UNIT II VIRTUALIZATION BASICS

Virtual Machine Basics – Taxonomy of Virtual Machines – Hypervisor – Key Concepts –

Virtualization structure – Implementation levels of virtualization – Virtualization Types:
FullVirtualization – Para Virtualization – Hardware Virtualization – Virtualization of
CPU, Memory andI/O devices.

Virtual Machine Basics

Virtual machines (VMs) presents a great opportunity for parallel, cluster, grid, cloud, and
distributed computing. Virtualization technology benefits the computer and IT industries by
enabling users to share expensive hardware resources by multiplexing VMs on the same set of
hardware hosts.

The idea of VMs can be dated back to the 1960s . The purpose of a VM is to enhance resource
sharing by many users and improve computer performance in terms of resource utilization and
application flexibility. Hardware resources (CPU, memory, I/O devices, etc.) or software
resources (operating system and software libraries) can be virtualized in various functional
layers. This virtualization technology has been revitalized as the demand for distributed and
cloud computing increased sharply in recent years.

Taxonomy of Virtual Machines

VIT/AIDS/CCS335/CLOUD COMPUTING/UNIT-II/2021R Page 1

• Virtual machines are broadly classified into two types: System Virtual Machines (also
known as Virtual Machines) and Process Virtual Machines (also known as Application Virtual
Machines). The classification is based on their usage and degree of similarity to the linked
physical machine. The system VM mimics the whole system hardware stack and allows for the
execution of the whole operating system Process VM, on the other hand, provides a layer to an
operating system that is used to replicate the programming environment for the execution of
specific processes.

• A Process Virtual Machine, also known as an application virtual machine, operates as a

regular program within a host OS and supports a single process. It is formed when the process
begins and deleted when it terminates. Its goal is to create a platform-independent programming
environment that abstracts away features of the underlying hardware or operating system,
allowing a program to run on any platform. With Linux, for example, Wine software aids in the
execution of Windows applications.

• A System Virtual Machine, such as VirtualBox, offers a full system platform that allows
the operation of a whole operating system (OS).

• Virtual Machines are used to distribute and designate suitable system resources to
software (which might be several operating systems or an application), and the software is
restricted to the resources provided by the VM. The actual software layer that allows
virtualization is the Virtual Machine Monitor (also known as Hypervisor). Hypervisors are
classified into two groups based on their relationship to the underlying hardware. Native VM is a
hypervisor that takes direct control of the underlying hardware, whereas hosted VM is a different
software layer that runs within the operating system and so has an indirect link with the
underlying hardware.

• The system VM abstracts the Instruction Set Architecture, which differs slightly from
that of the actual hardware platform. The primary benefits of system VM include consolidation
(it allows multiple operating systems to coexist on a single computer system with strong isolation
from each other), application provisioning, maintenance, high availability, and disaster recovery,
as well as sandboxing, faster reboot, and improved debugging access.

• The process VM enables conventional application execution inside the underlying

operating system to support a single process. To support the execution of numerous applications
associated with numerous processes, we can construct numerous instances of process VM. The
process VM is formed when the process starts and terminates when the process is terminated.
The primary goal of process VM is to provide platform independence (in terms of development
environment), which implies that applications may be executed in the same way on any of the
underlying hardware and software platforms. Process VM as opposed to system VM, abstracts
high-level programming languages. Although Process VM is built using an interpreter, it

VIT/AIDS/CCS335/CLOUD COMPUTING/UNIT-II/2021R Page 2

achieves comparable speed to compiler-based programming languages using a just-in-time
compilation mechanism.

Taxonomy of Virtualization Techniques

The first classification discriminates against the service or entity that is being emulated

• Virtualization is mainly used to emulate execution environments, storage and networks

• Execution virtualization is the oldest, most popular

• Two major categories: Process level, System level

• Process level techniques - on top of existing OS which has full control of the hardware

• System level- Directly on hardware and require minimum support from existing OS

Hypervisor

A hypervisor, also known as a virtual machine monitor or VMM. The hypervisor is a piece of
software that allows us to build and run virtual machines which are abbreviated as VMs. A
hypervisor allows a single host computer to support multiple virtual machines (VMs) by sharing
resources including memory and processing.

