02-YB2019 - Introduction To Compute Virtualization

Introduction to Compute Virtualization
Copyright © Huawei Technologies Co., Ltd. 2019

Foreword
⚫ Cloud computing 1.0 focused on virtualization which today has become the
foundation of cloud computing. This chapter focuses on the architecture and
technologies involved in compute virtualization.
Page 2 Copyright © Huawei Technologies Co., Ltd. 2019

Objectives
⚫ Upon completion of this course, you will:
 Be able to describe what virtualization is.
 Understand the differences between virtualization and cloud computing.
 Understand KVM technology.
 Understand Huawei’s FusionSphere virtualization solution.

Contents
1. Introduction to Virtualization
2. Introduction to KVM
3. Introduction to FusionCompute

What’s a Virtual Machine (VM)?
How is a virtual
machine
created?

What’s Virtualization?

A Brief History of Compute Virtualization
2007 2014
HP launched HP-UX Rocket was launched.
1964 Integrity VMs. 2010

IBM began to explore By default, RHEL 6.0
virtualization on 2006 supported KVM as the 2013
mainframes. only virtualization option.
Qumranet first Docker was launched.
1972 announced KVM. 2008

IBM launched VMs Linux Container LXC
running on 2002 was launched. 2011

mainframes. Xen was officially IBM, Red Hat, HP, and
1999 open sourced. 2008 Intel formed the Open

Virtualization Alliance to
VMware launched Microsoft added
accelerate KVM adoption.
x86-based Hyper-V in Windows
virtualization products. Server 2008 R2.

Important Concepts in Compute
Virtualization
Guest OS:
Physical Server Virtual Machine
Operating system running in a virtual machine (VM)
Application Application
Guest Machine:
Virtual machine created through virtualization

Host OS Guest OS
Hypervisor:
Guest Machine
Virtualization software layer, or
Virtual Machine Monitor (VMM)

Virtual Machine Host OS:
Monitor (Hypervisor)
Operating system running in a physical machine
Host Machine Host Machine Host Machine:
Physical machine

Types of Compute Virtualization (Hypervisors)
App App
App App App Guest OS Guest OS
Guest OS Guest OS Guest OS VM VM
VM VM VM App VMM
VMM Host OS
Hardware Hardware
Bare-Metal Virtualization Hosted Virtualization

(Type 1) (Type 2)
A Type1 hypervisor manages all (physical) resources and Physical resources are managed by the host OS
virtual environments VMM provides Virt. Serv. and funct.. as a common app in the under OS

Characteristics of Virtualization
Guest OS Guest OS Guest OS
Host OS
Partitioned Isolated
Encapsulated Independent
VM VM

Compute Virtualization
CPU + Memory + I/O

Protection domains/rings
Non-virtualization
CPU instructions
Common
Application
Ring 3
Ring 2
Ring 1 privileged instruction—Instruction that can be

Privileged
executed only from kernel mode. Privileged
Host OS instructions perform operations that access
Ring 0
protected hardware and software resources
Hardware (e.g., switching the processor between
processes or issuing a command to a hard disk).
Decided by architecture

Potential difficulty
• Virtualization consists of running the guest OS as any
application at the user level (ring3), the virtualization layer
operating at the supervisor level (ring0).
an OS is intended to work at the when it is in a guest mode, on a

kernel level (ring0) and distribute VMM, an OS must not be able to
the processor resources among modify the hardware resources,
the different applications using a otherwise the system will crash.
number of sensitive This privilege must remain the
instructions exclusive preserve of the VMM.

