An Overview of Virtual Machine Architectures

Slide sourcesSlide sources

Virtual Machines Background, Kenneth Chiu, Computer Science Department at SUNY Binghamton kchiu@cs.binghamton.edu

Windows Virtualization Architecture, Mark Kieffer, Group Program Manager, Windows Virtualization,Microsoft Corporation

CS 140 Lecture 26: Virtual Machine Monitors, Mendel Rosenblum, Stanford CS DepartmentAn Overview of Virtual Machine Architectures, Smith and Nair

Review: What is an OS?Review: What is an OS?

software between applications and reality: abstracts hardware and makes portable

makes finite into (near)infinite

provides protection

gcc

emacs

Doom, XXI

OS

hardware

What If?What If?

Process abstraction looked just like hardware!

OS/Virtual Machine Monitor

hardware

gccemacs

OS

hardware

Doom,XXI

OS

hardware

Virtual MachinesVirtual Machines

A virtual machine treats hardware and the operating system kernel as though they were all hardware.

A virtual machine provides an interface identical to the underlying bare hardware.

For example, the operating system creates the illusion of multiple processes, each executing on its own processor with its own (virtual) memory.

The resources of the physical computer are shared to create the virtual machines.

A normal user time-sharing terminal serves as the virtual machine operator’s console.

System ModelsSystem Models

Non-virtual Machine Virtual Machine

DefinitionsDefinitions

Instruction Set Architecture (ISA)Precise specification of the interface between hardware and software

Application Binary Interface (ABI)Defines how an application can work with a platform at the binary level. (Contrast with API.)

Includes user ISA, system call interface, etc.

Suppose an ABI is changed.Recompile?

Source changes?

VirtualizationVirtualization

VMM also known as hypervisor.

Hardware

OS

Application

ISA

Hardware

OS

Application

Virtual ISAVMM

ISA

Guest

Host

OS

Application

VirtualISAVirtual

Machine

Advantages/Disadvantages of Virtual Advantages/Disadvantages of Virtual Machines Machines

The VM concept provides complete protection of system resources

since each VM is isolated from all other VMs.

What might be bad about this?Isolation, however, permits no direct sharing of resources.

A VM system is a perfect vehicle for OS research and development. The VM concept is difficult to implement

effort required to provide an exact duplicate to the underlying machine.

Process vs. SystemProcess vs. System

Meaning of “machine” depends on perspective.To a process, the machine is the system calls, libraries, etc.

Already abstract.

The entire system also runs on a machine.Includes ISA, actual devices, etc.

Other kinds of machines?

As there are two perspectives, there are two kinds of virtual machines: process and system.

Process virtual machine can support an individual process.System virtual machine can run a complete OS plus environment.

Process vs. SystemProcess vs. System

x86

Linux

JavaVM

NativeApp

NativeApp

JavaVM

JavaProg

JavaProg

x86

Linux

VMM

NativeApp

NativeApp

W32App

Windows

W32App

Process VM System VM

Examples?

Making a process look like hardware - CPUMaking a process look like hardware - CPU

Observations: Most instructions are the same regardless of processor privileged level.

Example: inc %eax

Why not just give CPU to execute the instructions?

Safety – How we going to get it back? Or stop it from stepping on us? How about CLI/HALT?

Answer: Use protection mechanism.

Run virtual machine directly on CPU at non-privileged level.

Most instruction just work.

Privileged instructions trap into monitor and run simulator on instruction.

Makes some assumptions about architecture.

Complete Machine SimulationComplete Machine Simulation

Build a simulation of all the hardware. CPU – A loop that fetch an instruction, decode it, simulate its effect on the machine, state.

Memory – Physical memory is just an array, simulate the MMU on all memory accesses.

I/O – Simulate I/O devices, programmed I/O, DMA, interrupts.

Problem: Too slow!100x slowdown makes it not too useful.

CPU/Memory – 100x CPU/MMU simulation.

I/O Device – <2x slowdown.

Need to emulate CPU/MMU fast enough.

How is a process different from HW?How is a process different from HW?

