Cloud Enabling Technologies Service Oriented Architecture

1. Cloud Computing (KCS-713)
Unit-2: Cloud Enabling Technologies Service Oriented
Architecture
Dr. Radhey Shyam
Professor
Department of Computer Science and Engineering
SRMGPC Lucknow
(Affiliated to Dr. A.P.J. Abdul Kalam Technical University, Lucknow)
Unit-2 have been compiled/prepared by Dr. Radhey Shyam, with grateful acknowledgment who made their
course contents freely available. Feel free to use this study material for your own academic purposes. For
any query, the communication can be made through my mail shyam0058@gmail.com.
Date: December 14, 2021

2. Cloud Computing (KCS713)
(UNIT – II)
Cloud Enabling Technologies Service Oriented Architecture
1. Service-Oriented Architecture (SOA)
Service-orientation is a design paradigm for computer software in the form of services.
Service-oriented architecture (SOA) references a set of principles and methodologies applied by
software engineers to design and develop software in the form of interoperable services. Services
are usually built in the form of components that can be reused for different purposes than originally
intended. It means application components provide services to other components via a
communications protocol, typically over a network. The principles of service-orientation are
independent of any product, vendor or technology.
For example, a service can be implemented either in .Net or J2EE, and the application consuming
the service can be on a different platform or language.
Web services which are built as per the SOA architecture tend to make web service more
independent.
SOA is based on some key principles (characteristic) which are mentioned below:
1. Loose Coupling– Less dependency on each other. This is one of the main characteristics of
web services which just states that there should be as less dependency as possible between
the web services and the client invoking the web service. So if the service functionality
changes at any point in time, it should not break the client application or stop it from working.
2. Standardized Service Contract- Services adhere to a service description. A service must
have some sort of description which describes what the service is about. This makes it easier
for client applications to understand what the service does.
3. Service Abstraction - Services hide the logic they encapsulate from the outside world. The
service should not expose how it executes its functionality; it should just tell the client
application on what it does and not on how it does .
4. Service Reusability- Logic is divided into services with the intent of maximizing reuse.
Hence, once the code for a web service is written it should have the ability work with various
application types.
5. Service Interoperability - Services should use standards that allow diverse subscribers to
use the service. In web services, standards as XML and communication over HTTP is used
to ensure it conforms to this principle.
1

3. 6. Service Discoverability- Services can be discovered (usually in a service registry). We have
already seen this in the concept of the UDDI (Universal Description, Discovery, and
Integration), which performs a registry which can hold information about the web service.
7. Service Composability- Services break big problems into little problems. One should never
embed all functionality of an application into one single service but instead, break the service
down into modules each with a separate business functionality.
1.2 Major objectives of SOA
There are three major objectives of SOA, all which focus on a different part of the application
lifecycle (supervision of a software application from its initial planning through retirement).
The first objective aims to structure procedures or software components as services. These
services are designed to be loosely coupled to applications, so they are only used when needed.
They are also designed to be easily utilized by software developers, who have to create applications
in a consistent way.
The second objective is to provide a mechanism for publishing available services, which
includes their functionality and input/output requirements. Services are published in a way that
allows developers to easily incorporate them into applications.
The third objective of SOA is to control the use of these services to avoid security and
governance problems. Security in SOA revolves heavily around the security of the individual
components within the architecture, identity and authentication procedures related to those
components, and securing the actual connections between the components of the architecture.
1.3 Benefits of SOA- SOA's primary goal is to provide agility to businesses, allowing them to
adapt quickly and cost-efficiently to changes in the marketplace.
 Service reusability: In SOA, applications are made from existing services. Thus, services
can be reused to make many applications.
 Easy maintenance: As services are independent of each other they can be updated and
modified easily without affecting other services.
 Platform independent: SOA allows making a complex application by combining services
picked from different sources, independent of the platform.
 Availability: SOA facilities are easily available to anyone on request.
 Reliability: SOA applications are more reliable because it is easy to debug small services
rather than huge codes
 Scalability:
1.4 SOA Architecture - SOA architecture is viewed as five horizontal layers. These are described
below:
2

