Module 2

Virtualization: Implementation levels of Virtualization (3.11 to 3.14), Virtualization

structure/tools and mechanisms: Hypervisor and Xen architecture, Binary translation
with full virtualization, Para virtualization with compiler support, Live VM migration
steps.
Cloud computing architecture: Cloud computing and Service models: IaaS, PaaS, SaaS

Implementation Levels of Virtualization:

● Virtualization is a computer architecture technology by which multiple

virtual machines (VMs) are multiplexed in the same hardware machine.
● The idea of VMs can be dated back to the 1960s. The purpose of a VM is to
enhance resource sharing by many users and improve computer performance in
terms of resource utilization and application flexibility.
● Hardware resources (CPU, memory, I/O devices, etc.) or software resources
(operating system and software libraries) can be virtualized in various
functional layers.
● This virtualization technology has been revitalized as the demand for distributed
and Cloud computing increased sharply in recent years.
● The idea is to separate the hardware from the software to yield better system
efficiency.
● For example, computer users gained access to much enlarged memory space
when the concept of virtual memory was introduced. Similarly, virtualization
techniques can be applied to enhance the use of compute engines, networks, and
storage.

Levels of Virtualization Implementation:

• A traditional computer runs with a host operating system specially tailored for its
hardware architecture, as shown below.

● After virtualization, different user applications managed by their own operating

systems (guest OS) can run on the same hardware, independent of the host OS.
This is often done by adding additional software, called a virtualization layer as
shown above.
● This virtualization layer is known as Hypervisor or Virtual Machine Monitor (VMM).
● In VMs, the applications are run with their own guest OS over the virtualized
CPU, memory, and I/O resources.
● The main function of the software layer for virtualization is to virtualize the
physical hardware of a host machine into virtual resources to be used by the VMs,
exclusively. This can be implemented at various operational levels.
● The virtualization software creates the abstraction of VMs by interposing a
virtualization layer at various levels of a computer system.
● Common virtualization layers include the instruction set architecture (ISA)
level, hardware level, operating system level, library support level, and
application level, as shown.

a. Instruction Set Architecture Level

● At the ISA level, virtualization is performed by emulating a given ISA by
the ISA of the host machine.
● For example, MIPS binary code can run on an x86-based host machine
with the help of ISA emulation.
● With this approach, it is possible to run a large amount of legacy binary
code written for various processors on any given new hardware host
machine.
● Instruction set emulation leads to virtual ISAs created on any hardware
machine.
● The basic emulation method is through code interpretation. An
interpreter program interprets the source instructions to target
instructions one by one.
● One source instruction may require tens or hundreds of native target
 instructions to perform its function. Obviously, this process is relatively
slow.
● For better performance, dynamic binary translation is desired. This
approach translates basic blocks of dynamic source instructions to
target instructions. The basic blocks can also be extended to program
traces or super blocks to increase translation efficiency.
● Instruction set emulation requires binary translation and optimization.
A virtual instruction set architecture (V-ISA) thus requires adding a
processor-specific software translation layer to the compiler.

b. Hardware Abstraction Level

● As the name suggest, Hardware-level virtualization is performed right
on top of the bare hardware.
● This approach generates a virtual hardware environment for a VM.
● On the other hand, the process manages the underlying hardware
through virtualization.
● The idea is to virtualize a computer’s resources, such as its processors,
memory, and I/O devices.
● The intention is to upgrade the hardware utilization rate by multiple
users concurrently.
● The idea was implemented in the IBM VM/370 in the 1960s. More
recently, the Xen hypervisor has been applied to virtualize x86-based
machines to run Linux or other guest OS applications.

c. Operating System Level

● This refers to an abstraction layer between traditional OS and user
applications.
● OS-level virtualization creates isolated containers on a single physical
server and the OS instances to utilize the hard- ware and software in
data centers.
● The containers behave like real servers.
● When the number of users is high and no one is willing to share
hardware, then OS level virtualization comes handy.
● OS-level virtualization is commonly used in creating virtual hosting
environments to allocate hardware resources among a large number of
mutually distrusting users.

d. Library Support Level

● OS System calls are lengthy and bulky. Most applications use APIs
exported by user-level libraries rather than using lengthy system calls
by the OS.
● Since most systems provide well-documented APIs, such an interface
becomes another candidate for virtualization.
● Virtualization with library interfaces is possible by controlling the
 communication link between applications and the rest of a system through
API hooks.
● The software tool WINE has implemented this approach to support
Windows applications on top of UNIX hosts.

