20/01/2024

Virtualization
Concepts

What is Virtualization

 Virtualization abstracts the underlying resources and

simplifies their use, isolates users from one another,
and supports replication, which, in turn, increases
the elasticity of the system.

 Virtualization is a critical aspect of cloud computing,

equally important to the providers and consumers of
cloud services, and plays an important role in:
 Performance and reliability because it allows
applications to migrate from one platform to another.
 The development and management of services offered
by a provider.
 Performance isolation.

1
 20/01/2024

What is Virtualization

 Virtualization simulates the interface to a physical object by any one of

four means:
 1. Multiplexing. Create multiple virtual objects from one
instance of a physical object. For example, a processor is
multiplexed among a number of processes or threads.
 2. Aggregation. Create one virtual object from multiple
physical objects. For example, a number of physical disks
are aggregated into a RAID disk.
 3. Emulation. Construct a virtual object from a different
type of physical object. For example, a physical disk
emulates a random access memory.
 4. Multiplexing and emulation. Examples: Virtual memory
with paging multiplexes real memory and disk, and a
Virtual address emulates a real address; TCP emulates a
reliable bit pipe and multiplexes a physical communication
channel and a processor.

What is Virtualization

BefOl"e VlrtuallzaUon: After Vlrtuallzatlon:

• SingMos '"'ave pamacNne • ""dw ..,.. Inde~ of opM"ltrng
• SoEn-",and Nmw- tighllycoup&ed ¥1,"" and .ppIk.tion ..

• R"nnlfIQ"",hJPIOe .. ppIIc;.tiofu on ........ madW.

."_,,.,.. .. OI)n#Iia
.,..,~
•vnu.1rnxhinM can t. prorit,loMCi to any

• CAn INnagoI' OS and apP\carion aa .. ~

"nit by enops ..... ing tlwm Into vinlJ&l
"""',_

2
 20/01/2024

Virtualization Concept

Virtual Resources
IXlSubstitutes for real resources: same interfaces/functions, different attributes.
IXlOften of part of the underlying resource, but may span multiple resources.

Virtualization - a substitution process

IXlCreates virtual resources from real resources.
IXlPrimarily accomplished with software and/or firmware.

IXlSeparates presentation of resources to users from actual resources

IXlAggregates pools of resources for allocation to users as virtual resources
5

Virtualization how

 Virtualization… How?
 By adding a layer
between execution
stack layers.
 Types of Virtualization

3
 20/01/2024

Virtualization how

 Hardware-level Applications
virtualization
 VMM* is placed between the
hardware and the OS.
 Could provide a different ISA.
 e.g. Emulators.
 Tasks:
 Maps virtual resources to real
ones.
 Translate virtual instructions to
real one
 * VMM = Virtual Machine
Monitor

Virtualization how

 System-level AppI.icaliODS
virtualization
 placed between the OS
and other OS e.g. VMware
Wks and UML
 Enable several OS to run
on single hardware.
 Terminology
 Host OS
 Guest OS
 Guest OS and VM run in
Application privilege ring.

4
 20/01/2024

Virtualization how

 Application- Applications
level
virtualization
 VM is placed between the OS and
the applications.
 e.g. Java Virtual Machine (JVM)
Provide same interface to all
 Application, irrespective of OS.
 Provide Application Sand-boxing.
 Tasks:
 Translate Application byte code
to
 OS-specific executable.

Memory virtualization

 Beyond CPU virtualization, This involves sharing the

physical system memory and dynamically allocating it to
virtual machines.
 The operating system keeps mappings of virtual page
numbers to physical page numbers stored in page
tables.
 All modern x86 CPUs include a memory management
VM1 VM2
unit (MMU) and a translation look-aside buffer (TLB) to
optimize virtual memory performance.
Process I Process 2 Process 1 Process 2
~Vlrtual
Memory

10

5
 20/01/2024

Device and I/O Virtualization

 The final component  The hypervisor

required beyond CPU virtualizes the
and memory physical hardware and
virtualization is device
presents each virtual
and I/O virtualization.
machine with a
 This involves managing standardized set of
the routing of I/O virtual devices as
requests between virtual seen in Figure
devices and the shared
physical hardware

11

Network Functions
Virtualization
 Network functions virtualization (NFV) (also known as virtual network
function (VNF)) offers a new way to design, deploy and manage networking
services.
 NFV decouples the network functions, such as network address translation
(NAT), firewalling, intrusion detection, domain name service (DNS), and
caching, to name a few, from proprietary hardware appliances so they can
run in software.
 It’s designed to consolidate and deliver the networking components needed
to support a fully virtualized infrastructure – including virtual servers,
storage, and even other networks.
 It utilizes standard IT virtualization technologies that run on high-volume
service, switch and storage hardware to virtualize network functions.
 It is applicable to any data plane processing or control plane function in
both wired and wireless network infrastructures
12