4.  Consumer Interface Layer: These are GUI based apps for end users accessing the
applications.
 Business Process Layer: These are business-use cases in terms of application.
 Services Layer: These are whole-enterprise, in service inventory.
 Service Component Layer: are used to build the services, such as functional and technical
libraries.
 Operational Systems Layer: It contains the data model.
2. Web Service
Modern day business applications use variety of programming platforms to develop web-based
applications. Since they are built using different development languages, it becomes really difficult to
ensure accurate communication between applications.
Web services provide a common platform that allows multiple applications built on various
programming languages to have the ability to communicate with each other.
Definition of Web Service
Web service is a standardized medium to propagate communication between the client and server
applications on the World Wide Web. Web service communicates information between electronic
devices, applications, and other technologies. A web service is a software module which is designed
to perform a certain set of tasks.
3

5. How Does a Web Service Work?
The above diagram shows a very simplistic view of how a web service would actually work. The
client would invoke a series of web service calls via requests to a server which would host the actual
web service.
These requests are made through what is known as remote procedure calls. Remote Procedure
Calls (RPC) is calls made to methods which are hosted by the relevant web service.
The main component of a web service is the data which is transferred between the client and the
server, and that is XML, HTML, WSDL, and SOAP. XML is a counterpart to HTML and easy to
understand the intermediate language that is understood by many programming languages. A web
service takes the help of −
 XML to tag the data
 SOAP to transfer a message
 WSDL to describe the availability of service.
So when applications talk to each other, they actually talk in XML. This provides a common platform
for application developed in various programming languages to talk to each other.
Components of Web Services
The basic web services platform is XML + HTTP. All the standard web services work using the
following components −
 SOAP (Simple Object Access Protocol)
 UDDI (Universal Description, Discovery and Integration)
 WSDL (Web Services Description Language)
Type of Web Service
There are mainly two types of web services.
4

6. I. SOAP web services
II. RESTful web services
In order for a web service to be fully functional, there are certain components that need to be in
place. These components need to be present irrespective of whatever development language is
used for programming the web service.
I. SOAP (Simple Object Access Protocol)
In today's world, there is huge number of applications which are built on different programming
languages. For example, there could be a web application designed in Java, another in .Net and
another in PHP. Data exchange between these heterogeneous applications would be complex. So
will be the complexity of the code to accomplish this data exchange.
One of the methods used to combat this complexity is to use XML (Extensible Markup
Language) as the intermediate language for exchanging data between applications.
Every programming language can understand the XML markup language. Hence, XML was used as
the underlying medium for data exchange. But there are no standard specifications on use of XML
across all programming languages for data exchange. That is where SOAP comes in.
SOAP is a protocol for implementing Web services. It is an XML-based messaging protocol
for exchanging information among computers. SOAP commonly uses HTTP, but other protocols
such as Simple Mail Transfer Protocol (SMTP) may be used.
Points to Note
 SOAP is a communication protocol designed to communicate via Internet.
 SOAP can extend HTTP for XML messaging.
 SOAP provides data transport for Web services.
 SOAP can exchange complete documents or call a remote procedure.
 SOAP can be used for broadcasting a message.
 SOAP is platform- and language-independent.
 SOAP is the XML way of defining what information is sent and how.
 SOAP enables client applications to easily connect to remote services and invoke remote
methods
Other frameworks including CORBA, DCOM, and Java RMI provide similar functionality to SOAP,
but SOAP messages are written entirely in XML and are therefore uniquely platform- and language-
independent.
SOAP Advantages:
3. Platform independent
4. Language independent
5. Uses XML to send and receive messages
5