Deprivileging and Trap-and-Emulation
1. Deprivileging:
a. The guest OS (VM) runs at the non-privilege level
b. The VMM runs at the highest level
2. Trap-and Emulation:
a. When a privileged instruction arrives, it will be sent to VMM for emulation
b. VMM, on behalf of the VM, sends the privileged instruction to the real HW CPU

Instruction Behavior w.r.t. VM
• Privileged instructions: automatically trapped by VMM

• Innocuous (normal, common) instructions: not trapped by VM
• Sensitive instructions : used for changing the operating mode of

a VM or the state of a host machine (e.g., HW accesses)
• Control sensitive: if it attempts to change the amount of (memory)
resources available, or affects the processor mode without going through
the memory trap sequence
• Behavior sensitive: if the effect of its execution depends on the value of
the relocation-bounds register, or on the mode.
Virtualizable Architecture Condition (Popek and Goldberg Theorem)
Sensitive instructions ⊆ Privileged instructions

Virtualization vulnerability
Non-virtualizable Virtualizable
19 sensitive instructions in the x86 architecture are not privileged instructions!
→ Cannot emulate sensitive instructions that are not privileged

→ x86 servers cannot be virtualized using the Deprivileging and Trap-and-Emulate
→ Solution: Full virtualization, Paravirtualization, hardware-assisted virtualization

CPU Virtualization
Full virtualization Paravirtualization
Application Application
Ring 3 Ring 3
Ring 2 Ring 2
Paravirtualized
Guest OS
Guest OS
Ring 1 Ring 1
Hypervisor Hypervisor
Ring 0 Ring 0
Hardware Hardware
Full-virtualization by VMware in 1999 Para-virtualization by Xen in 2003

• Binary translation • Hypercall
• + No OS source modification • + Near-native performance
• - Performance overhead • - OS modification
CPU Virtualization
Hardware-assisted
virtualization
Non-ROOT mode privileged and sensitive calls are set to

Application
Ring 3 automatically trap to the hypervisor,
removing the need for either binary
translation or paravirtualization
Ring 2
Ring 1
Guest OS
Ring 0 privileged instructions are targeted with
ROOT mode a new CPU execution mode feature that
Hypervisor
allows the VMM to run in a new root
mode below ring 0
Hardware

Memory Virtualization
VM1 VM1 VM1 VM1

0 0 0 0
VM memory
Host memory
0

Virtual memory
VM OS VMM
Machine memory

I/O

I/O Virtualization
⚫ Emulation [Full Virtualization]: Complete simulation of the hardware, for example,
keyboard and mouse. Access to such hardware depends on the capture of focus by the
host, and leads to poor performance in some cases.
1. VM initiates an I/O request to an I/O device
2. VMM intercepts the request and sends the real access request to the physical device
 + The VM might use any OS, the OS does not need to be modified
 + Multiple VMs can directly use the I/O device of the physical server
 - Real-time monitoring and emulation are implemented by software programs on the CPU,
which causes severe performance loss to the server.

I/O Virtualization
⚫ Paravirtualization: Access to hardware drivers is transferred from the I/O frontend to the
I/O backend. This mode is usually only used for hard disks and NICs, and delivers high
performance.
 Requires a privileged VM
1. The VMs send I/O requests to the privileged VM through the frontend driver
2. The backend driver of the privileged VM collects the I/O requests, processes them by time and
by channel, runs the physical I/O device driver and sends the I/O request to the phy I/O device
 + Reduces the performance loss of VMM → better I/O performance
 - The VM OS needs to be modified

I/O Virtualization
⚫ IO-through: Hardware devices capable of I/O passthrough, such as hard disks and NICs,
are directly allocated to VMs. In Xen, Dom0 allocates hardware devices but does not take
part in the access of the hardware. Hardware support is required.
 + Outperforms full virtualization and paravirtualization in terms of I/O performance
 - Requires special hardware support.

Cloud Computing and Virtualization
• Cloud computing is a business

model that provides users with IT
services anytime, anywhere.
• Virtualization is an important
technical means for cloud
computing implementation
In cloud computing, we mainly Cloud Computing

use virtualization to implement
IaaS cloud services

Mainstream Compute Virtualization Technologies
Compute Virtualization
CPU virtualization, memory virtualization,
I/O virtualization
Open Source Closed Source
KVM Hyper-V
Xen VMware ESXi
Huawei
FusionSphere

