CIS211M WEEK 10:

Virtualization and
containerization
• Virtual machines
• Types of VMs
• Containerization

Prepared by:
CIS211M Dan Jeric A. Rustia, PhD (羅傑瑞, 博士)
Virtualization
Abstracting the hardware of
a single computer (i.e. CPU,
memory, hard drive, NICs,
etc.) into several different
execution environments.

CIS211M 2
VIRTUAL MACHINES
Virtual mach ine
A virtual computer inside a physical computer

H O ST
• The hardware system that runs
the virtual machines GUEST APP GUEST APP

VI RT UA L M ACHI NE
MANAGER (VMM) GUEST OS GUEST OS
• Also known as the hypervisor
• Creates and runs VMs by providing
an interface that is “identical” to the HYPERVISOR
host (i.e. Hyper-V)

GUEST HOST MACHINE

• Virtual copies of the host (or a
host)

CIS211M 3
VIRTUAL MACHINES
Usage of VMs

FA ST D E P LOY M E N T
• Apps can be built and deployed to the cloud

T E ST I N G
• A new OS can be tested without harming the host OS
• New environments can be tested faster

BAC K - U P
• The OS can be backed up any time

FLEXIBILITY
• Software or apps can be tested even it was not originally
built for a certain OS

CIS211M 4
VIRTUAL MACHINES
Histor y of VMs
1972
• The first VM, IBM VM/370, appeared
commercially
• Divides a mainframe into multiple VMs
• Bottleneck was the disk management;
cannot allocate a disk drive for each
virtual machine. The solutions was to
provide virtual disks or named
“minidisks”.

1990s
• Intel 80x86 CPUs had
become more common, fast, 2007
and rich in features
• Xen and VMware created • The open-source project
technologies for VM VirtualBox was released

CIS211M 5
VIRTUAL MACHINES
Features of a VM
F R E E Z E / S U S P E N D / PA U S E
• The guest OS can be frozen and
resumed as desired; a snapshot
is generated upon pause.

RESUME
• The guest OS is resumed to the
same exact point in time after
pausing

SNA PSHOT
• Preserves the state and data of a
VM in an exact point in time
CLONE
• The VM, at an exact state, can be
cloned (A screenshot from using VirtualBox)

CIS211M 6
VIRTUAL MACHINES
VMs in produc tion

GUEST APP GUEST APP GUEST APP

Instead of applying changes or V1.0 V2.0 V2.0
reprogramming apps using the
running OS, a clone can be PRODUCTION CLONED UPDATE
generated for testing. GUEST OS GUEST OS GUEST OS

This strategy avoids a period called

HYPERVISOR
system-development time in which
the system is stopped and taken out
of use for system upgrades.
HOST MACHINE

CIS211M 7
VIRTUAL MACHINES
Practic es in VMs VM1 VM2 VM3 VM4

BEFORE
1 ) V M C O N S O L I D AT I O N
• Optimizes the utilization of
VM1 VM2
resources and efficiency of
VM3 VM4
different data centers/servers

AFTER
2 ) V M T E M P L AT E
• Creating a master copy image of 3 ) V M L I V E M I G R AT I O N
a VM, including its disk, virtual • The running guest can be moved from one
physical server to another without
devices, and settings, for the interruption
purpose of VM cloning • Live migration helps in freeing resources
on the source host when it is overloaded
VMT
VM1 VM1

CIS211M 8
VIRTUAL MACHINES
B uilding bl ocks of virt ualizatio n
1 ) T R A P - A N D - E M U L AT E
• Allows a VM to act like a real
machine that can perform
system calls, interrupts, or
privileged instructions.
PROCESS:
1. The guest kernel attempts to execute a privileged
instruction, which is considered as an error, causing
a trap to the VMM in the real machine
2. The VMM gains control and emulates the action
3. It then returns control to the VM

USER PROCESSES

OS

PRIVILEGED INSTRUCTION

GUEST USER MODE

VMM KERNEL MODE

EMULATE ACTION VCPU The VCPU represents the
state of the CPU as the
guest machine believes
VMM it to be.