6
 20/01/2024

Network Functions
Virtualization
True Network Virtualization

Logical Topology

UidoNat aduhoo dlagramprow:lgd by Midckulll

13

Virtual machine monitors/

Hypervisors
 A virtual machine monitor (VMM), also called a hypervisor,
is the software that securely partitions the resources of a
computer system into one or more virtual machines.
 A guest operating system is an operating system that runs
under the control of a VMM rather than directly on the
hardware.
 The VMM runs in kernel mode, whereas a guest OS runs in
user mode.
 Sometimes the hardware supports a third mode of
execution for the guest OS.
 VMMs allow several operating systems to run concurrently
on a single hardware platform; at the same time, VMMs
enforce isolation among these systems, thus enhancing
security.
14

7
 20/01/2024

Virtual machine monitors/

Hypervisors
 A VMM controls how the guest operating system uses the hardware resources.
The events occurring in one VM do not affect any other VM running under the
same VMM.

 At the same time, the VMM enables:

 Multiple services to share the same platform.
 The movement of a server from one platform to another, the so-called live migration.
 System modification while maintaining backward compatibility with the original
system.

 When a guest OS attempts to execute a privileged instruction, the VMM traps the
operation and enforces the correctness and safety of the operation.

 The VMM guarantees the isolation of the individual VMs, and thus ensures
security and encapsulation, a major concern in cloud computing.
15

Virtual machine monitors/

Hypervisors
 At the same time, the VMM monitors system performance and takes corrective
action to avoid performance degradation; for example, the VMM may swap out a
VM(copies all pages of that VM from real memory to disk and makes the real
memory frames available for paging by other VMs) to avoid thrashing.

 A VMM virtualizes the CPU and memory. For example, the VMM traps interrupts
and dispatches them to the individual guest operating systems.

 If a guest OS disables interrupts, the VMM buffers such interrupts until the guest
OS enables them.

 The VMM maintains a shadow page table for each guest OS and replicates any
modification made by the guest OS in its own shadow page table.

 This shadow page table points to the actual page frame and is used by the
hardware component called the memory management unit (MMU) for dynamic
address translation. 16

8
 20/01/2024

Type 1 hypervisors

 Type 1 hypervisor is installed directly on bare-

metal hardware, it doesn't require an additional OS, it is
the OS, even it is a light or minimal OS
 Examples:
 HyperOne, Xen, PikeOS, OKL4, Vmware ESX
 Advantages:
 System is thin, the hypervisor has direct access to the HW
 higher density hardware.
 Disadvantages:
 HW should support virtualization technology,
 costlier and Really bad console interface.

17

Type 1 hypervisors

Type 1 hypervisor

Operating system 1 Operating system 2

Hypervisor

Hardware

Figure 2. AType 1 01' bare-metal hypervisor sits directly 011 the host
hardware,

18

9
 20/01/2024

Type2 Hypervisors

 Type 2 hypervisor
 Type 2 is more of an application installed on an operating
system and not directly on the bare-metal.
 EX. VirtualBox and Vmware Workstation
 Advantages:
 Run on a greater array of HW because the underlying Host OS
is controlling HW access,
 Easy user interface, Data can be secured on the desktop
 Disadvantages:
 Decreased security, Loss of Centralized Management, Lower
VM Density,
 Cannot support as many VMs are the first type.

19

Type2 Hypervisors

Type 2 hypervisor

-
Operating system 2 (guest)

Operating system 1 (host)

Hypervisor •
Hardware

Ftgure 1, A Type 2 hypervtsor l'UllS as an application on a host

operanng system,

20

10
 20/01/2024

Virtual Machines

 A virtual machine (VM) is an isolated environment that

appears to be a whole computer but actually only has
access to a portion of the computer resources

 Each VM appears to be running on the bare hardware,

giving the appearance of multiple instances of the same
computer, though all are supported by a single physical
system

21

Key Concepts: Process vs.

System
·Thereare two kinds of virtual machines: process and system.
Process virtual machine can support an individual process .
• System virtual machine can run a complete as plus environment.

