SlideShare a Scribd company logo

2virtualizationtechnologyoverview 13540659831745-phpapp02-121127193019-phpapp01

Vietnam Open Infrastructure User Group
Vietnam Open Infrastructure User Group
Technology
1 of 22
Download to read offline
SSG System Software Division Virtualization Technology Overview Liu, Jinsong (jinsong.liu@intel.com)
2012/11/282 Agenda •Introduction  history  Usage model •Virtualization overview  cpu virtualiztion  memory virtualization  I/O virtualization •Xen/KVM architecture  Xen  KVM •Some intel work for Openstack  OAT
2012/11/283 Virtualization history • 60s’ IBM - CP/CMS on S360, VM370, … • 70’s 80s’ Silence • 1998 VMWare - SimOS project, Stanford • 2003 Xen - Xen project, Cambridge • After that: KVM/Hyper-v/Parallels …
2012/11/284 What is Virtualization • VMM is a layer of abstraction  support multiple guest OSes  de-privilege each OS to run as Guest OS • VMM is a layer of redirection  redirect physical platform to virtual platform illusions of many  provide virtaul platfom to guest os ... Virtual Machine Monitor (VMM) VMnVM0 Guest OS VM1 Platform HW I/O DevicesProcessorsMemory Apps Guest OS Apps Guest OS Apps ... Virtual Machine Monitor (VMM) VMnVM0 Guest OS VM1 Platform HW I/O DevicesProcessorsMemory Apps Guest OS Apps Guest OS Apps
2012/11/285 Server Virtualization Usage Model Server Consolidation Benefit: Cost Savings • Consolidate services • Power saving HWHW HW VMM Disaster Recovery HW VMM HW VMM … OS App OS App OS App … OS App HW VMM HW VMM • Benefit: Productivity Dynamic Load Balancing OS App 1 OS App 2 OS App 3 OS App 4 CPU Usage 30% CPU Usage 90% CPU Usage CPU Usage Benefit: Business Agility and Productivity R&D Production HW VMM OS App Benefit: Lost saving • RAS • live migration • relief lost
2012/11/286 Agenda •Introduction •Virtualization overview  CPU virtualization  Memory virtualization  I/O virtualization •Xen/KVM architecture •Some intel work for Openstack
2012/11/287 X86 virtualization challenges • Ring Deprivileging  Goal: isolate guest OS from • Controlling physical resources directly • Modifying VMM code and data  Ring deprivileging layout • vmm runs at full privileged ring0 • Guest kernel runs at • X86-32: deprivileging ring 1 • X86-64: deprivileging ring 3 • Guest app runs at ring 3  Ring deprivileging problems • Unnecessary faulting • some privilege instructions • some exceptions • Guest kernel protection (x86-64) • Virtualization holes  19 instructions • SIDT/SGDT/SLDT … • PUSHF/POPF …  Some userspace holes hard to fix by s/w approach • Hard to trap, or • Performance overhead
2012/11/288 X86 virtualization challenges Virtual Machine Monitor (VMM)Virtual Machine Monitor (VMM) VM0 Guest OS Apps VM0 Guest Kernel Guest Apps VM0 Guest OS Apps VM1 Guest Kernel Guest Apps VM0 Guest OS Apps VM2 Guest Kernel Guest Apps Ring0 Ring1 Ring3
2012/11/289 Typical X86 virtualization approaches • Para-virtualization (PV)  Para virtualization approach, like Xen  Modified guest OS aware and co-work with VMM  Standardization milestone: linux3.0 • VMI vs. PVOPS • Bare metal vs. virtual platform • Binary Translation (BT)  Full virtualization approach, like VMWare  Unmodified guest OS  Translate binary ‘on-the-fly’ • translation block w/ caching, • usually used for kernel, ~80% native performance • userspace app directly runs natively as much as possible, ~100% native performance • overall ~95% native performance • Complicated • Involves excessive complexities. e.g., self-modifying code • Hardware-assisted Virtualization (VT)  Full virtualization approach assisted by hardware, like KVM  Unmodified guest OS  Intel VT-x, AMD-v  Benefits: • Closing virtualization holes in hardware • Simplify VMM software • Optimizing for performance
2012/11/2810 Memory virtualization challenges • Guest OS has 2 assumptions  expect to own physical memory starting from 0 • BIOS/Legacy OS are designed to boot from address low 1M  expect to own basically contiguous physical memory • OS kernel requires minimal contiguous low memory • DMA require certain level of contiguous memory • Efficient MM management, e.g., less buddy overhead • Efficient TLB, e.g., super page TLB • MMU virtualization  How to keep physical TLB valid  Different approaches involve different complication and overhead
2012/5/1311 Machine Physical Memory Hypervisor Guest Pseudo Physical Memory 5 1 3 2 4 3 2 1 4 5 VM1 VM4VM3VM2 Memory virtualization challenges