Process

CPU – Non-Privileged registers and instructions.

Memory – Virtual memory.

Exceptions – signals, errors.

I/O - File System, Directory, Files, raw devices.

Hardware

CPU – All registers and instructions.

Memory – Both virtual and physical memory, memory management, TLB/page tables, etc.

Exceptions – Trap architecture, interrupts, etc.

I/O – I/O devices accessed using programmed I/O, DMA, interrupts.

VirtualizationVirtualization

The state of a machine must be maintained.Physical machine: latches, flip-flops, etc.

Virtual machine: combination of physical machine and state emulated in software using RAM, etc.

At certain points in execution, such as a trap, the state of the machine must be “materialized”.

Not trivial due to complex hardware techniques used to provide high performance.

This ability to materialize the state is termed “preciseness”.

Three aspects of virtualizationState: registers and memory

Instructions: may involve emulation

State materialization: when exceptions occur

Key IdeasKey Ideas

VMs can support an individual process only, or can support a whole OS.

Can construct a useful taxonomy based on:process or system

same ISA or different ISA

TaxonomyTaxonomy

ProcessSame ISA

MultiprogrammingDynamic optimization

Different ISADynamic translatorsHLL VM

SystemSame ISA

“Classic” OS VMs (IBM)Hosted VMs

Different ISAWhole systemCo-designed VMs

Process VMsProcess VMs

MultiprogrammingA process has the illusion of having the whole machine to itself.

EmulationInterpreted. (Define.)

Translated. (Define.)

What are relative merits?

Dynamic optimizersEspecially useful with some kind of profile-directed translation.

High Level Language VMsHigh-level language is compiled to an intermediate language.

VM then runs the intermediate language.

Example is Java: Interpreted or translated?

Java Virtual MachineJava Virtual Machine

JVM execute platform-neutral bytecodes.

JVM consists of

- class loader

- class verifier

- runtime interpreter

Just-In-Time (JIT) compilers increase performance

System VMsSystem VMs

Same ISA“Classic” (Define. Pros/cons?)

VMM built directly on top of hardware.Most efficient, but requires wiping the slate clean.Requires device drivers in the VMM.

Hosted (Define. Pros/cons?)VMM built on top of existing OS.Most convenientDevices drivers supplied by host OS, VMM uses facilities provided by host OS.

Different ISAWhole System VMs: Emulation

ISA not the same, must emulate everything.

Co-Designed VMs: OptimizationHardware designed to support VMs.Provides a clean design for virtualization.Can be significantly more efficient.

Virtual Machine MonitorVirtual Machine Monitor

Thin layer of software that virtualizes the hardware

Exports a virtual machine abstraction that looks like the hardware

Hardware

OperatingSystem

App App

VirtualMachine Monitor

Virtual Machine Monitor (VMM)

App App App

OperatingSystem

OperatingSystem

Old idea from the 1960sOld idea from the 1960s

IBM VM/370 – A VMM for IBM mainframeMultiplex multiple OS environments on expensive hardware.

Desirable when few machine around.

Interest died out in the 1980s and 1990s.Hardware got cheap.

Compare Windows NT verses N DOS machines

Interesting again todayDifference problems today – software management

VMM attributes still relevant

Virtual Machine Monitor attributesVirtual Machine Monitor attributes

Software compatibilityRuns pretty much all software

Trick: Make virtual hardware match real hardware.

Low overheads/High performanceNear “raw” machine performance

Direct execution of CPU/MMU.

Complete isolationTotal data isolation between virtual machines

Use hardware protection.

EncapsulationVirtual machines are not tied to physical machines

Checkpoint/Migration.

Different thought about OSesDifferent thought about OSes

Installing software on hardware is brokenTight coupling of OS and applications to hardware creates management problems.

Want to subdivide OS:Hardware drivers

Hardware management

System support software

Turn OSes into normal software that can be managed

Backward compatibility with VMMsBackward compatibility with VMMs

Backward compatibility is bane of new OSes. Huge effort require to innovate but not break.

