Cloud Computing

Saswati Mukherjee
 What is Virtualization?
Virtualization is a technology that,
when applied on computing
resources, presents an
environment with one or many
operating systems using
methodologies related to
hardware and software using
partial or complete machine
simulation, emulation, time-
sharing, and others.
 What is Virtualization?
Definition:
“A Framework or methodology
of dividing the resources of a
computer hardware into
multiple execution
environments, by applying
one or more concepts such as
software partitioning, time
sharing, partial or complete
machine simulation,
emulation”.
 Goals of Virtualization
• Allowing any network-enabled device to access any
application over any network, even if that application was
never designed to work with that type of device.
• Isolation of one workload or application from another to
enhance security or manageability of the environment.
• Isolation of an application from the operating system,
allowing an application to continue to function even though
it was designed for a different version of the operating
system.
 Goals of Virtualization
• Ability to increase the number of
users working on an application
since multiple instances are run on
different machines simultaneously.
• Ability to decreasing the time it
takes for an application to run, by
segmenting either the data or the
application itself and spreading the
work over many systems.
 Goals of Virtualization
• Optimizing the use of a single system, allowing it to work harder and
more intelligently (that is, reducing the amount of time the
processor sits idle without being able to shut down).

APP Data APP Data APP Data

 Goals of Virtualization

App Data App Data App Data

Virtualization
 Traditional Server Room – Different Machines

Application Application Application Application

OS OS OS OS
Hardware 1
Application Hardware 1 Hardware 1 Hardware 1
Application Application Application

Web Server App Server DB Server Email

Windows Linux Linux Windows
 Virtualized Server Room – Machine 1
Application Application Application
Virtual
OS OS OS Machines
Application
Hardware Application
Hardware Application
Hardware
Web
1 Email
1 DB Server
1
Server Server Linux
Windows Windows

Virtualization Layer

Hardware in
host machine
Virtualized Server Room – Machine 2
Application Application
Virtual
OS OS Machines
Application
Hardware Application
Hardware
App
Email
1 1
Server
Server
Windows Linux

Virtualization Layer

Hardware in
host machine
 Virtualized Server Room – Machine 3
Application Application Application
Virtual
OS OS OS Machines
Application
Hardware Application
Hardware Application
Hardware
Web1 Email
1 DB Server
1
Server Server Linux
Windows Windows

Virtualization Layer

Hardware in
host machine
Virtualized Server Room – Machine 4
Application Application
Virtual
OS OS Machines
Application
Hardware Application
Hardware
App
Web
1 1
Server
Server
Windows Linux

Virtualization Layer

Hardware in
host machine
How clouds work?
Babu

Charu
Apu
Physical machine
Danish
• Suppose Apu has a machine with 4 CPUs and 8 GB of memory,
and three customers:
• Babu wants a machine with 1 CPU and 3GB of memory
• Charu wants 2 CPUs and 1GB of memory
• Danish wants 1 CPU and 4GB of memory
• What should Apu do?
14
Virtualization is key enabler

Babu
Virtual
machine
monitor
Charu
Apu
Physical machine
Virtual machines Danish

• Apu can sell each customer a virtual machine (VM) with the
requested resources
• From each customer’s perspective, it appears as if they
had a physical machine all by themselves (isolation)
15
Virtualization
“A technique for hiding the physical characteristics of computing
resources from the way in which other systems, applications, or end
users interact with those resources. This includes making a single
physical resource appear to function as multiple logical resources; or it
can include making multiple physical resources appear as a single
logical resource.”

16
The idea of Virtualization: from 1960’s
• IBM VM/370 – A VMM for IBM mainframe
• Multiple OS environments on expensive hardware
• Desirable when few machine around
• Popular research idea in 1960s and 1970s
• Entire conferences on virtual machine monitors
• Hardware/VMM/OS designed together
• Allowed multiple users to share a batch oriented system
• Interest died out in the 1980s and 1990s
• Hardware got more cheaper
• Operating systems got more powerful (e.g. multi-user)

17
A Return to Virtual Machines
• Disco: Stanford research project (SOSP ’97)
• Run commodity OSes on scalable multiprocessors
• Focus on high-end: NUMA, MIPS, IRIX
• Commercial virtual machines for x86 architecture
• VMware Workstation (now EMC) (1999-)
• Connectix VirtualPC (now Microsoft)
• Research virtual machines for x86 architecture
• Xen (SOSP ’03)
• plex86
• OS-level virtualization
• FreeBSD Jails, User-mode-linux, UMLinux

