3

VIRTUALIZATION

Unit Structure
3.0 Objective
3.1 Introduction
3.2 Major Components of Virtualization Environment
3.2.1 Characteristics of Virtualization
3.3 Taxonomy of virtualization techniques
3.3.1 Execution virtualization
3.3.2 Machine reference model
3.3.2.1 Instruction Set Architecture (ISA)
3.3.2.2 Application Binary Interface
3.4 Security Rings and Privileged Mode
3.4.1 Ring 0 (most privileged) and 3 (least privileged)
3.4.2 Rings 1 and 2
3.5 Hardware-level virtualization
3.6 Hypervisors
3.6.1 Type 1 Hypervisor
3.6.2 Type 2 Hypervisor
3.6.3 Choosing the right hypervisor
3.6.7 Hypervisor Reference Model
3.7 Hardware virtualization techniques
3.7.1 Advantages of Hardware-Assisted Virtualization
3.8 Full virtualization
3.9 Paravirtualization
3.10 Programming language-level virtualization
3.10.1 Application-level virtualization
3.11 Other types of
virtualization
3.11.1 Storage virtualization
 3.11.2 Network Virtualization
3.11.3 Desktop virtualization
3.11.4 Application server virtualization
3.12 Virtualization and cloud computing
3.12.1 Pros and cons of
virtualization
3.12.1.1Advantages of
virtualization
3.12.1.2 Disadvantages of virtualization
3.13 Technology examples
3.13.1 Xen: paravirtualization
3.13.2 VMware: full virtualization
3.13.3 Full Virtualization and Binary Translation
3.13.4 Virtualization solutions
3.13.5 End-user (desktop) virtualization
3.13.6 Server virtualization
3.14 Microsoft
Hyper-V
3.14.1 Architecture
3.15 Summary
3.16 Unit End Questions
3.17 Reference for further reading

3.0OBJECTIVE

Virtualization abstracts hardware that can share

common resources with multiple workloads. A variety
of workloads can be co-located on shared virtualized
hardware while maintaining complete insulation,
migrating freely through the infrastructures and scaling,
when required.
Businesses are generating considerable assets and
efficiency through virtualization, as this results in
enhanced server usage and consolidation, dynamic
assignment and management of resources, isolation of
working loads, security and automation. The
virtualization enables self-provision on-demand
services and software-defined resource orchestration,
which is available on-site or off-site to any place in a
hybrid cloud, according to specific business needs.

