MODULE 2

VIRTUALIZATION
 Virtualization
 Virtualization technology, allows the creation of virtual
versions of hardware platforms, Operating systems, network
resources or storage devices

 It separates primary functions of computers from physical

infrastructure and hardware resources with the help of ‘Virtual
Machine Monitor’ – Hypervisor

App App App

OS OS OS
Hypervisor
Hardware
Virtualized Stack
 Virtual Machines
 VM technology allows multiple virtual machines
to run on a single physical machine.
App App App App App
Xen
Guest OS Guest OS Guest OS
(Linux) (NetBSD) (Windows)
VMWare
VM VM VM
UML
Virtual Machine Monitor (VMM) / Hypervisor

Denali
Hardware
etc.

3
Traditional App/Server
Virtual Server Model
Benefits
 Maximizing Resources
 Reducing hardware cost
 Minimizing Maintenance requirements
 Enjoying benefits of OS services
 Using multiple systems
 Testing beta software and Maintaining legacy
applications
 Increasing system security
Hardware Virtualization
 Full virtualization – almost complete simulation of the
actual hardware to allow software, which typically
consists of a guest operating system, to run unmodified.
e.g. VMWare ESXi and Microsoft virtual server
 Partial virtualization – some but not all of the target
environment attributes are simulated. As a result, some
guest programs may need modifications to run in such
virtual environments.
e.g. Address space virtualization used in time
sharing systems
 Paravirtualization – a hardware environment is not
simulated; however, the guest programs are executed in
their own isolated domains, as if they are running on a
separate system. Guest programs need to be specifically
modified to run in this environment.
Full Virtualization Para virtualization
In Full virtualization, virtual machines In Para virtualization, a virtual machine
permit the execution of the instructions does not implement full isolation of OS
with the running of unmodified OS in but rather provide a different API
an entirely isolated way which is utilized when OS is subjected
to alteration
F. V. is less secure P.V. is more secure
F. V. uses binary translation and a While P.V. uses hypercalls at compile
direct approach as a technique for time for operation
operations
It is slow Comparatively fast
More portable and compatible Less portable and compatible
e.g. Microsoft e.g. Microsoft Hyper-V, Xen etc.
It supports all guest operating systems Guest OS has to be modified and only
without modification a few OS supports it
Software Virtualization
 Operating system-level virtualization, hosting of multiple
virtualized environments within a single OS instance.
 Application virtualization and workspace virtualization,
the hosting of individual applications in an environment
separated from the underlying OS. Application
virtualization is closely associated with the concept of
portable applications.
 Service virtualization, emulating the behavior of
dependent (e.g., third-party, evolving, or not
implemented) system components. It virtualizes only
specific slices of dependent behavior critical to the
execution of development and testing tasks.
Storage Virtualization
 Storage virtualization, the process of
completely abstracting logical storage from
physical storage
 Distributed file system, any file system that
allows access to files from multiple hosts
sharing via a computer network
 Virtual file system, an abstraction layer on top
of a more concrete file system, allowing client
applications to access different types of
concrete file systems in a uniform way
Storage Virtualization
 Storage hypervisor, the software that
manages storage virtualization and combines
physical storage resources into one or more
flexible pools of logical storage
 Virtual disk drive, a computer program that
emulates a disk drive such as a hard disk
drive or optical disk drive
Network Virtualization
 Network virtualization, creation of a
virtualized network addressing space within
or across network subnets
 Virtual private network (VPN), a network
protocol that replaces the actual wire or other
physical media in a network with an abstract
layer, allowing a network to be created over
the Internet
Hypervisor
 A hypervisor or virtual machine
monitor (VMM) is a piece of computer
software, firmware or hardware that creates
and runs virtual machines.
 A computer on which a hypervisor is running
one or more virtual machines is defined as
a host machine.
 Each virtual machine is called a guest
machine.
Type-1, native or bare-metal
hypervisors
 These hypervisors run directly on the host's
hardware to control the hardware and to
manage guest operating systems.
 Examples:
 Oracle VM Server for SPARC,
 Oracle VM Server for x86
 Citrix XenServer
 VMware ESX/ESXi
 MicrosoftHyper-V 2008/2012.
 The VMM does not rely on the host system for pass-
through permissions

