Post on 30-Nov-2014
description
Virtual PCWelcome !
ByPIYUSH .R. CHORDIA
TE (Div. - I)Sinhgad College of Engineering
Seminar Guide Prof.C.A.Laulkar
AgendaAgenda
Virtual PCVirtual PCArchitectureArchitectureFeaturesFeaturesTerms & ConceptsTerms & ConceptsScenariosScenariosDemoDemo
Solution AcceleratorsSolution Accelerators
Why Virtualization ? Why Virtualization ?
40 % per year40 % per year30 % per year30 % per year
VirtualizationVirtualization
Virtualization is a framework or Virtualization is a framework or methodology of dividing the methodology of dividing the resources of a computer into multiple resources of a computer into multiple execution environments, by applying execution environments, by applying one or more concepts or technologies one or more concepts or technologies such as :such as :
hardware and software partitioning, hardware and software partitioning, time-sharing,time-sharing, partial or complete machine simulation,partial or complete machine simulation, emulation,emulation, quality of service and many othersquality of service and many others
Virtual PC Virtual PC Normal PC OperationNormal PC Operation
Application SoftwareApplication SoftwareApplication SoftwareApplication Software
Operating SystemOperating SystemOperating SystemOperating System
HardwareHardwareHardwareHardware
Device DriversDevice DriversDevice DriversDevice Drivers
Virtual PCVirtual PCVirtual PCVirtual PC
Guest Guest EnvironmentEnvironment
Host Host EnvironmentEnvironment
Virtual PC ArchitectureVirtual PC ArchitecturePC VirtualizationPC Virtualization
Host Operating SystemHost Operating SystemHost Operating SystemHost Operating System
Host DriversHost DriversHost DriversHost Drivers
Host HardwareHost HardwareHost HardwareHost Hardware
Virtualized HardwareVirtualized HardwareVirtualized HardwareVirtualized Hardware
Guest DriversGuest DriversGuest DriversGuest Drivers
Guest ApplicationsGuest ApplicationsGuest ApplicationsGuest Applications
Guest Operating SystemGuest Operating SystemGuest Operating SystemGuest Operating System
How does Virtual PC How does Virtual PC work work ArchitectureArchitecture config in
vmc-file
CPU0 CPU1
Sound
Diskette
CD/DVD
Ports USB
Network
Virtual PC
hostdriver
CPU Mem Disk
Diskfile
VPC hostdriver
hostdriver
hostdriverVPC
.iso
.vfd
VMM
Software
Hardware
VirtualMachine
Virtual Machine Virtual Machine Monitors (VMMs)Monitors (VMMs)
VMM is a layer of system software VMM is a layer of system software Enables multiple VMs to share platform Enables multiple VMs to share platform hardwarehardwareAllows Apps to run without modificationsAllows Apps to run without modifications
...
Virtual Machine Monitor (VMM)
VMnVM0 VM1
Platform HW
I/O DevicesProcessor/CSMemory
VirtualMachines
(VMs)
AppnApp0
Guest OS0
App1
Guest OS1 Guest OSn
VMM ArrangementsVMM Arrangements
Host OS
VMM
Guest 1 Guest 2
VMM
Guest 1 Guest 2
Host OS VMM
Guest 1 Guest 2
Type-2 VMM Type-1 VMM(Hypervisor)
Hybrid VMM
Examples: JVMCLR
Examples: Virtual PC & Virtual Server
Examples: Windows Virtualization
Hardware Hardware Hardware
What we have today What we’re buildingfor the future
IA System Virtualization IA System Virtualization TodayToday
Physical Memory I/O DevicesLogicalProcessors
Virtual Machine Monitor (VMM)
VirtualMachines
BinaryTranslation
Paravirtualization
Page-tableShadowing
IO-DeviceEmulation
InterruptVirtualization
DMA Remap
IA-based System Virtualization TodayRequires Frequent VMM Software Intervention
The HypervisorThe Hypervisor
CPUCPUHard DriveHard Drive
Ethernet NIC
Ethernet NIC RAMRAM
• Thin layer of software running on the hardware• Supports creation of partitions
• Each partition is a virtual machine• Each partition has one or more virtual processors• Partitions can own or share hardware resources• Software running in partition is called a guest
• Enforces memory access rules• Enforces policy for CPU usage
• Virtual processors are scheduled on real processors
• Enforces ownership of other devices• Provides simple inter-partition messaging
• Messages appear as interrupts
• Exposes simple programmatic interface called “hypercalls”
• Thin layer of software running on the hardware• Supports creation of partitions
• Each partition is a virtual machine• Each partition has one or more virtual processors• Partitions can own or share hardware resources• Software running in partition is called a guest
• Enforces memory access rules• Enforces policy for CPU usage
• Virtual processors are scheduled on real processors
• Enforces ownership of other devices• Provides simple inter-partition messaging
• Messages appear as interrupts
• Exposes simple programmatic interface called “hypercalls”
Hypervisor
Parent Partition
Device I/O AccessesDevice I/O AccessesI/O accesses (IN & OUT I/O accesses (IN & OUT
instructions)instructions)- Trap into VMM kernelTrap into VMM kernel- Force a context switch Force a context switch
backbackto the host context whereto the host context wheredevice emulation moduledevice emulation moduleis invokedis invoked
- ““Fast I/O handlers” can Fast I/O handlers” can bebecalled from within the called from within the VMMVMMcontextcontext
- Some OUTs can be Some OUTs can be batchedbatched
MMIO accessesMMIO accesses- Caught in VMM’s page Caught in VMM’s page
fault handlerfault handler- Very expensiveVery expensive
Host Kernel
Host Physical Machine
Virtual PC
VMM Kernel
Host context Guest context
Guest User Code
Guest Kernel
Guest HAL
Host HAL
3
0
0 0
1
1
3
VMM Driver
Device Emulation
Module
OUT instr.
