Hypervisor, Virtualization Stack, And Device Virtualization Architectures Mikael Nyström –...
-
Upload
posy-hubbard -
Category
Documents
-
view
227 -
download
3
Transcript of Hypervisor, Virtualization Stack, And Device Virtualization Architectures Mikael Nyström –...
Hypervisor, Virtualization Hypervisor, Virtualization Stack, And Device Stack, And Device Virtualization ArchitecturesVirtualization Architectures
Mikael Nyström – TrueSec ABMikael Nyström – TrueSec ABMVP Windows Server – Setup/DeploymentMVP Windows Server – Setup/Deployment
AgendaAgenda
Architecture introductionArchitecture introduction
Hypervisor architectureHypervisor architecture
Device virtualization architectureDevice virtualization architecture
Virtualization stack architectureVirtualization stack architecture
SummarySummary
Windows Virtualization Windows Virtualization ArchitectureArchitecture
Parent PartitionParent Partition Child PartitionsChild Partitions
Kernel ModeKernel Mode
User ModeUser Mode
VirtualizationVirtualizationServiceService
ProvidersProviders(VSPs)(VSPs)
WindowsWindowsKernelKernel
Server CoreServer Core
IHVIHVDriversDrivers
VirtualizationVirtualizationServiceServiceClientsClients(VSCs)(VSCs)
WindowsWindowsKernelKernel
EnlightenmentsEnlightenmentsVMBusVMBus
Windows hypervisorWindows hypervisor
Virtualization StackVirtualization Stack
VM WorkerVM WorkerProcessesProcessesVMVM
ServiceService
WMI ProviderWMI ProviderApplicationsApplications
““Designed for Windows” Server HardwareDesigned for Windows” Server Hardware
Provided by:Provided by:
WindowsWindows
ISVISV
OEMOEM
Windows Windows
VirtualizationVirtualization
AgendaAgenda
Architecture introductionArchitecture introduction
Hypervisor architectureHypervisor architecture
Device virtualization architectureDevice virtualization architecture
Virtualization stack architectureVirtualization stack architecture
SummarySummary
Hypervisor Design GoalsHypervisor Design Goals
Strong IsolationStrong Isolation
SecuritySecurity
PerformancePerformance
Virtualization supportVirtualization support
……and …and …
SimplicitySimplicityRestrict activities to Restrict activities to monitoringmonitoringand and enforcingenforcing
Where possible, push policy Where possible, push policy upup
Hardware
Windows hypervisor
Parent Parent PartitionPartition
ServerCore
Apps
OS 1 OS 2
Apps Apps
Child Child PartitionPartition
Child Child PartitionPartition
Physical HardwarePhysical Hardware
The hypervisor restricts The hypervisor restricts itself to managing a itself to managing a minimum set of hardwareminimum set of hardware
ProcessorsProcessors
Local APICsLocal APICs
Constant-rateConstant-ratesystem countersystem counter
System physicalSystem physicaladdress spaceaddress space
Focus is on scheduling Focus is on scheduling and isolationand isolation
Hardware
Windows hypervisor
Parent Parent PartitionPartition
ServerCore
Apps
OS 1 OS 2
Apps Apps
Child Child PartitionPartition
Child Child PartitionPartition
Hardware
Windows hypervisor
Parent Parent PartitionPartition
ServerCore
Apps
OS 1 OS 2
Apps Apps
Child Child PartitionPartition
Child Child PartitionPartition
Physical HardwarePhysical Hardware
In Windows virtualization, In Windows virtualization, the parent partition the parent partition manages the restmanages the rest
IHV driversIHV drivers
Processor power Processor power managementmanagement
Device hot add Device hot add and removaland removal
New drivers are New drivers are not requirednot required
HypercallsHypercallsLow level APILow level API
Guests communicate with the hypervisor Guests communicate with the hypervisor via hypercallsvia hypercalls
Hypervisor equivalent of a syscallHypervisor equivalent of a syscall
Detected via CPUIDDetected via CPUID
Configured via MSRConfigured via MSR
Simple formatSimple formatOne input page, one output pageOne input page, one output page
Specify pages by physical address,Specify pages by physical address,then jump to known addressthen jump to known address
HypercallsHypercallsHigh level APIsHigh level APIs
Higher level abstractions Higher level abstractions are available in Windowsare available in Windowspartitionspartitions
WinHv.sys providesWinHv.sys providesa C language wrappera C language wrapper
VMBus.sys providesVMBus.sys providescross-partition communication cross-partition communication servicesservices
Virtualization stack provides Virtualization stack provides WMI interfaces for WMI interfaces for configuring childrenconfiguring children
WindowsServer Core
VirtualizationStack
WMI Provider
WinHv.sys
Hardware
Windows hypervisor
Windows 2000 and
later
WinHv.sys
VmBus.sys VmBus.sys
Layered Hypervisor ArchitectureLayered Hypervisor Architecture
Th Sch Ti
Mm
TrKe
Hal
Cpu
Memory ManagerMemory Manager
Scheduler / ThreadsScheduler / Threads
CPU ManagementCPU ManagementHypervisorHypervisorKernelKernel
Bm
Dm
Hc
IcPt
Am
Vp
SynIC
RmeVal
Dispatch ManagerDispatch Manager
Hypercall HandlersHypercall Handlers
Partition ManagerPartition Manager
Virtual ProcessorVirtual Processor
Address ManagerAddress Manager
