| CLOUD COMPUTING

Module – 02

Virtual Machines and Virtualization of Clusters and Data Centers

Implementation Levels of Virtualization

Virtualization:

Virtualization allows multiple virtual machines (VMs) to run on the same physical
hardware, improving resource sharing, performance, and flexibility.

It enhances system efficiency by separating hardware from software.

It has gained importance in distributed and cloud computing.

Levels of Virtualization Implementation

Virtualization can be implemented at various operational layers of the system, including:

Dept. of CSE,NCET Page 1

 | CLOUD COMPUTING

Instruction Set Architecture (ISA) Level:

o Virtualizes the instruction set of the host machine to emulate different processor
architectures (e.g., running MIPS code on an x86 machine).
o Uses code interpretation or dynamic binary translation for better performance.

Hardware Abstraction Level:

o Virtualizes hardware resources like CPU, memory, and I/O devices to allow multiple
users to utilize the hardware concurrently.
o Historical example: IBM VM/370, modern example: Xen hypervisor for x86
machines.

Dept. of CSE,NCET Page 2

 | CLOUD COMPUTING

Operating System (OS) Level:

o Creates isolated containers on a single server to allocate hardware resources

among users.
o Commonly used in virtual hosting environments and server consolidation.

Library Support Level:

o Virtualizes the communication link between applications and the OS through API
hooks.
o Examples include WINE (Windows applications on UNIX) and vCUDA (GPU
acceleration within VMs).

User-Application Level:

o Virtualizes individual applications or processes, often called process-level

virtualization.
o Examples include the Java Virtual Machine (JVM) and Microsoft .NET CLR.
o Other approaches include application isolation, sandboxing, and application
streaming, where the application is isolated from the host OS for easier distribution
and removal.

Purpose and Applications:

• Virtualization improves resource utilization, enables running different OS and

applications on the same machine, and simplifies the management of distributed
systems.
• It plays a key role in enhancing distributed computing, cloud environments, and
legacy software support.

Dept. of CSE,NCET Page 3

 | CLOUD COMPUTING

Relative Merits of Virtualization Approaches

Comparison Factors: Higher performance, application flexibility, implementation

complexity, and application isolation.

Merit Representation: Number of X’s in a table (5X = best, 1X = worst).

Performance Considerations:

o Hardware & OS-level virtualization → Highest performance but expensive.

o User-level virtualization → Most complex in terms of application isolation.
o ISA-level virtualization → Best application flexibility.

VMM Design Requirements and Providers

Definition & Role of VMM:

• VMM (Virtual Machine Monitor) is a layer between hardware and the operating
system.
• Manages hardware resources and captures program interactions with hardware.
• Enables multiple OS instances to run on a single set of hardware.

Requirements of a VMM:

1. Identical Execution Environment:

o Programs should run as if they are on a real machine.
2. Minimal Performance Overhead:
o Should not significantly slow down program execution.
3. Full Control Over System Resources:
o Programs should only access explicitly allocated resources.

Dept. of CSE,NCET Page 4

 | CLOUD COMPUTING

Performance Considerations:

VMs share hardware, leading to resource contention.

Timing dependencies and resource availability may cause minor performance

differences.

Traditional emulators/simulators offer flexibility but are too slow for real-world use.

Efficiency is ensured by executing most virtual processor instructions directly on

hardware.

Resource Control by VMM:

Allocates hardware resources to programs.

Restricts unauthorized access to unallocated resources.

Can reclaim allocated resources under certain conditions.

Challenges in VMM Implementation:

Some processors (e.g., x86) lack full virtualization support.

Solution: Hardware-assisted virtualization modifies hardware to support VMM

requirements.

Virtualization Support at the OS Level

Role of OS-Level Virtualization in Cloud Computing

Cloud computing relies on virtualization to shift hardware and management costs to

third-party providers.

Dept. of CSE,NCET Page 5

 | CLOUD COMPUTING

Two major challenges:

1. Dynamic resource allocation – Scaling CPU resources based on demand.

2. Slow VM instantiation – Fresh VM boots take time and lack awareness of
the application state.

Why OS-Level Virtualization?

• Hardware-level virtualization is slow and inefficient due to redundant VM image

storage and performance overhead.
• OS-level virtualization creates multiple isolated Virtual Execution Environments
(VEs) or Containers within a single OS kernel.
• VEs function like real servers with their own processes, file system, user
accounts, and network configurations but share the same OS kernel.
• Also known as single-OS image virtualization.

