VL 3 Flashcards
What is virtualization?
Computer architecture technology by which multiple virtual machines are multiplexed in the same hardware (access same hardware)
Creating resources in a layer abstracted from real hardware
Objectives of virtualization
Resource sharing by many users at a time
Replace and upgrade hardware in the fly
Add new devices without reboot
Reduce down time
Offer administrative tasks (installing software) at runtime
Faster provisioning of multiple machines
Modes of operation
Kernel mode: OS allows all CPU instructions to execute on the underlying hardware
Kernel codes do not execute in the USER mode
User mode: OS allows only a few instructions to be executed
If user apps have to execute privileged instructions, applications ask kernels to do the work
System calls and CPUs
OS does:
Process Management, Memory Management, File Management, Network Management, Scheduling, Timing
How many cycles does system call make?
Around 242
Hypervisor: Bare Metal Virtualization
Guest Applications Ring 3
Guest OSs Ring 1
—————
VMM Ring 0
Hardware
Hypervisor: Hosted Virtualization
Hypervisor (VMM) is loaded on top of OS.
Guest OS runs on hosted Hypervisors.
Parallels, oracle Virtualbox
Guest OS
VMM
—————
Host OS(Linux, MacOS)
Hardware
Implementation: Full virtualization
Guest OS is not modified
Guest OS Ring 1
———————
VMM Ring 0
Hardware
What happens if privileged instructions are executed in Full Virtualization?
They are trapped due to execution in less privileged ring.
VMM intercepts such traps and emulates instruction on the fly
Impact of system calls
A binary translated system call with 32-but guest OS running on ring 1 takes around 2300 cycles
Reason: CPU issues fault message for every system call. Later, they were translated and executed
Impact of I/O Virtualization
Bigger issue compared to CPU virtualization.
CPU could be added by replacing dual core CPU to quad cores
But memory bandwidth or data path or I/O chipset could not be easily modified/upgraded in a computing machine.
All guest OS should wait for physical I/O
Impact of memory virtualization
Was introduced to reduce system crash
Memory management technique: maps programs memory addresses to the underlying physical machine memory
Adv: increased security; isolation; freeing applications
Mapping in memory virtualization in VM
Programs memory Adresses are mapped to Virtual physical memory and then to physical memory => 2-stage mapping process for any guest OS
GuestOS machine memory access, memory virtualization
Cannot directly access, VMM does mapping of addresses
The page table in VMM is called shadow page table
Implementation: Para Virtualization
Guest OS needs to be modified at the source code level
Why not normal OS from Internet? Privileged instructions go directly to Hypervisor, because OS instructions are already translated in OS
Hypervisor provides interfaces to accommodate critical kernel operations like memory management
Why is performance good in Para Virtualization?
Because it avoids unnecessary trapping of critical instructions
Purpose of Hardware-assisted virtualization
Quickly identify the privilege instructions and efficiently execute them
=> one more high priority level VMX Root mode for VMM
Guest OS: ring 0
Bare metal Virtualization: pros and cons
Barr metal can be slower
Resources requirements are comparatively low
High scalability
Multiple VMs can share a single machine/cluster
In cloud, 1000s of VMs are required
=> hosted virtualization is better solution in terms of scalability
Hosted virtualization- OS level. How can be built ?
VMM is not b top ofHost OS
Built with namespaces and cgroups
Linux Namespaces
Used to limit the views
Wrap a group of resources
Kinds of namespaces
PID namespace: create another set of PID from PID 1 for that specific namespace
Cgroup namespace: offers new views to root directories for processes, isolates and manages resources
Network namespace: offers new view for network resources
Cgroups - control groups
Limits application to a specific set of resources
Provides mechanism for aggregating/partitioning set of tasks
Types of cgroups
Memory
CPU
Devices
Memory cgroup
Memory resource controller
Creates a cgroup with a limited amount of memory
Features:
Accounting: how much memory pages are utilized by a specific group of running processes ?
Limiting: soft limit: memory allotted if available
Hard limit: memory is not allotted to group if tasks
Impact exceeding hard limit of memory cgroup
Kernel triggers Out of memory killer process to kill any running processes
Customize solution for handling hard limit
Custom OOM Killer process
- All processes are stopped processing
- Notify user space
- User could kill specific processes
- Or, user could increase hard limit specified in cgroups
- When done, unfreeze the group
Containers
Uses kernel features (cgroups and namespaces)
Provides environment where hardware is shared among multiple users
Lightweight VM
Less space
Can get a shell on it via SSH
Container 1 Container 2
Shared kernel of OS
OS
Machine
Docker
Utilizes container technology
Easily ports containers
Replicates containers across environments
Docker vs Virtual Machine
Problems with VM: size, memory, integration
Repetition of Guest OS is avoided in docker through union file system
Docker Containers: Operations
Caches the layers for the first time of building them
=> fast deployment
Docker Architecture
Follows client-server architecture
Docker compose
Build and run multi-container docker applications
VMWare Topology
Architecture to create virtual data center
VMWare components
VMware ESX server
Virtual machine file system
vCenter management server
Virtual Infrastructure clients
Virtual Infrastructure web access
Distributed Services: VMWare Vmotion
Enables migration of virtual machines from one host memory to another without service interruption
Distributed Services: Storage vMotion (SVMotion)
Does same as vMotion but also moves storage information
Enables data center level VM migration