Xen vs. KVM
Dom0 DomU DomU DomU Other Guest OS Guest OS

Application
PV
Backends
HW PV PV PV QEMU QEMU
Drivers Frontends Frontends Frontends
KVM
Xen Lunix
HW Drivers
Hardware Hardware

Contents

What’s KVM?
VM VM
Application program A Application program B
Binaries/Libraries Binaries/Libraries
User
Guest OS Guest OS
Space User
ProcessesSpace QEMU QEMU
Processes
User space
Kernel space
KVM
Linux kernel
module
Physical
hardware

KVM Architecture
Libvirt is the
Management Tools
widely used tool
and API for
Virsh Virt-manager Virt-viewer Virt-install Others
managing KVM
VMs: create,
modify, delete, etc.
Libvirt
The KVM kernel module is the core
of the KVM VM QEMU is required to implement
• Initializes the CPU hardware other (I/O) virtualization functions
• Enables the virtualization mode →
• Runs the guest machine in the VM Linux Kernel KVM kernel module and
mode (KVM module)
• Supports the running of the virtual
QEMU form a complete
client QEMU QEMU virtualization technology
• Only provides CPU and memory Guest Guest
virtualization OS OS

Libvirt
VM VM VM VM
(Guest OS) (Guest OS) (Guest OS) (Guest OS)
Manage-
ment
Hypervisor Hypervisor Tools Hypervisor
Libvirt
Linux host Linux host
Node Node
• Each hypervisor has its own management tool • Libvirt can connect to various hypervisors
• Hypervisors are not unified • Libvirt serves as a middleware between the
• → Severely affects the cloud computing management tool and the hypervisor
environment

KVM I/O Process - Default
Guest OS
4
I/O Shared Page 1 10
QEMU I/O 7
Emulation Code Device Driver
3 8
Notification 2 9
5 I/O Trap Code

KVM Module
Linux Kernel
Device Driver
Physical Hardware

KVM I/O Process - Virtio
Guest OS
QEMU
1 8
3 2
Virtio Backend Virtio Frontend
Driver vring Driver
6 7
Notification
I/O Trap Code
4
KVM Module
Linux Kernel
Device Driver
Physical Hardware

Contents

FusionCompute Architecture
VRM
Virtual Resource Pools
Cluster

FusionCompute Advantages
Unified management of Quick VM
virtual and physical provisioning
resources
Physical Physical
resource resource
Physical
resource
Virtual
resource
VRM VRM

Functions of FusionCompute Components
Component Function
CNA provides the following functions:
CNA • Provides virtual computing functions.
Computing Node
Agent • Manages VMs on compute nodes.
• Manages compute, storage, and network resources on compute nodes.
VRM provides the following functions:
• Manages block storage resources in clusters.
• Manages network resources, such as IP addresses and VLANs in clusters, and assigns IP
addresses to VMs.
• Manages the lifecycle of VMs in clusters, and allocates and migrates VMs across compute
VRM nodes.
Virtual Resource
Manager • Dynamically schedules resources in clusters.
• Manages virtual resources and user data in a unified manner and provides elastic
computing, storage, and IP address services.
• Provides a unified Web UI portal, allowing O&M engineers to remotely access the
FusionCompute system to monitor and manage resources, and create and view resource
reports.
Quiz
1. In compute virtualization, which of the following allocates CPU and memory resources to
VMs? ( )
A. Guest OS
B. VMM
C. Hypervisor
D. Host OS
2. All open-source virtualization technologies are type 1 virtualization, while all closed-
source ones are type 2 virtualization.
A. TRUE
B. FALSE

Summary
⚫ This chapter provides basic knowledge about compute virtualization, including CPU,
memory, and I/O virtualization. It introduces you to open-source virtualization technology
by using KVM as an example, and also to commercial virtualization products by using
FusionCompute as an example.

