- Virtualization is the process of creating a virtual version of physical hardware resources such as CPU, memory, and storage.
- It allows multiple operating systems (OSes) and applications to run simultaneously on the same physical machine, improving hardware utilization and reducing costs.
- After virtualization, a virtualization layer (known as a Virtual Machine Monitor (VMM) or Hypervisor) is inserted between the hardware and operating system. This layer virtualizes physical components and provides virtual hardware to each guest OS.
Types of Virtualization Architectures
Virtualization can be classified into the following main architectures:
Hypervisor-Based Virtualization (VMM)
➤ Definition:
A Hypervisor is a software layer that runs directly on the hardware (bare metal) and provides hardware-level virtualization.
➤ Types:
- Microkernel Hypervisor:
Contains only core functionalities like CPU scheduling and memory management.
Example: Microsoft Hyper-V - Monolithic Hypervisor:
Contains full functionalities including device drivers.
Example: VMware ESXi
➤ Responsibilities:
- Manage VM creation, execution, and resource allocation.
- Convert physical resources into virtual equivalents for guest OSes.
Xen Architecture
- Xen is an open-source microkernel hypervisor developed by Cambridge University.
- Xen separates policy (handled by Domain 0) from mechanism (implemented in the hypervisor).
➤ Components:
| Component | Role |
|---|---|
| Xen Hypervisor | Minimal layer that interacts with hardware. |
| Domain 0 (Dom0) | Privileged guest OS that manages devices and other VMs. |
| Domain U (DomU) | Unprivileged guest VMs that run applications. |
➤ Functions of Domain 0:
- Device management
- VM lifecycle management
- Hardware resource allocation
➤ Security Note:
If Domain 0 is compromised, the entire system is at risk. Proper policies must secure it.
Binary Translation with Full Virtualization
➤ Definition:
In full virtualization, the guest OS is not modified. The virtualization software intercepts sensitive instructions and translates them into safe instructions using binary translation.
➤ Working:
- Non-critical instructions run directly on hardware.
- Critical instructions are trapped and emulated by the VMM.
➤ Binary Translation (VMware Example):
- VMM runs at Ring 0, Guest OS at Ring 1.
- VMM scans the instruction stream and replaces sensitive instructions with traps.
- Trapped instructions are handled in software via emulation.
➤ Pros:
- Guest OS is unaware of virtualization.
- Compatible with unmodified OSes like Windows, Linux.
➤ Cons:
- Performance overhead due to instruction translation.
- Difficult to virtualize I/O-intensive applications efficiently.
Host-Based Virtualization
➤ Definition:
A host OS runs on the physical hardware, and a virtualization layer is installed on top of it. Guest OSes run above this virtualization layer.
➤ Advantages:
- Easy to install; no modification to host OS needed.
- Can use existing device drivers from host OS.
➤ Disadvantages:
- Lower performance due to multiple layers of instruction mapping.
- Binary translation required when ISA of guest ≠ host hardware.
- Involves 4 layers: App → Guest OS → VMM → Host OS → Hardware
Para-Virtualization with Compiler Support
➤ Definition:
Para-virtualization involves modifying the guest OS kernel to replace non-virtualizable instructions with hypercalls to the hypervisor. This improves performance by reducing binary translation overhead.
Para-Virtualization Architecture
➤ Working:
- Guest OS runs in Ring 1.
- Privileged instructions are replaced with hypercalls to the VMM.
- The guest OS cannot run directly on bare metal.
➤ Issues:
- Compatibility issues with unmodified OSes.
- Maintenance cost is high due to guest OS modifications.
- Performance gains vary depending on workload.
KVM (Kernel-based Virtual Machine)
- Part of Linux kernel (since version 2.6.20).
- Uses Linux for scheduling and memory management.
- KVM itself handles VM creation and management.
- Supports unmodified guest OSes like Windows, Solaris, Linux.
Compiler-Based Para-Virtualization
- Instead of handling sensitive instructions at runtime, they are replaced at compile time using hypercalls.
- Common in Xen architecture.
- In UNIX systems, system calls become hypercalls in virtual environments.