2012/11/2812 Memory virtualization approaches • Direct page table  Guest/VMM in same linear space  Guest/VMM share same page table • Shadow page table  Guest page table unmodified • gva -> gpa  VMM shadow page table • gva -> hpa  Complication and memory overhead • Extended page table  Guest page table unmodified • gva -> gpa • full control CR3, page fault  VMM extended page table • gpa -> hpa • hardware based • good scalability for SMP • low memory overhead • Reduce page fault VMexit greatly • Flexible choices  Para virtualization • Direct page table • Shadow page table  Full virtualization • Shadow page table • Extended page table GVA GPA HPA Extended page table Shadow page table Direct page table Guest page table
13 Shadow page table • Guest page table remains unmodified to guest  Translate from gva -> gpa • Hypervisor create a new page table for physical  Use hpa in PDE/PTE  Translate from gva -> hpa  Invisible to guest Page Directory Page Table PDE PTE Page Directory Page Table PDE PTE vCR3 pCR3 Virtual Physical 2012/11/28
14 • Extended page table  Guest can have full control over its page tables and events • CR3, INVLPG, page fault  VMM controls Extended Page Tables • Complicated shadow page table is eliminated • Improved scalability for SMP guest Guest Page Tables Extended Page Tables Guest Physical Address Host Physical Address Guest Linear Address Guest CR3 EPT base pointer Extended page table 2012/11/28
2012/11/2815 I/O virtualization requirements • I/O device from OS point of view  Resource configuration and probe  I/O request: IO, MMIO  I/O data: DMA  Interrupt • I/O Virtualization require  presenting guestos driver a complete device interface • Presenting an existing interface • Software Emulation • Direct assignment • Presenting a brand new interface • Paravirtualization Device CPU Shared Memory Interrupt Register Access DMA
2012/11/2816 I/O virtualization approaches • Emulated I/O  Software emulates real hardware device  VMs run same driver for the emulated hardware device  Good legacy software compatibility  Emulation overheads limit performance • Paravirtualized I/O  Uses abstract interfaces and stack for I/O services  FE driver: guest run virtualization-aware drivers  BE driver: driver based on simplified I/O interface and stack  Better performance over emulated I/O • Direct I/O  Directly assign device to Guest • Guest access I/O device directly • High performance and low CPU utilization  DMA issue • Guest set guest physical address • DMA hardware only accept host physical address  Solution: DMA Remapping (a.k.a IOMMU) • I/O page table is introduced • DMA engine translate according to I/O page table  Some limitations under live migration
2012/11/2817 Virtual platform models ULM Hypervisor Host OS Guest OS Guest Apps LKM Guest OS Guest Apps ULM U-Hypervisor Service VMPreferred OS Apps P Processor Mgt code M Memory Mgt code DR Device Driver DM Device Model P P PM M M DR DR DR DM DM Hypervisor Model DM Host-based Model Hybrid Model N NoDMA N Preferred OS Apps Guest OS Guest Apps
2012/11/2818 Agenda •Introduction •Virtualization •Xen/KVM architecture •Some intel work for Openstack
2012/11/2819 Xen Architecture 0P 1/3P 3P I/O: PIT, APIC, PIC, IOAPICProcessor Memory Control Interface HypercallsEvent ChannelScheduler Inter-domain Event Channels Xen Hypervisor FrontendVirtual Drivers XenLinux64 DomainU Backend Virtualdriver Callback / Hypercall Native Device Drivers Control Panel (xm/xend) XenLinux64 Domain 0 Device Models Virtual Platform VM Exit 0D HVM Domain (64-bit) 3D Guest BIOS Unmodified OS FE Drivers Virtual Platform VM Exit Guest BIOS Unmodified OS FE Drivers HVM Domain (32-bit)
2012/11/2820 KVM Architecture VMCS VMCS VMCS vCPU vMEM vTimer vPIC vAPIC vIOAPIC Windows Guest Linux Guest Qemu-kvm Linux Kernel Root Non Root KVM module
2012/11/2821 Agenda •Introduction •Virtualization •Xen/KVM architecture •Some intel work for Openstack
Trusted Pools - Implementation Attestation Service Scheduler EC2APIOSAPI Query API User specifies :: Mem > 2G Disk > 50G GPGPU=Intel trusted_host=trusted HW/TXT Hypervisor / tboot OS App App App OS App App App Host agent Attestation Server Privacy CA Appraiser Whitelist DB Whitelist API HostAgentAPI QueryAPI OpenStack TrustedFilterCreate Attest Report Query trusted/ untrusted Create VM OAT- Based Tboot- Enabled