7. 6. Uses standard internet HTTP protocol
7. SOAP is very simple compared to RMI, CORBA, and DCOM because it does not deal with
certain ancillary (support) but important aspects of remote object systems.
8. SOAP runs over HTTP, which eliminates firewall problems.
SOAP disadvantages:
 The SOAP specification contains no mention of security facilities.
 SOAP uses the XML format which needs to be parsed and is lengthier too which makes
SOAP slower than CORBA, RMI or IIOP.
II. RESTful web services
REST stands for Representational State Transfer. REST is used to build Web services that are
lightweight, maintainable, and scalable in nature. A service which is built on the REST architecture is
called a RESTful service. The underlying (Basic) protocol for REST is HTTP, which is the basic web
protocol.
RESTful Architecture
An application or architecture considered RESTful has the following characteristics:
1. State and functionality are divided into distributed resources – This means that every resource
should be
accessible via the normal HTTP commands of GET, POST, PUT, or DELETE. So if someone
wanted to get a file from a server, they should be able to issue the GET request and get the file. If
they want to put a file on the server, they should be able to either issue the POST or PUT request.
And finally, if they wanted to delete a file from the server, they an issue the DELETE request.
2. The architecture is client/server, stateless, layered, and supports caching –
 Client-server is the typical architecture where the server can be the web server hosting
the application, and the client can be as simple as the web browser.
 Stateless means that the state of the application is not maintained in REST.
 The concept of a layered system is that any additional layer such as a middleware layer
can be inserted between the client and the actual server hosting the RESTful web service
(The middleware layer is where all the business logic is created. This can be an extra
service created with which the client could interact with before it makes a call to the web
service.). But the introduction of this layer needs to be transparent so that it does not
disturb the interaction between the client and the server.
 The Cache concept is to help with the problem of stateless which was described in the
last point. Since each server client request is independent in nature, sometimes the client
might ask the server for the same request again. This is even though it had already asked
for it in the past. This request will go to the server, and the server will give a response.
6

8. This increases the traffic across the network. The cache is a concept implemented on the
client to store requests which have already been sent to the server. So if the same
request is given by the client, instead of going to the server, it would go to the cache and
get the required information. This saves the amount of to and for network traffic from the
client to the server.
3. Difference between Web services and Cloud computing
Web services
Web services provide developers methods of integrating Web applications over the Internet. XML,
SOAP, WSDL and UDDI open standards are used to tag data, transfer data, describe and list
services available. Web services allow organizations to share data without having direct access or
knowledge of systems beyond the firewall.
Cloud services
Cloud services provide access to a server infrastructure that's managed by the provider. Typically,
cloud services provide data storage and access, security, scalability and the associated updates.
Cloud services provide the back end that Web applications need to function.
There are many differences between SOAP and REST web services. The important 10 differences
between SOAP and REST are given below:
No. SOAP REST
1) SOAP is a protocol. REST is an architectural style.
2)
SOAP stands for Simple Object
Access Protocol.
REST stands for REpresentational State Transfer.
3)
SOAP can't use REST because it
is a protocol.
REST can use SOAP web services because it is a
concept and can use any protocol like HTTP, SOAP.
4)
SOAP uses services interfaces
to expose the business logic.
REST uses URI to expose business logic.
5)
JAX-WS is the java API for SOAP
web services.
JAX-RS is the java API for RESTful web services.
7

9. 6)
SOAP defines standards to be
strictly followed.
REST does not define too much standards like SOAP.
7)
SOAP requires more bandwidth
and resource than REST.
REST requires less bandwidth and resource than
SOAP.
8) SOAP defines its own security.
RESTful web services inherit security measures from
the underlying transport.
9)
SOAP permits XML data format
only.
REST permits different data format such as Plain text,
HTML, XML, JSON etc.
10)
SOAP Used where REST is not
possible.
REST more preferred (widely and frequently) than
SOAP.
4. Public – Subscribe Model:
The publish-subscribe model is useful for integrating one system to many systems. With huge
development in information technology, most enterprises are required to integrate applications
among its heterogeneous systems increasingly. Heterogeneous systems have been developed since
past decades using several platforms, computer languages, and different technologies. They existed
from not only within the enterprise but also including its business partner systems. A traditional
custom integration solution can cause inconsistent and production confusion afterward. Therefore, a
modern systematic integration approach is needed to improve efficiency and provide less
maintenance in the future. Several approaches have been introduced in order to integrate
heterogeneous systems. Among these are Enterprise Application Integration (EAI), Message-
Oriented Middleware (MOM), and Web Services (WS).
EAI emerged in the mid-1990s, as enterprises tried to integrate by using point-to-point
connections between their applications. It was successful in that era since there were only limited
applications to integrate. However, the complexity of linkages between applications and difficulty of
maintenance integration portions tend to be problems when many more applications are needed to
be integrated.
WS is the most promising technology to reach the interoperation of heterogeneous
environments by using standard specifications such as SOAP and which are based on XML.
However, traditional centralized Web service is synchronous and normally used in the way that all
service clients send requests to and get responses from a service provider. As a result it cannot well
support some situations that service clients must have critical new or updated data immediately from
8