The hypervisor supports hardware-level virtualization on bare metal devices like CPU, memory,
disk and network interfaces. The hypervisor software sits directly between the physical hardware
and its OS. This virtualization layer is referred to as either the VMM or the hypervisor. The
hypervisor provides hypercalls for the guest OSes and applications.

Benefits of hypervisors

There are several benefits to using a hypervisor that hosts multiple virtual machines:

Speed: Hypervisors allow virtual machines to be created instantly, unlike bare-metal servers.
This makes it easier to provision resources as needed for dynamic workloads.

Efficiency: Hypervisors that run several virtual machines on one physical machine’s resources
also allow for more efficient utilization of one physical server. It is more cost- and energy-
efficient to run several virtual machines on one physical machine than to run multiple
underutilized physical machines for the same task.

Flexibility: Bare-metal hypervisors allow operating systems and their associated applications to
run on a variety of hardware types because the hypervisor separates the OS from the underlying
hardware, so the software no longer relies on specific hardware devices or drivers.

VIT/AIDS/CCS335/CLOUD COMPUTING/UNIT-II/2021R Page 3

Portability: Hypervisors allow multiple operating systems to reside on the same physical server
(host machine). Because the virtual machines that the hypervisor runs are independent from the
physical machine, they are portable. IT teams can shift workloads and allocate networking,
memory, storage and processing resources across multiple servers as needed, moving from
machine to machine or platform to platform. When an application needs more processing power,
the virtualization software allows it to seamlessly access additional machines.

Key Concepts of Virtualization

Virtualization is technology that you can use to create virtual representations of servers, storage,
networks, and other physical machines. Virtual software mimics the functions of physical
hardware to run multiple virtual machines simultaneously on a single physical machine.

Virtualization structure

1. Hypervisor and Xen Architecture:

The hypervisor supports hardware-level virtualization on bare metal devices like CPU, memory,
disk and network interfaces. The hypervisor software sits directly between the physi-cal
hardware and its OS. This virtualization layer is referred to as either the VMM or the hypervisor.
The hypervisor provides hypercalls for the guest OSes and applications. Depending on the
functionality, a hypervisor can assume a micro-kernel architecture like the Microsoft Hyper-V.
Or it can assume a monolithic hypervisor architecture like the VMware ESX for server
virtualization.

A micro-kernel hypervisor includes only the basic and unchanging functions (such as physical
memory management and processor scheduling). The device drivers and other changeable
components are outside the hypervisor. A monolithic hypervisor implements all the
aforementioned functions, including those of the device drivers. Therefore, the size of the

VIT/AIDS/CCS335/CLOUD COMPUTING/UNIT-II/2021R Page 4

hypervisor code of a micro-kernel hyper-visor is smaller than that of a monolithic hypervisor.
Essentially, a hypervisor must be able to convert physical devices into virtual resources
dedicated for the deployed VM to use.

1.1 The Xen Architecture

Xen is an open source hypervisor program developed by Cambridge University. Xen is a micro-
kernel hypervisor, which separates the policy from the mechanism. The Xen hypervisor
implements all the mechanisms, leaving the policy to be handled by Domain 0, Xen does not
include any device drivers natively. It just provides a mechanism by which a guest OS can have
direct access to the physical devices. As a result, the size of the Xen hypervisor is kept rather
small. Xen provides a virtual environment located between the hardware and the OS. A number
of vendors are in the process of developing commercial Xen hypervisors, among them are Citrix
XenServer and Oracle VM.