Advantages of OS-Level Virtualization

1. Fast startup/shutdown, low resource use, high scalability.

2. State synchronization between VMs and the host OS – Allows better application state
awareness.
3. Efficiency through resource sharing – VEs can access most host resources without
modifying them.
4. Overcomes slow VM initialization and application state unawareness in cloud
computing.

Dept. of CSE,NCET Page 6

 | CLOUD COMPUTING

Disadvantages of OS-Level Virtualization

1. Same OS requirement – All VMs on a single container must belong to the same OS
family (e.g., Windows-based VMs cannot run on a Linux host).
2. User preference issues – Some cloud users require different OS types, limiting
flexibility.
3. Resource duplication problem – If each VM has a full copy of system resources, it
leads to high storage and performance costs.

Implementation Considerations

Creating virtual root directories:

1. Duplicate resources for each VM (higher cost).

Dept. of CSE,NCET Page 7

 | CLOUD COMPUTING

2. Share most resources and create private copies on demand (preferred

approach).

OS-level virtualization is often a second choice due to its limitations compared to

hardware-assisted virtualization.

Virtualization on Linux and Windows Platforms

Linux vs. Windows Virtualization

• Linux-based OS-level virtualization is well-developed, while Windows-based OS-level

virtualization is still in research.
• The Linux kernel provides an abstraction layer for handling hardware, often requiring
patches for new hardware support.
• Most Linux platforms are not tied to a specific kernel, allowing multiple VMs to run
on the same host.
• Windows OS virtualization tools are still experimental, with FVM being an example for
the Windows NT platform.

Virtualization Support on the Linux Platform: OpenVZ

OpenVZ is an open-source container-based virtualization tool for Linux.

It modifies the Linux kernel to support:

1. Virtual environments (VPS) – Each VPS functions like an independent Linux server
with its own processes, users, and virtual devices.
2. Resource management – Controls CPU, disk space, and memory allocation.
3. Checkpointing and live migration – Saves VM state to a file for quick transfer and
restoration on another machine.

Dept. of CSE,NCET Page 8

 | CLOUD COMPUTING

Resource Management in OpenVZ:

o Two-level disk allocation:

§ First level: Admin allocates disk space for VMs.
§ Second level: VM admin assigns disk space to users.
o Two-level CPU scheduling:
§ First level: OpenVZ decides VM priority.
§ Second level: Standard Linux CPU scheduler manages tasks within the VM.
o 20+ resource control parameters ensure optimized VM usage.

Middleware Support for Virtualization (Library-Level Virtualization)

Library-level virtualization is also known as user-level Application Binary Interface (ABI) or

API emulation.

This type of virtualization can create execution environments for running alien programs
on a platform rather than creating a VM to run the entire operating system.

API call interception and remapping are the key functions performed. This section
provides an overview of several library-level virtualization systems.

Dept. of CSE,NCET Page 9

 | CLOUD COMPUTING

Namely the Windows Application Binary Interface (WABI), lxrun, WINE, Visual MainWin,
and vCUDA, which are summarized in Table 3.4.

Dept. of CSE,NCET Page 10

 | CLOUD COMPUTING

Dept. of CSE,NCET Page 11

 | CLOUD COMPUTING

Virtualization Structure/Tools and Mechanisms

VM Architecture Classes

After virtualization, a virtualization layer is inserted between the hardware and OS,
converting real hardware into virtual hardware.

This allows multiple OSes (Linux, Windows, etc.) to run simultaneously on a single
machine.
There are three main classes of VM architecture:

1. Hypervisor-based virtualization (VMM – Virtual Machine Monitor)

2. Paravirtualization
3. Host-based virtualization

Hypervisor and Xen Architecture

The hypervisor enables hardware-level virtualization by running directly on bare metal

hardware (CPU, memory, disk, network interfaces).

It acts as an interface between physical hardware and guest OSes.

Types of Hypervisors:

Micro-kernel hypervisor (e.g., Microsoft Hyper-V):

o Includes only core functions (memory management, processor scheduling).

o Device drivers and other components are external.
o Smaller hypervisor size.

Monolithic hypervisor (e.g., VMware ESX):

o Implements all functions, including device drivers.

o Larger hypervisor size but with better performance and control.

