SlideShare una empresa de Scribd logo

Handout2o

Shahbaz Sidhu
Shahbaz Sidhu
1 de 56
Descargar para leer sin conexión
INSE 6620 (Cloud Computing Security and Privacy) Cloud Computing 101 Prof. Lingyu Wang 1
The Big PictureThe Big Picture Cloud applications: data- intensi e omp te intensi e storage intensive intensive, compute-intensive, storage-intensive Bandwidth WS Web-services, SOA, WS standards Services interface WS Virtualization: bare metal hypervisor VM0 VM1 VMn Storage Multi-core architectures Virtualization: bare metal, hypervisor. …Storage Models: S3, BigTable, BlobStore, ... 2Ramamurthy et al., Cloud Computing: Concepts, Technologies and Business Implications 64-bit processor
Enabling TechnologiesEnabling Technologies Cloud computing relies on: 1. Hardware advancements 2. Web x.0 technologies 3 Vi t li ti3. Virtualization 4. Distributed file system 3 Slides 3-11 are partially based on: Li et al., Chapter 3 Enabling technologies, In Spatial Cloud Computing: a practical approach, edited by Yang et al., CRC Press: pp. 31-46.
Hardware Advancements: Multi-coreHardware Advancements: Multi core Single-core and multi-thread computing model bl t t th i t i tiwas unable to meet the intensive computing demand M lti o e CPU fi t ed in l te 1900Multi-core CPU was first used in late 1900s Characterized by low electricity consumption, efficient space utilization, and favorableefficient space utilization, and favorable performance Help cloud providers build energy-efficient and high performance data centers Virtualization, multi-tenancy 4
Hardware advancements: NetworkingHardware advancements: Networking Cloud computing provides services in a multi- t t i t h t k i itenant environment where network is serving as the “glue” function. Intra-cloud network Wide-area network Virtual instance networkinstance • Blob • Table Queue StorageCompute • Queue 5 Storage service p cluster “Elastic”Li et al., CloudCmp: Comparing Public Cloud Providers, IMC
Storage/Smart DevicesStorage/Smart Devices The fast developing storage technologies meet th t d f l d tithe storage need of cloud computing. Smart devices accelerate the development of lo d omp ting b en i hing it ecloud computing by enriching its access channels for cloud consumers. 6
Enabling TechnologiesEnabling Technologies Cloud computing relies on: 1. Hardware advancements 2. Web x.0 technologies 3 Vi t li ti3. Virtualization 4. Distributed file system 7
Web X.0: the Evolution of WebWeb X.0: the Evolution of Web 8
Web x.0: Web ServicesWeb x.0: Web Services A web service is a software system designed to t i t bl hi t hisupport interoperable machine-to-machine interaction over a network SOAP b ed eb e i eSOAP-based web services: Web Services Description Language (WSDL) Simple Object Access Protocol (SOAP)Simple Object Access Protocol (SOAP) XML is extensively used RESTful web services:RESTful web services: retrieve information through simple HTTP methods such as GET, POST, PUT and DELETE. E.g. Google APIs, Yahoo APIs 9
Service-Oriented Architecture (SOA)Service Oriented Architecture (SOA) A service based component model for d l i ft i th f f i t bldeveloping software in the form of interoperable services Benefit of ing SOABenefits of using SOA: Component reusing Existing system integrationExisting system integration Language and platform independent 10
Web x.0: Cloud computing and SOAWeb x.0: Cloud computing and SOA Cloud computing, to a large extent, leverages th t f SOA i ll i th S S dthe concept of SOA, especially in the SaaS and PaaS layers. The h e diffe ent emph iThey have different emphasis: -- SOA is an architecture focusing on i th ti f “h tanswering the question of “how to develop applications”. -- Cloud computing is an infrastructure h i i th l ti f “hemphasizing on the solution of “how to deliver applications”. 11
Enabling TechnologiesEnabling Technologies Cloud computing relies on: 1. Hardware advancements 2. Web x.0 technologies 3 Vi t li ti3. Virtualization 4. Distributed file system 12
What Is Virtualization?What Is Virtualization? “Creating a virtual (rather than actual) version of something, including but not limited to a virtual computer hardware platform,including but not limited to a virtual computer hardware platform, operating system (OS), storage device, or computer network resources.” E.g., Windows and Linux on the same laptopg , p p How is it different from dual-boot? The OSes are completely isolated from each other 13Slides 13-34 are partially based on: Alex Landau, Virtualization Technologies, IBM Haifa Research Lab
We’ve Been Doing It For Decades!We ve Been Doing It For Decades! Indeed – an OS provides isolation between processes Each has it’s own virtual memoryEach has it s own virtual memory Controlled access to I/O devices (disk, network) via system calls Process scheduler to decide which process runs on which CPU core So why virtual “machine”?So why virtual machine ? Try running Microsoft Exchange requiring Windows and some applications requiring Linux simultaneously on the same box! O b tt t t t d Boei d Ai b t th iOr better yet, try to persuade Boeing and Airbus to run their processes side-by-side on one server Psychological effect – what sounds better? ’ i l hi d ’ h dYou’re given your own virtual machine and you’re root there – do whatever you want You can run certain processes, but you don’t get root, call our helpdesk with your configuration requests and we’ll get back to you 14 helpdesk with your configuration requests and we ll get back to you in 5 business days…
BenefitsBenefits Decoupling HW/SW leads to many benefits: Server consolidation Running web/app/DB servers on same machine,u g eb/app/ se e s o sa e a e, without losing robustness electricity savings, room space savings... Easier backup/restore/upgrade/provisioning Easier testing (e.g., firewall) Making IaaS possible 15
Two Types of HypervisorsTwo Types of Hypervisors Definitions Hypervisor (or VMM – Virtual Machine Monitor) is a software layer that allows several virtual machines to run on a physical machine The physical OS and hardware are called the Host The virtual machine OS and applications are called the Guest Type 1 (bare-metal) Type 2 (hosted) VM1 VM2 yp ( ) Guest Process Hypervisor VM1 VM2 yp ( ) Guest VMware ESX Microsoft Hyper V Xen Hardware Hypervisor Host Hardware OS VMware Workstation Microsoft Virtual PC Host 16 VMware ESX, Microsoft Hyper-V, Xen VMware Workstation, Microsoft Virtual PC, Sun VirtualBox, QEMU, KVM
Bare-Metal or Hosted?Bare Metal or Hosted? Bare-metal Has complete control over hardwareHas complete control over hardware Doesn’t have to “fight” an OS Hosted Avoid code duplication: need not code a process schedulerAvoid code duplication: need not code a process scheduler, memory management system – the OS already does that Can run native processes alongside VMs Familiar environment – how much CPU and memory does a VMFamiliar environment how much CPU and memory does a VM take? Use top! How big is the virtual disk? ls –l Easy management – stop a VM? Sure, just kill it! A combinationA combination Mostly hosted, but some parts are inside the OS kernel for performance reasons E.g., KVM 17 g ,
How to Run a VM? Emulate!How to Run a VM? Emulate! Do whatever the CPU does but in software Fetch the next instruction Decode – is it an ADD, a XOR, a MOV? Execute – using the emulated registers and memoryg g y Example: addl %ebx, %eax is emulated as: enum {EAX=0, EBX=1, ECX=2, EDX=3, …}; unsigned long regs[8]; regs[EAX] += regs[EBX]; Pro: Simple! Con: Slooooooooow Example hypervisor: BOCHS 18 Example hypervisor: BOCHS
How to run a VM? Trap and emulate!How to run a VM? Trap and emulate! Run the VM directly on the CPU – no l ti !emulation! Most of the code can execute just fine ddl % b %E.g., addl %ebx, %eax Some code needs hypervisor intervention i t $0 80int $0x80 movl something, %cr3 I/OI/O Trap and emulate it! E g if guest runs int $0x80 19 E.g., if guest runs int $0x80, trap it and execute guest’s interrupt 0x80 handler
Trap and Emulate ModelTrap and Emulate Model Traditional OS : When application invoke a system call : CPU will trap to interruptCPU will trap to interrupt handler vector in OS. CPU will switch to kernel mode (Ring 0) and execute OS instructions. When hardware event : Hardware will interrupt CPU execution, and jump to interrupt handler in OS.
Trap and Emulate Model Cont’dTrap and Emulate Model Cont d VMM and Guest OS : System CallSystem Call CPU will trap to interrupt handler vector of VMM. VMM jump back into guest OS. Hardware Interrupt Hardware make CPU trap to interrupt handler of VMM. VMM jump to correspondingVMM jump to corresponding interrupt handler of guest OS. Privilege Instruction Running privilege instructionsg p g in guest OS will be trapped to VMM for instruction emulation. After emulation, VMM jump back to guest OS.to guest OS.
Trap and Emulate Model Cont’dTrap and Emulate Model Cont d Pro: Pe fo mance!Performance! Cons: Harder to implementp Need hardware support Not all “sensitive” instructions cause a trap when executed in usermode E.g., POPF, that may be used to clear interrupt flag (IF) This instruction does not trap, but value of IF does not change! This hardware support is called VMX (Intel) or SVM (AMD) Exists in modern CPUs Example hypervisor: KVM 22 Example hypervisor: KVM
Dynamic (Binary) TranslationDynamic (Binary) Translation Take a block of binary VM code that is about to be executedexecuted Translate it on the fly to “safe” code (like JIT – just in time compilation)p ) Execute the new “safe” code directly on the CPU Translation rules?Translation rules? Most code translates identically (e.g., movl %eax, %ebx translates to itself) “Sensitive” operations are translated into “hypercalls”Sensitive operations are translated into hypercalls Hypercall – call into the hypervisor to ask for service Implemented as trapping instructions (unlike POPF) 23
Dynamic (Binary) Translation Cont’dDynamic (Binary) Translation Cont d Pros: No hardware support required Performance – better than emulation CCons: Performance – worse than trap and emulate Hard to implementHard to implement Example hypervisors: VMware QEMUVMware, QEMU 24
How to run a VM? Paravirtualization!How to run a VM? Paravirtualization! Requires modified guest OS to “know” it is i t f h irunning on top of a hypervisor E.g., instead of doing cli to turn off interrupts, guest OS should do hypercall(DISABLE INTERRUPTS)guest OS should do hypercall(DISABLE_INTERRUPTS) 25
How to run a VM? Paravirtualization!How to run a VM? Paravirtualization! Pros: No hardware support required Performance – better than emulation CCon: Requires specifically modified guest Same guest OS cannot run in the VM and bareSame guest OS cannot run in the VM and bare- metal Example hypervisor: XenExample hypervisor: Xen 26
I/O VirtualizationI/O Virtualization Types of I/O: Block (e.g., hard disk) Network Input (e g keyboard mouse)Input (e.g., keyboard, mouse) Sound VideoVideo Most performance critical (for servers): NetworkNetwork Block 27
I/O Virtualization ModelsI/O Virtualization Models VM VM Monolithic Model VM VM Pass-through Model Service VMs Guest VMs Service VM Model I/O Services VM0 Guest OS and Apps VMn Guest OS and Apps VM0 Guest OS and Apps Device Drivers VMn Guest OS and Apps Device Drivers I/O Services Device Drivers VMn VM0 Guest OS Hypervisor I/O Services Device Drivers Hypervisor Drivers Drivers Hypervisor Drivers and Apps Hypervisor Shared Devices Assigned Devices Shared Devices Pro: Higher Performance Pro: I/O Device Sharing Pro: VM Migration Con: Larger Hypervisor Pro: Highest Performance Pro: Smaller Hypervisor Pro: Device assisted sharing Con: Migration Challenges Pro: High Security Pro: I/O Device Sharing Pro: VM Migration Con: Lower Performance 28 g yp Con: Migration ChallengesCon: Lower Performance
