Prentice hall running xen a hands on guide to the art of virtualization apr 2008 ISBN 0132349663

We build onthat common understanding of the Xen hypervisor by concretelyshowing you how to install and configure your own hard-disk-based Xen installation in Chapter 4, "Hardware Require

Running Xen: A Hands-On Guide to the Art of Virtualization

by Jeanna N Matthews; Eli M Dow; Todd Deshane;Wenjin Hu; Jeremy Bongio; Patrick F Wilbur;

Brendan Johnson

Publisher: Prentice Hall Pub Date: April 10, 2008 Print ISBN-10: 0-13-234966-3 Print ISBN-13: 978-0-13-234966-6 eText ISBN-10: 0-13-207467-2 eText ISBN-13: 978-0-13-207467-4 Pages: 624

Table of Contents | Index

Overview

"This accessible and immediately useful book expertly provides the Xen community with everything it needs to know to

download, build, deploy and manage Xen implementations."

–Ian Pratt, Xen Project Leader VP Advanced Technology, CitrixSystems

The Real—World, 100% Practical Guide to Xen

Virtualization in Production Environments

Using free, open source Xen virtualization software, you cansave money, gain new flexibility, improve utilization, and

simplify everything from disaster recovery to software testing.Running Xen brings together all the knowledge you need tocreate and manage high—performance Xen virtual machines inany environment Drawing on the unparalleled experience of aworld—class Xen team, it covers everything from installation toadministration–sharing field-tested insights, best practices, andcase studies you can find nowhere else

explore the Xen LiveCD, introduce the Xen hypervisor, and walkyou through configuring your own hard—disk—based Xen

installation After you're running, they guide you through eachleading method for creating "guests" and migrating existingsystems to run as Xen guests Then they offer comprehensivecoverage of managing and securing Xen guests, devices,

networks, and distributed resources Whether you're an

administrator, data center manager, developer, system

integrator, or ISP, Running Xen will help you achieve your goalswith Xen—reliably, efficiently, with outstanding performance,

and at a surprisingly low cost.

•Understanding the Xen hypervisor: what it does, and how itworks

•Managing guest resources: memory, CPU, and I/O

•Employing Xen in the enterprise: tools, products, and

techniques

Running Xen: A Hands-On Guide to the Art of Virtualization

by Jeanna N Matthews; Eli M Dow; Todd Deshane;Wenjin Hu; Jeremy Bongio; Patrick F Wilbur;

Brendan Johnson

Publisher: Prentice Hall

Pub Date: April 10, 2008

Print ISBN-10: 0-13-234966-3 Print ISBN-13: 978-0-13-234966-6 eText ISBN-10: 0-13-207467-2 eText ISBN-13: 978-0-13-207467-4 Pages: 624

Step 4: Creating Guests

Converting Images from Other Virtualization PlatformsSummary

Exclusive Device Access Versus Trusted Driver DomainsDevice Emulation with QEMU-DM

DomU Security

Summary

References and Further Reading

Chapter 12 Managing Guest Resources

Citrix XenServer Enterprise, Standard, and XenExpressEditions

Index

ISBN 0-13-234966-3 (pbk : alk paper) 1 Xen (Electronic resource) 2 Virtual computer systems

3 Computer organization 4 Parallel processing (Electronic computers) I Title QA76.9.V5M38 2008

Igor Hernandez

Alexander M PolimeniErika Gorczyca

Justin Bennett

Joseph Skufca

Mathew S McCarrellKrista Gould

Ron Arenas

experimentation, and for fun.

The Xen open source hypervisor is changing the world of

virtualization It encourages the broad distribution of a commonindustry standard hypervisor that runs on a wide range of

architectures from super computers to servers to clients to

PDAs By focusing on the hypervisor, the "engine" of

virtualization, rather than a specific product embodiment, theXen open source project enables multiple vendors and the

community to combine the common cross platform

virtualization features of Xen into exciting new products andservice offerings

To date, the community around the Xen hypervisor has beensquarely in the camp of developers and expert users While theXen-users mailing list offers a friendly and useful source of

advice for those wanting to deploy and manage Xen-based

environments, the new user might find herself in need of adviceabout best practice and step-by-step instructions for the

deployment of Xen Running Xen: A Hands-on Guide to the Art

of Virtualization speaks directly to this critical need It provides

users with everything they need to know to download, build,deploy, and manage Xen implementations

on a larger set of new virtualization initiatives

To the readers, I would like to say welcome to the community ofXen users We look forward to your involvement and

contributions! We believe this book will provide you with an

excellent introduction to running Xen

VP Advanced Technology, Citrix Systems

We began using Xen in the fall of 2003 soon after reading thepaper "Xen and the Art of Virtualization" published in the

