ppt
-
Upload
cameroon45 -
Category
Technology
-
view
980 -
download
0
description
Transcript of ppt
An Overview of Virtual Machine Architectures
Slide sourcesSlide sources
Virtual Machines Background, Kenneth Chiu, Computer Science Department at SUNY Binghamton [email protected]
Windows Virtualization Architecture, Mark Kieffer, Group Program Manager, Windows Virtualization,Microsoft Corporation
CS 140 Lecture 26: Virtual Machine Monitors, Mendel Rosenblum, Stanford CS DepartmentAn Overview of Virtual Machine Architectures, Smith and Nair
Review: What is an OS?Review: What is an OS?
software between applications and reality: abstracts hardware and makes portable
makes finite into (near)infinite
provides protection
gcc
emacs
Doom, XXI
OS
hardware
What If?What If?
Process abstraction looked just like hardware!
OS/Virtual Machine Monitor
hardware
gccemacs
OS
hardware
Doom,XXI
OS
hardware
Virtual MachinesVirtual Machines
A virtual machine treats hardware and the operating system kernel as though they were all hardware.
A virtual machine provides an interface identical to the underlying bare hardware.
For example, the operating system creates the illusion of multiple processes, each executing on its own processor with its own (virtual) memory.
The resources of the physical computer are shared to create the virtual machines.
A normal user time-sharing terminal serves as the virtual machine operator’s console.
System ModelsSystem Models
Non-virtual Machine Virtual Machine
DefinitionsDefinitions
Instruction Set Architecture (ISA)Precise specification of the interface between hardware and software
Application Binary Interface (ABI)Defines how an application can work with a platform at the binary level. (Contrast with API.)
Includes user ISA, system call interface, etc.
Suppose an ABI is changed.Recompile?
Source changes?
VirtualizationVirtualization
VMM also known as hypervisor.
Hardware
OS
Application
ISA
Hardware
OS
Application
Virtual ISAVMM
ISA
Guest
Host
OS
Application
VirtualISAVirtual
Machine
Advantages/Disadvantages of Virtual Advantages/Disadvantages of Virtual Machines Machines
The VM concept provides complete protection of system resources
since each VM is isolated from all other VMs.
What might be bad about this?Isolation, however, permits no direct sharing of resources.
A VM system is a perfect vehicle for OS research and development. The VM concept is difficult to implement
effort required to provide an exact duplicate to the underlying machine.
Process vs. SystemProcess vs. System
Meaning of “machine” depends on perspective.To a process, the machine is the system calls, libraries, etc.
Already abstract.
The entire system also runs on a machine.Includes ISA, actual devices, etc.
Other kinds of machines?
As there are two perspectives, there are two kinds of virtual machines: process and system.
Process virtual machine can support an individual process.System virtual machine can run a complete OS plus environment.
Process vs. SystemProcess vs. System
x86
Linux
JavaVM
NativeApp
NativeApp
JavaVM
JavaProg
JavaProg
x86
Linux
VMM
NativeApp
NativeApp
W32App
Windows
W32App
Process VM System VM
Examples?
Making a process look like hardware - CPUMaking a process look like hardware - CPU
Observations: Most instructions are the same regardless of processor privileged level.
Example: inc %eax
Why not just give CPU to execute the instructions?
Safety – How we going to get it back? Or stop it from stepping on us? How about CLI/HALT?
Answer: Use protection mechanism.
Run virtual machine directly on CPU at non-privileged level.
Most instruction just work.
Privileged instructions trap into monitor and run simulator on instruction.
Makes some assumptions about architecture.
Complete Machine SimulationComplete Machine Simulation
Build a simulation of all the hardware. CPU – A loop that fetch an instruction, decode it, simulate its effect on the machine, state.
Memory – Physical memory is just an array, simulate the MMU on all memory accesses.
I/O – Simulate I/O devices, programmed I/O, DMA, interrupts.
Problem: Too slow!100x slowdown makes it not too useful.
CPU/Memory – 100x CPU/MMU simulation.
I/O Device – <2x slowdown.