The core components of a Xen system are the hypervisor, kernel, and applications. The organi-
zation of the three components is important. Like other virtualization systems, many guest OSes
can run on top of the hypervisor. However, not all guest OSes are created equal, and one in
particular controls the others. The guest OS, which has control ability, is called Domain 0, and
the others are called Domain U. Domain 0 is a privileged guest OS of Xen. It is first loaded when
Xen boots without any file system drivers being available. Domain 0 is designed to access
hardware directly and manage devices. Therefore, one of the responsibilities of Domain 0 is to
allocate and map hardware resources for the guest domains (the Domain U domains).

For example, Xen is based on Linux and its security level is C2. Its management VM is named
Domain 0, which has the privilege to manage other VMs implemented on the same host. If
Domain 0 is compromised, the hacker can control the entire system. So, in the VM system,
security policies are needed to improve the security of Domain 0. Domain 0, behaving as a
VMM, allows users to create, copy, save, read, modify, share, migrate, and roll back VMs as
easily as manipulating a file, which flexibly provides tremendous benefits for users.
Unfortunately, it also brings a series of security problems during the software life cycle and data
lifetime.

2. Binary Translation with Full Virtualization

Depending on implementation technologies, hardware virtualization can be classified into two

cate-gories: full virtualization and host-based virtualization. Full virtualization does not need to
modify the host OS. It relies on binary translation to trap and to virtualize the execution of
certain sensitive, nonvirtualizable instructions. The guest OSes and their applications consist of
noncritical and critical instructions. In a host-based system, both a host OS and a guest OS are
used. A virtuali-zation software layer is built between the host OS and guest OS. These two
classes of VM architec-ture are introduced next.

VIT/AIDS/CCS335/CLOUD COMPUTING/UNIT-II/2021R Page 5

2.1 Full Virtualization

With full virtualization, noncritical instructions run on the hardware directly while critical
instructions are discovered and replaced with traps into the VMM to be emulated by software.
Both the hypervisor and VMM approaches are considered full virtualization. Why are only
critical instructions trapped into the VMM? This is because binary translation can incur a large
performance overhead. Noncritical instructions do not control hardware or threaten the security
of the system, but critical instructions do. Therefore, running noncritical instructions on
hardware not only can promote efficiency, but also can ensure system security.

The performance of full virtualization may not be ideal, because it involves binary translation
which is rather time-consuming. In particular, the full virtualization of I/O-intensive applications
is a really a big challenge. Binary translation employs a code cache to store translated hot
instructions to improve performance, but it increases the cost of memory usage. At the time of
this writing, the performance of full virtualization on the x86 architecture is typically 80 percent
to 97 percent that of the host machine.

2.2 Host-Based Virtualization

An alternative VM architecture is to install a virtualization layer on top of the host OS. This host
OS is still responsible for managing the hardware. The guest OSes are installed and run on top of
the virtualization layer. Dedicated applications may run on the VMs. Certainly, some other
applications an also run with the host OS directly. This host-based architecture has some distinct
advantages, as enumerated next. First, the user can install this VM architecture without
modifying the host OS. The virtualizing software can rely on the host OS to provide device
drivers and other low-level services. This will simplify the VM design and ease its deployment.

VIT/AIDS/CCS335/CLOUD COMPUTING/UNIT-II/2021R Page 6

Second, the host-based approach appeals to many host machine configurations. Compared to the
hypervisor/VMM architecture, the performance of the host-based architecture may also be low.
When an application requests hardware access, it involves four layers of mapping which
downgrades performance significantly. When the ISA of a guest OS is different from the ISA of
the underlying hardware, binary translation must be adopted. Although the host-based
architecture has flexibility, the performance is too low to be useful in practice.

Para-Virtualization with Compiler Support

Para-virtualization needs to modify the guest operating systems. A para-virtualized VM provides

special APIs requiring substantial OS modifications in user applications. Performance
degradation is a critical issue of a virtualized system. No one wants to use a VM if it is much
slower than using a physical machine. The virtualization layer can be inserted at different
positions in a machine soft-ware stack. However, para-virtualization attempts to reduce the
virtualization overhead, and thus improve performance by modifying only the guest OS kernel.