Symposium on Operating Systems Principles (SOSP) After

attending SOSP and talking to some of the authors, Jeanna

Matthews returned excited about Xen She and her graduateoperating systems course at Clarkson University decided to

repeat and extend the results reported in that paper That classincluded two of the coauthors for this book, Eli Dow (currently

at IBM) and Todd Deshane (currently completing his Ph.D.),who were both studying for their Master's degrees at the time

In the process of repeating the results from the 2003 Xen

paper, we learned a lot about running Xen—much of it the hardway! Our goal for this book was to write exactly the material wewished was available when we first started using Xen

In July 2004, we published the paper "Xen and the Art of

Repeated Research," describing our experience with Xen andpresenting the results we obtained repeating and extending theresults All the authors, in addition to being a part of the Fall

2003 graduate operating systems course, were also members ofthe Applied Computing Laboratories at Clarkson University,

specifically the Clarkson Open Source Institute (COSI) and theClarkson Internet Teaching Laboratory (ITL) These labs werefounded to provide students with hands-on experience with

cutting-edge computing technologies and to form a community

in which everyone both learns and teaches Other students inthe labs—both graduate and undergraduate—began to use Xen

as the basis for both production systems and for research

projects Through the years, we have used Xen as the basis for

winning team projects In the process, we have learned a lotabout running Xen It is our goal in this book to share this

a number of academic papers as well as the basis of award-knowledge with you and to make your experience running Xen

as smooth and simple as possible

The book is targeted at individuals and organizations that are

topics such as device virtualization, network configuration,

security, and live migration We hope you will find it a good mix

of introductory and advanced topics that will prove useful fromyour first Xen deployment experiment to running productionXen systems

Chapter 1, "Xen—Background and Virtualization Basics," is aquick introduction to virtualization in general and to Xen in

particular Chapter 2, "A Quick Tour with the Xen LiveCD,"

provides an overview of Xen's functionalities by exploring theXen LiveCD Chapter 3, "The Xen Hypervisor," focuses on thehypervisor that is the core of any Xen system and some othertrusted components such as Domain0 and xend We build onthat common understanding of the Xen hypervisor by concretelyshowing you how to install and configure your own hard-disk-based Xen installation in Chapter 4, "Hardware Requirementsand Installation of Xen Domain0." After you have your own

hypervisor installation up and running, this book eases you intousing guest images by first showing you how to download anduse images available from the Internet in Chapter 5, "Using

Prebuilt Guest Images." Chapter 6, "Managing Unprivileged

Domains," covers the basics of administering the running

DomUs or unprivileged guest domains You are then guided

through the various methods of creating your own custom guestimages in Chapter 7, "Populating Guest Images." Now that youhave all these guests, Chapter 8, "Storing Guest Images,"

covers a variety of choices for storing guest images for onlineuse as well as backup and sharing

The second half of this book delves into more advanced system

"Device Virtualization and Management"), networking (Chapter

10, "Network Configuration"), security (Chapter 11, "Securing aXen System"), resource distribution (Chapter 12, "ManagingGuest Resources"), and migration (Chapter 13, "Guest Save,Restore and Live Migration") We conclude with a survey of

some of the popular administrative tools available for your Xensystems in Chapter 14, "An Overview of Xen Enterprise

Management Tools."