Need to emulate CPU/MMU fast enough.
How is a process different from HW?How is a process different from HW?
Process
CPU – Non-Privileged registers and instructions.
Memory – Virtual memory.
Exceptions – signals, errors.
I/O - File System, Directory, Files, raw devices.
Hardware
CPU – All registers and instructions.
Memory – Both virtual and physical memory, memory management, TLB/page tables, etc.
Exceptions – Trap architecture, interrupts, etc.
I/O – I/O devices accessed using programmed I/O, DMA, interrupts.
VirtualizationVirtualization
The state of a machine must be maintained.Physical machine: latches, flip-flops, etc.
Virtual machine: combination of physical machine and state emulated in software using RAM, etc.
At certain points in execution, such as a trap, the state of the machine must be “materialized”.
Not trivial due to complex hardware techniques used to provide high performance.
This ability to materialize the state is termed “preciseness”.
Three aspects of virtualizationState: registers and memory
Instructions: may involve emulation
State materialization: when exceptions occur
Key IdeasKey Ideas
VMs can support an individual process only, or can support a whole OS.
Can construct a useful taxonomy based on:process or system
same ISA or different ISA
TaxonomyTaxonomy
ProcessSame ISA
MultiprogrammingDynamic optimization
Different ISADynamic translatorsHLL VM
SystemSame ISA
“Classic” OS VMs (IBM)Hosted VMs
Different ISAWhole systemCo-designed VMs
Process VMsProcess VMs
MultiprogrammingA process has the illusion of having the whole machine to itself.
EmulationInterpreted. (Define.)
Translated. (Define.)
What are relative merits?
Dynamic optimizersEspecially useful with some kind of profile-directed translation.
High Level Language VMsHigh-level language is compiled to an intermediate language.
VM then runs the intermediate language.
Example is Java: Interpreted or translated?
Java Virtual MachineJava Virtual Machine
JVM execute platform-neutral bytecodes.
JVM consists of
- class loader
- class verifier
- runtime interpreter
Just-In-Time (JIT) compilers increase performance
System VMsSystem VMs
Same ISA“Classic” (Define. Pros/cons?)
VMM built directly on top of hardware.Most efficient, but requires wiping the slate clean.Requires device drivers in the VMM.
Hosted (Define. Pros/cons?)VMM built on top of existing OS.Most convenientDevices drivers supplied by host OS, VMM uses facilities provided by host OS.
Different ISAWhole System VMs: Emulation
ISA not the same, must emulate everything.
Co-Designed VMs: OptimizationHardware designed to support VMs.Provides a clean design for virtualization.Can be significantly more efficient.
Virtual Machine MonitorVirtual Machine Monitor
Thin layer of software that virtualizes the hardware
Exports a virtual machine abstraction that looks like the hardware
Hardware
OperatingSystem
App App
VirtualMachine Monitor
Virtual Machine Monitor (VMM)
App App App
OperatingSystem
OperatingSystem
Old idea from the 1960sOld idea from the 1960s
IBM VM/370 – A VMM for IBM mainframeMultiplex multiple OS environments on expensive hardware.
Desirable when few machine around.
Interest died out in the 1980s and 1990s.Hardware got cheap.
Compare Windows NT verses N DOS machines
Interesting again todayDifference problems today – software management
VMM attributes still relevant
Virtual Machine Monitor attributesVirtual Machine Monitor attributes
Software compatibilityRuns pretty much all software
Trick: Make virtual hardware match real hardware.
Low overheads/High performanceNear “raw” machine performance
Direct execution of CPU/MMU.
Complete isolationTotal data isolation between virtual machines
Use hardware protection.
EncapsulationVirtual machines are not tied to physical machines
Checkpoint/Migration.
Different thought about OSesDifferent thought about OSes
Installing software on hardware is brokenTight coupling of OS and applications to hardware creates management problems.
Want to subdivide OS:Hardware drivers
Hardware management
System support software
Turn OSes into normal software that can be managed
Backward compatibility with VMMsBackward compatibility with VMMs
Backward compatibility is bane of new OSes. Huge effort require to innovate but not break.
