This action might not be possible to undo. Are you sure you want to continue?
By PIYUSH .R. CHORDIA TE (Div. - I) Sinhgad College of Engineering
Seminar Guide Prof.C.A.Laulkar
Architecture Features Terms & Concepts Scenarios Demo
Why Virtualization ?
30 % per year 40 % per year
emulation. quality of service and many others . timetime-sharing. partial or complete machine simulation.Virtualization Virtualization is a framework or methodology of dividing the resources of a computer into multiple execution environments. by applying one or more concepts or technologies such as : hardware and software partitioning.
Virtual PC Normal PC Operation Application Software Operating System Device Drivers Hardware .
Virtual PC Architecture PC Virtualization Guest Applications Guest Environment Guest Operating System Guest Drivers Virtual PC Host Drivers Host Hardware Virtualized Hardware Host Operating System Host Environment .
vfd CPU0 CPU1 Disk file .How does Virtual PC work Architecture config in vmc-file Sound Virtual Machine Diskette CPU Mem Disk CD/DVD Network Ports USB Software Virtual PC VMM VPC host driver VPC host host host driver driver driver Hardware .iso .
Guest OSn Virt lM hi M it r (VMM) Pl tf rm HW Memory Processor/CS I/O Devices VMM is a layer of system software Enables multiple VMs to share platform hardware Allows Apps to run without modifications ...Virtual Machine Monitors (VMMs) VM0 App0 VM1 App1 VM Appn Virt l M hi s (VMs) Guest OS0 Guest OS1 .
VMM Arrangements Type-2 VMM Guest 1 Guest 2 Guest 1 Host OS Guest 2 Guest 1 Guest 2 Hybrid VMM Type-1 VMM (Hypervisor) VMM Host OS Hardware VMM Hardware VMM Hardware Examples: JVM CLR Examples: Virtual PC & Virtual Server Examples: Windows Virtualization W at we ave today W at we¶re building for t e future .
IA System Virtualization Today Virtual Machines Virtual Mac ine Monitor (VMM) Binary Translation Paravirtualization Page-table S adowing IO-Device Emulation Interrupt Virtualization DMA Remap Logical Processors Physical Memory IA-based System Virtualization Today Requires Frequent VMM Software Intervention I/O Devices .
The Hypervisor T in layer of software running on t e ardware Supports creation of partitions Eac partition is a virtual machine Eac partition as one or more virtual processors Partitions can own or s are ardware resources Software running in partition is called a guest Enforces memory access rules Enforces policy for CPU usage Virtual processors are sc eduled on real processors Enforces owners ip of ot er devices Provides simple inter-partition messaging Messages appear as interrupts Parent Partition Exposes simple programmatic interface called ³ ypercalls´ Hypervisor Hard Drive Et ernet NIC CPU RAM .
³Fast I/O handlers´ can be called from within the VMM context . GPF trap Guest HAL Host HAL 0 VMM Kernel Host Physical Machine .Device I/O Accesses I/O accesses (IN & OUT instructions) .Some OUTs can be batched MMIO accesses .Caught in VMM¶s page fault handler .Trap into VMM kernel .Force a context switch back to the host context where device emulation module is invoked .Very expensive Host context Guest context Virtual PC Guest User Code Device Emulation Module 3 3 1 Host Kernel Guest Kernel 0 0 VMM Driver 1 Context Switch OUT instr.
all in assembly Virtual Code executed at ring-0 ringPC Exception handling External Interrupt passpassthrough Page table maintenance Located within a 32MB area of address space known as the ³VMM work area´ Host Work area is relocatable Kernel One VMM instance per virtual processor Virtual Server Guest Code Virtual Machine ³Additions´ NDIS Driver VMM Driver VMM Kernel Host Physical Machine .VM Components VMM Kernel Host context Guest Context Thin layer.
VM Components VMM Driver Provides kernel-level VM-related kernelVMservices - Host context Guest context Create Virtual Machine Create Virtual Processor Execute Virtual Processor Virtual PC Virtual Server - Implements context switching mechanism between the host and guest contexts Loads and bootstraps the VMM kernel Much of the security work we¶ve Host done recently involved repackaging the VMM kernel Kernel code into the VMM driver Guest Code Virtual Machine ³Additions´ NDIS Driver VMM Driver VMM Kernel Host Physical Machine .
