Virtualiz V zation:ALimit tlessW World

1)Abstract: 1 Virtualiz zation,incom mputing,isth hecreationo ofavirtual(r ratherthana actual)versio onofsometh hing, suchasa ahardwarep platform,op peratingsyste em,astorag gedeviceorn networkreso ources. Theusua algoalofvir rtualizationis stocentraliz zeadministra ativetasksw whileimproviingscalabilityand overallh hardwareres sourceutiliza ation. 2)Introduction: 2 Inthepa ast Oneope eratingsystemononemachine,sot heOShadco ompletecon ntrolofthere esourcesint that machine e.Variousap pplicationsw wouldrunon thatmachin ne,buttheseapplications scouldaffec ct eachoth her.Machine eutilisationw wasverylow w,mosttimes sitwasbelow w25%.Other rdisadvantages were: Lowserveru utilization,an nd Overallincre easeinhardw warecost,et tc.

Virtualiz zationera RobertP P.Goldbergd describesthe ethenstate ofthingsinhis1974pap pertitledSur rveyofVirtu ual Machine esResearch. .Hesaid: Virtualmac chinesystem mswereorigi nallydevelopedtocorre ectsomeoft theshortcom mingsof thetypic calthirdgenerationarch hitecturesan dMultiprog grammingop peratingsyst temse.g.OS S/360. Ashepo ointsout,suc chsystemsh hadadualst atehardwar reorganizatio onaprivile egedmodea anda nonpriv vilegedmode e.Inprivilege edmodealliinstructionsareavailable etotheappllicationwhile einnon privilage edmodetheyarenot.Th heo.sprovid desasmallre esidentprogramcalledth heprivileged d software enucleus(an nologustoke ernel).User programsco ouldexecute thenonpriv vilegedhardware instructi ionsormake esupervisory ycallse.g., SVC's(anal logoustosys stemcalls)to otheprivileg ged software enucleusinordertohav veprivileged functionse e.g.,I/Operformedont theirbehalf. zationisasoftwarelayer rinbetween themachine eandtheop peratingsyste em.Essentia allywhat Virtualiz thissoft twarelayerd doesistodiv videthereso urcesofthemachineam mongalltheg guestoperat ting eofmultiplexingthehard dwareresou urcestoseve eral systems.TheVirtualizationLayerisincharge ngsystems.E EachOShastheillusiont thatitcontro olsthecomp pletehardwa arebut,infac ct,the operatin machine ecannowho ostanumberofoperatin ngsystemsbecausethev virtualization nlayermakesallthe switchin ngbehindsce enes. Supportingmultipleinstancesof fOperatingS Systems:Hom mogeneousorHeteroge neous,onep physical machine ecanhostse everalLinux/Windowcop pies.

3)HardwareSpecificatio ons: x86mod des:Privilage elevels Theproc cessorssegm mentprotec ctionmechan nismrecognizes4privileg gelevels,nu mberedfrom m0to3. Thegrea aternumber rsmeanlesse erprivileges. . Thefig.showshowt theselevelsofprivilegec canbeinterp pretedasringsofprotect tion.Thecen nter (reserve edforthemo ostprivileged dcode,data, ,andstacks) )isusedfort thesegment tscontaining gthe criticals software,usu uallythekernelofanope eratingsyste em.Outerringsareusedf forlesscritic cal software e.(Systemst thatuseonly y2ofthe4p possibleprivi ilegelevelsshouldusele evels0and3.) Theproc cessorusesp privilegeleve elstopreven ntaprogram mortaskoperatingatale esserprivileg gelevel fromacc cessingaseg gmentwitha agreaterpriv vilege,excep ptundercontrolledsituat tions.Whenthe ception(#GP processo ordetectsaprivilegelevelviolation, itgenerates sageneralprotectionexc P). Tocarry youtprivilegelevelcheck ksbetweenc codesegmen ntsanddatasegments,t theprocesso or recogniz zesthefollow wingthreety ypesofprivillegelevels: Curren ntprivilegele evel(CPL) TheCPList theprivilegelevelofthecurrentlyexe ecutingprog gramor task.Itis sstoredinbits0and1o oftheCSand dSSsegment tregisters.Normally,the eCPLisequaltothe privilege elevelofthe ecodesegme entfromwh ichinstructio onsarebeing gfetched.Th heprocessor r changes stheCPLwhe enprogramcontrolistra ansferredtoacodesegm mentwithad differentpriv vilege level. Descriptorprivileg gelevel(DPL) )TheDPL istheprivile egelevelofa asegmentor rgate.Itisst toredin theDPLfieldofthes segmentorg gatedescript torforthese egmentorga ate.Whenth hecurrently executin ngcodesegm mentattemp ptstoaccess asegmento orgate,theD DPLofthese egmentorga ateis compare edtotheCPLandRPLof thesegmen f ntorgateselector(asdes scribedlater rinthissection).The DPLisin nterpreteddi ifferently,de ependingon thetypeofsegmentorg gatebeinga ccessed. Reque estedprivileg gelevel(RPL) )TheRPL isanoverrid deprivilegelevelthatisa assignedtos segment selector rs.Itisstored dinbits0and1ofthese egmentselec ctor.Thepro ocessorcheck kstheRPLal long withthe eCPLtodete ermineifaccesstoasegm mentisallow wed.Evenift theprogramortaskrequ uesting accessto oasegmenthassufficien ntprivileget toaccessthe esegment,accessisdeniiediftheRPL Lisnot ofsufficientprivilege elevel.Thatis,iftheRPL Lofasegmentselectoris snumerically ygreatertha anthe CPL,the eRPLoverridestheCPL,a andvicevers sa.TheRPLc canbeusedt toinsuretha atprivilegedcode doesnot egmentonbe ehalfofana pplicationpr rogramunlesstheprogra amitselfhas saccess taccessase privilege esforthatse egment. Privilege elevelsarec checkedwhe enthesegme entselectoro ofasegment tdescriptoriisloadedintoa segment tregister.Th hechecksuse edfordataa accessdifferfromthoseusedfortran nsfersofpro ogram controla amongcodesegments;t therefore,th hetwokindsofaccessesareconsider redseparatelyinthe followingsections.

