Chapter 2: Virtual Resources Flashcards
What is a Hypervisor?
- is a program that allows multiple OS systems to share a single hardware host, each OS appears to have the host’s resources ie: processore, memeory, nic etc all to itself
Name and explain Type 1 Hypervisor
Runs directly on hardware
- More secure and more available
- Offers better performance to the guests it supports
- Requires special device drivers
Name and explain Type 2 Hypervisor
Runs on top of an OS
- Leverages the OS drivers
- Often used for desktop development and testing
- More overhead
What are the Challenges for IaaS Providers?
- Rapid provisioning
- Elasticity
- Isolation of different consumers
- Performance
Definition of Virtualization
Virtualization is the simulation of the software and/or hardware upon which other software runs. This simulated environment is called a virtual machine (VM).
What is the challenge of Elasticity for a Cloud?
- Create illusion of infinite resources
- manage data center in a cost-efficient manner
What is the challenge Rapid Provisioning for a Cloud?
- Resources must be available to the consumer quickly
- No human interaction during provisioning
Taxonomy of Virtualization
- Process Virtualization
- OS Virtualization
- System Virtualization
What is the VMM?
Virtual machine monitor
aka Hypervisor
Name the three types of processor instructions.
- Privileged instruction
- Sensitive instructions
- Unprivileged instructions
What is the necessary condition to the processor instructions for efficient virtualization (Popek and Goldberg-Theorem)?
Set of sensitive instructions is a subset of the set of privileged instructions. (=Condition satisfied)
What are the three Hardware Virtualization techniques?
- Full Virtualization
- Paravirtualization (OS-Assisted)
- Hardware-Assisted Virtualization
Define Full Virtualization.
Full Virtualization is virtualization in which the guest operating system is unaware that it is in a virtualized environment, and therefore hardware is virtualized by the host operating system.
Define Paravirtualisation.
Software Assisted Virtualization (Paravirtualization) is virtualization in which the guest operating system is aware that it is a guest. Therefore the guest source code is modified so that it avoids assistance of the VMM as far as possible.
Define Hardware-Assisted Virtualization.
Hardware Assisted Virtualization has special instructions to aid the virtualization of hardware. The guest can execute privileged instructions directly on the processor without affecting the host.
Explain Full Virtualization using Binary Translation
- Find critical instructions and replace them
- Run unprivileged instructions directly on CPU
- Trap and emulate privileged and sensitive instructions
- Find critical instructions and replace with exception
- Problem: Replacement must be done at runtime
What is the MMU
Memory management unit (MMU) translates logical to physical memory addresses
by lookup the page table (logical page ←→ physical page)
What are Shadow Pages?
Shadow page tables solves the problem of additional memory access required to resolve address at full virtualization. By mapping the logical pages of a process in the VM directly to the physical address.
What are the classes of I/O devices
- Dedicated devices (e.g. display, keyboard, mouse, …)
Not shared among VMs on a very long time scale - Partitioned devices (e.g.disks)
Partitions made available to VMs as dedicated devices - Shared devices (e.g. network adapters)
Shared among VMs on very fine-grained time scale - Spooled devices (e.g.printers)
Shared among VMs but with time higher granularity - Non existent physical devices e.g.virtualNICs)
Virtual devices without physical counterpart
What is the idea for Paravirtualization (OS-Assisted)?
Idea of Paravirtualization:
- Make guest OS aware that it is running in a VM
- Modify the guest source code so that it avoids assistance of the VMM as far as possible
How does Physical Memory Management with XEN work?
Domain gets fraction of phys. memory at creation time
- Static partitioning among domains
- No guarantee partition is contiguous
- Hypervisor knows which domain „owns“ which pages
- Each guest (Domain) knows which blocks to use
How does Virtual Memory Management with XEN work?
Command Batching:
- Xen collects Requests and submits them with one hypercall
- > Requests are not immediately processed
- > Requires only one entry to hypervisor
How does I/O Virtualization with XEN work?
- XEN itself contains specific device drivers
- I/O data transferred from guests via XEN using shared-memory, async. buffer ring
Explain how Binary Translation works
- Separate instruction sequence in translation units
- Check unit for critical instructions and modify code
- Modified code is stored in translation cache
Name different levels of I/O virtualization possible
- At system call level
- At device driver level
- At I/O operation level
What is the requirement for Paravirtualization (OS-Assisted)?