Dept. of CSE,NCET Page 12

 | CLOUD COMPUTING

The Xen Hypervisor Architecture

• Xen is an open-source micro-kernel hypervisor developed at Cambridge University.

• Separates policy (handled by Domain 0) from mechanism (handled by Xen).
• No native device drivers → Guest OSes handle device management directly.
• Virtual environment between hardware and OS.

Components of Xen

Xen Domain Structure

Domain 0 (Dom0):

o Privileged guest OS with direct hardware access.

o Manages guest OS instances (Domain U).
o Controls resource allocation and device management.

Dept. of CSE,NCET Page 13

 | CLOUD COMPUTING

Domain U (DomU):

o Unprivileged guest OS instances running under Xen.

o Cannot access hardware directly.

Security Considerations

• Domain 0 is the most critical component. If compromised, the attacker gains full
control over all VMs.
• Security policies are required to protect Domain 0.

VM State Management and Rollback

Unlike traditional machines (which follow a linear execution path), VM execution follows
a tree structure where multiple instances can be created at different states.

Benefits of VM state rollback:

o Error recovery (rollback to a previous working state).

o Efficient system distribution (duplicate VMs for dynamic content).
o Live migration (moving running VMs between hosts).

Challenges:

o Security risks in handling VM snapshots and rollbacks.

o Need for strict access control and auditing.

Binary Translation with Full Virtualization

Depending on implementation technologies, hardware virtualization can be classified into

two cate gories: full virtualization and host-based virtualization.

Full virtualization does not need to modify the host OS. It relies on binary translation to
trap and to virtualize the execution of certain sensitive, nonvirtualizable instructions.

Dept. of CSE,NCET Page 14

 | CLOUD COMPUTING

The guest OSes and their applications consist of noncritical and critical instructions. In
a host-based system, both a host OS and a guest OS are used.

A virtualization software layer is built between the host OS and guest OS. These two
classes of VM architecture are introduced next.

Full Virtualization

With full virtualization, noncritical instructions run on the hardware directly while critical
instructions are discovered and replaced with traps into the VMM to be emulated by
software.

Both the hypervisor and VMM approaches are considered full virtualization. Why are
only critical instructions trapped into the VMM? This is because binary translation can
incur a large performance overhead.

Noncritical instructions do not control hardware or threaten the security of the system,
but critical instructions do.

Therefore, running noncritical instructions on hardware not only can promote efficiency,
but also can ensure system security.

Binary Translation Using VMM (Virtual Machine Monitor)

• Implemented by VMware and other vendors.

• VMM is placed at Ring 0 (privileged mode).
• Guest OS runs at Ring 1, unaware that it is virtualized.
• VMM scans and translates privileged instructions before execution.
• Code caching helps optimize performance but increases memory usage.

Host-Based Virtualization

Runs on a host OS rather than directly on hardware.

Dept. of CSE,NCET Page 15

 | CLOUD COMPUTING

The virtualization layer sits between the host OS and guest OS.

• Guest OSes and applications can run inside VMs, while other applications can
run directly on the host OS.

Advantages:

o Easier deployment (no need to modify the host OS).

o Simplified design (relies on the host OS for device drivers).
o Works on various hardware configurations.

Disadvantages:

o Lower performance due to multiple layers of hardware access.

o Requires binary translation if guest OS and host hardware have different ISAs.
o High overhead, making it less efficient in practice.

Dept. of CSE,NCET Page 16

 | CLOUD COMPUTING

Para-Virtualization with Compiler Support

Overview of Para-Virtualization

• Requires modification of the guest OS kernel to support virtualization.

• Provides special APIs (hypercalls) to replace non-virtualizable OS instructions.
• Reduces virtualization overhead, improving performance compared to full
virtualization.
• Unlike full virtualization, which relies on binary translation, para-virtualization requires
OS kernel modifications.

Para-Virtualization Architecture

A virtualization layer is inserted between hardware and OS.

In the x86 architecture, the OS typically runs at Ring 0 for privileged operations, while
applications run at Ring 3.

Para-virtualization modifies the guest OS to:

o Run at Ring 1 instead of Ring 0.

Dept. of CSE,NCET Page 17

 | CLOUD COMPUTING

o Replace non-virtualizable instructions with hypercalls to the hypervisor/VMM.

Advantages of Para-Virtualization

• Improves performance by eliminating the need for complex binary translation.

