CLOUD COMPUTING-CS72

Unit-3
Cloud Resource Virtualization: Virtualization, Layering and virtualization, Virtual machine
monitors, Virtual machines Performance and security isolation, Full virtualization and
paravirtualization, Hardware support for virtualization Case study: Xen -a VMM based on
paravirtualization, Optimization of network virtualization in Xen 2.0, vBlades -paravirtualization
targeting a x86-64 Itanium processor, A performance comparison of virtual machines, Virtual
machine security, The darker side of virtualization, Software fault isolation.

Virtualization:

Definition: In computing, virtualization refers to the act of creating a virtual (rather than actual)
version of something, including virtual computer hardware platforms, storage devices, and
computer network resources.

Virtualization simulates the interface to a physical object . there are four types like

1. Multiplexing. Create multiple virtual objects from one instance of a physical object. For
example, a processor is multiplexed among a number of processes or threads.

2. Aggregation. Create one virtual object from multiple physical objects. For example, a number
of physical disks are aggregated into a RAID disk.

3. Emulation. Construct a virtual object from a different type of physical object. For example, a
physical disk emulates a random access memory.

4. Multiplexing and emulation: example: Examples: Virtual memory with paging multiplexes
real memory and disk, and a Virtual address emulates a real address; TCP emulates a reliable bit
pipe and multiplexes a physical communication channel and a processor.

Virtulization is a critical aspect of cloud computing, equally important to the providers nd

consumers of cloud services and plays an important role in all these as shown below:

• System security because it allows isolation of services running on the same hardware.
• Performance and reliability because it allows applications to migrate from one platform
to another.
• The development and management of services offered by a provider.
• Performance isolation.

Some important points about virtulilzation:

• Virtualization has been used successfully since the late 1950.

• A virtual memeory based on paging was first implanted on the Atalas computer at the
university of Manchesterin the united Kingdom in 1959.

Dr. Nandini N, Dr. AIT,Bengaluru Page 1

 CLOUD COMPUTING-CS72

• In CC environment a VMM runs on the physical hardware and exports hardware level
abstraction to one or more guest operating systems.
• A guest OS interacts with the virtual hardware in the same way it woul interact wth the
physical hardware.
• User convenience is a necessary condition for the success of the utility computing
paradigms.
• User convenience is a major advantage of a VM architecture over a traditional operating
system.
• There are side effects of virutaliation like the performance penalty and the hardware
costs.
• VM must be trapped and validated by the VMM, which ultimately controls system
behavior.

Layering and Virtualization:

1. A common approach to managing system complexity is to identify a set of layers with

well-defined interfaces among them.
2. The interfaces separate different levels of abstraction.
3. Layering minimizes the interactions among the subsystems and simplifies the description
of the subsystems.
4. Each subsystem is abstracted through its interfaces with the other subsystems.
5. Able to design, implement, and modify the individual subsystems independently.

Figure 5.1, which shows the interfaces among the software components and the hardware The
hardware consists of one or more multicore processors, a system interconnect (e.g., one or more
buses), a memory translation unit, the main memory, and I/O devices, including one or more
networking interfaces.

Applications written in high-level languages (HLL) often call library modules and are compiled
into object code. Privileged operations, such as I/O requests, cannot be executed in user mode;
instead, application and library modules issue system calls and the operating system determines
whether the privileged operations required by the application do not violate system security or
integrity and, if they don’t, executes them on behalf of the user. The binaries resulting from the
translation of HLL programs are targeted to a specific hardware architecture.

Dr. Nandini N, Dr. AIT,Bengaluru Page 2

 CLOUD COMPUTING-CS72

API: (Application program interface): defines the set of instructions the hardware was
designed to execute and gives the application access to the ISA. It includes HLL library calls,
which often invoke system calls. A process is the abstraction for the code of an application at
execution time; a thread is a lightweight process. The ABI is the projection of the computer
system seen by the process, and the API is the projection of the system from the perspective of
the HLL program.

ABI : (application binary interface) : which allows the ensemble consisting of the application
and the library modules to access the hardware. The ABI does not include privileged system
instructions; instead it invokes system calls.