Recent security consideration make it impossibleChoice: Close security hole and break apps or be insecure
Example: Not all WinNT applications run on WinXP.
In spite of a huge effort to make WinXP compatible.
Given the number of applications that run on WinNT, practically any change will break something.If (OS == WinNT)….
Solution: Use a VMM to run both WinNT and WinXP
Obvious for OS migration as well: Windows -> Linux
Intel Appliance
Linux
Cisco Content Engine 590Cisco Content Engine 590
Windows 2000
RealPlayerServer
Media Server
IP chain
Isolation: Access to Classified NetworksIsolation: Access to Classified Networks
Traditional tension: Security vs. UsabilitySecure systems tend not to be that usable.
Flexible systems are not that secure.
Additional information assurance requirement:Data cannot flow between networks of different classification.
Solution: Run two VMs:Classified VM
Internet VM
Use isolation property to isolate two VMsVMM has control of the information flow between machines
Declassifier mechanism
National Security Agency NetTopNational Security Agency NetTop
ClassifiedVM
VPN
Internet VM
Firewall
SE-Linux
Logical partitioning of server machinesLogical partitioning of server machines
Run multiple servers on same boxAbility to give away less than one machine
Modern CPUs more power than most services need.
0.10U rack space machine - Better power, cooling, floor space,etc.
Server consolidation trend: N machine -> 1 real machine
Isolation of environments Printer server doesn’t take down Exchange server
Compromise of one VM can’t get at data of others
Resource managementProvide service-level agreements
Heterogeneous environmentsLinux, FreeBSD, Windows, etc.
Scenario : Server ConsolidationScenario : Server Consolidation
Web Server
App Server
Web Server
App Server
Database Server
Database Server
App Server
App Server
Web Server
Web Server
VMware MultipleWorlds + Physical Hardware
VMM ArrangementsVMM Arrangements
Host OS
VMM
Guest 1 Guest 2
VMM
Guest 1 Guest 2
Host OS VMM
Guest 1 Guest 2
Type-2 VMM Type-1 VMM(Hypervisor)
Hybrid VMM
Examples: JVMCLR
Examples: Virtual PC & Virtual Server
Examples: Windows Virtualization
Hardware Hardware Hardware
What we have today What we’re buildingfor the future
The HypervisorThe Hypervisor
Very thin layer of softwareHighly reliable
Much smaller Trusted Computing Base (TCB)
No built-in driver modelLeverage the large base of Windows drivers
Drivers run in a partition
Will have a well-defined, published interfaceAllow others to create support for their OS’s as guests
Hardware virtualization assists are requiredIntel Virtualization Technology
AMD “Pacifica”
Monolithic vs. MicrokernelizedMonolithic vs. Microkernelized
Monolithic hypervisorSimpler than a modern kernel, but still complex
Contains its own drivers model
Microkernelized hypervisor
Simple partitioning functionality
Increase reliability and minimize TCB
No third-party code
Drivers run within guests
Hypervisor
VM 1(“Admin”)
VM 2 VM 3
Hardware Hardware
Hypervisor
VM 2(“Child”)
VM 3(“Child”)
Virtual-ization Stack
VM 1(“Parent”)
DriversDriversDrivers
DriversDriversDrivers DriversDriversDrivers DriversDriversDrivers
The HypervisorThe Hypervisor
CPUCPUHard DriveHard Drive
Ethernet NIC
Ethernet NIC RAMRAM
• Thin layer of software running on the hardware• Supports creation of partitions
• Each partition is a virtual machine• Each partition has one or more virtual processors• Partitions can own or share hardware resources• Software running in partition is called a guest
• Enforces memory access rules• Enforces policy for CPU usage
• Virtual processors are scheduled on real processors
• Enforces ownership of other devices• Provides simple inter-partition messaging
• Messages appear as interrupts
• Exposes simple programmatic interface called “hypercalls”
• Thin layer of software running on the hardware• Supports creation of partitions
• Each partition is a virtual machine• Each partition has one or more virtual processors• Partitions can own or share hardware resources• Software running in partition is called a guest
• Enforces memory access rules• Enforces policy for CPU usage
• Virtual processors are scheduled on real processors
• Enforces ownership of other devices• Provides simple inter-partition messaging
• Messages appear as interrupts
• Exposes simple programmatic interface called “hypercalls”
Hypervisor
Parent Partition
(Minimum Footprint Windows)
CPU Virtualization RequirementsCPU Virtualization Requirements
Need protection levels to run VMs and monitors
All unsafe/privileged operations should trap Example: disable interrupt, access I/O dev, …x86 problem: POPF (different semantics in different rings)
Privilege level should not be visible to softwareSoftware in VM should be able to query and find its level in a VM
x86 problem: MOV ax, cs
Trap should be transparent to software in VMSoftware in VM should be able to tell if instruction trapped.
