Virtualization

What is virtualization

Virtualization has a wide range of meanings. Virtualization is the act of creating a virtual version of
something, a logical representation of resources. Virtualization allows multiple virtual machines
(VMs) to run on a physical server.
The VMs share the CPU, memory, and I/O hardware resources on the physical server, but they are
logically isolated from each other. Virtualization is the fundamental technology that powers cloud
computing.
The left picture shows the architecture before virtualization. After purchasing servers, enterprises
install operating systems (OS), and deploy system applications and required basic environments on
the servers.
The traditional enterprise IT architecture has two features:
1. The resources on each server are independent from each other. For example, the resources
on the server 1 are standing idle while the resources on the server 2 are insufficient. As a
result, the resources cannot be fully used.
2. The OS is tightly coupled to the physical hardware. The OS hardware drivers must adjust to
the underlying physical servers because the OS is directly deployed on the hardware. This will
make it difficult for enterprises to migrate their system applications to the physical servers of
other vendors.

In terms of the virtualization architecture, after purchasing a physical server, enterprises deploy a
virtualization layer on the server, turning hardware resources of the server into virtualized resources
and putting them in a resource pool. Then, VMs are created based on the virtual resource pool to run
enterprise service applications. Resources in this architecture are abstracted into a shared resource
pool, greatly improving resource utilization and making resources no longer isolated. The
virtualization layer decouples the physical hardware from the upper-layer OS, allowing you to flexibly
migrate your applications as long as the virtual hardware structure of VMs is consistent.

Important concepts

As shown in the Figure, there is a hypervisor, also called a virtual machine monitor (VMM), it is
deployed either on the Host OS or the hardware depends on the type used. A hypervisor is a software
layer running between physical Hardware and operating systems (OSs). It allows multiple OSs and
applications to share hardware. In short, a host can virtualize hardware with a hypervisor, then a VM
(guest machine) can be created from a virtualized resource, and an OS (guest OS) needs to be
installed on the created VM.

Hypervisor types
We have two types of hypervisors

There are two main hypervisor types, referred to as “Type 1” (or “bare metal”) and “Type 2” (or
“hosted”). A type 1 hypervisor (also called bare-metal hypervisor) acts like a lightweight operating
system and runs directly on the host’s hardware, while a type 2 hypervisor (also called hosted
hypervisor) runs as a software layer on an operating system, like other computer programs.

The most commonly deployed type of hypervisor is the type 1 or bare-metal hypervisor, where
virtualization software is installed directly on the hardware where the operating system is normally
installed. Because bare-metal hypervisors are isolated from the attack-prone operating system, they
are extremely secure. In addition, they generally perform better and more efficiently than hosted
hypervisors. For these reasons, most enterprise companies choose bare-metal hypervisors for data
center computing needs.

While bare-metal hypervisors run directly on the computing hardware, hosted hypervisors run on top
of the operating system (OS) of the host machine. Although hosted hypervisors run within the OS,
additional (and different) operating systems can be installed on top of the hypervisor. The downside
of hosted hypervisors is that latency is higher than bare-metal hypervisors. This is because
communication between the hardware and the hypervisor must pass through the extra layer of the
OS. Hosted hypervisors are sometimes known as client hypervisors because they are most often used
with end users and software testing, where higher latency is less of a concern.

The hypervisor ensures that each virtual machine receives the allocated resources as configured. It
does so by acting as an intermediary between guest machines and the underlying physical hardware.
The hypervisor relays requests for processing power, memory, storage, and other resources to the
host machine in several ways, including API calls.

An API is a software communication method that allows different applications to exchange data.

Virtualization types
Type Description

Par Para-virtualization involves modifying the guest operating system to be aware that it is running in
a a virtualized environment. This allows for a more efficient communication, and better
virt performance.
uali
zati
on For example: Xen is a hypervisor the uses para-virtualization.

