GEEP session on Virtualization

GEEP --- GEEKs Of Pune...
GEEP is a non-profit group to promote Linux system software.You can find more details at :-
http://tech.groups.yahoo.com/group/geep_linux/

On 25th May'08 GEEP has organized the session on Virtualization.There were two presentations:-
a. For beginners by me.
b. For advance users by Mr. Amit Shah

If we put "vitualization" on any search engine we get 'n' number of results and get confused.
So, I put more emphasis on the basics.

I started my talk by comparing abstraction and virtualizarion.In virtualization we do not hide the underlying details and real system is transformed so that it appears to be different. For abstraction you can think of the OSI model.

Then I talked about the "Why Virtualization". Some of the reasons are:-
* Server consolidation *Multiple execution environments
* Virtual hardware * Debugging
* Software migration (Mobility) * Testing/Quality Assurance
* Live Migration * Balancing Resources


If we talk about virtualization then we definitely has to talk about the computer architecture.

* ISA (Instruction set architecture ) divides hardware and software. There are two kind of ISA, User ISA and System ISA.

* ABI (Application Binary Interface) provides a program with access to the hardware resource and services available in a system. It consists of User ISA and System Call Interfaces

* API (Application Programming Interface) is a source code interface that an operating system, library or service provides to support requests made by computer programs.
clib in Unix environment : supports the UNIX/C programming .

By taking above things in mind we can divide Virtual Machines in two categories:-

Process VM at the ABI level: Virtualization of individual processes.
E.g., running x86 applications on Alpha CPU.
Java is another example of process virtualizaton. When we compile a java program, it is compiled into some kind a pseudo language which can interpreted by a jvm(java virtual machine). That is java is platform independent. Please note that jvm is different is each platform.

Process virtualization is a matter of correct functioning and not a matter of performance.

System VM at the ISA level.
Virtualization of complete systems
E.g., running Linux (and its applications) on Windows.

In system virtualiztion I talked about hardware emulation, hypervisor, full and para virtualization.I referred following for the same.
http://www.ibm.com/developerworks/library/l-linuxvirt/index.html

Then I talked about a bit kvm and handed over to Amit.
Amit's presentation was awesome.

I was surprised to know that kvm is now supporting para-virtualization as well.

Why Para-vitualization was needed?

Why Para-vitualization was needed?
I had this question in my mind for some time but the answer was not clear to me. So, I read some docs and figured it out.

From http://en.wikipedia.org/wiki/Intel-VT
x86 virtualization is the method by which x86-based "guest" operating systems are run under another "host" x86 operating system, with little or no modification of the guest OS. The x86 processor architecture did not originally meet the Popek and Goldberg virtualization requirements. As a result, it was very difficult to implement a general virtual machine on an x86 processor.

From http://www.kernelthread.com/publications/virtualization/
One of the most popular architectures, IA-32(x86), is not virtualization friendly. The analysis in a paper titled Analysis of the Intel Pentium's Ability to Support a Secure Virtual Machine Monitor reports at least seventeen instructions on the Pentium that make it "non-virtualizable". IA-32's privileged instructions cause a General Protection Exception when executed in non-privileged mode. Instructions like STR can be problematic: STR can be executed at any privilege level, but it tells you the security state of the machine (the value it retrieves has the Requestor Privilege Level, or RPL).

To overcome this guest OS was modified, so that it was aware that it is being virtualized.
And this is called para-vitualization.

From http://www.ibm.com/developerworks/linux/library/l-linux-kvm/
Older x86 processors produce different results for certain instructions depending upon the domain of execution. This creates a problem, because the hypervisor should execute in only the most protected domain. For this reason, virtualization solutions such as VMware will pre-scan code that is to execute to replace these instructions with trap instructions so that the hypervisor can handle them appropriately. Xen, supporting a cooperative method of virtualization, requires no modification, because the guest is aware that it's being virtualized and is modified. KVM simply ignores this problem and mandates that if you want virtualization, you'll have to run on newer hardware.