Recent security consideration make it impossibleChoice: Close security hole and break apps or be insecure

Example: Not all WinNT applications run on WinXP.

In spite of a huge effort to make WinXP compatible.

Given the number of applications that run on WinNT, practically any change will break something.If (OS == WinNT)….

Solution: Use a VMM to run both WinNT and WinXP

Obvious for OS migration as well: Windows -> Linux

Intel Appliance

Linux

Cisco Content Engine 590Cisco Content Engine 590

Windows 2000

RealPlayerServer

Media Server

IP chain

Isolation: Access to Classified NetworksIsolation: Access to Classified Networks

Traditional tension: Security vs. UsabilitySecure systems tend not to be that usable.

Flexible systems are not that secure.

Additional information assurance requirement:Data cannot flow between networks of different classification.

Solution: Run two VMs:Classified VM

Internet VM

Use isolation property to isolate two VMsVMM has control of the information flow between machines

Declassifier mechanism

National Security Agency NetTopNational Security Agency NetTop

ClassifiedVM

VPN

Internet VM

Firewall

SE-Linux

Logical partitioning of server machinesLogical partitioning of server machines

Run multiple servers on same boxAbility to give away less than one machine

Modern CPUs more power than most services need.

0.10U rack space machine - Better power, cooling, floor space,etc.

Server consolidation trend: N machine -> 1 real machine

Isolation of environments Printer server doesn’t take down Exchange server

Compromise of one VM can’t get at data of others

Resource managementProvide service-level agreements

Heterogeneous environmentsLinux, FreeBSD, Windows, etc.

Scenario : Server ConsolidationScenario : Server Consolidation

Web Server

App Server

Web Server

App Server

Database Server

Database Server

App Server

App Server

Web Server

Web Server

VMware MultipleWorlds + Physical Hardware

VMM ArrangementsVMM Arrangements

Host OS

VMM

Guest 1 Guest 2

VMM

Guest 1 Guest 2

Host OS VMM

Guest 1 Guest 2

Type-2 VMM Type-1 VMM(Hypervisor)

Hybrid VMM

Examples: JVMCLR

Examples: Virtual PC & Virtual Server

Examples: Windows Virtualization

Hardware Hardware Hardware

What we have today What we’re buildingfor the future

The HypervisorThe Hypervisor

Very thin layer of softwareHighly reliable

Much smaller Trusted Computing Base (TCB)

No built-in driver modelLeverage the large base of Windows drivers

Drivers run in a partition

Will have a well-defined, published interfaceAllow others to create support for their OS’s as guests

Hardware virtualization assists are requiredIntel Virtualization Technology

AMD “Pacifica”

Monolithic vs. MicrokernelizedMonolithic vs. Microkernelized

Monolithic hypervisorSimpler than a modern kernel, but still complex

Contains its own drivers model

Microkernelized hypervisor

Simple partitioning functionality

Increase reliability and minimize TCB

No third-party code

Drivers run within guests

Hypervisor

VM 1(“Admin”)

VM 2 VM 3

Hardware Hardware

Hypervisor

VM 2(“Child”)

VM 3(“Child”)

Virtual-ization Stack

VM 1(“Parent”)

DriversDriversDrivers

DriversDriversDrivers DriversDriversDrivers DriversDriversDrivers

The HypervisorThe Hypervisor

CPUCPUHard DriveHard Drive

Ethernet NIC

Ethernet NIC RAMRAM

• Thin layer of software running on the hardware• Supports creation of partitions

• Each partition is a virtual machine• Each partition has one or more virtual processors• Partitions can own or share hardware resources• Software running in partition is called a guest

• Enforces memory access rules• Enforces policy for CPU usage

• Virtual processors are scheduled on real processors

• Enforces ownership of other devices• Provides simple inter-partition messaging

• Messages appear as interrupts

• Exposes simple programmatic interface called “hypercalls”

• Thin layer of software running on the hardware• Supports creation of partitions

• Each partition is a virtual machine• Each partition has one or more virtual processors• Partitions can own or share hardware resources• Software running in partition is called a guest