18
Starting Point: A Physical Machine
• Physical Hardware
• Processors, memory, chipset,
I/O devices, etc.
• Resources often grossly
underutilized
• Software
• Tightly coupled to physical
hardware
• Single active OS instance
• OS controls hardware

19
What is a Virtual Machine? •
Software Abstraction
• Behaves like hardware
• Encapsulates all OS and
application state
• Virtualization Layer
• Extra level of indirection
• Decouples hardware, OS
• Enforces isolation
• Multiplexes physical
hardware across VMs

Virtual Machine Monitor or

Hypervisor
20
Virtualization Properties, Features
• Isolation
• Fault isolation
• Performance isolation (+ software isolation, …)
• Encapsulation
• Cleanly capture all VM state
• Enables VM snapshots, clones
• Portability
• Independent of physical hardware
• Enables migration of live, running VMs (freeze, suspend,…)
• Interposition
• Transformations on instructions, memory, I/O
• Enables transparent resource overcommitment,
encryption, compression, replication …

21
 Types of Virtualization
• Machine-level virtualization
• Processor virtualization
• Memory virtualization
• Network virtualization
• Storage virtualization
• Desktop virtualization
• Many others…
 Machine-Level Virtualization

Normal System Virtualized System

 Machine-Level Virtualization
• Software layer for virtualization virtualizes
the physical resources
• Used exclusively by the VMs.
• Can be implemented at various operational
levels – creates abstraction at different
layers.#
• Common virtualization layers:
• the instruction set architecture (ISA) level,
hardware level, operating system level,
library support level, and application level.
 Virtual Machines (VMs)
• The guest OS + applications =
virtual machines (VMs)
• VMs are capable of virtualizing a
full set of hardware resources,
including a processor (or
processors), memory and storage
resources and peripheral devices.
• Two types:
• Process VM.
• System VM.
 Process VM

Courtsey: Ravi Nair [1]

• Virtualizing software translates instructions from one platform to another.

• Helps execute programs developed for a different OS or different ISA.
 Process Virtual Machines
• A process virtual machine or application Virtual machine is designed to
run a single program with a single process.
• It runs just like a regular application within the host OS as a process.
• The VM is created when process is initiated and destroyed when the
process exits or dies.
• A Process VM is sometimes referred to as application virtual machine.
• This VM mainly aims at providing a platform-independent development
environment. Java programming language is platform independent as it
implements Java Virtual Machine (JVM) which is a process VM.
 System VM

Courtsey: Ravi Nair [1]

• Provides a complete system environment.

• OS+ user processes + networking+ I/O + display + GUI.
• Guest OS lasts as long as host is alive.
 System Virtual Machines (VMs)
• System VMs take the concept of multiprogramming one step
further.
• They provide an illusion for complete systems.
• Supports multiple system images simultaneously,
• Each image runs its own operating system and associated
application programs.
• Each operating system controls and manages a set of
virtualized hardware resources.
• A processor (or processors), storage resources, and peripheral
devices need to perform input and output (I/O) operations.
 System Virtual Machines (VMs)
• Here the real resources of the host platform are shared
among the guest system VMs.
• The virtual machine monitor (VMM) is the software layer.
• It manages the allocation of, and access to, the hardware
resources of the host platform.
• The VMM is the real owner of the system resources.
• VMM decides the guest OS to execute on the hardware.
• Guest OSs get the resources alternatively.
• For virtual machines an illusion of owning the resources is
created.
 System Virtual Machines

• A System Virtual Machine gives a complete virtual hardware platform

with support for execution of a complete operating system (OS).
• Multiple Operating System environments can run in parallel on the
same piece of hardware in strong isolation from each other.
• The VM can provide an instruction set architecture (ISA)
• Maybe different from that of the real machine.
Types of Virtualization
 Application Level Virtualization
• At the application level an
application is virtualized as a
process VM.
• Also known as process-level
virtualization:
• Since an application typically
runs as a process.

• JVM/ .NET CLR

 Library Level Virtualization
• APIs of the user-level libraries are
commonly used by many applications.
• Hence these interfaces are good
candidates for virtualization.
• API hooks are used controlling the
communication between applications
and the rest of a system.

• WINE/ vCUDA
 OS Level Virtualization
• Creating an abstraction layer
between traditional OS and user
applications.
• Also known as containers.
• Isolated containers are created
on a single physical server.
• The containers behave like real
servers.