10. the service provider. For this reason, the service clients are force to keep regularly checking for new
or updated data which certainly wastes much network traffic and definitely increases service
response time. In addition, workload on a service provider can be very high when it faces many
requests from many service clients simultaneously.
MOM provides asynchronous and loosely-coupled communications. It supports both queue
and publish/subscribe model of messaging. A message queue is a one-to-one communication
between sender and receiver. This topology has limitation for active communication among multiple
applications in heterogeneous systems. A better model, publish/subscribe (or pub/sub) model, can
easily solve this problem by extending MOM functionalities to support one-to-many, many-to-one
and also many-to-many communications. A pub/sub model normally consists of three basic
elements: publisher, subscriber and broker. An application can be either a publisher or a subscriber,
or can be both a publisher and a subscriber at the same time. Additional the number of publishers
and subscribers can grow and shrink over time. Publishers can multi-cast a message of a topic to
every interested subscriber who is listening on that topic.
Pull-Based Architecture
The vast majority of pub/sub model usages are in the pull-based architecture. When there is a new
or updated data message available at a publisher, the publisher sends a notification message to a
broker. The broker will then propagate that notification message to all interested subscribers. After
that, subscribers have to send request messages to the publisher in order to get a data message.
Finally, if the broker is supposed to keep track of successful or failure transmissions, acknowledges
should be sent from the subscribers to the broker (See Fig).
9

11. This architecture has two limitations. First, the workload on publishers can be very high when they
face many requests from subscribers simultaneously. Second, the response time is also likely to be
very high since this architecture requires four one-way communications before being able to get a
data message.
Push-Based Architecture
In the push-based architecture, the transfer of a data message is triggered by some pre-defined
events at a publisher. The publisher then pushes the data message to a broker and the broker
multicasts that message to all corresponding subscribers. Therefore, a subscriber can have a
desired data message without having to request for it. Subscriber acknowledges should be sent to
the broker in order to keep track of successful or failure transmissions (see Fig).
This architecture is good for wide-area distributed systems since publishers do not have to process
numerous requests from subscribers. For this reason, a publisher can be very thin and small.
Moreover, the response time for a subscriber to get a data message is minimized into two one-way
communications.
5. Virtualization in Cloud Computing:
Virtualization is the "creation of a virtual (rather than actual) version of something, such as a server,
a desktop, a storage device, an operating system or network resources". The cloud's virtualization
mainly deals with the server virtualization.
10

12. In other words, Virtualization is a technique, which allows sharing a single physical instance of
a resource or an application among multiple customers and organizations. It does by assigning a
logical name to a physical storage and providing a pointer to that physical resource when demanded.
Concept behind the Virtualization: Creation of a virtual machine over existing operating system
and hardware is known as Hardware Virtualization. A Virtual machine provides an environment that
is logically separated from the underlying hardware. The machine on which the virtual machine is
going to create is known as Host Machine and that virtual machine is referred as a Guest Machine.
Reasons/benefits of virtualization:
In the case of server consolidation, many small physical servers are replaced by one larger physical
server to decrease the need for more (costly) hardware resources such as CPUs, and hard drives.
11

13. Benefits of Virtualization in a Cloud Environment
 Reduced capital and operating costs.
 Protection from System Failures
 Minimized or eliminated downtime.
 Increased IT productivity, efficiency, agility and responsiveness.
 Faster provisioning of applications and resources.
 Greater business continuity and disaster recovery.
 Easier backup
 Simplified data center management.
 Availability of true Software.
Difference between virtualization and cloud
1. Essentially there is a gap between these two terms, though cloud technology requires the
concept of virtualization. Virtualization is a technology - it can also be treated as software that
can manipulate hardware. Whereas cloud computing is a service which is the result of the
manipulation.
2. Virtualization is the foundation element of cloud computing whereas Cloud technology is the
delivery of shared resources as a service-on-demand via the internet.
3. Cloud is essentially made-up from the concept of virtualization
Types of Virtualization
Hardware Virtualization: Creation of a virtual machine over existing operating system and
hardware is known as Hardware Virtualization. For e.g. creating a virtual machine via means of
12