• More efficient than full virtualization, especially for workloads with frequent
privileged instructions.
• Used by popular hypervisors like Xen, KVM, and VMware ESX.

Challenges of Para-Virtualization

• Requires modifying the OS kernel, making it less compatible with unmodified

OSes.
• Maintaining para-virtualized OS versions is costly, as OS updates require
modifications.
• Performance benefits depend on workload types—some workloads benefit
greatly, while others do not.

KVM (Kernel-Based VM)

This is a Linux para-virtualization system—a part of the Linux version 2.6.20 kernel.
Memory management and scheduling activities are carried out by the existing Linux
kernel.

The KVM does the rest, which makes it simpler than the hypervisor that controls the
entire machine.

KVM is a hardware-assisted para-virtualization tool, which improves performance and

supports unmodified guest OSes such as Windows, Linux, Solaris, and other UNIX
variants.

Dept. of CSE,NCET Page 18

 | CLOUD COMPUTING

Para-Virtualization with Compiler Support

Unlike full virtualization, which traps privileged instructions at runtime, para-

virtualization modifies instructions at compile time.

The OS kernel replaces privileged instructions with hypercalls before execution.

Xen follows this architecture, where:

o The guest OS runs at Ring 1 instead of Ring 0.

o Privileged instructions are replaced with hypercalls to the hypervisor.
o Hypercalls function similarly to system calls in UNIX (using service routines).

Dept. of CSE,NCET Page 19

 | CLOUD COMPUTING

Virtualization of CPU/Memory and I/O devices

Introduction to Virtualization Support in Hardware

Modern processors (e.g., x86) use hardware-assisted virtualization to support virtual

machines efficiently.

The Virtual Machine Monitor (VMM) and guest OS operate in separate modes, ensuring
security and isolation.

Sensitive instructions of the guest OS are trapped in the VMM, preventing unauthorized
hardware access.

Hardware Support for Virtualization

Processors have two main execution modes:

User Mode: Runs applications with limited access to hardware.

Dept. of CSE,NCET Page 20

 | CLOUD COMPUTING

o Supervisor Mode (Privileged Mode): Runs the OS kernel and handles critical system
operations.

Virtualization complicates execution because multiple OSes run on a single machine.

Examples of hardware-assisted virtualization tools:

o VMware Workstation (host-based virtualization).

o Xen (hypervisor that modifies Linux as the lowest privileged layer).
o KVM (uses Intel VT-x or AMD-V for efficient virtualization).
o VirtIO (provides virtualized I/O devices like Ethernet, disk, memory ballooning, and
VGA).

Dept. of CSE,NCET Page 21

 | CLOUD COMPUTING

CPU Virtualization

VMs execute most instructions in native mode for efficiency, except critical
instructions.

Critical instructions are classified into three categories:

1. Privileged Instructions: Only execute in privileged mode (Ring 0).

2. Control-Sensitive Instructions: Modify system settings or resources.
3. Behavior-Sensitive Instructions: Depend on system configuration (e.g.,
memory access).

CPU virtualization requires trapping privileged instructions so that the VMM can handle
them securely.

RISC architectures are naturally virtualizable, as all sensitive instructions are privileged.

x86 architecture is not naturally virtualizable because some sensitive instructions (e.g.,
SGDT, SMSW) are not privileged and cannot be trapped by the VMM.

Example: System Calls in UNIX and Xen

• In UNIX systems, system calls trigger the 0x80 interrupt, passing control to the
kernel.
• In Xen (a para-virtualization system), system calls trigger both 0x80 (guest OS) and
0x82 (hypervisor).
• The hypervisor processes privileged operations before returning control to
the guest OS.

Hardware-Assisted CPU Virtualization

Intel and AMD introduced an additional privilege mode (Ring -1) for virtualization.

Now, the hypervisor runs at Ring -1, while the guest OS runs at Ring 0.

Dept. of CSE,NCET Page 22

 | CLOUD COMPUTING

This eliminates the need for complex binary translation (used in full virtualization).

Benefits:

o Simplifies virtualization implementation.

o Allows OSes to run in VMs without modification.
o Traps all privileged instructions in the hypervisor automatically.

Dept. of CSE,NCET Page 23

 | CLOUD COMPUTING

Memory Virtualization

Virtual Memory Mapping in Traditional Systems

o The OS maps virtual memory to machine memory using page tables (one-stage
mapping).
o Modern x86 CPUs use an MMU (Memory Management Unit) and TLB (Translation
Lookaside Buffer) to optimize memory performance.