How Does a NIC Driver Work?How Does a NIC Driver Work? Transmit path: OS prepares packet to transmit in a buffer in memoryOS prepares packet to transmit in a buffer in memory Driver writes start address of buffer to register X of the NIC Driver writes length of buffer to register Y Driver writes ‘1’ (GO!) into register T NIC reads packet from memory addresses [X,X+Y) and sends it on the wire NIC sends interrupt to host (TX complete, next packet please) Receive path: Driver prepares buffer to receive packet into Driver writes start address of buffer to register X Driver writes length of buffer to register Y Driver writes ‘1’ (READY-TO-RECEIVE) into register RDriver writes 1 (READY-TO-RECEIVE) into register R When packet arrives, NIC copies it into memory at [X,X+Y) NIC interrupts host (RX) OS processes packet (e.g., wake the waiting process up) 29 p p ( g , g p p)
I/O Virtualization? Emulate!I/O Virtualization? Emulate! Hypervisor implements virtual NIC (by the specification of a real NIC e g Intel Realtekspecification of a real NIC, e.g., Intel, Realtek, Broadcom) NIC registers (X, Y, Z, T, R, …) are just variables in hypervisor (host) memory If guest writes ‘1’ to register T, hypervisor reads buffer from memory [X,X+Y) and passes it to physical NIC driver ffor transmission When physical NIC interrupts (TX complete), hypervisor injects TX complete interrupt into guest Similar for receive path 30
I/O Virtualization? Emulate!I/O Virtualization? Emulate! Pro: Unmodified guest (guest already has drivers for Intel NICs…) Cons:Cons: Slow – every access to every NIC register causes a VM exit (trap to hypervisor)( p yp ) Hypervisor needs to emulate complex hardware Example hypervisors: QEMU, KVM, VMwarep yp Q , , (without VMware Tools) 31
I/O Virtualization? Paravirtualize!I/O Virtualization? Paravirtualize! Add virtual NIC driver into guest OS (frontend) Implement the i t al NIC in the h pe iso (backend)Implement the virtual NIC in the hypervisor (backend) Everything works just like in the emulation case… …except – protocol between frontend and backend Protocol in emulation case: Guest writes registers X, Y, waits at least 3 nano-sec and writes to register Twrites to register T Hypervisor infers guest wants to transmit packet Paravirtual protocol: Guest does a hypercall, passes it start address and length as arguments Hypervisor knows what it should do 32
I/O Virtualization? Paravirtualize!I/O Virtualization? Paravirtualize! Pro: Fast – no need to emulate physical device Con: Requires guest driver Example hypervisors: QEMU, KVM, VMware (with VMware Tools), Xen How is paravirtual I/O different from i t l t?paravirtual guest? Paravirtual guest requires to modify whole OS Try doing it on Windows (without source code) or evenTry doing it on Windows (without source code), or even Linux (lots of changes) Paravirtual I/O requires the addition of a single d i t t 33 driver to a guest Easy to do on both Windows and Linux guests
Direct access / direct assignmentDirect access / direct assignment “Pull” NIC out of the host, and “plug” it into th tthe guest Guest is allowed to access NIC registers directly, no hypervisor interventionno hypervisor intervention Host can’t access NIC anymore Pro: As fast as possible!Pro: As fast as possible! Cons: Need NIC per guest, plus one for hostNeed NIC per guest, plus one for host Can’t do “cool stuff” Encapsulate guest packets, monitor, modify them at the h i l l 34 hypervisor level Example hypervisors: KVM, Xen, VMware
XenXen The University of Cambridge Computer L b t d l d th fi t i f XLaboratory developed the first versions of Xen The Xen community develops and maintains Xen as free and open-source software (GPL)free and open source software (GPL) Xen is currently available for the IA-32, x86-64 and ARM instruction sets (Original) Target: 100 virtual OSes per machine Slides 35-48 partially based on: Barham et al., Xen and the Art of Virtualization, SOSP’03 35
Xen: Approach OverviewXen: Approach Overview Conventional approach Full virtualization Cannot access the hardware Problematic for certain privileged instructions (e.g., traps)Problematic for certain privileged instructions (e.g., traps) No real-time guarantees Xen: paravirtualization Provides some exposures to the underlying HW Better performance Need modifications to the OSNeed modifications to the OS No modifications to applications 36
TLB (Translation Lookaside Buffer)TLB (Translation Lookaside Buffer) Hardware cache containing parts of page table Translates virtual into real addresses A TLB “miss” will cause an expensive page walk TLB t b fl h d h t t it hiTLB must be flushed when context switching Minimum cost on Pentium 4 to change TLB is 516 cycles (184ns)516 cycles (184ns) http://www.mega- tokyo.com/osfaq2/index.php/Context%20Switching Thus, Xen avoids context switching on system calls for performance reasons 37
Memory ManagementMemory Management Depending on the hardware supports Software managed TLB (translation lookaside buffer) can be easily virtualized Tagged TLB will allow coexistence of OSes andTagged TLB will allow coexistence of OSes, and avoid TLB flushing across OS boundaries X86 has no software managed/tagged TLBg / gg Xen exists at the top 64MB of every address space to avoid TLB flushing when a guest enter/exist Xen Each OS can only map to memory it owns Writes are validated by Xen 38
CPUCPU X86 supports 4 levels of privileges Xen downgrades the privilege of OSes System-call and page-fault handlers registered to XenXen “fast handlers” for most exceptions, Xen isn’t involved I/O: Xen exposes a set of simple device abstractions I/O data is transferred to and from guest via Xen, using shared-memory Efficient while allowing Xen to perform validationEfficient while allowing Xen to perform validation 39
The Cost of Porting an OS to XenThe Cost of Porting an OS to Xen <2% of code-base Privileged instructions Page table access Network driverNetwork driver Block device driver 40
Control ManagementControl Management Domain0 (a special guest) hosts the li ti l l t ftapplication-level management software Creation and deletion of other guests processor memoryof other guests, processor, memory, virtual network interfaces and blockinterfaces and block devices Exposed through anp g interface to application -level management software 41
Control TransferControl Transfer Hypercall: synchronous calls from a guest to XXen Software trap to perform privileged operation Analogous to system callsAnalogous to system calls e.g., page table update requests Events: asynchronous notifications from XenEvents: asynchronous notifications from Xen to guests Replace device interrupts for lightweight notificationReplace device interrupts for lightweight notification e.g., guest termination request, new data received over network 42
Data Transfer: I/O RingsData Transfer: I/O Rings e.g., requests for received packets 43
NetworkNetwork Virtual firewall-router attached to each guest Virtual NICs have two I/O rings and rules e.g., rules for preventing IP source spoofing, incoming connection attemptsincoming connection attempts To send a packet, enqueue a buffer descriptor into the transmit I/O ringinto the transmit I/O ring A domain needs to exchange unused page frame for each received packetframe for each received packet use DMA (zero copy) avoid copy of packets between Xen and guestpy p g 44
DiskDisk Only Domain0 has direct access to disks Oth t d t i t l bl k d iOther guests need to use virtual block devices Use the I/O ring Guest OS will typically reorder requests prior toGuest OS will typically reorder requests prior to enqueuing them on the ring Xen will also reorder requests to improve performance since it knows better about the realperformance since it knows better about the real disk layout Use DMA (zero copy)( py) 45
EvaluationEvaluation Dell 2650 dual processor 2.4 GHz Xeon server 2GB RAM 3 Gb Ethernet NIC3 Gb Ethernet NIC 1 Hitachi DK32eJ 146 GB 10k RPM SCSI disk Linux 2 4 21Linux 2.4.21 46
Relative PerformanceRelative Performance 0.8 0.9 1 0.8 0.9 1 0.4 0.5 0.6 0.7 0 4 0.5 0.6 0.7 0.1 0.2 0.3 0.4 0.1 0.2 0.3 0.4 0 Linux Xen VMWare UML CPU Intensive 0 Linux Xen VMWare UML 180Mb/s TCP traffic Little I/O and OS interaction 180Mb/s TCP traffic Disk read-write on 2GB dataset 47
ScalabilityScalability 48
Live Migration of Virtual MachinesLive Migration of Virtual Machines Move a running virtual machine from one host t th h t ith i d d tito another host with no perceived downtime VM is not aware of the migration Maintain TCP connections of the guest OSMaintain TCP connections of the guest OS VM is treated as a black box How is Live Migration (LM) different from QuickHow is Live Migration (LM) different from Quick Migration (QM)? QM: VM is saved and restored on destinationQM: VM is saved and restored on destination QM: Results in downtime for applications/workloads running inside VMs 49
Use CasesUse Cases Patching or hardware servicing Migrate VMs to temporary hosts and migrate back after original hosts are patched/upgraded Load balancingLoad balancing Migrate VMs to hosts with less load Server consolidationServer consolidation Migrate VMs to a few hosts during off-peak hours and shut down other hosts to reduce powerp consumption 50
MethodologyMethodology Three phases Push: source VM continues running Stop and copy: stop source VM, start new VM Pull: copy what remainsPull: copy what remains Possible approaches Pure stop and copyPure stop-and-copy Pure demand-migration Pre-copyPre copy Slides 52-56 partially based on: Tewari et al., From Zero to Live Migration 51
Memory Copy: Full CopyMemory Copy: Full Copy Memory content isMemory content isMemory content isMemory content is copied to new servercopied to new server VM preVM pre--stagedstaged SAN First initial copy is of all SAN First initial copy is of all in memory content VHD 52
Memory Copy: Dirty PagesMemory Copy: Dirty Pages Client continuesClient continues accessing VMaccessing VM Pages arePages are b i di i db i di i d accessing VMaccessing VM being dirtiedbeing dirtied SAN Client continues to access VM, which results in memory being modified SAN VHD 53
Memory Copy: Incremental CopyMemory Copy: Incremental Copy Smaller set ofSmaller set of changeschanges Recopy of changesRecopy of changes changeschanges Transfer the content of the VM’s SANTransfer the content of the VM s memory to the destination host Track pages modified by the VM, retransfer these pages SAN VHD 54
Live Migration Final TransitionLive Migration Final Transition Partition StatePartition State i di dcopiedcopied Save register and device state of VM on so ce host SAN VM on source host Transfer saved state and storage ownership to destination host VHD Restore VM from saved state on destination host 55
Post-Transition: Clean-upPost Transition: Clean up Client directed toClient directed to new hostnew host Old VM deleted onceOld VM deleted onceOld VM deleted onceOld VM deleted once migration is verifiedmigration is verified successfullysuccessfully SAN ARP issued to have routing devices update their tables Since session state is maintained no SAN VHDmaintained, no reconnections necessary VHD 56

