Virtualization Dr. Yong Guan Department of Electrical and Computer Engineering & Information Assurance Center Iowa State University
Outline for Today s Talk Introduction Virtualization Technology Applications
Readings for Today s Lecture References Online Resources VMWare, Xen, etc.
What is it? Virtualization is an abstraction layer that decouples the physical hardware from the operating system to deliver greater IT resource utilization and flexibility. www.vmware.com Virtualization is a framework or methodology of dividing the resources of a computer into multiple execution environments
The Rise and Fall of Virtual Machines -- 1970s: Looks like a good idea -- IBM VM/370 A VMM for IBM mainframes Multiplex multiple OS environments on expensive hardware Desirable when few machine around Popular idea in the 1960s and 1970s Entire conferences on virtual machines -- 1980s: Looks like a dumb idea -- Hardware got cheap but wimpy VMM neither desirable nor possible. IBM kills VM/CMS in favor of MVS Multi-user OS is better than N single-user + VMM
The Rise and Fall of Virtual Machines -- 1990s: Looks like a good idea again-- Define an abstract machine specification A Virtual Machine Typically emulate machine within an OS process Example: p-system, JAVA, Microsoft CLR Market it as better than real machines Fast development time Write once, run everywhere Type and memory safety Fewer bugs, better security, etc. Popular ideas in the 2000s Entire conferences on virtual machines
The Rise and Fall of Virtual Machines -- 2000s: still a good idea -- Squeeze in between OS and applications Done at libraries or system call interface Each application or set of apps run in a virtual machine Example: WINE Into the operating system Example: KVM, VirtualBox, User Mode Linux Between hardware and OS Example: VMware ESX Server, Xen Into hardware Example Intel VT-x Technology / AMD Pacifica
Different Types of Virtual Machines Modern computer systems are composed of various hardware and software layers APPLICATIONS API Calls USER LEVEL LIBRARIES System Calls KERNEL Instructions HARDWARE User Space Kernel Space Log Sounds Familiar?
Commonality Across Virtual Machines All benefit from the level of indirection All problems can be solved by a level of indirection Use the layer to improve the software running in the VM. Every problem in computer science can be solved by adding another level of indirection Butler Lampson
Common Virtual Machine Attributes Isolation Total data isolation between virtual machines Encapsulation Virtual machines are not tied to physical machines Checkpoint/Migration Software compatibility Runs pretty much all software Trick: Make virtual hardware match real hardware Performance Any new software layer adds overhead to system
Isolation Capability Claim: VMs should not be able to get out of the sandbox to attack other VMs or virtualization software layer. VMM controls what resources are accessible to each VM. VMs can be isolated and requests vetted. Policy-based access control. Key: Use HW protection mechanisms to isolate VMs New VMX mode Protection rings MMU protection bits
VM Isolation Capability Escape? Assurance dependent on the implementation Size/complexity of interface. Compare hardware interface vs. win32 system call Features of VMs Isolation comparable to separate physical machines Handle accidents (e.g. software bugs) Malicious attacks (e.g. hackers)
Encapsulation Capability Have ability to manipulate and control software in VM Save execution state Transfer VM over networks Affect the inputs/outputs to the software running in VM Manage VM execution on machines Provisioning, load balancing, high availability, etc. Examples: Java, VMware ESX Server Decoupling of software from hardware Virtualization layer controls mapping Treat software in VM as first class object
Software Compatibility VM will run all the software that target it Lower-level VMs have advantages here Hardware-level VMM All software (app & OS) written for hardware. Paravirtualization All applications for the ported OSes. OS-level VM All applications for that OS/hardware combination Application-level VM All applications for that OS/hardware combination Language-level VM Programs compiled to the byte code
VM Software Compatibility Key: Make virtual machine abstraction match real HW All software that runs on real HW runs in VM Example: VMware s products run DOS, Win 3.1,95,98,NT,2000,ME,XP,2003, Vista, Linux, FreeBSD, etc. Most compatible of application compatibility solutions Hardware interface: tractable complexity, slow rate of change Example: PC98, PC99,... OS API interface: intractable complexity, rapid change Example: Win32 API
VM Low Overhead/High Performance Key: Configure HW to directly run Virtual Machines Use CPU to emulate a virtual CPU Use real physical memory to emulate virtual physical memory Emulate a disk with a disk, etc. Trick from 1960s: Configure hardware to safely give it to virtual machine VMM gets control on any privileged operation Virtual machine runs within a few percent of native
Hardware Level Virtualization Virtualization is supported by the real hardware Examples Intel VT-x (Vanderpool) technology AMD Pacifica Why hardware support?
Different Types of Virtual Machines Virtualization inserts a software layer (VMM) at different points in this architecture: Hardware-level virtualization Operating system-level virtualization Type 1 VM vs. Type 2 VM Application-level virtualization High-level language virtual machines
Different Types of Virtual Machines APPLICATIONS API Calls USER LEVEL LIBRARIES System Calls KERNEL User Space Kernel Space HARDWARE Instructions
Intel VT-X Overview Enhances the performance of VMs through hardware support Main Feature The inclusion of the new VMX mode of operation VMX root operation Fully privileged, intended for VM monitor New instructions VMX instructions VMX non-root operation Not fully privileged, intended for guest software Reduces Guest SW privilege w/o relying on rings
VT-x Operations VMX Non-root Operation VM 1 Ring 3 Ring 0 VM 2 Ring 3 Ring 0 Processes... VM n Ring 3 Ring 0 VM Exit VMCS 1 PCB VMCS 2 VMCS n IA-32 VMX Root Ring 3 Operation VMLAUNCH VMRESUME Ring 0 VMXON OS VMM
Virtual Machine Control Structure (VMCS) Control Structures in Memory Only one VMCS active per virtual processor at any given time Maintenance of state information Major source of overhead in a software-based solution Hardware implementation takes over the tasks of loading and unloading the state from their physical locations.