Throughout the book, we include listings illustrating relevantcommands and their output We use the command prompt toindicate where the command should be run

We are indebted to the many people who provided feedbackand suggestions on the book's content Simon Crosby providedkey feedback on the overall content of the book Keir Fraseranswered a number of technical questions with amazing speedand good humor Andy Warfield provided feedback for Chapter

9 We thank all the Xen contributors who have released theirwork to the open source community

Several of the authors attended the Xen Summit at IBM T.J.Watson Research in April 2007 and we would like to express ourgratitude to all the organizers and attendees Many people

provided invaluable feedback and advice in various

conversations—short and long We would especially like to

thank Sean Dague, who provided excellent overall Xen adviceand feedback throughout this process, and Jose Renato Santos,who provided detailed feedback on the networking material inthe book In general, online materials from all the Xen summitswere an invaluable resource for us, as was the Xen Wiki, Xenmailing lists, and other similar resources We appreciate theefforts of all the individuals who contributed to those materials

We would like to thank everyone who read early drafts of thebook Jessie Yu in particular went above and beyond the call ofduty in reviewing and helping to revise many chapters Jim

Owens provided valuable early feedback for Chapter 13 Tom

"Spot" Callaway from Red Hat gave us some excellent

suggestions about Chapter 14 (Thanks also to Spot and MáirìnDuffy for several screenshots in that chapter.) Chris Petermandid some early writing on the security chapter and providedvaluable comments in the initial phases of organizing the text.Lindsay Hoffman and Barbara Brady provided detailed

comments on the writing in Chapter 10 Ryan Kornheisl read anumber of chapters and helped test many of the instructions inthe book Anthony Peltz also helped with testing

We would also like to thank everyone who helped with final

a small army of people volunteered to do a fresh read of manychapters, finding everything from typos to substantial problems

We would like to thank Zach Shepherd, Keegan M Lowenstein,Igor Hernandez, Alexander M Polimeni, Erika Gorczyca, JustinBennett, Joseph Skufca, Mathew S McCarrell, Krista Gould, andRon Arenas We couldn't have done it without you! Tom

Doeppner and Dan Kuebrich from Brown University also

provided some very helpful feedback on Chapter 3 We wouldespecially like to thank Michael Thurston and Ken Hess for theirexcellent suggestions Beside the authors, we believe they arethe only ones who have read the entire book!

We would like to thank many members of the Clarkson OpenSource Institute and Clarkson Internet Teaching Laboratory whoover time added to our understanding and hands-on experiencewith Xen Bryan Clark (now at Red Hat), Steven Evanchik (now

at VMware), Matt Finlayson, and Jason Herne (both now at IBM)were all coauthors on the 2004 "Xen and the Art of RepeatedResearch" paper Jason Herne, Patricia Jablonski, Leslie Cherian,and Michael McCabe were all coauthors on the 2005 "Data

Protection and Rapid Recovery From Attack With A Virtual

Private File Server and Virtual Machine Appliances" paper, whichused Xen for some of the prototypes being tested Madhu

Hapauarachchi, Demetrios Dimatos, Gary Hamilton, MichaelMcCabe, and Jim Owens were coauthors on the 2007 paper

"Quantifying the Performance Isolation Properties of

Virtualization Systems." Justin Basinger, Michael McCabe, and

Ed Despard were part of the Xenophilia project that won secondplace in the 2005 Unisys Tuxmaster competition Cyrus Katrakand Zach Shepherd have been key to the deployment of Xen inour production environment in the Applied CS labs They haveboth been a crucial source of advice and feedback

We would like to thank the OpenSolaris Xen Community

Leaders, especially Todd Clayton, Mark Johnson, John Levon,and Christopher Beal, for their quick and helpful responses overe-mail and IRC during our testing of Xen on OpenSolaris We

book Additional support in Solaris for Xen beyond what is

covered in this book is expected soon

We would like to thank our editor, Debra Williams Cauley, forher help and encouragement through this entire process

Thanks also to Catherine Nolan who initially contacted us aboutthis project

Richard A Wilbur provided access to early HVM-enabled

equipment used in testing

Jeanna Matthews would like to thank her husband Leonard

Matthews and children Robert and Abigail Matthews for theirpatience and love throughout this whole process She wouldalso like to thank her current and former students—includingthe six other authors on this book—for all she continues to learnfrom them

Eli M Dow would like to thank his parents, Terry and Mona, aswell as his siblings, Ian and Ashley, for everything He wouldalso like to thank IBM and the Test and Integration Center forLinux for their support during the writing process Specifically

he wishes to acknowledge Frank Lefevre, Duane Beyer, RobertJay Brenneman, Phil Chan, Scott Loveland, and Kyle Smith fortheir insightful conversations regarding virtualization and thisbook in particular Eli would also like to thank the wonderfulfaculty and staff at Clarkson University who made his academiccareer such a wonderful experience Lastly he would like to

thank his significant other, Jessie, for her enduring patienceduring the writing process