Recomendados

OSSNA18: Xen Beginners Training (exercise script)
OSSNA18: Xen Beginners Training (exercise script)OSSNA18: Xen Beginners Training (exercise script)
OSSNA18: Xen Beginners Training (exercise script)
The Linux Foundation
 
XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...
XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...
XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...
The Linux Foundation
 
Xvisor: embedded and lightweight hypervisor
Xvisor: embedded and lightweight hypervisorXvisor: embedded and lightweight hypervisor
Xvisor: embedded and lightweight hypervisor
National Cheng Kung University
 
OSSNA18: Xen Beginners Training
OSSNA18: Xen Beginners Training OSSNA18: Xen Beginners Training
OSSNA18: Xen Beginners Training
The Linux Foundation
 
.ppt
.ppt.ppt
.ppt
webhostingguy
 
F9: A Secure and Efficient Microkernel Built for Deeply Embedded Systems
F9: A Secure and Efficient Microkernel Built for Deeply Embedded SystemsF9: A Secure and Efficient Microkernel Built for Deeply Embedded Systems
F9: A Secure and Efficient Microkernel Built for Deeply Embedded Systems
National Cheng Kung University
 
Realtime scheduling for virtual machines in SKT
Realtime scheduling for virtual machines in SKTRealtime scheduling for virtual machines in SKT
Realtime scheduling for virtual machines in SKT
The Linux Foundation
 
Ian Pratt Nsdi Keynote Apr2008
Ian Pratt Nsdi Keynote Apr2008Ian Pratt Nsdi Keynote Apr2008
Ian Pratt Nsdi Keynote Apr2008
The Linux Foundation
 

Recomendados

OSSNA18: Xen Beginners Training (exercise script)
OSSNA18: Xen Beginners Training (exercise script)OSSNA18: Xen Beginners Training (exercise script)
OSSNA18: Xen Beginners Training (exercise script)
The Linux Foundation
 
XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...
XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...
XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, C...
The Linux Foundation
 
Xvisor: embedded and lightweight hypervisor
Xvisor: embedded and lightweight hypervisorXvisor: embedded and lightweight hypervisor
Xvisor: embedded and lightweight hypervisor
National Cheng Kung University
 