Full Full virtualization allows the guest OS to run unmodified. The hypervisor abstracts the hardware
virt and presents a virtualized environment, where the guest OS believes it's running directly on
uali physical hardware, but all instructions are intercepted and managed by the hypervisor.
zati For example: VMware, Microsoft Hyper-V
 on

Har Hardware-assisted virtualization is a platform virtualization approach that enables efficient full
dw virtualization using help from hardware capabilities, primarily from the host processors.
are Also known as Hardware acceleration for virtualization
assi
ste
d
virt
uali
zati
on

In the context of virtualization, "compatibility" refers to the ability of the virtualization

environment to support various guest operating systems without requiring modifications to
those operating systems. It's about how easily different operating systems can be run on the
virtualization platform.
This high level of compatibility is achieved by emulating hardware resources. The guest OS
interacts with what it perceives as real hardware, but these are actually virtualized
components provided by the hypervisor.
Para virtualization might not support certain operating systems, especially proprietary ones
for which modifying the kernel or core components is not feasible.
The hardware assisted virtualization uses CPU for efficient virtualization, Reduces the
performance overhead associated with virtualization, leading to faster execution of virtualized
workloads.
In traditional virtualization, particularly full virtualization without hardware acceleration, the
hypervisor (which is a software layer) handles tasks such as CPU scheduling, memory
address translation, and emulating hardware instructions. This is done in software, running
on the general-purpose processing capabilities of the CPU. So by using this type
virtualization related tasks would run more efficiently on CPU.

Virtualization characteristics
 Partitioning: The virtualization layer allocates physical server resources to multiple VMs
on the same physical server. These VMs have independent OSs which can be the same or
different, so applications applicable for any OS can run on the physical server. Each OS gains
access only to its own virtual hardware, such as the virtual network interface card (NIC),
virtual CPUs, and virtual memory, provided by the virtualization layer, so that it
misunderstands that it runs on its own dedicated server. Partitioning has the following
advantages:
1. Resource quotas are allocated to each partition to prevent resource overuse by
virtualization.
2. Each VM has an independent OS.

 Isolation: VMs created in a partition are logically isolated from each other. Isolation has the
following advantages:
1. Even if one VM crashes or fails due to an OS failure, application crash, or driver
failure, other VMs can still run properly.
2. If one VM is infected with worms or viruses, other VMs will not be affected as if
each VM runs on an independent physical machine.

Through isolation, resources can be controlled to provide performance isolation. That is, the
minimum and maximum resources are specified for each VM to ensure that a VM does not
occupy all resources and other VMs in the same system have no available resources. Multiple
loads, applications, or OSs can concurrently run on a single physical machine, preventing
problems (such as application conflicts and DLL conflicts) .
 Encapsulation: All VM data including the hardware configuration, BIOS configuration,
memory status, disk status, and CPU status is stored into a group of files that are
independent of physical hardware. You can copy, save, and move a VM by copying only a few
files. Let's use VMware Workstation as an example. You can copy a set of VM files to another
computer where VMware Workstation is installed and restart the VM. Of all virtualization
characteristics, encapsulation is the most important feature for VM migration. A VM becomes
a hardware-independent file and then it can have features such as migration and hot swap (
 Hot swapping refers to the ability to replace or add components to a system while it is
running without needing to shut it down or reboot it), which are closely related to its
encapsulation feature.

 Hardware independence: After a VM is encapsulated into a group of independent

files, the VM is completely independent from its physical hardware. You can migrate the VM
by copying its device file, configuration file, or disk file to another host. The physical
hardware devices are shielded by the VMM running on it. The VM running on the VMM only
needs to check whether the same VMM exists on the destination host, regardless of the
physical hardware specifications and configurations. This is similar to editing a Word file by
using Office 2007 on computer A that runs a Windows 7 system and then copying the Word
file to computer B that runs a Windows 10 system. You only need to check whether Office
2007 is installed on computer B and do not need to check the CPU model or memory size of
the computer.

VM migration refers to the process of moving a virtual machine (VM) from one
physical host to another. This is a key feature in virtualized environments, offering
flexibility, better resource utilization, and improved availability
1. Cold Migration
 Cold migration involves shutting down the VM before moving it to a different host.
 The VM’s data (disk images, configuration files …etc) is transferred while the VM is
offline.
 This type of migration doesn’t require special hardware support, but it does result in
downtime for the services running on the VM
2. Hot migration
 In hot migration, also known as suspended migration, the VM is suspended during
the migration process
 The state of the VM including memory contents is saved and transferred to the new
host, where the VM is then resumed.
 This approach reduces downtime compared to cold migration, but it still involves
some service interruption.
3. Live migration
 Live migration is the process of moving a VM between hosts without shutting down
the vm or disrupting its services.
 The VM’s memory state, and disk state are transferred to the target host while the
VM continues to run. This requires careful synchronization process
 Live migration is highly beneficial in maintaining service continuity and is often used
in load balancing, maintenance and disaster recovery scenarios
 It typically requires a shared storage system like SAN or NAS that both the source and
target host can access, as well as a high-speed network connection between hosts.