Todd Deshane would like to thank his significant other, Patty, forher support during the writing of this book

Wenjin Hu would like to thank his mom, Yajuan Song, and hisdad, Hengduo Hu, for their constant support of his study at

Clarkson University, and his friend, Liang Zheng, for emotionalsupport

support and patience throughout the development of this book

Jeanna Matthews is an associate professor of Computer

Science at Clarkson University (Potsdam, New York) where sheleads several hands-on computing laboratories including theClarkson Open Source Institute and Clarkson Internet TeachingLaboratory Students in these labs and in her classes have beenwinners in a number of prestigious computing contests includingthe 2001, 2002, and 2004 IBM Linux Challenge, the 2005 IBMNorth American Grid Scholar's Challenge, the 2005 Unisys

Tuxmaster competition, and the 2006 VMware Ultimate VirtualAppliance Challenge Her research interests include

virtualization, operating systems, computer networks, and

computer security She is actively involved in the Association forComputing Machinery as treasurer of the Special Interest Group

on Operating Systems, editor of Operating Systems Review,

and is a member of the Executive Committee ACM's U.S PublicPolicy Committee, US-ACM She is also the author of a

computer networking textbook, Computer Networking: Internet Protocols in Action, that has been translated into several

languages Jeanna received her Ph.D in Computer Science fromthe University of California at Berkeley in 1999

Eli M Dow is a software engineer in IBM's Test and Integration

Center for Linux in Poughkeepsie, NY He holds a B.S degree inComputer Science and Psychology as well as an M.S in

Computer Science from Clarkson University He is passionateabout open source software and is an alumnus and foundingmember of the Clarkson Open Source Institute His interestsinclude virtualization, Linux systems programming, the GNOMEdesktop, and human-computer interaction He is the author ofnumerous IBM developerWorks articles focused on Linux andopen source software Additionally, he has coauthored two

books on the mainframe hypervisor z/VM, entitled Introduction

to the New Mainframe: z/VM Basics and Linux for IBM System z9 and IBM zSeries His first published experience with Xen was

coauthoring an early academic paper entitled "Xen and the Art

Todd Deshane expects to obtain a Ph.D in Engineering

Science from Clarkson University in 2008 He also has a Master

of Science in Computer Science and a Bachelor of Science inSoftware Engineering from Clarkson While at Clarkson

University, he has had a variety of research publications—manyinvolving Xen In 2005, a project that was based on Todd's

Master's thesis—an open source collaborative, large databaseexplorer—won first place in the Unisys TuxMaster competition.Todd's primary academic and research interests are in the area

of operating system technologies, such as virtual machine

monitors, high availability, and file systems His doctoral

dissertation focuses on using these technologies to providedesktop users with an attack-resistant experience, with

automatic and autonomic recovery from viruses, worms, andadverse system modifications During his Ph.D years, Todd hasbeen a teaching assistant and an IBM Ph.D Fellowship

Jeremy Bongio is currently a Master's student at Clarkson

University He won second place in the Unisys Tuxmaster

competition in 2005 with a project called Xenophilia, an earlyeffort to make Xen more user friendly He is a current memberand former student director of the Clarkson Open Source

Institute, where he actively learns and experiments with

different kinds of virtualization

Computer Science at Clarkson University His interests includeoperating systems, systems and application security, naturallanguage processing, and home automation In his spare time,Patrick enjoys composing music, experimenting with amateurradio, storm chasing, and working on various electronics,

software, and carpentry projects around the house He is

currently a member of the Clarkson Open Source Institute, avolunteer at the Applied Computer Science Laboratories at

Clarkson University, an emergency communications volunteer,and a member of the Association for Computing Machinery

Brendan Johnson graduated from Clarkson University in 2002

with a Bachelor's degree in Computer Science and a minor inMathematics Brendan continued his education at Clarkson

University and obtained a Master's of Science in Computer

Science with a thesis in quantum computing Brendan is

currently a senior software architect at Mobile Armor, a worldleading "Data At Rest" encryption software company

Virtualization Basics

Xen is a virtual machine monitor (hypervisor) that allows you to

use one physical computer to run many virtual computers—forexample, running a production Web server and a test server onthe same physical machine or running Linux and Windows

simultaneously Although not the only virtualization system

available, Xen has a combination of features that make it

uniquely well suited for many important applications Xen runs

on commodity hardware platforms and is open source Xen isfast, scalable, and provides server-class features such as livemigration This chapter discusses common uses and types ofvirtualization, describes the history of virtualization and origins

of Xen, provides a brief overview of the Xen architecture, andcompares Xen with other virtualization systems

Common Uses and Benefits of

Virtualization

Virtual machine monitors provide a convenient way to use thesame physical computer hardware for many different tasks.Operating systems have been doing this for years simply byenabling users to run many different applications at once, such

as Web browsers, database servers, and games However,

without virtualization, the act of choosing an operating systemand system configuration to run on your physical computer hasthe unfortunate side effect of closing off many other options.For example, if you run Linux to develop and test programs inthat environment, you may not be able to run programs writtenexclusively for Windows Also, if you run the newest and fullypatched version of Windows, reproducing problems experienced

by customers on earlier versions may be difficult Additionally, ifyour Web server and database server require different versions

of a system library, they may not be able to run on the samesystem Without virtualization in each of these examples, you

in one machine are sufficient to run all of your applications atonce

Virtual machine monitors (hypervisors) are becoming

increasingly important in modern computing because they allowmany different operating systems and software configurations

to exist on the same physical machine The hypervisor controlsthe underlying hardware, allowing it to be used by many guestsystems at once, and gives each guest system the illusion that

it is running on its own private hardware

The hypervisor abstracts the physical resources of the host

computer into discrete virtual counterparts that can be allocatedfor use by individual guests Virtual guests treat their virtualhardware as if it were real, and the hypervisor ensures that thisillusion is seamless Additionally, hypervisors must ensure somelevel of isolation between guests In a way, hypervisors act asboth magician and traffic cop Figure 1.1 illustrates the

relationship between the physical hardware, the hypervisor, andthe guest virtual machines

Figure 1.1 The hypervisor sits between the guest

domains and the physical hardware.

[View full size image]

virtualization In fact, many modern hypervisors allow guestsystems to move from one physical machine to another withoutinterruption Guest system configurations can easily be

Debugging operating systems is time consuming and

requires exceptionally skilled programming Virtualizationcan ease the burden by allowing a developer to test newoperating systems as a guest on a more stable host Thistechnique has been used for many years and has proveneffective Similarly, security researchers can create guestoperating systems that are isolated from one another aswell as the host Such guests allow researchers to study theeffects of worms, Trojans, and viruses, without affecting thehost system These isolated guests are colloquially referred

environments can have many physical machines, each

running a number of guest systems Guest systems can bemoved seamlessly between physical machines to balancethe load dynamically, thus using the aggregate resourcesmost efficiently Many enterprise customers have enjoyedthese benefits on exotic hardware platforms for many years.Xen now provides these advantages to a wider audience.Other benefits of virtualization become especially clear in aserver environment One example is the ability to

consolidate many services on one physical machine whilestill allowing each service to be administered independently

In a multihosting environment, a service provider may runguest systems belonging to many different individuals orbusinesses on the same physical machine Each entity couldhave its own root or administrative access, make its ownchoices as to what software to run, and administer its ownvirtual guest autonomously without any need to consult orcoordinate with the owners of the other guest systems

Hypervisors can be especially useful for developers,

because the developers no longer need to restart physicalmachines to switch between various operating systems.Multiboot configurations are just not sufficient for these

developers any longer Developers requiring this

functionality are becoming more common as more

applications are made multiplatform

From a business perspective, virtualization can provide areduced total cost of ownership (TCO) Hardware is utilizedmore fully when multiple operating systems coexist on asingle physical machine Imagine running just two virtualmachines on each server a company owns This would

mean 50 percent of the hardware would be needed for thesame computing infrastructure Now, we do not mean toimply every computer should be running simultaneous

virtualized guest operating systems, but often many

machines sit practically idle, and these computers are primecandidates for consolidation via virtualization Training costsfor employees can be decreased when using virtualizationbecause it allows several different training configurations(operating systems and applications) to coexist on a singleplatform, thus fewer computers are needed for training, andreconfiguration is minimized between different training

sessions

In many business environments, users are afforded the

advantage of being able to virtualize legacy operating

systems and applications on modern hardware platforms.Typically, migration of these applications to current

architectures is too costly Even if migration was successful,those applications would need debugging for many years to

be as robust as the original applications With a virtual

machine, users are free to execute legacy products in a

rogue legacy application bringing the system to a halt

The final benefit of virtualization that bears mentioning isdecreased power consumption and cooling infrastructure.Servers running virtualized at higher utilization make moreefficient use of power than many systems functioning at lowcapacity Because smaller space is occupied by the

computing infrastructure, there is more room to adequatelycool today's very dense and very warm data centers Insome cases a substantial cost savings for air conditioningcan be realized

Virtualization Basics

Xen is a virtual machine monitor (hypervisor) that allows you to

use one physical computer to run many virtual computers—forexample, running a production Web server and a test server onthe same physical machine or running Linux and Windows

simultaneously Although not the only virtualization system

available, Xen has a combination of features that make it

uniquely well suited for many important applications Xen runs

on commodity hardware platforms and is open source Xen isfast, scalable, and provides server-class features such as livemigration This chapter discusses common uses and types ofvirtualization, describes the history of virtualization and origins

of Xen, provides a brief overview of the Xen architecture, andcompares Xen with other virtualization systems

Common Uses and Benefits of

Virtualization

Virtual machine monitors provide a convenient way to use thesame physical computer hardware for many different tasks.Operating systems have been doing this for years simply byenabling users to run many different applications at once, such

as Web browsers, database servers, and games However,

without virtualization, the act of choosing an operating systemand system configuration to run on your physical computer hasthe unfortunate side effect of closing off many other options.For example, if you run Linux to develop and test programs inthat environment, you may not be able to run programs writtenexclusively for Windows Also, if you run the newest and fullypatched version of Windows, reproducing problems experienced

by customers on earlier versions may be difficult Additionally, ifyour Web server and database server require different versions

of a system library, they may not be able to run on the samesystem Without virtualization in each of these examples, you

in one machine are sufficient to run all of your applications atonce

Virtual machine monitors (hypervisors) are becoming

increasingly important in modern computing because they allowmany different operating systems and software configurations

to exist on the same physical machine The hypervisor controlsthe underlying hardware, allowing it to be used by many guestsystems at once, and gives each guest system the illusion that

it is running on its own private hardware

The hypervisor abstracts the physical resources of the host

computer into discrete virtual counterparts that can be allocatedfor use by individual guests Virtual guests treat their virtualhardware as if it were real, and the hypervisor ensures that thisillusion is seamless Additionally, hypervisors must ensure somelevel of isolation between guests In a way, hypervisors act asboth magician and traffic cop Figure 1.1 illustrates the

relationship between the physical hardware, the hypervisor, andthe guest virtual machines

Figure 1.1 The hypervisor sits between the guest

domains and the physical hardware.

[View full size image]

virtualization In fact, many modern hypervisors allow guestsystems to move from one physical machine to another withoutinterruption Guest system configurations can easily be

Debugging operating systems is time consuming and

requires exceptionally skilled programming Virtualizationcan ease the burden by allowing a developer to test newoperating systems as a guest on a more stable host Thistechnique has been used for many years and has proveneffective Similarly, security researchers can create guestoperating systems that are isolated from one another aswell as the host Such guests allow researchers to study theeffects of worms, Trojans, and viruses, without affecting thehost system These isolated guests are colloquially referred

environments can have many physical machines, each

running a number of guest systems Guest systems can bemoved seamlessly between physical machines to balancethe load dynamically, thus using the aggregate resourcesmost efficiently Many enterprise customers have enjoyedthese benefits on exotic hardware platforms for many years.Xen now provides these advantages to a wider audience.Other benefits of virtualization become especially clear in aserver environment One example is the ability to

consolidate many services on one physical machine whilestill allowing each service to be administered independently

In a multihosting environment, a service provider may runguest systems belonging to many different individuals orbusinesses on the same physical machine Each entity couldhave its own root or administrative access, make its ownchoices as to what software to run, and administer its ownvirtual guest autonomously without any need to consult orcoordinate with the owners of the other guest systems