OSSNA18: Xen Beginners Training
OSSNA18: Xen Beginners Training OSSNA18: Xen Beginners Training
OSSNA18: Xen Beginners Training
The Linux Foundation
 
.ppt
.ppt.ppt
.ppt
webhostingguy
 
F9: A Secure and Efficient Microkernel Built for Deeply Embedded Systems
F9: A Secure and Efficient Microkernel Built for Deeply Embedded SystemsF9: A Secure and Efficient Microkernel Built for Deeply Embedded Systems
F9: A Secure and Efficient Microkernel Built for Deeply Embedded Systems
National Cheng Kung University
 
Realtime scheduling for virtual machines in SKT
Realtime scheduling for virtual machines in SKTRealtime scheduling for virtual machines in SKT
Realtime scheduling for virtual machines in SKT
The Linux Foundation
 
Ian Pratt Nsdi Keynote Apr2008
Ian Pratt Nsdi Keynote Apr2008Ian Pratt Nsdi Keynote Apr2008
Ian Pratt Nsdi Keynote Apr2008
The Linux Foundation
 
Xen io
Xen ioXen io
Xen io
wangyuanzhf
 
Xen Project 15 Years down the Line
Xen Project 15 Years down the LineXen Project 15 Years down the Line
Xen Project 15 Years down the Line
The Linux Foundation
 
System Device Tree update: Bus Firewalls and Lopper
System Device Tree update: Bus Firewalls and LopperSystem Device Tree update: Bus Firewalls and Lopper
System Device Tree update: Bus Firewalls and Lopper
Stefano Stabellini
 
LCA13: Xen on ARM
LCA13: Xen on ARMLCA13: Xen on ARM
LCA13: Xen on ARM
Linaro
 
Linux User Space Debugging & Profiling
Linux User Space Debugging & ProfilingLinux User Space Debugging & Profiling
Linux User Space Debugging & Profiling
Anil Kumar Pugalia
 
olibc: Another C Library optimized for Embedded Linux
olibc: Another C Library optimized for Embedded Linuxolibc: Another C Library optimized for Embedded Linux
olibc: Another C Library optimized for Embedded Linux
National Cheng Kung University
 
Xen in Linux (aka PVOPS update)
Xen in Linux (aka PVOPS update)Xen in Linux (aka PVOPS update)
Xen in Linux (aka PVOPS update)
The Linux Foundation
 
Xen Euro Par07
Xen Euro Par07Xen Euro Par07
Xen Euro Par07
congvc
 
PVOps Update
PVOps Update PVOps Update
PVOps Update
The Linux Foundation
 
9P Overview
9P Overview9P Overview
9P Overview
Eric Van Hensbergen
 
Qi -- Lightweight Boot Loader Applied in Mobile and Embedded Devices
Qi -- Lightweight Boot Loader Applied in Mobile and Embedded DevicesQi -- Lightweight Boot Loader Applied in Mobile and Embedded Devices
Qi -- Lightweight Boot Loader Applied in Mobile and Embedded Devices
National Cheng Kung University
 
Securing Your Cloud With the Xen Hypervisor by Russell Pavlicek
Securing Your Cloud With the Xen Hypervisor by Russell PavlicekSecuring Your Cloud With the Xen Hypervisor by Russell Pavlicek
Securing Your Cloud With the Xen Hypervisor by Russell Pavlicek
buildacloud
 
Xen Hypervisor
Xen HypervisorXen Hypervisor
Xen Hypervisor
Susheel Thakur
 
Advanced performance troubleshooting using esxtop
Advanced performance troubleshooting using esxtopAdvanced performance troubleshooting using esxtop
Advanced performance troubleshooting using esxtop
Alan Renouf
 
Linux Memory Management
Linux Memory ManagementLinux Memory Management
Linux Memory Management
Anil Kumar Pugalia
 
Problem Reporting and Analysis Linux on System z -How to survive a Linux Crit...
Problem Reporting and Analysis Linux on System z -How to survive a Linux Crit...Problem Reporting and Analysis Linux on System z -How to survive a Linux Crit...
Problem Reporting and Analysis Linux on System z -How to survive a Linux Crit...
IBM India Smarter Computing
 
Mobile Virtualization using the Xen Technologies
Mobile Virtualization using the Xen TechnologiesMobile Virtualization using the Xen Technologies
Mobile Virtualization using the Xen Technologies
The Linux Foundation
 
Intrack14dec tips tricks_clean
Intrack14dec tips tricks_cleanIntrack14dec tips tricks_clean
Intrack14dec tips tricks_clean
chinitooo
 
Link Virtualization based on Xen
Link Virtualization based on XenLink Virtualization based on Xen
Link Virtualization based on Xen
The Linux Foundation
 
Embedded Storage Management
Embedded Storage ManagementEmbedded Storage Management
Embedded Storage Management
Anil Kumar Pugalia
 
virtualization.pptx
virtualization.pptxvirtualization.pptx
virtualization.pptx
ssuser6e6eec
 
The lies we tell our code, LinuxCon/CloudOpen 2015-08-18
The lies we tell our code, LinuxCon/CloudOpen 2015-08-18The lies we tell our code, LinuxCon/CloudOpen 2015-08-18
The lies we tell our code, LinuxCon/CloudOpen 2015-08-18
Casey Bisson
 

Más contenido relacionado

La actualidad más candente

Xen Project 15 Years down the Line
Xen Project 15 Years down the LineXen Project 15 Years down the Line
Xen Project 15 Years down the Line
The Linux Foundation
 
System Device Tree update: Bus Firewalls and Lopper
System Device Tree update: Bus Firewalls and LopperSystem Device Tree update: Bus Firewalls and Lopper
System Device Tree update: Bus Firewalls and Lopper
Stefano Stabellini
 
Linux User Space Debugging & Profiling
Linux User Space Debugging & ProfilingLinux User Space Debugging & Profiling
Linux User Space Debugging & Profiling
Anil Kumar Pugalia
 
Xen Euro Par07
Xen Euro Par07Xen Euro Par07
Xen Euro Par07
congvc
 
Securing Your Cloud With the Xen Hypervisor by Russell Pavlicek
Securing Your Cloud With the Xen Hypervisor by Russell PavlicekSecuring Your Cloud With the Xen Hypervisor by Russell Pavlicek
Securing Your Cloud With the Xen Hypervisor by Russell Pavlicek
buildacloud
 
Intrack14dec tips tricks_clean
Intrack14dec tips tricks_cleanIntrack14dec tips tricks_clean
Intrack14dec tips tricks_clean
chinitooo
 

La actualidad más candente (20)

Xen io
Xen ioXen io
Xen io
 
Xen Project 15 Years down the Line
Xen Project 15 Years down the LineXen Project 15 Years down the Line
Xen Project 15 Years down the Line
 
System Device Tree update: Bus Firewalls and Lopper
System Device Tree update: Bus Firewalls and LopperSystem Device Tree update: Bus Firewalls and Lopper
System Device Tree update: Bus Firewalls and Lopper
 
LCA13: Xen on ARM
LCA13: Xen on ARMLCA13: Xen on ARM
LCA13: Xen on ARM
 
Linux User Space Debugging & Profiling
Linux User Space Debugging & ProfilingLinux User Space Debugging & Profiling
Linux User Space Debugging & Profiling
 
olibc: Another C Library optimized for Embedded Linux
olibc: Another C Library optimized for Embedded Linuxolibc: Another C Library optimized for Embedded Linux
olibc: Another C Library optimized for Embedded Linux
 
Xen in Linux (aka PVOPS update)
Xen in Linux (aka PVOPS update)Xen in Linux (aka PVOPS update)
Xen in Linux (aka PVOPS update)
 
Xen Euro Par07
Xen Euro Par07Xen Euro Par07
Xen Euro Par07
 
PVOps Update
PVOps Update PVOps Update
PVOps Update
 
9P Overview
9P Overview9P Overview
9P Overview
 
Qi -- Lightweight Boot Loader Applied in Mobile and Embedded Devices
Qi -- Lightweight Boot Loader Applied in Mobile and Embedded DevicesQi -- Lightweight Boot Loader Applied in Mobile and Embedded Devices
Qi -- Lightweight Boot Loader Applied in Mobile and Embedded Devices
 
Securing Your Cloud With the Xen Hypervisor by Russell Pavlicek
Securing Your Cloud With the Xen Hypervisor by Russell PavlicekSecuring Your Cloud With the Xen Hypervisor by Russell Pavlicek
Securing Your Cloud With the Xen Hypervisor by Russell Pavlicek
 
Xen Hypervisor
Xen HypervisorXen Hypervisor
Xen Hypervisor
 
Advanced performance troubleshooting using esxtop
Advanced performance troubleshooting using esxtopAdvanced performance troubleshooting using esxtop
Advanced performance troubleshooting using esxtop
 
Linux Memory Management
Linux Memory ManagementLinux Memory Management
Linux Memory Management
 
Problem Reporting and Analysis Linux on System z -How to survive a Linux Crit...
Problem Reporting and Analysis Linux on System z -How to survive a Linux Crit...Problem Reporting and Analysis Linux on System z -How to survive a Linux Crit...
Problem Reporting and Analysis Linux on System z -How to survive a Linux Crit...
 
