1. VMM Architecture
Virtualization follows various approaches that are directly related to the architecture of the virtual machine monitor.
1.A. Hosted Architecture
In the hosted architecture the VMM runs as an application on the host operating system and relies on it for resource management, system memory devices and drivers. It is also responsible for starting, stopping and managing each virtual machine and also controls access of virtual machines to physical system resources.
(a) Hosted (b) Autonomous
A virtualization system that follows this approach is the VMware Workstation.
1.B. Autonomous Architecture
On the autonomous architecture, the VMM is placed directly above the material. Thus, it is responsible for managing system resources and their allocation to different virtual machines. This architecture is more efficient because the VMMe has direct access to system resources.
An example of an autonomous architecture is the Xen [6].
2. VMM
The guest operating systems runs with limited privileges and doesn't have direct access to hardware. Thus, it is difficult to virtualize some critical operating system instructions because their implementation requires higher privileges. To make it easier to understand the problem we will describe briefly how the x86 processor architecture separates the operating system from simple applications. The x86 processor architecture includes four privilege levels (rings). The operating system kernel is running at level 0, which has the most privileges. This level provides complete control on system hardware. Simple applications are running on level 3, which has limited privileges. Levels 1 and 2 are not used. Thus, in a virtualization environment the guest operating systems is running on the level of applications. For this reason some critical instructions that require more rights, they can not be virtualized. To solve this problem two approaches were followed: full virtualization and paravirtualization.
2.A. Full Virtualization
Full virtualization provides a virtual environment that simulates the real hardware. Specifically, each virtual machine are provided all the services of the real system, such as full command set of the real processor, virtual appliances and virtual memory management. The major difference from other virtualization techniques is that the operating system does not understand that it runs in a virtual environment. So, any software that is capable to run in the real system, can run without changes in the virtualized environment. In order the execution of critical instructions to be possible, a technique known as binary translation is used.
According to this approach, the software is patched while it runs, for example the critical instructions that can not run in the virtual environment are replaced by different instructions that can run safely. However, continuous scanning and emulation of critical instructions reduces performance. Some examples of full virtualization systems are the VMware Workstation and VirtualBox.
2.B. Paravirtualization
Paravirtualization provides to the virtual machines a software interface that is similar but not identical to that of the real system. The main purpose of paravirtualization is to reduce the proportion of time spent in performing critical pathces on the guest's unsafe instructions. This is achieved by modifying the client software so it can communicate with the VMM, which run at ring 0 and has direct access to hardware. So, when you need to perform a critical instruction, the guest operating system communicates directly with the VMM and execures.As a consequence, the guest operating system must be altered slightly in order to run in a paravirtualized environment.
Examples of this technique are the Xen and Denali.
3. Hardware assisted virtualization
As the benefits of virtualization are tremendous, manufacturers of processors have reviewed the instruction set of processors by making them more friendly to virtualization. Thus, the problem described above can be solved directly using the new instruction set. The main idea behind this is to introduce a new privilege level, called the level -1 below the level 0. The VMM can run on this new level. By introducing this new level, the guest operating systems can run at level 0 and the hardware requests they perform can be captured directly from the system.
No comments:
Post a Comment