14. hypervisor or virtual machine manager with Ubuntu Linux operating system on a computer which is
already running a Microsoft Windows OS. Here both the host system and the virtual machine utilize
same hardware of the primary system and work on completely distinct environments and handles
completely distinct applications.
After virtualization of hardware system we can install different operating system on it and run
different applications on those OS. Hardware Virtualization is further divided into 3 sub categories
which include:
Full Virtualization
Para Virtualization
Partial Virtualization
Usage: Hardware virtualization is mainly done for the server platforms, because controlling virtual
machines is much easier than controlling a physical server.
Network virtualization is a method of combining and managing all the available network resources
such as IP’s, Switches, Routers, NIC’s, VLAN tags etc. by splitting up the available bandwidth into
channels, each of which is independent from the others and can be assigned -- or reassigned -- to a
particular server or device in real time.
Network virtualization can be categorized into two categories:
 Internal – Provides a network to a single system.
 External – Combines network array or parts of networks into a virtual unit.
13

15. Operating system Virtualization:
When the virtual machine software or virtual machine manager(VMM) is installed on the Host
operating system instead of directly on the hardware system is known as operating system
virtualization.
Usage: Operating System Virtualization is mainly used for testing the applications on different
platforms of OS.
Server Virtualization: This technique is the masking of server resources. When the virtual machine
software or virtual machine manager(VMM) is directly installed on the Server system is known as
server virtualization. The primary motive behind this technology brings together all the physical
servers into one large physical server, so that the processors work more efficiently and effectively.
Usage: Server virtualization is done because a single physical server can be divided into multiple
servers on the demand basis and for balancing the load.
Storage Virtualization:
Storage virtualization is the process of grouping the physical storage from multiple network storage
devices so that it looks like a single storage device. Storage virtualization is also implemented by
using software applications. Partitioning your hard drive into multiple partitions is an example of this
virtualization.
Subtypes:
 Block Virtualization – It replaces controllers and takes over at the disk level & works before
the file system exists.
 File Virtualization – Storage system grants access to files that are stored over multiple hosts
Usage: Storage virtualization is mainly done for back-up and recovery purposes, reduced
downtime, easy updates, better availability, load balancing and better optimization of performance
and speed.
Which Technology to use? Virtualization is possible through a wide range of Technologies which
are available to use and are also OpenSource. We prefer using XEN or KVM since they provide the
best virtualization experience and performance.
 XEN
 KVM
 OpenVZ
 Oracle VM VirtualBox
 VMware Workstation
 QEMU
14

16.  Parallels Desktop
 Virtual PC
 Microsoft Hyper-V
6. Implementation Levels of Virtualization
A traditional computer runs with a host operating system specially tailored for its hardware
architecture, as shown in Figure (a). After virtualization, different user applications managed by their
own operating systems (guest OS) can run on the same hardware, independent of the host OS. This
is often done by adding additional software, called a virtualization layer (known as hypervisor or
Virtual Machine Monitor (VMM)) as shown in Figure (b). The VMs are shown in the upper boxes,
where applications run with their own guest OS over the virtualized CPU, memory, and I/O
resources.
The main function of the software layer for virtualization is to virtualize the physical hardware of a
host machine into virtual resources to be used by the VMs, exclusively. Virtualization can be
implemented at various operational levels, as given below (see fig.):
 Instruction set architecture (ISA) level
 Hardware level
 Operating system level
 Library support level
 Application level
15

17. Instruction set architecture (ISA) level
At the ISA level, virtualization is performed by emulating a given ISA by the ISA of the host machine.
For example, MIPS binary code can run on an x86-based host machine with the help of ISA
emulation. With this approach, it is possible to run a large amount of legacy binary code written for
various processors on any given new hardware host machine.
Instruction set emulation leads to virtual ISAs created on any hardware machine. The basic
emulation method is through code interpretation. An interpreter program interprets the source
instructions to target instructions one by one. One source instruction may require tens or hundreds of
native target instructions to perform its function. Obviously, this process is relatively slow. For better
performance, dynamic binary translation is desired. This approach translates basic blocks of
dynamic source instructions to target instructions. The basic blocks can also be extended to program
traces or super blocks to increase translation efficiency. Instruction set emulation requires binary
translation and optimization.
A virtual instruction set architecture (V-ISA) thus requires adding a processor-specific software
translation layer to the compiler.
16

