UNIT II VIRTUALIZATION BASICS

Virtual Machine Basics – Taxonomy of Virtual Machines – Hypervisor – Key

Concepts – Virtualization structure – Implementation levels of virtualization –
Virtualization Types: Full Virtualization – Para Virtualization – Hardware
Virtualization – Virtualization of CPU, Memory and I/O devices.

Virtual Machine Basics

Virtual Machine :

abstracts the hardware of our personal computer such as CPU, disk drives,
memory, NIC (Network Interface Card) etc, into many different execution
environments as per our requirements, hence giving us a feel that each
execution environment is a single computer. For example, VirtualBox.

It partially uses the hardware of your system (like CPU, RAM, disk space, etc.)
but its space is completely separated from your main system. Two virtual
machines don‟t interrupt in each other‟s working and functioning nor they can
access each other‟s space which gives an illusion that we are using totally
different hardware system. More detail at Virtual Machine.

Types of Virtual Machines :

You can classify virtual machines into two types:

System Virtual Machine:

These types of virtual machines gives us complete system platform and gives
the execution of the complete virtual operating system. Just like virtual box,
system virtual machine is providing an environment for an OS to be installed
completely. We can see in below image that our hardware of Real Machine is
being distributed between two simulated operating systems by Virtual machine
monitor. And then some programs, processes are going on in that distributed
hardware of simulated machines separately.

Process Virtual Machine :

While process virtual machines, unlike system virtual machine, does not
provide us with the facility to install the virtual operating system completely.
Rather it creates virtual environment of that OS while using some app or
program and this environment will be destroyed as soon as we exit from that
app. Like in below image, there are some apps running on main OS as well
some virtual machines are created to run other
Virtual Machine Language :

It‟s type of language which can be understood by different operating systems. It

is platform-independent. Just like to run any programming language (C, python,
or java) we need specific compiler that actually converts that code into system
understandable code (also known as byte code). The same virtual machine
language works. If we want to use code that can be executed on different types
of operating systems like (Windows, Linux, etc) then virtual machine language
will be helpful.

Taxonomy of Virtual Machines

Taxonomy of Virtualization Techniques

 The first classification discriminates against the service or entity that is

being emulated
 Virtualization is mainly used to emulate execution environments, storage
and networks
 Execution virtualization is the oldest, most popular •Two major
categories: Process level, System level
 Process level techniques - on top of existing OS which has full control of
the hardware
 System level-Directly on hardware and require minimum support from
existing OS
Execution Virtualization

Includes all techniques whoseaim is to emulate an execution environmentthat is

separate from the one hosting virtualization layer

1.Machine Reference Model•

 Highest levelof abstraction is represented by

ApplicationProgrammingInterface(API) whichinterfacesapplicationsto
libraries and/or underlying OS
 Anyoperation to be performedin application levelAPI,ABI and ISA are
responsibleto make it happen
 High level abstraction converted into machine- level instructions to
perform the actual operations
 Layeredapproachsimplifiesthe implementation Instruction setexposed by
hardware isdivided into different security classeswhich define who can
operate with them
 First distinctionbetween privileged and non- privileged instructions
Non-privileged instructions - Those instructionsthat can be used without
interfering with other tasksbecause theydo not access shared resources -
Ex: all floating ,fixed point, arithmetic instructions
Hypervisor

A hypervisor is a form of virtualization software used in Cloud hosting to divide

and allocate the resources on various pieces of hardware. The program which
provides partitioning, isolation, or abstraction is called a virtualization
hypervisor. The hypervisor is a hardware virtualization technique that allows
multiple guest operating systems (OS) to run on a single host system at the same
time. A hypervisor is sometimes also called a virtual machine manager(VMM).

Types of Hypervisor –

TYPE-1 Hypervisor:

The hypervisor runs directly on the underlying host system. It is also known as
a “Native Hypervisor” or “Bare metal hypervisor”. It does not require any base
server operating system. It has direct access to hardware resources. Examples of
Type 1 hypervisors include VMware ESXi, Citrix XenServer, and Microsoft
Hyper-V hypervisor.