ISA : (instruction set architecture ): The first interface we discuss is the (ISA) at the boundary
of the hardware and the software.

as shown in Figure 5.2, where portable code is produced and distributed and then converted by
binary translators to the ISA of the host system. A dynamic binary translation converts blocks of
guest instructions from the portable code to the host instruction and leads to a significant
performance improvement as such blocks are cached and reused.

Dr. Nandini N, Dr. AIT,Bengaluru Page 3

 CLOUD COMPUTING-CS72

Virtual machine monitors : A virtual machine monitor (VMM), also called a hypervisor, is
the software that securely partitions the resources of a computer system into one or more virtual
machines.

A guest operating system is an operating system that runs under the control of a VMM rather
than directly on the hardware. The VMM runs in kernel mode, whereas a guest OS runs in user
mode. Sometimes the hardware supports a third mode of execution for the guest OS.

The events occurring in one VM do not affect any other VM running under the same VMM. At
the same time, the VMM enables:

• Multiple services to share the same platform.

• The movement of a server from one platform to another, the so-called live migration.

• System modification while maintaining backward compatibility with the original system.

Dr. Nandini N, Dr. AIT,Bengaluru Page 4

 CLOUD COMPUTING-CS72

When a guest OS attempts to execute a privileged instruction, the VMM traps the operation and
enforces the correctness and safety of the operation. The VMM guarantees the isolation of the
individual VMs, and thus ensures security and encapsulation, a major concern in cloud
computing. At the same time, the VMM monitors system performance and takes corrective
action to avoid performance degradation; for example, the VMM may swap out a VM (copies all
pages of that VM from real memory to disk and makes the real memory frames available for
paging by other VMs) to avoid thrashing.

A VMM virtualizes the CPU and memory.

For example, the VMM traps interrupts and dispatches them to the individual guest operating
systems. If a guest OS disables interrupts, the VMM buffers such interrupts until the guest OS
enables them. The VMM maintains a shadow page table for each guest OS and replicates any
modification made by the guest OS in its own shadow page table. This shadow page table points
to the actual page frame and is used by the hardware component called the memory management
unit (MMU) for dynamic address translation.

Virtual machines

A virtual machine (VM) is an isolated environment that appears to be a whole computer but
actually only has access to a portion of the computer resources.

• Each VM appears to be running on the bare hardware, giving the appearance of multiple
instances of the same computer, though all are supported by a single physical system.
• Virtual machines have been around since the early 1970s, when IBM released its VM/370
operating system.

There are two types of virtual machines:

1. Process.
2. System virtual machines.

(Refer figure 5.3 (a)):

A process: VM is a virtual platform created for an individual process and destroyed once the
process terminates. Virtually all operating systems provide a process VM for each one of the
applications running, but the more interesting process VMs are those that support binaries
compiled on a different instruction set.

A system: VM supports an operating system together with many user processes. When the VM
runs under the control of a normal OS and provides a platform-independent host for a single
application, we have an application virtual machine (e.g., Java Virtual Machine [JVM]).

Dr. Nandini N, Dr. AIT,Bengaluru Page 5

 CLOUD COMPUTING-CS72

Several organizations of the software stack are possible: • Traditional. VM also called a “bare
metal” VMM. A thin software layer that runs directly on the host machine hardware; its main
advantage is performance [see Figure 5.3(b)]. Examples: VMWare ESX, ESXi Servers, Xen,
OS370, and Denali.

• Hybrid. The VMM shares the hardware with the existing OS [see Figure 5.3(c)]. Example:
VMWare Workstation.

• Hosted. The VM runs on top of an existing OS [see Figure 5.3(d)]. The main advantage of this
approach is that the VM is easier to build and install. Another advantage of this solution is that
the VMM could use several components of the host OS, such as the scheduler, the pager, and the
I/O drivers, rather than providing its own.