CIS211M 9
VIRTUAL MACHINES
B uilding bl ocks of virt ualizatio n
2 ) B I N A R Y T R A N S L AT I O N WHY?

• A translation code in the VMM reads Some CPUs have special instructions making the
the native binary instructions from the trap-and-emulate method impossible since some
guest and generates native binary code commands do not generate a ‘trap’
that alternatively executes the code

USER PROCESSES NOTE: In VMware, caching

is performed to store the
OS replacement code for each
special instruction
SPECIAL INSTRUCTION

GUEST USER MODE

VMM KERNEL MODE

TRANSLATE EXECUTE VCPU
TRANSLATION

VMM

CIS211M 10
VIRTUAL MACHINES
B uilding bl ocks of virt ualizatio n
3 ) H A R D W A R E A S S I S TA N C E
• The hardware also supports
virtualization, making binary
translation unnecessary
• Also gets rid of the problem
with memory addressing (i.e.
nested page tables) by
establishing protected
domains
• The hardware transforms the
address to a DMA request

VT-x
• Initially released 2005
N E S T E D PA G E TA B L E S
AMD-V • Used to transfer data from virtual
• Initially released 2006 memory to physical memory

CIS211M 11
VIRTUAL MACHINES
Virtual mach ine life cyc le

CONFIGURING A VM:
1) Set the number of CPUs to use
2) Set the amount of memory
3) Create a virtual hard drive and
configure its disk space
VDI (Virtual Disk Image, Oracle) – high level of redundancy
VHD (Virtual Hard Disk, Microsoft) – has pre-built configs
VMDK (Virtual Machine Disk, VMWare) – file can be split
into different parts

4) Select network interface

5) Set hardware access permissions

CIS211M 12
TYPES OF VMS
Types of VMs

1) TYPE 0 HYPERVISOR
• The VMM is encoded GUEST GUEST

in the firmware and GUEST 1 GUEST 13

loaded at boot time GUEST 2
• Loads the guest
images to run in each CPUs CPUs CPUs
MEMORY MEMORY MEMORY
partition (i.e. having
dedicate CPUs,
memory, and I/O I/O HYPERVISOR
devices)
• Possible solution to
improve this is to use a HOST MACHINE
control partition

CIS211M 13
TYPES OF VMS
Types of VMs

2) TYPE 1 HYPERVISOR
VM1 VM2 VM3
• Runs in kernel mode;
enabling hardware
GUEST APP GUEST APP GUEST APP
protection
• Capable of
consolidation GUEST OS GUEST OS GUEST OS
• In some OS, VMs are
treated as another
process handled using HYPERVISOR
special instructions
• Best used for data-
centers HOST MACHINE
• Examples: Hyper-V,
VMWare vSphere

CIS211M 14
TYPES OF VMS
Types of VMs
3) TYPE 2 HYPERVISOR VM1 VM2 VM3
• A user needs
administrative GUEST APP GUEST APP GUEST APP
privileges to access
different features
• Requires a host OS to GUEST OS GUEST OS GUEST OS
run a guest OS
• Best for research or
testing purposes HYPERVISOR
• Example: VMWare
Workstation, Oracle
VirtualBox HOST OS
• Over-all has worse
performance than HOST MACHINE
type 0 and type 1
hypervisors

CIS211M 15
TYPES OF VMS
Types of VMs
4 ) PA R AV I R T U A L I Z AT I O N
• Presenting the guest with a system that is similar but not identical to the
guest’s preferred system
• Usually applied in Xen VMMs
• Allowing the guest OS to gain direct access to the host hardware; leading
to possible better performance but with security issues
• Also known as OS-assisted virtualization

5 ) P R O G R A M M I N G - E N V I R O N M E N T V I R T U A L I Z AT I O N
• Configuring or setting up a programming environment
• A programming language is designed to run with a custom virtualized
environment
• This is common in use for Java in which a Java virtual machine (JVM) is
necessary and the program is compiled as a native program

CIS211M 16
TYPES OF VMS
Types of VMs
6 ) E M U L AT I O N
• Running an application compiled for a different architecture
• An emulator translates outdated instructions into native instruction
(i.e. game emulators); increasing the lifetime of programs and
applications
• The only challenge in emulation is performance