Pros & Cons of Type-1 Hypervisor:

Pros: Such kinds of hypervisors are very efficient because they have direct
access to the physical hardware resources(like Cpu, Memory, Network, and
Physical storage). This causes the empowerment of the security because there is
nothing any kind of the third party resource so that attacker couldn‟t
compromise with anything.

Cons: One problem with Type-1 hypervisors is that they usually need a
dedicated separate machine to perform their operation and to instruct different
VMs and control the host hardware resources.

TYPE-2 Hypervisor:
A Host operating system runs on the underlying host system. It is also known as
„Hosted Hypervisor”. Such kind of hypervisors doesn‟t run directly over the
underlying hardware rather they run as an application in a Host system(physical
machine). Basically, the software is installed on an operating system.
Hypervisor asks the operating system to make hardware calls. An example of a
Type 2 hypervisor includes VMware Player or Parallels Desktop. Hosted
hypervisors are often found on endpoints like PCs. The type-2 hypervisor is
very useful for engineers, and security analysts (for checking malware, or
malicious source code and newly developed applications).

Pros & Cons of Type-2 Hypervisor:

Pros: Such kind of hypervisors allows quick and easy access to a guest
Operating System alongside the host machine running. These hypervisors
usually come with additional useful features for guest machines. Such tools
enhance the coordination between the host machine and the guest machine.

Cons: Here there is no direct access to the physical hardware resources so the
efficiency of these hypervisors lags in performance as compared to the type-1
hypervisors, and potential security risks are also there an attacker can
compromise the security weakness if there is access to the host operating system
so he can also access the guest operating system.

HYPERVISOR REFERENCE MODEL :

There are 3 main modules coordinates in order to emulate the underlying
hardware:

DISPATCHER:
The dispatcher behaves like the entry point of the monitor and reroutes the
instructions of the virtual machine instance to one of the other two modules.

ALLOCATOR:
The allocator is responsible for deciding the system resources to be provided to
the virtual machine instance. It means whenever a virtual machine tries to
execute an instruction that results in changing the machine resources associated
with the virtual machine, the allocator is invoked by the dispatcher.

INTERPRETER:
The interpreter module consists of interpreter routines. These are executed,
whenever a virtual machine executes a privileged instruction.
Choosing the right hypervisor :

Type 1 hypervisors offer much better performance than Type 2 ones because
there‟s no middle layer, making them the logical choice for mission-critical
applications and workloads. But that‟s not to say that hosted hypervisors don‟t
have their place – they‟re much simpler to set up, so they‟re a good bet if, say,
you need to deploy a test environment quickly. One of the best ways to
determine which hypervisor meets your needs is to compare their performance
metrics. These include CPU overhead, the amount of maximum host and guest
memory, and support for virtual processors.

Key Concepts –

Virtualization structure

Virtualization is a technique how to separate a service from the underlying

physical delivery of that service. It is the process of creating a virtual version of
something like computer hardware. It was initially developed during the
mainframe era. It involves using specialized software to create a virtual or
software-created version of a computing resource rather than the actual version
of the same resource. With the help of Virtualization, multiple operating
systems and applications can run on the same machine and its same hardware at
the same time, increasing the utilization and flexibility of hardware.

In other words, one of the main cost-effective, hardware-reducing, and energy-

saving techniques used by cloud providers is Virtualization. Virtualization
allows sharing of a single physical instance of a resource or an application
among multiple customers and organizations at one time. It does this by
assigning a logical name to physical storage and providing a pointer to that
physical resource on demand. The term virtualization is often synonymous with
hardware virtualization, which plays a fundamental role in efficiently delivering
Infrastructure-as-a-Service (IaaS) solutions for cloud computing. Moreover,
virtualization technologies provide a virtual environment for not only executing
applications but also for storage, memory, and networking.
Virtualization

Host Machine: The machine on which the virtual machine is going to be built is
known as Host Machine.

Guest Machine: The virtual machine is referred to as a Guest Machine.

Work of Virtualization in Cloud Computing

Virtualization has a prominent impact on Cloud Computing. In the case of cloud

computing, users store data in the cloud, but with the help of Virtualization,
users have the extra benefit of sharing the infrastructure. Cloud Vendors take
care of the required physical resources, but these cloud providers charge a huge
amount for these services which impacts every user or organization.
Virtualization helps Users or Organisations in maintaining those services which
are required by a company through external (third-party) people, which helps in
reducing costs to the company. This is the way through which Virtualization
works in Cloud Computing.

Benefits of Virtualization

More flexible and efficient allocation of resources.

Enhance development productivity.

It lowers the cost of IT infrastructure.

Remote access and rapid scalability.

High availability and disaster recovery.

Pay peruse of the IT infrastructure on demand.

Enables running multiple operating systems.

Drawback of Virtualization

High Initial Investment: Clouds have a very high initial investment, but it is
also true that it will help in reducing the cost of companies.

Learning New Infrastructure: As the companies shifted from Servers to

Cloud, it requires highly skilled staff who have skills to work with the cloud
easily, and for this, you have to hire new staff or provide training to current
staff.

Risk of Data: Hosting data on third-party resources can lead to putting the data
at risk, it has the chance of getting attacked by any hacker or cracker very
easily.

Characteristics of Virtualization

Increased Security: The ability to control the execution of a guest program in

a completely transparent manner opens new possibilities for delivering a secure,
controlled execution environment. All the operations of the guest programs are
generally performed against the virtual machine, which then translates and
applies them to the host programs.

Managed Execution: In particular, sharing, aggregation, emulation, and

isolation are the most relevant features.

Sharing: Virtualization allows the creation of a separate computing

environment within the same host.

Aggregation: It is possible to share physical resources among several guests,

but virtualization also allows aggregation, which is the opposite process.

For more characteristics, you can refer to Characteristics of Virtualization.

Types of Virtualization

 Application Virtualization
  Network Virtualization
 Desktop Virtualization
 Storage Virtualization
 Server Virtualization
 Data virtualization

Types of Virtualization

1. Application Virtualization: Application virtualization helps a user to have

remote access to an application from a server. The server stores all personal
information and other characteristics of the application but can still run on a
local workstation through the internet. An example of this would be a user who
needs to run two different versions of the same software. Technologies that use
application virtualization are hosted applications and packaged applications.

2. Network Virtualization: The ability to run multiple virtual networks with

each having a separate control and data plan. It co-exists together on top of one
physical network. It can be managed by individual parties that are potentially
confidential to each other. Network virtualization provides a facility to create
and provision virtual networks, logical switches, routers, firewalls, load
balancers, Virtual Private Networks (VPN), and workload security within days
or even weeks.
Network Virtualization

3. Desktop Virtualization: Desktop virtualization allows the users‟ OS to be

remotely stored on a server in the data center. It allows the user to access their
desktop virtually, from any location by a different machine. Users who want
specific operating systems other than Windows Server will need to have a
virtual desktop. The main benefits of desktop virtualization are user mobility,
portability, and easy management of software installation, updates, and patches.

4. Storage Virtualization: Storage virtualization is an array of servers that are

managed by a virtual storage system. The servers aren‟t aware of exactly where
their data is stored and instead function more like worker bees in a hive. It
makes managing storage from multiple sources be managed and utilized as a
single repository. storage virtualization software maintains smooth operations,
consistent performance, and a continuous suite of advanced functions despite
changes, breaks down, and differences in the underlying equipment.

5. Server Virtualization: This is a kind of virtualization in which the masking

of server resources takes place. Here, the central server (physical server) is
divided into multiple different virtual servers by changing the identity number,
and processors. So, each system can operate its operating systems in an isolated
manner. Where each sub-server knows the identity of the central server. It
causes an increase in performance and reduces the operating cost by the
deployment of main server resources into a sub-server resource. It‟s beneficial
in virtual migration, reducing energy consumption, reducing infrastructural
costs, etc.
Server Virtualization

6. Data Virtualization: This is the kind of virtualization in which the data is

collected from various sources and managed at a single place without knowing
more about the technical information like how data is collected, stored &
formatted then arranged that data logically so that its virtual view can be
accessed by its interested people and stakeholders, and users through the various
cloud services remotely. Many big giant companies are providing their services
like Oracle, IBM, At scale, Cdata, etc.

Uses of Virtualization

 Data-integration
 Business-integration
 Service-oriented architecture data-services
 Searching organizational data
Implementation levels of virtualization

A traditional computer runs with a host operating system specially tailored for
its hardware architecture, as shown in Figure 3.1(a). After virtualization,
different user applications managed by their own operating systems (guest OS)
can run on the same hardware, independent of the host OS. This is often done
by adding additional software, called a virtualization layer as shown in Figure
3.1(b). This virtualization layer is known as hypervisor or virtual machine
monitor (VMM) [54]. The VMs are shown in the upper boxes, where
applications run with their own guest OS over the virtualized CPU, memory,
and I/O resources.

The main function of the software layer for virtualization is to virtualize the
physical hardware of a host machine into virtual resources to be used by the
VMs, exclusively. This can be implemented at various operational levels, as we
will discuss shortly. The virtualization software creates the abstraction of VMs
by interposing a virtualization layer at various levels of a computer system.
Common virtualization layers include the instruction set architecture
(ISA) level, hardware level, operating system level, library support level, and
application level (see Figure 3.2).
1. Instruction Set Architecture Level

At the ISA level, virtualization is performed by emulating a given ISA by the

ISA of the host machine. For example, MIPS binary code can run on an x86-
based host machine with the help of ISA emulation. With this approach, it is
possible to run a large amount of legacy binary code writ-ten for various
processors on any given new hardware host machine. Instruction set emulation
leads to virtual ISAs created on any hardware machine.

The basic emulation method is through code interpretation. An interpreter

program interprets the source instructions to target instructions one by one. One
source instruction may require tens or hundreds of native target instructions to
perform its function. Obviously, this process is relatively slow. For better
performance, dynamic binary translation is desired. This approach translates
basic blocks of dynamic source instructions to target instructions. The basic
blocks can also be extended to program traces or super blocks to increase
translation efficiency. Instruction set emulation requires binary translation and
optimization. A virtual instruction set architecture (V-ISA) thus requires adding
a processor-specific software translation layer to the compiler.
2. Hardware Abstraction Level

Hardware-level virtualization is performed right on top of the bare hardware.

On the one hand, this approach generates a virtual hardware environment for a
VM. On the other hand, the process manages the underlying hardware through
virtualization. The idea is to virtualize a computer‟s resources, such as its
processors, memory, and I/O devices. The intention is to upgrade the hardware
utilization rate by multiple users concurrently. The idea was implemented in the
IBM VM/370 in the 1960s. More recently, the Xen hypervisor has been applied
to virtualize x86-based machines to run Linux or other guest OS applications.
We will discuss hardware virtualization approaches in more detail in Section
3.3.

3. Operating System Level

This refers to an abstraction layer between traditional OS and user applications.

OS-level virtualiza-tion creates isolated containers on a single physical server
and the OS instances to utilize the hard-ware and software in data centers. The
containers behave like real servers. OS-level virtualization is commonly used in
creating virtual hosting environments to allocate hardware resources among a
large number of mutually distrusting users. It is also used, to a lesser extent, in
consolidating server hardware by moving services on separate hosts into
containers or VMs on one server.

4. Library Support Level

Most applications use APIs exported by user-level libraries rather than using
lengthy system calls by the OS. Since most systems provide well-documented
APIs, such an interface becomes another candidate for virtualization.
Virtualization with library interfaces is possible by controlling the
communication link between applications and the rest of a system through API
hooks. The software tool WINE has implemented this approach to support
Windows applications on top of UNIX hosts. Another example is the vCUDA
which allows applications executing within VMs to leverage GPU hardware
acceleration. This approach is detailed in Section 3.1.4.

5. User-Application Level

Virtualization at the application level virtualizes an application as a VM. On a

traditional OS, an application often runs as a process. Therefore, application-
level virtualization is also known as process-level virtualization. The most
popular approach is to deploy high level language (HLL)

VMs. In this scenario, the virtualization layer sits as an application program on

top of the operating system, and the layer exports an abstraction of a VM that
can run programs written and compiled to a particular abstract machine
definition. Any program written in the HLL and compiled for this VM will be
able to run on it. The Microsoft .NET CLR and Java Virtual Machine (JVM) are
two good examples of this class of VM.

Other forms of application-level virtualization are known as application

isolation, application sandboxing, or application streaming. The process
involves wrapping the application in a layer that is isolated from the host OS
and other applications. The result is an application that is much easier to
distribute and remove from user workstations. An example is the LANDesk
application virtuali-zation platform which deploys software applications as self-
contained, executable files in an isolated environment without requiring
installation, system modifications, or elevated security privileges.

6. Relative Merits of Different Approaches

Table 3.1 compares the relative merits of implementing virtualization at various

levels. The column headings correspond to four technical merits. “Higher
Performance” and “Application Flexibility” are self-
explanatory. “Implementation Complexity” implies the cost to implement that
particular vir-tualization level. “Application Isolation” refers to the effort
required to isolate resources committed to different VMs. Each row corresponds
to a particular level of virtualization.

The number of X‟s in the table cells reflects the advantage points of each
implementation level. Five X‟s implies the best case and one X implies the
worst case. Overall, hardware and OS support will yield the highest
performance. However, the hardware and application levels are also the most
expensive to implement. User isolation is the most difficult to achieve. ISA
implementation offers the best application flexibility.
Full Virtualization

In the full virtualization technique, the hypervisor completely simulates the

underlying hardware. The main advantage of this technique is that it allows
the running of the unmodified OS. In full virtualization, the guest OS is
completely unaware that it‟s being virtualized.

Full virtualization uses a combination of direct execution and binary translation.

This allows direct execution of non-sensitive CPU instructions, whereas
sensitive CPU instructions are translated on the fly. To improve performance,
the hypervisor maintains a cache of the recently translated instructions.

VMware‟s ESXi server uses this technique to achieve server virtualization.

Paravirtualization

In paravirtualization, the hypervisor doesn’t simulate underlying hardware.

Instead, it provides hypercalls. The guest OS uses hypercalls to execute
sensitive CPU instructions. This technique is not as portable as full
virtualization, as it requires modification in the guest OS. However, it provides
better performance because the guest OS is aware that it‟s being virtualized.

Hypercalls are similar to kernel system calls. They allow the guest OS to
communicate with the hypervisor.

The open-source Xen project uses the paravirtualization technique.

Virtualization allows one computer system to perform the functions of

numerous computers by sharing the resources of single hardware across
multiple environments. CPU virtualization includes both full virtualization and
paravirtualization. The key difference between them is that in full virtualization,
the unmodified OS is unaware of the virtualization and employs binary
translation to trap operating system calls at run-time. In contrast,
paravirtualization uses hypercalls in place of non-virtualizable operating system
instructions, and the complete process occurs during the compile time, where
these instructions are managed.

In this article, you will learn about the difference between Full
Virtualization and Paravirtualization in the operating system. But before
discussing the differences, you must know about Full Virtualization and
Paravirtualization in the operating system.
What is Full Virtualization?

Full virtualization is the first generation of software solutions for server

virtualization. It was developed by IBM in 1966. It operates by combining
binary translation and direct compilation, where the guest operating system is
completely separated from the basic hardware and virtualization layer. As a
result, whatever the virtual machines produce, the underlining hardware is
rewritten by a dynamic translator. It involves a lack of expertise in virtualization
on the guest OS end, and change is inevitable.

ESXi, VMWare, and Microsoft virtual servers are the technologies that provide
full virtualization capabilities. When an OS instruction is created, the hypervisor
immediately translates it during run-time and stores the result for future
reference. At the same time, the user-level instructions are run without changes
at native speed.

Although the primary goal of storing the translated instructions during binary
translation is to improve performance, it may raise the cost of memory usage.
Binary translation is another drawback of full virtualization because it consumes
a lot of time and may get a huge performance overhead. I/O intensive apps are
complicated to use in full virtualization.

What is Paravirtualization?

The interaction of the guest operating system with the hypervisor to improve
performance and productivity is known as paravirtualization. Unlike full
virtualization, paravirtualization does not achieve full isolation; instead, the
approach implements partial isolation. It also alters the operating system kernel
to use hypercalls rather than non-virtualizable instructions. The goal of
hypercalls is to communicate with the virtualization layer hypervisor directly.

The hypervisor performs different functions in paravirtualization, such as the

layout of the hypercalls interface for other critical kernel services like memory
management, timekeeping, and interrupt handling. The main benefit of
paravirtualization is that it may significantly minimize virtualization overhead.

However, most userspace workloads gain relatively little and achieve near-
native performance that is not reached for all workloads. Moreover, it is little
compatible and portable because it doesn't support the unmodified operating
system. It may also cause specific critical support and maintainability issues in
the production environment due to the requirement for extensive OS kernel
modifications.

Key differences between Full Virtualization and Paravirtualization in Operating

System

Here, you will learn about the various key differences between Full
Virtualization and Paravirtualization multitasking in operating systems. Some
main differences between Full
Virtualization and Paravirtualization multitasking in operating systems are as
follows:

 Full virtualization is the first generation of software solutions for server

virtualization. On the other hand, the interaction of the guest operating
system with the hypervisor to improve performance and productivity is
known as paravirtualization.
 Full virtualization enables the Guest operating system to run
independently. In contrast, paravirtualization enables the Guest OS to
interact with the hypervisor.
 Full virtualization performance is slow. In contrast, paravirtualization
performance is high than full virtualization.
 Full virtualization is less secure than paravirtualization. On the other
hand, paravirtualization is more secure than full virtualization.
 Binary translation and a direct approach are used in full virtualization. On
the other hand, paravirtualization operates through hypercalls.
 Full virtualization is more portable and adaptable. On the other hand,
paravirtualization is less portable and compatible.
 Full virtualization supports all the Guest OS without any change. On the
other hand, the Guest OS has to be modified in paravirtualization and
only a few OS support it.
 The Guest OS will issue hardware calls in full virtualization. In contrast,
the guest OS will interface directly with the hypervisor via drivers in
paravirtualization.
 Full virtualization is less efficient than paravirtualization. On the other
hand, paravirtualization is more simplified.
 The optimum isolation is provided by full virtualization. On the other
hand, paravirtualization offers less isolation than full virtualization.
There are just a few paravirtualization examples, such as VMware and Xen. In
contrast, full virtualization is used in VMware, Microsoft, and Parallels systems.

HARDWARE VIRTUALIZATION

A platform virtualization approach that allows efficient full virtualization with

the help of hardware capabilities, primarily from the host processor is referred
to as Hardware based virtualization in computing. To simulate a complete
hardware environment, or virtual machine, full virtualization is used in which
an unchanged guest operating system (using the common instruction set as the
host machine) executes in sophisticated isolation.

The different logical layers of operating system-based virtualization, in which

the VM is first installed into a full host operating system and subsequently used
to generate virtual machines.

An abstract execution environment in terms of computer hardware in which

guest OS can be run, referred to as Hardware-level virtualization. In this, an
operating system represents the guest, the physical computer hardware
represents a host, its emulation represents a virtual machine, and the hypervisor
represents the Virtual Machine Manager. When the virtual machines are
allowed to interact with hardware without any intermediary action requirement
from the host operating system generally makes hardware-based virtualization
more efficient. A fundamental component of hardware virtualization is the
hypervisor, or virtual machine manager (VMM).
Basically, there are two types of Hypervisors which are described below:

Type-I hypervisors:
Hypervisors of type I run directly on top of the hardware. As a result, they stand
in for operating systems and communicate directly with the ISA interface
offered by the underlying hardware, which they replicate to allow guest
operating systems to be managed. Because it runs natively on hardware, this
sort of hypervisor is also known as a native virtual machine.

Type-II hypervisors:
To deliver virtualization services, Type II hypervisors require the assistance of
an operating system. This means they‟re operating system-managed
applications that communicate with it via the ABI and simulate the ISA of
virtual hardware for guest operating systems. Because it is housed within an
operating system, this form of hypervisor is also known as a hosted virtual
machine.

VIRTUALIZATION OF CPU, MEMORY, AND I/O DEVICES

To support virtualization, processors such as the x86 employ a special running

mode and instructions, known as hardware-assisted virtualization. In this way,
the VMM and guest OS run in different modes and all sensitive instructions of
the guest OS and its applications are trapped in the VMM. To save processor
states, mode switching is completed by hardware. For the x86 architecture, Intel
and AMD have proprietary technologies for hardware-assisted virtualization.
1. Hardware Support for Virtualization

 Modern operating systems and processors permit multiple processes to

run simultaneously. If there is no protection mechanism in a processor, all
instructions from different processes will access the hardware directly
and cause a system crash. Therefore, all processors have at least two
modes, user mode and supervisor mode, to ensure controlled access of
critical hardware. Instructions running in supervisor mode are called
privileged instructions. Other instructions are unprivileged instructions.
In a virtualized environment, it is more difficult to make OSes and
applications run correctly because there are more layers in the machine
stack. Example 3.4 discusses Intel‟s hardware support approach.
 At the time of this writing, many hardware virtualization products were
available. The VMware Workstation is a VM software suite for x86 and
x86-64 computers. This software suite allows users to set up multiple x86
and x86-64 virtual computers and to use one or more of these VMs
simultaneously with the host operating system. The VMware Workstation
assumes the host-based virtualization. Xen is a hypervisor for use in IA-
32, x86-64, Itanium, and PowerPC 970 hosts. Actually, Xen modifies
Linux as the lowest and most privileged layer, or a hypervisor.
 One or more guest OS can run on top of the hypervisor. KVM (Kernel-
based Virtual Machine) is a Linux kernel virtualization infrastructure.
KVM can support hardware-assisted virtualization and paravirtualization
by using the Intel VT-x or AMD-v and VirtIO framework, respectively.
The VirtIO framework includes a paravirtual Ethernet card, a disk I/O
controller, a balloon device for adjusting guest memory usage, and a
VGA graphics interface using VMware drivers.
 Since software-based virtualization techniques are complicated and incur
performance overhead, Intel provides a hardware-assist technique to
make virtualization easy and improve performance. Figure 3.10 provides
an overview of Intel‟s full virtualization techniques. For processor
virtualization, Intel offers the VT-x or VT-i technique. VT-x adds a
privileged mode (VMX Root Mode) and some instructions to processors.
This enhancement traps all sensitive instructions in the VMM
automatically. For memory virtualization, Intel offers the EPT, which
translates the virtual address to the machine‟s physical addresses to
improve performance. For I/O virtualization, Intel implements VT-d and
VT-c to support this.
2. CPU Virtualization

 A VM is a duplicate of an existing computer system in which a majority

of the VM instructions are executed on the host processor in native mode.
Thus, unprivileged instructions of VMs run directly on the host machine
for higher efficiency. Other critical instructions should be handled
carefully for correctness and stability.
 The critical instructions are divided into three categories: privileged
instructions, control-sensitive instructions, and behavior-sensitive
instructions. Privileged instructions execute in a privileged mode and will
be trapped if executed outside this mode. Control-sensitive instructions
attempt to change the configuration of resources used. Behavior-sensitive
instructions have different behaviors depending on the configuration of
resources, including the load and store operations over the virtual
memory.
 A CPU architecture is virtualizable if it supports the ability to run the
VM‟s privileged and unprivileged instructions in the CPU‟s user mode
while the VMM runs in supervisor mode. When the privileged
instructions including control- and behavior-sensitive instructions of a
VM are exe-cuted, they are trapped in the VMM. In this case, the VMM
acts as a unified mediator for hardware access from different VMs to
guarantee the correctness and stability of the whole system. However, not
all CPU architectures are virtualizable. RISC CPU architectures can be
 naturally virtualized because all control- and behavior-sensitive
instructions are privileged instructions. On the contrary, x86 CPU
architectures are not primarily designed to support virtualization. This is
because about 10 sensitive instructions, such as SGDT and SMSW, are
not privileged instructions. When these instruc-tions execute in
virtualization, they cannot be trapped in the VMM.

 On a native UNIX-like system, a system call triggers the 80h interrupt

and passes control to the OS kernel. The interrupt handler in the kernel is
then invoked to process the system call. On a para-virtualization system
such as Xen, a system call in the guest OS first triggers the 80h interrupt
nor-mally. Almost at the same time, the 82h interrupt in the hypervisor is
triggered. Incidentally, control is passed on to the hypervisor as well.
When the hypervisor completes its task for the guest OS system call, it
passes control back to the guest OS kernel. Certainly, the guest OS kernel
may also invoke the hypercall while it‟s running. Although
paravirtualization of a CPU lets unmodified applications run in the VM, it
causes a small performance penalty.

Hardware-Assisted CPU Virtualization

This technique attempts to simplify virtualization because full or

paravirtualization is complicated. Intel and AMD add an additional mode called
privilege mode level (some people call it Ring-1) to x86 processors. Therefore,
operating systems can still run at Ring 0 and the hypervisor can run at Ring -1.
All the privileged and sensitive instructions are trapped in the hypervisor
automatically. This technique removes the difficulty of implementing binary
translation of full virtualization. It also lets the operating system run in VMs
without modification.

Although x86 processors are not virtualizable primarily, great effort is taken to
virtualize them. They are used widely in comparing RISC processors that the
bulk of x86-based legacy systems cannot discard easily. Virtuali-zation of x86
processors is detailed in the following sections. Intel‟s VT-x technology is an
example of hardware-assisted virtualization, as shown in Figure 3.11. Intel calls
the privilege level of x86 processors the VMX Root Mode. In order to control
the start and stop of a VM and allocate a memory page to maintain the
CPU state for VMs, a set of additional instructions is added. At the time of this
writing, Xen, VMware, and the Microsoft Virtual PC all implement their
hypervisors by using the VT-x technology.

Generally, hardware-assisted virtualization should have high efficiency.

However, since the transition from the hypervisor to the guest OS incurs high
overhead switches between processor modes, it sometimes cannot outperform
binary translation. Hence, virtualization systems such as VMware now use a
hybrid approach, in which a few tasks are offloaded to the hardware but the rest
is still done in software. In addition, para-virtualization and hardware-assisted
virtualization can be combined to improve the performance further.

3. Memory Virtualization

Virtual memory virtualization is similar to the virtual memory support provided

by modern operat-ing systems. In a traditional execution environment, the
operating system maintains mappings of virtual memory to machine
memory using page tables, which is a one-stage mapping from virtual memory
to machine memory. All modern x86 CPUs include a memory management unit
(MMU) and a translation lookaside buffer (TLB) to optimize virtual memory
performance. However, in a virtual execution environment, virtual memory
virtualization involves sharing the physical system memory in RAM and
dynamically allocating it to the physical memory of the VMs.

That means a two-stage mapping process should be maintained by the guest OS

and the VMM, respectively: virtual memory to physical memory and physical
memory to machine memory. Furthermore, MMU virtualization should be
supported, which is transparent to the guest OS. The guest OS continues to
control the mapping of virtual addresses to the physical memory addresses of
VMs. But the guest OS cannot directly access the actual machine memory. The
VMM is responsible for mapping the guest physical memory to the actual
machine memory. Figure 3.12 shows the two-level memory mapping procedure.

Since each page table of the guest OSes has a separate page table in the VMM
corresponding to it, the VMM page table is called the shadow page table.
Nested page tables add another layer of indirection to virtual memory. The
MMU already handles virtual-to-physical translations as defined by the OS.
Then the physical memory addresses are translated to machine addresses using
another set of page tables defined by the hypervisor. Since modern operating
systems maintain a set of page tables for every process, the shadow page tables
will get flooded. Consequently, the perfor-mance overhead and cost of memory
will be very high.

VMware uses shadow page tables to perform virtual-memory-to-machine-

memory address translation. Processors use TLB hardware to map the virtual
memory directly to the machine memory to avoid the two levels of translation
on every access. When the guest OS changes the virtual memory to a physical
memory mapping, the VMM updates the shadow page tables to enable a direct
lookup. The AMD Barcelona processor has featured hardware-assisted memory
virtualization since 2007. It provides hardware assistance to the two-stage
address translation in a virtual execution environment by using a technology
called nested paging.