Changes

Throughout this book the word ''virtualization'' is used within the context of running using Xen technology to run multiple operating systems on a single physical computer system using Xen technology. It is important, however, to appreciate this virtualization is actually a "catch all" term that refers to a variety of different solutions and technologies, of which Xen is only one.

Guest OS virtualization is perhaps the easiest concept to understand. In this scenario the physical host computer system runs a standard unmodified operating system such as Windows, Linux, Unix or MacOS X. Running on this operating system is a virtualization application which executes in much the same way as any other application such as a word processor or spreadsheet would run on the system. It is within this virtualization application that one or more virtual machines are created to run the guest operating systems on the host computer. The virtualization application is responsible for starting, stopping and managing each virtual machine and essentially controlling access to physical hardware resources on behalf of the individual virtual machines. Some examples of guest OS virtualization technologies include VMWare VMware Server and VirtualBox.

This type of virtualization is made possible by the ability of the kernel to dynamically change the current root filesystem (a concept known as ''chroot'') to a different root filesystem without having to reboot the entire system. Essentially, shared kernel virtualization is an extension of this capability. Perhaps the biggest single draw back of this form of virtualization is the fact that the guest operating systems must be compatible with the version of the kernel which is being shared. It is not, thereforefor example, possible to run Microsoft Windows as a guest on a Linux system using the shared kernel approach. Nor is it possible for a Linux guest system designed for the 2.6 version of the kernel to share a 2.4 version kernel.

Under kernel level virtualization the host operating system runs on a specially modified kernel which contains extensions designed to manage and control multiple virtual machines each containing a guest operating system. Unlike shared kernel virtualization each guest runs its own kernel, although similar restrictions apply in that the guest operating systems must have been compiled for the same hardware as the kernel in which they are running. Examples of kernel level virtualization technologies include user User Mode Linux (UML) and Kernel-based Virtual Machine (KVM).

The x86 family of CPUs provide a range of ''protection levels'' also known as ''rings'' in which code can execute. Ring 0 has the highest level privilege and it is in this ring in that the the operating system kernel normally runs. Code executing in ring 0 is said to running in ''system space'', ''kernel mode'' or ''supervisor mode''. All other code such as applications running on the operating system operate in less privileged rings, typically ring 3.

Under hypervisor virtualization a program known as a ''hypervisor'' (also known as a type 1 Virtual Machine Monitor or VMM) runs directly on the hardware of the host system in ring 0. The task of this hypervisor is to handle resource and memory allocation for the virtual machines in addition to providing interfaces for higher level administration and monitoring interfacestools.

Clearly, with the hypervisor occupying ring 0 of the CPU, the kernels for any guest operating systems running on the system must run in unprivileged less privileged CPU rings. Unfortunately, most operating system kernels are written explicitly to run in ring 0 for the simple reason that they need to perform tasks that are only available in that ring such as the ability to execute privileged CPU instructions and directly manipulate memory. A number of different solutions to this problem have been devised in recent years, each of which is described below:

Under paravirtualization the kernel of the guest operating system is modified specifically to run on the hypervisor. This typically involves replacing any privileged operations that will only run in ring 0 of the CPU with calls to the hypervisor (known as ''hypercalls''). The hypervisor in turn performs the task on behalf of the guest kernel. This typically limits support to open source operating systems such as Linux which may be freely altered and proprietary operating systems where the owners have agreed to make the necessary code modifications to target a specific hypervisor. These issues not withstanding, the ability of the guest kernel to communicate directly with the hypervisor results in greater performance levels than other virtualization approaches.

Hardware virtualization leverages virtualization features built into the latest generations of CPUs from both Intel and AMD. These technologies, known as Intel VT and AMD-V respectively, provide extensions necessary to run unmodified guest virtual machines without the overheads inherent in the emulation performed during full virtualization. In addition to the virtual machines, an administrative operating system and/or management console also runs on top of the hypervisor allowing the virtual machines to be managedCPU emulation.