GPF trapContext Switch
VM ComponentsVM Components
VMM KernelVMM KernelThin layer, all in assemblyThin layer, all in assemblyCode executed at ring-0Code executed at ring-0Exception handlingException handlingExternal Interrupt pass-External Interrupt pass-throughthroughPage table maintenancePage table maintenanceLocated within a 32MB Located within a 32MB areaareaof address space known of address space known asasthe “VMM work area”the “VMM work area”Work area is relocatableWork area is relocatableOne VMM instance perOne VMM instance pervirtual processorvirtual processor
Host Physical Machine
VMM Kernel
Host context Guest Context
Guest Code
VMM Driver
NDIS Driver
Host Kernel
Virtual PC
VirtualServer
Virtual Machine
“Additions”
VM ComponentsVM ComponentsVMM DriverVMM Driver- Provides kernel-level VM-Provides kernel-level VM-
related servicesrelated services- Create Virtual MachineCreate Virtual Machine- Create Virtual ProcessorCreate Virtual Processor- Execute Virtual ProcessorExecute Virtual Processor
- Implements context switching Implements context switching
mechanism between the host mechanism between the host and guest contextsand guest contexts
- Loads and bootstraps Loads and bootstraps the VMM kernelthe VMM kernel
- Much of the security work Much of the security work we’ve we’ve done recently involved done recently involved repackaging the VMM kernel repackaging the VMM kernel code into the VMM driver code into the VMM driver
Host Kernel
Host Physical Machine
VMM Kernel
Host context Guest context
Guest Code
VMM Driver
NDIS Driver
Virtual PC
VirtualServer
Virtual Machine
“Additions”
VM Execution LoopVM Execution Loop
Host code repeatedly calls Host code repeatedly calls ExecuteVirtualProcessorExecuteVirtualProcessor
VMM acts as “co-routine” (i.e. VMM state is VMM acts as “co-routine” (i.e. VMM state is saved and restored each time saved and restored each time ExecuteVirtualProcessor is called)ExecuteVirtualProcessor is called)
Cycles spent inside guest context are counted Cycles spent inside guest context are counted against the calling threadagainst the calling thread
Host code can control how much time is spent Host code can control how much time is spent in guestin guest
Return code indicates why Return code indicates why ExecuteVirtualProcessor returnedExecuteVirtualProcessor returned
Time slice completeTime slice completeIN or OUT instruction encounteredIN or OUT instruction encounteredHLT instruction encounteredHLT instruction encountered
Virtualized HardwareVirtualized Hardware
Memory (up to 4 GB)Memory (up to 4 GB)Virtual Hard Disks Virtual Hard Disks
(3 VHD – upto 16 GB/vhd)(3 VHD – upto 16 GB/vhd)CD/DVD driveCD/DVD driveFloppy driveFloppy driveSerial ports (COM1, COM2)Serial ports (COM1, COM2)Paralell port (LPT1) Paralell port (LPT1) Networking (4 NICs)Networking (4 NICs)SoundSoundDisplayDisplayNo USB supportNo USB support
TermsTerms
TermTerm DescriptionDescription
Virtual MachineVirtual Machine The virtual hardware environment provided by Virtual PC The virtual hardware environment provided by Virtual PC 20042004
Host OSHost OS The operating system that is installed on the The operating system that is installed on the physical physical computercomputer
Physical Physical ComputerComputer
The actual hardware that is being used and where Virtual PC The actual hardware that is being used and where Virtual PC 2004 is installed2004 is installed
Guest OSGuest OS The Operating software that is installed on the The Operating software that is installed on the virtual virtual machinemachine
Virtual networkVirtual network A network created in softwareA network created in software
Virtual Machine Virtual Machine AdditionsAdditions
Software loaded on the guest operating system that provided Software loaded on the guest operating system that provided increased functionality and performance enhancementsincreased functionality and performance enhancements
Virtual CDROMVirtual CDROM A CDROM implemented in software that can share the A CDROM implemented in software that can share the physical computer CDROM or access ISO imagesphysical computer CDROM or access ISO images
VHDVHD Virtual Hard Disk (VHD) is the file on the physical computer Virtual Hard Disk (VHD) is the file on the physical computer that a virtual machine uses as a hard disk and perform all the that a virtual machine uses as a hard disk and perform all the reads and writesreads and writes
VMCVMC Virtual Machine Configuration (VMC) file is where all the Virtual Machine Configuration (VMC) file is where all the settings for a virtual machine are storedsettings for a virtual machine are stored