The concept of a paravirtualized VM architecture. The guest operating systems are para-
virtualized. They are assisted by an intelligent compiler to replace the nonvirtualizable OS
instructions by hypercalls as illustrated in Figure 3.8. The traditional x86 processor offers four
instruction execution rings: Rings 0, 1, 2, and 3. The lower the ring number, the higher the
privilege of instruction being executed. The OS is responsible for managing the hardware and the
privileged instructions to execute at Ring 0, while user-level applications run at Ring 3. The best
example of para-virtualization is the KVM to be described below.

lthough para-virtualization reduces the overhead, it has incurred other problems. First, its
compatibility and portability may be in doubt, because it must support the unmodified OS as

VIT/AIDS/CCS335/CLOUD COMPUTING/UNIT-II/2021R Page 7

well. Second, the cost of maintaining para-virtualized OSes is high, because they may require
deep OS kernel modifications. Finally, the performance advantage of para-virtualization varies
greatly due to workload variations. Compared with full virtualization, para-virtualization is
relatively easy and more practical. The main problem in full virtualization is its low performance
in binary translation. To speed up binary translation is difficult. Therefore, many virtualization
products employ the para-virtualization architecture. The popular Xen, KVM, and VMware ESX
are good examples.

3. KVM (Kernel-Based VM)

This is a Linux para-virtualization system—a part of the Linux version 2.6.20 kernel. Memory
management and scheduling activities are carried out by the existing Linux kernel. The KVM
does the rest, which makes it simpler than the hypervisor that controls the entire machine. KVM
is a hardware-assisted para-virtualization tool, which improves performance and supports
unmodified guest OSes such as Windows, Linux, Solaris, and other UNIX variants.

3.1 Para-Virtualization with Compiler Support

Unlike the full virtualization architecture which intercepts and emulates privileged and sensitive
instructions at runtime, para-virtualization handles these instructions at compile time. The guest
OS kernel is modified to replace the privileged and sensitive instructions with hypercalls to the
hypervi-sor or VMM. Xen assumes such a para-virtualization architecture.

The guest OS running in a guest domain may run at Ring 1 instead of at Ring 0. This implies that
the guest OS may not be able to execute some privileged and sensitive instructions. The
privileged instructions are implemented by hypercalls to the hypervisor. After replacing the
instructions with hypercalls, the modified guest OS emulates the behavior of the original guest
OS. On an UNIX system, a system call involves an interrupt or service routine. The hypercalls
apply a dedicated service routine in Xen.

Implementation levels of virtualization

Talking of the Implementation levels of virtualization in Cloud Computing., there are a total of
five levels that are commonly used. Let us now look closely at each of these levels of
virtualization implementation in Cloud Computing.

1) Instruction Set Architecture Level (ISA)

ISA virtualization can work through ISA emulation. This is used to run many legacy codes
written for a different hardware configuration. These codes run on any virtual machine using the
ISA. With this, a binary code that originally needed some additional layers to run is now capable
of running on the x86 machines. It can also be tweaked to run on the x64 machine. With ISA, it
is possible to make the virtual machine hardware agnostic.

VIT/AIDS/CCS335/CLOUD COMPUTING/UNIT-II/2021R Page 8

For the basic emulation, an interpreter is needed, which interprets the source code and then
converts it into a hardware format that can be read. This then allows processing. This is one of
the five implementation levels of virtualization in Cloud Computing..

2) Hardware Abstraction Level (HAL)

True to its name HAL lets the virtualization perform at the level of the hardware. This makes use
of a hypervisor which is used for functioning. The virtual machine is formed at this level, which
manages the hardware using the virtualization process. It allows the virtualization of each of the
hardware components, which could be the input-output device, the memory, the processor, etc.