W32I W32
Java JIIVa
App Aw
Native Netive
:.a:;e l\;:e f-:-:--+-7-:-:--1 App App \\rindows

VM VM VMM

Linux Linux

x86 186

Process VM System VM

E.g. running an x86 E.g. running an instance of Linux its (and

application on a PowerPc applications) on Windows

22

11
 20/01/2024

VM Taxonomy

Process VMs System VMs

different II ~di".:~ent
same/SA /SA same/s~ ~

Multi IA-32 EL IBM VM/370 VirtualPC for Mac

programmed
Systems
HP VMware Wks Transmeta
Java VM
Dynamo

23

Challenges of virtualization

 Performance degradation -
 As it interposes and abstraction layer between guest &
host.
 Inefficiency and degraded user experience
 Some of specific features of the host is unexposed.
 Security holes and new threats
 Case 1 – emulating a host in a completely transparent
manner.
 Case 2 - H/w virtualization , malicious programs can
preload themselves before the OS and act as a thin VMM.

24

12
 20/01/2024

Major Vendors of Hypervisor

~KVM OpenVZ

EMU Microsoft
Hyper-V

. AenServer
CiTRlX'V

Container -
LC~:''..·...,,-; r"
'._./
~
"';; // (.O.(J)~i)(tllf
,.,j\_.,\,:::~~\.:)

Technology

26

13
 20/01/2024

Docker containers

 PACKAGE YOUR APPLICATION INTO A STANDARDIZED UNIT

FOR SOFTWARE DEVELOPMENT
 Docker containers wrap a piece of software in a
complete filesystem that contains everything needed to
run: code, runtime, system tools, system libraries –
anything that can be installed on a server.
 This guarantees that the software will always run the
same, regardless of its environment.

27

Docker containers

 LIGHTWEIGHT
 Containers running on a single machine share the same
operating system kernel; they start instantly and use less RAM.
 Images are constructed from layered file systems and share
common files, making disk usage and image downloads much
more efficient.
 OPEN
 Docker containers are based on open standards, enabling
containers to run on all major Linux distributions and on
Microsoft Windows -- and on top of any infrastructure.
 SECURE BY DEFAULT
 Containers isolate applications from one another and the
underlying infrastructure, while providing an added layer of
protection for the application.
28

14
 20/01/2024

Docker containers

 ACCELERATE DEVELOPERS
 Stop wasting hours setting up developer environments,
spinning up new instances, and making copies of production
code to run locally. With Docker, you simply take copies of
your live environment and run them on any new endpoint
running a Docker engine.
 EMPOWER CREATIVITY
 The isolation capabilities of Docker containers free developers
from constraints: they can use the best language and tools for
their application services without worrying about causing
internal tooling conflicts.
 DISTRIBUTE & SHARE CONTENT
 Store, distribute, and manage Docker images in Docker Hub
with your team. Image updates, changes, and history are
automatically shared across your organization.

29

COMPARING CONTAINERS AND

VIRTUAL MACHINES
Containers and virtual machines have similar resource isolation and allocation
benefits -- but a different architectural approach allows containers to be
more portable and efficient.

VIRTUAL MACHINES CONTAINERS

 Virtual machines include the  Containers include the application
application, the necessary binaries
and all of its dependencies --but
and libraries, and an entire guest
share the kernel with other
operating system -- all of which can
containers, running as isolated
amount to tens of GBs.
processes in user space on the host
operating system.
 Docker containers are not tied to
any specific infrastructure: they run
on any computer, on any
infrastructure, and in any cloud.
30

15
 20/01/2024

COMPARING CONTAINERS AND

VIRTUAL MACHINES

VIRTUAL MACHINES CONTAINERS

31

OPEN Container initiative

 The Open Container Initiative (OCI) is a lightweight, open

governance structure (project), formed under the auspices
of the Linux Foundation, for the express purpose of
creating open industry standards around container formats
and runtime.
 The OCI was launched on June 22nd 2015.
 This entire workflow should support the UX that users have
come to expect from container engines like Docker and rkt:
primarily, the ability to run an image with no additional
arguments:

 docker run example.com/org/app:v1.0.0

 rkt run example.com/org/app,version=v1.0.0

32

16
 20/01/2024

OPEN Container initiative

Ye!r:~. "APCERA Opprenda I'" aqua ~at&t .,,'0110.

CISCO

,,~~~

EMc'
!®:c_ln-" Oeore

facebook FUJITSU gOUlman

acns Google
OATERA

•
e ,_
_.- oocter

~!. --- -
Infoblox.' @ OJoyent liII
IUSMATIC

,
tiiIIKyup

Pivotal
~
MESOSPHERE

;:;OLYVERSE
DMIaosoft

'I J)OffWOlX ....

RANCHfR
Nl)1;6.N'K

",edhat
~

aQIIIlr.JIoo

resm.io
! ~U5E Osysdig 8 'ock
~
IE Verizonlabs -.:I,rtuozzovmware- l!>- m:::I:;::-
33

17