Shared FoldersShared Folders The ability to use a folder on the host as a mapped drive The ability to use a folder on the host as a mapped drive letter in the virtual machineletter in the virtual machine
Drag and DropDrag and Drop The ability to drag files or folders between the virtual The ability to drag files or folders between the virtual machine and the hostmachine and the host
Extended Page Tables Extended Page Tables (EPT)(EPT)
A VMM must protect host physical memoryA VMM must protect host physical memoryMultiple guest operating systems share the Multiple guest operating systems share the same host physical memorysame host physical memoryVMM typically implements protections through VMM typically implements protections through “page-table shadowing” in software“page-table shadowing” in software
Page-table shadowing accounts for a large Page-table shadowing accounts for a large portion of virtualization overheadsportion of virtualization overheads
Goal of EPT is to reduce these overheads
What Is EPT?What Is EPT?
EExtended xtended PPage age TTableableA new page-table structure, under the control of A new page-table structure, under the control of the VMMthe VMM
Defines mapping between guest- and host-physical Defines mapping between guest- and host-physical addressesaddressesEPT base pointer (new VMCS field) points to the EPT page EPT base pointer (new VMCS field) points to the EPT page tablestablesEPT (optionally) activated on VM entry, deactivated on VM EPT (optionally) activated on VM entry, deactivated on VM exitexit
Guest has full control over its own IA-32 page Guest has full control over its own IA-32 page tablestables
No VM exits due to guest page faults, INVLPG, or CR3 No VM exits due to guest page faults, INVLPG, or CR3 changeschanges
Guest IA-32Page
Tables
Guest Linear AddressGuest Physical Address
ExtendedPage
Tables
Host Physical Address
EPT Base Pointer (EPTP)CR3
Guest Linear Address
EPT Tables
CR3
EPT Tables
+
EPT Tables
+
Page TablePage
Directory
Host Physical Address
Guest Physical
Page Base Address
+
Guest Physical Address
EPT Translation: EPT Translation: DetailsDetails
All guest-physical memory addresses go through EPT tablesAll guest-physical memory addresses go through EPT tables(CR3, PDE, PTE, etc.)(CR3, PDE, PTE, etc.)
Above example is for 2-level table for 32-bit address spaceAbove example is for 2-level table for 32-bit address spaceTranslation possible for other page-table formats (e.g., PAE)Translation possible for other page-table formats (e.g., PAE)
Direct ExecutionDirect Execution
In some processor modes, it’s safe to use In some processor modes, it’s safe to use direct execution, others require emulationdirect execution, others require emulation
Real ModeReal Mode EmulationEmulation
Virtual 8086 (v86) modeVirtual 8086 (v86) mode Direct ExecutionDirect Execution
Protected Mode Ring 3Protected Mode Ring 3 Direct Execution (with a few Direct Execution (with a few exceptions)exceptions)
Protected Mode Ring 0Protected Mode Ring 0 Emulation, unless known to be safeEmulation, unless known to be safe
Direct ExecutionDirect Execution
““Ring Compression”Ring Compression”Guest ring-0, 1, 2 code is executed at ring 1Guest ring-0, 1, 2 code is executed at ring 1Guest ring-3 code is executed at ring 3Guest ring-3 code is executed at ring 3Provides correct MMU protection semantics (since ring 0-Provides correct MMU protection semantics (since ring 0-2 can access privileged pages)2 can access privileged pages)
Direct execution of ring-0 code is only Direct execution of ring-0 code is only allowed if the VMM is notified that it’s allowed if the VMM is notified that it’s “safe”“safe”
This requires patching certain “dangerous” instruction This requires patching certain “dangerous” instruction sequences in the Windows kernel and HALsequences in the Windows kernel and HALPatching is performed at runtime in memory onlyPatching is performed at runtime in memory onlyPatches are different for each version of Windows kernel Patches are different for each version of Windows kernel & HAL& HAL
Guest OS PatchingGuest OS Patching
Runtime Guest OS PatchingRuntime Guest OS PatchingReplace synthetic instructions with subroutine callsReplace synthetic instructions with subroutine callsThis technique prevents us from exposing internal VMM This technique prevents us from exposing internal VMM implementation details to OS vendors. We can change implementation details to OS vendors. We can change the subroutine implementations in the future. the subroutine implementations in the future.