Multiple users will not be able to use the same hardware and also use multiple virtualization
instances at the very same time. This is mostly used in the cloud-based infrastructure.

3) Operating System Level

At the level of the operating system, the virtualization model is capable of creating a layer that is
abstract between the operating system and the application. This is an isolated container on the
operating system and the physical server, which uses the software and hardware. Each of these
then functions in the form of a server.

When there are several users and no one wants to share the hardware, then this is where the
virtualization level is used. Every user will get his virtual environment using a dedicated virtual
hardware resource. In this way, there is no question of any conflict.

4) Library Level

The operating system is cumbersome, and this is when the applications use the API from the
libraries at a user level. These APIs are documented well, and this is why the library
virtualization level is preferred in these scenarios. API hooks make it possible as it controls the
link of communication from the application to the system.

5) Application Level

The application-level virtualization is used when there is a desire to virtualize only one
application and is the last of the implementation levels of virtualization in Cloud Computing.
One does not need to virtualize the entire environment of the platform.

This is generally used when you run virtual machines that use high-level languages. The
application will sit above the virtualization layer, which in turn sits on the application program.

It lets the high-level language programs compiled to be used at the application level of the virtual
machine run seamlessly.

VIT/AIDS/CCS335/CLOUD COMPUTING/UNIT-II/2021R Page 9

Virtualization Types

Virtualization is a technique how to separate a service from the underlying physical delivery of
that service. It is the process of creating a virtual version of something like computer hardware. It
was initially developed during the mainframe era. It involves using specialized software to create
a virtual or software-created version of a computing resource rather than the actual version of the
same resource. With the help of Virtualization, multiple operating systems and applications can
run on the same machine and its same hardware at the same time, increasing the utilization and
flexibility of hardware.

Full Virtualization

It is very much similar to Para virtualization. It can emulate the underlying hardware when
necessary. The hypervisor traps the machine operations used by the operating system to perform
I/O or modify the system status. After trapping, these operations are emulated in software and
the status codes are returned very much consistent with what the real hardware would deliver.
This is why an unmodified operating system is able to run on top of the hypervisor.

Example: VMWare ESX server uses this method. A customized Linux version known as Service
Console is used as the administrative operating system. It is not as fast as Para virtualization.

Advantages:

• No modification to the Guest operating system is required.

Limitations:

• Complex

• Slower due to emulation

• Installation of the new device driver is difficult.

Para Virtualization

It is based on Hypervisor. Much of the emulation and trapping overhead in software

implemented virtualization is handled in this model. The guest operating system is modified and
recompiled before installation into the virtual machine.

Due to the modification in the Guest operating system, performance is enhanced as the modified
guest operating system communicates directly with the hypervisor and emulation overhead is
removed.

Example: Xen primarily uses Para virtualization, where a customized Linux environment is used
to support the administrative environment known as domain 0.

VIT/AIDS/CCS335/CLOUD COMPUTING/UNIT-II/2021R Page 10

Advantages:

• Easier

• Enhanced Performance

• No emulation overhead

Limitations:

• Requires modification to a guest operating system

Hardware Virtualization

It is similar to Full Virtualization and Para virtualization in terms of operation except that it
requires hardware support. Much of the hypervisor overhead due to trapping and emulating I/O
operations and status instructions executed within a guest OS is dealt with by relying on the
hardware extensions of the x86 architecture.

Unmodified OS can be run as the hardware support for virtualization would be used to handle
hardware access requests, privileged and protected operations, and to communicate with the
virtual machine.

Examples: AMD – V Pacifica and Intel VT Vander pool provide hardware support for
virtualization.

Advantages:

• No modification to a guest operating system is required.

