2/3/2016
Virtualization
Virtual Machine Technology
Most influential technology in enabling the cloud computing
paradigm
Introduced during the era of mainframes as a means of sharing
computing resources amongst users
Any means by which many different users are able simultaneously
to interact with a computing system while each perceiving that
they have an entire ‘physical machine’ to themselves, is a form of
virtualization.
Traditional multiprogramming operating system (e.g., Linux) is
also a form of virtualization
Allows each user process to access system resources oblivious of
other processes
Abstraction provided by: OS system calls and hardware instructions
accessible to user-level processes
2 2/3/2016
1
� 2/3/2016
Types of Virtual Machines
Process Virtual Machine:
Process itself runs as a virtual machines
Provides system-independent abstraction of the machine to high-level
applications
Example: JavaVirtual Machine (JVM)
Some cloud platforms such as Google App Engine and Microsoft Azure
provide process virtual machine abstraction in the context of a web based
architecture.
System Virtual Machine:
Provides complete hardware instruction set as the abstraction provided to
users of different virtual machines
Multiple virtual machine (VM) instances share the same physical hardware
through a VMM (Virtual Machine Monitor), commonly known as hypervisor.
Each such VM can run an independent OS. Thus, the same physical machine
effectively runs different OS instances like Windows, Linux, etc.
3 2/3/2016
Types of Virtual Machines
Contd…
Two variants of System Virtual Machines:
System Virtual Machines (Host):
Implemented as a process running on a host operating system that has
been installed on the machine in the normal manner
Multiple guest operating systems can be installed on different VMs that
each run as operating system processes under the supervision of the VMM
Example: VMware
System Virtual Machines (Native):
Does not require a host operating system, and runs directly on the
physical machine
Supports multiprogramming across different VMs, with its ‘system calls’
being hardware instructions
Example: XenServer,VMware ESX
4 2/3/2016
2
� 2/3/2016
Types of Virtual Machines
Contd…
Source: “Enterprise Cloud Computing” by Gautam Shroff
5 2/3/2016
System Virtual Machines
Differences between the ‘virtual machine’ as perceived by a
traditional operating system process and a true system VM are:
Processes under an operating system are allowed access to hardware
through system calls, whereas a system VMM needs to provide a full
hardware instruction set for use by each virtual machine
Each system virtual machine needs to be able to run a full operating
system, while itself maintaining isolation with other virtual machines.
NativeVMM:
Emulate instructions of the target instruction set
Run the instructions of each if its virtual machines natively on the
hardware
Maintains the state of different virtual machines at all levels if
memory hierarchy (including registers etc.) indirectly in memory and
switching between these as and when required
6 2/3/2016
3
� 2/3/2016
System Virtual Machines
Contd…
VMM traps the privileged instructions and runs all others natively
on the hardware.
The privileged instructions themselves are emulated, so that when
an OS running in a virtual machine attempts to, say, run a
privileged instruction such as setting timer interrupt, it actually
sets a virtual timer interrupt.
Newer editions of the x86 family have begun to include ‘hardware
support’ for virtualization
Hardware support for virtualization is also available. For example,
Intel VT-x (Vanderpool) includes a new VMX mode of operation.
When VMX is enabled there is a new root mode of operation
exclusively for use by the VMM.
7 2/3/2016
Virtual Machines and Elastic
Computing
VM technology enables decoupling physical hardware from
the VMs that run on them.
VMs can have different instruction sets from the physical
hardware if needed.
VMM partitions the actual physical resources in time, as with
I/O and network devices.
VMM partitions the actual physical resources in space, as
with storage and memory.
In case of multiple CPUs, compute power can also be
partitioned in time (using traditional time slices) or space
(where each CPU is reserved for subset of VMs).
8 2/3/2016
4
� 2/3/2016
Virtual Machines and Elastic
Computing (Contd…)
An elastic environment is one which is completely virtualized
with all hardware resources running under a set of
cooperating VMMs.
In such environment, provisioning of VM is largely automated
and can be dynamically controlled according to demand.
The key success factors in achieving such elasticity is the
degree of automation that can be achieved across multiple
VMMs working together to maximize utilization.
The larger the scale, the greater the potential for amortizing
demand efficiently across the available capacity while giving
the users an illusion of infinite computing resources.