• Jail/ Virtual Environment

 HAL Level Virtualization
• Hardware Abstraction Layer
(HAL) Level virtualization.
• This virtualizes all of computer’s
resources:
• Processors, memory, and I/O
devices.
• Utilization rate is improved by
having multiple concurrent users.

• Xen/ VMware
 ISA Level Virtualization
• Instruction Set Architecture (ISA)
Level
• At the ISA level, virtualization is
performed by emulating a given
ISA by the ISA of the host
machine.

• QEMU/ Dynamo
Types of Virtualization
 VMs – Application Containers

• Essential goals of virtualization are segregation of apps, performance and

resource management, easy start, stop, move, and management of them
• Can be achieved without full-fledged virtualization – If applications compiled
for the host operating system, don’t need full virtualization to meet these goals
• Containers are such examples that create virtual layer between OS and apps
• Only one kernel running – host OS
• OS and devices are virtualized, providing resources within zone with impression that
they are only processes on system
• Each zone has its own applications; networking stack, addresses, and ports; user
accounts, etc
• CPU and memory resources divided between zones
• Zone can have its own scheduler to use those resources
 Network Virtualization
• Network virtualization is the process
of virtualizing the network.
• Both hardware and software
network resources and network
functionalities are combined into a
single, software-based
administrative entity.
• This is called a virtual network.
• We will discuss this in a later
module.
 Storage Virtualization
• Storage virtualization decouples the physical
organization of the storage from its logical
representation.
• Users are unaware of the specific location of
data.
• A logical path is sufficient for this.
• Different storage facilities can be represented
using a single logical file system.
• We will discuss about this type of virtualization
in a later module.
I/O Virtualization
• Challenge: Lots of I/O devices
• Problem: Writing device drivers for all I/O devices in the VMM layer is not a
feasible option
• Insight: Device driver already written for popular OSes
• Solution: Present virtual I/O devices to guest VMs and channel I/O
requests to a trusted host VM (popular OS)
 Desktop Virtualizations
• Desktop virtualization is technology that lets users simulate a
workstation load to access a desktop from a connected device
remotely or locally.
• This separates the desktop environment and its applications from the
physical client device used to access it.
• Remote Desktop Virtualization is a common use of   virtualization
that operates in a client/server computing environment.
• This allows users to run operating systems and applications from a
server inside a data center while all user interactions take place on a
client device.
• This client device could be a laptop, thin client device, or a
smartphone. 
 Hardware Virtualization
• Perhaps the oldest idea of
virtualization.
• Came in the '60s.
• In 1972 IBM introduced virtual
machine operating system.
• The current version is called
a Virtual Machine Monitor
(VMM) or Hypervisor.
• VMM runs on the physical machine.
 Hardware Virtualization
• The typical layering of
hardware, OS and
application is modified in
a virtualized environment.
• The modified virtualized
environment can be either
a three or a four layer
environment.
 Terminologies
• VMM or Hypervisor: A VMM is the
piece of software that provides the
abstraction of a virtual machine.
• Guest OS: along with the
applications runs on top of the
VMM.
• Host OS: In a four layer
environment, this sits on top of the
hardware.
 VMM
• The requirement is that we add one
virtualization layer above the
hardware.
• This virtualization layer is called the
Virtual Machine Monitor (VMM).
• Virtual Machine Monitor (VMM) is the
piece of software that provides the
abstraction of a virtual machine.
• VMM is also called a hypervisor.
 Properties of VMM
Equivalence/Fidelity 
• A program running under the VMM should exhibit a behavior
essentially identical to that demonstrated when running on an
equivalent machine directly.
Resource control/Safety 
• The VMM must be in complete control of the virtualized
resources.
Efficiency/Performance
• A statistically dominant fraction of machine instructions must be
executed without VMM intervention.
 Virtual Environment
Three layers: Type 1 hypervisor