 In the bare-metal virtualization technique, you have several

options to access I/O devices from the guest systems
 VMM can have direct communication with the I/O devices
 partitioning is another method through which I/O devices
can be approached by the hypervisor
 Benefits and Drawbacks:
- VMMs of the bare-metal type may be used for binding
the interrupt latency and enabling deterministic
performance
- A single hardware platform can be used to run real-time
and general-purpose OSs in parallel
- The hypervisor must include supporting drivers for
hardware platforms, apart from including the drivers
required for sharing the I/O devices amongst the guest
systems
- It is harder to install the VMMs in a bare-metal structure
rather than in the hosted structure
Type-2 or hosted hypervisors
 These hypervisors run on a conventional
operating system just as other computer
programs do.
 Type-2 hypervisors abstract guest operating
systems from the host operating system.
 Examples:
 VMware Workstation
 VMware Player
 VirtualBox
 Enables you to run various guest application
windows of your own on top of a base OS with the
help of the VMM
 Guest OSs in this virtualization structure have
limited access to the I/O devices
 The I/O connections to a given physical system are
owned by the host system only while their emulated
view is presented (when possible) by the VMM to
every single guest machine running on the same
base system
 Benefits and Drawbacks:
- With the hosted virtualization structure, multiple guest
systems are easily installed, configured, and run
- Setting VMWare Workstation on a Windows-based system
through the basic Windows installer is a matter of only a few
minutes
- After the VMM is installed, you can run several guest
systems on various platforms without any extra physical
resource requirement
- The hosted structure is incapable of providing a pass-
through to many I/O devices
- Performance of the hosted system may be downgraded,
because the I/O requests made by the guest systems must
be passed through a host OS
- A real-time OS is not supported in this structure either
Benefits of Virtualization
 Maximizing Resources—The pay-as-you-go
facility of virtualization helps organizations
utilize the maximum amount of required
resources.
 Reducing Hardware Costs—When you have
no requirements for infrastructure
maintenance, the cost for hardware reduces
automatically. You do not require installing
large servers, huge disk space, or expensive
databases, because you can avail these
services virtually, anytime
 Minimizing Maintenance Requirements—
The lesser is the hardware with you, the
lesser is the requirement for maintenance.
Virtualization helps you run multiple OSs on
a single hardware, which reduces the
hardware cost, as well as the need for
maintaining the hardware
 Enjoying Benefits of OS Services—
Virtualization helps you take advantage of
the facilities offered by different Oss
 Using Multiple Systems—Use of multiple
systems is made easy with the help of
virtualization.
 Testing Beta Software and Maintaining
Legacy Applications—
If the OS you use for testing software
releases gets corrupted, you can still
continue your work uninterrupted with the
other system running on the same
machine.
Likewise, if you have a legacy system on
which certain applications are run and
supported, you can continue with that
without requiring to port programs to a
different OS.
 Increasing System Security—You can
increase the security of your systems through
virtualization. Individual systems that are run
on virtual machines can be separated from
each other. This helps avoid the requirement
for different computers to be run on different
levels of security without being utilized to
their full capacity
1. Virtualization at the Instruction Set
Architecture (ISA) Level:
 Transforming the physical architecture of the system’s
instruction set completely into software
 Guest systems issue instructions for the emulator to
process and execute
 The instructions are received by the emulator, which
transforms them into a native instruction set
 These native instructions are run on the host machine’s
hardware
 Instructions include both the processor-oriented
instructions and the I/O-specific ones
Continue…
Advantages:
 Simple and robust