VM Execution Loop Host code repeatedly calls ExecuteVirtualProcessor VMM acts as ³co-routine´ (i. VMM state is saved and ³corestored eac time ExecuteVirtualProcessor is called) Cycles spent inside guest context are counted against t e calling t read Host code can control how much time is spent in guest Return code indicates w y ExecuteVirtualProcessor returned Time slice complete IN or OUT instruction encountered HLT instruction encountered .e.
Virtualized Hardware Memory (up to 4 GB) Virtual Hard Disks (3 VHD ± upto 16 GB/vhd) CD/DVD drive Floppy drive Serial ports (COM1. COM2) Paralell port (LPT1) Networking (4 NICs) Sound Display No USB support .
Terms Term Virtual Machine Host OS Physical Computer Guest OS Virtual network Virtual Machine Additions Virtual CDROM VHD Description The virtual hardware environment provided by Virtual PC 2004 The operating system that is installed on the physical computer The actual hardware that is being used and where Virtual PC 2004 is installed The Operating software that is installed on the virtual machine A network created in software Software loaded on the guest operating system that provided increased functionality and performance enhancements A CDROM implemented in software that can share the physical computer CDROM or access ISO images Virtual Hard Disk (VHD) is the file on the physical computer that a virtual machine uses as a hard disk and perform all the reads and writes Virtual Machine Configuration (VMC) file is where all the settings for a virtual machine are stored The ability to use a folder on the host as a mapped drive letter in the virtual machine The ability to drag files or folders between the virtual machine and the host VMC Shared Folders Drag and Drop .
Extended Page Tables (EPT) A VMM must protect host physical memory Multiple guest operating systems share the same host physical memory VMM typically implements protections through ³page³page-table shadowing´ in software PagePage-table shadowing accounts for a large portion of virtualization overheads Goal of EPT is to reduce t ese over eads .
or CR3 changes . under the control of the VMM pageDefines mapping between guest.and host-physical addresses guesthostEPT base pointer (new VMCS field) points to the EPT page tables EPT (optionally) activated on VM entry. INVLPG.What Is EPT? CR3 EPT Base Pointer (EPTP) Guest Linear Address Guest IA-32 Page Tables Guest Physical Address Host Physical Address Extended Page Tables Extended Page Table A new page-table structure. deactivated on VM exit Guest has full control over its own IA-32 page tables IANo VM exits due to guest page faults.
etc.EPT Translation: Details All guest-physical memory addresses go through EPT tables guest(CR3. PTE. PDE.g. PAE) page- .) Above example is for 2-level table for 32-bit address space 232Translation possible for other page-table formats (e..
unless known to be safe .Direct Execution In some processor modes. it¶s safe to use direct execution. ot ers require emulation Real Mode Virtual 8086 (v86) mode Protected Mode Ring 3 Protected Mode Ring 0 Emulation Direct Execution Direct Execution (with a few exceptions) Emulation.
Direct Execution ³Ring Compression´ Guest ring-0. 1. 2 code is executed at ring 1 ringGuest ring-3 code is executed at ring 3 ringProvides correct MMU protection semantics (since ring 0-2 can 0access privileged pages) Direct execution of ring-0 code is only allowed if t e ringVMM is notified t at it¶s ³safe´ This requires patching certain ³dangerous´ instruction sequences in the Windows kernel and HAL Patching is performed at runtime in memory only Patches are different for each version of Windows kernel & HAL .
We can change the subroutine implementations in the future.[ebp+8] [eax] _vmpopfd This patched sequence is correct and fast . Original Code pushfd cli mov eax.[ebp+8] call [eax] popfd ret With Synthetic Instructions vmpushfd vmcli mov eax.Guest OS Patching Runtime Guest OS Patc ing Replace synthetic instructions with subroutine calls This technique prevents us from exposing internal VMM implementation details to OS vendors.[ebp+8] call [eax] vmpopf ret With Runtime Patches call call mov call call ret _vmpushfd _vmcli eax.