Guest Environment

Virtualization Layer/ VMM

Hardware
 Type 1
Three layers: Type 1 hypervisor

Applications + Guest OS+ Virtual H/w

Virtualization Layer/ VMM

Hardware
 Type 1

Guest Guest Guest

OS A OS B OS C

VM1 VM2 VM3

Hypervisor

Hardware
 Type 1
• The VMM is installed on the bare
hardware.
• Bare metal hypervisor
• The guest OSs installed above the VMM.
• Run in a less privileged mode.
• Applications also run in lower levels of
privilege.
• The privilege level of the guest OS is
emulated by the VMM.
• Xen and VMware ESX.
Type 1
 Type 2
• It is not easy to use and implement
the native or type 1 hypervisor.
• For convenience and simplicity, we
look at the other option of hypervisor
– type 2 or hosted.
• Easier to install a virtual machine
system on an already running OS.
• These systems are called a hosted
• The term host refers to the
underlying OS.
 Type 2
• In a hosted VM system, the VMM
utilizes the functions already
available on the host OS to
control and manage resources
desired by each of the virtual
machines.
• These can support the broadest
range of hardware configurations.
• QEMU and VirtualBox.
 Type 2
Four layers: Type 2 hypervisor

Applications + Guest OS+ Virtual H/w Applications + Guest OS+ Virtual H/w

Virtualization Layer/ VMM Virtualization Layer/ VMM

Host OS

Hardware
 Type 2

Guest Guest Guest

OS A OS B OS C

VM1 VM2 VM3

Hypervisor

Host OS

Hardware
Type 2
 Hybrid
• The efficiency of virtualization
is not visible in Type 1, since
the hypervisor works like an
application.
• Some part of the VMM must
work in higher privilege mode.
• Desirable.
• This can be achieved by
creating a hybrid model.
 Hybrid
• The VMM shares the hardware with
a host operating system.
• This is done through mechanisms
commonly provided to extend the
functionality of an operating system
• kernel extensions
• device drivers.
• It has parts of the VMM working in a
privileged mode and other parts in
nonprivileged mode.
 Hybrid
• Also known as a dual-mode hosted
VM system.
• Supports multiple virtual machines.

Guest Guest
OS A OS B Appli- Appli-
cations cations
VM1 VM2

Hypervisor Host OS

Hardware
 System Call Example

• Run guest operating system deprivileged

• All privileged instructions trap into VMM
• VMM emulates instructions against virtual state e.g. disable virtual interrupts,
not physical interrupts
• Resume direct execution from next guest instruction
 VM Primitive Operations
• There are four basic operations
that can be defined as the
primitive operations of a VM
• Multiplexing
• Suspension
• Provision
• Migration
 VM Multiplexing

App App

OS OS

VMM VMM

Hardware Hardware

Storage
 VM Suspension

App

OS

VMM VMM

Hardware Hardware

App
Storage
OS
 VM Provisioning

App App

OS OS

VMM VMM

Hardware Hardware

Storage
 VM Migration

App App

OS OS

VMM VMM

Hardware Hardware

Storage
 VM Benefits
• Familiar Interfaces
• VM provides the same
interface as the OS.
• Flexibility of Applications
• Different operating systems
may run on different VMs.
• Security
• Isolation of applications in
VMs provides security.
• Server Consolidation
 VM Benefits
• High Availability
• Save the VM and run it
again
• Live migration
• Not affected by failures
• Simplified Environment
• Scalability 
• Backup with Fast Recovery
• Portability
 What is coming….
• What is virtualization?
• What are the types of
virtualization?
• What are the types of VM?

Upcoming
• What is virtualizability?
• Popek-Goldberg theorem.
• What is x86 architecture.
• Problems of x86 architecture.
 CPU Virtualization
CPU virtualization is an environment
that offers one or more of the
followings:
• Emulates a physical environment in
software.
• Provides a hardware-like view to
processes while the processes are not
running on top of the hardware.
• Creates the capability of running an
operating system inside another OS.
• Runs more than one OS on a single
physical hardware.
 Virtualization and Emulation
• Emulation is a common
phenomena.
• What is emulation?
• How to implement emulation?
• Interpretation
• Needed?
• Binary translation
• Good enough?
• Virtualization is similar but not
the same:
• What does it mean?
 Virtualization Requirements
• Virtualization requires the guests
to have near-native behaviour.
• Since virtualization is on the
same ISA, what is required for
two different OSs to run on one
hardware?
• Managing the execution
• Easy – allow any one.
• But there is more to it!
• Let us understand this.
 Third Generation Computers
Essentially today’s computers follow this
generation of computers:
• Integrated circuit based – 1964-1971
• Interfaced with an operating system.
• Concurrent applications
• Imposes certain restrictions on processes.
• Dual mode of CPU execution:
• Privileged mode and
• User mode.
• OS is empowered with the
supervisor/privileged mode.
 Third Generation Computers
• When a user process
executes:
• Only generic set of
instructions are executable.
• Mode of CPU ensures this.
• When a OS process
executes:
• All the instruction are
executed.
• Does it always work?
 Third Generation Computers
• What happens when a user process
wants to execute a special
instruction?
• Only OS can execute.
• Such instructions cause the CPU to
change the mode and bring in a OS
process that is capable of executing
this instruction on the behalf of the
user process.
• Called the ‘trapping to OS’.
 Trapping to OS
• A user mode instruction traps
whenever it tries to execute a
special instruction:
• For any I/O operation.
• For other special action.
• The mode changes to privileged.
• The execution of the instruction is
carried out by the OS (if
permissible).
• The results are passed on to the
respective (calling) user process.
 Virtualization Requirements
How do things work? Application
• Traditional OS – Layered
Trap to OS
approach.
• Normal application instructions
Traditional OS
run on the hardware:
• CPU in user mode. Special Routine