18. Hardware Abstraction Level
It is performed right on top of the bare hardware and generates a virtual hardware environment for a
VM. On the other hand, the process manages the underlying hardware through virtualization. The
idea is to virtualized a computer’s resources, such as its processors, memory, and I/O devices so as
hardware utilization rate by multiple users concurrently may be upgraded More recently, the Xen
hypervisor has been applied to virtualizes x86-based machines to run Linux or other guest OS
applications.
Operating System Level
This refers to an abstraction layer between traditional OS and user applications. OS-level
virtualization creates isolated containers on a single physical server and the OS instances to utilize
the hardware and software in data centers. The containers behave like real servers. OS-level
virtualization is commonly used in creating virtual hosting environments to allocate hardware
resources among a large number of mutually distrusting users.
The Bare machine is a type of environment in which there is no operating system between the user
and the system. Eventually, all the user applications are executed and installed directly on the top of
the hardware resource using the machine language. The program has the full control of the system
due to the absence of operating system.
In computer science, bare machine(or bare metal) refers to a computer executing instructions
directly on logic hardware without an intervening operating system.
The use of a bare machine was cumbersome and inefficient since all the tasks have to be done
manually.)
7. VIRTUALIZATION STRUCTURES/TOOLS AND MECHANISMS:
Before virtualization, the operating system manages the hardware. After virtualization, a
virtualization layer is inserted between the hardware and the OS. In such a case, the
virtualization layer is responsible for converting portions of the real hardware into virtual
hardware. Depending on the position of the virtualization layer, there are several classes of VM
architectures, namely the hypervisor architecture, para-virtualization, and host-based virtualization.
7.1 Hypervisor and Xen Architecture
The hypervisor supports hardware-level virtualization (in figure) on bare metal devices like CPU,
memory, disk and network interfaces. The hypervisor software sits directly between the physical
hardware and its OS. This virtualization layer is referred to as either the VMM or the hypervisor. The
hypervisor provides hypercalls for the guest OSes and applications. Depending on the functionality,
a hypervisor can assume micro-kernel architecture or monolithic hypervisor architecture. A micro-
17

19. kernel hypervisor includes only the basic and unchanging functions (such as physical memory
management and processor scheduling). The device drivers and other changeable components are
outside the hypervisor. A monolithic hypervisor implements all the aforementioned functions,
including those of the device drivers. Therefore, the size of the hypervisor code of a micro-kernel
hypervisor is smaller than that of a monolithic hypervisor.
Xen Architecture: Xen is an open source hypervisor program developed by Cambridge University.
Xen is a microkernel hypervisor, which separates the policy from the mechanism. It implements all
the mechanisms, leaving the policy to be handled by Domain 0, as shown in Figure. Xen does not
include any device drivers natively. It just provides a mechanism by which guests OS can have direct
access to the physical devices.
18

20. The core components of a Xen system are the hypervisor, kernel, and applications. The organization
of the three components is important. Like other virtualization systems, many guest OSes can run on
top of the hypervisor. However, not all guest OSes are created equal, and one in particular controls
the others. The guest OS, which has control ability, is called Domain 0, and the others are called
Domain U. Domain 0 is a privileged guest OS of Xen. It is first loaded when Xen boots without any
file system drivers being available. Domain 0 is designed to access hardware directly and manage
devices. Therefore, one of the responsibilities of Domain 0 is to allocate and map hardware
resources for the guest domains (the Domain U domains).
7.2 Binary Translation with Full Virtualization
Depending on implementation technologies, hardware virtualization can be classified into two
categories: full virtualization and host-based virtualization.
Full Virtualization: With full virtualization, noncritical instructions run on the hardware directly while
critical instructions are discovered and replaced with traps into the VMM to be emulated by software.
Both the hypervisor and VMM approaches are considered full virtualization. Only critical
instructions trapped into the VMM because binary translation can incur a large performance
overhead. Noncritical instructions do not control hardware or threaten the security of the system, but
critical instructions do. Therefore, running noncritical instructions on hardware not only can
promote efficiency, but also can ensure system security.
Host-Based Virtualization: An alternative VM architecture is to install a virtualization layer on top of
the host OS. This host OS is still responsible for managing the hardware. The guest OSes are
installed and run on top of the virtualization layer. Dedicated applications may run on the VMs.
Certainly, some other applications can also run with the host OS directly. This host based
architecture has some distinct advantages, as enumerated next.
First, the user can install this VM architecture without modifying the host OS. The virtualizing
software can rely on the host OS to provide device drivers and other low-level services.
Second, the host-based approach appeals to many host machine configurations. Compared to
the hypervisor/VMM architecture, the performance of the host-based architecture may also be low.
When an application requests hardware access, it involves four layers of mapping which
downgrades performance significantly. When the ISA of a guest OS is different from the ISA of the
underlying hardware, binary translation must be adopted. Although the host-based architecture has
flexibility, the performance is too low to be useful in practice.
19