Mobile Virtualization using the Xen Technologies
Mobile Virtualization using the Xen TechnologiesMobile Virtualization using the Xen Technologies
Mobile Virtualization using the Xen Technologies
 
Intrack14dec tips tricks_clean
Intrack14dec tips tricks_cleanIntrack14dec tips tricks_clean
Intrack14dec tips tricks_clean
 
Link Virtualization based on Xen
Link Virtualization based on XenLink Virtualization based on Xen
Link Virtualization based on Xen
 
Embedded Storage Management
Embedded Storage ManagementEmbedded Storage Management
Embedded Storage Management
 

Similar a Handout2o

The lies we tell our code, LinuxCon/CloudOpen 2015-08-18
The lies we tell our code, LinuxCon/CloudOpen 2015-08-18The lies we tell our code, LinuxCon/CloudOpen 2015-08-18
The lies we tell our code, LinuxCon/CloudOpen 2015-08-18
Casey Bisson
 
Making Clouds: Turning OpenNebula into a Product
Making Clouds: Turning OpenNebula into a ProductMaking Clouds: Turning OpenNebula into a Product
Making Clouds: Turning OpenNebula into a Product
NETWAYS
 
OpenNebulaConf 2013 - Making Clouds: Turning OpenNebula into a Product by Car...
OpenNebulaConf 2013 - Making Clouds: Turning OpenNebula into a Product by Car...OpenNebulaConf 2013 - Making Clouds: Turning OpenNebula into a Product by Car...
OpenNebulaConf 2013 - Making Clouds: Turning OpenNebula into a Product by Car...
OpenNebula Project
 
Cloud Computing Hypervisors and Comparison Xen KVM
Cloud Computing Hypervisors and Comparison Xen KVM Cloud Computing Hypervisors and Comparison Xen KVM
Cloud Computing Hypervisors and Comparison Xen KVM
cloudresearcher
 
IT109 Microsoft Windows 7 Operating Systems Unit 02
IT109 Microsoft Windows 7 Operating Systems Unit 02IT109 Microsoft Windows 7 Operating Systems Unit 02
IT109 Microsoft Windows 7 Operating Systems Unit 02
blusmurfydot1
 
VIRTUAL MACHINE VERSATILE PLATFORM01~chapter 1 (1).ppt
VIRTUAL MACHINE VERSATILE PLATFORM01~chapter 1 (1).pptVIRTUAL MACHINE VERSATILE PLATFORM01~chapter 1 (1).ppt
VIRTUAL MACHINE VERSATILE PLATFORM01~chapter 1 (1).ppt
nagarajans87
 
Operating system Definition Structures
Operating system Definition StructuresOperating system Definition Structures
Operating system Definition Structures
anair23
 
The Lies We Tell Our Code (#seascale 2015 04-22)
The Lies We Tell Our Code (#seascale 2015 04-22)The Lies We Tell Our Code (#seascale 2015 04-22)
The Lies We Tell Our Code (#seascale 2015 04-22)
Casey Bisson
 
An Introduction To Server Virtualisation
An Introduction To Server VirtualisationAn Introduction To Server Virtualisation
An Introduction To Server Virtualisation
Alan McSweeney
 
Security best practices for hyper v and server virtualisation [svr307]
Security best practices for hyper v and server virtualisation [svr307]Security best practices for hyper v and server virtualisation [svr307]
Security best practices for hyper v and server virtualisation [svr307]
Louis Göhl
 

Similar a Handout2o (20)

virtualization.pptx
virtualization.pptxvirtualization.pptx
virtualization.pptx
 
The lies we tell our code, LinuxCon/CloudOpen 2015-08-18
The lies we tell our code, LinuxCon/CloudOpen 2015-08-18The lies we tell our code, LinuxCon/CloudOpen 2015-08-18
The lies we tell our code, LinuxCon/CloudOpen 2015-08-18
 
Parth virt
Parth virtParth virt
Parth virt
 
Usenix Invited Talk
Usenix Invited TalkUsenix Invited Talk
Usenix Invited Talk
 
IaaS - Virtualization_Cambridge.pdf
IaaS - Virtualization_Cambridge.pdfIaaS - Virtualization_Cambridge.pdf
IaaS - Virtualization_Cambridge.pdf
 
Making clouds: turning opennebula into a product
Making clouds: turning opennebula into a productMaking clouds: turning opennebula into a product
Making clouds: turning opennebula into a product
 
Making Clouds: Turning OpenNebula into a Product
Making Clouds: Turning OpenNebula into a ProductMaking Clouds: Turning OpenNebula into a Product
Making Clouds: Turning OpenNebula into a Product
 
OpenNebulaConf 2013 - Making Clouds: Turning OpenNebula into a Product by Car...
OpenNebulaConf 2013 - Making Clouds: Turning OpenNebula into a Product by Car...OpenNebulaConf 2013 - Making Clouds: Turning OpenNebula into a Product by Car...
OpenNebulaConf 2013 - Making Clouds: Turning OpenNebula into a Product by Car...
 
Cloud Computing Hypervisors and Comparison Xen KVM
Cloud Computing Hypervisors and Comparison Xen KVM Cloud Computing Hypervisors and Comparison Xen KVM
Cloud Computing Hypervisors and Comparison Xen KVM
 
IT109 Microsoft Windows 7 Operating Systems Unit 02
IT109 Microsoft Windows 7 Operating Systems Unit 02IT109 Microsoft Windows 7 Operating Systems Unit 02
IT109 Microsoft Windows 7 Operating Systems Unit 02
 
DeltaV Virtualization
DeltaV VirtualizationDeltaV Virtualization
DeltaV Virtualization
 
VIRTUAL MACHINE VERSATILE PLATFORM01~chapter 1 (1).ppt
VIRTUAL MACHINE VERSATILE PLATFORM01~chapter 1 (1).pptVIRTUAL MACHINE VERSATILE PLATFORM01~chapter 1 (1).ppt
VIRTUAL MACHINE VERSATILE PLATFORM01~chapter 1 (1).ppt
 
Operating system Definition Structures
Operating system Definition StructuresOperating system Definition Structures
Operating system Definition Structures
 
Virtualizaiton-3.pptx
Virtualizaiton-3.pptxVirtualizaiton-3.pptx
Virtualizaiton-3.pptx
 
Unit II.ppt
Unit II.pptUnit II.ppt
Unit II.ppt
 
The Lies We Tell Our Code (#seascale 2015 04-22)
The Lies We Tell Our Code (#seascale 2015 04-22)The Lies We Tell Our Code (#seascale 2015 04-22)
The Lies We Tell Our Code (#seascale 2015 04-22)
 
Virtualization
VirtualizationVirtualization
Virtualization
 
An Introduction To Server Virtualisation
An Introduction To Server VirtualisationAn Introduction To Server Virtualisation
An Introduction To Server Virtualisation
 
Virtualization technolegys for amdocs
Virtualization technolegys for amdocsVirtualization technolegys for amdocs
Virtualization technolegys for amdocs
 