• Special application instructions

trap to the OS:
• CPU in privilege mode.
• Can VMM act in a similar Hardware
manner?
 Virtualization Requirements
VMM and Guest OS Application
• Add one more layer.
Trap to OS
• Run application codes natively
on the hardware. Guest OS
• Same ISA as the underlying
hardware Special Routine
• Must be possible.
• Special instructions trap to the OS VMM
• It in turn gets emulated by the
VMM #
• VMM executes these. Hardware
 Virtualization Requirements
How should we implement such a
VMM ?
• Acts as a scheduler.
• Run multiple OSs.
• But there are many problems.
• Problem 1: What about the guest
OSs?
• Problem 2: Cannot be done on
all hardware.
• Let us understand this.
 Virtualizability
• Virtualizability is the ability of a hardware/machine to allow
operating systems to run on top of VMM.
• There are three properties that are relevant with respect to
a VMM
• Equivalence / Fidelity 
• Resource control / Safety 
• Efficiency / Performance
• Popek Goldberg first proposed the concept and the
requirements
• 1974 article "Formal Requirements for Virtualizable Third
Generation Architectures”
 Properties of VMM
Equivalence/Fidelity 
• A program running under the VMM should exhibit a behavior
essentially identical to that demonstrated when running on an
equivalent machine directly.
Resource control/Safety 
• The VMM must be in complete control of the virtualized
resources.
Efficiency/Performance
• A statistically dominant fraction of machine instructions must be
executed without VMM intervention.
 Popek-Goldberg Theorem
• The original analysis by Popek
and Goldberg was for "third-
generation" machines,
• The IBM System/370 and
• The Honeywell 6000.
• However, it holds for present-
day machines as well:
• ISA perspective has not
changed. #
 Popek-Goldberg Theorem
• The hardware consists of a
processor and memory.
• The processor can operate in either
the privileged mode or the user
mode.
• A subset of the instruction set can
be used only in the privileged mode.
• Memory addressing is done relative
to the contents of a relocation
register.
 Popek-Goldberg Theorem
• Theorem:

For any conventional third generation computer, a virtual

machine monitor may be constructed if the set of sensitive
instructions for that computer is a subset of privileged
instructions.
 Popek-Goldberg Theorem
Instruction Behaviour: essentially two
types:
• Privileged instructions
• These are instructions trap in user
mode, do not trap in supervisor mode.
• Sensitive instructions
• These instructions will either attempt to
change the configuration of resources
in the system or whose behavior or
result depends on the mode of the
CPU. ##
 Types of Instructions

Nonprivileged Privileged

Sensitive
 Popek-Goldberg Theorem
• The requirement is that we need to add one virtualization layer
above the hardware.
• Theorem:

For any conventional third generation computer, a virtual

machine monitor may be constructed if the set of sensitive
instructions for that computer is a subset of privileged
instructions.
 Popek-Goldberg Theorem

