Article Directory
Server virtualization technology
1. Historical development
Infancy - the 1960s
June 1959, Christopher Strachey published an academic report titled "Large high-speed computer time sharing" of information processing in the International Conference for the first time proposed a "virtual" concept
in August 1965, IBM introduced System / 360 Model 67 and TSS time-sharing system that allows a plurality of remote users to share the same time high performance computing device, which is the most primitive virtual machine technology
Development period - the last century, 70 to 90 years
In 1972, IBM released the virtual machine technology used to create scalable mainframe, IBM 360/40, IBM 360/67 mainframe through technology such as VMM (Virtual Machine Monitor, virtual machine monitor) generated above the physical hardware many operating systems can be run standalone virtual machine
Expensive mainframe services with the help of virtualization technology, users can partition the hardware logic, and "multitasking" in order to make full use of expensive mainframe resources
Outbreak - now
While mainframe and UNIX platform virtualization technology continues to develop, the x86 platform, but due to defects in the architecture and performance, and virtualization insulation
With the popularity of the x86 architecture, people began to consider the application of virtualization technology into the broader x86 platform Intel, AMD modify the instruction set x86 processor, coupled with the emergence of multi-core processors, making virtualization technology has developed rapidly in the x86 platform
in 1999, VMware flat X for x86 Taiwan launched the first commercial virtualization software VMware Workstation, from now on, virtualization technology has finally down the altar mainframe, open the x86 virtualization technology era
X86 architecture initially not suitable for virtualization
Presence of non-privileged instructions sensitive 17 x86 architecture, the system may cause abnormal when these instructions are executed in a virtual environment
1. What is sensitive instruction?
To the x86 architecture, for example, x86 architecture initially a total of four grade levels. From 0 to 3, the smaller the greater privilege. Operating system runs on Ring0, Ring1 Ring2 support and drive devices, applications running on Ring3. Some of the key can only be done by the operation instruction Ring0. Called privileged instructions. In VMM model, the guest operating system running in non-privileged mode, that is, under non-Ring0 mode. Therefore, part of the original instruction required by the need to capture Ring0 handled by the VMM and processing. These instructions are called sensitive instructions. That all sensitive instructions are privileged instructions.
2. Why can not the beginning of the x86 architecture support system virtualization?
After the above bedding, down key issue for us.
x86 architecture has a flaw. x86 architecture-sensitive part of the instruction is not a privileged instruction, into a non-privileged instructions. This problem arises. In the non-privileged instructions can be executed Ring1 ~ Ring3. VMM does not process the instructions. This leads to problems. VMM system wanted the instruction execution was carried out non-privileged level. Instruction from a virtual control software executing in a virtual layer. As if a medical school and sit with you knock the code, what do you feel it? This is the crux of the problem.
But then inter and AMD have strengthened a lot of their technology, such as inter's VT (Virtualization Technology) and AMD's SVM (Secure Virtual Machine) technology, to make up for the lack of x86 architecture.
3. Solution
A way
Solution 1: BT (Binary Translation, binary translation)
Combination of BT and direct the implementation of technology to achieve full virtualization, this time the guest operating system can be completely extracted by the virtualization layer from the physical hardware out, the guest operating system is not aware whether there has been virtual, completely does not need to be modified.