Hypervisors can be especially useful for developers,

because the developers no longer need to restart physicalmachines to switch between various operating systems.Multiboot configurations are just not sufficient for these

developers any longer Developers requiring this

functionality are becoming more common as more

applications are made multiplatform

From a business perspective, virtualization can provide areduced total cost of ownership (TCO) Hardware is utilizedmore fully when multiple operating systems coexist on asingle physical machine Imagine running just two virtualmachines on each server a company owns This would

mean 50 percent of the hardware would be needed for thesame computing infrastructure Now, we do not mean toimply every computer should be running simultaneous

virtualized guest operating systems, but often many

machines sit practically idle, and these computers are primecandidates for consolidation via virtualization Training costsfor employees can be decreased when using virtualizationbecause it allows several different training configurations(operating systems and applications) to coexist on a singleplatform, thus fewer computers are needed for training, andreconfiguration is minimized between different training

sessions

In many business environments, users are afforded the

advantage of being able to virtualize legacy operating

systems and applications on modern hardware platforms.Typically, migration of these applications to current

architectures is too costly Even if migration was successful,those applications would need debugging for many years to

be as robust as the original applications With a virtual

machine, users are free to execute legacy products in a

rogue legacy application bringing the system to a halt

The final benefit of virtualization that bears mentioning isdecreased power consumption and cooling infrastructure.Servers running virtualized at higher utilization make moreefficient use of power than many systems functioning at lowcapacity Because smaller space is occupied by the

computing infrastructure, there is more room to adequatelycool today's very dense and very warm data centers Insome cases a substantial cost savings for air conditioningcan be realized

Many technical details of virtualization are similar, yet variousapproaches exist to solve problems associated with the differentimplementations Four major virtualization architectures in

modern computing provide the illusion of complete stand-alonesystems: emulation, full virtualization, paravirtualization, andoperating system level virtualization For completeness, we alsobriefly discuss two other types of virtualization—library and

isolation between virtual machines Most hypervisors provide nomore sharing support between guest instances than disjointedphysical computers on the same network

Each virtualization technique trades some level of isolation forincreased sharing of resources among its guests Typically,

stronger isolation comes at the cost of some performance This

is due to the overhead required to implement strong isolationmechanisms Conversely, weaker isolation can relax the

microcode for new hardware designs before that hardware isphysically available Examples include PearPC, Bochs, and thenonaccelerated form of QEMU

Figure 1.2 Emulator virtual machines provide a virtual computing architecture that is not the same as the actual physical architecture of the host machine Operating systems intended for the emulated hardware are

executed unmodified.

Full Virtualization

Full virtualization (also called native virtualization) is similar to

emulation As in emulation, unmodified operating systems andapplications run inside a virtual machine Full virtualization

differs from emulation in that operating systems and

applications are designed to run on the same architecture asthe underlying physical machine This allows a full virtualizationsystem to run many instructions directly on the raw hardware.The hypervisor in this case polices access to the underlying

hardware and gives each guest operating system the illusion ofhaving its own copy It no longer must use software to simulate

a different basic architecture Figure 1.3 illustrates full

Figure 1.3 The full virtualization hypervisor presents the actual physical hardware "P" to each guest so that operating systems intended for the underlying

architecture may run unmodified and unaware that they

are being run virtualized.

For x86, virtualization systems are often classified as full

virtualization if they can run unmodified guest operating systembinaries However, some of these still make some simplifyingchanges to x86 for easier virtualization and still achieve highperformance The x86 architecture is notoriously difficult to

virtualize Because of this, virtualization specifics (Intel's VT andAMD's AMD-V, discussed in the "Intel VT" and "AMD-V" sections

in Chapter 4, "Hardware Requirements and Installation of XenDomain0") have been added to improve performance and makerunning an operating system within a Xen virtual machine

simpler They support these changes with clever methods, such

as on-the-fly binary translation of instructions that are not

desired in their simplified x86 architecture

Major vendors of full virtualization include VMware Workstation,VMware Server (formerly GSX Server), Parallels Desktop,

architecture, which is not necessarily the case in emulation.Instead, targeted modifications are introduced to make it

simpler and faster to support multiple guest operating systems.For example, the guest operating system might be modified touse a special hypercall application binary interface (ABI) instead

of using certain architectural features that would normally beused This means that only small changes are typically required

in the guest operating systems, but any such changes make itdifficult to support closed-source operating systems that aredistributed in binary form only, such as Microsoft Windows As

in full virtualization, applications are typically still run

unmodified Figure 1.4 illustrates paravirtualization

Figure 1.4 Paravirtualization hypervisors are similar to full virtualization but use modified guest operating

systems to optimize virtual execution.