The Future of Virtual Machines: A VMware Perspective

Ed Bugnion Co-founder, VMware Inc. JUGS September 27, 2001

© 2001 VMware, Inc. All rights reserved.

Outline
• • •

Historical Perspective MultipleWorlds™ Technology
• Technology and Products

Technology
• Hosted and Host-less architectures • Performance

4 Usage scenarios

2

© 2001 VMware, Inc. All rights reserved.

The Problem (1960’s)

Operating System Mainframe Hardware

3

© 2001 VMware, Inc. All rights reserved.

The Solution (1960’s)

Operating System

Operating System Mainframe Hardware

Mainframe Hardware

4

© 2001 VMware, Inc. All rights reserved.

All rights reserved.Virtual Machine Monitors App CMS App MVS App CMS App CMS IBM VM/370 IBM Mainframe A thin software layer that sits between hardware and the operating system— virtualizing and managing all hardware resources 5 © 2001 VMware. . Inc.

Old idea from the 1960s • IBM VM/370 – A VMM for IBM mainframe • Multiple OS environments on expensive hardware • Desirable when few machine around • Entire conferences on virtual machine monitor • Hardware/VMM/OS designed together • Popular research idea in 1960s and 1970s Interest died out in the 1980s and 1990s.g multi-user) 6 © 2001 VMware. • • Hardware got cheap • Operating systems got more more powerful (e. Inc. All rights reserved. .

. incompatibilities. Inc. All rights reserved. … 7 © 2001 VMware. IRIX • Cheap. graphical user interface • Designed without virtualization in mind • • System Software has changed: • Extremely complex • Advanced networking protocols • But even today : • Not always multi-user • With limitations. diverse.A return to Virtual Machines • Disco: Stanford research project (1996-): Hardware has changed: • Run commodity OSes on scalable multiprocessors • Focus on high-end: NUMA. MIPS.

Inc.The Problem Today Operating System Intel Architecture 8 © 2001 VMware. All rights reserved. .

Inc. .The VMware Solution Operating System Operating System Intel Architecture Intel Architecture 9 © 2001 VMware. All rights reserved.

All rights reserved.VMware MultipleWorlds Technology ™ ™ App Win 2000 App Win NT App Linux App Win 2000 VMware MultipleWorlds Intel Architecture A thin software layer that sits between Intel hardware and the operating system— virtualizing and managing all hardware resources 10 © 2001 VMware. . Inc.

MultipleWorlds Technology World App Win 2000 App Win NT App Linux App Win 2000 VMware MultipleWorlds Intel Architecture A world is an application execution environment with its own operating system 11 © 2001 VMware. Inc. . All rights reserved.

MultipleWorlds Technology World App Win 2000 App Win NT App Linux App Win 2000 VMware MultipleWorlds Intel Architecture A world is an application execution environment with its own operating system 12 © 2001 VMware. . All rights reserved. Inc.

.Challenges • • • Virtualization of IA-32 Hardware Diversity Acceptance 13 © 2001 VMware. All rights reserved. Inc.

All rights reserved. . Inc.VMware Workstation– Screen shot 14 © 2001 VMware.

.VMware Server – Screen Shot • Web-based management interface • Stop. Inc. start. suspend/resume virtual machines • Monitor CPU usage • Run scripts • Secure user authentication • • • • • • Remote Console Windows and Linux versions Full desktop display Full mouse and keyboard support Secure user authentication Access VMware configuration editor 15 © 2001 VMware. All rights reserved.

. All rights reserved.VMware Products • VMware Workstation • Run Multiple Operating Systems on your workstation • Hosted Architecture • Available for Linux and Windows hosts • Run multiple servers on your server • Hosted Architecture • Available for Linux hosts and soon Windows hosts • + Quality of Service • + High-performance I/O • Host-less Architecture • VMware GSX Server • VMware ESX Server 16 © 2001 VMware. Inc.

Inc.Virtual Hardware Parallel Ports Serial/Com Ports Ethernet Sound Card IDE Controller Monitor (VMM) Floppy Disks Keyboard SCSI Controller Mouse 17 © 2001 VMware. All rights reserved. .

Inc.Attributes of MultipleWorlds Technology • • • • • Software compatibility • Runs pretty much all software • Near “raw” machine performance Low overheads/High performance Complete isolation Encapsulation • Total data isolation between virtual machines • Virtual machines are not tied to physical machines Resource management 18 © 2001 VMware. . All rights reserved.

All rights reserved. . Inc.VMware Core Technology The present © 2001 VMware.

All rights reserved. Inc.Virtualization through Ring Compression Virtual Machine Monitor (VMM) runs at ring 0 Kernel(s) run at ring 1 Requires that CPU is virtualizable user kernel 1 0 VMM 2 3 20 © 2001 VMware. .

g. Inc. IA-64 • Basic component missing (e. instructions have different semantics at various levels (sufficient) • E. …) • (Non-strictly) virtualizable processor architectures • Non virtualizable processor architectures 21 © 2001 VMware. All rights reserved.g Some software sequences can determine the presence of the VMM (complete) • Examples: IA-32. MMU.g. PowerPC • Trap emulation alone is not sufficient and/or not complete • E. DEC Compaq Intel Alpha. .Classification of processor architectures • Strictly virtualizable processor architectures • Can build a VMM based on trap emulation exclusively • No software running inside the VM cannot determine the presence of the VMM (short of timing attacks) • Examples: IBM S/390.

