocator is invoked by the dispatcher.
 The interpreter module consists of interpreter routines. These are executed whenever a virtual
machine executes a privileged instruction: a trap is triggered and the corresponding routine is
executed.
 Equivalence : A guest running under the control of a virtual machine manager should exhibit
the same behavior as when it is executed directly on the physical host.
 Resource control : The virtual machine manager should be in complete control of virtualized
resources.
 Efficiency : A statistically dominant fraction of the machine instructions should be executed
without intervention from the virtual machine manager

IV Year –II- 2020- C

 Cloud Computing 5

Virtualization Support at the OS Level:

 With the help of VM technology, a new computing mode known as cloud computing is
emerging.
 Cloud computing is transforming the computing landscape by shifting the hardware and
staffing costs of managing a computational center to third parties, just like banks.
 However, cloud computing has at least two challenges.
 The first is the ability to use a variable number of physical machines and VM instances
depending on the needs of a problem.
 For example, a task may need only a single CPU during some phases of execution but may
need hundreds of CPUs at other times.
 The second challenge concerns the slow operation of instantiating new VMs.

Why OS-Level Virtualization?

 As mentioned earlier, it is slow to initialize a hardware-level VM because each VM creates

its own image from scratch. In a cloud computing environment, perhaps thousands of VMs
need to be initialized simultaneously.
 Besides slow operation, storing the VM images also becomes an issue. As a matter of fact,
there is considerable repeated content among VM images.
 Moreover, full virtualization at the hardware level also has the disadvantages of slow
performance and low density, and the need for para-virtualization to modify the guest OS.
 To reduce the performance overhead of hardware-level virtualization, even hardware
modification is needed. OS-level virtualization provides a feasible solution for these
hardware-level virtualization issues.
 Operating system virtualization inserts a virtualization layer inside an operating system to
partition a machine’s physical resources. It enables multiple isolated VMs within a single
operating system kernel.
 This kind of VM is often called a virtual execution environment (VE), Virtual Private System
(VPS), or simply container. From the user’s point of view, VEs look like real servers.
 This means a VE has its own set of processes, file system, user accounts, network interfaces
with IP addresses, routing tables, firewall rules, and other personal settings. Although VEs
can be customized for different people, they share the same operating system kernel.
 Therefore, OS-level virtualization is also called single-OS image virtualization.

IV Year –II- 2020- C

 Cloud Computing 6

Advantages of OS Extensions:

 Compared to hardware-level virtualization, the benefits of OS extensions are twofold:

(1) VMs at the operating system level have minimal startup/shutdown costs, low resource
requirements, and high scalability

(2) for an OS-level VM, it is possible for a VM and its host environment to synchronize state
changes when necessary.

 These benefits can be achieved via two mechanisms of OS-level virtualization:

(1) All OS-level VMs on the same physical machine share a single operating system kernel .

(2) the virtualization layer can be designed in a way that allows processes in VMs to access
as many resources of the host machine as possible, but never to modify them.

Disadvantages of OS Extensions:

 The main disadvantage of OS extensions is that all the VMs at operating system level on a
single container must have the same kind of guest operating system.
 The virtualization layer is inserted inside the OS to partition the hardware resources for
multiple VMs to run their applications in multiple virtual environments. To implement OS-

IV Year –II- 2020- C

 Cloud Computing 7

level virtualization, isolated execution environments (VMs) should be created based on a

single OS kernel.
 Furthermore, the access requests from a VM need to be redirected to the VM’s local resource
partition on the physical machine.

VIRTUALIZATION STRUCTURES/TOOLS AND MECHANISMS :

 In general, there are three typical classes of VM architecture.

 Before virtualization, the operating system manages the hardware. After virtualization, a
virtualization layer is inserted between the hardware and the operating system.
 In such a case, the virtualization layer is responsible for converting portions of the real
hardware into virtual hardware.
 Therefore, different operating systems such as Linux and Windows can run on the same
physical machine, simultaneously.
 Depending on the position of the virtualization layer, there are several classes of VM
architectures, namely the hypervisor architecture, para-virtualization, and host-based
virtualization. The hypervisor is also known as the VMM (Virtual Machine Monitor). They
both perform the same virtualization operations.