Security best practices for hyper v and server virtualisation [svr307]
Security best practices for hyper v and server virtualisation [svr307]Security best practices for hyper v and server virtualisation [svr307]
Security best practices for hyper v and server virtualisation [svr307]
 

Más de Shahbaz Sidhu

Más de Shahbaz Sidhu (20)

Xen
XenXen
Xen
 
Virtualization
VirtualizationVirtualization
Virtualization
 
Paravirtualization
ParavirtualizationParavirtualization
Paravirtualization
 
Outsourcing control
Outsourcing controlOutsourcing control
Outsourcing control
 
Nist cloud comp
Nist cloud compNist cloud comp
Nist cloud comp
 
Map reduce
Map reduceMap reduce
Map reduce
 
Live migration
Live migrationLive migration
Live migration
 
Handout3o
Handout3oHandout3o
Handout3o
 
Handout1o
Handout1oHandout1o
Handout1o
 
Hadoop
HadoopHadoop
Hadoop
 
Gfs
GfsGfs
Gfs
 
En
EnEn
En
 
Datacenter as computer
Datacenter as computerDatacenter as computer
Datacenter as computer
 
Cloudcom13
Cloudcom13Cloudcom13
Cloudcom13
 
Bigtable osdi06
Bigtable osdi06Bigtable osdi06
Bigtable osdi06
 
About clouds
About cloudsAbout clouds
About clouds
 
6620handout5t
6620handout5t6620handout5t
6620handout5t
 
6620handout5o
6620handout5o6620handout5o
6620handout5o
 
6620handout4t
6620handout4t6620handout4t
6620handout4t
 
6620handout4o
6620handout4o6620handout4o
6620handout4o
 

Handout2o

  • 1. INSE 6620 (Cloud Computing Security and Privacy) Cloud Computing 101 Prof. Lingyu Wang 1
  • 2. The Big PictureThe Big Picture Cloud applications: data- intensi e omp te intensi e storage intensive intensive, compute-intensive, storage-intensive Bandwidth WS Web-services, SOA, WS standards Services interface WS Virtualization: bare metal hypervisor VM0 VM1 VMn Storage Multi-core architectures Virtualization: bare metal, hypervisor. …Storage Models: S3, BigTable, BlobStore, ... 2Ramamurthy et al., Cloud Computing: Concepts, Technologies and Business Implications 64-bit processor
  • 3. Enabling TechnologiesEnabling Technologies Cloud computing relies on: 1. Hardware advancements 2. Web x.0 technologies 3 Vi t li ti3. Virtualization 4. Distributed file system 3 Slides 3-11 are partially based on: Li et al., Chapter 3 Enabling technologies, In Spatial Cloud Computing: a practical approach, edited by Yang et al., CRC Press: pp. 31-46.
  • 4. Hardware Advancements: Multi-coreHardware Advancements: Multi core Single-core and multi-thread computing model bl t t th i t i tiwas unable to meet the intensive computing demand M lti o e CPU fi t ed in l te 1900Multi-core CPU was first used in late 1900s Characterized by low electricity consumption, efficient space utilization, and favorableefficient space utilization, and favorable performance Help cloud providers build energy-efficient and high performance data centers Virtualization, multi-tenancy 4
  • 5. Hardware advancements: NetworkingHardware advancements: Networking Cloud computing provides services in a multi- t t i t h t k i itenant environment where network is serving as the “glue” function. Intra-cloud network Wide-area network Virtual instance networkinstance • Blob • Table Queue StorageCompute • Queue 5 Storage service p cluster “Elastic”Li et al., CloudCmp: Comparing Public Cloud Providers, IMC
  • 6. Storage/Smart DevicesStorage/Smart Devices The fast developing storage technologies meet th t d f l d tithe storage need of cloud computing. Smart devices accelerate the development of lo d omp ting b en i hing it ecloud computing by enriching its access channels for cloud consumers. 6
  • 7. Enabling TechnologiesEnabling Technologies Cloud computing relies on: 1. Hardware advancements 2. Web x.0 technologies 3 Vi t li ti3. Virtualization 4. Distributed file system 7
  • 8. Web X.0: the Evolution of WebWeb X.0: the Evolution of Web 8
  • 9. Web x.0: Web ServicesWeb x.0: Web Services A web service is a software system designed to t i t bl hi t hisupport interoperable machine-to-machine interaction over a network SOAP b ed eb e i eSOAP-based web services: Web Services Description Language (WSDL) Simple Object Access Protocol (SOAP)Simple Object Access Protocol (SOAP) XML is extensively used RESTful web services:RESTful web services: retrieve information through simple HTTP methods such as GET, POST, PUT and DELETE. E.g. Google APIs, Yahoo APIs 9
  • 10. Service-Oriented Architecture (SOA)Service Oriented Architecture (SOA) A service based component model for d l i ft i th f f i t bldeveloping software in the form of interoperable services Benefit of ing SOABenefits of using SOA: Component reusing Existing system integrationExisting system integration Language and platform independent 10
  • 11. Web x.0: Cloud computing and SOAWeb x.0: Cloud computing and SOA Cloud computing, to a large extent, leverages th t f SOA i ll i th S S dthe concept of SOA, especially in the SaaS and PaaS layers. The h e diffe ent emph iThey have different emphasis: -- SOA is an architecture focusing on i th ti f “h tanswering the question of “how to develop applications”. -- Cloud computing is an infrastructure h i i th l ti f “hemphasizing on the solution of “how to deliver applications”. 11
  • 12. Enabling TechnologiesEnabling Technologies Cloud computing relies on: 1. Hardware advancements 2. Web x.0 technologies 3 Vi t li ti3. Virtualization 4. Distributed file system 12
  • 13. What Is Virtualization?What Is Virtualization? “Creating a virtual (rather than actual) version of something, including but not limited to a virtual computer hardware platform,including but not limited to a virtual computer hardware platform, operating system (OS), storage device, or computer network resources.” E.g., Windows and Linux on the same laptopg , p p How is it different from dual-boot? The OSes are completely isolated from each other 13Slides 13-34 are partially based on: Alex Landau, Virtualization Technologies, IBM Haifa Research Lab
  • 14. We’ve Been Doing It For Decades!We ve Been Doing It For Decades! Indeed – an OS provides isolation between processes Each has it’s own virtual memoryEach has it s own virtual memory Controlled access to I/O devices (disk, network) via system calls Process scheduler to decide which process runs on which CPU core So why virtual “machine”?So why virtual machine ? Try running Microsoft Exchange requiring Windows and some applications requiring Linux simultaneously on the same box! O b tt t t t d Boei d Ai b t th iOr better yet, try to persuade Boeing and Airbus to run their processes side-by-side on one server Psychological effect – what sounds better? ’ i l hi d ’ h dYou’re given your own virtual machine and you’re root there – do whatever you want You can run certain processes, but you don’t get root, call our helpdesk with your configuration requests and we’ll get back to you 14 helpdesk with your configuration requests and we ll get back to you in 5 business days…
  • 15. BenefitsBenefits Decoupling HW/SW leads to many benefits: Server consolidation Running web/app/DB servers on same machine,u g eb/app/ se e s o sa e a e, without losing robustness electricity savings, room space savings... Easier backup/restore/upgrade/provisioning Easier testing (e.g., firewall) Making IaaS possible 15
  • 16. Two Types of HypervisorsTwo Types of Hypervisors Definitions Hypervisor (or VMM – Virtual Machine Monitor) is a software layer that allows several virtual machines to run on a physical machine The physical OS and hardware are called the Host The virtual machine OS and applications are called the Guest Type 1 (bare-metal) Type 2 (hosted) VM1 VM2 yp ( ) Guest Process Hypervisor VM1 VM2 yp ( ) Guest VMware ESX Microsoft Hyper V Xen Hardware Hypervisor Host Hardware OS VMware Workstation Microsoft Virtual PC Host 16 VMware ESX, Microsoft Hyper-V, Xen VMware Workstation, Microsoft Virtual PC, Sun VirtualBox, QEMU, KVM
  • 17. Bare-Metal or Hosted?Bare Metal or Hosted? Bare-metal Has complete control over hardwareHas complete control over hardware Doesn’t have to “fight” an OS Hosted Avoid code duplication: need not code a process schedulerAvoid code duplication: need not code a process scheduler, memory management system – the OS already does that Can run native processes alongside VMs Familiar environment – how much CPU and memory does a VMFamiliar environment how much CPU and memory does a VM take? Use top! How big is the virtual disk? ls –l Easy management – stop a VM? Sure, just kill it! A combinationA combination Mostly hosted, but some parts are inside the OS kernel for performance reasons E.g., KVM 17 g ,