Nonprivileged Nonprivileged

Privileged
Privileged

Sensitive Sensitive

Virtualizable Not virtualizable

 What is x86 Architecture?
Ring 3 • The x86 architecture is an
Ring 2 instruction set architecture (ISA)
Ring 1 series for computer processors. 
• Developed by Intel Corporation
Ring 0 • Most used ISA by major players.
Kernel • Depends on a four ring
Not used structure, though all modern x86
Not used architecture depend on two of
Applications the four rings, viz., 0 and 3.
 What is x86 Architecture?
Ring 3 • OS runs with the highest
Ring 2 privilege in ring 0
Ring 1 • Applications run in the non-
privilege mode in Ring 3.
Ring 0
• Rings 1 and 2 are not used
Kernel
in the traditional behaviour.
Not used • There are two problems for
Not used virtualizing x86 architecture.
Applications
 Problem 1 in x86 Architecture
• Some sensitive instructions do not
trap;
• They just fail/change semantic
silently.
• In x86, there are such instructions that
will change mode or even fail in user
mode without CPU mode change.
• Hence x86 is not virtualizable as per
Popek-Goldberg theorem.
 Problem 2 in x86 Architecture
• The second problem of x86 is
the ring formation.
• OS runs in Ring 0 and in
kernel mode.
• Applications run in Ring 3.
• Where to run VMM?
• Obviously in Ring 0.
• But what about the original
(now guest) OS?
 Virtualization – Requirements
• Need is to provide a duplicate
machine to processes.
• Generally difficult to provide an exact
duplicate.
• Only dual-mode operation available on
CPU.
• User runs in user mode
• Kernel runs in kernel mode
• Where to run the VMM?
 Virtualization – How to Provide?
• Alternative
• User runs in user mode
• VMM runs in kernel mode
• Where to run the Kernel?
• User mode/kernel mode?
• Not safe to let guest kernel run in kernel mode.
• So VM needs two modes.
• Typically VMMs implement virtual CPU (vCPU)
to represent state of CPU per guest.
• Called depriviledging the OS.
 Deprivileging the OS
Traditional scenario

App App User

mode

OS Kernel
mode
 Deprivileging the OS
Depriviledged scenario

Virtual
App App User
mode
User
Virtual
mode
OS Kernel
mode

VMM
Kernel
mode
 Methods of Virtualization
• By definition, the privileged
state of a virtual system differs
from that of the underlying
hardware.
• The VMM’s basic function is to
provide an execution
environment that meets the
guest’s expectations in spite of
this difference.
 Methods of Virtualization
• Emulation
• Trap and Emulate
• Binary Translation
 Emulation
• Both the application and the
guest OS run in the user mode.
• Catch hold of each instructions
of the user mode and translate
it to an equivalent instruction:
• Interpretation
• Very expensive to interpret
each instruction.
• Needed?
 Trap-and-Emulate
• Guest, i.e., both application and the guest
OS run in the user mode.
• Virtual user and virtual kernel mode.
• VMM runs in privileged mode.
• When a privileged instruction is to be
executed in virtual user mode, a trap to the
virtual kernel mode occurs.
• This, in turn, causes VMM to gain control
of the execution.
 Trap-and-Emulate
• When VMM traps:
• It executes the necessary equivalent
operations in the underlying ISA.
• Returns control to guest in user mode.
• User mode code in guest runs at
normal speed.
• No change from running in non-
virtualized environment.
• But kernel mode privileged codes run
slower due to trap-and-emulate.
 Trap-and-Emulate
• The mechanism works fine.
• Except kernel mode
running slower.
• Small issue is when there
are several guests:
• Each needs trap-and-
emulate for all privileged
mode instructions.
 Trap-and-Emulate
User Process

Guest User Mode

Guest OS

VMM
VMM
Kernel Mode

Courtesy: Silberschatz[3]
 Trap-and-Emulate

Courtesy: Silberschatz[3]
 Trap-and-Emulate – Problems
• Not all ISAs can be emulated using trap-and-
emulate method.
• Those that do not follow Popek Goldberg theorem.
• Sensitive instructions are not Privileged
instructions.
• Intel x86 is an example.
• Consider Intel x86 popf instruction
• Loads CPU flags register from contents of stack
• In privileged mode → all flags are replaced
• In user mode → only some flags are replaced
• No trap is generated.
 Binary Translation
• Binary Translation solves problems of
trap-and-emulate.
• Concept is simple, but
implementations are complex.
• If guest vCPU is in user mode, guest
can run instructions natively.
• If guest vCPU in kernel mode
• VMM checks every instruction
• Non-sensitive instructions run normally
• Sensitive instructions are translated
appropriate to the underlying ISA.
 Binary Translation
• Performance of this method is worse
than trap-and-emulate.
• Optimizations are possible.
• Use caching to improve performance.
• Cache what?
• Translate once, and when guest executes
code containing sensitive instruction –
• Check cached translation.
• Translate if not available.
• This solves the efficiency problem of
Binary Translation.
 Binary Translation