Hypervisor and Xen Architecture :

 The hypervisor supports hardware-level virtualization on bare metal devices like CPU,
memory, disk and network interfaces.
 The hypervisor software sits directly between the physical hardware and its OS. This
virtualization layer is referred to as either the VMM or the hypervisor.
 The hypervisor provides hypercalls for the guest OSes and applications. Depending on the
functionality, a hypervisor can assume a micro-kernel architecture like the Microsoft Hyper-
V.
 It can assume a monolithic hypervisor architecture like the VMware ESX for server
virtualization. A micro-kernel hypervisor includes only the basic and unchanging functions.

IV Year –II- 2020- C

 Cloud Computing 8

The Xen Architecture :

 Xen is an open source hypervisor program developed by Cambridge University. Xen is a

microkernel hypervisor, which separates the policy from the mechanism.
 The Xen hypervisor implements all the mechanisms, leaving the policy to be handled by
Domain 0.
 Xen does not include any device drivers natively . It just provides a mechanism by which a
guest OS can have direct access to the physical devices.
 As a result, the size of the Xen hypervisor is kept rather small. Xen provides a virtual
environment located between the hardware and the OS. A number of vendors are in the
process of developing commercial Xen hypervisors, among them are Citrix XenServer and
Oracle VM.
 The core components of a Xen system are the hypervisor, kernel, and applications. The
organization of the three components is important. Like other virtualization systems, many
guest OSes can run on top of the hypervisor.
 It is first loaded when Xen boots without any file system drivers being available. Domain 0 is
designed to access hardware directly and manage devices. Therefore, one of the
responsibilities of Domain 0 is to allocate and map hardware resources for the guest domains.
 If Domain 0 is compromised, the hacker can control the entire system. So, in the VM system,
security policies are needed to improve the security of Domain 0. Domain 0, behaving as a
VMM, allows users to create, copy, save, read, modify, share, migrate, and roll back VMs as
easily as manipulating a file, which flexibly provides tremendous benefits for users.

IV Year –II- 2020- C

 Cloud Computing 9

 Unfortunately, it also brings a series of security problems during the software life cycle and
data lifetime. Traditionally, a machine’s lifetime can be envisioned as a straight line where
the current state of the machine is a point that progresses monotonically as the software
executes.
 During this time, configuration changes are made, software is installed, and patches are
applied. In such an environment, the VM state is akin to a tree: At any point, execution can
go into N different branches where multiple instances of a VM can exist at any point in this
tree at any given time.

Binary Translation with Full Virtualization :

 Depending on implementation technologies, hardware virtualization can be classified into

two categories: full virtualization and host-based virtualization.
 Full virtualization does not need to modify the host OS. It relies on binary translation to trap
and to virtualize the execution of certain sensitive, nonvirtualizable instructions. The guest
OS’s and their applications consist of noncritical and critical instructions.
 In a host-based system, both a host OS and a guest OS are used. A virtualization software
layer is built between the host OS and guest OS.
Full Virtualization :
 With full virtualization, noncritical instructions run on the hardware directly while critical
instructions are discovered and replaced with traps into the VMM to be emulated by
software. Both the hypervisor and VMM approaches are considered full virtualization.

IV Year –II- 2020- C

 Cloud Computing 10

Binary Translation of Guest OS Requests Using a VMM :

 This approach was implemented by VMware and many other software companies. VMware
puts the VMM at Ring 0 and the guest OS at Ring 1. The VMM scans the instruction stream
and identifies the privileged, control- and behavior-sensitive instructions.
 When these instructions are identified, they are trapped into the VMM, which emulates the
behavior of these instructions. The method used in this emulation is called binary translation.
Therefore, full virtualization combines binary translation and direct execution.

IV Year –II- 2020- C

 Cloud Computing 11

 The guest OS is completely decoupled from the underlying hardware. Consequently, the
guest OS is unaware that it is being virtualized. The performance of full virtualization may
not be ideal, because it involves binary translation which is rather time-consuming.
 Binary translation employs a code cache to store translated hot instructions to improve
performance, but it increases the cost of memory usage.