21. (Application program interface [API] is the way for an application to interact with certain
system/application/library/etc.)
7.3 Para-Virtualization:
Para-virtualization needs to modify the guest operating systems. A para-virtualized VM provides
special APIs requiring substantial OS modifications in user applications. Performance degradation is
a critical issue of a virtualized system. No one wants to use a VM if it is much slower than using a
physical machine. The virtualization layer can be inserted at different positions in a machine software
stack. However, para-virtualization attempts to reduce the virtualization overhead, and thus improve
performance by modifying only the guest OS kernel.
Figure A (below) illustrates the concept of a para-virtualized VM architecture. The guest operating
systems are para-virtualized. They are assisted by an intelligent compiler to replace the
nonvirtualizable OS instructions by hypercalls as illustrated in Figure B. The traditional x86 processor
offers four instruction execution rings: Rings 0, 1, 2, and 3. The lower the ring number, the higher the
privilege of instruction being executed. The OS is responsible for managing the hardware and the
privileged instructions to execute at Ring 0, while user-level applications run at Ring 3.
Although para-virtualization reduces the overhead, it has incurred problems like compatibility
and portability, because it must support the unmodified OS as well. Second, the cost is high,
20

22. because they may require deep OS kernel modifications. Finally, the performance advantage of
para-virtualization varies greatly due to workload variations.
8. Virtualization of CPU, Memory, And I/O Devices:
To support virtualization, processors such as the x86 employ a special running mode and
instructions, known as hardware-assisted virtualization. In this way, the VMM and guest OS run in
different modes and all sensitive instructions of the guest OS and its applications are trapped in the
VMM. To save processor states, mode switching is completed by hardware.
8.1 Hardware Support for Virtualization: Modern operating systems and processors permit
multiple processes to run simultaneously. If there is no protection mechanism in a processor, all
instructions from different processes will access the hardware directly and cause a system crash.
Therefore, all processors have at least two modes, user mode and supervisor mode, to ensure
controlled access of critical hardware. Instructions running in supervisor mode are called privileged
instructions. Other instructions are unprivileged instructions. In a virtualized environment, it is more
difficult to make OSes and applications run correctly because there are more layers in the machine
stack.
8.2 CPU Virtualization: Unprivileged instructions of VMs run directly on the host machine for
higher efficiency. Other critical instructions should be handled carefully for correctness and stability.
The critical instructions are divided into three categories: privileged instructions, controls sensitive
instructions, and behavior-sensitive instructions. Privileged instructions execute in a privileged mode
and will be trapped if executed outside this mode. Control-sensitive instructions attempt to change
21

23. the configuration of resources used. Behavior-sensitive instructions have different behaviors
depending on the configuration of resources, including the load and store operations over the virtual
memory.
CPU architecture is virtualizable if it supports the ability to run the VM’s privileged and unprivileged
instructions in the CPU’s user mode while the VMM runs in supervisor mode. When the privileged
instructions including control- and behavior-sensitive instructions of a VM are executed, they are
trapped in the VMM. RISC CPU architectures can be naturally virtualized because all control- and
behavior-sensitive instructions are privileged instructions. On the contrary, x86 CPU architectures
are not primarily designed to support virtualization.
8.2.1 Hardware-Assisted CPU Virtualization: This technique attempts to simplify virtualization
because full or paravirtualization is complicated. Intel and AMD add an additional mode called
privilege mode level (some people call it Ring-1) to x86 processors. Therefore, operating systems
can still run at Ring 0 and the hypervisor can run at Ring -1. All the privileged and sensitive
instructions are trapped in the hypervisor automatically. This technique removes the difficulty of
implementing binary translation of full virtualization. It also lets the operating system run in VMs
without modification.
8.3 Memory Virtualization: Virtual memory virtualization is similar to the virtual memory support
provided by modern operating systems. In a traditional environment, the OS maintains page table for
mappings of virtual memory to machine memory, which is a one-stage mapping. All modern x86
CPUs include a memory management unit (MMU) and a translation lookaside buffer (TLB) to
optimize virtual memory performance. However, in a virtual execution environment, virtual memory
virtualization involves sharing the physical system memory in RAM and dynamically
allocating it to the physical memory of the VMs. A two-stage mapping process should be maintained
by the guest OS and the VMM, respectively: virtual memory to physical memory and physical
memory to machine memory. The VMM is responsible for mapping the guest physical memory to the
actual machine memory in guest OS.
Since each page table of the guest OSes has a separate page table in the VMM corresponding to it,
the VMM page table is called the shadow page table. VMware uses shadow page tables to perform
virtual-memory-to-machine-memory address translation. Processors use TLB hardware to map the
virtual memory directly to the machine memory to avoid the two levels of translation on every
22

