UNIT III

Virtualization and Containers

UNIT III – Virtualization and Containers
• Characteristics of virtualized environments,
• Taxonomy of virtualization techniques,
• Virtualization and cloud Computing,
• Pros and cons of virtualization, technology examples
(XEN, VMware),
• Building blocks of containers,
• Container platforms (LXC, Docker),
• Container orchestration,
• Docker Swarm and Kubernetes,
• Public cloud VM (e.g. Amazon EC2) and container
(e.g. Amazon Elastic Container Service) offerings.
 Virtualization
• How Cloud Providers giving rental
 Virtualization
• Bought New laptop with 4GB Ram + 500 GB
Storage.
But in Virtual another storage is available, How?
 Virtualization
• How allocation is going on in Virtual?
 Virtualization
• Once request given within 5 to 10 minutes, we
get virtual access
 Virtualization
• Once request given within 5 to 10 minutes, we get virtual access
 Virtualization (Example)
• Bank Locker
 Virtualization (Example)
• Bank Locker
 Virtualization (Example)
• Bank Locker – Safe with key
 Virtualization (Example)
• Bank Locker – Safe with key
 Virtualization (Example)
• Key allocation based on customer need
 Virtualization (Example)
• Cloud Providers – Provide different Configuration as per customer
needs,
• SSH Key - Highly secure, automated, and password less method of
authenticating and connecting to remote servers or virtual
machines
 Virtualization (Example)
• Cloud Providers – Provide different Configuration as per customer
needs,
• SSH Key - Highly secure, automated, and password less method of
authenticating and connecting to remote servers or virtual
machines
 What is Virtualization?
• Virtualization is a technology that creates a
virtual (abstract) environment
• Allows multiple operating systems to run on one
physical machine
• Each environment is secure, isolated, and
customizable
• Example:
– Ubuntu /Windows OS running on a Virtual Machine
– Virtual Machine running on Linux OS
Why Virtualization is Important
• Core technology behind Cloud Computing
• Enables Infrastructure as a Service (IaaS)
• Provides:
– On-demand resources
– Elastic scalability
– Cost efficiency
• Widely used in data centers
Why Virtualization is Important
• Core technology behind Cloud Computing
• Enables Infrastructure as a Service (IaaS)
• Provides:
– On-demand resources
– Elastic scalability
– Cost efficiency
• Widely used in data centers
Why Virtualization is Important
• Core technology behind Cloud Computing
• Enables Infrastructure as a Service (IaaS)
• Provides:
– On-demand resources
– Elastic scalability
– Cost efficiency
• Widely used in data centers
Major Virtualization Types
Drawbacks
Benefits
Benefits
Data Replication
Data Recovery
Characteristics of Virtualized
Environments
 Characteristics of Virtualized
Environments
• Virtualization creates a virtual version of
hardware, software, storage, or networks
• A virtualized environment has three main
components:
– Guest
– Host
– Virtualization Layer
• Interaction happens through the virtualization
layer, not directly with hardware
Virtualization Reference Model
Virtualization Reference Model
• Guest
– Virtual image, OS, applications, or users
– Interacts with virtual resources
• Host
– Physical hardware, storage, and network
• Virtualization Layer
– Software that emulates and manages the
environment
– Also called Virtual Machine Manager (VMM) or
Hypervisor
• Used in:
– Hardware virtualization
– Virtual storage
– Virtual networking (VPN)
Increased Security
 Increased Security
• Guest runs in a controlled and isolated
environment
• All guest operations are filtered by the
virtualization layer
• Prevents:
– Harmful operations
– Unauthorized access to host resources
• Host data can be hidden or protected
• Ideal for running untrusted code
• Example:
– Sandboxed Java applications
– Virtual machines with isolated file systems
 Managed Execution
Virtualization enables controlled execution of guests by
providing:
• Sharing
– Multiple virtual environments on one host
– Better hardware utilization
• Aggregation
– Multiple physical machines appear as one virtual system
– Used in clusters and distributed systems
• Emulation
– Different hardware or OS environments can be simulated
– Useful for testing and legacy software
• Isolation
– Guests do not interfere with each other or the host
– Improves stability and security
Advanced Managed Execution
• Performance tuning
• Control CPU, memory, and storage given to guests
• Quality of Service (QoS)
• Ensures service-level agreements (SLAs)
• Virtual Machine Migration
• Pause a VM
• Move it to another host
• Resume execution transparently
• Improves efficiency and load balancing in data
centers
 Portability
• Virtual environments can be easily moved
across systems
• Hardware virtualization
– Virtual machines stored as portable images
• Programming-level virtualization
– Same code runs on multiple platforms without
recompiling
• Benefits:
– Easy deployment
– Flexible development
– Carry your complete system anywhere
 Portability
• Virtual environments can be easily moved
across systems
• Hardware virtualization
– Virtual machines stored as portable images
• Programming-level virtualization
– Same code runs on multiple platforms without
recompiling
• Benefits:
– Easy deployment
– Flexible development
– Carry your complete system anywhere
Taxonomy of virtualization techniques
Taxonomy of virtualization techniques
• Virtualization includes multiple
emulation techniques
• Applied to:
– Execution environments
– Storage
– Networks
• Classification helps understand:
– What is virtualized
– How virtualization is implemented
Taxonomy of virtualization techniques
 Major Classification
• Virtualization is classified based on
what is emulated:
– Execution Virtualization (most
important)
– Storage Virtualization
– Network Virtualization
• Execution virtualization is the oldest
and most widely used
 Execution Virtualization
• Emulates an execution environment
separate from the host
• Focuses on running:
– Operating systems
– Applications
– Program binaries
• Implemented at different levels of
the computing stack
 Execution Virtualization
• Process-Level Virtualization
– Runs on top of an existing OS
– OS controls hardware
• System-Level Virtualization
– Runs directly on hardware
– Minimal or no host OS support
Machine Reference Model
Machine Reference Model
• Computing stack layers:
– Hardware → ISA
– Operating System
– ABI (System Calls)
– API (Libraries)
– Applications
• Virtualization replaces or intercepts
one of these layers
Privilege Levels & Security
Privilege Levels & Security
• Two execution modes:
– Supervisor mode / Master mode (Kernel /
Ring 0)
– OS-level services (Ring 1 & 2)
– User mode (Ring 3)
• Privileged instructions:
– Control CPU, memory, I/O
• Hypervisor (runs above the supervisor
mode) must control sensitive instructions
• Hardware support (Intel VT, AMD-V)
simplifies virtualization
Hardware-Level Virtualization
Hardware-Level Virtualization
• Provides virtual hardware
environment
• Guest = Operating System
• Host = Physical Hardware
• Managed by Hypervisor (VMM)
Hardware-Level Virtualization is also
called System Virtualization
 Types of Hypervisors
• Type I (Native)
– Runs directly on
hardware
– High performance
– Used in data
centers
 Types of Hypervisors
• Type II
(Hosted)
– Runs on top
of an OS
– Easier to
install
– Used on
desktops
Virtual Machine Manager (VMM)
 Virtual Machine Manager (VMM)
• Dispatcher: Acts as the entry point of the
monitor and routes each instruction either to the
allocator or to the interpreter routines.