VirtualizationVirtualizationSystemSystem
Im
Vm
Hk
Rtl St
Dbg
AgendaAgenda
Architecture introductionArchitecture introduction
Hypervisor architectureHypervisor architecture
Device virtualization architectureDevice virtualization architecture
Virtualization stack architectureVirtualization stack architecture
SummarySummary
Device Virtualization Device Virtualization DefinitionsDefinitions
Virtual Device (VDev)Virtual Device (VDev)A software module that provides a point of configuration and control over A software module that provides a point of configuration and control over an I/O path for a partitionan I/O path for a partition
Virtualization Service Provider (VSP)Virtualization Service Provider (VSP)A server component (in a parent or other partition) that handlesA server component (in a parent or other partition) that handlesI/O requestsI/O requests
Can pass I/O requests on to native services like a file systemCan pass I/O requests on to native services like a file systemCan pass I/O requests directly to physical devicesCan pass I/O requests directly to physical devicesCan be in either kernel- or user-modeCan be in either kernel- or user-mode
Virtualization Service Consumer (VSC)Virtualization Service Consumer (VSC)A client component (in a child partition) which serves as the bottom of an A client component (in a child partition) which serves as the bottom of an I/O stack within that partitionI/O stack within that partition
Sends requests to a VSPSends requests to a VSP
VMBusVMBusA system for sending requests and data between virtual machinesA system for sending requests and data between virtual machines
Virtual Devices (VDevs)Virtual Devices (VDevs)
Come in two varietiesCome in two varietiesCore: Device emulatorsCore: Device emulators
Plug-in: Enlightened I/OPlug-in: Enlightened I/O
Management is through WMIManagement is through WMI
Packaged as COM objectsPackaged as COM objectsRun within the VM Worker ProcessRun within the VM Worker Process
Often work in conjunction with a VSPOften work in conjunction with a VSP
Virtualization Service Virtualization Service Providers (VSPs)Providers (VSPs)
Communicate with a VDev for Communicate with a VDev for configuration and state managementconfiguration and state management
Can exist in user- or kernel-modeCan exist in user- or kernel-modeCOM objectCOM object
ServiceService
DriverDriver
Use VMBus to communicateUse VMBus to communicatewith a VSC in the child partitionwith a VSC in the child partition
Example VSP/VSC DesignExample VSP/VSC DesignParent PartitionParent Partition Child PartitionsChild Partitions
Kernel ModeKernel Mode
User ModeUser Mode
Windows hypervisorWindows hypervisor
ApplicationsApplications
Provided by:Provided by:
WindowsWindows
ISVISV
OEMOEM
Windows Windows
VirtualizationVirtualization
VMBusVMBus
Windows File SystemWindows File System
VolumeVolume
PartitionPartition
DiskDisk
Fast Path Filter (VSC)Fast Path Filter (VSC)
iSCSIprtiSCSIprtVirtual StorageVirtual Storage
Miniport (VSC)Miniport (VSC)
Virtual StorageVirtual Storage
Provider (VSP)Provider (VSP)
StorPortStorPort
HardwareHardware
StorPortStorPort
MiniportMiniport
VM Worker ProcessVM Worker Process
DiskDisk
AgendaAgenda
Architecture introductionArchitecture introduction
Hypervisor architectureHypervisor architecture
Device virtualization architectureDevice virtualization architecture
Virtualization stack architectureVirtualization stack architecture
SummarySummary
Virtualization StackVirtualization StackOverviewOverview
Collection of software componentsCollection of software componentsthat work together to supportthat work together to supportvirtual machinesvirtual machines
Creation, configuration, lifetime Creation, configuration, lifetime management, IO managementmanagement, IO management
Works in conjunction withWorks in conjunction withManagement consoleManagement console
Device virtualizationDevice virtualization
HypervisorHypervisor
Virtualization StackVirtualization StackManagement Console InteractionManagement Console Interaction
Management ConsoleManagement ConsoleBasic ‘in-box’ user interfaceBasic ‘in-box’ user interface
Sends commands and control to Sends commands and control to Virtualization Stack via WMIVirtualization Stack via WMI
Interacts with guest using RDPInteracts with guest using RDPVirtualization Stack mediates communicationVirtualization Stack mediates communication
Virtualization StackVirtualization StackComponent ViewComponent View
Virtualization stack
ConfigComponent
VMMSWMI
Worker process
StateMachine
IC Proxy
RDPEncoder
VDev
VirtualMotherboard
VID VSPKernel Kernel ModeMode
User User ModeMode
VMMSWMI
VMMSVMMSVirtual Machine Virtual Machine Management ServiceManagement Service
ResponsibilitiesResponsibilitiesControls all virtual machinesControls all virtual machines
WMI provider receives control commands WMI provider receives control commands from Management Consolefrom Management Console
Creates one Worker Process for each Creates one Worker Process for each VM instanceVM instance