• Enforces memory access rules• Enforces policy for CPU usage

• Virtual processors are scheduled on real processors

• Enforces ownership of other devices• Provides simple inter-partition messaging

• Messages appear as interrupts

• Exposes simple programmatic interface called “hypercalls”

Hypervisor

Parent Partition

(Minimum Footprint Windows)

CPU Virtualization RequirementsCPU Virtualization Requirements

Need protection levels to run VMs and monitors

All unsafe/privileged operations should trap Example: disable interrupt, access I/O dev, …x86 problem: POPF (different semantics in different rings)

Privilege level should not be visible to softwareSoftware in VM should be able to query and find its level in a VM

x86 problem: MOV ax, cs

Trap should be transparent to software in VMSoftware in VM should be able to tell if instruction trapped.

x86 problem: traps can destroy machine state.

Lost art.

CPU Trap architecture virtualizationCPU Trap architecture virtualization

What happens when an interrupt or trap occurs. Like all OSes: we trap into the monitor.

What if the interrupt or trap should go to the VM?Example: Page fault, illegal instruction, system call, interrupt.

Run the simulator again. X86 example: Lookup trap vector in VM’s IDT.

Push cs, eip, eflags, on stack.

Switch to privileged mode.

Virtualization requirements - Virtualizing MemoryVirtualization requirements - Virtualizing Memory

Basic MMU functionality:OS manages physical memory (0…MAX_MEM).

OS sets up page tables mapping VA->PA.

CPU accesses VA to should go to PA.Paging off: PA=VA.

Used for every instruction fetch, load, or store.

Need to implement a virtual physical memoryLogically need additional level of indirection

VM’s VA -> VM’s PA -> machine address

Trick: Use hardware MMU to simulate virtual MMU.Can be folded into page tables: VA->machine address

MMU VirtualizationMMU Virtualization

Trick: Monitor keeps shadow of VM’s page tableContains mapping to physical memory allocated for that VM.

Access causes Page Fault:Lookup in VM’s page table mapping from VPN to PPN.

Determine where PPN is in machine memory (MPN). Monitor can demand page the virtual machine

Insert mapping from VPN->MPN into shadow page table.

Uses hardware protection Monitor never maps itself into VM’s page table

Monitor never maps memory allocated to other VMs in VM’s page table

I/O device virtualizationI/O device virtualization

Type of communication:Special instruction – IN/OUT.

Memory mapped I/O (PIO).

Interrupts.

DMA.

Virtualization Make IN/OUT and PIO trap into monitor.

Run simulation of I/O device.

Simulation:Interrupt – Tell CPU simulator to generate interrupt.

DMA – Copy data to/from physical memory of virtual machine.

Virtual Machine UsesVirtual Machine Uses

EmulationOne ISA can be used to emulate another.Provides cross-platform portability.

OptimizationEmulators can optimize as they emulate.Also can optimize same ISA to same ISA.

ReplicationA single physical machine can be replicated, providing isolation between the VMs.

CompositionTwo virtual machines can be composed, combining the functionality of each.

Example: Using VMM to enhance Example: Using VMM to enhance securitysecurityProblem Area: Intrusion Detection Systems (IDS).

Trade-offsHost-based IDS (HIDS): + Good visibility to catch intruder.

- Weak isolation from intruder disabling/masking IDS.

Network-based IDS (NIDS):+ Good isolation from attack from intruder.

- Weak visibility can allow intruder to slip by unnoticed.

Would like visibility of HIDS with isolation of NIDS.

Idea: Do it in the virtual machine monitor.

VMM-based Intrusion Detection SystemVMM-based Intrusion Detection System

Strong isolation VMM isolate software in VM from VMM.

Comprise OS in VM can’t disable IDS in VMM.

Introspection – Peer inside at software running in VMVMM can see: Physical memory, registers, I/O device state, etc.

Signature scan of memoryLook through physical memory for patterns or signs of break-in

Interposition – Modify VM abstraction to enhance security

Memory Access EnforcerInterpose on page protection.