Mainstream virtualization technologies

Many mainstream virtualization technologies are generally divided into two types:
open source and closed source. Open source virtualization technologies include KVM and Xen, and
closed source virtualization technologies include Microsoft’s Hyper-V, VMware’s vSphere, and
Huawei’s FusionSphere. Open source virtualization technology is free and can be used at any time.
Their source code is public, and users can customize some special functions according to their needs.
Open source virtualization technology has high technical requirements for users. Once the system has
problems, you need to rely on your own technology and experience to complete the repair of the
system. With closed-source virtualization technology, users cannot see the source code, nor can they
perform personalized customization. Closed-source virtualization products are generally charged and
provide users with “out-of-the-box” services. During use, if there is a problem with the system, the
manufacturer will provide full support.

KVM

KVM is a kernel-based VM because KVM is a Linux kernel module. After this module is installed on a
physical machine running Linux, the physical machine becomes a hypervisor without affecting other
applications running on Linux.

A Linux kernel is converted into a hypervisor by loading a KVM module. The Linux runs in kernel
mode, a host process runs in user mode, and a VM runs in guest mode, so the converted Linux kernel
can perform unified management and scheduling on the host process and the VM.
In the KVM virtualization solution, KVM virtualizes CPU and memory, and QEMU virtualizes I/O
devices.

QEMU is software-based open-source (emulation) software. It can emulate all resources required by
VMs, including the CPU, memory, I/O device, USB, and NIC. It provides a convenient user interface for
creating, managing, and running VMs. It can start VMs, define their hardware specifications, and
more.
KVM is used to emulate CPU running, but does not support networks and I/O. QEMU-KVM is a
complete KVM-based emulator and supports complete I/O simulation.

The bottom layer represents the physical hardware of the server, which includes the cpu, memory,
storage and other physical devices. The linux kernel on the other hand directly operates above the
hardware, which is the core of the OS managing hardware resources and providing services to upper-
layer processes.
/dev/kvm presented in the picture is a device file that provides interface to interact with KVM, It
allows user-space applications, like QEMU, to make use of KVM’s virtualization capabilities. When the
KVM module is loaded into the linux kernel, this device file becomes available.
Xen

Xen is an open-source, type-1 hypervisor that can be installed directly on a computer without the
intervention of a host operating system. Being a type-1 hypervisor, Xen controls, oversees, and
manages every aspect of a computer( hardware, peripheral, and input/output resources) without
any intermediary.

In essence, Xen is an open-source hypervisor that allows the simultaneous development, execution,
and management of multiple virtual machines on one physical computer.

Xen offers two types of virtualization: paravirtualization and full virtualization.

In paravirtualization, the virtualized operating system operates on a tweaked version of the OS. As a
result, the tweaked operating system becomes aware that it is virtualized. This permits more efficient
interaction between the OS and the physical hardware since the hardware devices are addressed
directly. However, the fact that the functionality of paravirtualization relies on modified guest OS is a
downside since most vendors don’t provide it.

Xen also offers full virtualization, a mode where all virtualization extensions require the CPU’s
support. Here, the unmodified operating systems can efficiently instruct the hardware because of this
support. Full virtualization often comes with performance drawbacks because complete emulation
usually requires more processing resources and overhead resources from the hypervisor.

Xen can run multiple guest operating systems, each OS running in Xen’s virtual machine or domain.
Upon its installation, Xen automatically creates the first domain called Domain 0. Domain 0 is
responsible for managing the system, and it performs tasks like managing virtual devices for each
virtual machine, migrating virtual machines, building additional domains, etc. DomU instances are the
standard virtual machines in a Xen environment. Unlike Dom0, which has special privileges and
responsibilities for managing the Xen hypervisor and hardware resources, DomUs are regular VMs
that serve as the environment for running user applications, services, or additional operating
systems.