VirtualM MachineMo onitor tualmachine einterfacesw withitshost tsystemviat thevirtualm machinemon itor(VMM).Being Eachvirt theprim marylinkbetw weenaVMa andthehost tOSandhard dware,theV VMMprovide esacrucialrole. TheVMMprimarily: mulatedhardwaretothe virtualmach hine Presentsem IsolatesVMs sfromtheho ostOSandf romeachother

ThrottlesindividualVMaccesstosystemresources,preventinganunstableVMfrom impactingsystemperformance PasseshardwareinstructionstoandfromtheVMandthehostOS/hypervisor Whenfullvirtualizationisemployed,theVMMwillpresentacompletesetofemulatedhardwareto theVM'sguestoperatingsystem.ThisincludestheCPU,motherboard,memory,disk,diskcontroller, andnetworkcards.Forexample,MicrosoftVirtualServer2005emulatesanIntel21140NICcardand Intel440BXchipset.Regardlessoftheactualphysicalhardwareonthehostsystem,theemulated hardwareremainsthesame. ThenextsignificantroleoftheVMMistoprovideisolation.TheVMMhasfullcontrolofthephysical hostsystem'sresources,leavingindividualvirtualmachineswithaccessonlytotheiremulated hardwareresources.TheVMMcontainsnomechanismsforinterVMcommunication,thusrequiring thattwovirtualmachineswishingtoexchangedatadosooverthenetwork. AnothermajorroleoftheVMMistomanagehostsystemresourceaccess.Thisisimportant,asit canpreventoverutilizationofoneVMfromstarvingouttheperformanceofotherVMsonthesame host.Throughthesystemconfigurationconsole,systemhardwareresourcessuchastheCPU, network,anddiskaccesscanbethrottled,withmaximumusagepercentagesassignedtoeach individualVM.ThisallowstheVMMtoproperlyscheduleaccesstohostsystemresourcesaswellas toguaranteethatcriticalVMswillhaveaccesstotheamountofhardwareresourcestheyneedto sustaintheiroperations. ClassicallytherearetwotypesofVMM. AtypeIIVMMisonethatrunsontopofahostingoperatingsystemandthenspawnshigherlevel virtualmachines.ExamplesoftypeIIVMMsincludetheJavaVMand.Netenvironment.These VMMsmonitortheirvirtualmachinesandredirectrequestsforresourcetoappropriateAPIsinthe hostingenvironment(withsomelevelofprocessinginbetween). AtypeIVMMisonethatrunsdirectlyonthehardwarewithouttheneedofahostingoperating system.TypeIVMMsarealsoknownas'hypervisors'sotheonlytruedifferencebetweenaVMM andahypervisoriswhereitruns.Thefunctionalityprovidedbybothisequitable.ExamplesoftypeI VMMsincludethemainframevirtualizationsolutionsofferedbycompaniessuchasAmdahland IBM,andonmoderncomputersbysolutionslikeVMwareESX,XenandWindowsvirtualization. Hypervisor TheprimaryroleofthehypervisoristoworkwiththeVMMtocoordinateaccesstothephysicalhost system'shardwareresources.ThisincludesschedulingaccesstotheCPUaswellasthedriversfor communicationwiththephysicaldevicesonthehost,suchasitsnetworkcards. Thetermhypervisorisusedtodescribealightweightoperatingshellthathasthesolepurposeof providingVMhostingservices.ThehypervisordiffersfromatraditionalOSinthattheOSmaybe designedforotherrolesonthenetwork.AsitistailoredtoVMhosting,ahypervisorsolution generallyoffersbetterperformanceandshouldhavefewersecurityvulnerabilitiesbecauseitruns fewservicesandcontainsonlyessentialcode.Hypervisorswrittenforhardwareassisted virtualizationcanembedthemselvesmuchdeeperintothesystemarchitectureandoffersuperior performanceimprovementsasaresult. LikeanytraditionalOS,ahypervisorbasedOSstillcontainsitsownoperatingsystemcode; therefore,maintainingsecurityupdatesisstillimportant.UnlikeatraditionalOS,hypervisorsare vendorspecific,soanyneededhypervisorpatchesorsecurityupdateswillcomedirectlyfromthe virtualizationsoftwarevendor.Becausehypervisorsarevendorcentric,individualdevicesupport oftencomesdirectlyfromthevirtualizationvendors.Hence,itisimportantfortheorganizationto ensurethatanyplannedvirtualizationproductsarecompatiblewithitsexistingorplannedsystem hardware.WhenhostingVMsonatraditionalOSsuchasSUSELinuxEnterpriseServerorWindows ServerLonghorn,theorganizationwillfindthatwhilethehostOShasalargerfootprintthana hypervisor,itdoesprovideadditionalflexibilitywithhardwaredevices. Bothhypervisorsandoperatingsystemshavetheirstrengthsandweaknesses.Operatingsystems providegreaterdevicesupportthanhypervisors,butalsorequireattentiontoensurethattheyare currentonallpatchesandsecurityupdates.Hypervisorsrunonminimaldiskandstorageresources, butpatchesanddevicedriversmustcomedirectlyfromthevirtualizationsoftwarevendor.