Emulated Hardware Component BIOS CPU Chipset Network adapter (multi-function) Video card Soundcard Virtual mac ine emulated ardware AMI BIOS using Intel 440BX rev B chipset Same as host Intel 440BX DEC/Intel 21140A (10/100) S3 Trio 32/64 PCI with 8 MB Video RAM Creative Labs Sound Blaster 16 ISA Plug and Play .
expands as you write data to it Use Virtual Disk Wizard to pre-create other disk types pre- .Virtual Disks Types of virtual disks Dynamically expanding virtual disk Fixed virtual disk Differencing Linked drive .use a host partition Default is dynamic ± 16GB 35KB when created on disk.
powercommitted or discarded Reboots are not affected Enabled per virtual machine. applies to all disks Writes are made to a separate undo file per disk .Undo Disks Allows all changes from power-on to be saved.
Virtual Machine States Running states Pause Save State Turn off Shutdown the Guest OS Undo disks add these states Save State and save changes Save State and commit changes Turn off and Save changes Turn off and discard changes .
fail-safe failenvironment Technical support Support multiple operating systems on a single computer without rebooting the computer or buying additional computers Set up numerous user-specific configurations on a single usercomputer for real-time scenario testing and evaluation real- Training Train people on any operating system without purchasing additional computers Dramatically reduce classroom turnaround time by instantly switching configurations Restore students¶ crashed operating systems with a mouse-click mouse- .Virtual PC Features Benefits and Usage Scenarios Ease application migration Run older legacy applications while migrating to a new operating system Pilot and test new operating systems in a controlled.
isolated environment Accelerate application development Increase QA by testing on multiple OSs using VMs Decrease time-to-market with less reconfiguration time-to- Do more in less time Run multiple OSs on a single physical computer Reduces t e number of p ysical computers needed .Virtual PC Features Benefits and Usage Scenarios Quality Assurance Test and document software on different operating systems on one computer Compare application look and feel in multiple environments simultaneously Test potentially unstable prerelease software in a safe.
Virtual PC Features Key Features Configurability Adjust settings and allocate resources Easy installation No reboot required Standardization Avoid hardware conflicts Convenience Switch between OSs as easily as any application Host integration Drag and drop between guest and host .
Virtual PC Features Using Virtual Machines .
Virtual Networking Up to 4 NICs per virtual machine Network Modes Not Connected Local Only (virtual machines only) VM communicates with other VMs on the Local Only network External NIC (Virtual Networking) Each VM appears to be a separate entity on the network Use a MS Loopback adapter to get internal only traffic between host and virtual machine .
Networking Virtual Networking vs Local only Virtual Machine #1 Virtual Machine #2 Virtual Network Host NIC External Ethernet .
Networking Server Virtual Machine Virtual PC Translators Network Address Translator Host TCP/IP Connection .
Virtual Machine Additions Improved operating system performance Drag and drop Clipboard sharing Shared folders Integrated mouse DOS CD-Rom support CDOptimized video drivers Time synchronization Dynamic resizing of VM window .
Today·s Uses Virtualization addresses today·s IT concerns Server Consolidation VM1 VMn VM1 VMn Test and Development VM1 App OS « App OS App OS « VMM HW App OS App OS App OS HW0 HWn VMM HW 10:1 in many cases Enables rapid deployment .
Virtualization Capabilities Workload Isolation App1 OS App2 App1 OS App2 OS App1 OS1 Workload Consolidation App2 OS2 App1 OS1 App2 OS2 HW VMM HW HW1 HW2 VMM HW Workload Migration App OS App Workload Embedding App App OS OS1 OS2 VMM HW1 VMM HW2 VMM HW1 VMM HW2 VMM HW Virtualization has powerful capabilities .
g. shadow tables) . translated code..Virtualization Today Summary Of Challenges Complexity CPU virtualization requires binary translation or paravirtualization Must emulate I/O devices in software Functionality Paravirtualization may limit supported guest OSes Guest OSes ³see´ only simulated platform and I/O devices Reliability and Security I/O device drivers run as part of host OS or hypervisor No protection from errant DMA that can corrupt memory Performance Overheads of address translation in software Extra memory required (e.
Create a new VM Review Virtual PC settings Launch a VM .
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.