Memory Virtualization in Virtualized Environments

o Physical RAM is shared and dynamically allocated among Virtual Machines (VMs).
o A two-stage mapping is required:
§ Guest OS: Maps virtual memory to guest physical memory.
§ VMM (Hypervisor): Maps guest physical memory to actual machine
memory.

Shadow Page Tables & Nested Paging

o Each guest OS page table has a corresponding shadow page table maintained by the
VMM.

Dept. of CSE,NCET Page 24

 | CLOUD COMPUTING

o This additional layer leads to performance overhead and high memory costs.
o Nested Paging (Hardware-Assisted Virtualization):
§ Reduces the overhead of shadow page tables.
§ Introduced by AMD’s Barcelona processor (2007).

Optimizing Virtual Memory Performance

o VMware uses shadow page tables for address translation.

o TLB hardware enables direct mapping from virtual memory to machine memory,
reducing translation overhead.

Dept. of CSE,NCET Page 25

 | CLOUD COMPUTING

Dept. of CSE,NCET Page 26

 | CLOUD COMPUTING

I/O Virtualization & Multi-Core Virtualization

I/O Virtualization

I/O virtualization manages routing of I/O requests between virtual devices and shared
physical hardware. There are three main approaches:

Full Device Emulation

o Emulates real-world devices in software within the VMM (hypervisor).

o The guest OS interacts with virtual devices, and the VMM handles I/O operations.
o Drawback: High overhead and lower performance compared to real hardware.

Para-Virtualization (Split Driver Model - Used in Xen)

o Uses frontend and backend drivers to handle I/O:

§ Frontend driver: Manages I/O requests in the guest OS.

Dept. of CSE,NCET Page 27

 | CLOUD COMPUTING

§ Backend driver: Runs in the privileged domain (Domain 0) and manages

real I/O devices.
o Pros: Better performance than full emulation.
o Cons: Higher CPU overhead.

Direct I/O Virtualization

o Allows VMs to directly access physical devices.

o Pros: Close-to-native performance, lower CPU cost.
o Cons: Limited support for commodity hardware, potential system crashes during
workload migration.

Hardware-Assisted I/O Virtualization

Intel VT-d helps remap I/O DMA transfers and device interrupts, allowing direct device
access for VMs.

Self-Virtualized I/O (SV-IO) uses multi-core processors to virtualize I/O devices,

providing an efficient API for virtualized systems.

Dept. of CSE,NCET Page 28

 | CLOUD COMPUTING

Multi-Core Virtualization

Virtualizing multi-core processors is more complex than uni-core processors due to:

Parallelization Challenges:

Dept. of CSE,NCET Page 29

 | CLOUD COMPUTING

o Applications must be explicitly parallelized to utilize all cores efficiently.

o New programming models, languages, and libraries are needed.

Task Scheduling Complexity:

o Scheduling algorithms and resource management policies must optimize

performance while handling core assignments.

Dynamic Heterogeneity

• New architectures mix fat CPU cores and thin GPU cores on the same chip.
• Hardware reliability issues and increased complexity in transistor management
make resource allocation more difficult.

Physical vs. Virtual Processor Cores

Virtual CPU (VCPU) Migration:

o Wells et al. proposed a method where VCPUs can move between cores dynamically.
o Reduces inefficiencies in managing processor cores by software.
o Located below the ISA, making it transparent to OS and hypervisors.

Virtual Hierarchy in Many-Core

Processors Virtual Hierarchy

• Many-core chip multiprocessors (CMPs) enable space-sharing, where different jobs

are assigned to separate groups of cores for long intervals.
• Virtual hierarchy is a dynamic cache hierarchy that adapts to workload demands,
unlike static physical cache hierarchies.
• Proposed by Marty and Hill, this method optimizes performance isolation and cache
coherence.

Dept. of CSE,NCET Page 30

 | CLOUD COMPUTING

How Virtual Hierarchy Works

Many-core CMPs typically use physical cache hierarchies (L1, L2) with static allocation.

A virtual hierarchy dynamically adapts cache levels to workload needs, improving

access speed and reducing interference.

benefits:

1. Locates data blocks close to cores for faster access.

2. Establishes shared-cache domains to minimize data transfer delays.
3. Reduces performance interference between different workloads.

Dept. of CSE,NCET Page 31