3.1INTRODUCTION

 Virtualization refers to the act of creating a virtual

(rather than actual) version of something, including
virtual computer hardware platforms, storage
devices, and computer network resources.
 Virtualization is a large umbrella of technologies and
concepts that are meant to provide an abstract
environment whether virtual hardware or an
operating system to run applications.
 Virtualization technologies provide a virtual
environment for not only executing applications but
also for storage, memory, and networking.
 So, its inception, virtualization has been sporadically
explored and adopted, but in the last few years there
has been a consistent and growing trend to leverage
this technology.
 This technology have gained renewed interested
recently due to the confluence of some phenomena:
1. Increased performance and computing capacity:
Almost all these PCs have resources enough to host a
virtual machine manager and execute a virtual
machine with by far acceptable performance.
Nowadays, the average end-user desktop PC is
powerful enough to meet most the requirements of
everyday computing, with extra capacity that is
rarely used.
 Nowadays, the average end-user desktop PC is
powerful enough to meet almost all the needs of
everyday computing, with extra capacity that is
rarely used. Almost all these PCs have resources
enough to host a virtual machine manager and
execute a virtual machine with by far acceptable
performance. The same consideration applies to the
high-end side of the PC market, where
supercomputers can provide immense compute
power that can accommodate the execution of
hundreds or thousands of virtual machines.
2. Underutilized hardware and software resources:
Hardware and software underutilization are occurring
due to first increased performance and computing
capacity, and second the effect of limited or sporadic
use of resources.
Computers today are so powerful that in most cases
only a fraction of their capacity is used by an
application or the system. Moreover, if we consider
the IT infrastructure of an enterprise, many
computers are only partially utilized whereas they
could be used without interruption on a 24/7/365
basis. For example, desktop PCs mostly devoted to
office automation tasks and used by administrative
staff are only used during work hours, remaining
completely unused overnight. Using these resources
for other purposes after hours could improve the
efficiency of the IT infrastructure. To transparently
provide such a service, it would be necessary to
deploy a completely separate environment, which
can be achieved through virtualization.
3. Lack of space: The continuous need for additional
capacity, whether storage or compute power, makes
data centers grow quickly.
Companies such as Google and Microsoft expand
their infrastructures by building data centers as large
 as football fields that are able to host thousands of
nodes. Although this is viable for IT giants, in most
cases enterprises cannot afford to build another data
center to accommodate additional resource capacity.
This condition, along with hardware underutilization,
has led to the diffusion of a technique called server
consolidation, for which virtualization technologies
are fundamental.
4. Greening initiatives: Recently, companies are
increasingly looking for ways to reduce the amount
of energy they consume and to reduce their carbon
footprint.
Data centers are one of the major power consumers;
they contribute consistently to the impact that a
company has on the environment. Maintaining a data
center operation not only involves keeping servers
on, but a great deal of energy is also consumed in
keeping them cool. Infrastructures for cooling have a
significant impact on the carbon footprint of a data
center. Hence, reducing the number of servers
through server consolidation will definitely reduce
the impact of cooling and power consumption of a
data center. Virtualization technologies can provide
an efficient way of consolidating servers.
5. Rise of administrative costs: Power consumption
and cooling costs have now become higher than the
cost of IT equipment. Virtualization can help reduce
the number of required servers for a given workload,
thus reducing the cost of the administrative
personnel.
Moreover, the increased demand for additional
capacity, which translates into more servers in a data
center, is also responsible for a significant increment
in administrative costs. Computers—in particular,
servers—do not operate all on their own, but they
require care and feeding from system administrators.
 Common system administration tasks include
hardware monitoring, defective hardware
replacement, server setup and updates, server
resources monitoring, and backups. These are labor-
intensive operations, and the higher the number of
servers that have to be managed, the higher the
administrative costs.
These can be considered the major causes for the
diffusion of hardware virtualization solutions as well
as the other kinds of virtualization.
Benefits of Virtualization
 Increase IT, agility, flexibility and scalability
whereas creating significant cost savings.
 Greater workload mobility, raised performance and
availability of resources, automated operations.
 Reduced capital and operating prices.
 Minimized or eliminated downtime
 Increased IT productivity, efficiency, agility and
responsiveness
 Faster provisioning of applications and resources.
 Greater business continuity and disaster recovery.
 Simplified data center management.
 Availability of a real Software-Defined Data Center.

3.2 COMPONENTS OF VIRTUALIZED

ENVIRONMENTS
Virtualization is a broad concept that refers to the
creation of a virtual version of something, whether
hardware, a software environment, storage, or a
network. In a virtualized environment there are three
major components: guest, host, and virtualization layer.
The guest represents the system component that
interacts with the virtualization layer rather than with
the host, as would normally happen. The host
represents the original environment where the guest is
supposed to be managed.

1.GUEST:
As usual, the guest denotes the system component
interacting with the virtualization layer instead with the
host machine. Usually, one or more virtual disk and
VM definition files are presented to guests. A host
application which looks and manages every virtual
machine as a different application is centrally operated
by virtual machines.

2.Hosts:
The host is the original environment in which the guest
is to be managed. Each host uses the common
resources that the host gives to each guest. The OS
works as a host and manages the physical management
of resources and the support of the device.

3.Virtualization Layer
The virtualization layer ensures that the same or
different environment where the guest operates is
recreated. It is an extra layer of abstract between the
hardware, the computing and the application running in
the network and storage. It usually helps to operate a
single operating system per machine which, compared
with virtualization, is very inflexible.

3.3 Characteristics of Virtualization

A. Increased Security
 The ability to control the execution of a guest in a
completely transparent manner opens new
possibilities for delivering a secure, controlled
execution environment.
 The virtual machine represents an emulated
environment in which the guest is executed.
 All the operations of the guest are generally
performed against the virtual machine, which then
translates and applies them to the host. This is the
level of indirection allows the virtual machine
manager to control and filter the activity of the guest,
thus preventing some harmful operations from being
performed.
 Resources exposed by the host can then be hidden or
simply protected from the guest.
 Increased security is a requirement when dealing
with untrusted code.
 Example1: In Cuckoo sandboxes environment,
untrusted code can be evaluated. In the term
sandbox, the instructions may be filtered and
blocked in the isolated execution environment before
translating and executing in the actual execution
environment.
 Example2: The Java Virtual Machine (JVM)
 expression sandboxed means a particular JVM
configuration where instructions that are regarded as
possibly harmful can be blocked through a security
policy.
B. Managed Execution
 In particular, the most important features are sharing,
aggregation, emulation and isolation.

