Changes

This Throughout this book uses the term ''Virtualization'' in is used within the context of running multiple operating systems on a single physical computer systemusing Xen technology. As suchIt is important, however, the term does not refer to appreciate that virtualization actually a single technology, but rather "catch all" term that refers to a group variety of techniques different approaches and technologies , of which achieve operating system virtualization using a variety Xen is but one of different approachesmany.

As outlined in the above diagram, the guest operating systems operate in virtual machines with in within the virtualization application which in turn runs on top of the host operating system in the same way as any other application. Clearly, the multiple layers of abstraction between the guest operating systems and the underlying host hardware are not conducive to high levels of virtual machine performance. This technique does, however, have the advantages that no changes are necessary to either host or guest operating systems and no special CPU hardware virtualization support is required.

Shared kernel virtualization (also known as system level or operating system virtualization) takes advantage of the architectural design of Linux and UNIX based operating systems. In order to understand how shared kernel virtualization works it helps to first understand the two main components of Linux or UNIX operating systems. At the core of the operating system is the ''kernel''. The kernel (, in simplistic simple terms) , handles all the interactions between the operating system and the physical hardware. The second key component is the ''root filesystem'' which contains all the libraries, files and utilities necessary for the operating system to function. Under shared kernel virtualization the virtual operating systems each have their own ''root filesystem'' but share the kernel of the host operating system. This structure is illustrated in the following architectural diagram:

Virtualization This type of virtualization is made possible by the ability of the kernel to dynamically change the current root filesystem (a concept known as ''chroot'') to a different root filesystem without having to reboot the entire system. Essentially, shared kernel virtualization is an extension of this capability which allows multiple instances of an operating system to run on a single physical host. Perhaps the biggest single draw back of this form of virtualization is the fact that the guest operating systems must be compatible with the version of the kernel which is being shared. It is not, therefore, possible to run Windows as a guest on a Linux system using the shared kernel approach. Nor is it possible for a Linux guest system designed for the 2.6 version of the kernel to share a 2.4 version kernel.

Under kernel level virtualization the host operating system runs on a specially modified kernel is responsible for running which contains extensions designed to manage and controlling the various control multiple guest opearting systems running virtual machines. Guest Unlike shared kernel virtualization each guest runs its own kernel although similar restrictions apply in that the guest operating systems must have been compiled for the same hardware as the kernel in which they are running. Examples of kernel level virtualization technologies include user Mode Linux (UML) and KVM.

Under hypervisor virtualization The x86 family of CPUs provide a program range of ''protection levels'' also known as a hypervisor runs directly on ''rings'' in which code can execute. Ring 0 has the hardware highest level privilege and it is this ring which which the kernel of the host operating systemruns. The task of the hypervisor Code executing in ring 0 is said to handle protected and privileged CPU requests from the virtual machines and also to act running in ''system space'', ''kernel mode'' or ''supervisor mode''. All other code such as an intermediary between applications running on the hardware resources and the virtual machinesoperating system typically run in ring 3.

In addition to the virtual machines, an administrative operating system and/or management console also Under hypervisor virtualization a program known as a hypervisor runs directly on top the hardware of the host system in ring 0. The task of this hypervisor allowing is to handle resource allocation for the virtual machines in addition to be managedadministration and monitoring interfaces.

At Clearly, with the time hypervisor occupying ring 0 of writing there the CPU, the kernels for any guest operating systems running on the system must run in unprivileged CPU rings. Unfortunately, most operating system kernels are three written to run in ring 0 for the simple reason that they need to perform tasks that are only available in that ring such as the ability to execute privileged CPU instructions and directly manipulate memory. A number of different types solutions to this problem has been devised in recent years, each of hypervisor based virtualizationwhich is described below:

- '''Paravirtualization''' - Under paravirtualization the guest operating systems must be kernels are modified specifically to run on the hypervisor. This typically involves replacing any code that will only run in ring 0 of the CPU with calls to the hypervisor (known as ''hypercalls''). The hypervisor in turn performs the task on behalf of the guest kernel. This typically limits support to open source operating systems such as Linux and proprietary operating systems where the respective owners have agreed to target a specific hypervisor. The These issues not withstanding, the ability of the guest system kernel to communicate directly with the hypervisor results in greater performance levels than other virtualization approaches.

- '''Full Virtualization''' - Full virtualization provides support for unmodifed unmodified guest operating systems. The term ''unmodified'' refers to operating system kernels which have not be altered to run on a hypervisor and therefore still execute privileged operations as though running in ring 0 of the CPU. In this scenario, the hypervisor provides CPU emulation to handle and modify privileged and protected CPU operations made by unmodified guest operating systemssystem kernels. As a result of Unfortunately this emulation the process requires both time and system resources to operate resulting in inferior performance levels are lower than when compared to those provided by paravirtualization.