• Allocator: Allocates and manages system

resources according to the received instructions.

• Interpreter routines: Interpret and execute

instructions that cannot be directly handled by
the hardware.
Virtual Machine Manager (VMM)
Example
Virtual Machine Manager (VMM)
Example
 Virtual Machine Manager (VMM)
Example
• Example: Playing Nintendo Switch / PS3 games on PC

• Dispatcher: Routes game CPU/GPU instructions to native

execution or translation.

• Allocator: Dynamically assigns CPU threads, GPU shaders,

RAM.

• Interpreter / JIT: Translates ARM / PowerPC instructions

into x86-64 in real time.

Used today by: Game testers, modders, preservation projects.

Virtualization and Cloud computing
Virtualization and Cloud computing
Virtualization and Cloud computing
• Virtualization is a key technology in cloud computing

• Enables on-demand IT services with security and

isolation

• Provides configurable computing and storage

environments

• Supports IaaS (hardware virtualization) and PaaS

(language virtualization)
Virtualization and Cloud computing
• Improves resource utilization through server
consolidation

• Enables virtual machine migration, including live

migration

• Supports storage virtualization with dynamic, secure

slices

• Allows desktop virtualization via cloud-hosted

environments
Pros and Cons of Virtualization
 Advantages of Virtualization
• Provides managed execution and isolation

• Creates secure sandboxed environments

• Enables fine-grained resource allocation and QoS

• Supports server consolidation and efficient resource use

• Offers portability and self-containment of virtual machines

• Simplifies administration and reduces maintenance cost

• Saves energy by reducing number of active physical servers

 Disadvantages of Virtualization
• Performance degradation due to virtualization overhead

• Increased latency from abstraction layer

• Possible inefficient use of host features (e.g., device drivers,

graphics)

• Can cause degraded user experience

• Introduces new security threats (e.g., malicious virtual machine

managers)