NIC Access EnforcerInterpose on virtual network device.

Collective Project: A Compute UtilityCollective Project: A Compute Utility

Distributed system where all software runs in VMsResearch with Prof. Monica Lam and students.

Virtual Appliance abstractionx86 virtual machine.

Target specialized environment (e.g. program development)

Store in a centralized persistent storage repository.

Cached on the machine were virtual appliances run.

Target benefitsSystem administration

Centralize and amortize administration of a virtual appliance.

MobilityComputing environment follows user around.

Virtualizing I/O Devices on VMware Workstation’s Host VMM

Virtualizing the PC PlatformVirtualizing the PC Platform

Several hurdlesNon-virtualizable processor

Some privileged instructions fail silently. (Why is this a problem?) (What’s the solution?)

PC hardware diversityWhy is this problematic for a “classic” VM?

Pre-existing PC softwareMust stay compatible

To address these, VMware uses a hosted VM. (Not a “classic” VM.)

Hosted VMware ArchitectureHosted VMware Architecture

VMware achieves both near-native execution speed and broad device support by transparently switching* between Host Mode and VMM Mode.

Guest OS Applications

Guest Operating System

Host OS Apps

Host OS

PC HardwareDisks Memory CPUNIC

VMware App Virtual Machine

VMware Driver Virtual Machine Monitor

Host Mode VMM Mode

VMware, acting as an application, uses the host to access other devices such as the hard disk, floppy, or network card

The VMware Virtual machine monitor allows each guest OS to directly access the processor (direct execution)

*VMware typically switches modes 1000 times per second

Two WorldsTwo Worlds

VMApp runs in the host, using the VMDriver host kernel component to establish the VMM.

CPU is thus executing in either the host world or the virtual world, using VMDriver to switch worlds.

World switches are expensive, since user and system state must be switched.

Virtualizing the NICVirtualizing the NIC

I/O port operations by guest OS must be intercepted by VMM.

Must then be processed in the VMM (to maintain the virtual state).

Or executed in the host world. (When must it do what?)

Send operations start as a sequence of ops to virtual I/O ports.

Upon finalization of the send, the VMApp issues a host OS syscall to the VMNet driver, which passes it on the real NIC.

Finally requires raising a virtual IRQ to signal completion.

Receive operations operate in reverse.VMApps executes select() syscall on possible sources.

Reads packet, forwards it to VMM which raises a virtual IRQ.

Virtualizing a Network InterfaceVirtualizing a Network Interface

Host OS

PC HardwarePhysical NIC

VMApp

VMDriver

Guest OS

VMM

Phy

sica

l Eth

erne

t

NIC Driver

NIC Driver

Virtual Bridge

Virtual Network Hub

DetailsDetails

SendGuest OS out to I/O port

Trap to VMDriver

Pass to VMApp

Syscall to VMNet

Pass to actual NIC driver

ReceiveHardware IRQ

Actual NIC delivers to VMNet driver

VMNet driver causes VMApp to return from select()

VMApp copies packet to VM memory

VMApp asks VMM to raise virtual IRQ

Guest OS performs port operations to read data

Trap to VMDriver

VMApp returns from ioctl() to raise IRQ

Reducing Network Virtualization OverheadsReducing Network Virtualization Overheads

Handling I/O ports in the VMMMany accesses don’t involve actual I/O.

Let the VMM maintain the state, avoiding a worlds switch.

Send combiningIf data rate is high, queue up packets, send them in a group.

IRQ notificationUse shared memory bitmap rather than requiring VMApp to call select() when an IRQ is received on the host system.

Performance EnhancementsPerformance Enhancements

Reducing CPU virtualization overheadFind operations to the interrupt controller that have memory semantics and replace with MOV operation, which does not require intervention by the VMM.Apparently requires dynamic binary translation.

Modifying the guest OSEliminate idle task page table switching, which is not necessary, since the idle task pages are mapped in every process page table.Run idle task with page table of last process.What would happen if the idle task had a bug and wrote to some random addresses?