e.U s e r -
A p p l i c a●
t i oApplication
n Level level virtualization comes handy when one wishes to
virtualize only an application. It does not virtualize an entire platform or
environment.
● Virtualization at the application level virtualizes an application as a VM.
● On a traditional OS, an application often runs as a process. Therefore,
application-level virtualization is also known as process-level
virtualization.
● The most popular approach is to deploy high level language (HLL) VMs.
In this scenario, the virtualization layer sits as an application program
on top of the operating system, and the layer exports an abstraction of a
VM that can run programs written and compiled to a particular abstract
machine definition. Any program written in the HLL and compiled for
this VM will be able to run on it.
● The Microsoft .NET CLR and Java Virtual Machine (JVM) are two good
examples of this class of VM.

Relative Merits of Different Approaches

● Following Table compares the relative merits of implementing
virtualization at various levels.
● The table corresponds to four technical merits. “Higher Performance”,
“Application Flexibility”, “Implementation Complexity” (implies the cost
to implement) and “Application Isolation” (refers to the effort required
to isolate resources committed to different VMs.)
● Overall, hardware and OS support will yield the highest performance.
However, the hardware and application levels are also the most
expensive to implement. User isolation is the most difficult to achieve.
ISA implementation offers the best application flexibility.
 (More “X”’s Means Higher Merit, with a Maximum of 5 X’s)
VMM Design Requirements and Providers:
● Hardware-level virtualization inserts a layer between real hardware and
traditional operating systems. This layer is commonly called the Virtual Machine
Monitor (VMM) and it manages the hardware resources of a computing system.
● Each time programs access the hardware, the VMM captures the process. In this
sense, the VMM acts as a traditional OS.
● One hardware component, such as the CPU, can be virtualized as several virtual
copies. Therefore, several traditional operating systems which are the same or
different can sit on the same set of hardware simultaneously.
● There are three requirements for a VMM.
● First, a VMM should provide an environment for programs which is essentially
identical to the original machine.
● Second, programs run in this environment should show, at worst, only minor
decreases in speed.
● Third, a VMM should be in complete control of the system resources.
● Any program run under a VMM should exhibit a function identical to that which it
runs on the original machine directly. However, two possible exceptions in terms
of differences are permitted with this requirement: differences caused by the
 availability of system resources and differences caused by timing dependencies.
The former arises when more than one VM is running on the same machine.
● A VMM should demonstrate efficiency in using the VMs. Compared with a physical
machine, no one prefers a VMM if its efficiency is too low. To guarantee the
efficiency of a VMM, a statistically dominant subset of the virtual processor’s
instructions needs to be executed directly by the real processor, with no software
intervention by the VMM.
● Complete control of the resources by a VMM includes the following aspects:
● (1) The VMM is responsible for allocating hardware resources for
programs
● (2) It is not possible for a program to access any resource not explicitly
allocated to it
● (3) It is possible under certain circumstances for a VMM to regain
control of resources already allocated.
● It is difficult to implement a VMM for some types of processors, such as the x86.
Specific limitations include the inability to trap on some privileged instructions. If
a processor is not designed to support virtualization primarily, it is necessary to
modify the hardware to satisfy the three requirements for a VMM. This is known
as hardware-assisted virtualization.
Virtualization Support at the OS Level:
● With the help of VM technology, a new computing mode known as cloud
computing is emerging.
● Cloud computing is transforming the computing landscape by shifting the
hardware and staffing costs of managing a computational center to third parties,
just like banks.
● However, cloud computing has at least two challenges. The first is the ability to use
a variable number of physical machines and VM instances (Scalability) depending
on the needs of a problem. For example, a task may need only a single CPU during
some phases of execution but may need hundreds of CPUs at other times.
● The second challenge concerns the slow operation of instantiating new VMs.

Why OS-Level Virtualization?