• Requires strong hardware and security support to mitigate risks

Technology Examples
 Technology Examples
• Virtualization enables multiple operating
systems to run on the same physical hardware
• Widely used in desktop, server, and cloud
environments
• Main approaches:
– XEN (Paravirtualization)
– VMware (Full virtualization)
 Technology Examples - XEN
(Paravirtualization)
• Open-source virtualization platform
• Developed at University of Cambridge
• Commercially supported by Citrix (XenSource)
• Used for:
– Desktop virtualization
– Server virtualization
– Cloud computing (Xen Cloud Platform – XCP)
Technology Examples - XEN
(Paravirtualization)
 Technology Examples - XEN
(Paravirtualization)
• Xen Hypervisor (VMM) is the core component
• Runs at highest privilege level
• Manages CPU, memory, and I/O
• Virtual machines are called domains
• Domains
– Domain 0 (Dom0): Privileged management
domain for VM control
– Domain U (DomU): Guest VMs with modified OS
using hypercalls
 Technology Examples - VMware (Full
Virtualization)
• Implements full virtualization
• Guest OS runs unmodified
• Hardware is fully emulated
• Supports both:
– Type I hypervisors (bare-metal)
– Type II hypervisors (hosted)
Technology Examples - VMware (Full
Virtualization)
 Technology Examples - VMware (Full
Virtualization)
VMware Full Virtualization Techniques
• Direct execution for non-sensitive instructions
• Binary translation for sensitive instructions
• Allows x86 virtualization without OS
modification
• Supports Intel VT-x and AMD-V hardware
extensions
 Technology Examples - VMware (Full
Virtualization)
Binary Translation (VMware)
• Sensitive instructions cause traps
• Trapped instructions are dynamically translated
• Translated code is cached for reuse
• Advantages:
– Runs unmodified OS (e.g., Windows)
– Portable solution
• Disadvantages:
– Runtime overhead
– Slower than paravirtualization
 Technology Examples
• Microsoft HyperV Hybrid (Para + Full)
Virtualization
Containers
 Containers
• Lightweight application packages
• Include code + libraries + dependencies
• Run consistently across any platform
• Fast startup & low resource usage
• Isolated using OS features
• Used in DevOps & multi-cloud environments
Container Deployment
 Containers – Building Blocks
• Containers provide lightweight virtualization at
the OS level.
• Core building blocks:
– Control Groups (cgroups): Resource management
– Namespaces: Isolation (process, network, file system)
• Other components:
– Container Image: Read-only template
– Container Runtime: Runs containers (e.g., containerd)
– Union File System: Efficient image layering
 Control Groups (cgroups)
• Allocation of CPU and Memory Resources
through Control Groups
 Cgroups (Control Groups)
• Linux kernel feature to isolate and control system
resources.
• Introduced by Google to restrict, monitor, and isolate
resource usage.
• Manages CPU, memory, disk I/O, and network
bandwidth.
• Provides fine-grained control over process groups.
• Improves hardware utilization and system stability.
• Used heavily in container environments to limit
resource usage.
 Namespaces
• Linux kernel feature that isolates system
resources.
• Originally developed by IBM.
• Allows processes to see isolated views of the
system.
 Types of Namespaces
• PID – Process IDs
• MNT – Mount points
• IPC – Inter-process communication
• NET – Networking
• UTS – Hostname and domain
Network Namespace
 Network Namespace
• Provides isolated network stack.
• Own interfaces, IPs, routing tables, and ports.
• Multiple containers run separate networks on
same host.
Filesystem (Mount) Namespace
 Filesystem (Mount) Namespace
• Isolates filesystem view.
• Maps a directory as a virtual root.
• Containers cannot access files outside their
namespace.
Process ID (PID) Namespace
 Process ID (PID) Namespace
• Isolates process ID space.
• Each container sees its own PID 1.
• Processes cannot signal processes in other
namespaces.
Container Platforms