Figure: Functions enabled by managed execution

1. Sharing: Virtualization makes it possible to create a

separate computing environment in the same host.
This common function reduces the number of active
servers and reduces energy consumption.
2. Aggregation: Not only is it possible to share
physical resource among several guests, but
virtualization also allows aggregation, which is the
opposite process. A group of separate hosts can be
tied together and represented to guests as a single
virtual host. This function is naturally implemented in
middleware for distributed computing, with a
classical example represented by cluster management
software, which harnesses the physical resources of a
homogeneous group of machines and represents them
as a single resource.
3. Emulation: Guest programs are executed within an
environment that is controlled by the virtualization
 layer, which ultimately is a program. This allows for
controlling and tuning the environment that is
exposed to guests. For instance, a completely
different environment with respect to the host can be
emulated, thus allowing the execution of guest
programs requiring specific characteristics that are
not present in the physical host.
4. Isolation: Virtualization allows providing guests,
whether they are operating systems, applications, or
other entities with a completely separate environment,
in which that they are executed. Isolation brings
several benefits, for instance, first is it allows multiple
guests to run on the same host without interfering
with each other. Second, it provides a separation
between the host and the guest.

C. Portability
 The concept of portability applies in various ways
according to the specific type of virtualization
considered.
 In the case of a hardware virtualization solution, the
guest is packaged into a virtual image which, in most
cases, can be safely moved and executed on top of
different virtual machines.
 Except for the file size, this happens with the same
simplicity with which we can display a picture image
in different computers.
 Virtual images are generally proprietary formats that
require a specific virtual machine manager to be
executed.
 In the case of programming-level virtualization, as
implemented by the JVM or the .NET runtime, the
binary code representing application components
(jars or assemblies) can be run without any
recompilation on any implementation of the
corresponding virtual machine.
3.4 TAXONOMY OF VIRTUALIZATION TECHNIQUES

 Virtualization covers a wide range of emulation

techniques that are applied to distinct areas of
computing.
 A classification of these techniques helps us better
understand their characteristics and use.
 First classification discriminates against the service
or entity that is being emulated.
 Virtualization is mainly used to emulate execution
environments, storage and networks.
 These categories, execution virtualization constitutes
the oldest, most popular, and most developed area.
 Process-level techniques are implemented in
addition to an existing operating system with full
hardware control.
 System levels technique are carried out directly on
hardware and require no support from an existing
operating system, or require limited support.
 In these two categories, we can outline different
methods providing guests a different virtual
computing environment: bare hardware, the
resources of operating systems, low level
programming language and the application libraries.

3.4.1 Execution virtualization

 Execution virtualization includes all techniques
which aim to perform an execution environment that
is separate from the one hosting the virtualization
layer.
 These techniques concentrate their interest on
providing support for the execution of programs,
whether these are the operating system, a binary
specification of a program compiled against an
abstract machine model, or an application.
 Hence, execution virtualization can be implemented
directly on top of the hardware by the operating
system, an application, or libraries dynamically or
statically linked to an application image.