 Easy to implement multiple systems on single

physical structure
 Binding between host and guest is not stringent
but flexible
Drawbacks:
 Instructions to be interpreted before being
executed
 Poor performance
2. Virtualization at the Hardware Abstraction
Layer (HAL):
 Time spent in interpreting the instructions issued by the
guest platform into the instructions of the host platform is
reduced
 It finds similarities that exist between the architectures of
the systems
 Virtualization utilizes the native hardware for all its
computation and processing by mapping the virtual
resources into physical resources
 It increases the efficiency of the

virtual machine in handling various tasks

 Cannot fully virtualize all the

platforms through this technique

Advantages:
 Supports multiple OS and applications to run
simultaneously
 System does not require reboot or dual-boot
setup
 Better degree of isolation

 Implementation less risky and easy

Drawback:
 Lot of time for installation and administration

 Issue of redundancy
3. Virtualization at the OS Level:
 To overcome the issues of redundancy and time
consumption (to avoid duplicity OS in native & virtual)
 Higher level virtualization
 Sharing both hardware and OS
 The virtualization layer replicates the operating
environment, which is established on the physical
machine to provide a VE for the application by
creating partitions for each virtual system, whenever
demanded
4. Virtualization at the Application Level :
The user level programs and OSs are executed on applications
that behave like real machines
 I/O mapped input/output processing (in which special I/O
instructions are issued for hardware manipulation) or a
memory mapped input/output processing technique (in which
a small part of memory is mapped to the I/O and then the
memory is manipulated) is used to deal with the hardware.
 The set of instructions for an application is defined by the
machine specifically for itself
 You can run your applications

on these virtual machines as if

you are running your applications
on a physical machine
 Less Secure
5. Virtualization at the Programming
Language Level or Library Level :
 Programming the applications in most systems requires
an extensive list of Application Program Interfaces (APIs)
to be exported by implementing various libraries at the
user-level
 At the user-level library implementation, a different VE is
provided in this kind of abstraction
 VE is created above the OS layer, which can expose a
different class of binary interfaces altogether
 Implementation of a different set of Application Binary
Interfaces (ABIs) and/or APIs being implemented
through the base system and performing the function of
ABI/API emulation
Comparison between the
Implementation Levels of Virtualization
Virtualization Design Requirements
i. Equivalence Requirement—
 A machine that is developed through virtualization must
have a logical equivalence with the real machines
 The emulated system must be able to execute all the
applications and programs that are designed to execute
on the real machines with the only considerable
exception of timing
ii. Efficiency Requirement—
 The virtual machine must be as efficient in its
performance as a real system
 Virtualization is primarily done with a purpose of getting
efficient software without the physical hardware
iii. Resource Control Requirement—
 A typical computer system is a combination of various
resources, including processors, memory, and I/O
devices. All these resources must be managed and
controlled effectively by the VMM
 VMM must be in a state of enforcing isolation between
the virtualized systems
 The virtual machines or the VMM should not face any
interference in their operations due to other machines in
any manner, barring a case where interference is entitled
to the requirements for efficiency
 Open Source Virtualization
Technology
 Kernel-based Virtual Machine (KVM) and Xen are two open-
source technologies that provide virtualization support for the
Linux operating system
 KVM provides virtualization support for Operating Systems
(OSs) that are based on x86 hardware coupled with
virtualization extensions
 The infrastructure for virtualization, which provided by the kernel
module in KVM technology, requires a modified Quick EMUlator
(QEMU) for the implementation of virtualization
 KVM is used to host multiple VMs that run Linux OS images or
Windows OS images without modification
 Each of the VMs has been provided with its own set of
virtualized hardware components that include a network card,
disk, graphic adapter, etc.
Steps to install KVM
Step 1: Check whether CPU has hardware virtualization support
>sudo grep -c “svm\|vmx” /proc/cpuinfo
(if answer is ‘0’ then not supported , 1 or more indicates it does
support)
Step 2: Execute following commands to execute KVM on unbuntu
Virt-Manager is a graphical application for managing your virtual
machines.you can use the kvm
command directly, but libvirt and Virt-Manager simplify the process
>sudo apt-get update
>sudo apt-get install qemu-kvm qemu virt-manager virt-viewer libvirt-bin
>virt-manager
OR
>sudo apt-get install qemu-kvm libvirt-bin bridge-utils virt-manager
Step 3 : Create user
Only the root user and users in the libvirtd group have permission to
use KVM virtual machines.
Run the following command to add your user account to the libvirtd
group
>sudo adduser USERNAME
>sudo USERNAME tsec libvirtd
Step 4: Check whether everything is working correctly. Run following
command after logging
back in as tsec and you should see an empty list of virtual machines.
This indicates that
everything is working correctly
>virsh -c qemu:///system list
Step 5: Open Virtual Machine Manager application and Create Virtual
Machine
>virt-manager
Step 6: Create and run Virtual Machines
Xen Hypervisor
 Xen hypervisor is the only bare-metal hypervisor available
as open source
 Through Xen, a VM (or a host) can run a number of OS
images or multiple different OSs in parallel
 For example, the Xen hypervisor provides server
virtualization, desktop virtualization, security applications,
IaaS, and embedded and hardware appliances
 The Xen hypervisor is the most widely used virtualization
technique in the production environment at present
The key features of the Xen hypervisor include the
following:
 Robustness and Security: The technique follows the
microkernel design approach, offering a higher level of
robustness and security to the applications than other
hypervisors.
 Scope for Other Operating Systems: Not only can the
Xen hypervisor be run on the Linux OS working as the
main control stack but it can also be adjusted to other
systems as well
 Isolation of Drivers from the Rest of the System: The
main device drivers can be allowed by the Xen
hypervisor to run inside a VM, and in case the driver
suffers a crash or is compromised, it can be restarted by
rebooting the VM that contains the driver without causing
any effect on the other parts of the system.
Continue…
 Support for Paravirtualization:

The Xen hypervisor provides optimization support for

paravirtualized guests so that they can be run as VMs. This
feature helps guests run faster than the hypervisors
providing the hardware extension. Hardware having no
support for virtualization extension can also be used with
the Xen hypervisor

* Note: KVM is Type 2 hypervisor where Xen is Type 1

hypervisor
DOCKER
Docker
 Introduction to Docker
 Docker and Containers
 Concept of Containerization
 Listing of docker image
 Difference between docker and hypervisor
Introduction
 Docker is a container management service
 Develop, ship and run anywhere
 Developers to easily develop applications,
ship them into containers which can then be
deployed anywhere
Features
 Docker has the ability to reduce the size of development
by providing a smaller footprint of the operating system
via containers.
 With containers, it becomes easier for teams across
different units, such as development, QA and Operations
to work seamlessly across applications.
 You can deploy Docker containers anywhere, on any
physical and virtual machines and even on the cloud.
 Since Docker containers are pretty lightweight, they are
very easily scalable.
Components of Docker
 Docker client & server (Docker Engine/Machine)
 Docker Images
 Docker Hub
 Docker Containers
Application to
be deployed Docker Docker
with Server Machine
supporting
files

Docker
Hub

Application to
be deployed
Docker
with
Container
supporting
files
 Docker client and server:
- It is a client-server
application
- Docker client talks to the
Docker server or daemon
which does all work
- Docker architecture
 Docker images:
- Images are the "build" part of Docker's life cycle
- They are a layered format, using Union file
systems
- Images to be the "source code" for your
containers
- They are highly portable and can be shared,
stored, and updated
Registries
 Docker stores the images you build in registries
 There are two types of registries: public and
private
 You can create an account on the Docker Hub
and use it to share and store your own images
Containers

 Docker helps you build and deploy containers

inside of which you can package your
applications and services
 containers are launched from images and can
contain one or more running processes
 Images are the building or packing aspect of
Docker where containers are the running or
execution aspect of Docker
 Hypervisor Docker
OS Support It supports multiple OS Supports only linux
system
Deployment Can be deployed on Deployed on software only
hardware or software (OS)
Need We can use multiple OS It does not create multiple
using hypervisor instances of OS but creates
multiple containers on single
OS
Resources More resources and power Requires low resources
required
Boot time Requires more time for Requires seconds for booting
booting
OS involvement Hypervisor works with host Docker does not have an OS
OS and guest OS which for itself and thus it creates
creates layers that run the instances and parameters by
hardware. sitting on top of OS.