● It is slow to initialize a hardware-level VM because each VM creates its own
image from scratch.
● In a cloud computing environment, perhaps thousands of VMs need to be
initialized simultaneously.
● Besides slow operation, storing the VM images also becomes an issue.
● As a matter of fact, there is considerable repeated content among VM images.
● Moreover, full virtualization at the hardware level also has the disadvantages of
slow performance and low density.
● To reduce the performance overhead of hardware-level virtualization, even
hardware modification is needed.
● OS-level virtualization provides a feasible solution for these hardware-level
virtualization issues.
● Operating system virtualization inserts a virtualization layer inside an
operating system to partition a machine’s physical resources. It enables
multiple isolated VMs within a single operating system kernel. This kind of VM
is often called a virtual execution environment (VE), Virtual Private System
(VPS), or simply container.
● From the user’s point of view, VEs look like real servers. This means a VE has
its own set of processes, file system, user accounts, network interfaces with IP
addresses, routing tables, firewall rules, and other personal settings.
● Although VEs can be customized for different people, they share the same
operating system kernel. Therefore, OS-level virtualization is also called single-
OS image virtualization.
Figure illustrates operating system virtualization from the point of view of a
machine stack. (OpenVZ Virtualization Layer).
Advantages of OS Extensions
● Compared to hardware-level virtualization, the benefits of OS extensions
are twofold:
(1) VMs at the operating system level have minimal startup/shutdown
costs, low resource requirements, and high scalability
(2) For an OS-level VM, it is possible for a VM and its host environment to
synchronize state changes when necessary.
● These benefits can be achieved via two mechanisms of OS-level
virtualization:
(1) All OS-level VMs on the same physical machine share a single
operating system kernel
(2) The virtualization layer can be designed in a way that allows
processes in VMs to access as many resources of the host machine as
possible, but never to modify them.
● In cloud computing, these benefits can be used to overcome the defects of
slow initialization of VMs at the hardware level.

Disadvantages of OS Extensions
● The main disadvantage of OS extensions is that all the VMs at operating
system level on a single container must have the same kind of guest
operating system. That is, although different OS-level VMs may have
different operating system distributions, they must pertain to the same
 operating system family.
For example, a Windows distribution such as Windows XP cannot run on
a Linux-based container.
● However, users of cloud computing have various preferences. Some
prefer Windows and others prefer Linux or other operating systems.
Therefore, there is a challenge for OS-level virtualization in such cases.
● The virtualization layer is inserted inside the OS to partition the
hardware resources for multiple VMs to run their applications in
multiple virtual environments. To implement OS-level virtualization,
isolated execution environments (VMs) should be created based on a
single OS kernel.
● Furthermore, the access requests from a VM need to be redirected to the
VM’s local resource partition on the physical machine.

Middleware Support for Virtualization:

● Library-level virtualization is also known as user-level Application Binary

Interface (ABI) or API emulation.
● This type of virtualization can create execution environments for running alien
programs on a platform rather than creating a VM to run the entire operating
system.
● API call interception and remapping are the key functions performed.
● Library-level virtualization systems include the Windows Application Binary
Interface (WABI), Lxrun, WINE, Visual MainWin, and vCUDA (vCompute Unified
Device Architecture).
● The WABI offers middleware to convert Windows system calls to Solaris system
calls.
● Lxrun is really a system call emulator that enables Linux applications written for
x86 hosts to run on UNIX systems.
● Similarly, WINE offers library support for virtualizing x86 processors to run
Windows applications on UNIX hosts.
● Visual MainWin offers a compiler support system to develop Windows
applications using Visual Studio to run on some UNIX hosts.
● vCUDA provides Virtualization support for using general-purpose GPUs to run
data- intensive applications under a special guest OS.
 Table:Middleware and Library Support for Virtualization
Middleware Brief Introduction and Application Platforms

WABI ([Link] Middleware that converts Windows system calls running on

x86
PCs to Solaris system calls running on SPARC workstations
Lxrun (Linux Run) ([Link] A system call emulator that enables Linux
~steven/lxrun/) applications written for x86 hosts to run on
UNIX systems such as the SCO OpenServer
WINE ([Link] A library support system for virtualizing x86 processors
to run Windows applications under Linux, FreeBSD, and
Solaris
Visual MainWin ([Link] A compiler support system to develop Windows applications
using Visual Studio to run on Solaris, Linux, and AIX hosts
vCUDA (Example 3.2) (IEEE IPDPS 2009 [57]) Virtualization support for using general-purpose GPUs to run
data-intensive applications under a special guest OS

Virtualization Structures/Tools and Mechanisms:

● In general, there are three typical classes of VM architecture.
● The following figure shows the architectures of a machine before and after
virtualization.

● Before virtualization, the operating system manages the hardware.