Figure: Taxonomy of Virtualization Technique

3.4.1.1 Machine reference model

 Virtualizing an execution environment at different
levels of the computing stack requires a reference
model that defines the interfaces between the levels
of abstractions, which hide implementation details.
 From this perspective, virtualization techniques
actually replace one of the layers and intercept the
calls that are directed toward it. Therefore, a clear
separation between layers simplifies their
implementation, which only requires the emulation
of the interfaces and a proper interaction with the
underlying layer.
 Modern computing systems can be expressed in
terms of the reference model described in Figure. At
the bottom layer, the model for the hardware is
expressed in terms of the Instruction Set Architecture
(ISA), which defines the instruction set for the
processor, registers, memory, and interrupt
management.
 ISA is the interface between hardware and software,
and it is important to the operating system (OS)
developer (System ISA) and developers of
applications that directly manage the underlying
hardware (User ISA).
 The application binary interface (ABI) separates the
operating system layer from the applications and
libraries, which are managed by the OS.
 ABI covers details such as low-level data types,
alignment, and call conventions and defines a format
for executable programs. System calls are defined at
this level. This interface allows portability of
applications and libraries across operating systems
that implement the same ABI.
 The highest level of abstraction is represented by the
application programming interface (API), which
interfaces applications to libraries and/or the
 underlying operating system.
 The first distinction can be made between privileged
and nonprivileged instructions.
 Nonprivileged instructions are those instructions that
can be used without interfering with other tasks
because they do not access shared resources. This
category contains, for example, all the floating,
fixed-point, and arithmetic instructions.
 Privileged instructions are those that are executed
under specific restrictions and are mostly used for
sensitive operations, which expose (behavior-
sensitive) or modify (control-sensitive) the
privileged state. For instance, behavior-sensitive
instructions are those that operate on the I/O,
whereas control-sensitive instructions alter the state
of the CPU registers.

Figure: Security Rings & Privilege Modes

 For instance, a possible implementation features a

hierarchy of privileges in the form of ring-based
security: Ring 0, Ring 1, Ring 2, and Ring 3; Ring 0
is in the most privileged level and Ring 3 in the least
privileged level. Ring 0 is used by the kernel of the
 OS, rings 1 and 2 are used by the OS-level services,
and Ring 3 is used by the user. Recent systems
support only two levels, with Ring 0 for supervisor
mode and Ring 3 for user mode.
 All the current systems support at least two different
execution modes: supervisor mode and user mode.
 The first mode denotes an execution mode in which
all the instructions (privileged and nonprivileged)
can be executed without any restriction. This mode,
also called master mode or kernel mode, is generally
used by the operating system (or the hypervisor) to
perform sensitive operations on hardware level
resources.
 In user mode, there are restrictions to control the
machine-level resources. If code running in user
mode invokes the privileged instructions, hardware
interrupts occur and trap the potentially harmful
execution of the instruction. Despite this, there might
be some instructions that can be invoked as
privileged instructions under some conditions and as
nonprivileged instructions under other conditions.

3.4.1.2 Hardware-Level Virtualization

 Hardware-level virtualization is a virtualization
technique that provides an general execution
environment in terms of computer hardware on top
of which a guest operating system can be run.
 Figure: Hardware Level Virtualization Reference
Model
 In this model, the guest is represented by the
operating system, the host by the physical computer
hardware, the virtual machine by its emulation, and
the virtual machine manager by the hypervisor (see
Figure).
 The hypervisor is generally a program or a
combination of software and hardware that allows
the abstraction of the underlying physical hardware.
 Hardware-level virtualization is also called system
virtualization, since it provides ISA to virtual
machines, which is the representation of the
hardware interface of a system.

Hypervisors
 A basic element of hardware virtualization is the
hypervisor, or virtual machine manager (VMM). It
recreates a hardware environment in which guest
operating systems are installed. There are two major
types of hypervisor: Type I and Type II (see Figure).
 Type I: hypervisors run directly on top of the
hardware. Therefore, they take the place of the
 operating systems and interact directly with the ISA
interface exposed by the underlying hardware, and
they emulate this interface in order to allow the
management of guest operating systems. This type of
hypervisor is also called a native virtual machine
since it runs natively on hardware.

 Type II: hypervisors require the support of an

operating system to provide virtualization services.
This means that they are programs managed by the
operating system, which interact with it through the
ABI and emulate the ISA of virtual hardware for
guest operating systems. This type of hypervisor is
also called a hosted virtual machine since it is hosted
within an operating system.