Performance EnhancementsPerformance Enhancements

Creating a custom virtual deviceVirtualizing a real device is somewhat inefficient, since the interface to these devices is optimized for real devices, not virtual devices.Designing a custom virtual device can reduce expensive operations.Disadvantage is that must write a new device driver in guest OS for this virtual device.

Modifying the host OSVMNet driver allocates kernel memory sk_buff, then copies from VMApp to sk_buff.Can eliminate copy by using memory from VM physical memory.

Bypassing the host OSVMM uses own drivers, rather than going through the host OS. (Note that going through the host OS is using a kind of process VM provided by the host OS.)Disadvantage is that you have to write your own VMM driver for every supported real device.

SummarySummary

Main goal is to develop some understanding of the issues of hosted system VM performance.

Windows Virtualization Architecture

Mark KiefferGroup Program ManagerWindows Virtualizationmarkkie @ microsoft.comMicrosoft Corporation

Microsoft’s current virtualization offeringsMicrosoft’s current virtualization offerings

Current virtualization uses and benefitsUses for virtualization today

Microsoft’s current virtualization offerings

Windows Virtualization ArchitectureHypervisor

Virtualization stack

Device virtualization

Current Virtualization Uses and BenefitsCurrent Virtualization Uses and Benefits

Workloads that are enabled by virtualizationServer Consolidation

Efficient software development and test

Dynamic data centersResource Management

Application re-hosting

Application compatibility

High availability partitions

Many others

Microsoft’s Current Virtualization OfferingsMicrosoft’s Current Virtualization Offerings

Virtual PC 2004Being deployed in production environments

Application re-hosting

Demos, training, helpdesk

Being deployed in test and dev environmentsMultiple test beds on a single piece of hardware

Virtual Server 2005Released Q4 2004

Well received in the industryUsed for production server consolidation

Remote management of virtual machine operations

Great perf gains and functionality enhancement in SP164-bit host support, PXE support, and others

Microsoft's Next Gen Virtualization ArchitectureMicrosoft's Next Gen Virtualization Architecture

Introducing Windows virtualization for serversHypervisor-based

Separate, small management partition (parent)

Takes device virtualization to the next level

Targeting availability in the Longhorn wave

Definition of a couple of termsParent partition: a partition that manages its children

Child partition: any number of partitions that are started, managed, and shut down by their parent

Virtualization Stack: The collection of components that runs in the parent partition for VM management

Windows Virtualization for ServersWindows Virtualization for Servers

Some proposed features32-bit and 64-bit guests

x64-only hosts

Guest multiprocessing

Virtualized devices

WMI management and control API

Save & restore

Snapshotting

CPU and I/O resource controls

Tuning for NUMA

Dynamic resource addition & removal

Live migration

Will run within a parent partitionStand alone in a small footprint OS (MinWin)

Full Windows OS

Multiple virtualization stacks could co-exist

Virtualization StackVirtualization Stack

Virtualization StackVirtualization Stack

Hypervisor

Parent Partition

VM Service VM Worker Process

VirtualizationInfrastructure

Driver

VM Worker Process

VM Worker Process

VMBusBus Driver

• Collection of user-mode & kernel-mode components

• Runs within a partition on top of a (minimal) OS• Contains all VM support not in the hypervisor

• Interacts with hypervisor• Calls the hypervisor to perform certain actions• Responds to messages from the hypervisor or from

other partitions

• Creates and manages a group of “child partitions”

• Manages memory for child partitions• Virtualizes devices for child partitions

• Exposes a management interface

• Collection of user-mode & kernel-mode components

• Runs within a partition on top of a (minimal) OS• Contains all VM support not in the hypervisor

• Interacts with hypervisor• Calls the hypervisor to perform certain actions• Responds to messages from the hypervisor or from

other partitions

• Creates and manages a group of “child partitions”

• Manages memory for child partitions• Virtualizes devices for child partitions

• Exposes a management interface

Child Partition 1 Child Partition 2

Hypervisor API & Message Library

WMI Provider

WMI Value PropositionWMI Value Proposition

WMI is the interface that applications use to manage all aspects of Windows virtualization services

