chapter 14 - virtual machines Flashcards
what does virtualization do?
allows a PC or server to simultaneously run more than 1 OS or more than 1 session of the same OS
what is the history of virtualization?
was used during 1970s in IBM, became mainstream in early 2000s when it became commercially available on x86 platform
what is the software for virtualization called?
a virtual machine monitor AKA hypervisor
what does a VMM do?
acts as layer between hardware and the VMs to act as as resource broker
allows multiple VMs to coexist on single host
what is consolidation ratio?
the number of VMs that can run on a host
8 reasons for virtualization
legacy hardware, rapid development, versatility, consolidation, aggregating, dynamics, ease of management, increased availability
how does a virtual machine work?
configured with a number of processors, RAM, storage resources, and network connectivity.
powered on like a physical server, loaded with an OS, and utilized like a physical server
it is limited to seeing only the resources it has configured
5 hypervisor functions
execution management of VMs, devices emulation and access control, execution of privileged operations, management of VMs, administration (hypervisor platform and software administration activities.)
What is a Type 1 hypervisor?
runs directly on host hardware like OS would, directly controls host resources
Examples of Type 1 hypervisor
VMware ESXI, Microsoft Hyper-V, Xen variants
What is a Type 2 hypervisor?
runs on host’s OS, relies on host OS for hardware interactions
Examples of type 2 hypervisor
VMware workstation, Oracle virtual box
Type 1 vs Type 2 hypervisors
type 1 performs better
type 2 is more secure, can run on a system being used for other things like user’s workstation
what is paravirtualization?
software-assisted virtualization technique
OS is modified so that calls to the hardware are replaced with calls to the hypervisor
is faster with less overhead, but you need a modified OS
what is a virtual appliance?
consists of applications and an OS distributed as a virtual machine image, independent of hypervisor or processor architecture, can run on type 1 or type 2 hypervisor, deploying this is easier than installing an OS
what is a security virtual appliance?
security tool that monitors and protects the other VMs
can monitor state of VM including registers, memory, i/o devices, network traffic
what is container virtualization?
another approach to virtualization
software running on top of the host OS kernel, all containerized applications on a host share common OS kernel
how is container virtualization different from hypervisor VMs
containers don’t aim to emulate physical servers
what is the benefit of container virtualization?
eliminates need for each VM to run its own OS and reduces overhead
what are kernel control groups?
originally developed for Linux and called process containers later became cgroups
all processes are descendants of the init process forming a single process hierarchy. Cgroups allow for multiple process hierarchies in a single OS
4 things control groups provide
resource limiting: how much memory is usable
prioritization: some groups can get a larger share of CPU or disk i/o
accounting: used for billings purposes
control: groups of processes can be frozen, stopped, or restarted
container advantages
By sharing the OS kernel, a system may run many containers compared to the limited number of VMs and guest OSs of a hypervisor environment.
Application performance is close to native system performance.
container disadvantages
Container applications are only portable across systems with the same OS kernel and virtualization support features.
An app for a different OS than the host is not supported.
May be less secure if there are vulnerabilities in the host OS.
What is Docker?
provides a simpler and standardized way to run containers, makes it easy to load the container image in a simple and quick manner, stored in the cloud as images
2 ways to provides processor resources
emulation, schedule time on physical CPUs (pCPUs)
emulation advantage and disadvantage
adv: emulation software may run on different platforms
disadv: not very efficient
virtual processors (vCPUs)
number of vCPUs has to be set
on a server without VM support, an application may have access to all resources on the server
when migrating to a VM env, configuring the VM to have the same number of processors as before is wasteful
start with one vCPU and monitor performance, add more if needed
start with <= the number of pCPUs
what are protection rings
describe the level of privilege granted to the software
what are the protection ring levels?
ring 0: most trusted, kernel runs here, run hypervisor here
ring 1&2: less privileged, used by device drivers
ring 3: least privileged, user application runs here
what is memory overcommit?
hypervisor temporarily borrows memory from 1 VM to satisfy the needs of another
balloon driver mechanism
what is the balloon driver mechanism?
requests memory (inflates) in the guest OS which causes the guest OS to free up pages no longer needed, it then deflates and the freed pages can be used for some other VM short on memory
used if memory is needed
what happens if the balloon driver method doesn’t work?
last resort, the server can page its own memory to disk
I/O virtualization advantages
enables hardware independence since the VM sees a more general device. helps with VM migration since new host may not have exact same device
VMware ESXi
market leader with large set of features and maturity
is type 1 hypervisor
Microsoft Hyper-V and Xen variants
they are similar in architecture
Java virtual machine (JVM)
java runs in this
provides runtime space for java program to run on any OS and hardware
Linux VServer
fast, open source container approach to a virtual machine
is a container scheme
VServer Scheduling
a token bucket filter overlays the standard Linux scheduler
controls how much processor time each VM gets
Tokens add to the bucket at a rate of R tokens every T interval
execution consumes tokens, when bucket empties, VM is put on hold until it refills to M tokens