● After virtualization, a virtualization layer is inserted between the hardware and
the operating system. In such a case, the virtualization layer is responsible for
converting portions of the real hardware into virtual hardware.
● As a result of virtualization, different operating systems such as Linux and
Windows can run on the same physical machine, simultaneously.
● The hypervisor is also known as the VMM (Virtual Machine Monitor). They both
perform the same virtualization operations.
● Depending on the position of the virtualization layer, there are three classes of
VMM architectures, namely the Full Virtualization, Para Virtualization and
Hardware Assisted Virtualization.
Xen Architecture:
● The hypervisor supports hardware-level virtualization on bare metal devices like
CPU, memory, disk and network interfaces.
● The hypervisor software sits directly between the physical hardware and its OS.
● This virtualization layer is referred to as either the VMM or the hypervisor.
● The hypervisor provides hyper calls for the guest OSes and applications.
● Depending on the functionality, a hypervisor can assume a micro-kernel
architecture or it can assume a monolithic hypervisor architecture.
● A micro-kernel hypervisor includes only the basic and unchanging functions (such
as physical memory management and processor scheduling). The device drivers
and other changeable components are outside the hypervisor.
● A monolithic hypervisor implements all the afore mentioned functions, including
those of the device drivers. Therefore, the size of the hypervisor code of a micro-
kernel hypervisor is smaller than that of a monolithic hypervisor.
● Essentially, a hypervisor must be able to convert physical devices into virtual
resources dedicated for the deployed VM to use.
The Xen Architecture
o The Xen hypervisor is a type-1, bare-metal hypervisor that allows multiple
operating systems to run concurrently on a single physical machine.
o Xen is an open-source hypervisor program developed by Cambridge
University.
o Xen is a micro-kernel hypervisor.
o Xen is majorly based on para virtualization and it also can support full
virtualisation.
o The Xen hypervisor implements all the mechanisms, leaving the policy to
be handled by Domain 0, as shown in the figure.

o Xen does not include any device drivers natively. It just provides a
mechanism by which a guest OS can have direct access to the physical
devices. As a result, the size of the Xen hypervisor is kept rather small.

o Xen provides a virtual environment located between the hardware and the
OS.

o A number of vendors are in the process of developing commercial Xen

hypervisors, among them are Citrix XenServer and Oracle VM.

o The core components of a Xen system are the hypervisor, kernel and
applications.

o The organization of the three components is important. Like other

virtualization systems, many guest OSes can run on top of the hypervisor.

o The guest OS, which has control ability, is called Domain 0, and the others
are called Domain U.

o Domain 0 is a privileged guest OS of Xen. It is first loaded when Xen boots

without any file system drivers being available. Domain 0 is designed to
access hardware directly and manage devices. Therefore, one of the
responsibilities of Domain 0 is to allocate and map hardware resources for
the guest domains (the Domain U domains).
o For example, Xen is based on Linux and its security level is C2. Its
management VM is named Domain 0, which has the privilege to manage
other VMs implemented on the same6 host.
 o If Domain 0 is compromised, the hacker can control the entire system. So, in
the VM system, security policies are needed to improve the security of
Domain 0.
o Domain 0, behaving as a VMM, allows users to create, copy, save, read,
modify, share, migrate, and roll back VMs as easily as manipulating a file,
which flexibly provides tremendous benefits for users.
o Unfortunately, it also brings a series of security problems during the
software life cycle and data lifetime.
o VMs are allowed to roll back to previous states in their execution (e.g., to fix
configuration errors) or rerun from the same point many times (e.g., as a
means of distributing dynamic content or circulating a “live” system image).

Binary Translation with Full Virtualization:

o Trap-and-emulate method ensures that VMs operate in a controlled
environment and cannot perform harmful operations on the host machine.
But it silently introduces challenges as some instructions run in both
privileged and unprivileged modes.
o Alternatively, binary translation enhances the speed and performance of
VMs by translating their instructions to a format that the hardware
understands.
o In virtualization, binary translation (also known as dynamic binary
translation) is a technique where a hypervisor translates the machine
instructions of a guest operating system (OS) into instructions that the host
hardware can directly execute.
o This allows the guest OS to run without modifications on a platform that
might not natively support its instruction set.
o The hypervisor intercepts and translates guest OS instructions that are not
compatible with the host hardware.
o This translation happens dynamically at runtime, similar to how just-in-
time (JIT) compilers work in Java virtual machines.
o Binary translation allows running guest OSs on platforms that don't
natively support their architecture without modification.
o Based on this approach, any OS can be virtualized with the help of Binary
Translation and direct execution-based technique. In this approach, the
Guest OS is placed on a higher ring and the kernel code is translated by
 the hypervisor (virtualization software) to have the effect on the virtual
hardware on which it is running. The hypervisor translates all the OS
instructions on the fly.
o Ex: VMWare uses binary translation to allow x86 code to run on virtual
machines on different architectures.
o Binary translation can introduce some overhead due to the translation
process, which can impact performance, in general. As a result, only critical
instructions are trapped into VMM while non-critical instructions are
directly executed on hardware.
o Here, VMM is placed at Ring 0 and
the guest OS at Ring 1. The VMM
scans the instruction stream and
identifies the privileged, control-
and behaviour-sensitive
instructions.
o When these instructions are
identified, they are trapped into the
VMM, which emulates the behaviour of these instructions.
o Full virtualization combines binary translation and direct execution.