Dr. Nandini N, Dr. AIT,Bengaluru Page 6

 CLOUD COMPUTING-CS72

Performance and security isolation:

Performance isolation is a critical condition for quality-of-service (QoS) guarantees in shared

computing environments. Indeed, if the run-time behavior of an application is affected by other
applications running concurrently and, thus, is competing for CPU cycles, cache, main memory,
and disk and network access, it is rather difficult to predict the completion time.

Processor virtualization presents multiple copies of the same processor or core on multicore
systems. The code is executed directly by the hardware, whereas processor emulation presents a
model of another hardware system in which instructions are “emulated” in software more slowly
than virtualization.

example is Microsoft’s VirtualPC, x86 family, Mac hardware until Apple adopted Intel chips.

Full virtualization and paravirtualization : In 1974 Gerald J. Popek and Robert P. Goldberg
gave a set of sufficient conditions for a computer architecture to support virtualization and allow
a VMM to operate efficiently.

Dr. Nandini N, Dr. AIT,Bengaluru Page 7

 CLOUD COMPUTING-CS72

1. A program running under the VMM should exhibit a behavior essentially

identical to that demonstrated when the program runs directly on an equivalent
machine.
2. The VMM should be in complete control of the virtualized resources.
3. A statistically significant fraction of machine instructions must be executed
without the intervention of the VMM.

Another way to identify an architecture suitable for a virtual machine.

There are two classes of machine instructions:

1. sensitive instructions, which require special precautions at execution time, and

2. innocuous instructions, which are not sensitive.

Sensitive instructions can be:

• Control sensitive: which are instructions that attempt to change either the memory allocation
or the privileged mode.

• Mode sensitive: which are instructions whose behavior is different in the privileged mode.

To handle nonvirtualizable instructions, mainly there are two strategies:

1. Binary translation: The VMM monitors the execution of guest operating systems;
nonvirtualizable instructions executed by a guest operating system are replaced with
other instructions.
2. Paravirtualization: The guest operating system is modified to use only instructions that
can be virtualized.

There are two basic approaches to processor virtualization:

1. Full virtualization, in which each virtual machine runs on an exact copy of the actual
hardware.
2. Paravirtualization, in which each virtual machine runs on a slightly modified copy of the
actual hardware (see Figure 5.4).

Dr. Nandini N, Dr. AIT,Bengaluru Page 8

 CLOUD COMPUTING-CS72

Full virtualization requires a virtualizable architecture; the hardware is fully exposed to the
guest OS, which runs unchanged, and this ensures that this direct execution mode is efficient.
Systems such as VMware EX Serversupport full virtualization on x86 architecture.

Paravirtualization is done because some architectures such as x86 are not easily virtualizable.

• Paravirtualization demands that the guest OS be modified to run under the VMM.
• the guest OS code must be ported for individual hardware platforms.

The reasons that paravirtualization is often adopted are

(i) some aspects of the hardware cannot be virtualized.

(ii) To improve performance.
(iii) To present a simpler interface.

The virtualization of the memory management unit (MMU) and the fact that privileged
instructions executed by a guest OS fail silently pose some challenges.

for example, to address the latter problem, one has to insert traps whenever privileged
instructions are issued by a guest OS.

The system must also maintain shadow copies of system control structures, such as page tables,
and trap every event affecting the state of these control structures; the overhead of many
operations is substantial . Application performance under a virtual machine is critical; generally,
virtualization adds some level of overhead that negatively affects the performance.

Hardware support for virtualization : In early 2000 it became obvious that hardware support
for virtualization was necessary, and Intel and AMD started work on the first-generation

Dr. Nandini N, Dr. AIT,Bengaluru Page 9

 CLOUD COMPUTING-CS72

virtualization extensions of the x86 3 architecture. In 2005 Intel released two Pentium 4 models
supporting VT-x, and in 2006 AMD announced Pacifica and then several Athlon 64 models.

Software solutions at that time addressed some of the challenges, but hardware solutions could
improve not only performance but also security and, at the same time, simplify the software
systems. We first examine the problems faced by virtualization of the x86 architecture:

• Ring deprivileging. This means that a VMM forces the guest software, the operating system,
and the applications to run at a privilege level greater than 0. Recall that the x86 architecture
provides four protection rings at levels 0–3.

There are Two solutions are then possible:

(a) The (0/1/3) mode, in which the VMM, the OS, and the application run at privilege levels 0,
1, and 3, respectively;

(b) the (0,3,3) mode, in which the VMM, a guest OS, and applications run at privilege levels 0,
3, and 3, respectively.

The first mode is not feasible for x86 processors in 64-bit mode, as we shall see shortly.

• Ring aliasing. Problems created when a guest OS is forced to run at a privilege level other than
that it was originally designed for. For example, when the CR register4 is PUSHed, the current
privilege level is also stored on the stack.

• Address space compression. A VMM uses parts of the guest address space to store several
system data structures, such as the interrupt-descriptor table and the global-descriptor table. Such
data structures must be protected, but the guest software must have access to them.

• Nonfaulting access to privileged state. Several instructions, LGDT, SIDT, SLDT, and LTR
that load the registers GDTR, IDTR, LDTR, and TR, can only be executed by software running
at privilege level 0, because these instructions point to data structures that control the CPU
operation.

• Guest system calls. Two instructions, SYSENTER and SYSEXIT, support low-latency system
calls. The first causes a transition to privilege level 0, whereas the second causes a transition
from privilege level 0 and fails if executed at a level higher than 0. The VMM must then emulate
every guest execution of either of these instructions, which has a negative impact on
performance.

• Interrupt virtualization. In response to a physical interrupt, the VMM generates a “virtual

interrupt” and delivers it later to the target guest OS. But every OS has the ability to mask
interrupts5; thus the virtual interrupt could only be delivered to the guest OS when the interrupt

Dr. Nandini N, Dr. AIT,Bengaluru Page 10

 CLOUD COMPUTING-CS72

is not masked. Keeping track of all guest OS attempts to mask interrupts greatly complicates the
VMM and increases the overhead.

• Access to hidden state. Elements of the system state (e.g., descriptor caches for segment
registers) are hidden; there is no mechanism for saving and restoring the hidden components
when there is a context switch from one VM to another.

• Ring compression. Paging and segmentation are the two mechanisms to protect VMM code
from being overwritten by a guest OS and applications. Systems running in 64-bit mode can only
use paging, but paging does not distinguish among privilege levels 0, 1, and 2, so the guest OS
must run at privilege level 3, the so-called (0/3/3) mode. Privilege levels 1 and 2 cannot be used;
thus the name ring compression.

• Frequent access to privileged resources increases VMM overhead. The task-priority register
(TPR) is frequently used by a guest OS. The VMM must protect the access to this register and
trap all attempts to access it. A major architectural enhancement provided by the VT-x is the
support for two modes of operations and a new data structure called the virtual machine control
structure (VMCS), including host-state and guest-state areas (see Figure 5.5):

• VMX root. Intended for VMM operations and very close to the x86 without VT-x. 5The
interrupt flag (IF) in the EFLAGS register is used to control interrupt masking.

• VMX nonroot. Intended to support a VM. When executing a VM entry operation, the
processor state is loaded from the guest-state of the VM scheduled to run; then the control is
transferred from the VMM to the VM.

Processors based on two new virtualization architectures, VT-d 6 and VT-c, have been
developed. The first supports the I/O memory management unit (I/O MMU) virtualization and
the second supports network virtualization. Also known as PCI pass-through, I/O MMU
virtualization gives VMs direct access to peripheral devices. VT-d supports:

• DMA address remapping, which is address translation for device DMA transfers.

Dr. Nandini N, Dr. AIT,Bengaluru Page 11

 CLOUD COMPUTING-CS72

• Interrupt remapping, which is isolation of device interrupts and VM routing.

• I/O device assignment, in which an administrator can assign the devices to a VM in any
configuration. • Reliability features, which report and record DMA and interrupt errors that may
otherwise corrupt memory and impact VM isolation. Next we discuss Xen, a widely used VMM
or hypervisor

Dr. Nandini N, Dr. AIT,Bengaluru Page 12