 Container Platforms
(a) Docker
– Most popular container platform
– Uses container images and Docker Engine
– Faster application deployment
– Supports microservices architecture
(b) LXC (Linux Containers)
– OS-level virtualization
– Containers behave like lightweight VMs
– Uses Linux kernel features directly
Virtual Machine
Docker Container
VM and Docker Container
Booting
 Docker
• Containerization platform for packaging apps
+ dependencies.
• Runs consistently across laptop, servers, and
cloud.
• Uses Namespaces for isolation.
• Uses Cgroups for resource limits.
• Ensures secure multi-container execution.
 Docker Architecture
• Client–Server architecture.
• Docker Client communicates with Docker
Daemon.
• Docker Daemon runs on Docker Host.
• Docker Registry stores container images.
Docker Architecture
 Docker
• Containerization platform for packaging apps
+ dependencies.
• Runs consistently across laptop, servers, and
cloud.
• Uses Namespaces for isolation.
• Uses Cgroups for resource limits.
• Ensures secure multi-container execution.
 Linux Containers (LXC)
• Introduced in 2008 for OS-level virtualization
on Linux.
• Uses Cgroups and Namespaces for isolation.
• Runs multiple isolated Linux systems on a
single host.
• First complete Linux container runtime
without kernel patches.
• Provides tools, templates, and language
bindings.
 Kernel Features Used in LXC
• Namespaces for isolation:
– PID – Separate process ID space (own PID 1).
– Mount – Isolated filesystem mounts.
– Network – Separate interfaces and routing.
– IPC – Isolated inter-process communication.
– UTS – Unique hostname per container.
– User – UID/GID mapping.
• Example: 'ps' inside container shows only
container processes.
 Security & Memory Management in
LXC
• Security:
– AppArmor – Application confinement policies.
– SELinux – Mandatory Access Control (MAC).
– Seccomp – Filters system calls to reduce attack
surface.
• Filesystem & Memory:
– chroot & pivot_root provide isolated root filesystem.
– Kernel space for OS, user space for container
processes.
Container Orchestration
 Container Orchestration
• Container orchestration automates
management of containers.
• Key functions:
– Container deployment
– Scaling
– Load balancing
– Health monitoring
– Fault tolerance
– Rolling updates
Container Orchestration
Container Orchestration
Container Orchestration Platforms
• Types of Container Orchestration Platforms
– Kubernetes (K8s)
– Docker Swarm
– HashiCorp Nomad
– Red Hat OpenShift
– Apache Mesos (with Marathon)
• Managed Services (Containers-as-a-Service)
– Amazon EKS / ECS.
– Google Kubernetes Engine (GKE).
– Azure Kubernetes Service (AKS)
 Kubernetes
• Open-source container orchestration platform
• Developed by Google
• Industry standard
• Very rich features and extendable
• Key components:
– Pod: Smallest deployment unit
– Node: Worker machine
– Cluster: Group of nodes
– Scheduler: Assigns pods to nodes
– Controller Manager: Ensures desired state
 Kubernetes
• Advantages:
– High scalability
– Self-healing
– Auto-scaling
– Strong community support
 Docker Swarm
• Native Docker orchestration tool
• Simple to set up
• Uses manager and worker nodes
• Suitable for small to medium deployments
• Limitations:
– Less feature-rich than Kubernetes
– Smaller ecosystem
 Other Containers
• Amazon ECS / EKS - AWS
• Apache Marathon – Older Version
• Hashicorp nomad
 Category Kubernetes (K8s) Docker Swarm
Easy to set upIntegrated with
Advanced scheduling, Autoscaling (HPA/VPA)Large
Docker CLISimpler concepts
Strengths ecosystem & community, Supports CRDs (Custom
(services, stacks)Fast
Resources)Strong observability tools
deployment
Steeper learning curve, More components (API
Lightweight & simpleLimited
Complexity server, etcd, controller-manager, scheduler, kube-
components (less flexible)
proxy)
Best for small to medium
Handles large, complex microservices, Supports
Scalability clusters, Less efficient for
multi-region & hybrid clusters
massive workloads

