L3 - Virtualization 1/2 Flashcards
VMM
Virtual Machine Manager (VMM) = hypervisor =
a type of software that allows multiple virtual machines (VMs) to run on a single physical machine. It creates a layer of abstraction between the physical hardware and the virtual machines, allowing multiple operating systems to run on the same physical hardware. Hypervisors are also referred to as virtual machine managers (VMM) or simply virtualizers.
What is virtualization?
Computer architecture technology by which multiple VMs are multiplexed in the same hardware.
3 objectives of virtualization
- enhance the resource sharing by many users simultaneously
- replace and upgrade hardware on the fly
- reduce downtime
Two modes of operating systems
kernel mode and user mode
What is the kernel mode?
- OS allows all CPU instructions to execute on the underlying hardware
- Kernel mode does not execute in the user mode
- Kernel processes run in the kernel mode with the superuser privilege
What is the user mode?
- OS allows only a few instructions to be executed
- if the user applications have to execute the privileged instructions then the applications ask kernels to do the work
- user applications can’t open files, send network packets, print to screen
Two distinct areas of memory
- user space
- kernel space
What is the user space?
- Set of locations where normal user processes run (everything other than the kernel)
- memory area where application software and some drivers execute
What is the kernel space?
- location where the code of the kernel is stored and executes under
- restricted for running privileged OS kernel
How many rings are there and which one is the most privileged ring?
There are rings 0,1,2,3 and ring 0 is the most privileged ring
What are the 4 rings?
Ring 0: kernel mode
Ring 1: Hypervisor
Ring 2: drivers
Ring 3: applications
What is Ring 2 in detail? (internet)
Drivers in ring 2 are typically used for managing peripheral devices such as disk drives, network interfaces, and other hardware. These drivers are responsible for communicating with the hardware, managing the data transfer between the hardware and the operating system, and providing a standard interface for applications to access the hardware.
What are the 4 processes that the OS does?
- process management (start, run, stop)
- memory management (allocate, deallocate)
- file management (open, close, modify, read, rename, create)
- network management (scheduling, timing)
What is a system call?
In user mode, the user applications initiate a system call to get OS-related services. The system call is a user space request of a kernel service.
Is a system call more expensive than a normal instruction?
Yes. It takes around 242 cycles.
What is a machine cycle?
Consists of the steps that a computer’s processor executes whenever it receives a machine language instruction.
3 types of virtualization
- Full-Virtualization (Software Assisted; Hardware Assisted: Type 1, Type 2)
- Para-Virtualization
- OS-level Virtualization
Software Assisted Full Virtualization
Software-assisted full virtualization uses binary translation when trapping and virtualizing the execution of instruction sets. The binary translation also emulates the hardware by utilizing software instruction sets.
Hardware-Assisted Full Virtualization
Hardware-assisted virtualization eliminates the need for binary translation. Privileged instructions can be executed directly on the processor.
Type 1 Hypervisor – also known as the bare-metal hypervisor type
Type 2 Hypervisor – also known as the hosted hypervisor type
What is a bare-metal hypervisor?
Type 1 Hypervisor
When a hypervisor is installed directly on the hardware of a physical machine, between the hardware and the operating system (OS).
Examples of bare-metal hypervisors
Hyper-v, VMware ESX/ESXi, Xen
Advantages of bare-metal hypervisors
Since there is no software of the operating system between the two, Type 1 can provide excellent stability and performance.
https://goabacus.com/three-types-of-server-virtualization-explained/#:~:text=This%20type%20of%20full%20virtualization,physical%20server%20and%20its%20hardware.
Challenges of bare-metal hypervisors?
- Isolation at the cost of size of the VM
- large VM of (800mb) –> challenge for scalability & migration, which is slower
What is hosted virtualization?
Type 2 Hypervisor
On top of host OS. Guest OS runs on VMM.
Examples of hosted virtualization
VMware workstation, VMware fusion, Oracle Virtualbox
Advantages of hosted virtualization?
- resource requirements are low
- high scalability (not many MB per machine) -> easy migration from one machine to another
- multiple VMs can share a single machine/cluster
OS-level virtualization
OS-level virtualization doesn’t use a hypervisor and doesn’t apply a host-guest paradigm. Instead, it utilizes a process called “containerization” which creates multiple user-space instances (containers or virtual environments) through a kernel in the OS.
- containers running on top of the OS kernel
- in the container, you can only run the OS that has the same kernel
Benefits of OS-level virtualization
- effective concerning software migration ( all the containers run on the same kernel)
- best for backup and recovery services
What is full virtualization?
In the full virtualization technique, the hypervisor completely simulates the underlying hardware. In full virtualization, the guest OS is unaware that it’s being virtualized.
What is a trap?
trap = localized exception which occurs when the guest OS does not have the privileges to run an instruction
What happens when several guest OSs execute privileged instructions to a single hardware?
- The Guest OSs are not able to execute privilege instructions to the hardware directly because they are not in ring 0
- The VMM is in between and coordinates the requests
- Every privilege instruction is trapped (it requires a s/w (software) interrupt) due to the execution in the less privileged ring
the VMM intercepts such traps and emulates the instruction on the fly
What is a binary translator?
VMware implemented a binary translator which overrides privileged instructions. The instructions can now go directly to the hypervisor
What is I/O in computing?
the communication between an information processing system, such as a computer, and the outside world,
IOV
Input/Output Virtualization (IOV) is a technology that allows multiple physical devices (e.g. network interfaces) to be shared among multiple virtual machines (VMs)
Impact of system calls
a binary translated system call with the 32-bit guest OS (e.g. Windows or Linux) running on ring 1 takes around 2300 cycles
- because CPU issues fault messages for every system call. They are later translated and executed
Impact of Memory Virtualization
- is a memory management technique
maps programs’ memory addresses (virtual addresses) to the underlying physical machine memory
Advantages of memory virtualization
- increased security
- isolation
- freeing applications
- reduce system crashes
How are memory addresses mapped in full virtualization?
- program’s memory addresses (virtual addresses of VMs) are mapped to virtual physical memory and then to physical memory (machine memory)
- it is a 2 stage mapping process for any guest OS –> Guest OS cannot directly access the machine memory
- VMM does the mapping based on a shadow page table
Disadvantages of full virtualization
- mapping by VMM of memory addresses takes 3 to 400 times more cycles than the native situation
- trapping and binary writing
- One disadvantage of full virtualization is that it can be resource-intensive, as each VM requires its own copy of the operating system and associated resources.
Advantages of full virtualization
The advantage of this approach is that it allows multiple VMs to run on a single physical machine, each with its own operating system and resources.
- Allows running the unmodified OS.
What is para virtualization?
- now the hypervisor has a less critical role
- the guest OS needs to be modified at the source code level –> runtime changes are avoided (no need for trapping and binary writing)
- performance is comparatively good
- hypervisor performs hypercalls to accommodate critical kernel operations
The guest systems are aware of each other’s presence and they all work as one entire unit.
What are hypercalls?
They allow the guest OS to communicate with the hypervisor
What is Hardware-assisted virtualization
- idea is to quickly identify the privilege instructions and to efficiently execute them
- in order to do so a high priority layer is added to the hardware level
- VMM works at this level and guest OS could operate at Ring 0
- highly portable as the hypervisor can run an unmodified guest OS
