virtual machines
play

Virtual Machines Heyi Li and Zhen Cao (Some of the figures are from - PowerPoint PPT Presentation

Aug 17, 2023 •377 likes •654 views

Fall 2014 :: CSE 506 :: Section 2 (PhD) Virtual Machines Heyi Li and Zhen Cao (Some of the figures are from the Internet) Fall 2014 :: CSE 506 :: Section 2 (PhD) Outline Basic concepts When virtual is better Implementation When

  1. Fall 2014 :: CSE 506 :: Section 2 (PhD) Virtual Machines Heyi Li and Zhen Cao (Some of the figures are from the Internet)

  2. Fall 2014 :: CSE 506 :: Section 2 (PhD) Outline • Basic concepts • When virtual is better • Implementation • When virtual is harder

  3. Fall 2014 :: CSE 506 :: Section 2 (PhD) Basic Concepts Type 1 (bare-metal) • What is a virtual machine? VM1 VM2 Guest – An emulation of a particular computer system Hypervisor • System VM vs. Process VM Host Hardware – System VM: supports the execution of a complete OS (Xen) VMware ESX, Microsoft Hyper-V, Xen – Process VM: supports the execution of a single Type 2 (hosted) process (JVM) VM1 VM2 Guest • Hypervisor (VMM) Process Hypervisor Hosting OS Host – Computer software that creates and runs VMs Hardware • Type I & II Hypervisor VMware Workstation, Microsoft Virtual PC, Sun VirtualBox, QEMU, KVM

  4. Fall 2014 :: CSE 506 :: Section 2 (PhD) Applications and Benefits Server Consolidation Test and Development VM1 VM1 VMn VMn VM1 … … App App App App App App OS OS OS OS OS OS VMM VMM HWn HW0 HW HW • Energy efficiency • Rapid deployment • Security • Reducing Maintenance costs

  5. Fall 2014 :: CSE 506 :: Section 2 (PhD) Virtualization Requirements • Fidelity – Software on the VM executes identically to its execution on hardware, barring time effects • Performance – Performance overhead must be small • Safety – The VMM manages all hardware resources

  6. Fall 2014 :: CSE 506 :: Section 2 (PhD) Obstacles for X86 • Trap-and-emulate – All virtualization-sensitive instructions are also privileged instructions • x86 architecture once thought to be not fully virtualizable – Certain privileged instructions behave differently when run in unprivileged mode (POPF) – Certain unprivileged instructions can access privileged state (SGDT) • Techniques to address inability to virtualize x86 – Full virtualization w/o hardware support – Binary Translation (VMware ESX) – Paravirtualization (Xen) – Hardware-assisted virtualization

  7. Fall 2014 :: CSE 506 :: Section 2 (PhD) Binary Translation

  8. Fall 2014 :: CSE 506 :: Section 2 (PhD) Binary Translation • Binary: input is binary x86 code, not source code • On-the-fly: dynamic and on demand • Only need to translate kernel mode code – User mode: direct execution • Even for kernel mode, most instruction sequences don’t change • Instructions that do change: – Indirect control flow: call/ret, jmp – PC-relative addressing – Privileged instructions

  9. Fall 2014 :: CSE 506 :: Section 2 (PhD) Hash Table ([x], [y]) Translation Cache 3 PC [x] [y] Execute Binary Translator 2 4 1 TU CCF 5 1. A translation unit stops at 12 instructions 3. Track the translation cache with a hash table or a control-flow instruction 4. Execute the CCF 2. Translated into Compiled Code 5. Continuation (either fall-through or taken- branch) Fragments(CCF) and cached

  10. Fall 2014 :: CSE 506 :: Section 2 (PhD) Memory 0 4GB Guest Virtual Address (gVA) Space Guest Page Table (Visible to guest OS) 0 4GB Shadow Page Table Guest Physical Address (gPA) Space (Resides in hardware and maintained by VMM PhysMap (Pmap) (Maintained by VMM) VMM) 0 4GB Host Physical Address (hPA) Space

  11. Fall 2014 :: CSE 506 :: Section 2 (PhD) Shadow Page Tables • Translation from gVA to hPA directly by hardware • If not present, page fault generated by hardware • Hidden page fault : the mapping present in guest page table – VMM walks the guest page table to determine the gPA backing that gVA – VMM allocates a physical page, and adds the mapping to Pmap – Updates the shadow page table • True page fault : the mapping not present in guest page table – VMM generates an exception on the virtual cpu – Resume executing on the first instruction of the guest exception handler

  12. Fall 2014 :: CSE 506 :: Section 2 (PhD) I/O Virtualization – Direct I/O Model • Place drivers for high-performance I/O Full Virtualization devices directly into hypervisor VM 0 VM n • Not attempt to have the virtual hardware Guest OS Guest OS match the specific underlying hardware and Apps and Apps • Virtualize selected, canonical I/O devices I/O Services • Problems Device Drivers – Larger Hypervisor Hypervisor – Need to protect hypervisor from driver faults Shared Devices

  13. Fall 2014 :: CSE 506 :: Section 2 (PhD) Paravirtualization

  14. Fall 2014 :: CSE 506 :: Section 2 (PhD) CPU Virtualization • Privilege levels in x86 – Ring 0: Xen – Ring 1: guest OS – Ring 3: user apps • Isolation – Guest user mode and guest kernel mode • Page table “supervisor” bit: PTE_U – Guest OS and VMM • Segmentation – Problem with x86-64

  15. Fall 2014 :: CSE 506 :: Section 2 (PhD) CPU Virtualization (cont.) • Privileged instructions – Hypercalls – Modify source codes – Validated and executed by Xen (e.g., installing a new PT) • Exceptions – Registered with Xen once. Accepted (validated) if don’t require to execute exception handlers in ring0. – Called directly without Xen intervention – All syscalls from apps to guest OS handled this way (and executed in ring1) • Page fault handlers are special – Faulting address can be read only in ring 0 – Xen reads the faulting address and passes it via stack to the OS handler in ring1

  16. Fall 2014 :: CSE 506 :: Section 2 (PhD) Memory Virtualization • Physical memory – At domain creation, hardware pages “reserved” – Domain can increase/decrease its quota – Xen does not guarantee that the hardware pages are contiguous • Virtual memory – Register guest OS page tables directly with MMU – Guest OS allocates and initializes a page from its own memory reservation and registers it with Xen • Every guest OS has its own address space • Xen occupies top 64MB of every address space. • To save switching costs between address spaces (hypervisor calls) – Xen involved only in memory updates

  17. Fall 2014 :: CSE 506 :: Section 2 (PhD) I/O Virtualization – Indirect I/O Model • Uses a privileged virtual Paravirtualization machine (Domain0) for all Guest VMs Service VMs device drivers VM n • Simple interfaces for guest OSes I/O Services VM 0 • Pros Device Drivers Guest OS – higher security and Apps • Cons Hypervisor – lower performance Shared Devices

  18. Fall 2014 :: CSE 506 :: Section 2 (PhD) Hardware-assist Virtualization (HVM)

  19. Fall 2014 :: CSE 506 :: Section 2 (PhD) Intel’s VT -x Virtual Machines (VMs) • More-privileged mode for VMM Apps Apps Ring 3 • Less-privileged mode for guest OS OS OS Ring 0 • Eliminate de-privileging of Ring VM Exit VM Entry for guest OS VMX VM Monitor (VMM) Root

  20. Fall 2014 :: CSE 506 :: Section 2 (PhD) VM Control Structure(VMCS) • Execution controls determine when exits occur – Access to privileged state, occurrence of exceptions, etc. – Flexibility provided to avoid unwanted exits • Guest-state area – Processor state saved into the guest-state area on VM exits and loaded on VM entries • Host-state area – Processor state loaded from the host-state area on VM exits • Other

  21. Fall 2014 :: CSE 506 :: Section 2 (PhD) Extended Page Table(EPT) CR3 EPT Base Pointer (EPTP) Host Physical Address Guest Extended Guest Physical Address Guest Linear Address Page Page Tables Tables • A new page-table structure, under the control of the VMM – Defines mapping between GPA & HPA – EPT base pointer (new VMCS field) points to the EPT page tables – EPT (optionally) activated on VM entry, deactivated on VM exit • Guest has full control over its own IA-32 page tables – No VM exits due to guest page faults, INVLPG, or CR3 changes

  22. Fall 2014 :: CSE 506 :: Section 2 (PhD) I/O Virtualization Full Virtualization Paravirtualization Pass-through Model Guest VMs Service VMs VM 0 VM n VM 0 VM n VM n I/O Guest OS Guest OS Guest OS Guest OS Services and Apps and Apps VM 0 and Apps and Apps Device Device Device Guest OS Drivers Drivers I/O Services Drivers and Apps Device Drivers Hypervisor Hypervisor Hypervisor Assigned Shared Shared Devices Devices Devices

  23. Fall 2014 :: CSE 506 :: Section 2 (PhD) IOMMU • Device pass through – Directly assign a physical device to a particular guest OS – Address space translation handled transparently • Device isolation – Safely map a device to a particular guest without risking the integrity of other guests

  24. Fall 2014 :: CSE 506 :: Section 2 (PhD) IOMMU • Translation Control Entry – Translation from a DMA address to a host memory address

  25. Fall 2014 :: CSE 506 :: Section 2 (PhD) Security Problems • Transience – Large numbers of machines appear and disappear from the network sporadically • Diversity – Long and painful upgrade cycles • Identity – Difficult to establish who owns a VM running on a particular physical host • Mobility – Can be easily copied over a network or carried on portable storage media

  26. Fall 2014 :: CSE 506 :: Section 2 (PhD) Discussion

  27. Fall 2014 :: CSE 506 :: Section 2 (PhD) Thanks!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Virtual Machines Uses for Virtual Machines There are several uses for virtual machines:

Virtual Machines Uses for Virtual Machines There are several uses for virtual machines:

Virtual Machines Uses for Virtual Machines There are several uses for virtual machines: Virtual machine technology, often just called virtualization , makes one computer behave as several Running several operating systems simultaneously on

254 views • 10 slides
Virtual machines COMP 520 Fall 2012 Virtual machines (2) Compilation and execution modes of

Virtual machines COMP 520 Fall 2012 Virtual machines (2) Compilation and execution modes of

COMP 520 Fall 2012 Virtual machines (1) Virtual machines COMP 520 Fall 2012 Virtual machines (2) Compilation and execution modes of Virtual machines: Abstract syntax trees AOT-compile Interpreter Virtual machine code

662 views • 40 slides
Virtual Machines Tom Goff & David Dufresne We have created virtual machines for both

Virtual Machines Tom Goff & David Dufresne We have created virtual machines for both

Motivation for using Virtual Machines Tom Goff & David Dufresne We have created virtual machines for both VirtualBox and Vmware Player. Both options are supported across several platforms, but experience says that some hardware plays

178 views • 5 slides
Virtual Machines Virtual Machines What is a virtual machine? Examples? Benefits?

Virtual Machines Virtual Machines What is a virtual machine? Examples? Benefits?

Virtual Machines Virtual Machines What is a virtual machine? Examples? Benefits? Virtualization Creation of an isomorphism that maps a virtual guest system to a real host: Maps guest state S to host state V(S) For any

271 views • 26 slides
Introduction to Virtual Machines Introduction Abstraction and interfaces Virtualization

Introduction to Virtual Machines Introduction Abstraction and interfaces Virtualization

Introduction to Virtual Machines Introduction Abstraction and interfaces Virtualization Computer system architecture Process virtual machines System virtual machines 1 EECS 768 Virtual Machines Abstraction Mechanism to

704 views • 31 slides
Virtual machines should be invisible (and might be augmented) Stephen Kell

Virtual machines should be invisible (and might be augmented) Stephen Kell

Virtual machines should be invisible (and might be augmented) Stephen Kell stephen.kell@cs.ox.ac.uk some joint work with Conrad Irwin (University of Cambridge) Virtual machines should be. . . p.1/37 Spot the virtual machine (1) Virtual

963 views • 40 slides
Virtual Machines Disclaimer: some slides are adopted from book authors slides with permission 1

Virtual Machines Disclaimer: some slides are adopted from book authors slides with permission 1

Virtual Machines Disclaimer: some slides are adopted from book authors slides with permission 1 Recap: Virtual Machines Enabling technology of cloud computing Basic idea: Provide machine abstractions 2 Recap: Virtual Machines

465 views • 23 slides
Virtual Machines Should Be Invisible Stephen Kell stephen.kell@cs.ox.ac.uk joint work with

Virtual Machines Should Be Invisible Stephen Kell stephen.kell@cs.ox.ac.uk joint work with

Virtual Machines Should Be Invisible Stephen Kell stephen.kell@cs.ox.ac.uk joint work with Conrad Irwin (University of Cambridge) Virtual machines should be. . . p.1/20 Spot the virtual machine (1) Virtual machines should be. . .

897 views • 20 slides
System Virtual Machines Introduction Key concepts Resource virtualization

System Virtual Machines Introduction Key concepts Resource virtualization

System Virtual Machines Introduction Key concepts Resource virtualization processors memory I/O devices Performance issues Applications EECS 768 Virtual Machines 1 Introduction System virtual machine

621 views • 38 slides
1 2 The first set of slides will introduce the basics of virtualization and virtual machines.

1 2 The first set of slides will introduce the basics of virtualization and virtual machines.

So we will start the course with an introduction on virtual machines. 1 2 The first set of slides will introduce the basics of virtualization and virtual machines. Many of these concepts should be familiar to students from other classes,

487 views • 47 slides
Dawn Song dawnsong@cs.berkeley.edu 1 Virtual Machines VM: Execution environment that gives

Dawn Song dawnsong@cs.berkeley.edu 1 Virtual Machines VM: Execution environment that gives

Virtual Machines & Security Dawn Song dawnsong@cs.berkeley.edu 1 Virtual Machines VM: Execution environment that gives the illusion of a real machine VMM/Hypervisor: host software which provides this capability Pioneered by IBM

75 views • 5 slides
CHAPTER 3: Virtual Machines and Virtualization of Clusters and Data Centers Presented by Faramarz

CHAPTER 3: Virtual Machines and Virtualization of Clusters and Data Centers Presented by Faramarz

CHAPTER 3: Virtual Machines and Virtualization of Clusters and Data Centers Presented by Faramarz Safi (Ph.D.) Islamic Azad University, Najafabad Branch 1 SUMMARY The reincarnation of virtual machines (VMs) presents a great opportunity for

849 views • 81 slides
Dynamic, Metamorphic (and opensource) Virtual Machines A. Desnos ESIEA - Operational Cryptology

Dynamic, Metamorphic (and opensource) Virtual Machines A. Desnos ESIEA - Operational Cryptology

Introduction Obfuscation Virtual Machines Android/Java appplications Conclusion Dynamic, Metamorphic (and opensource) Virtual Machines A. Desnos ESIEA - Operational Cryptology and Virology Laboratory (CVO) 38 rue des Dr Calmette et Gurin,

1.21k views • 75 slides
Introduction to Virtual Machines Michael Jantz Acknowledgements Slides adapted from Chapter 1

Introduction to Virtual Machines Michael Jantz Acknowledgements Slides adapted from Chapter 1

Introduction to Virtual Machines Michael Jantz Acknowledgements Slides adapted from Chapter 1 in Virtual Machines: Versatile Platforms for Systems and Processes by James E. Smith and Ravi Nair Credit to Prasad A. Kulkarni some slides

698 views • 33 slides
Virtual Machines What is a Virtual Machine? Java Virtual Machine (Application Virtualization)

Virtual Machines What is a Virtual Machine? Java Virtual Machine (Application Virtualization)

Virtual Machines What is a Virtual Machine? Java Virtual Machine (Application Virtualization) Software to simulate hardware Independent Separate Use one piece of hardware to simulate many computers Topics What are

519 views • 22 slides
Virtual Machines for ROC: Initial Impressions Pete Broadwell pbwell@cs.berkeley.edu Talk

Virtual Machines for ROC: Initial Impressions Pete Broadwell pbwell@cs.berkeley.edu Talk

Virtual Machines for ROC: Initial Impressions Pete Broadwell pbwell@cs.berkeley.edu Talk Outline 1. Virtual Machines & ROC: Common Paths 2. Quick Review of VMware Terminology 3. Case Study: Using VMware for Fault Insertion 4. Future

364 views • 22 slides
Ad-hoc File System Forensics Andreas Schuster 1 Introduction Standard Operating Procedure

Ad-hoc File System Forensics Andreas Schuster 1 Introduction Standard Operating Procedure

Ad-hoc File System Forensics Andreas Schuster 1 Introduction Standard Operating Procedure Extract disk drive Connect to write-blocking device Create image Load image into analysis software Analyze! 2 Introduction But how

564 views • 27 slides
Hash Proof Systems and Password Protocols III SPHF-based PAKE David Pointcheval CNRS, Ecole

Hash Proof Systems and Password Protocols III SPHF-based PAKE David Pointcheval CNRS, Ecole

Hash Proof Systems and Password Protocols III SPHF-based PAKE David Pointcheval CNRS, Ecole normale sup erieure/PSL & INRIA 8th BIU Winter School Key Exchange February 2018 CNRS/ENS/PSL/INRIA David Pointcheval 1/53 Intuition

475 views • 18 slides
Oregon APAC- Leveraging Race & Ethnicity Data From Other State Data Sources 2020 NAHDO

Oregon APAC- Leveraging Race & Ethnicity Data From Other State Data Sources 2020 NAHDO

Oregon APAC- Leveraging Race & Ethnicity Data From Other State Data Sources 2020 NAHDO Conference Presentation 8/26/20 Mary Ann Evans, MS, MPH, PhD Analyst, Oregon Health Authority, Health Analytics Collaboration & Acknowledgement

511 views • 18 slides
Ensemble sensitivity and sampling error correction evaluated using a convective-scale 1000 member

Ensemble sensitivity and sampling error correction evaluated using a convective-scale 1000 member

Ensemble sensitivity and sampling error correction evaluated using a convective-scale 1000 member ensemble Tobias Necker (LMU) M. Weissmann (LMU, DWD), S. Geiss (LMU), T. Miyoshi (RIKEN), J. Ruiz (CIMA), G.-Y. Lien (TCBW) and J. Anderson (NCAR)

610 views • 16 slides
PromQL for security Carlos Arilla carlos@sysdig.com carillan@gmail.com @carillan_ November

PromQL for security Carlos Arilla carlos@sysdig.com carillan@gmail.com @carillan_ November

PromQL for security Carlos Arilla carlos@sysdig.com carillan@gmail.com @carillan_ November 2019 Hello World Carlos Arilla Tech Marketing Engineer @ Sysdig Father of 3! Professional interests: Personal interests: Cloud Native

270 views • 14 slides
Checking multi-view consistency of discrete systems with respect to periodic sampling abstractions

Checking multi-view consistency of discrete systems with respect to periodic sampling abstractions

Checking multi-view consistency of discrete systems with respect to periodic sampling abstractions Maria Pittou 1 and Stavros Tripakis 2 1 Aalto University 2 Aalto University and UC Berkeley CL Day, Aalto 2016 Maria Pittou, Stavros Tripakis

1.25k views • 96 slides
Design and Implementation of an OpenFlow Hardware Abstraction Layer D. Parniewicz, R. Doriguzzi

Design and Implementation of an OpenFlow Hardware Abstraction Layer D. Parniewicz, R. Doriguzzi

Design and Implementation of an OpenFlow Hardware Abstraction Layer D. Parniewicz, R. Doriguzzi Corin, L. Ogrodowczyk, M. Rashidi Fard, J. Matias, M. Gerola, V. Fuentes, U. Toseef, A. Zaalouk, B. Belter, E. Jacob, Kostas Pentikousis ACM

110 views • 10 slides
LIVING WITH BEAVER strategies for addressing beaver issues on your land SPEAKERS: Matt

LIVING WITH BEAVER strategies for addressing beaver issues on your land SPEAKERS: Matt

LIVING WITH BEAVER strategies for addressing beaver issues on your land SPEAKERS: Matt Blankenship , WDFW Wildlife Conflict Specialist Sarah Doyle, NOSC Stewardship Coordinator Jill Zarzeczny, JCCD District Manager Strategies for Living With

831 views • 16 slides

More recommend