Full Virtualization is a technique that provides entire simulation of the underlying hardware. Certain protected instructions must be trapped and handled by the VMM (Virtual Machine Monitor) because the guest OS believes that it owns the hardware but in fact the hardware is shared through the VMM. To overcome this, binary translation is employed which translates the kernel code so that instructions that cannot be virtualized are replaced with new instructions that will have the same effect on the virtual hardware (VMware, 2007b). Another technique used in Full Virtualization is direct execution, in which the user level code is executed directly on the processor so that higher performance can be achieved. This approach is shown in Figure 1.
A result of this approach is the Guest OS is fully abstracted from the underlying hardware by the virtualization layer, therefore the Guest OS does not know that it is being virtualized and thus, it does not need any modifications (Figure 1). Full virtualization is the only out of the server virtualization techniques that does not require hardware or operating system assistance because the VMM translates all the instructions and it allows the user level applications to run unmodified at native speed. (VMware, 2007b)
- Full virtualization provides complete isolation of the virtual machines
- Operating systems can be installed without any modification
- Provides near-native CPU and memory performance
- It offers flexibility because many different operating systems and versions from different vendors can be installed and run.
- Because the guest OS remains unmodified, migration and portability is very easy.
- Requires the correct combination of hardware and software elements
- Performance can be affected because of the trap-and-emulate techniques of x86 protected instructions.
Paravirtualization is the virtualization technique in which the guest OS is modified so that it can communicate with the hypervisor (VMM). In paravirtualization the kernel of the OS is modified to replace instructions that cannot be virtualised with hypercalls that can communicate directly with the virtualization layer hypervisor (VMware, 2007b). The hypervisor also provides hypercall interfaces for other critical kernel operations such as memory management and interrupt handling. In this technique some but not all of the underlying hardware are simulated.
The guest OS in paravirtualization knows that it is being virtualised in contrast to full virtualization and therefore it achieves greater performance than full virtualization because the guest OS communicates directly with the hypervisor so overheads needed for emulation are reduced. Figure 2 shows how paravirtualization is implemented for the x86 architecture.
- Easier to implement than full virtualization where no hardware assistance is available.
- Greater performance because overheads from emulation are reduced.
- Modification required for the guest OS
- The modification of the guest OS results in poor portability and compatibility.
Operating System Level Virtualization
In Operating System level Virtualization, an operating system environment is presented which can be fully or partially isolated from the host operating system. This type of virtualization can be either part of the operating system such as the Solaris containers or it can be installed on top of an operating system. What differentiates this technique so much from the other approaches is the fact that all virtual machines share a single copy of the operating system kernel.
This approach is based on the chroot concept of the Unix-based operating systems. During the boot process, the system kernel can use the chroot mechanism to mount a different filesystem as its final root filesystem. This approach takes this concept a step further by allowing the system to start virtual servers with their own processes that are executed based on their own root filesystems. Each virtual machine is confined within its own root filesystem and does not have access outside of that filesystem. Figure 3 illustrates the concept of Operating System level Virtualization.
- Because a single instance of an operating system is shared between the virtual machines, operating system virtualization is lighter so a bigger number of virtual servers can be hosted on the same machine.
- Administration is easier because once the host machine is patched all the virtual machines get patched as well.
- Great compatibility because if the host OS is supported then all the virtual machines are supported. Any device used on the host can be used on the virtual machines as well.
- A kernel or driver problem can bring down all the virtual machines.
- No support for mixed OS. Windows cannot be run simultaneously with Linux.
- Virtual machines are not as isolated or secure as with the other approaches.
- Identifying the sources of high resource loads can be very difficult.
- Limiting the resource consumption per guest can be very difficult.
Native Virtualization can be called hardware-assisted virtualization or hybrid virtualization. This approach is very similar to full virtualization and paravirtualization in the aspect that it uses a hypervisor but it can only be used on systems that provide hardware support for virtualization. Virtual machines in native virtualization can run unmodified guest operating systems because the hypervisor can use the hardware's support for virtualization to handle all the privileged and protected operations as well as the hardware access requests. This technique is called hybrid sometimes because it basically is a combination of full virtualization and paravirtualization that uses I/O acceleration techniques.
This is the newest approach of all the virtualization techniques because hardware support for virtualization was not available until 2007 when Intel and AMD released their latest generation of CPUs called Intel VT and AMD-V respectively.
Conclusion - Significance of Hardware Assistance
Virtualization has been dramatically improved following the introduction of new generation of processors from Intel and AMD. These processors allow the guest OS to have direct access to the hardware without sharing the control of it. Without this assistance the hypervisor had to emulate the hardware to the guest OS while keeping in control of the hardware. With the introduction of these technologies no emulation is needed nor modification of the guest OS. As a result, compatibility, portability and performance have been dramatically improved taking virtualization to a new era and allowing even small organizations to consolidate their infrastructure, lower their IT costs and achieve higher levels of availability.
Simplex is a Cyprus-based company operating in the area of ICT (Information and Communication Technologies). Among others, Simplex is a Cyprus VMWare Professional Partner and specializes in establishing virtual infrastructures that help organizations reduce hardware costs, increase energy efficiency and in general, lower IT Total Cost of Ownership (TCO) while at the same time increasing availability.
More information is available at www.simplex.com.cy