WMI is consumer agnosticCan be accessed remotely by WS-Management,

Programmable via C++, WSH, .NET

Hardware manufacturers benefit from understanding WMIUnderstand how their hardware can participate within overall Windows virtualization services manageability

Device VirtualizationDevice Virtualization

Provides a method for sharing hardware efficiently

Physical devices are still managed by their device drivers

DefinitionsVirtualization Service Providers (VSPs) & Clients (VSCs)

VSP = provider, VSC = consumer

VSP typically run in a partition that “owns” a hardware resource

VSP/VSC pair per device type (storage, network, etc.)

May expose bandwidth resource controls

Protocol is specific to device type, but is generally OS-agnostic

Device VirtualizationDevice Virtualization

Standard VSPs

Storage: parses VHDs, supports difference drive chains

Network: provides virtualized network mechanism

Video: 2D for servers

USB: allows a USB device to be assigned to a partition

Input: keyboard & mouse

Time: virtualization for RTC hardware

Device VirtualizationDevice Virtualization

DiskDisk

HypervisorHypervisor

Storage VSP

Storage VSP

VMBusVMBus VMBusVMBus

• Physical devices• Managed by traditional driver stacks

• Virtualization service providers (VSPs)• Virtualize a specific class of device (e.g.

networking, storage, etc.)• Expose an abstract device interface• Run within the partition that owns the

corresponding physical device

• Virtualization service clients (VSCs)• Consume virtualized hardware service

• VMBus• Software “bus” (enumeration, hot plug,

etc.)• Enables VSPs and VSCs to communicate

efficiently• Uses memory sharing and hypervisor IPC

messages

• Physical devices• Managed by traditional driver stacks

• Virtualization service providers (VSPs)• Virtualize a specific class of device (e.g.

networking, storage, etc.)• Expose an abstract device interface• Run within the partition that owns the

corresponding physical device

• Virtualization service clients (VSCs)• Consume virtualized hardware service

• VMBus• Software “bus” (enumeration, hot plug,

etc.)• Enables VSPs and VSCs to communicate

efficiently• Uses memory sharing and hypervisor IPC

messages

Storage Stack

Storage Stack

Port DriverPort

Driver

Storage Stack

Storage Stack

Storage VSC

Storage VSC

Parent Partition

Windows EnlightenmentsWindows Enlightenments

EnlightenmentsModifications to an OS to make it aware that it’s running within a VM

Windows codenamed “Longhorn” enlightenmentsOptimizations in memory manager (MM)

Win32 and kernel API: Am I running on a virtual machine?

Looking at additional enlightenments in the future

Some System RequirementsSome System Requirements

Must support hardware virtualizationIntel’s Virtualization Technology

AMD’s “Pacifica”

We are not planning on supporting any other implementations

Must support x64 extensions

Microkernels Meet Recursive Virtual Machines

Ford et al

DecompositionDecomposition

Microkernels decompose functionality horizontally (mainly).

Monolithic services separated horizontally.

Moved up one layer.

Stackable VMMs decompose functionality vertically.

Each layer supplies some functionality.

FlukeFluke

Uses a nested process architecture.Each process provides a VM to its children, possibly with additional functionality.Different from usual parent-child in that children are completely contained within and visible to parent.This is necessary for the parent to be a VM to its children.

Two APIsLow-level kernel API to microkernel for basic manipulationHigh-level protocols to handle:

Parent InterfaceProcessMemPoolFileSystem

Nested VMs interact directly with microkernel for the low-level API, but interact with the parent VM for high-level protocols.Parent VM will use interposition to add additional functionality. This is how the stacking works.

Key IdeasKey Ideas

Implement a microkernel that allows process virtual machines to be stacked.

Each virtual machine is a user-level server.

Stacking occurs through process nesting.

Use pass-through to avoid exponential behavior.

Mainly interesting for the ideas, performance is relatively poor, but may be improvable.