Host-Based Virtualization :

 An alternative VM architecture is to install a virtualization layer on top of the host OS. This
host OS is still responsible for managing the hardware. The guest OSes are installed and run
on top of the virtualization layer.
 Dedicated applications may run on the VMs. Certainly, some other applications can also run
with the host OS directly. This hostbased architecture has some distinct advantages, as
enumerated next.
 First, the user can install this VM architecture without modifying the host OS. The
virtualizing software can rely on the host OS to provide device drivers and other low-level
services.
 Second, the host-based approach appeals to many host machine configurations. Compared to
the hypervisor/VMM architecture, the performance of the host-based architecture may also be
low.
 When an application requests hardware access, it involves four layers of mapping which
downgrades performance significantly.
 When the ISA of a guest OS is different from the ISA of Ring 3 Ring 2 Ring 1 Binary
translation of OS requests Direct execution of user requests Ring 0 User apps Guest OS
VMM Host computer system hardware.

IV Year –II- 2020- C

 Cloud Computing 12

Para-Virtualization with Compiler Support:

 Para-virtualization needs to modify the guest operating systems. A para-virtualized VM

provides special APIs requiring substantial OS modifications in user applications.
Performance degradation is a critical issue of a virtualized system.
 The virtualization layer can be inserted at different positions in a machine software stack.
However, para-virtualization attempts to reduce the virtualization overhead, and thus improve
performance by modifying only the guest OS kernel.
 The guest operating systems are para-virtualized. They are assisted by an intelligent compiler
to replace the nonvirtualizable OS instructions by hypercalls.
 The traditional x86 processor offers four instruction execution rings: Rings 0, 1, 2, and 3. The
lower the ring number, the higher the privilege of instruction being executed.

Para-Virtualization Architecture :

 When the x86 processor is virtualized, a virtualization layer is inserted between the hardware
and the OS. According to the x86 ring definition, the virtualization layer should also be
installed at Ring 0.
 Different instructions at Ring 0 may cause some problems. In Figure 3.8, we show that para-
virtualization replaces nonvirtualizable instructions with hypercalls that communicate directly
with the hypervisor or VMM.
 However, when the guest OS kernel is modified for virtualization, it can no longer run on the
hardware directly.

IV Year –II- 2020- C

 Cloud Computing 13

 Although para-virtualization reduces the overhead, it has incurred other problems.

 First, its compatibility and portability may be in doubt, because it must support the
unmodified OS as well.
 Second, the cost of maintaining para-virtualized OSes is high, because they may require deep
OS kernel modifications.
 Finally, the performance advantage of para-virtualization varies greatly due to workload
variations. Compared with full virtualization, para-virtualization is relatively easy and more
practical.
 The main problem in full virtualization is its low performance in binary translation. To speed
up binary translation is difficult. Therefore, many virtualization products employ the para-
virtualization architecture.

 The popular Xen, KVM, and VMware ESX are good examples. 3.2.3.2 KVM (Kernel-Based
VM) This is a Linux para-virtualization system—a part of the Linux version 2.6.20 kernel.
 Memory management and scheduling activities are carried out by the existing Linux kernel.
IV Year –II- 2020- C
 Cloud Computing 14

Para-Virtualization with Compiler :

 Support Unlike the full virtualization architecture which intercepts and emulates privileged
and sensitive instructions at runtime, para-virtualization handles these instructions at compile
time.
 The guest OS kernel is modified to replace the privileged and sensitive instructions with
hypercalls to the hypervisor or VMM. Xen assumes such a para-virtualization architecture.
 The guest OS running in a guest domain may run at Ring 1 instead of at Ring 0. This implies
that the guest OS may not be able to execute some privileged and sensitive instructions.
 The privileged instructions are implemented by hypercalls to the hypervisor. After replacing
the instructions with hypercalls, the modified guest OS emulates the behavior of the original
guest OS.

COMPARISION BETWEEN FULL VIRTUALIZATION, PARA VIRTUALIZATION

AND HARDWARE ASSISTED VIRTUALIZATION:

IV Year –II- 2020- C

 Cloud Computing 15

IV Year –II- 2020- C