Collaborates withCollaborates withConfig component to configure VMs Config component to configure VMs and VNSs – Virtual Network Switchesand VNSs – Virtual Network Switches
Worker process to control VMWorker process to control VM
Virtualization stackVirtualization stack
Config ComponentConfig Component
ResponsibilitiesResponsibilitiesPersistent configurationPersistent configurationstore for VMs and VNSs store for VMs and VNSs
Key/value pairsKey/value pairsHierarchical organizationHierarchical organization
Collaborates withCollaborates withVMMSVMMS
Receives commands/send resultsReceives commands/send results
Worker ProcessWorker ProcessCommunicates configuration changesCommunicates configuration changes
ConfigComponent
Virtualization stackVirtualization stack
VIDVIDVirtualization Virtualization Infrastructure DriverInfrastructure Driver
ResponsibilitiesResponsibilitiesMediates communicationMediates communicationwith hypervisorwith hypervisorProvides basic and advanced guest Provides basic and advanced guest memory virtualizationmemory virtualization
MMIO emulation, ROM emulationMMIO emulation, ROM emulation
Provides instruction completionProvides instruction completion
Collaborates withCollaborates withHypervisorHypervisor
Makes requests to hypervisorMakes requests to hypervisorby using the hypercall protocolby using the hypercall protocol
VID
Virtualization stackVirtualization stack
Worker process
StateMachine
IC Proxy
RDPEncoder
VDev
VirtualMotherboard
Worker ProcessWorker Process
Instantiated for Instantiated for running or configuring running or configuring one instance of a VMone instance of a VM
ContainsContainsVMB VMB
VDevsVDevs
State MachineState Machine
IC ProxyIC Proxy
RDP EncoderRDP Encoder
Virtualization stackVirtualization stack
Worker process
StateMachine
IC Proxy
RDPEncoder
VDev
VirtualMotherboard
State MachineState Machine
ResponsibilitiesResponsibilitiesDrives instantiation and runtimeDrives instantiation and runtimestate of a VMstate of a VMEnforces valid state transitionsEnforces valid state transitionsin response toin response to
Management Console-initiated commandsManagement Console-initiated commandsGuest-initiated operationsGuest-initiated operationsHost events – like power management, shutdown, Host events – like power management, shutdown, and hardware errorsand hardware errors
Provides save-state and snapshot Provides save-state and snapshot functionalityfunctionality
Collaborates withCollaborates withVID, VMB, and VDevs to control virtual VID, VMB, and VDevs to control virtual hardware statehardware state
StateMachine
Virtualization stackVirtualization stack
Virtual MotherboardVirtual Motherboard
ResponsibilitiesResponsibilitiesInstantiates all virtual devicesInstantiates all virtual devices
Collaborates withCollaborates withConfig componentConfig component
Obtains device configurationObtains device configuration
State machineState machineControls virtual hardware stateControls virtual hardware state
VirtualMotherboard
Virtualization stackVirtualization stack
Virtual DevicesVirtual Devices
ResponsibilitiesResponsibilitiesLegacy device emulationLegacy device emulation
OROR
VSP controlVSP control
Collaborates withCollaborates withVMBVMB
VSP VSP Control virtual hardware stateControl virtual hardware state
VDev
Virtualization stackVirtualization stack
IC Proxy/RDP IC Proxy/RDP EncoderEncoder
ResponsibilitiesResponsibilitiesManage communication link between Manage communication link between guest and remoteguest and remoteUI on Management ConsoleUI on Management Console
Collaborates withCollaborates withManagement consoleManagement console
Receives/sends RDP commandsReceives/sends RDP commands
Integration componentsIntegration componentsin guestin guest
Remote UI from/to guestRemote UI from/to guest
IC Proxy
RDPEncoder
Virtualization stackVirtualization stack
AgendaAgenda
Architecture introductionArchitecture introduction
Hypervisor architectureHypervisor architecture
Device virtualization architectureDevice virtualization architecture
Virtualization stack architectureVirtualization stack architecture
SummarySummary
Windows Virtualization Windows Virtualization ArchitectureArchitecture
Parent PartitionParent Partition Child PartitionsChild Partitions
Kernel ModeKernel Mode
User ModeUser Mode
VirtualizationVirtualizationServiceService
ProvidersProviders(VSPs)(VSPs)
WindowsWindowsKernelKernel
Server CoreServer Core
IHVIHVDriversDrivers
VirtualizationVirtualizationServiceServiceClientsClients(VSCs)(VSCs)
WindowsWindowsKernelKernel
EnlightenmentsEnlightenmentsVMBusVMBus
Windows hypervisorWindows hypervisor
Virtualization StackVirtualization Stack
VM WorkerVM WorkerProcessesProcessesVMVM
ServiceService
WMI ProviderWMI ProviderApplicationsApplications
““Designed for Windows” Server HardwareDesigned for Windows” Server Hardware
Provided by:Provided by:
WindowsWindows
ISVISV
OEMOEM
Windows Windows
VirtualizationVirtualization
Questions?Questions?
© 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions,
it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.