• Very less hypervisor overhead

Limitations:

• Hardware support Required

System Level Virtualization

Runs multiple but logically distinct environments on a single instance of the operating system
kernel. Also called shared kernel approach as all virtual machines share a common kernel of host
operating system. Based on the change root concept “chroot”.

chroot starts during bootup. The kernel uses root filesystems to load drivers and perform other
early-stage system initialization tasks. It then switches to another root filesystem using chroot

VIT/AIDS/CCS335/CLOUD COMPUTING/UNIT-II/2021R Page 11

command to mount an on-disk file system as its final root filesystem and continue system
initialization and configuration within that file system.

The chroot mechanism of system-level virtualization is an extension of this concept. It enables

the system to start virtual servers with their own set of processes that execute relative to their
own filesystem root directories.

The main difference between system-level and server virtualization is whether different
operating systems can be run on different virtual systems. If all virtual servers must share the
same copy of the operating system it is system-level virtualization and if different servers can
have different operating systems ( including different versions of a single operating system) it is
server virtualization.

Examples: FreeVPS, Linux Vserver, and OpenVZ are some examples.

Advantages:

• Significantly lightweight than complete machines(including a kernel)

• Can host many more virtual servers

• Enhanced Security and isolation

• Virtualizing an operating system usually has little to no overhead.

• Live migration is possible with OS Virtualization.

• It can also leverage dynamic container load balancing between nodes and clusters.

• On OS virtualization, the file-level copy-on-write (CoW) method is possible, making it

easier to back up data, more space-efficient, and easier to cache than block-level copy-on-write
schemes.

Limitations:

• Kernel or driver problems can take down all virtual servers.

VIT/AIDS/CCS335/CLOUD COMPUTING/UNIT-II/2021R Page 12

Memory and I/O devices

Hardware-Assisted CPU Virtualization

This technique attempts to simplify virtualization because full or paravirtualization is

complicated. Intel and AMD add an additional mode called privilege mode level (some people
call it Ring-1) to x86 processors. Therefore, operating systems can still run at Ring 0 and the
hypervisor can run at Ring -1. All the privileged and sensitive instructions are trapped in the
hypervisor automatically. This technique removes the difficulty of implementing binary
translation of full virtualization. It also lets the operating system run in VMs without
modification.

Memory Virtualization

Virtual memory virtualization is similar to the virtual memory support provided by modern
operat-ing systems. In a traditional execution environment, the operating system maintains
mappings of virtual memory to machine memory using page tables, which is a one-stage
mapping from virtual memory to machine memory. All modern x86 CPUs include a memory
management unit (MMU) and a translation lookaside buffer (TLB) to optimize virtual memory
performance. However, in a virtual execution environment, virtual memory virtualization

VIT/AIDS/CCS335/CLOUD COMPUTING/UNIT-II/2021R Page 13

involves sharing the physical system memory in RAM and dynamically allocating it to the
physical memory of the VMs.

That means a two-stage mapping process should be maintained by the guest OS and the VMM,
respectively: virtual memory to physical memory and physical memory to machine memory.
Furthermore, MMU virtualization should be supported, which is transparent to the guest OS. The
guest OS continues to control the mapping of virtual addresses to the physical memory addresses
of VMs. But the guest OS cannot directly access the actual machine memory. The VMM is
responsible for mapping the guest physical memory to the actual machine memory

I/O Virtualization

I/O virtualization involves managing the routing of I/O requests between virtual devices and the
shared physical hardware. At the time of this writing, there are three ways to implement I/O
virtualization: full device emulation, para-virtualization, and direct I/O. Full device emulation is
the first approach for I/O virtualization. Generally, this approach emulates well-known, real-
world devices.

All the functions of a device or bus infrastructure, such as device enumeration, identification,
interrupts, and DMA, are replicated in software. This software is located in the VMM and acts as
a virtual device. The I/O access requests of the guest OS are trapped in the VMM which interacts
with the I/O devices. The full device emulation approach is shown in Figure

VIT/AIDS/CCS335/CLOUD COMPUTING/UNIT-II/2021R Page 14