 VMMvs sHypervisor r Thereareanumber rofdifferentprogramsa ndimplementationsthat tusethemo oniker'Virtua al eMonitor'.Inthesimple esttermsth heVMMisth hepieceofsoftwareresp ponsiblefor Machine monitor ringandenfo orcingpolicyonthevirtu almachinesforwhichitisresponsib ble.Thismea ansthat theVMM Mkeepstrac ckofeveryth hinghappeni nginsideofavirtualmac chine,andw whennecessa ary provides sresources,redirectsthe evirtualmac chinetoreso ources,ordeniesaccesst toresources. Compar ringTradition nalx86Arch hitectureand dVirtualized dResourceA Access Operatin ngsystemsd designedforx86/x64env vironmentsa arewrittento ohavefullac ccesstoRing g0, whichiswheretheyrunprivilege edOSinstru ctions.Privilegedinstruc ctionsinclude eOSkernela and deviced driveraccesstosystemhardware.Ap pplicationsru unatRing3. Inavirtu ualizedenvir ronment,the eVMMruns atRing0alo ongwiththehostoperat tingsystem's skernel anddevicedrivers.E EachVMcannotbegiven nfullaccesst toRing0wit thoutinducin ngconflicts,sothe VMMru unsallVMsa atRing1.Bec causeprivileg gedinstructi ionswithintheguestexp pecttoruna atRing0, theVMM Mmustprov videtranslationinordert totrickthe eguestintobelievingtha atithasRing g0 access.I IftheguestO OSkerneldid dnotdeman ndRing0accessinthefir rstplace,the enthetransla ation wouldnotbenecess saryandthusperforman ncewouldim mprovesubstantially.This siswhere paravirtualizationco omesintopla ay. 4)Generatio 4 onsofVirtualization Basedontheextent tofvirtualiza ation,thewo orldofvirtua aizationisdiv videdintoth hreemajor categori iesbasedontheirgenera ations: FullV Virtualization n, fullvirtualizationisavirtualizat tiontechniqu ueusedtoprovideacert tainkindofv virtualmachine environm ment,namel ly,onethati isacomplete esimulation oftheunderlyinghardw ware.Full virtualizationrequire esthatevery ysalientfeat tureofthehardwarebereflectedint tooneof severalv virtualmachinesinclud dingthefulliinstructionset,input/outputoperati ons,interrup pts, memory yaccess,and dwhatevero otherelemen ntsareusedbythesoftw warethatrun nsonthebar re machine e,andthatis sintendedto oruninavirt tualmachine e.Insuchanenvironmen nt,anysoftw ware capableofexecution nontheraw whardwareca anberuninthevirtualm machineand ,inparticula ar,any operatin ngsystems.T Theobvioustestofvirtua alizationisw whetheranoperatingsys stemintende edfor standaloneusecan successfully yruninsidea avirtualmac chine.