  • 18. How to Run a VM? Emulate!How to Run a VM? Emulate! Do whatever the CPU does but in software Fetch the next instruction Decode – is it an ADD, a XOR, a MOV? Execute – using the emulated registers and memoryg g y Example: addl %ebx, %eax is emulated as: enum {EAX=0, EBX=1, ECX=2, EDX=3, …}; unsigned long regs[8]; regs[EAX] += regs[EBX]; Pro: Simple! Con: Slooooooooow Example hypervisor: BOCHS 18 Example hypervisor: BOCHS
  • 19. How to run a VM? Trap and emulate!How to run a VM? Trap and emulate! Run the VM directly on the CPU – no l ti !emulation! Most of the code can execute just fine ddl % b %E.g., addl %ebx, %eax Some code needs hypervisor intervention i t $0 80int $0x80 movl something, %cr3 I/OI/O Trap and emulate it! E g if guest runs int $0x80 19 E.g., if guest runs int $0x80, trap it and execute guest’s interrupt 0x80 handler
  • 20. Trap and Emulate ModelTrap and Emulate Model Traditional OS : When application invoke a system call : CPU will trap to interruptCPU will trap to interrupt handler vector in OS. CPU will switch to kernel mode (Ring 0) and execute OS instructions. When hardware event : Hardware will interrupt CPU execution, and jump to interrupt handler in OS.
  • 21. Trap and Emulate Model Cont’dTrap and Emulate Model Cont d VMM and Guest OS : System CallSystem Call CPU will trap to interrupt handler vector of VMM. VMM jump back into guest OS. Hardware Interrupt Hardware make CPU trap to interrupt handler of VMM. VMM jump to correspondingVMM jump to corresponding interrupt handler of guest OS. Privilege Instruction Running privilege instructionsg p g in guest OS will be trapped to VMM for instruction emulation. After emulation, VMM jump back to guest OS.to guest OS.
  • 22. Trap and Emulate Model Cont’dTrap and Emulate Model Cont d Pro: Pe fo mance!Performance! Cons: Harder to implementp Need hardware support Not all “sensitive” instructions cause a trap when executed in usermode E.g., POPF, that may be used to clear interrupt flag (IF) This instruction does not trap, but value of IF does not change! This hardware support is called VMX (Intel) or SVM (AMD) Exists in modern CPUs Example hypervisor: KVM 22 Example hypervisor: KVM
  • 23. Dynamic (Binary) TranslationDynamic (Binary) Translation Take a block of binary VM code that is about to be executedexecuted Translate it on the fly to “safe” code (like JIT – just in time compilation)p ) Execute the new “safe” code directly on the CPU Translation rules?Translation rules? Most code translates identically (e.g., movl %eax, %ebx translates to itself) “Sensitive” operations are translated into “hypercalls”Sensitive operations are translated into hypercalls Hypercall – call into the hypervisor to ask for service Implemented as trapping instructions (unlike POPF) 23
  • 24. Dynamic (Binary) Translation Cont’dDynamic (Binary) Translation Cont d Pros: No hardware support required Performance – better than emulation CCons: Performance – worse than trap and emulate Hard to implementHard to implement Example hypervisors: VMware QEMUVMware, QEMU 24
  • 25. How to run a VM? Paravirtualization!How to run a VM? Paravirtualization! Requires modified guest OS to “know” it is i t f h irunning on top of a hypervisor E.g., instead of doing cli to turn off interrupts, guest OS should do hypercall(DISABLE INTERRUPTS)guest OS should do hypercall(DISABLE_INTERRUPTS) 25
  • 26. How to run a VM? Paravirtualization!How to run a VM? Paravirtualization! Pros: No hardware support required Performance – better than emulation CCon: Requires specifically modified guest Same guest OS cannot run in the VM and bareSame guest OS cannot run in the VM and bare- metal Example hypervisor: XenExample hypervisor: Xen 26
  • 27. I/O VirtualizationI/O Virtualization Types of I/O: Block (e.g., hard disk) Network Input (e g keyboard mouse)Input (e.g., keyboard, mouse) Sound VideoVideo Most performance critical (for servers): NetworkNetwork Block 27
  • 28. I/O Virtualization ModelsI/O Virtualization Models VM VM Monolithic Model VM VM Pass-through Model Service VMs Guest VMs Service VM Model I/O Services VM0 Guest OS and Apps VMn Guest OS and Apps VM0 Guest OS and Apps Device Drivers VMn Guest OS and Apps Device Drivers I/O Services Device Drivers VMn VM0 Guest OS Hypervisor I/O Services Device Drivers Hypervisor Drivers Drivers Hypervisor Drivers and Apps Hypervisor Shared Devices Assigned Devices Shared Devices Pro: Higher Performance Pro: I/O Device Sharing Pro: VM Migration Con: Larger Hypervisor Pro: Highest Performance Pro: Smaller Hypervisor Pro: Device assisted sharing Con: Migration Challenges Pro: High Security Pro: I/O Device Sharing Pro: VM Migration Con: Lower Performance 28 g yp Con: Migration ChallengesCon: Lower Performance
  • 29. How Does a NIC Driver Work?How Does a NIC Driver Work? Transmit path: OS prepares packet to transmit in a buffer in memoryOS prepares packet to transmit in a buffer in memory Driver writes start address of buffer to register X of the NIC Driver writes length of buffer to register Y Driver writes ‘1’ (GO!) into register T NIC reads packet from memory addresses [X,X+Y) and sends it on the wire NIC sends interrupt to host (TX complete, next packet please) Receive path: Driver prepares buffer to receive packet into Driver writes start address of buffer to register X Driver writes length of buffer to register Y Driver writes ‘1’ (READY-TO-RECEIVE) into register RDriver writes 1 (READY-TO-RECEIVE) into register R When packet arrives, NIC copies it into memory at [X,X+Y) NIC interrupts host (RX) OS processes packet (e.g., wake the waiting process up) 29 p p ( g , g p p)
  • 30. I/O Virtualization? Emulate!I/O Virtualization? Emulate! Hypervisor implements virtual NIC (by the specification of a real NIC e g Intel Realtekspecification of a real NIC, e.g., Intel, Realtek, Broadcom) NIC registers (X, Y, Z, T, R, …) are just variables in hypervisor (host) memory If guest writes ‘1’ to register T, hypervisor reads buffer from memory [X,X+Y) and passes it to physical NIC driver ffor transmission When physical NIC interrupts (TX complete), hypervisor injects TX complete interrupt into guest Similar for receive path 30
  • 31. I/O Virtualization? Emulate!I/O Virtualization? Emulate! Pro: Unmodified guest (guest already has drivers for Intel NICs…) Cons:Cons: Slow – every access to every NIC register causes a VM exit (trap to hypervisor)( p yp ) Hypervisor needs to emulate complex hardware Example hypervisors: QEMU, KVM, VMwarep yp Q , , (without VMware Tools) 31
  • 32. I/O Virtualization? Paravirtualize!I/O Virtualization? Paravirtualize! Add virtual NIC driver into guest OS (frontend) Implement the i t al NIC in the h pe iso (backend)Implement the virtual NIC in the hypervisor (backend) Everything works just like in the emulation case… …except – protocol between frontend and backend Protocol in emulation case: Guest writes registers X, Y, waits at least 3 nano-sec and writes to register Twrites to register T Hypervisor infers guest wants to transmit packet Paravirtual protocol: Guest does a hypercall, passes it start address and length as arguments Hypervisor knows what it should do 32
  • 33. I/O Virtualization? Paravirtualize!I/O Virtualization? Paravirtualize! Pro: Fast – no need to emulate physical device Con: Requires guest driver Example hypervisors: QEMU, KVM, VMware (with VMware Tools), Xen How is paravirtual I/O different from i t l t?paravirtual guest? Paravirtual guest requires to modify whole OS Try doing it on Windows (without source code) or evenTry doing it on Windows (without source code), or even Linux (lots of changes) Paravirtual I/O requires the addition of a single d i t t 33 driver to a guest Easy to do on both Windows and Linux guests