Para Virtualization
● Depending on implementation technologies, hardware virtualization can
be classified into: Full Virtualization, Para Virtualization.

Full Virtualization Para Virtualization

● Fullvirtualization architecture intercepts and emulates privileged and

sensitive instructions at runtime, para-virtualization handles these
instructions at compile time.
● Full virtualization does not need to modify the guest OS. It relies on
binary translation to trap and to virtualize the execution of certain
sensitive,
 nonvirtualizable instructions.
The guest OSes and their applications consist of noncritical (unprivileged)
and critical instructions (privileged).
● Para-virtualization needs to modify the guest operating systems. A para-
virtualized VM provides special APIs requiring substantial OS modifications
in user applications.
● Performance degradation is a critical issue of a virtualized system. No one
wants to use a VM if it is much slower than using a physical machine.
● The virtualization layer can be inserted at different positions in a machine
software stack. Para-virtualization attempts to reduce the virtualization
overhead, and thus improve performance by modifying only the guest OS
kernel.
● The guest operating systems are para-virtualized. They are assisted by an
intelligent compiler to replace the nonvirtualizable OS instructions by
hyper calls.

● The main problem in full virtualization is its low performance in binary

translation. To speed up binary translation is difficult. Therefore, many
virtualization products employ the para-virtualization architecture.
● Ex: Xen Hypervisor
Hardware-Assisted Virtualization:
● It is difficult to implement a VMM for some types of processors, such as the
x86. Specific limitations include the inability to trap on some privileged
instructions. If a processor is not designed to support virtualization
primarily, it is necessary to modify the hardware to satisfy the three
requirements for a VMM. This is known as hardware-assisted virtualization.
● Hardware-Assisted Virtualization is a special modification incorporated in
hardware, supported by specific vendors like Intel and AMD.
● It attempts to simplify virtualization because full or paravirtualization is
complicated.
● Intel and AMD add an additional mode called privilege mode level (some
people call it Ring-1) to x86 processors. Therefore, operating systems can
still run at Ring 0.
● All the privileged and sensitive instructions are trapped in the hypervisor
automatically.
● This technique removes the difficulty of implementing binary translation of
full virtualization.
● It also lets the operating system run in VMs without modification.
● Para-virtualization and hardware-assisted virtualization can be combined
to improve performance further.
Live VM Migration - Steps and Performance Effects:
● In a cluster built with mixed nodes of host and guest systems, the normal
method of operation is to run everything on the physical machine.
● When a VM fails, its role could be replaced by another VM on a different
node, as long as they both run with the same guest OS.
● A VM must stop playing its role if its residing host node fails.
● This problem can be mitigated with VM live migration.
● Virtual Machine Migration refers to the process of relocating/migrating
virtual machines from one physical host to another physical host to achieve
load balancing and power saving.

● The following figure shows the process of live migration of a VM from host
A to host B. The migration copies the VM state file from the storage area to
the host machine.
● VMs can be live-migrated from one physical machine to another; in case of
failure, one VM can be replaced by another VM.
● Live migration of a VM consists of the following six steps:
• Step 0: Pre Migration: Make preparations for the migration, including
determining the migrating VM from source and the possible destination host.
• Step 1: Reservation: Initialise the container on the destination host. The
migration in general starts automatically by strategies such as load balancing and
server consolidation.
• Step 2: Iterative Pre-copy (Transfer Memory): The complete execution
state of the VM which is stored in memory, is sent to the destination node ensuring
continuity of the service provided by the VM.
• Step 3: Stop and Copy (Suspend the VM and copy the last portion of the
data): The migrating VM’s execution is suspended when the last round’s memory
data is transferred. During this step, the VM is stopped, and its applications will no
longer run. This “service unavailable” time is called the “downtime” of migration,
which should be as short as possible so that it can be negligible to users.
• Step 4: Commitment: Commit all the changes in the new VM.
• Step 5: Activate the new host: After all the needed data is copied, on the
destination host, the VM reloads the states and recovers the execution of programs
in it, and the service provided by this VM continues. The whole migration process
finishes by removing the original VM from the source host.
Ex: Live VM Migration ix Xen
Miscellaneous Concepts for reference

VMM Basic Operations: