CSC 5930/9010 Cloud S & P: Virtualization

Size: px

Start display at page:

Download "CSC 5930/9010 Cloud S & P: Virtualization"

Randolph Parrish
5 years ago
Views:

1 CSC 5930/9010 Cloud S & P: Virtualization Professor Henry Carter Fall 2016

2 Recap Network traffic can be encrypted at different layers depending on application needs TLS: transport layer IPsec: network layer Firewalls help maintain system isolation But can be difficult to get right IDS systems are good at detecting attacks But bad at allowing benign events to pass without alarm

3 Virtualization Cloud growth facilitated by two technological developments Widely available network connectivity Ease of sharing resources flexibly Virtualization!

4 Why Virtualize? Flexible Allows for better resource sharing Provides *some* security guarantees through isolation

5 Virtualization Techniques Hypervisors Containers

6 Terminology Guest OS: the hosted operating system running in a virtual environment Host OS: the hosting operating system that is responsible for machine management Hypervisor: the program responsible for creating and providing interfaces into the virtual hardware

7 What does the hypervisor do? Virtualizing resources Multiplexing resources Enforcing containment Runs with maximum management privilege (above supervisor)

8 Where does the hypervisor live? Above the Host OS Below the Host OS On its own

9 Challenges CPU emulation Memory management I/O scheduling Isolating guest environments

10 CPU Virtualization A guest OS expects to be able to make privileged calls to the hardware When his happens, we can: Read, translate, and run the instructions Modify the guest OS to make privileged calls differently

11 Call Privilege: x86 Rings

12 Traditional OS calls

13 Full Virtualization The hypervisor reads and translates all guest system calls into the appropriate host call language Easy to use since guest VMs use standard OS Slow due to the translation process

14 Full Virtualization

15 Hardware-Assisted Full Virtualization (Intel)

16 Paravirtualization The guest OS must be modified to make system calls through the hypervisor Inconvenient because special modified OS versions are required for guests Faster than translating privileged calls

17 VMWare Paravirtualization

18 Xen Paravirtualization

19 Why does paravirtualization help? x86 hardware is difficult to virtualize Privilege rings help Silent system call failure Unprivileged sensitive instructions

20 Challenges CPU emulation Memory management I/O scheduling Isolating guest environments

21 Memory Management Basics Paging vs Segmentation Paging divides and allocates memory into equal-length portions Segmentations uses variable-length segment allocation x86 allows both Hardware page tables TLB cache speeds up mapping Guest OS must think it has access to machine page tables

22 Traditional Memory Management

23 Full Virtualization: Shadow Tables Present each guest with a virtualized HW page table Hypervisor maintains the real HW page table Hypervisor responsible for translating between virtual page tables and HW page table This gets costly and complicated!

24 Shadow Page Table

25 Paravirtualization Give the guest OS read-only access Manage updates through the hypervisor Rely on hardware privilege to enforce separation

26 Challenges CPU emulation Memory management I/O scheduling Isolating guest environments

27 I/O Scheduling The host machine has a limited number of storage drives or NICs Each guest expects access to its own resources Asynchronous queues are used to implement and handle I/O as needed

28 Network I/O Hypervisor creates a virtual switch that receives and queues guest OS traffic Multiple guest input queues to the virtual switch can be treated as in a physical switch Traffic out of the virtual switch is routed out of the physical NIC of the guest machine

29 Challenges CPU emulation Memory management I/O scheduling Isolating guest environments

30 Isolation Maintained using two mechanisms: Hardware privilege Hypervisor verification Full virtualization vs Paravirtualization shifts between these two mechanisms Full virtualization requires significant hypervisor intervention Paravirtualization modifies the guest OS to take more advantage of hardware separation

31 Xen Hypervisor Developed in 2003 One of the first efficient approaches to paravirtualization Continued development and use today (notably in Amazon AWS) Hypervisor assisted by a virtual machine denoted "Domain0" Requires a Xen-modified version of the guest OS (commonly available now)

32 Xen Domains

33 Challenges CPU emulation Memory management I/O scheduling Isolating guest environments

Xen CPU Virtualization Guest OS modified to use hypercalls instead of privileged instructions CPU time-shared amongst guests Time sharing requires a

34 Xen CPU Virtualization Guest OS modified to use hypercalls instead of privileged instructions CPU time-shared amongst guests Time sharing requires a special time interface Separating and catching privileged instructions done through Intel privilege rings Each guest VM knows real time and virtual time

35 Xen s Memory Management OS is given direct read-only access to hardware page tables Page table changes are sent through Xen All other partitioning handled by Intel's rings TLB flushes are limited (why does this matter?)

36 I/O Scheduling Asynchronous queue rings with four pointers Used to facilitate exchanging information with Xen, read/write to virtual block devices, and network queues Network queues separated into "incoming" and "outgoing" Why separate for networks but not drives?

37 Xen Performance

38 Virtualization Techniques Hypervisors Containers

39 Containers Isolated execution environments Can run several containers on a single host Allow convenient packaging for linked libraries and other dependencies

40 Hypervisors

41 Containers

42 Containers vs Hypervisors Containers do not have their own OS Each container must run on the same OS kernel Containers have a limited view of the actual file system Not virtual, only limited Containers provide great performance App is essentially running natively Compromise of the OS breaks ALL containers Compromising a guest OS in Xen does not affect other guests

43 Docker Linux-based container system Recently ported to Windows (containers are NOT crosscompatible) Released in 2013 Noted for convenience and security issues

44 Recap Virtualization allows for efficient resource sharing and isolation Hypervisors allow individual virtual machines to exist together on a single system Xen developed paravirtualization, a more efficient approach to multi-tenency compared to full virtualization Lighter-weight resource sharing can be achieved through containers, but isolation is more challenging in this setting

45 Next Time... Exam! After Break: Related Work Section 45

Virtualization. Pradipta De

Virtualization. Pradipta De Virtualization Pradipta De pradipta.de@sunykorea.ac.kr Today s Topic Virtualization Basics System Virtualization Techniques CSE506: Ext Filesystem 2 Virtualization? A virtual machine (VM) is an emulation