pushfdclimov eax,[ebp+8]call [eax]popfdret
vmpushfdvmclimov eax,[ebp+8]call [eax]vmpopfret
Original Code With Synthetic Instructions
call _vmpushfdcall _vmclimov eax,[ebp+8]call [eax]call _vmpopfdret
With Runtime Patches
This patched sequence is correct and fast
Emulated HardwareEmulated Hardware
ComponentComponent Virtual machine Virtual machine emulated hardwareemulated hardware
BIOS AMI BIOS using Intel 440BX rev B chipset
CPU Same as host
Chipset Intel 440BX
Network adapter (multi-function)
DEC/Intel 21140A (10/100)
Video card S3 Trio 32/64 PCI with 8 MB Video RAM
Soundcard Creative Labs Sound Blaster 16 ISA Plug and Play
Virtual DisksVirtual Disks
Types of virtual disksTypes of virtual disksDynamically expanding virtual diskDynamically expanding virtual diskFixed virtual diskFixed virtual diskDifferencingDifferencingLinked drive - use a host partitionLinked drive - use a host partition
Default is dynamic – 16GBDefault is dynamic – 16GB35KB when created on disk, expands as you 35KB when created on disk, expands as you write data to itwrite data to it
Use Virtual Disk Wizard to pre-create other disk Use Virtual Disk Wizard to pre-create other disk typestypes
Undo DisksUndo Disks
Allows all changes from power-on to be Allows all changes from power-on to be saved, committed or discardedsaved, committed or discarded
Reboots are not affectedReboots are not affected
Enabled per virtual machine, applies to all Enabled per virtual machine, applies to all disksdisks
Writes are made to a separate undo file Writes are made to a separate undo file per diskper disk
Virtual Machine StatesVirtual Machine StatesRunning statesRunning states
PausePauseSave StateSave StateTurn off Turn off Shutdown the Guest OSShutdown the Guest OS
Undo disks add these statesUndo disks add these statesSave State and save changesSave State and save changesSave State and commit changesSave State and commit changesTurn off and Save changesTurn off and Save changesTurn off and discard changesTurn off and discard changes
Virtual PC FeaturesVirtual PC Features Benefits and Usage ScenariosBenefits and Usage Scenarios
Ease application migrationEase application migrationRun older legacy applications while migrating to a new Run older legacy applications while migrating to a new operating systemoperating systemPilot and test new operating systems in a controlled, fail-Pilot and test new operating systems in a controlled, fail-safe environment safe environment
Technical supportTechnical supportSupport multiple operating systems on a single Support multiple operating systems on a single computer without rebooting the computer or buying computer without rebooting the computer or buying additional computersadditional computersSet up numerous user-specific configurations on a single Set up numerous user-specific configurations on a single computer for real-time scenario testing and evaluationcomputer for real-time scenario testing and evaluation
TrainingTrainingTrain people on any operating system without Train people on any operating system without purchasing additional computerspurchasing additional computersDramatically reduce classroom turnaround time by Dramatically reduce classroom turnaround time by instantly switching configurationsinstantly switching configurationsRestore students’ crashed operating systems with a Restore students’ crashed operating systems with a mouse-clickmouse-click
Virtual PC FeaturesVirtual PC Features Benefits and Usage Scenarios Benefits and Usage Scenarios
Quality AssuranceQuality AssuranceTest and document software on different Test and document software on different operating systems on one computeroperating systems on one computerCompare application look and feel in multiple Compare application look and feel in multiple environments simultaneouslyenvironments simultaneouslyTest potentially unstable prerelease software Test potentially unstable prerelease software in a safe, in a safe, isolatedisolated environment environment
Accelerate application developmentAccelerate application developmentIncrease QA by testing on multiple OSs using Increase QA by testing on multiple OSs using VMs VMs Decrease time-to-market with less Decrease time-to-market with less reconfigurationreconfiguration