Para aVirtualizatio on, paravir rtualization isa virtualization techniq uethatpresentsasoftw wareinterface virtual eto machine thatissimilarbutnoti es identicaltot thatoftheunderlyingha ardware.The intentofthe e modified dinterfaceis storeducetheportiono oftheguest's sexecutiont timespentp performing operatio onswhicharesubstantiallymorediff ficulttoruninavirtualenvironment comparedto oanon virtualizedenvironm ment.Theparavirtualizatiionprovides sspeciallyde efined'hooks s'toallowth he dacknowledg gethesetask ks,whichwo ouldotherwis sebeexecut tedin guest(s)andhosttorequestand thevirtu ualdomain(w whereexecu utionperform manceiswor rse).Asuccessfulparavir rtualizedplat tform mayallo owthe virtua almachinem monitor (VMM M)tobesimpler(byrelocatingexecu utionofcritic caltasks fromthe evirtualdom maintotheh hostdomain) ),and/orred ducetheoverallperforma ancedegradationof machine eexecutioni insidethevir rtualguest

 Hardwareassiste edvirtualization. hardwa areassistedvirtualizatio isa platfo rmvirtualiza on ation approachthatenab blesefficient full virtualizationusingh helpfromha ardwarecapa abilities,prim marilyfromthehostproc cessors.Full dtosimulate eacompletehardwareenvironment, virtualm ,or machine,inw whichan virtualizationisused unmodif fiedguest op peratingsystem (usingth hesame instr ructionset as sthehostm achine)exec cutesin complet teisolation.H Hardwareas ssistedvirtua alizationwas saddedto x8 processor 86 rs(IntelVTxo AMD or V)in200 06.Hardware eassistedvir rtualizationi salsoknown accelera nas atedvirtualiz zation; Xen calls it hardw warevirtualm machine(HVM), VirtualIr callsit na ron ativevirtuali ization.

5)Conclusion We ecantakevir rtualizationa asaneverlas stingtechnologyandwith htheadvanc cementinot ther scenerios,itssc copeisundo oubtedlyexp pectedtobec comeexpone entiallymor rewidesprea ad. Wit thvarioustypesofvirtua alizationslike eHardware,Desktop,Me emory,Softw ware,Dataand Net tworketc,its sapplication nandeconom micnaturew willdefinitely bringthebo oonspreadinevery asp pectoflife.

References: Website es: 1)http:/ //www.kerne elthread.com m/publicatio ns/virtualiza ation/ 2)http:/ //blogs.msdn n.com/b/virt tual_pc_guy/ /archive/200 06/07/10/661958.aspx 3)http:/ //en.wikiped dia.org/wiki/V Virtualizatio n 4)http:/ //en.wikiped dia.org/wiki/X X86_virtualiz zation 5)http:/ //en.wikiped dia.org/wiki/Operating_s systemlevel_ _virtualizatio on 6)www.vmware.com m Papers:

Xen a and the A of Vir Art rtualizatio on

Paul Barha _, Boris Drag am govic, Keir Frase Steven Hand Tim Harris, er, d, Alex Ho, R Neugebaue y, Ian Pratt, An Rolf er ndrew War_eld

University of Cambridge Computer Laboratory 15 JJ Thomson Avenue, Cambridge, UK, CB3 0FD
f

_rstname.lastnameg@cl.cam.ac.uk

Personalthanksto: 1)Mr.SaurabhSingh(BrainSoft,Noida) 2)Mr.AbhayVerma(ITVIIISemester,AKGEC) SubmittedBy:

Digitally signed by Ankur Verma Date: 2012.04.30 07:50:14 +05'30'

AnkurVerma B.TechVISemester Emailid:ankurv.a5b@live.in Contact:8860016877 ComputerScienceEngineeringDepartment AjayKumarGargEngineeringCollege Ghaziabad