Hardware Virtualization Techniques

1. Full Virtualization
Full virtualization refers to the ability to run a
 program, most likely an operating system, directly
on top of a virtual machine and without any
modification, as though it were run on the raw
hardware. To make this possible, virtual machine
manager are required to provide a complete
emulation of the entire underlying hardware.
2. Para Virtualization
This is a not-transparent virtualization solution that
allows implementing thin virtual machine managers.
Paravirtualization techniques expose a software
interface to the virtual machine that is slightly
modified from the host and, as a consequence, guests
need to be modified. The aim of paravirtualization is
to provide the capability to demand the execution of
performance-critical operations directly on the host,
thus preventing performance losses that would
otherwise be experienced in managed execution.
3. Partial Virtualization
Partial virtualization provides a partial emulation of
the underlying hardware, thus not allowing the
complete execution of the guest operating system in
complete isolation. Partial virtualization allows
many applications to run transparently, but not all
the features of the operating system can be
supported, as happens with full virtualization. An
example of partial virtualization is address space
virtualization used in time-sharing systems; this
allows multiple applications and users to run
concurrently in a separate memory space, but they
still share the same hardware resources (disk,
processor, and network).

Difference between Full and Para Virtualization

Full Virtualization Paravirtualization

In Full virtualization, In paravirtualization, a virtual
 virtual machines permit machine does not implement
the execution of the full isolation of OS but rather
instructions with the provides a different API
running of unmodified OS which is utilized when OS is
in an entirely isolated subjected to alteration.
way.
Full Virtualization is less While the Paravirtualization
secure. is more secure than the Full
Virtualization.
Full Virtualization uses While Paravirtualization uses
binary translation and a hypercalls at compile time for
direct approach as a operations.
technique for operations.
Full Virtualization is slow Paravirtualization is faster in
than paravirtualization in operation as compared to full
operation. virtualization.
Full Virtualization is more Paravirtualization is less
portable and compatible. portable and compatible.
Examples of full Examples of
virtualization are paravirtualization are
Microsoft and Parallels Microsoft Hyper-V, Citrix
systems. Xen, etc.
It supports all guest The guest operating system
operating systems without has to be modified and only a
modification. few operating systems support
it.
The guest operating Using the drivers, the guest
system will issue operating system will directly
hardware calls. communicate with the
hypervisor.
It is less streamlined It is more streamlined.
compared to para-
virtualization.
It provides the best It provides less isolation
isolation. compared to full
virtualization.
3.4.1.3 Programming Language Level Virtualization
 Programming language-level virtualization is mostly
used to achieve ease of deployment of applications,
managed execution, and portability across different
platforms and operating systems.
 It consists of a virtual machine executing the byte
code of a program, which is the result of the
compilation process.
 Compilers implemented and used this technology to
produce a binary format representing the machine
code for an abstract architecture.
 The characteristics of this architecture vary from
implementation to implementation.
 Generally, these virtual machines constitute a
simplification of the underlying hardware instruction
set and provide some high-level instructions that
map some of the features of the languages compiled
for them.
3.4.1.4 Application-level virtualization:
 The application-level virtualization is used when
there is a desire to virtualize only one application.
 Application virtualization software allows users to
access and use an application from a separate
computer than the one which the application is
installed.
 Application virtualization is a mechanism that tricks
a standardized application into believing it interacts
directly with the functionality of an operating system
whereas, in reality, it would not.
 That requires a layer of virtualization inserted
between the application and the OS. This layer, or
system, needs to run the subsets of an app virtually
without any affecting the underlying OS. The
 virtualization layer substitutes a part of the runtime
environment typically provided by the OS,
transparently diverting files to a single executable
file, and changes in the registry log.
 Through diverting the processes of the app into one
file rather than several scattered around the OS, the
app runs easily on another device, and apps that
were previously incompatible may now operate
adjacently.
 Desktop virtualization is used in conjunction with
application virtualization — the separation from the
end-user system that accesses the physical desktop
environment and its related app software.

Benefits of Application Virtualization:

 Enables legacy apps (e.g. OS platforms such as
Windows 7 or XP who development is end ) can be
run.
 It allows cross-platform operations (e.g., running
iOS, Android, macOS and Chrome OS applications).
 Prevents conflicts with other virtualized application
 Allows users to operate multiple app instances —
unless they are virtualized, several applications can
detect and not allow new instances to runs
Limitation of Application Virtualization:
 This is difficult to virtualize all computer programs.
Applications which require a system driver (a type of
OS integration) and 16-bit applications to run in
shared memory space are some of the examples.
 Anti-virus software and programs that need high OS
integration are difficult to virtualize, such as
WindowBlinds or StyleXP.
 Application virtualization is subject to major license
flaws in software licensing, particularly because it
 must correctly license both the application
virtualization software and virtualized applications.
 Whilst application virtualization can fix issues
between old applications and newer operating
systems in terms of file-and-registry compatibility,
applications that don't handle the heap properly won't
work with Windows Vista because it does still assign
memory, no matter how virtualized. Therefore, even
when the program is virtualized, specific application
compatibility fixes (shims) may be required.