Do more in less timeDo more in less timeRun multiple OSs on a single physical Run multiple OSs on a single physical computercomputerReduces the number of physical Reduces the number of physical computers neededcomputers needed
Virtual PC FeaturesVirtual PC Features Key FeaturesKey Features
ConfigurabilityConfigurabilityAdjust settings and allocate resourcesAdjust settings and allocate resources
Easy installationEasy installationNo reboot requiredNo reboot required
StandardizationStandardizationAvoid hardware conflictsAvoid hardware conflicts
ConvenienceConvenienceSwitch between OSs as easily as any Switch between OSs as easily as any applicationapplication
HostHost integrationintegrationDrag and drop between guest and hostDrag and drop between guest and host
Virtual PC FeaturesVirtual PC Features Using Virtual MachinesUsing Virtual Machines
Virtual NetworkingVirtual Networking
Up to 4 NICs per virtual machineUp to 4 NICs per virtual machineNetwork ModesNetwork Modes
Not ConnectedNot ConnectedLocal Only (virtual machines only)Local Only (virtual machines only)
VM communicates with other VMs on the VM communicates with other VMs on the Local Only networkLocal Only network
External NIC (Virtual Networking)External NIC (Virtual Networking)Each VM appears to be a separate entity on Each VM appears to be a separate entity on the networkthe network
Use a MS Loopback adapter to get internal only Use a MS Loopback adapter to get internal only traffic between traffic between host and virtual machinehost and virtual machine
Networking Networking Virtual NetworkingVirtual Networking vs vs Local onlyLocal only
Virtual Virtual Machine Machine
#1#1
Virtual Virtual Machine Machine
#2#2
Virtual Virtual NetworkNetwork
Host NICHost NIC
External External EthernetEthernet
NetworkingNetworking
Virtual Virtual MachineMachine
Virtual PCVirtual PC
TranslatorsTranslators
Network Network Address Address
TranslatorTranslator
ServerServer
Host TCP/IP Host TCP/IP ConnectionConnection
Virtual Machine AdditionsVirtual Machine Additions
Improved operating system performanceImproved operating system performanceDrag and dropDrag and dropClipboard sharingClipboard sharingShared foldersShared foldersIntegrated mouseIntegrated mouseDOS CD-Rom supportDOS CD-Rom supportOptimized video driversOptimized video driversTime synchronizationTime synchronizationDynamic resizing of VM windowDynamic resizing of VM window
Today’s UsesToday’s UsesVirtualization addresses today’s IT Virtualization addresses today’s IT concernsconcerns
10:1 in many cases10:1 in many cases Enables rapid deploymentEnables rapid deployment
Server ConsolidationServer Consolidation
HWn
…
HW0
VM1 VMn
OS
App
OS
App …
HW
VM1 VMn
VMM
OS
App
OS
App
Test and DevelopmentTest and DevelopmentVM1VM1
HW
VMM
OS
App
OS
App
Workload Isolation
Virtualization Virtualization CapabilitiesCapabilities
Workload Migration Workload Embedding
HW
App2App1
OS
HW1 HW2
App2App1
OS1 OS2
VMM
HW
App2App1
OS1 OS2
VMM
HW1
App
HW2
VMM
OS
VMM
HW1
App
HW2
VMM
OS
VMM
HW
AppApp
OS1 OS2
VMM
HW
App1 App2
OS OS
Virtualization has powerful capabilities
Workload Consolidation
Virtualization TodayVirtualization TodaySummary Of ChallengesSummary Of Challenges
ComplexityComplexityCPU virtualization requires binary translation or CPU virtualization requires binary translation or paravirtualizationparavirtualizationMust emulate I/O devices in softwareMust emulate I/O devices in software
FunctionalityFunctionalityParavirtualization may limit supported guest OSesParavirtualization may limit supported guest OSesGuest OSes “see” only simulated platform and I/O devicesGuest OSes “see” only simulated platform and I/O devices
Reliability and SecurityReliability and SecurityI/O device drivers run as part of host OS or hypervisorI/O device drivers run as part of host OS or hypervisorNo protection from errant DMA that can corrupt memoryNo protection from errant DMA that can corrupt memory
PerformancePerformanceOverheads of address translation in softwareOverheads of address translation in softwareExtra memory required (e.g., translated code, shadow Extra memory required (e.g., translated code, shadow tables)tables)
Create a new VMCreate a new VMReview Virtual PC settingsReview Virtual PC settingsLaunch a VMLaunch a VM