全虚拟化是迄今为止唯一不需要硬件或操作系统协助来进行敏感和特权指令虚拟化的技术,
Hypervisor(管理程序)可以翻译所有的操作系统特权指令,并保存在缓存里备用,而用户级的指令完全可以全速直接执行。
全虚拟化提供了最好的虚拟机隔离和安全性,简化了客户操作系统迁移和移植能力。
VMware ESX Server就是通过全虚拟化技术来实现的最好案例。
工作原理
1.Guest OS指令段在执行前进行整段翻译,将其中的敏感非特权指令替换为Ring0中2执行对应特权指令
2.非特权指令直接执行
3.特权指令首先被陷入到VMM,VMM通过一系列的模拟操作来实现此特权指令,然后返回给Guest OS,Guest OS从上次被中断的地方继续执行
优缺点
优点:
Guest OS无需修改,Guest OS感知不到是否发生了虚拟化优点
缺点:
当负载较大、敏感指令频繁被执行时性能低下
办法二
解决方法2:半虚拟化(Para—Virtualization)
如图所示,半虚拟化需要修改操作系统内核,替换掉不
能虚拟化的指令,通过超级调用(hypercall)直接和底层的虚拟化层hypervisor来通讯,hypervisor同时也提供了超级调用接口来满足其他关键内核操作,比如内存管理、中断和时间保持。
工作原理
1.在Hypervisor上运行的Guest OS已经集成了与半虚拟化有关的代码,使得Guest OS能够非常好地配合Hypervisor来实现虚拟化
2.Hypervisor提供Hypercall接口来满足Guest OS的关键内核操作,如内存管理、中断和时间同步等
优缺点
优点:
性能非常接近物理机
缺点:
不支持未修改的操作系统,兼容性和可移植性差
详细介绍
半虚拟化和全虚拟化不同,全虚拟化不需要修改上面的操作系统,敏感的操作系统指令直接通过BT进行处理。半虚拟化的价值在于降低了虚拟化的损耗,但是半虚拟化的性能优势很大程度上依赖于运行的负载。
由于半虚拟化不支持未修改的操作系统(例如: Windows
2000/XP),它的兼容性和可移植性差。在实际的生产环境中,半虚拟化也会导致操作系统支持和维护的艰难,因为半虚拟化往往要深入修改操作系统内核。
开源的Xen项目是半虚拟化的代表,它可以通过修改Linux的内核来实现CPU和内存的虚拟化,通过定制的操作系统驱动来实现I/O的虚拟化。
为了实现全虚拟化,需要构建复杂的BT技术,这往往比直接修改客户操作系统来启用半虚拟化更艰难。VMware实际上已经在产品中使用了半虚拟化的一些技术,来构建VMware Tools和优化虚拟设备驱动。
VMware tools服务为VMM Hypervisor提供了 一个后门服务,用来同步时间、记录日志和客户操作系统关机等。Vmxnet是半虚拟化的I/O设备驱动程序,它可以和hypervisor共享数据结构。这些半虚拟化技术的应用改善了设备的兼容能力,提高了数据吞吐速率,降低了CPU利用率。
需要重点澄清的是:VMware tools 服务和vmxnet设备驱动并不是CPU半虚拟化解决方案,它们紧紧对客户操作系统进行了微小的、非关键的修改,并不需要修改客户操作系统内核。
办法三
硬件辅助虚拟化解决非特权敏感指令无法陷入问题的解决思路:引入VMX模式(Virtual Machine eXtension)
VMX模式
As shown, sensitive and privileged instructions executed on the hypervisor automatically, eliminating the need for BT or semi virtualization technology. State of the guest operating system stored in the VT-X ( the Virtual Machine Control Structure, a virtual machine control structure ) or the AMD-V ( the Virtual Machine Control Block, Virtual Machine Control Block ). Support for Intel VT and AMD-V CPU from the market in 2006, only the new system includes hardware-assisted virtualization capabilities.
The picture shows the x86 architecture hardware-assisted virtualization
Since the hypervisor to the guest operating system conversion losses and strict programming model requires, first-generation hardware-assisted virtualization performance is not ideal, VMware better performance of BT technology very often.
The first generation of hardware-assisted virtualization program left a small space, reducing the flexibility of the software, increasing the hypervisor to the guest operating system conversion loss, officially based on this, VMware only in rare cases the use of the first generation hardware-assisted virtualization, such as support for 64-bit operating system when on the Intel platform, VMware uses Intel's VT-x.
Mainstream products Hypervisor
