Difference between revisions of "An Overview of Virtualization Techniques"

Revision as of 17:52, 1 June 2008

Throughout this book the term Virtualization is used within the context of running multiple operating systems on a single physical computer system using Xen technology. It is important, however, to appreciate that virtualization actually a "catch all" term that refers to a variety of different approaches and technologies, of which Xen is but one of many.

When deciding on the best approach to implementing virtualization it is important to have a clear understanding of the different virtualization solutions which are currently available. The purpose of this chapter, therefore, is to describe in general terms the four virtualization techniques in common use today, namely guest operating system, shared kernel, hypervisor and kernel level.

Guest Operating System Virtualization

Guest OS virtualization is perhaps the easiest concept to understand. In this scenario the physical host computer system runs a standard unmodified operating system such as Windows, Linux, Unix or MacOS X. Running on this operating system is a virtualization application which executes in much the same way as any other application such as a word processor or spreadsheet would run on the system. It is within this virtualization application that one or more virtual machines are created to run the guest operating systems on the host computer. The virtualization application is responsible for starting, stopping and managing each virtual machine and essentially controlling access to physical hardware resources on behalf of the individual virtual machines. Some examples of guest OS virtualization technologies include VMWare Server and VirtualBox.

The following figure provides an illustration of guest OS based virtualization:

As outlined in the above diagram, the guest operating systems operate in virtual machines within the virtualization application which in turn runs on top of the host operating system in the same way as any other application. Clearly, the multiple layers of abstraction between the guest operating systems and the underlying host hardware are not conducive to high levels of virtual machine performance. This technique does, however, have the advantages that no changes are necessary to either host or guest operating systems and no special CPU hardware virtualization support is required.

Shared Kernel Virtualization

Shared kernel virtualization (also known as system level or operating system virtualization) takes advantage of the architectural design of Linux and UNIX based operating systems. In order to understand how shared kernel virtualization works it helps to first understand the two main components of Linux or UNIX operating systems. At the core of the operating system is the kernel. The kernel, in simple terms, handles all the interactions between the operating system and the physical hardware. The second key component is the root filesystem which contains all the libraries, files and utilities necessary for the operating system to function. Under shared kernel virtualization the virtual operating systems each have their own root filesystem but share the kernel of the host operating system. This structure is illustrated in the following architectural diagram:

This type of virtualization is made possible by the ability of the kernel to dynamically change the current root filesystem (a concept known as chroot) to a different root filesystem without having to reboot the entire system. Essentially, shared kernel virtualization is an extension of this capability. Perhaps the biggest single draw back of this form of virtualization is the fact that the guest operating systems must be compatible with the version of the kernel which is being shared. It is not, therefore, possible to run Windows as a guest on a Linux system using the shared kernel approach. Nor is it possible for a Linux guest system designed for the 2.6 version of the kernel to share a 2.4 version kernel.

Linux VServer, Solaris Zones and Containers, FreeVPS and OpenVZ are all examples shared kernel virtualization solutions.

Kernel Level Virtualization

Under kernel level virtualization the host operating system runs on a specially modified kernel which contains extensions designed to manage and control multiple guest opearting systems running virtual machines. Unlike shared kernel virtualization each guest runs its own kernel although similar restrictions apply in that the guest operating systems must have been compiled for the same hardware as the kernel in which they are running. Examples of kernel level virtualization technologies include user Mode Linux (UML) and KVM.

The following diagram provides an overview of the kernel level virtualization architecture:

Hypervisor Virtualization

The x86 family of CPUs provide a range of protection levels also known as rings in which code can execute. Ring 0 has the highest level privilege and it is this ring which which the kernel of the operating system runs. Code executing in ring 0 is said to running in system space, kernel mode or supervisor mode. All other code such as applications running on the operating system typically run in ring 3.

Under hypervisor virtualization a program known as a hypervisor runs directly on the hardware of the host system in ring 0. The task of this hypervisor is to handle resource allocation for the virtual machines in addition to administration and monitoring interfaces.

Clearly, with the hypervisor occupying ring 0 of the CPU, the kernels for any guest operating systems running on the system must run in unprivileged CPU rings. Unfortunately, most operating system kernels are written to run in ring 0 for the simple reason that they need to perform tasks that are only available in that ring such as the ability to execute privileged CPU instructions and directly manipulate memory. A number of different solutions to this problem has been devised in recent years, each of which is described below:

- Paravirtualization - Under paravirtualization the guest kernels are modified specifically to run on the hypervisor. This typically involves replacing any code that will only run in ring 0 of the CPU with calls to the hypervisor (known as hypercalls). The hypervisor in turn performs the task on behalf of the guest kernel. This typically limits support to open source operating systems such as Linux and proprietary operating systems where the owners have agreed to target a specific hypervisor. These issues not withstanding, the ability of the guest kernel to communicate directly with the hypervisor results in greater performance levels than other virtualization approaches.

- Full Virtualization - Full virtualization provides support for unmodified guest operating systems. The term unmodified refers to operating system kernels which have not be altered to run on a hypervisor and therefore still execute privileged operations as though running in ring 0 of the CPU. In this scenario, the hypervisor provides CPU emulation to handle and modify privileged and protected CPU operations made by unmodified guest operating system kernels. Unfortunately this emulation process requires both time and system resources to operate resulting in inferior performance levels when compared to those provided by paravirtualization.

- Hardware Virtualization - Hardware virtualization is a hypervisor based solution that leverages Intel VT and AMD-V CPU virtualization support, using features of these technologies to handle any privileged and protected CPU operations of unmodified guests.

In addition to the virtual machines, an administrative operating system and/or management console also runs on top of the hypervisor allowing the virtual machines to be managed.

The following figure illustrates the hypervisor approach to virtualization:

Hypervisor based virtualization solutions include Xen and Microsoft's Hyper-V technology.