What is Virtualization?
Virtualization, also known as virtualization, is a technology designed to create an intermediary layer between a computer’s hardware system and the software that runs on it. The idea of server virtualization technology is that a single physical machine can form many independent virtual machines. Each virtual machine has a separate system source setup, its own operating system, and its own applications. Virtualization is derived from disk partitioning, they divide a real server into many logical servers. Once the physical server is split, each logical server can run an operating system and independent applications.
Watching: What is Hypervisor
–> In short, virtualization is a method to create a virtualized version on a physical computer.
Why should you use virtualization technology
?Saving costs and optimizing IT infrastructure is something that businesses are interested in, especially those with many branches throughout the country. or globally. Virtualization helps businesses improve data security, enhance disaster recovery, improve flexibility, and cut IT investment costs such as constantly updating software, new features… on multiple physical computers.
What is a Virtual Machine
?Virtual Machine, also known as a virtual machine, is a standalone operating environment – software that works with but independently of the host operating system.
What is Hypervisor/VMM
?Hypervisor also known as virtual machine monitoring software: A software program that manages one or more virtual machines (VMs). It is used to create, start, stop and reset virtual machines. Hypervisors allow each VM or “guest” to access the underlying layer of physical hardware resources, such as CPU, RAM, and storage. It can also limit the amount of system resources that each virtual machine can use to ensure that multiple virtual machines are used simultaneously on a system.
–>In short, hypervisor is technology software to create virtual machines and monitor and control virtual machines.
There are 2 types of hypervisor, Native (also known as Bare metal) and Host Based
A native (aka “bare-metal”) hypervisor runs directly on the hardware. It is located between the hardware and one or more guest operating systems. It is started before the operating system and interacts directly with the kernel. This gives the best possible performance because no major operating system competes with it for computing resources. However, it also means that the system can only be used to run virtual machines because the hypervisor is always running in the background.
These native hypervisors include VMware ESXi, Microsoft Hyper-V and Apple Boot Camp.
A hosted hypervisor is installed on a host computer, in which an operating system is installed. It runs like an application like any other software on the computer. Most hosted hypervisors can manage and run multiple virtual machines at the same time. The advantage of a hosted hypervisor is that it can be turned on or off as needed, freeing up resources for the server. However, because it runs on top of an operating system, it can provide the same performance as a hypervisor in its native form.
Examples of hosted hypervisors include VMware Workstation, Oracle VirtualBox, and Parallels Desktop for Mac.
In computer science, Hierarchical Protection Domains (or Protection Rings) are mechanisms intended to protect a program’s data and functionality from the risk of errors or unauthorized access by other programs.
A Protection Ring is a level (mode/level/layer) of system resource access. The number of Rings depends on the CPU architecture and how many Rings the operating system running on that architecture is capable of supporting.
Rings are arranged in a hierarchy, from the most privileged (for trusted-software, usually numbered 0) to the least privileged (for untrusted-software, numbered the highest).
See also: What is a Commercial Bank, Classification of Commercial Banks
Below is an illustration of the Rings in the x86 . CPU architecture
Programs operating at Ring 0 have the highest privileges and can directly interact with hardware such as CPU, Memory, etc.
To allow applications located in the high-weight Ring to access resources managed by programs located in the lower-weight Ring, special gates are built. For example, a system call (system function call) between Rings.
Strict regulation of which programs reside in which Ring plus the construction of appropriate ports between Rings will ensure system stability and prevent unauthorized use of programs located in high Rings. intentionally or unintentionally) resources for other programs are located in the lower Ring
For example, a spyware running as a regular user application (under untrusted software) located at Ring 3 intends to turn on the webcam without the user’s consent. This behavior will be prevented by the system because it wants to access To the hardware is the webcam device, it must use a function in the device driver software of the webcam (belonging to trusted software) located at Ring 1.
Most operating systems only use 2 Rings even if the hardware on which the OS runs supports more than 2 Rings. For example, Windows only uses 2 levels, Ring 0 (corresponding to Kernel Mode) and Ring 3 (corresponding to User Mode).
–> In short, ring isolates the user from the operating system by privilege levels.
In virtualization, one can virtualize:
RAM virtualizationCPU virtualizationNetwork virtualizationDevice I/O virtualization
In the framework of the article, I will only focus on CPU virtualization.
There are 4 types of CPU virtualization:
ParavirtualizationContainer-based VirtualizationHardware Assisted VirtualizationOS level VirtualizationHybrid Virtualization: ( Hardware Virtualized with PV Drivers )
In the framework of the article, I will focus on Full Virtualization and Paravirtualization
In this solution, the non-virtualizable instructions from the guest OS are translated through binary translation at the virtualization layer and cached the results for future use. The user level application performs direct execution through the virtualization layer. In this way, the obstacle that the guest OS directives do not work at the non-zero ring is overcome and the user level applications still operate at native speed (the same request response rate as without virtualization). Guest OS doesn’t realize it’s on a virtualization layer at all because low-level requests don’t change anything. Therefore guestOS does not have to edit anything at all.
The Guest OS will not have the operating system modified to be compatible with the hardware, but it will binaryize the requests, then give it to the VMM, then the VMM will act as an intermediary for the Hardware guy to handle.
Looking at its ring = 1, this Guest OS only runs on user lever rights, not on privileges, it does not directly run on hardware. But because the OS’s code has not been modified, the Guest OS guy doesn’t know it, and it works as normal on the real machine, but actually it’s working with the VMM guy.
In paravirtualization, the hypervisor provides the hypercall interface. Guest OS will be modified kernel code to replace non-virtualizable instructions with these hypercalls. Because the guest OS kernel code has to be edited, this solution cannot be used with some closed source operating systems like windows. Additionally, since the guest OS uses hypercall, it knows it’s on a virtualization layer.
The Guest OS guy has now been slightly modified, so that he can be located in ring o, in Vietnam it is called customary accession. The Guest OS guy understands his position is just a guest, but he can directly see the resources of the real machine, access to the hardware because it is located in ring 0.
But for the App, it still sees that this Guest OS guy has not changed, because the App needs the interface, the Guest OS still provides the interface, it’s still the API.
See also: What is Marketing
Hardware Assisted Virtualization – More Updates
Hardware vendor virtualization support solutions were announced in 2006 such as Intel’s VT-x or AMD’s AMD-v. Both of these solutions aim to build a new CPU mode dedicated to the virtualization layer called root mode (CPU mode -1). This way, the OS requests from the guest OS will automatically go through the virtualization layer and there is no need for binary translation because the guest OS is already at ring 0. The state of the guest OS will be saved in the Virtual machine control structure (VT-x) or Virtual machine control block (AMD-v). Although very promising, this solution is not optimal in terms of code, so the application is limited. Currently VMWare only utilizes hardware virtualization for 64 bit guest OS.
This is the combination of Full Virtualization father and Paravirtualization mother, having all the advantages of both parents, just not modified OS, compatible with hardware and still running at ring 0