Huge open-source community, Backed by CNCF & Smaller ecosystem, Mainly

Ecosystem
major cloud providers (AWS, GCP, Azure) supported by Docker

Simple apps, Quick setup,

Enterprise-level apps, Multi-service deployment,
Use Case Dev/test or small-scale
Production-grade environments
production
Setup via CLI commands,
Setup & Requires configuration & YAML manifests,
Easy service & stack
Management Managed options available (EKS, GKE, AKS)
management
Built-in routing mesh,
Networking & Advanced networking (CNI plugins, Ingress,
Simpler but less
Load Balancing service mesh)
customizable
Public Cloud Offerings
Public Cloud Offerings
Public Cloud Offerings
Public Cloud Offerings
Public Cloud Offerings
Public Cloud Offerings
Public Cloud VM – Amazon EC2
 Public Cloud VM – Amazon EC2
• Amazon Elastic Compute Cloud (EC2) is an
Infrastructure-as-a-Service (IaaS) that
provides on-demand virtual machines on
AWS infrastructure.
 Public Cloud VM – Amazon EC2
• Key Points
– Provides virtualized compute instances (VMs) with
strong isolation
– Users control OS, applications, storage, and security
– Elastic & scalable – instances can be started, stopped,
or resized anytime
– Supports multiple instance types for different
workloads
– Secure networking using VPC, security groups, and
key pairs
– Pay-as-you-use pricing model
Public Cloud VM – Amazon EC2
Public Cloud Containers
 Public Cloud Containers
• Managing containers on-premises (Docker,
Kubernetes, Swarm) is complex and resource-
heavy.
• Public cloud providers—AWS, GCP, Azure—
solve this with fully managed container
platforms.
AWS Elastic Container Service (ECS)
• A fully managed container orchestration
service that runs and scales containers
without managing the control plane.
• Integrates with ECR, IAM, CloudWatch and
supports EC2 and serverless Fargate.
ECS Layered Architecture
 ECS Layered Architecture
• Capacity / Infrastructure Layer
– EC2 Instances – user-managed clusters
– AWS Fargate – serverless, pay-per-use containers
– On-premises (ECS Anywhere) – hybrid deployments
• Controller Layer
– ECS Scheduler places tasks based on CPU, memory,
and policies
– Manages task definitions and ensures desired state
• Container Provisioning Layer
– AWS Console, CLI, SDKs – manage and automate ECS
– AWS Copilot – simplified CI/CD for containers
– AWS CDK – infrastructure as code
 Application Life Cycle in Amazon ECS
• Build Image – Create container image (Dockerfile)
• Store Image – Push to Amazon ECR (or Docker
Hub)
• Task Definition – JSON blueprint (image, CPU,
memory, network, IAM)
• Deploy – Run on EC2 / Fargate / On-prem
• Scheduling & Auto-Healing – failed tasks restart
automatically
• Monitoring – CloudWatch logs, metrics, and
alarms
Application Life Cycle in Amazon ECS
 Public Cloud Offerings
(a) Amazon EC2 (Virtual Machines)
• Infrastructure as a Service (IaaS)
• Provides resizable compute capacity
• Users manage OS, middleware, and applications
• Supports different instance types

(b) Amazon ECS (Elastic Container Service)

• Managed container orchestration service
• Supports Docker containers
• Integrates with EC2 and AWS Fargate
• Simplifies container deployment and scaling
 Virtual Machines vs Containers
(Quick Comparison)
Feature Virtual Machines Containers
OS Separate OS per VM Share host OS
Performance Slower Faster
Size Large Lightweight
Boot Time Minutes Seconds
Isolation Strong Moderate