Recommendations
⚫ Huawei e-Learning website
 http://support.huawei.com/learning/Index!toTrainIndex
⚫ Huawei Support case library

 http://support.huawei.com/enterprise/servicecenter?lang=en
⚫ HCIA-Cloud Computing v4.0 online forum

 https://forum.huawei.com/enterprise/en/Huawei-Official-Communication-Channel-
HCNA-Cloud-Certification-Course/thread/456287-911

Thank You
www.huawei.com

02-YB2019 - Introduction To Compute Virtualization

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

02-YB2019 - Introduction To Compute Virtualization

Uploaded by

Copyright:

Available Formats

Introduction to Compute Virtualization

Copyright © Huawei Technologies Co., Ltd. 2019

Page 2 Copyright © Huawei Technologies Co., Ltd. 2019

 Understand the differences between virtualization and cloud computing.

 Understand KVM technology.

 Understand Huawei’s FusionSphere virtualization solution.

Page 3 Copyright © Huawei Technologies Co., Ltd. 2019

Page 4 Copyright © Huawei Technologies Co., Ltd. 2019

Page 5 Copyright © Huawei Technologies Co., Ltd. 2019

Page 6 Copyright © Huawei Technologies Co., Ltd. 2019

1964 Integrity VMs. 2010

1972 announced KVM. 2008

running on 2002 was launched. 2011

1999 open sourced. 2008 Intel formed the Open

Page 8 Copyright © Huawei Technologies Co., Ltd. 2019

Virtual machine created through virtualization

Virtual Machine Monitor (VMM)

Page 9 Copyright © Huawei Technologies Co., Ltd. 2019

App App App Guest OS Guest OS

Guest OS Guest OS Guest OS VM VM

Bare-Metal Virtualization Hosted Virtualization

Page 10 Copyright © Huawei Technologies Co., Ltd. 2019

Guest OS Guest OS Guest OS

Page 11 Copyright © Huawei Technologies Co., Ltd. 2019

CPU + Memory + I/O

Page 12 Copyright © Huawei Technologies Co., Ltd. 2019

Ring 1 privileged instruction—Instruction that can be

Page 13 Copyright © Huawei Technologies Co., Ltd. 2019

an OS is intended to work at the when it is in a guest mode, on a

Page 15 Copyright © Huawei Technologies Co., Ltd. 2019

b. The VMM runs at the highest level

Page 16 Copyright © Huawei Technologies Co., Ltd. 2019

• Privileged instructions: automatically trapped by VMM

• Sensitive instructions : used for changing the operating mode of

Virtualizable Architecture Condition (Popek and Goldberg Theorem)

Sensitive instructions ⊆ Privileged instructions

19 sensitive instructions in the x86 architecture are not privileged instructions!

→ Cannot emulate sensitive instructions that are not privileged

Page 18 Copyright © Huawei Technologies Co., Ltd. 2019

Full-virtualization by VMware in 1999 Para-virtualization by Xen in 2003

Non-ROOT mode privileged and sensitive calls are set to

Page 20 Copyright © Huawei Technologies Co., Ltd. 2019

VM1 VM1 VM1 VM1

Page 21 Copyright © Huawei Technologies Co., Ltd. 2019

Page 22 Copyright © Huawei Technologies Co., Ltd. 2019

Page 23 Copyright © Huawei Technologies Co., Ltd. 2019

Page 24 Copyright © Huawei Technologies Co., Ltd. 2019

 + Reduces the performance loss of VMM → better I/O performance

 - The VM OS needs to be modified

Page 25 Copyright © Huawei Technologies Co., Ltd. 2019

 - Requires special hardware support.

Page 26 Copyright © Huawei Technologies Co., Ltd. 2019

• Cloud computing is a business

In cloud computing, we mainly Cloud Computing

Page 27 Copyright © Huawei Technologies Co., Ltd. 2019

Open Source Closed Source

Xen VMware ESXi

Page 28 Copyright © Huawei Technologies Co., Ltd. 2019

Dom0 DomU DomU DomU Other Guest OS Guest OS

Page 29 Copyright © Huawei Technologies Co., Ltd. 2019

Page 30 Copyright © Huawei Technologies Co., Ltd. 2019

Page 31 Copyright © Huawei Technologies Co., Ltd. 2019

Page 32 Copyright © Huawei Technologies Co., Ltd. 2019