x86 problem: traps can destroy machine state.
Lost art.
CPU Trap architecture virtualizationCPU Trap architecture virtualization
What happens when an interrupt or trap occurs. Like all OSes: we trap into the monitor.
What if the interrupt or trap should go to the VM?Example: Page fault, illegal instruction, system call, interrupt.
Run the simulator again. X86 example: Lookup trap vector in VM’s IDT.
Push cs, eip, eflags, on stack.
Switch to privileged mode.
Virtualization requirements - Virtualizing MemoryVirtualization requirements - Virtualizing Memory
Basic MMU functionality:OS manages physical memory (0…MAX_MEM).
OS sets up page tables mapping VA->PA.
CPU accesses VA to should go to PA.Paging off: PA=VA.
Used for every instruction fetch, load, or store.
Need to implement a virtual physical memoryLogically need additional level of indirection
VM’s VA -> VM’s PA -> machine address
Trick: Use hardware MMU to simulate virtual MMU.Can be folded into page tables: VA->machine address
MMU VirtualizationMMU Virtualization
Trick: Monitor keeps shadow of VM’s page tableContains mapping to physical memory allocated for that VM.
Access causes Page Fault:Lookup in VM’s page table mapping from VPN to PPN.
Determine where PPN is in machine memory (MPN). Monitor can demand page the virtual machine
Insert mapping from VPN->MPN into shadow page table.
Uses hardware protection Monitor never maps itself into VM’s page table
Monitor never maps memory allocated to other VMs in VM’s page table
I/O device virtualizationI/O device virtualization
Type of communication:Special instruction – IN/OUT.
Memory mapped I/O (PIO).
Interrupts.
DMA.
Virtualization Make IN/OUT and PIO trap into monitor.
Run simulation of I/O device.
Simulation:Interrupt – Tell CPU simulator to generate interrupt.
DMA – Copy data to/from physical memory of virtual machine.
Virtual Machine UsesVirtual Machine Uses
EmulationOne ISA can be used to emulate another.Provides cross-platform portability.
OptimizationEmulators can optimize as they emulate.Also can optimize same ISA to same ISA.
ReplicationA single physical machine can be replicated, providing isolation between the VMs.
CompositionTwo virtual machines can be composed, combining the functionality of each.
Example: Using VMM to enhance Example: Using VMM to enhance securitysecurityProblem Area: Intrusion Detection Systems (IDS).
Trade-offsHost-based IDS (HIDS): + Good visibility to catch intruder.
- Weak isolation from intruder disabling/masking IDS.
Network-based IDS (NIDS):+ Good isolation from attack from intruder.
- Weak visibility can allow intruder to slip by unnoticed.
Would like visibility of HIDS with isolation of NIDS.
Idea: Do it in the virtual machine monitor.
VMM-based Intrusion Detection SystemVMM-based Intrusion Detection System
Strong isolation VMM isolate software in VM from VMM.
Comprise OS in VM can’t disable IDS in VMM.
Introspection – Peer inside at software running in VMVMM can see: Physical memory, registers, I/O device state, etc.
Signature scan of memoryLook through physical memory for patterns or signs of break-in
Interposition – Modify VM abstraction to enhance security
Memory Access EnforcerInterpose on page protection.