Recommended

Hypervisor Framework
Hypervisor FrameworkHypervisor Framework
Hypervisor Framework
Edgar Barbosa
 
Memory Virtualization
Memory VirtualizationMemory Virtualization
Memory Virtualization
Tsuyoshi OZAWA
 
Hypervisors
HypervisorsHypervisors
Hypervisors
Inzemamul Haque
 
Introduction to Virtualization, Virsh and Virt-Manager
Introduction to Virtualization, Virsh and Virt-ManagerIntroduction to Virtualization, Virsh and Virt-Manager
Introduction to Virtualization, Virsh and Virt-Manager
walkerchang
 
Virtualization basics
Virtualization basics Virtualization basics
Virtualization basics
Chandrani Ray Chowdhury
 
Virtualization Technology Overview
Virtualization Technology OverviewVirtualization Technology Overview
Virtualization Technology Overview
OpenCity Community
 
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVM
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVMHypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVM
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVM
vwchu
 
Kvm virtualization platform
Kvm virtualization platformKvm virtualization platform
Kvm virtualization platform
Ahmad Hafeezi
 

Recommended

Hypervisor Framework
Hypervisor FrameworkHypervisor Framework
Hypervisor Framework
Edgar Barbosa
 
Memory Virtualization
Memory VirtualizationMemory Virtualization
Memory Virtualization
Tsuyoshi OZAWA
 
Hypervisors
HypervisorsHypervisors
Hypervisors
Inzemamul Haque
 
Introduction to Virtualization, Virsh and Virt-Manager
Introduction to Virtualization, Virsh and Virt-ManagerIntroduction to Virtualization, Virsh and Virt-Manager
Introduction to Virtualization, Virsh and Virt-Manager
walkerchang
 
Virtualization basics
Virtualization basics Virtualization basics
Virtualization basics
Chandrani Ray Chowdhury
 
Virtualization Technology Overview
Virtualization Technology OverviewVirtualization Technology Overview
Virtualization Technology Overview
OpenCity Community
 
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVM
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVMHypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVM
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVM
vwchu
 
Kvm virtualization platform
Kvm virtualization platformKvm virtualization platform
Kvm virtualization platform
Ahmad Hafeezi
 
Virtualization with KVM (Kernel-based Virtual Machine)
Virtualization with KVM (Kernel-based Virtual Machine)Virtualization with KVM (Kernel-based Virtual Machine)
Virtualization with KVM (Kernel-based Virtual Machine)
Novell
 
Xen and the art of embedded virtualization (ELC 2017)
Xen and the art of embedded virtualization (ELC 2017)Xen and the art of embedded virtualization (ELC 2017)
Xen and the art of embedded virtualization (ELC 2017)
Stefano Stabellini
 
µ-Xen
µ-Xenµ-Xen
µ-Xen
Lars Kurth
 
Scheduler Support for Video-oriented Multimedia on Client-side Virtualization
Scheduler Support for Video-oriented Multimedia on Client-side VirtualizationScheduler Support for Video-oriented Multimedia on Client-side Virtualization
Scheduler Support for Video-oriented Multimedia on Client-side Virtualization
Hwanju Kim
 
Rootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project VirtualisationRootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project Virtualisation
The Linux Foundation
 
Xen io
Xen ioXen io
Xen io
wangyuanzhf
 
Virtualization
VirtualizationVirtualization
Virtualization
Edris Nasihat Kon
 
Cloud.pptm
Cloud.pptmCloud.pptm
Cloud.pptm
Mayank Chaudhari
 
Bare-Metal Hypervisor as a Platform for Innovation
Bare-Metal Hypervisor as a Platform for InnovationBare-Metal Hypervisor as a Platform for Innovation
Bare-Metal Hypervisor as a Platform for Innovation
The Linux Foundation
 
2. OS vs. VMM
2. OS vs. VMM2. OS vs. VMM
2. OS vs. VMM
Hwanju Kim
 
LCA13: Xen on ARM
LCA13: Xen on ARMLCA13: Xen on ARM
LCA13: Xen on ARM
Linaro
 
Xen and Client Virtualization: the case of XenClient XT
Xen and Client Virtualization: the case of XenClient XTXen and Client Virtualization: the case of XenClient XT
Xen and Client Virtualization: the case of XenClient XT
The Linux Foundation
 
Kvm
KvmKvm
Kvm
Bert Desmet
 
Dave Gilbert - KVM and QEMU
Dave Gilbert - KVM and QEMUDave Gilbert - KVM and QEMU
Dave Gilbert - KVM and QEMU
Danny Abukalam
 
Virtualization - Kernel Virtual Machine (KVM)
Virtualization - Kernel Virtual Machine (KVM)Virtualization - Kernel Virtual Machine (KVM)
Virtualization - Kernel Virtual Machine (KVM)
Wan Leung Wong
 
Mastering kvm virtualization- A complete guide of KVM virtualization
Mastering kvm virtualization- A complete guide of KVM virtualizationMastering kvm virtualization- A complete guide of KVM virtualization
Mastering kvm virtualization- A complete guide of KVM virtualization
Humble Chirammal
 
Hardware supports for Virtualization
Hardware supports for VirtualizationHardware supports for Virtualization
Hardware supports for Virtualization
Yoonje Choi
 
ACRN vMeet-Up EU 2021 - Introduction and Architecture Look Forward
ACRN vMeet-Up EU 2021 - Introduction and Architecture Look ForwardACRN vMeet-Up EU 2021 - Introduction and Architecture Look Forward
ACRN vMeet-Up EU 2021 - Introduction and Architecture Look Forward
Project ACRN
 
Technical update KVM and Red Hat Enterprise Virtualization (RHEV) by syedmshaaf
Technical update KVM and Red Hat Enterprise Virtualization (RHEV) by syedmshaafTechnical update KVM and Red Hat Enterprise Virtualization (RHEV) by syedmshaaf
Technical update KVM and Red Hat Enterprise Virtualization (RHEV) by syedmshaaf
Syed Shaaf
 
Experiences porting KVM to SmartOS
Experiences porting KVM to SmartOSExperiences porting KVM to SmartOS
Experiences porting KVM to SmartOS
bcantrill
 
