P3L6: Virtualization Flashcards
What is virtualization?
Virtualization is a process by which each OS that is deployed on the same physical platform is given the illusion that it owns the underlying hardware resources, all or in part.
What is the history behind virtualization?
Virtualization originated at IBM in the 60s. At the time, it was typical for many users to share a single large mainframe.
In order to enable many diverse workloads to run on the same hardware without requiring them to all use the same OS, it was necessary to develop a process that allows multiple operating systems to run on the same hardware in an isolated manner, each one thinking that it has complete and direct access to the hardware.
What is bare-metal virtualization?
In bare-metal virtualization, the VMM runs directly on the hardware and VMs run on the VMM.
What is hosted virtualization?
In hosted virtualization, a standard OS runs on the hardware with a VMM integrated into the OS. This VMM provides an interface for the VMs to work with.
What is the virtualization layer/virtual machine monitor (VMM)/hypervisor?
The VMM enables virtualization by allocating and managing the real hardware resources and guaranteeing VM isolation.
What is paravirtualization?
Paravirtualization is a form of virtualization in which the guest OS knows that it is running on a virtual machine, allowing it to optimize away the x86 (17 hardware instructions) and device access issues.
What were the problems with virtualizing x86?
There were 17 hardware instructions that were required privileges (ring 0) that the guest OS did not have, so they failed. However, they also did not generate a trap. issuing them from ring 1 (where the guest OS was) just failed silently instead of passing control to the VMM.
How did the protection of x86 work before and how does it work now?
Originally, there was no root/non-root distinction, only 2 or more “rings” of protection. The hypervisor would be at ring 0 (most privileged) and the guest OS just above it in ring 1. The guest OS’s location at ring 1 contributed to the problem with the 17 hardware instructions.
Today, x86 protection includes both a root and non-root mode. Root has access to everything, non-root does not. The hypervisor runs in ring 0 of root and the guest OS runs in ring 0 of non-root.
Attempts by the guest OS to perform privileged operations cause traps called VMExits, which trigger a switch to root mode, passing control to the hypervisor. After the hypervisor handles the trap, it passes control back to the guest OS with a VMEntry.
How were/are the virtualization problems on x86 fixed?
One solution was binary translation, where the VMM would check blocks of code issued by the guest OS for the 17 hardware instructions. If one of those instructions were found, the block would be translated to eliminate it, but simulate the desired behavior. This added latency, but the guest OS did not require any modification and remained unaware that it was running on a VM, i.e., maintained full virtualization.
Another solution is paravirtualization, where the guest OS knows that it runs on a VM. It can then replace these instructions with hypercalls, explicit calls to the hypervisor. The hypervisor could then emulate the desired behavior. It eliminated the latency, but required that guest OSs were modified.
Eventually, hardware manufacturers addressed the 17 hardware instructions, ensuring that they generated a trap.
What are the three methods for device virtualization?
Devices are virtualized in one of three ways:
- The passthrough model: the VM connects directly to the device, bypassing the VMM.
- The hypervisor direct model: The VMM/hypervisor intercepts all device access requests and translates them.
- Split-device driver: The device driver is split between a front-end (in the guest VM) and a back-end (in the host OS or service VM).
What is the passthrough model?
In the passthrough model, the VM connects directly to a device, bypassing the VMM. All the VMM does is manage access permissions for devices. This requires the guest OS to know something about the hardware that it’s using, which undermines the decoupling of hardware and OS (which is a big deal, since that’s what VMs are meant to achieve). This makes migration and device sharing among different VMs more difficult. The VMM also needs to constantly reassign devices to different guest OSs as needed.
What is the hypervisor direct model?
In the hypervisor direct model, the VMM intercepts requests for device access and translates them to generic I/O requests for the device family (network, disk, etc.). These generic requests are passed on to the native device driver, and from there reach the device. This restores the decoupling of guest OS and hardware, but introduces latency.
What is the split-device driver model?
In the split-device driver model, a front-end driver resides on the guest VM and a back-end driver resides on either the host OS or service VM, depending on the type of virtualization. The front-end driver has to wrap requests in a format that the back-end can understand, requiring the guest OS to know that is operating on a VM. This means it only works in a paravirtualization setting. However, it eliminates the latency of the hypervisor direct model.
What is the problem with bare-metal virtualization? The solution?
The problem with bare-metal as originally conceived is that devices would need to be managed by the VMM, so manufacturers would need to make drivers for VMMs in addition to OSs.
To address this, a special VM (the service VM) runs a standardized OS with hardware access privileges. The service VM runs all device drivers and controls how devices are used.
What is the benefit of hosted virtualization?
A benefit is that the VMM requires less functionality, because it can leverage the functionality already built into the OS. The VMM can, for example, invoke device drivers as needed, addressing the device issue that bare metal solved with the service VM. With this setup, you can run applications with the host OS while simultaneously using the VMs. VMs access devices through drivers run by the OS.