Courtesy: Silberschatz[3]
 CPU Virtualization in Practice
Four methods
• Emulation
• Interpretation.
• Full virtualization with
dynamic binary translation.
• Paravirtualization.
• Hardware-assisted
virtualization.
 Emulation
• Interpret the guest code.
• Efficiently emulates only those
hardware components so that user
does not understand the difference.
• Only CPU & memory are sufficient to
emulate.
• Performance can be improved by
some additional methods
• Typically reduces system accuracy.
 Full Virtualization
What do we want?
• Run an existing OS and applications in
an isolated VM.
• We should be able to run many such
VMs without affecting each other (not in
ring 0, of course!)
• A host OS should supervise.
• What would make this unsafe?
• All instructions executed on the
processor that modify the state of
the machine.
 Full Virtualization
How do we ensure safety?
• Intercept or rewrite all
those instructions that can cause
problem.
• What about the performance?
• All the other instructions (safe
ones) can run directly on the
physical hardware.
• Full Virtualization.
 Full Virtualization
• In full virtualization one or more guest operating
systems share hardware resources from the host
system.
• The presence of the hypervisor is not known to the
guests.
• Full virtualization requires a virtualizable architecture:
• The hardware is fully exposed to the guest OS.
• Guest OS runs unchanged.
• Ensures greater efficiency.
• X86 is not virtualizable!!
 Problem of x86
• In the ring architecture of x86:
• Where to run the guest os?
• Where to run the VMM?
• In full virtualization
• Run guest OS in Ring 1/3
• Deprivilege guest OS
• Run VMM in Ring 0.
• Running unmodified guest OS
in a higher ring has certain
problems.
 Problem of x86
• x86 ISA does not meet the Popek & Goldberg requirements for
virtualization
• ISA contains 17+ sensitive, unprivileged instructions:
• SGDT, SIDT, SLDT, SMSW, PUSHF, POPF, LAR, LSL, VERR, VERW, POP, PUSH,
CALL, JMP, INT, RET, STR, MOV
• Most simply reveal the processor's CPL
• Virtualization is still possible, requires a workaround
 The “POPF Problem”

• If run in supervisor mode, interrupts are now off What “should”

happen if this is run in user mode?
• Attempting a privileged operation should trap
• If it doesn't trap, the VMM can't simulate it Because the VMM won't even
know it happened
• What happens on the x86?
• CPU “helpfully” ignores changes to privileged bits when POPF run in user
mode!
 Problems of Deprivileging Guest OS
There are many problems that would
arise when a guest OS is run at a
higher ring.
1. Certain sensitive instructions do
not trap.
2. Ring aliasing. It is the challenges
of running an OS at a different level.
3. Address-space compression. It is
the challenge accessing the
address space by the guest OS.
 Dynamic Binary Translation
• Binary translation module is used to
skip or modify the guest OS binary
code blocks which include critical
instructions.
• Translate those critical instructions
into some privilege instructions which
will trap to VMM for further
emulation.
• Full virtualization using dynamic
binary translation.
 Full Virtualization Using Dynamic BT

Ring 3 User Apps

Ring 2 Direct
Execution
Ring 1 Guest OS of User VMware (1998)
Requests

Ring 0 VMM Binary

Execution of
OS Requests
Host Computer
Hardware
 Full Virtualization with BT: Shortcomings
• Hardware emulation comes with
a performance price.
• Binary translation does not work
for the following cases:
• Self-modifying code
• Self-reference code
• Real-time system
• Solution in the other methods of
virtualization.
 Paravirtualization
• Modify or patch the Guest OS for
virtualization.
• The Guest OS realizes that it is running
above VMM rather than physical
machine.
• In this case the modified kernel of the
guest OS is able to communicate with the
hypervisor below via special calls.
• These special calls are equivalent to
system calls of a non virtualized OS.
• Used by Xen.
 Paravirtualization
• The Guest OS is modified and thus run kernel-level
operations at Ring 1 (or 3).
– Guest is now fully aware of how to process privileged
instructions.
– No need for the translation of the privileged instruction.
– Guest OS uses a specialized call, called hypercall, to talk to
the VMM.
– VMM executes the privileged instructions.
• Thus VMM is responsible for handling the virtualization
requests and putting them to the hardware.
 Paravirtualization
Ring 3 User Apps