5. IO virtualization
5. IO virtualization5. IO virtualization
5. IO virtualization
Hwanju Kim
 
virtual machine.ppt
virtual machine.pptvirtual machine.ppt
virtual machine.ppt
SushantShinde74
 

More Related Content

What's hot

Xen and the art of embedded virtualization (ELC 2017)
Xen and the art of embedded virtualization (ELC 2017)Xen and the art of embedded virtualization (ELC 2017)
Xen and the art of embedded virtualization (ELC 2017)
Stefano Stabellini
 
µ-Xen
µ-Xenµ-Xen
µ-Xen
Lars Kurth
 
Rootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project VirtualisationRootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project Virtualisation
The Linux Foundation
 
Virtualization - Kernel Virtual Machine (KVM)
Virtualization - Kernel Virtual Machine (KVM)Virtualization - Kernel Virtual Machine (KVM)
Virtualization - Kernel Virtual Machine (KVM)
Wan Leung Wong
 
Mastering kvm virtualization- A complete guide of KVM virtualization
Mastering kvm virtualization- A complete guide of KVM virtualizationMastering kvm virtualization- A complete guide of KVM virtualization
Mastering kvm virtualization- A complete guide of KVM virtualization
Humble Chirammal
 
Hardware supports for Virtualization
Hardware supports for VirtualizationHardware supports for Virtualization
Hardware supports for Virtualization
Yoonje Choi
 

What's hot (20)

Virtualization with KVM (Kernel-based Virtual Machine)
Virtualization with KVM (Kernel-based Virtual Machine)Virtualization with KVM (Kernel-based Virtual Machine)
Virtualization with KVM (Kernel-based Virtual Machine)
 
Xen and the art of embedded virtualization (ELC 2017)
Xen and the art of embedded virtualization (ELC 2017)Xen and the art of embedded virtualization (ELC 2017)
Xen and the art of embedded virtualization (ELC 2017)
 
µ-Xen
µ-Xenµ-Xen
µ-Xen
 
Scheduler Support for Video-oriented Multimedia on Client-side Virtualization
Scheduler Support for Video-oriented Multimedia on Client-side VirtualizationScheduler Support for Video-oriented Multimedia on Client-side Virtualization
Scheduler Support for Video-oriented Multimedia on Client-side Virtualization
 
Rootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project VirtualisationRootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project Virtualisation
 
Xen io
Xen ioXen io
Xen io
 
Virtualization
VirtualizationVirtualization
Virtualization
 
Cloud.pptm
Cloud.pptmCloud.pptm
Cloud.pptm
 
Bare-Metal Hypervisor as a Platform for Innovation
Bare-Metal Hypervisor as a Platform for InnovationBare-Metal Hypervisor as a Platform for Innovation
Bare-Metal Hypervisor as a Platform for Innovation
 
2. OS vs. VMM
2. OS vs. VMM2. OS vs. VMM
2. OS vs. VMM
 
LCA13: Xen on ARM
LCA13: Xen on ARMLCA13: Xen on ARM
LCA13: Xen on ARM
 
Xen and Client Virtualization: the case of XenClient XT
Xen and Client Virtualization: the case of XenClient XTXen and Client Virtualization: the case of XenClient XT
Xen and Client Virtualization: the case of XenClient XT
 
Kvm
KvmKvm
Kvm
 
Dave Gilbert - KVM and QEMU
Dave Gilbert - KVM and QEMUDave Gilbert - KVM and QEMU
Dave Gilbert - KVM and QEMU
 
Virtualization - Kernel Virtual Machine (KVM)
Virtualization - Kernel Virtual Machine (KVM)Virtualization - Kernel Virtual Machine (KVM)
Virtualization - Kernel Virtual Machine (KVM)
 
Mastering kvm virtualization- A complete guide of KVM virtualization
Mastering kvm virtualization- A complete guide of KVM virtualizationMastering kvm virtualization- A complete guide of KVM virtualization
Mastering kvm virtualization- A complete guide of KVM virtualization
 
Hardware supports for Virtualization
Hardware supports for VirtualizationHardware supports for Virtualization
Hardware supports for Virtualization
 
ACRN vMeet-Up EU 2021 - Introduction and Architecture Look Forward
ACRN vMeet-Up EU 2021 - Introduction and Architecture Look ForwardACRN vMeet-Up EU 2021 - Introduction and Architecture Look Forward
ACRN vMeet-Up EU 2021 - Introduction and Architecture Look Forward
 
Technical update KVM and Red Hat Enterprise Virtualization (RHEV) by syedmshaaf
Technical update KVM and Red Hat Enterprise Virtualization (RHEV) by syedmshaafTechnical update KVM and Red Hat Enterprise Virtualization (RHEV) by syedmshaaf
Technical update KVM and Red Hat Enterprise Virtualization (RHEV) by syedmshaaf
 
Experiences porting KVM to SmartOS
Experiences porting KVM to SmartOSExperiences porting KVM to SmartOS
Experiences porting KVM to SmartOS
 

Similar to 2virtualizationtechnologyoverview 13540659831745-phpapp02-121127193019-phpapp01

Server Virtualization
Server VirtualizationServer Virtualization
Server Virtualization
webhostingguy
 
Virtual Pc Seminar
Virtual Pc SeminarVirtual Pc Seminar
Virtual Pc Seminar
guest5b5549
 

Similar to 2virtualizationtechnologyoverview 13540659831745-phpapp02-121127193019-phpapp01 (20)

5. IO virtualization
5. IO virtualization5. IO virtualization
5. IO virtualization
 
virtual machine.ppt
virtual machine.pptvirtual machine.ppt
virtual machine.ppt
 
17-virtualization.pptx
17-virtualization.pptx17-virtualization.pptx
17-virtualization.pptx
 
Server virtualization
Server virtualizationServer virtualization
Server virtualization
 
Usenix Invited Talk
Usenix Invited TalkUsenix Invited Talk
Usenix Invited Talk
 
More on Virtualization 3.pptx
More on Virtualization 3.pptxMore on Virtualization 3.pptx
More on Virtualization 3.pptx
 
Xen revisited
Xen revisitedXen revisited
Xen revisited
 
Xen 10th anniversary Status Report (at SELF 2013)
Xen 10th anniversary Status Report (at SELF 2013)Xen 10th anniversary Status Report (at SELF 2013)
Xen 10th anniversary Status Report (at SELF 2013)
 
V mware view™ poc jumpstart service
V mware view™ poc jumpstart serviceV mware view™ poc jumpstart service
V mware view™ poc jumpstart service
 
Virtualizacao de Servidores - Windows
Virtualizacao de Servidores - WindowsVirtualizacao de Servidores - Windows
Virtualizacao de Servidores - Windows
 
Virtualization technolegys for amdocs
Virtualization technolegys for amdocsVirtualization technolegys for amdocs
Virtualization technolegys for amdocs
 
Virtualization-the Cloud Enabler by INSPIRE-groups
Virtualization-the Cloud Enabler by INSPIRE-groupsVirtualization-the Cloud Enabler by INSPIRE-groups
Virtualization-the Cloud Enabler by INSPIRE-groups
 
Virtualization
VirtualizationVirtualization
Virtualization
 
PCI Pass-through - FreeBSD VM on Hyper-V (MeetBSD California 2016)
PCI Pass-through - FreeBSD VM on Hyper-V (MeetBSD California 2016)PCI Pass-through - FreeBSD VM on Hyper-V (MeetBSD California 2016)
PCI Pass-through - FreeBSD VM on Hyper-V (MeetBSD California 2016)
 
[ppt]
[ppt][ppt]
[ppt]
 
Presentation cloud computing workshop - virtualization
Presentation cloud computing workshop - virtualizationPresentation cloud computing workshop - virtualization
Presentation cloud computing workshop - virtualization
 
Server Virtualization
Server VirtualizationServer Virtualization
Server Virtualization
 
Operating System---18 (Virtual Machines)
Operating System---18 (Virtual Machines)Operating System---18 (Virtual Machines)
Operating System---18 (Virtual Machines)
 
Virtual Pc Seminar
Virtual Pc SeminarVirtual Pc Seminar
Virtual Pc Seminar
 
Building a KVM-based Hypervisor for a Heterogeneous System Architecture Compl...
Building a KVM-based Hypervisor for a Heterogeneous System Architecture Compl...Building a KVM-based Hypervisor for a Heterogeneous System Architecture Compl...
Building a KVM-based Hypervisor for a Heterogeneous System Architecture Compl...
 

More from Vietnam Open Infrastructure User Group

More from Vietnam Open Infrastructure User Group (20)

Room 3 - 5 - Nguyễn Văn Hoàn - 101 Bugs, issues when I work with Ceph
Room 3 - 5 - Nguyễn Văn Hoàn - 101 Bugs, issues when I work with CephRoom 3 - 5 - Nguyễn Văn Hoàn - 101 Bugs, issues when I work with Ceph
Room 3 - 5 - Nguyễn Văn Hoàn - 101 Bugs, issues when I work with Ceph
 
Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...
Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...
Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...
 
Room 3 - 6 - Nguyễn Văn Thắng & Dzung Nguyen - Ứng dụng openzfs làm lưu trữ t...
Room 3 - 6 - Nguyễn Văn Thắng & Dzung Nguyen - Ứng dụng openzfs làm lưu trữ t...Room 3 - 6 - Nguyễn Văn Thắng & Dzung Nguyen - Ứng dụng openzfs làm lưu trữ t...
Room 3 - 6 - Nguyễn Văn Thắng & Dzung Nguyen - Ứng dụng openzfs làm lưu trữ t...
 
Room 3 - 4 - Lê Quang Hiếu - How to be a cool dad: Leverage DIY Home Automati...
Room 3 - 4 - Lê Quang Hiếu - How to be a cool dad: Leverage DIY Home Automati...Room 3 - 4 - Lê Quang Hiếu - How to be a cool dad: Leverage DIY Home Automati...
Room 3 - 4 - Lê Quang Hiếu - How to be a cool dad: Leverage DIY Home Automati...
 
Room 3 - 2 - Trần Tuấn Anh - Defending Software Supply Chain Security in Bank...
Room 3 - 2 - Trần Tuấn Anh - Defending Software Supply Chain Security in Bank...Room 3 - 2 - Trần Tuấn Anh - Defending Software Supply Chain Security in Bank...
Room 3 - 2 - Trần Tuấn Anh - Defending Software Supply Chain Security in Bank...
 
Room 3 - 7 - Nguyễn Như Phúc Huy - Vitastor: a fast and simple Ceph-like bloc...
Room 3 - 7 - Nguyễn Như Phúc Huy - Vitastor: a fast and simple Ceph-like bloc...Room 3 - 7 - Nguyễn Như Phúc Huy - Vitastor: a fast and simple Ceph-like bloc...
Room 3 - 7 - Nguyễn Như Phúc Huy - Vitastor: a fast and simple Ceph-like bloc...
 
Room 3 - 1 - Nguyễn Xuân Trường Lâm - Zero touch on-premise storage infrastru...
Room 3 - 1 - Nguyễn Xuân Trường Lâm - Zero touch on-premise storage infrastru...Room 3 - 1 - Nguyễn Xuân Trường Lâm - Zero touch on-premise storage infrastru...
Room 3 - 1 - Nguyễn Xuân Trường Lâm - Zero touch on-premise storage infrastru...
 
Room 2 - 2 - Giang Thiên Phú - Kinh nghiệm tối ưu mongodb với database hơn 10...
Room 2 - 2 - Giang Thiên Phú - Kinh nghiệm tối ưu mongodb với database hơn 10...Room 2 - 2 - Giang Thiên Phú - Kinh nghiệm tối ưu mongodb với database hơn 10...
Room 2 - 2 - Giang Thiên Phú - Kinh nghiệm tối ưu mongodb với database hơn 10...
 
Room 2 - 6 - Đinh Tuấn Phong - Migrate opensource database to Kubernetes easi...
Room 2 - 6 - Đinh Tuấn Phong - Migrate opensource database to Kubernetes easi...Room 2 - 6 - Đinh Tuấn Phong - Migrate opensource database to Kubernetes easi...
Room 2 - 6 - Đinh Tuấn Phong - Migrate opensource database to Kubernetes easi...
 
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
Room 2 - 4 - Juncheng Anthony Lin - Redhat - A Practical Approach to Traditio...
 
Room 2 - 7 - Lã Mạnh Hà - Agile + DevOps = A great combination
Room 2 - 7 - Lã Mạnh Hà - Agile + DevOps = A great combinationRoom 2 - 7 - Lã Mạnh Hà - Agile + DevOps = A great combination
Room 2 - 7 - Lã Mạnh Hà - Agile + DevOps = A great combination
 
Room 2 - 1 - Phạm Quang Minh - A real DevOps culture in practice
Room 2 - 1 - Phạm Quang Minh - A real DevOps culture in practiceRoom 2 - 1 - Phạm Quang Minh - A real DevOps culture in practice
Room 2 - 1 - Phạm Quang Minh - A real DevOps culture in practice
 
Room 2 - 5 - Seong Soo - NHN Cloud - Upstream contribution mentoring program ...
Room 2 - 5 - Seong Soo - NHN Cloud - Upstream contribution mentoring program ...Room 2 - 5 - Seong Soo - NHN Cloud - Upstream contribution mentoring program ...
Room 2 - 5 - Seong Soo - NHN Cloud - Upstream contribution mentoring program ...
 
Room 1 - 2 - Nguyễn Văn Thắng & Dzung Nguyen - Proxmox VE và ZFS over iscsi
Room 1 - 2 - Nguyễn Văn Thắng & Dzung Nguyen - Proxmox VE và ZFS over iscsiRoom 1 - 2 - Nguyễn Văn Thắng & Dzung Nguyen - Proxmox VE và ZFS over iscsi
Room 1 - 2 - Nguyễn Văn Thắng & Dzung Nguyen - Proxmox VE và ZFS over iscsi
 
Room 1 - 6 - Trần Quốc Sang - Autoscaling for multi cloud platform based on S...
Room 1 - 6 - Trần Quốc Sang - Autoscaling for multi cloud platform based on S...Room 1 - 6 - Trần Quốc Sang - Autoscaling for multi cloud platform based on S...
Room 1 - 6 - Trần Quốc Sang - Autoscaling for multi cloud platform based on S...
 
Room 1 - 3 - Lê Anh Tuấn - Build a High Performance Identification at GHTK wi...
Room 1 - 3 - Lê Anh Tuấn - Build a High Performance Identification at GHTK wi...Room 1 - 3 - Lê Anh Tuấn - Build a High Performance Identification at GHTK wi...
Room 1 - 3 - Lê Anh Tuấn - Build a High Performance Identification at GHTK wi...
 
Room 1 - 7 - Lê Quốc Đạt - Upgrading network of Openstack to SDN with Tungste...
Room 1 - 7 - Lê Quốc Đạt - Upgrading network of Openstack to SDN with Tungste...Room 1 - 7 - Lê Quốc Đạt - Upgrading network of Openstack to SDN with Tungste...
Room 1 - 7 - Lê Quốc Đạt - Upgrading network of Openstack to SDN with Tungste...
 
Room 1 - 5 - Thủy Đặng - Load balancing k8s services on baremetal with Cilium...
Room 1 - 5 - Thủy Đặng - Load balancing k8s services on baremetal with Cilium...Room 1 - 5 - Thủy Đặng - Load balancing k8s services on baremetal with Cilium...
Room 1 - 5 - Thủy Đặng - Load balancing k8s services on baremetal with Cilium...
 
Room 1 - 4 - Phạm Tường Chiến & Trần Văn Thắng - Deliver managed Kubernetes C...
Room 1 - 4 - Phạm Tường Chiến & Trần Văn Thắng - Deliver managed Kubernetes C...Room 1 - 4 - Phạm Tường Chiến & Trần Văn Thắng - Deliver managed Kubernetes C...
Room 1 - 4 - Phạm Tường Chiến & Trần Văn Thắng - Deliver managed Kubernetes C...
 
Room 1 - 1 - Benoit TELLIER - On premise email inbound service with Apache James
Room 1 - 1 - Benoit TELLIER - On premise email inbound service with Apache JamesRoom 1 - 1 - Benoit TELLIER - On premise email inbound service with Apache James
Room 1 - 1 - Benoit TELLIER - On premise email inbound service with Apache James
 

Recently uploaded

Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Recently uploaded (20)

Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 

2virtualizationtechnologyoverview 13540659831745-phpapp02-121127193019-phpapp01

  • 1. SSG System Software Division Virtualization Technology Overview Liu, Jinsong (jinsong.liu@intel.com)
  • 2. 2012/11/282 Agenda •Introduction  history  Usage model •Virtualization overview  cpu virtualiztion  memory virtualization  I/O virtualization •Xen/KVM architecture  Xen  KVM •Some intel work for Openstack  OAT
  • 3. 2012/11/283 Virtualization history • 60s’ IBM - CP/CMS on S360, VM370, … • 70’s 80s’ Silence • 1998 VMWare - SimOS project, Stanford • 2003 Xen - Xen project, Cambridge • After that: KVM/Hyper-v/Parallels …
  • 4. 2012/11/284 What is Virtualization • VMM is a layer of abstraction  support multiple guest OSes  de-privilege each OS to run as Guest OS • VMM is a layer of redirection  redirect physical platform to virtual platform illusions of many  provide virtaul platfom to guest os ... Virtual Machine Monitor (VMM) VMnVM0 Guest OS VM1 Platform HW I/O DevicesProcessorsMemory Apps Guest OS Apps Guest OS Apps ... Virtual Machine Monitor (VMM) VMnVM0 Guest OS VM1 Platform HW I/O DevicesProcessorsMemory Apps Guest OS Apps Guest OS Apps
  • 5. 2012/11/285 Server Virtualization Usage Model Server Consolidation Benefit: Cost Savings • Consolidate services • Power saving HWHW HW VMM Disaster Recovery HW VMM HW VMM … OS App OS App OS App … OS App HW VMM HW VMM • Benefit: Productivity Dynamic Load Balancing OS App 1 OS App 2 OS App 3 OS App 4 CPU Usage 30% CPU Usage 90% CPU Usage CPU Usage Benefit: Business Agility and Productivity R&D Production HW VMM OS App Benefit: Lost saving • RAS • live migration • relief lost
  • 6. 2012/11/286 Agenda •Introduction •Virtualization overview  CPU virtualization  Memory virtualization  I/O virtualization •Xen/KVM architecture •Some intel work for Openstack
  • 7. 2012/11/287 X86 virtualization challenges • Ring Deprivileging  Goal: isolate guest OS from • Controlling physical resources directly • Modifying VMM code and data  Ring deprivileging layout • vmm runs at full privileged ring0 • Guest kernel runs at • X86-32: deprivileging ring 1 • X86-64: deprivileging ring 3 • Guest app runs at ring 3  Ring deprivileging problems • Unnecessary faulting • some privilege instructions • some exceptions • Guest kernel protection (x86-64) • Virtualization holes  19 instructions • SIDT/SGDT/SLDT … • PUSHF/POPF …  Some userspace holes hard to fix by s/w approach • Hard to trap, or • Performance overhead
  • 8. 2012/11/288 X86 virtualization challenges Virtual Machine Monitor (VMM)Virtual Machine Monitor (VMM) VM0 Guest OS Apps VM0 Guest Kernel Guest Apps VM0 Guest OS Apps VM1 Guest Kernel Guest Apps VM0 Guest OS Apps VM2 Guest Kernel Guest Apps Ring0 Ring1 Ring3
  • 9. 2012/11/289 Typical X86 virtualization approaches • Para-virtualization (PV)  Para virtualization approach, like Xen  Modified guest OS aware and co-work with VMM  Standardization milestone: linux3.0 • VMI vs. PVOPS • Bare metal vs. virtual platform • Binary Translation (BT)  Full virtualization approach, like VMWare  Unmodified guest OS  Translate binary ‘on-the-fly’ • translation block w/ caching, • usually used for kernel, ~80% native performance • userspace app directly runs natively as much as possible, ~100% native performance • overall ~95% native performance • Complicated • Involves excessive complexities. e.g., self-modifying code • Hardware-assisted Virtualization (VT)  Full virtualization approach assisted by hardware, like KVM  Unmodified guest OS  Intel VT-x, AMD-v  Benefits: • Closing virtualization holes in hardware • Simplify VMM software • Optimizing for performance
  • 10. 2012/11/2810 Memory virtualization challenges • Guest OS has 2 assumptions  expect to own physical memory starting from 0 • BIOS/Legacy OS are designed to boot from address low 1M  expect to own basically contiguous physical memory • OS kernel requires minimal contiguous low memory • DMA require certain level of contiguous memory • Efficient MM management, e.g., less buddy overhead • Efficient TLB, e.g., super page TLB • MMU virtualization  How to keep physical TLB valid  Different approaches involve different complication and overhead
  • 12. 2012/11/2812 Memory virtualization approaches • Direct page table  Guest/VMM in same linear space  Guest/VMM share same page table • Shadow page table  Guest page table unmodified • gva -> gpa  VMM shadow page table • gva -> hpa  Complication and memory overhead • Extended page table  Guest page table unmodified • gva -> gpa • full control CR3, page fault  VMM extended page table • gpa -> hpa • hardware based • good scalability for SMP • low memory overhead • Reduce page fault VMexit greatly • Flexible choices  Para virtualization • Direct page table • Shadow page table  Full virtualization • Shadow page table • Extended page table GVA GPA HPA Extended page table Shadow page table Direct page table Guest page table
  • 13. 13 Shadow page table • Guest page table remains unmodified to guest  Translate from gva -> gpa • Hypervisor create a new page table for physical  Use hpa in PDE/PTE  Translate from gva -> hpa  Invisible to guest Page Directory Page Table PDE PTE Page Directory Page Table PDE PTE vCR3 pCR3 Virtual Physical 2012/11/28
  • 14. 14 • Extended page table  Guest can have full control over its page tables and events • CR3, INVLPG, page fault  VMM controls Extended Page Tables • Complicated shadow page table is eliminated • Improved scalability for SMP guest Guest Page Tables Extended Page Tables Guest Physical Address Host Physical Address Guest Linear Address Guest CR3 EPT base pointer Extended page table 2012/11/28
  • 15. 2012/11/2815 I/O virtualization requirements • I/O device from OS point of view  Resource configuration and probe  I/O request: IO, MMIO  I/O data: DMA  Interrupt • I/O Virtualization require  presenting guestos driver a complete device interface • Presenting an existing interface • Software Emulation • Direct assignment • Presenting a brand new interface • Paravirtualization Device CPU Shared Memory Interrupt Register Access DMA
  • 16. 2012/11/2816 I/O virtualization approaches • Emulated I/O  Software emulates real hardware device  VMs run same driver for the emulated hardware device  Good legacy software compatibility  Emulation overheads limit performance • Paravirtualized I/O  Uses abstract interfaces and stack for I/O services  FE driver: guest run virtualization-aware drivers  BE driver: driver based on simplified I/O interface and stack  Better performance over emulated I/O • Direct I/O  Directly assign device to Guest • Guest access I/O device directly • High performance and low CPU utilization  DMA issue • Guest set guest physical address • DMA hardware only accept host physical address  Solution: DMA Remapping (a.k.a IOMMU) • I/O page table is introduced • DMA engine translate according to I/O page table  Some limitations under live migration
  • 17. 2012/11/2817 Virtual platform models ULM Hypervisor Host OS Guest OS Guest Apps LKM Guest OS Guest Apps ULM U-Hypervisor Service VMPreferred OS Apps P Processor Mgt code M Memory Mgt code DR Device Driver DM Device Model P P PM M M DR DR DR DM DM Hypervisor Model DM Host-based Model Hybrid Model N NoDMA N Preferred OS Apps Guest OS Guest Apps
  • 19. 2012/11/2819 Xen Architecture 0P 1/3P 3P I/O: PIT, APIC, PIC, IOAPICProcessor Memory Control Interface HypercallsEvent ChannelScheduler Inter-domain Event Channels Xen Hypervisor FrontendVirtual Drivers XenLinux64 DomainU Backend Virtualdriver Callback / Hypercall Native Device Drivers Control Panel (xm/xend) XenLinux64 Domain 0 Device Models Virtual Platform VM Exit 0D HVM Domain (64-bit) 3D Guest BIOS Unmodified OS FE Drivers Virtual Platform VM Exit Guest BIOS Unmodified OS FE Drivers HVM Domain (32-bit)
  • 20. 2012/11/2820 KVM Architecture VMCS VMCS VMCS vCPU vMEM vTimer vPIC vAPIC vIOAPIC Windows Guest Linux Guest Qemu-kvm Linux Kernel Root Non Root KVM module
  • 22. Trusted Pools - Implementation Attestation Service Scheduler EC2APIOSAPI Query API User specifies :: Mem > 2G Disk > 50G GPGPU=Intel trusted_host=trusted HW/TXT Hypervisor / tboot OS App App App OS App App App Host agent Attestation Server Privacy CA Appraiser Whitelist DB Whitelist API HostAgentAPI QueryAPI OpenStack TrustedFilterCreate Attest Report Query trusted/ untrusted Create VM OAT- Based Tboot- Enabled