Operating System Level Virtualization Virtualization is emulated at the operating system layer Two possible positions Type 1 VM Native VM Between hardware and OS Type 2 VM Hosted VM Between OS and application programs
Operating System Level Virtualization Guest OS 1 Guest OS 2 Guest OS 1 Guest OS 2 Virtual Machine Monitor (VMM) Virtual Machine Monitor (VMM) Hardware Host OS Hardware Type 1 VMM VMware ESX Server, Xen Type 2 VMM VMware Workstation, VMware GSX Server, Virtual PC User Mode Linux
VMware ESX Server Multiplex hardware resources efficiently among virtual machines Runs unmodified binaries w/ performance isolation Manage system hardware directly Provides complete control over resource management Guest OS Scheduler CPU Guest OS Memory Mgmt Memory VMM Guest OS SCSI Driver disk Guest OS Ethernet Driver nic nicnic Console OS Binary Translation
VMware Binary Translation Inspects each instruction before it is executed Replaces dangerous instructions with calls to emulation code Stores sequences of translated instructions in a translation cache Fast, but slower than direct execution Return to VM Direct Exec. OK? Direct Execution Binary Translation CPU State Emulated Privileged Instruction
Xen Overview Multiplex physical resources at the granularity of an entire OS. Runs unmodified binaries w/ performance isolation. 100 hosted OS instances But: GuestOS has to be modified! Para-Virtualization
Xen Paravirtualization Arch xen/x86 like x86, but replace privileged instructions with Xen hypercalls Avoids binary rewriting and fault trapping For Linux 2.6, only arch-dep files modified Modify OS to understand virtualised env. Wall-clock time vs. virtual processor time Xen provides both types of alarm timer Expose real resource availability Enables OS to optimise behaviour
User Mode Linux Overview Provides a selfcontained environment Identical as hosting Linux kernel Processes have no access to host resources that were not explicitly provided p t r a c e VM User Process 1 VM User Process 2 Virtual Machine Guest OS Kernel/UML Host OS Kernel System Call Interception
VMware Workstation Overview Hosted VM architecture VMApp: User-level application on host OS VMDriver: Device driver inside host OS Facilitates the transfer of control between the two worlds VMM: Privileged virtual machine monitor Guest OS Applications Guest Operating System Host OS Apps Host OS VMApp VMDriver Virtual Machine VMM NIC Disks PC Hardware Memory CPU Binary Translation
Virtualizing a Network Interface VMApp Physical Ethernet Virtual Network Hub Virtual Bridge NIC Driver Physical NIC Host OS VMDriver PC Hardware Guest OS NIC Driver VMM
VMware Workstation Screenshot CprE 450-550
Application Level Virtualization Technologies API interception through DLL injection and API hooking Partial/complete implementation of APIs Emulate low level kernel implementations in user-space Useful when the host OS does not provide required support (e.g. Win32 threads vs. pthreads) Mandatory drivers Examples WINE: Win32 API implementation on Unix POSIX, OS/2 subsystems on Windows Supports Unix and OS/2 like API LxRun: Linux API implementation on SCO UnixWare, Solaris
Wine Architecture Closely follows NT Implements all the core DLLs (ntdll, user32, kernel32) Wine server provides the NT backbone Message passing Synchronization Object handles Native DLL support for noncore libraries Hardware access through Unix device drivers API Interception
Language Level Virtualization The virtualization layer sits as an application program on top of the operating system Can run any programs written for that virtual machine abstraction regardless of the operating system hosting that virtual machine Java Byte Code JVM Applications OS Real Machine Interpreted Execution
Questions? Thanks and See you next time
Applications Isolation Sandboxing Debugging/Testing Security Experiments (e.g., honeypots) Encapsulation Manageability Migration/Mobility Virtual Appliance Partition Server/Application Consolidation
Examplar Application: VM-based IDS Problem Area: Intrusion Detection Systems (IDS). Trade-offs Host-based IDS (HIDS): + Good visibility to catch intruder. - Weak isolation from intruder disabling/masking IDS. Network-based IDS (NIDS): + Good isolation from attack from intruder. Weak visibility can allow intruder to slip by unnoticed. Would like visibility of HIDS with isolation of NIDS. Idea: Do it in the virtual machine monitor.
VM-based IDS Strong isolation VMM isolate software in VM from VMM Compromised OS in VM can t disable IDS in VMM Introspection Peer inside at software running in VM VMM can see Physical memory, registers, I/O device state, etc. Signature scan of memory Look through physical memory for patterns or signs of break-in Interposition Modify VM abstraction to enhance security Memory Access Enforcer Interpose on page protection NIC Access Enforcer Interpose on virtual network device
VM-based Introspection Policy modules application guest OS application State Control IDS engine Intrusions detected VMM host OS hardware
Questions? Thanks and See you next time