Requirements for pure OS-assisted approach:
- Source code of guest operating system is available
- Modified guest OS maintains application binary interface
Most common used for device driver virtualization. e.g. XEN
Summary OS-Assisted Virtualization
Requires modified guest OS? YES
Requires hardware support? NO
+ Better performance through cooperation between hypervisor and guest OS
- Limited compatibility, not generally applicable
- Increased management overhead for data center operator, different version of OS must be maintained
Summary of full virtualization
Requires modified Guest OS? NO
Requires hardware support? NO
- Good approach for compute-intensive applications, because unprivileged instructions run directly on CPU
- Not so good for data-intensive applications
Which Virtualization requires a modified guest OS?
OS-Assisted Virtualization
Which Virtualization requires hardware support?
HW-Assisted Virtualization
Performance of Full Virtualization
■ Good approach for compute-intensive applications
♦ Unprivileged instructions run directly on CPU
■ Degraded performance for data-intensive applications
♦ I/O requires syscallsprivileged instructions
♦ “trap and emulate” often requires context switches
♦ Context switches lead to complete flush of TLB
Pros and Cons of OS-Assisted
+ Better performance through cooperation between hypervisor and guest OS
- Limited compatibility, not generally applicable
- Increased management overhead for data center operator, different version of OS must be maintained
Pros and Cons of HW-Assisted
+ Improved performance even for unmodified guest OSs
- Reduced flexibility due to hardware constraints (especially for 3rd generation HW support)
First Generation of HW - Assisted Virtualization
Two new CPU modes: VMM runs in root mode vs. Guest OS in guest mode
VMM and guest run as “co-routines”
VMM can give CPU to guest OS (VM ENTER)
VMM can define conditions when to regain CPU (VM EXIT)
VMM uses control bits to “confine” and observe guest
Second Generation of HW - Assisted Virtualization
Extended Page Tables/Nested Page Tables introduce HW support for memory virtualization
Tagged Translation Lookaside Buffer TBL continues to cache LA PA address translation
MMU composes LA RA and RA PA mapping at TLB fill time
Third Generation of HW - Assisted Virtualization
Third generation support for virtualization focuses on I/O
Desired property: Live migration
■ No shutdown of the virtual machine
■ No disruption of the service
■ Minimal impact for the user
-> Minimize downtime and total migration time
Strategies for Memory Migration
- Push phase
■ Source VM continues running, sends pages to destination ■ Memory must potentially be sent multiple times Minimum downtime, potentially long migration time - Stop-and-copy phase
■ Source VM stopped, pages copied to destination VM
■ Destination VM is started after having received all pages Short overall migration time, long downtime - Pull phase
■ Execute new VM, pull accessed pages from source Performance depends on number of page faults
Resource Distribution among VMs
Storage space: statically partitioned
■ Each VM typically receives predefined fraction of disk
Main memory: statically partitioned
■ Each VM typically receives predefined fraction of RAM
CPU: Different methods possible
■ Pinning: Each VM is statically assigned CPU (cores)
■ Scheduling: VMM dynamically assigns time slots to VMs
I/O Access: Typically FCFS, see XEN ring buffer
■ More sophisticated methods subject to research!
What means Virtual Machine Migration
Move VM from one physical host to another. Motivation: - Fault management - Maintenance - Load Balancing
Rings to manage privileges.
0: OS, supervisor mode
1, 2
3: Application, user space
Explain TLB.
Translation Lookaside Buffer: Cache recent address translations.
How does XEN tackle Full Virtualization Problems?
Guest OS is aware of virtualization -> critical instructions can be avoided
Frequent intervention of the Hypervisor required
Motivation for OS/Container Virtualization.
HW Virtualization comes with too much overhead, large images and long boot times.
-> do not virtualize entire machine, but reuse OS Kernel and isolate processes, virtualize access to resource by processes
Linux Kernel mechanisms for process isolation.
- chroot system call (root of dircetory to /)
- Namespaces (Separate view on kernel resources)
- Capabilities (slested capabilities like syscalls)
- cgroups (definition of resource usage)
- SELinux (security profiles)
VMs vs Containers.
VM images larger, boot times longer. VMs: - Complete isolation - Flexible OS - Live migration Containers: - Small images - Quick startup - Direct device access -> Tradeoff between performance and isolation & security