NIC Access EnforcerInterpose on virtual network device.
Collective Project: A Compute UtilityCollective Project: A Compute Utility
Distributed system where all software runs in VMsResearch with Prof. Monica Lam and students.
Virtual Appliance abstractionx86 virtual machine.
Target specialized environment (e.g. program development)
Store in a centralized persistent storage repository.
Cached on the machine were virtual appliances run.
Target benefitsSystem administration
Centralize and amortize administration of a virtual appliance.
MobilityComputing environment follows user around.
Virtualizing I/O Devices on VMware Workstation’s Host VMM
Virtualizing the PC PlatformVirtualizing the PC Platform
Several hurdlesNon-virtualizable processor
Some privileged instructions fail silently. (Why is this a problem?) (What’s the solution?)
PC hardware diversityWhy is this problematic for a “classic” VM?
Pre-existing PC softwareMust stay compatible
To address these, VMware uses a hosted VM. (Not a “classic” VM.)
Hosted VMware ArchitectureHosted VMware Architecture
VMware achieves both near-native execution speed and broad device support by transparently switching* between Host Mode and VMM Mode.
Guest OS Applications
Guest Operating System
Host OS Apps
Host OS
PC HardwareDisks Memory CPUNIC
VMware App Virtual Machine
VMware Driver Virtual Machine Monitor
Host Mode VMM Mode
VMware, acting as an application, uses the host to access other devices such as the hard disk, floppy, or network card
The VMware Virtual machine monitor allows each guest OS to directly access the processor (direct execution)
*VMware typically switches modes 1000 times per second
Two WorldsTwo Worlds
VMApp runs in the host, using the VMDriver host kernel component to establish the VMM.
CPU is thus executing in either the host world or the virtual world, using VMDriver to switch worlds.
World switches are expensive, since user and system state must be switched.
Virtualizing the NICVirtualizing the NIC
I/O port operations by guest OS must be intercepted by VMM.
Must then be processed in the VMM (to maintain the virtual state).
Or executed in the host world. (When must it do what?)
Send operations start as a sequence of ops to virtual I/O ports.
Upon finalization of the send, the VMApp issues a host OS syscall to the VMNet driver, which passes it on the real NIC.
Finally requires raising a virtual IRQ to signal completion.
Receive operations operate in reverse.VMApps executes select() syscall on possible sources.
Reads packet, forwards it to VMM which raises a virtual IRQ.
Virtualizing a Network InterfaceVirtualizing a Network Interface
Host OS
PC HardwarePhysical NIC
VMApp
VMDriver
Guest OS
VMM
Phy
sica
l Eth
erne
t
NIC Driver
NIC Driver
Virtual Bridge
Virtual Network Hub
DetailsDetails
SendGuest OS out to I/O port
Trap to VMDriver
Pass to VMApp
Syscall to VMNet
Pass to actual NIC driver
ReceiveHardware IRQ
Actual NIC delivers to VMNet driver
VMNet driver causes VMApp to return from select()
VMApp copies packet to VM memory
VMApp asks VMM to raise virtual IRQ
Guest OS performs port operations to read data
Trap to VMDriver
VMApp returns from ioctl() to raise IRQ
Reducing Network Virtualization OverheadsReducing Network Virtualization Overheads
Handling I/O ports in the VMMMany accesses don’t involve actual I/O.
Let the VMM maintain the state, avoiding a worlds switch.
Send combiningIf data rate is high, queue up packets, send them in a group.
IRQ notificationUse shared memory bitmap rather than requiring VMApp to call select() when an IRQ is received on the host system.
Performance EnhancementsPerformance Enhancements
Reducing CPU virtualization overheadFind operations to the interrupt controller that have memory semantics and replace with MOV operation, which does not require intervention by the VMM.Apparently requires dynamic binary translation.
Modifying the guest OSEliminate idle task page table switching, which is not necessary, since the idle task pages are mapped in every process page table.Run idle task with page table of last process.What would happen if the idle task had a bug and wrote to some random addresses?