  • 34. Direct access / direct assignmentDirect access / direct assignment “Pull” NIC out of the host, and “plug” it into th tthe guest Guest is allowed to access NIC registers directly, no hypervisor interventionno hypervisor intervention Host can’t access NIC anymore Pro: As fast as possible!Pro: As fast as possible! Cons: Need NIC per guest, plus one for hostNeed NIC per guest, plus one for host Can’t do “cool stuff” Encapsulate guest packets, monitor, modify them at the h i l l 34 hypervisor level Example hypervisors: KVM, Xen, VMware
  • 35. XenXen The University of Cambridge Computer L b t d l d th fi t i f XLaboratory developed the first versions of Xen The Xen community develops and maintains Xen as free and open-source software (GPL)free and open source software (GPL) Xen is currently available for the IA-32, x86-64 and ARM instruction sets (Original) Target: 100 virtual OSes per machine Slides 35-48 partially based on: Barham et al., Xen and the Art of Virtualization, SOSP’03 35
  • 36. Xen: Approach OverviewXen: Approach Overview Conventional approach Full virtualization Cannot access the hardware Problematic for certain privileged instructions (e.g., traps)Problematic for certain privileged instructions (e.g., traps) No real-time guarantees Xen: paravirtualization Provides some exposures to the underlying HW Better performance Need modifications to the OSNeed modifications to the OS No modifications to applications 36
  • 37. TLB (Translation Lookaside Buffer)TLB (Translation Lookaside Buffer) Hardware cache containing parts of page table Translates virtual into real addresses A TLB “miss” will cause an expensive page walk TLB t b fl h d h t t it hiTLB must be flushed when context switching Minimum cost on Pentium 4 to change TLB is 516 cycles (184ns)516 cycles (184ns) http://www.mega- tokyo.com/osfaq2/index.php/Context%20Switching Thus, Xen avoids context switching on system calls for performance reasons 37
  • 38. Memory ManagementMemory Management Depending on the hardware supports Software managed TLB (translation lookaside buffer) can be easily virtualized Tagged TLB will allow coexistence of OSes andTagged TLB will allow coexistence of OSes, and avoid TLB flushing across OS boundaries X86 has no software managed/tagged TLBg / gg Xen exists at the top 64MB of every address space to avoid TLB flushing when a guest enter/exist Xen Each OS can only map to memory it owns Writes are validated by Xen 38
  • 39. CPUCPU X86 supports 4 levels of privileges Xen downgrades the privilege of OSes System-call and page-fault handlers registered to XenXen “fast handlers” for most exceptions, Xen isn’t involved I/O: Xen exposes a set of simple device abstractions I/O data is transferred to and from guest via Xen, using shared-memory Efficient while allowing Xen to perform validationEfficient while allowing Xen to perform validation 39
  • 40. The Cost of Porting an OS to XenThe Cost of Porting an OS to Xen <2% of code-base Privileged instructions Page table access Network driverNetwork driver Block device driver 40
  • 41. Control ManagementControl Management Domain0 (a special guest) hosts the li ti l l t ftapplication-level management software Creation and deletion of other guests processor memoryof other guests, processor, memory, virtual network interfaces and blockinterfaces and block devices Exposed through anp g interface to application -level management software 41
  • 42. Control TransferControl Transfer Hypercall: synchronous calls from a guest to XXen Software trap to perform privileged operation Analogous to system callsAnalogous to system calls e.g., page table update requests Events: asynchronous notifications from XenEvents: asynchronous notifications from Xen to guests Replace device interrupts for lightweight notificationReplace device interrupts for lightweight notification e.g., guest termination request, new data received over network 42
  • 43. Data Transfer: I/O RingsData Transfer: I/O Rings e.g., requests for received packets 43
  • 44. NetworkNetwork Virtual firewall-router attached to each guest Virtual NICs have two I/O rings and rules e.g., rules for preventing IP source spoofing, incoming connection attemptsincoming connection attempts To send a packet, enqueue a buffer descriptor into the transmit I/O ringinto the transmit I/O ring A domain needs to exchange unused page frame for each received packetframe for each received packet use DMA (zero copy) avoid copy of packets between Xen and guestpy p g 44
  • 45. DiskDisk Only Domain0 has direct access to disks Oth t d t i t l bl k d iOther guests need to use virtual block devices Use the I/O ring Guest OS will typically reorder requests prior toGuest OS will typically reorder requests prior to enqueuing them on the ring Xen will also reorder requests to improve performance since it knows better about the realperformance since it knows better about the real disk layout Use DMA (zero copy)( py) 45
  • 46. EvaluationEvaluation Dell 2650 dual processor 2.4 GHz Xeon server 2GB RAM 3 Gb Ethernet NIC3 Gb Ethernet NIC 1 Hitachi DK32eJ 146 GB 10k RPM SCSI disk Linux 2 4 21Linux 2.4.21 46
  • 47. Relative PerformanceRelative Performance 0.8 0.9 1 0.8 0.9 1 0.4 0.5 0.6 0.7 0 4 0.5 0.6 0.7 0.1 0.2 0.3 0.4 0.1 0.2 0.3 0.4 0 Linux Xen VMWare UML CPU Intensive 0 Linux Xen VMWare UML 180Mb/s TCP traffic Little I/O and OS interaction 180Mb/s TCP traffic Disk read-write on 2GB dataset 47
  • 49. Live Migration of Virtual MachinesLive Migration of Virtual Machines Move a running virtual machine from one host t th h t ith i d d tito another host with no perceived downtime VM is not aware of the migration Maintain TCP connections of the guest OSMaintain TCP connections of the guest OS VM is treated as a black box How is Live Migration (LM) different from QuickHow is Live Migration (LM) different from Quick Migration (QM)? QM: VM is saved and restored on destinationQM: VM is saved and restored on destination QM: Results in downtime for applications/workloads running inside VMs 49
  • 50. Use CasesUse Cases Patching or hardware servicing Migrate VMs to temporary hosts and migrate back after original hosts are patched/upgraded Load balancingLoad balancing Migrate VMs to hosts with less load Server consolidationServer consolidation Migrate VMs to a few hosts during off-peak hours and shut down other hosts to reduce powerp consumption 50
  • 51. MethodologyMethodology Three phases Push: source VM continues running Stop and copy: stop source VM, start new VM Pull: copy what remainsPull: copy what remains Possible approaches Pure stop and copyPure stop-and-copy Pure demand-migration Pre-copyPre copy Slides 52-56 partially based on: Tewari et al., From Zero to Live Migration 51
  • 52. Memory Copy: Full CopyMemory Copy: Full Copy Memory content isMemory content isMemory content isMemory content is copied to new servercopied to new server VM preVM pre--stagedstaged SAN First initial copy is of all SAN First initial copy is of all in memory content VHD 52
  • 53. Memory Copy: Dirty PagesMemory Copy: Dirty Pages Client continuesClient continues accessing VMaccessing VM Pages arePages are b i di i db i di i d accessing VMaccessing VM being dirtiedbeing dirtied SAN Client continues to access VM, which results in memory being modified SAN VHD 53
  • 54. Memory Copy: Incremental CopyMemory Copy: Incremental Copy Smaller set ofSmaller set of changeschanges Recopy of changesRecopy of changes changeschanges Transfer the content of the VM’s SANTransfer the content of the VM s memory to the destination host Track pages modified by the VM, retransfer these pages SAN VHD 54
  • 55. Live Migration Final TransitionLive Migration Final Transition Partition StatePartition State i di dcopiedcopied Save register and device state of VM on so ce host SAN VM on source host Transfer saved state and storage ownership to destination host VHD Restore VM from saved state on destination host 55
  • 56. Post-Transition: Clean-upPost Transition: Clean up Client directed toClient directed to new hostnew host Old VM deleted onceOld VM deleted onceOld VM deleted onceOld VM deleted once migration is verifiedmigration is verified successfullysuccessfully SAN ARP issued to have routing devices update their tables Since session state is maintained no SAN VHDmaintained, no reconnections necessary VHD 56