*VMware typically switches modes 1000 times per second 22 © 2001 VMware. or processor (direct execution) network card Guest OS Applications Guest Operating System Host OS Apps Host OS NIC VMware App VMware Driver Disks PC Hardware Virtual Machine Virtual Machine Monitor Memory CPU VMware achieves both near-native execution speed and broad device support by transparently switching* between Host Mode and VMM Mode. All rights reserved. floppy.Hosted VMware Architecture Host Mode VMM Mode VMware. . uses the host to monitor allows each guest access other devices such as OS to directly access the the hard disk. acting as an The VMware Virtual machine application. Inc.

. • Limits: • Usenix 2001 paper: 23 © 2001 VMware. G. “Virtualizing I/O on VMware Workstation’s Hosted Architecture”.Hosted VMM Architecture • Advantages: • Installs and runs like an application • Portable – host OS does I/O access • Coexists with applications running on the host • Subject to Host OS: • Scheduling Decisions • Resource management decisions • OS failures Performance overheads: • • World Switch • I/O access J.-H. Venkitachalam and B. All rights reserved. Lim. Sugerman. Inc.

Inc. All rights reserved. .Virtualizing a Network Interface VMApp Physical Ethernet Guest OS Virtual Network Hub Virtual Bridge Host OS VMDriver NIC Driver NIC Driver VMM Physical NIC PC Hardware 24 © 2001 VMware.

2.Experiment – TCP Throughput Host TCP Host Host VM TCP Host Native • Virtual Machine Two speed of host: • Standard -. . Inc.350 MHz Pentium II • • • 100 megabit Ethernet connected via crossover cable Host and Guest OSes are Linux 2. All rights reserved.733 MHz Pentium III • Slower -.x kernels 3 optimizations that reduce number of World switches 25 © 2001 VMware.

All rights reserved. Inc. .Optimized Performance– 733 MHz Native VM/733 MHz Optimized VM/733 MHz Version 2.0 26 © 2001 VMware.

Optimized Performance– 350MHz Native VM/350 MHz Optimized VM/350 MHz Version 2.0 27 © 2001 VMware. . All rights reserved. Inc.

.0 VMM I/O Ports VMM I/O Ports + Send Combining VMM I/O Ports + Send Combining + IRQ Notification •Native PC-733 is I/O bound with under 20% CPU utilization 28 © 2001 VMware.CPU Utilization – VM/PC-733 140 120 100 80 60 Percent 40 20 0 Version 2. All rights reserved. Inc.

Beyond the Hosted Architecture • Limits of the Hosted Architecture: • World switch overhead – especially I/O • Hard to make QoS guarantees • Depend on the Host • ESX Server Architecture: • Eliminate the host • All applications run in a VM • Looks closer to a traditional VMM system 29 © 2001 VMware. . Inc. All rights reserved.

All rights reserved. . Inc.ESX Server Architecture Guest OS VMM VMkernel x86 SMP Hardware Guest OS VMM Memory Mgmt Guest OS VMM SCSI Driver Guest OS VMM Ethernet Driver Console OS Scheduler CPU Memory disk nic nic NIC 30 © 2001 VMware.

. All rights reserved. Inc.High Performance Network •Ethernet and Gigabit Ethernet • Each virtual adapter has its own MAC address • No world switch ! Stub Driver VMM Stub Driver VMM Stub Driver VMM VMware Ethernet Driver NIC specific drivers VMware Server VMM x86 SMP Hardware 31 VMware Ethernet Driver NIC Shared Device NIC Exclusive Device © 2001 VMware.

Inc. . All rights reserved.Intra-system networking • Executes at memory speed Stub Driver Stub Driver Stub Driver Stub Driver VMware Server VMM x86 SMP Hardware 32 Virtual Network NIC specific drivers © 2001 VMware.

Usage Scenarios 4 Examples on Desktops and Servers © 2001 VMware. Inc. . All rights reserved.

All rights reserved. . Inc.Scenario #1: Testing and Deployment Production VM Production VM Development VM QA VM Production VM Production VM Develop Test Deploy 34 © 2001 VMware.

Major Wall Street Investment Banking Firm Testing and Deployment Challenge Testing & deployment was error-prone and expensive Solution Test and deploy in VMware worlds “VMware allows us to deliver welltested and more reliable solutions in a shorter time frame at substantially lower costs. All rights reserved. ." 35 © 2001 VMware. Inc.

.Scenario # 2: Server Consolidation Web Server Database Server App Server App Server App Server Web Server App Server Database Server Web Server Web Server VMware MultipleWorlds + Physical Hardware 36 © 2001 VMware. Inc. All rights reserved.

Inc. one server per database The Solution Run each database in a VMware world oil well photo “We’re able to run up to 10 database servers on a single server. . which allows us to provide mainframe levels of reliability and data security at much lower cost. All rights reserved.Server Consolidation The Challenge One database per oil well." 37 © 2001 VMware.

All rights reserved. .Scenario #3: Application Compatibility • • • Some applications require their OS Some solutions require multiple applications Appliances provide solutions  VMware in Appliances 38 © 2001 VMware. Inc.

Inc.Cisco Content Engine 590 Media Server Windows 2000 RealPl ayer Server Linux IP chain Intel Appliance 39 © 2001 VMware. All rights reserved. .

Usable Virtual Machines • that play no role in the security of the whole system 40 © 2001 VMware. .g: require some particular OS setups • Flexible systems are not that secure • Many documented examples • Virtual Machines allow: • Secure Host • that ensures the security of the whole system • Flexible. Usability • Secure systems are not that usable • E. All rights reserved.Scenario #4: Security Solutions • Traditional tension : Security vs. Inc.

. Inc. All rights reserved.National Security Agency NetTop Classified VM Internet VM VPN Firewall SE-Linux 41 © 2001 VMware.