Performance EnhancementsPerformance Enhancements
Creating a custom virtual deviceVirtualizing a real device is somewhat inefficient, since the interface to these devices is optimized for real devices, not virtual devices.Designing a custom virtual device can reduce expensive operations.Disadvantage is that must write a new device driver in guest OS for this virtual device.
Modifying the host OSVMNet driver allocates kernel memory sk_buff, then copies from VMApp to sk_buff.Can eliminate copy by using memory from VM physical memory.
Bypassing the host OSVMM uses own drivers, rather than going through the host OS. (Note that going through the host OS is using a kind of process VM provided by the host OS.)Disadvantage is that you have to write your own VMM driver for every supported real device.
SummarySummary
Main goal is to develop some understanding of the issues of hosted system VM performance.
Windows Virtualization Architecture
Mark KiefferGroup Program ManagerWindows Virtualizationmarkkie @ microsoft.comMicrosoft Corporation
Microsoft’s current virtualization offeringsMicrosoft’s current virtualization offerings
Current virtualization uses and benefitsUses for virtualization today
Microsoft’s current virtualization offerings
Windows Virtualization ArchitectureHypervisor
Virtualization stack
Device virtualization
Current Virtualization Uses and BenefitsCurrent Virtualization Uses and Benefits
Workloads that are enabled by virtualizationServer Consolidation
Efficient software development and test
Dynamic data centersResource Management
Application re-hosting
Application compatibility
High availability partitions
Many others
Microsoft’s Current Virtualization OfferingsMicrosoft’s Current Virtualization Offerings
Virtual PC 2004Being deployed in production environments
Application re-hosting
Demos, training, helpdesk
Being deployed in test and dev environmentsMultiple test beds on a single piece of hardware
Virtual Server 2005Released Q4 2004
Well received in the industryUsed for production server consolidation
Remote management of virtual machine operations
Great perf gains and functionality enhancement in SP164-bit host support, PXE support, and others
Microsoft's Next Gen Virtualization ArchitectureMicrosoft's Next Gen Virtualization Architecture
Introducing Windows virtualization for serversHypervisor-based
Separate, small management partition (parent)
Takes device virtualization to the next level
Targeting availability in the Longhorn wave
Definition of a couple of termsParent partition: a partition that manages its children
Child partition: any number of partitions that are started, managed, and shut down by their parent
Virtualization Stack: The collection of components that runs in the parent partition for VM management
Windows Virtualization for ServersWindows Virtualization for Servers
Some proposed features32-bit and 64-bit guests
x64-only hosts
Guest multiprocessing
Virtualized devices
WMI management and control API
Save & restore
Snapshotting
CPU and I/O resource controls
Tuning for NUMA
Dynamic resource addition & removal
Live migration
Will run within a parent partitionStand alone in a small footprint OS (MinWin)
Full Windows OS
Multiple virtualization stacks could co-exist
Virtualization StackVirtualization Stack
Virtualization StackVirtualization Stack
Hypervisor
Parent Partition
VM Service VM Worker Process
VirtualizationInfrastructure
Driver
VM Worker Process
VM Worker Process
VMBusBus Driver
• Collection of user-mode & kernel-mode components
• Runs within a partition on top of a (minimal) OS• Contains all VM support not in the hypervisor
• Interacts with hypervisor• Calls the hypervisor to perform certain actions• Responds to messages from the hypervisor or from
other partitions
• Creates and manages a group of “child partitions”
• Manages memory for child partitions• Virtualizes devices for child partitions
• Exposes a management interface
• Collection of user-mode & kernel-mode components
• Runs within a partition on top of a (minimal) OS• Contains all VM support not in the hypervisor
• Interacts with hypervisor• Calls the hypervisor to perform certain actions• Responds to messages from the hypervisor or from
other partitions
• Creates and manages a group of “child partitions”
• Manages memory for child partitions• Virtualizes devices for child partitions
• Exposes a management interface
Child Partition 1 Child Partition 2
Hypervisor API & Message Library
WMI Provider
WMI Value PropositionWMI Value Proposition
WMI is the interface that applications use to manage all aspects of Windows virtualization services
WMI is consumer agnosticCan be accessed remotely by WS-Management,
Programmable via C++, WSH, .NET
Hardware manufacturers benefit from understanding WMIUnderstand how their hardware can participate within overall Windows virtualization services manageability
Device VirtualizationDevice Virtualization
Provides a method for sharing hardware efficiently
Physical devices are still managed by their device drivers
DefinitionsVirtualization Service Providers (VSPs) & Clients (VSCs)
VSP = provider, VSC = consumer
VSP typically run in a partition that “owns” a hardware resource
VSP/VSC pair per device type (storage, network, etc.)
