CS431 Virtualization 12 Bw

8/11/2019 CS431 Virtualization 12 Bw

1/38

OS Virtualization

Tanenbaum 8.3

See references


2/38

cs431-cotter 2

Outline

What is Virtualization?

Why would we want it?

Why is it hard? How do we do it?

Choices


3/38

cs431-cotter 3


OS virtualization

Create a platform that emulates a hardware

platform and allow multiple instances of an

OS to use that platform, as though they havefull and exclusive access to the underlying

hardware


4/38

cs431-cotter 4


Hardware

Virtualization Platform

OS 3OS 1 OS 2 OS 4

ApplicationsApplications Applications Applications


5/38

cs431-cotter 5

VirtualizationWhy?

Server Consolidation

Often many servers support 1 major application

Strong isolation between VMs Virtualization saves on hardware & energy

Disaster Recovery

High Availability Testing and Deployment


6/38

cs431-cotter 6

VirtualizationWhy?

Desktop Consolidation

Support for legacy applications

Software Development

Training


7/38

cs431-cotter 7

The Problem

OS uses kernel mode / user mode to

protect the OS.

System calls (privileged instructions) generate

a trap (software interrupt) that forces a switch

to kernel mode

These calls trigger sensitive instructions(I/O,

MMU control, etc.) that must only be executedby the kernel


8/38

cs431-cotter 8

The Problem

If our VM now runs in user space, we

cannot run sensitive instructions in it, since

those must trap to kernel space.

Solved in 2005 with new CPUs

Intel Core 2VT (Virtualization Technology)

AMD PacificSVM (Secure Virtual Machine)

Provides new instructions that allow VM to

capture traps


9/38

cs431-cotter 9

Implementation

Type 1 Hypervisor

Type 2 Hypervisor

Paravirtualization


10/38

cs431-cotter 10

Type 1 Hypervisor

Runs on bare metal

Virtual machines run in user mode

VM runs the guest OS (which thinks it is

running in kernel mode)Virtual kernel Mode If guest OS calls sensitive instructions,

hypervisor will trap and execute theinstructions.

If application on guest OS calls sensitiveinstructions (system calls), hypervisor traps toguest OS.


11/38

cs431-cotter 11

Figure 8-26. When the operating system in a virtual machineexecutes a kernel-only instruction, it traps to the hypervisor if

virtualization technology is present.

Type 1 Hypervisors

Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13-6006639


12/38

cs431-cotter 12

Type 2 Hypervisor

Runs from within a OS.

Supports guest OSs above it. Boot from CD to load new OS

Read in code, looking for basic blocks Then inspect basic block to find sensitive instructions.

If found, replace with VM call (process called binarytranslation)

Then, cache block and execute.

Eventually all basic blocks will be modified andcached, and will run at near native speed.


13/38

cs431-cotter 13

Type 2 Hypervisor

Hardware

Virtualization Platform

OS 3OS 1 OS 2

ApplicationsApplications Applications

Applications

Base Operating System


14/38

cs431-cotter 14

Paravirtualization

Modify Guest OS so that all calls tosensitive instructions are changed tohypervisor calls.

Much easier (and more efficient) to modifysource code than to emulate hardwareinstructions (as in binary translation).

In effect, turns the hypervisor into amicrokernel.


15/38

cs431-cotter 15

Figure 8-27. A hypervisor supporting both true

virtualization and paravirtualization.

Paravirtualization (1)



16/38

cs431-cotter 16

Problems with Paravirtualization

Paravirtualized systems wont run onnative hardware

There are many different paravirtualization

systems that use different commands, etc. VMware, Xen, etc.

Proposed solution:

Modify the OS kernel so that it calls a special

set of procedures to execute sensitiveinstructions (Virtual Machine Interface )

Bare metallink to library that implement code

On VMlink to VM specific library


17/38

cs431-cotter 17

Figure 8-28. VMI Linux running on (a) the bare

hardware (b) VMware (c) Xen.

Paravirtualization (2)



18/38


19/38

cs431-cotter 19

Memory Virtualization

OS tracks mapping of virtual memory

pages to physical memory pages.

Builds page tables, then update paging

register (trap).

Allow hypervisor to manage page

mapping, and use shadow page tables for

the VMs


20/38

Memory Virtualization

Changes to page tables do NOT trap!

One solution: Mark shadow page tables as

read only. Then when VM tries to write to

table, page fault traps to hypervisor.

Paravirtualized OS: Since OS has been

modified to account for hypervisor, page table

updates can be followed by call to hypervisorabout changes.

cs431-cotter 20


21/38

cs431-cotter 21

I/O Virtualization

Each guest OS holds its own partition.

Typically implemented as a file or region on

disk

Hypervisor must convert guest OS address

(block #) into physical address in region

May convert between storage types.

Must deal with DMA requests


22/38


23/38

Installing a Virtual machine

Will first install VirtualBox as hypervisor

Base OS is Windows 7

Guest OS will be Ubuntu 12.04.1

cs431-cotter 23


24/38

Installing VirtualBox

cs431-cotter 24


25/38


26/38

Installing VirtualBox

cs431-cotter 26


27/38


28/38

Installing Ubuntu VM

cs431-cotter 28


29/38


cs431-cotter 29


30/38


cs431-cotter 30


31/38


cs431-cotter 31


32/38

Installing

UbuntuVM

cs431-cotter 32


33/38


cs431-cotter 33


34/38


cs431-cotter 34


35/38


cs431-cotter 35


36/38

cs431-cotter 36

Summary

Virtualization provides a way to

consolidate OS installations onto fewer

hardware platforms

3 basic approaches

type 1 hypervisor

type 2 hypervisor

Paravirtualization

Must also account for virtual access to

shared resources (memory, I/O)


37/38

cs431-cotter 37

References

Virtual Machine Interface

http://vmi.ncsa.uiuc.edu/

VirtualBox https://www.virtualbox.org

Xen Hypervisor (Red Hat Linux)

http://www.xen.org/ Virtual PC 2007

http://www.microsoft.com
http://vmi.ncsa.uiuc.edu/https://www.virtualbox.org/wiki/Downloadshttp://www.xen.org/http://www.microsoft.com/http://www.microsoft.com/http://www.xen.org/https://www.virtualbox.org/wiki/Downloadshttp://vmi.ncsa.uiuc.edu/


38/38

cs431 cotter 38

Questions

In terms of resource allocation does a type 1

hypervisor leave more or less space for guest

OSs than a type 2 hypervisor? Why?

In terms of a access to a guest OS, what is thedifference between a bridged interface and a

NAT interface?

What changes are needed to convert a guest

OS into a paravirtualized OS?

Why has virtualization not been available on

PCs until recently (2005)?

CS431 Virtualization 12 Bw

Documents

Transcript of CS431 Virtualization 12 Bw