9 2/3/2016
Virtual Machine Migration
VM migration is a key feature for elasticity, that enables a VM
running on one physical machine to be suspended, its state
saved and transported to another physical machine where it
resumes execution from exactly the same state.
Migrating a VM involves capturing and copying the entire
state of machine at snapshot in time including
Processor and memory state
State of virtual HW resources such as BIOS, devices, N/W
MAC address
State of disk space including system and user directories and
swap space used for virtual memory
10 2/3/2016
5
� 2/3/2016
Virtualization Application in
Enterprises
Security through virtualization
Desktop virtualization and application streaming
Server consolidation
Automating infrastructure management
11 2/3/2016
Security through Virtualization
Intrusion detection systems (IDS) traditionally run on the network
and operate by monitoring network traffic for suspicious behavior
by matching against a database of known attack patterns.
Virtualization opens up the possibility of building IDS capabilities
into the VMM itself.
It enables greater isolation of IDS from the monitored hosts while
retaining complete visibility into host’s state.
It allows for complete mediation of interactions between the host
software and the underlying hardware, enabling a suspect VM to
be easily isolated from the rest of the data center.
Virtualization provides user-group specific, low level logging of
system activities.
This allows security incidents to be traced and diagnosed by
replaying the incident on a copy of the VM.
12 2/3/2016
6
� 2/3/2016
Desktop Virtualization and
Application Streaming
Virtualization can be used to improve manageability of end user devices
in large environments.
First approach: Deploy all end client systems as VMs on central data
centers which are then accessed by remote desktop.
This approach is not popular because of need for continuous network
connectivity which is still not ubiquitous and ‘always on’
Second approach: Application Streaming
Instead of running apps on central VMs, application streaming involves
maintaining only VM images centrally.
An endpoint client, such as a desktop, runs a hypervisor that also
downloads the VM image from the server and launches it on the
endpoint client.
VM image can be cached for efficiency and only incrementally updated
when needed.
13 2/3/2016
Automating Infrastructure
Management
Level 0 –Virtual images
Packaging standard OS environments for different class of apps as virtual machines
Reduces start up time for development, testing and production deployment
Significant reduction in infrastructure management costs
Level 1 – Integrated provisioning
Provisioning of VMs along with network and storage (SAN) resources so that all can
be provisioned on chosen physical server by an admin thro a single interface
E.g. VMware’s VirtualCenter integrated suite.
Level 2 – Elastic provisioning
Automatically deciding physical server on which to provision a VM and bringing up
the VM without any administrator intervention.
This decision is done based on the resource requirements of VM, the current available
capacity and the projected demand.
E.g. Amazon EC2
14 2/3/2016
7
� 2/3/2016
Automating Infrastructure
Management (Contd…)
Level 3 – Elastic operations
Automatically provision new VMs or migrate existing VMs based on
automatic monitoring of the state of all virtual physical resources and
the below reasons.
Load balancing: to improve response time of apps that need more
resources
Security: to quarantine a VM that appears to have been compromised
or attacked
Collocation: to bring VMs that are communicating with each other
physically close together to improve performance
Fault tolerance: to migrate apps from physical machines that have
indicated possible imminent failure or need for maintenance.
Fault recovery: to provision a new instance VM and launch it with the
required set of apps running in order to recover from the failure of
the original instance.
15 2/3/2016
Pitfalls of Virtualization
App deployments often replicate app server and database instances to
ensure fault tolerance. Elastic provision can result in two such replicas
using VMs deployed on the same physical server. If the physical server
fails, both instances are lost, defeating the purpose of replication
Virtualization provides another layer at which intrusions can be detected
and isolated i.e. VMM. However if the VMM itself is attacked, multiple
VMs are affected
If the ‘server sprawl’ that motivated the building of virtualized data
center merely results in equally complex ‘virtual machine sprawl’, then
the situation may become worse than earlier.
VMM can partition the CPU, memory and I/O bandwidth of physical
server across virtual machines. However it cannot ensure that these
resources are made available to each virtual server in a synchronized
manner. Thus the fraction of HW resources that the VM is able to utilize
may be less than what has been provisioned by the VMM.
16 2/3/2016
8
� 2/3/2016
THANK YOU
17 2/3/2016