May expose bandwidth resource controls
Protocol is specific to device type, but is generally OS-agnostic
Device VirtualizationDevice Virtualization
Standard VSPs
Storage: parses VHDs, supports difference drive chains
Network: provides virtualized network mechanism
Video: 2D for servers
USB: allows a USB device to be assigned to a partition
Input: keyboard & mouse
Time: virtualization for RTC hardware
Device VirtualizationDevice Virtualization
DiskDisk
HypervisorHypervisor
Storage VSP
Storage VSP
VMBusVMBus VMBusVMBus
• Physical devices• Managed by traditional driver stacks
• Virtualization service providers (VSPs)• Virtualize a specific class of device (e.g.
networking, storage, etc.)• Expose an abstract device interface• Run within the partition that owns the
corresponding physical device
• Virtualization service clients (VSCs)• Consume virtualized hardware service
• VMBus• Software “bus” (enumeration, hot plug,
etc.)• Enables VSPs and VSCs to communicate
efficiently• Uses memory sharing and hypervisor IPC
messages
• Physical devices• Managed by traditional driver stacks
• Virtualization service providers (VSPs)• Virtualize a specific class of device (e.g.
networking, storage, etc.)• Expose an abstract device interface• Run within the partition that owns the
corresponding physical device
• Virtualization service clients (VSCs)• Consume virtualized hardware service
• VMBus• Software “bus” (enumeration, hot plug,
etc.)• Enables VSPs and VSCs to communicate
efficiently• Uses memory sharing and hypervisor IPC
messages
Storage Stack
Storage Stack
Port DriverPort
Driver
Storage Stack
Storage Stack
Storage VSC
Storage VSC
Parent Partition
Windows EnlightenmentsWindows Enlightenments
EnlightenmentsModifications to an OS to make it aware that it’s running within a VM
Windows codenamed “Longhorn” enlightenmentsOptimizations in memory manager (MM)
Win32 and kernel API: Am I running on a virtual machine?
Looking at additional enlightenments in the future
Some System RequirementsSome System Requirements
Must support hardware virtualizationIntel’s Virtualization Technology
AMD’s “Pacifica”
We are not planning on supporting any other implementations
Must support x64 extensions
Microkernels Meet Recursive Virtual Machines
Ford et al
DecompositionDecomposition
Microkernels decompose functionality horizontally (mainly).
Monolithic services separated horizontally.
Moved up one layer.
Stackable VMMs decompose functionality vertically.
Each layer supplies some functionality.
FlukeFluke
Uses a nested process architecture.Each process provides a VM to its children, possibly with additional functionality.Different from usual parent-child in that children are completely contained within and visible to parent.This is necessary for the parent to be a VM to its children.
Two APIsLow-level kernel API to microkernel for basic manipulationHigh-level protocols to handle:
Parent InterfaceProcessMemPoolFileSystem
Nested VMs interact directly with microkernel for the low-level API, but interact with the parent VM for high-level protocols.Parent VM will use interposition to add additional functionality. This is how the stacking works.
Key IdeasKey Ideas
Implement a microkernel that allows process virtual machines to be stacked.
Each virtual machine is a user-level server.
Stacking occurs through process nesting.
Use pass-through to avoid exponential behavior.
Mainly interesting for the ideas, performance is relatively poor, but may be improvable.