7 ) A P P L I C AT I O N C O N TA I N M E N T
• Aims to segregate applications, manage their
performance, and allocate resources
• Creates a virtual layer between the OS and the
applications
• The hardware is not virtualized, but the OS and
devices are
• Lightest method for virtualization
• Usually accompanied by orchestration, automated
configuration of computer systems and applications

CIS211M 17
TYPES OF VMS
VMs now
LOCAL-BASED CLOUD-BASED

AZURE VM

CIS211M 18
C ontainer ization
Method for packaging codes,
software, and dependencies
for faster deployment of
applications without using
full-fledged virtualization

CIS211M 19
C O N TA I N E R I Z AT I O N
C ontainer ization engines

INITIAL RELEASE: 2015

INITIAL RELEASE: 2013 INITIAL RELEASE: 2016

Mostly based on Linux Containers

LXC (2008) – OS-level virtualization for
running multiple isolated computer
systems using a single Linux kernel INITIAL RELEASE: 2014

CIS211M 20
C O N TA I N E R I Z AT I O N
C ontainers vs. VMs

C O N TA I N E R S V IRT UA L M ACHI NES

• The container engine takes the role • A guest OS is required to operate a VM
of a hypervisor • Not as lightweight as containers; making
• Having a guest OS is optional collaboration difficult

CIS211M 21
C O N TA I N E R I Z AT I O N
B ehind co ntainerization
• A container can be
• A container contains only
considered as a group of the required files of a
processes specific distro and uses the
• The concept was derived CONTAINER 1 shared host kernel
• The container (the parent
from Linux containers (LXC) process) spans out into
• In Docker, LXC was already different child processes
replaced with libcontainer
since 2014
USER PROCESSES

CONTAINER 1 CONTAINER 2 CONTAINER 3

U S E R S PA C E
SYSTEM
CALLS K E R N E L S PA C E
CPU, DISK, RAM, ETC.

HOST MACHINE

CIS211M 22
C O N TA I N E R I Z AT I O N
In Docker:
B ehind co ntainerization containerd – manages the containers
runc – runs the containers, creates
namespaces, cgroups, and run commands
SIMPLIFIED ARCHITECTURE OF THE DOCKER ENGINE:

CLIENT DOCKER HOST DOCKERHUB

REGISTRY
Docker daemon
docker build Nginx
CONTAINERS IMAGES

docker run CONTAINER 1

Nginx MySQL
CONTAINER 2
docker pull
CONTAINER 3
Ubuntu
…

DOCKER DAEMON
• The driving component of Docker that listens for Docker API requests and manages images,
containers, networks, and volumes

CIS211M 23
C O N TA I N E R I Z AT I O N
B ehind co ntainerization

docker stats in Docker CLI

CGroups
• Linux kernel feature that
configures the number of
CPUs or memory limits of
a service/process
Namesp ac es :
PID = Process ID
NET = Networking
IPC = Inter-process communication
MNT = mount
UTS = Unix timesharing system
USR = User IDs
Cgroup = Control group info

CIS211M 24
C O N TA I N E R I Z AT I O N
Usage of co ntainers
MIC ROSERVICES
From monolith to
microservices
W E B S E R V E R S /A P P S
• Dynamic distribution of web apps
• Isolated web server applications
• Easy to deploy web applications
CIS211M
D ATA B A S E / S T O R A G E
• Data resource sharing
• Data redundancy and back-up
• Dedicated database
management; instead of using
a monolithic database
DISTRIBUTED COMPUTING
• Software product distribution can
be seamless and automated
• Group collaboration made easier
and convenient
• Sharing resources to other
developers
• Technology transfer
25
Summary
VMs are tools used for safer and simulated system
production, testing, and deployment

The only downside of using VMs is the amount of

computer resources required to operate each VM,
which was then solved by containerization

The main advantage of containerization over VMs is

collaboration and resource allocation

In a real production scenario, going from monoliths to

microservices is the best solution for better scalability

CIS211M 26