Ring 2
Direct
Ring 1 Execution
of User
Paravirtualized
Ring 0 Guest OS Requests

Virtualization Hypercalls to
Layer virtualization
layer
Host Computer
Hardware
 Paravirtualization Challenges
• Guest OS must be modified for
this purpose.
• Causes problems in OS
maintainability and
supportability.
• Guest OS and hypervisor are
tightly coupled.
• Hence compatibility problem.
• Guest kernel must be recompiled
when hypervisor is updated.
 Hardware-Assisted Virtualization
• Why are there so many problems and
difficulties ?
• Some critical instructions do not trap in user
mode.
• Legacy processors were not designed for
virtualization.
• With virtualization-aware processors, the VMM
design will be more efficient and simple.
• Solution:
• Some instructions must be redefined.
• CPU control paradigm must be changed.
 Hardware-Assisted Virtualization
• Rather than making software
adjustments, change the hardware.
• Modern x86's meet Popek &
Goldberg requirements
• Intel VT-x (2005), AMD-V (2006)
• VT-x introduces two operating
modes:
• “VMX root” operation
• Runs VMM
• “VMX non-root” operation
• Runs guest OS
 Hardware-Assisted Virtualization
• Both modes support all
privilege rings.
• Guest OS (unmodified) runs in
ring 0 in non-root mode.
• Traps to root mode.
• Privileged and sensitive calls
automatically trap to the
hypervisor.
• VMM controls the execution of
the guest OS.
 Hardware-Assisted Virtualization(check)

VMX non-root VMX root

 Hardware-Assisted Virtualization – Challenges
• Allows unmodified Os.
• Legacy OS can be run.
• Problems:
• An unmodified OS cannot take
advantage of the virtualization.
• It does not know it is running
in a virtualized environment.
• Resolved using
paravirtualization partially.
 CPU Virtualization
• Emulation technique
• Interpretation and translation approaches.
• Virtualization technique
• Modern CPU architecture.
• Trap and emulation model.
• Critical instruction issue:
• Para-virtualization, Dynamic binary
translation.
• Hardware assistance.
• Intel VT-x approach:
• Root Mode & Non-Root Mode.
Case Study: Xen
 Xen
• Name from neXt gENeration
• Xen is a virtualization system
• Paravirtualization
• Hardware-assisted full
virtualization
 Xen Architecture

Dom U Dom U
Dom 0 PV HVM
guest guest

Xen hypervisor

Processor
disk NIC VGA Hardware
Memory
 Xen Components
•Hypervisor
• Handles all the low
level functionality
• Responsible for CPU
scheduling and
memory partitioning.
• Domain 0
• Domain U
 Xen Components
• Domain 0
• Modified Linux kernel
• A VM with special rights
• Accesses physical I/O resource
• interacts with other virtual machines
• Domain U
• Physical hardware is inaccessible here
• Paravirtualized VMs – DomU PV Guests (Linux, Solaris,
FreeBSD, UNIX)
• Full virtualized VMs -- DomU HVM guests (Windows)
 Xen and Future
Xen is a popular hypervisor and
enjoys support from various
vendors:
• Sun Microsystems
• Hewlett-Packard
• Novell
• Red Hat
• Intel
• Advanced Micro Devices
• Voltaire
• IBM
 Summary
• What are the various
methods of virtualization.
• Implementations of CPU
virtualization.
• Xen hypervisor.

Next Class

• Web services.
 References
1. Popek, Gerald J., and Robert P. Goldberg. "Formal requirements for
virtualizable third generation architectures." Communications of the
ACM17.7 (1974): 412-421.
2. Smith, J. E., and Ravi Nair. "Virtual Machines: Architectures,
Implementations and Applications." Morgan Kauffmann (2004).
3. Hwang, Kai, Jack Dongarra, and Geoffrey C. Fox, “Distributed and
Cloud Computing: From Parallel Processing to the Internet of
Things”, Morgan Kaufmann, 2013.
THANK YOU!
 References
1. Smith, J. E., and Ravi Nair. "Virtual Machines: Architectures,
Implementations and Applications." Morgan Kauffmann, 2004.
2. Popek, Gerald J., and Robert P. Goldberg. "Formal requirements for
virtualizable third generation architectures." Communications of the
ACM17.7 (1974): 412-421.
3. Figueiredo, Renato, and Peter A. Dinda. "Guest Editors' Introduction:
Resource Virtualization Renaissance." Computer 5, 28-31, 2005.
4. Hwang, Kai, Jack Dongarra, and Geoffrey C. Fox, “Distributed and Cloud
Computing: From Parallel Processing to the Internet of Things”, Morgan
Kaufmann, 2013.
5. Marinescu, Dan C. ”Cloud Computing: Theory and Practice.” Newnes,
2013.