24. access. When the guest OS changes the virtual memory to a physical memory mapping, the VMM
updates the shadow page tables to enable a direct lookup.
8.4 I/O Virtualization
It involves managing the routing of I/O requests between virtual devices and the shared physical
hardware. There are three ways to implement I/O virtualization:
Full device emulation
Para-virtualization
Direct I/O.
Full device emulation is the first approach for I/O virtualization. Generally, this approach emulates
well-known, real-world devices. All the functions of a device like device enumeration, identification,
interrupts, and DMA, are replicated in software and it is located in the VMM and acts as a virtual
device. The I/O access requests of the guest OS are trapped in the VMM which interacts with the I/O
devices. A single hardware device can be shared by multiple VMs that run concurrently.
23

25. The para-virtualization method of I/O virtualization is typically used in Xen. It is also known as
the split driver model consisting of a frontend driver and a backend driver. The frontend driver is
running in Domain U and the backend driver is running in Domain 0. They interact with each other
via a block of shared memory. The frontend driver manages the I/O requests of the guest OSes and
the backend driver is responsible for managing the real I/O devices and multiplexing the I/O data of
different VMs. Although para-I/O-virtualization achieves better device performance than full device
emulation, it comes with a higher CPU overhead.
Direct I/O virtualization lets the VM access devices directly. It can achieve close-to-native
performance without high CPU costs. However, current direct I/O virtualization implementations
focus on networking for mainframes. Another way to help I/O virtualization is via self-virtualized I/O
(SV-IO). The key idea is to harness the rich resources of a multicore processor. All tasks associated
with virtualizing an I/O device are encapsulated in SV-IO. SV-IO defines one virtual interface (VIF)
for every kind of virtualized I/O device, such as virtual network interfaces, virtual block devices (disk),
virtual camera devices, and others. The guest OS interacts with the VIFs via VIF device drivers.
Each VIF consists of two message queues. One is for outgoing messages to the devices and the
other is for incoming messages from the devices. In addition, each VIF has a unique ID for
identifying it in SV-IO.
Virtualization Support and disaster recovery:
Virtual disaster recovery is a combination of storage and server virtualization that helps to create
more effective means of disaster recovery and backup.
24

26. References:
[1] R Shyam, P Srivastava, DS Kushwaha, “A Taxonomy and Survey of Cloud Computing [Security
Issues and Challenges]”, BL Joshi, 62, 2012.
[2] PK Varshney, P Singh, R Shyam, “Weak Spots of Cloud Computing and Their Revelations”, BL
Joshi, 109, 2012.
[3] Kai Hwang, Geoffrey C. Fox, Jack G. Dongarra, “Distributed and Cloud Computing, From Parallel
Processing to the Internet of Things”, Morgan Kaufmann Publishers, 2012.
[4] Rittinghouse, John W., and James F. Ransome, “Cloud Computing: Implementation,
Management and Security”, CRC Press, 2017.
[5] Rajkumar Buyya, Christian Vecchiola, S. Thamarai Selvi, “Mastering Cloud Computing”, Tata
Mcgraw Hill, 2013.
[6] Toby Velte, Anthony Velte, Robert Elsenpeter, “Cloud Computing – A Practical Approach”, Tata
Mcgraw Hill, 2009.
[7] George Reese, “Cloud Application Architectures: Building Applications and Infrastructure in the
Cloud”: Transactional Systems for EC2 and Beyond (Theory in Practice), O’Reilly, 2009.
25