OTHER TYPES OF VIRTUALIZATION

Many forms of virtualization have an abstract
environment for other than virtualization interact with
them. They include storage, networking and interaction
between client and server.
 3.4.1.5 Storage virtualization
 Storage virtualization is a system administration
practice that allows decoupling the physical
organization of the hardware from its logical
representation. Using this technique, users do not
have to be worried about the specific location of their
data, which can be identified using a logical path.
 Storage virtualization allows us to harness a wide
range of storage facilities and represent them under a
single logical file system. There are different
techniques for storage virtualization, one of the most
popular being network-based virtualization by means
of storage area networks (SANs). SANs use a
network-accessible device through a large bandwidth
connection to provide storage facilities.

General benefits of storage virtualization include:

 Migration: Data can quickly be transferred
through storage locations without interrupting the
live access of most technologies to the virtual
partition.
 Utilization: The usage of storage devices can be
managed for addressing over and over using in the
same way as server virtualization.
 Management: Most hosts may use storage to
centrally manage a physical device.

Some of the disadvantages include:

 Lack of Standards and Interoperability: Storage
virtualization is a term, not a standard. This also
means the vendors don't interoperate easily.
 Metadata: The storage metadata and management
are essential to a functioning reliable system as
there is a correlation between logical and
physical location.
 Backout: Mapping the backout of virtualized
infrastructure from the network from digital to
physical locations is often less than trivial.

3.4.1.6 Network Virtualization

 Network virtualization combines hardware
appliances and specific software for the creation
and management of a virtual network.
 Network virtualization can aggregate different
physical networks into a single logical network
(external network virtualization) or provide
network-like functionality to an operating system
partition (internal network virtualization).
 The result of external network virtualization is
generally a virtual LAN (VLAN). A VLAN is an
aggregation of hosts that communicate with each
other as though they were located under the same
broadcasting domain.
 Internal network virtualization is generally applied
together with hardware and operating system-level
virtualization, in which the guests obtain a virtual
network interface to communicate with.
 There are several options for implementing
internal network virtualization: The guest can
share the same network interface of the host and
use Network Address Translation (NAT) to access
the network; the virtual machine manager can
emulate, and install on the host, an additional
network device, together with the driver; or the
guest can have a private network only with the
guest.

3.4.1.7 Desktop virtualization:

 Desktop virtualization abstracts the desktop
environment available on a personal computer in
order to provide access to it using a client/server
 approach.
 Desktop virtualization provides the same outcome
of hardware virtualization but serves a different
purpose.
 Similarly, to hardware virtualization, desktop
virtualization makes accessible a different system
as though it were natively installed on the host, but
this system is remotely stored on a different host
and accessed through a network connection.
 Moreover, desktop virtualization addresses the
problem of making the same desktop environment
accessible from everywhere.
 Although the term desktop virtualization strictly
refers to the ability to remotely access a desktop
environment, generally the desktop environment is
stored in a remote server or a data center that
provides a high-availability infrastructure and
ensures the accessibility and persistence of the
data.
 In this scenario, an infrastructure supporting
hardware virtualization is fundamental to provide
access to multiple desktop environments hosted on
the same server; a specific desktop environment is
stored in a virtual machine image that is loaded
and started on demand when a client connects to
the desktop environment.
 This is a typical cloud computing scenario in
which the user leverages the virtual infrastructure
for performing the daily tasks on his computer.
The advantages of desktop virtualization are high
availability, persistence, accessibility, and ease of
management.

3.4.1.8 Application server virtualization:

 Application server virtualization abstracts a

collection of application servers that provide the
 same services as a single virtual application server
by using load-balancing strategies and providing a
high-availability infrastructure for the services
hosted in the application server.

 This is a particular form of virtualization and

serves the same purpose of storage virtualization:
providing a better quality of service rather than
emulating a different environment.