Hypervisor

From Wikipedia, the free encyclopedia

Jump to: navigation, search

A hypervisor, also called virtual machine monitor (VMM), is a computer software/hardware platform virtualization software that allows multiple operating systems to run on a host computer concurrently.

VMware Workstation, a Type-2 Hypervisor, runs a Linux operating system on Windows.

Contents

[edit] Classifications

Hypervisors are classified in two types: [1]

  • Type 1 (or native, bare-metal) hypervisors are software systems that run directly on the host's hardware as a hardware control and guest operating system monitor. A guest operating system thus runs on another level above the hypervisor.
This is the classic implementation of virtual machine architectures; the original hypervisor was CP/CMS, developed at IBM in the 1960s, ancestor of IBM's current z/VM.
More recent examples are Oracle VM, VMware ESX Server, LynxSecure from LynuxWorks, L4 microkernels, Real-Time System's RTS-Hypervisor, VirtualLogix's VLX, TRANGO, IBM's POWER Hypervisor (PR/SM), Microsoft's Hyper-V (released in June 2008), Xen, Citrix XenServer, Parallels Server (released in 2008), ScaleMP's vSMP Foundation (released in 2005) , Sun's Logical Domains Hypervisor (released in 2005), Wind River's hypervisor and VxWorks MILS Platform and XtratuM.
A variation of this is embedding the hypervisor in the firmware of the platform, as is done in the case of Hitachi's Virtage hypervisor and VMware ESXi. This group also includes Kernel-based Virtual Machine (KVM) which turns a Linux kernel into a hypervisor.
  • Type 2 (or hosted) hypervisors are software applications running within a conventional operating system environment. Considering the hypervisor layer being a distinct software layer, guest operating systems thus run at the third level above the hardware.
Examples include VMware Server (formerly known as GSX), VMware Workstation, VMware Fusion, the open source QEMU, Microsoft Virtual PC and Microsoft Virtual Server products, Sun's (formerly InnoTek) VirtualBox, as well as Parallels Workstation and Parallels Desktop.
  • Hybrid (or Type-1+)
Example is Green Hills Software's Integrity (operating system) which uses a bare-metal microkernel, which can host specialized native processes (real-time and/or security-critical) as well as virtual machines. System virtualization is performed at the application layer.

The term hypervisor apparently originated in IBM's CP-370 reimplementation of CP-67 for the System/370, released in 1972 as VM/370. The term hypervisor call, or hypercall, referred to the paravirtualization interface, by which a guest operating system could access services directly from the (higher-level) control program – analogous to making a supervisor call to the (same level) operating system. The term supervisor refers to the operating system kernel, which runs in supervisor state on IBM mainframes.

[edit] Mainframe origins

The first hypervisor providing full virtualization was IBM's CP-40, a one-off research system that began production use in January 1967, and which became the first version of IBM's CP/CMS operating system. CP-40 ran on a one-off S/360-40 that was customized to support virtualization. Prior to this time, computer hardware had only been virtualized enough to allow multiple user applications to be run (see CTSS and IBM M44/44X). With CP-40, the hardware's supervisor state was virtualized as well, allowing multiple operating systems to run simultaneously.

CP-40 was soon re-implemented (as CP-67) for the IBM System/360-67, the first production computer system capable of full virtualization. This machine was first shipped in 1966, and included page translation table hardware for virtual memory, and other techniques that allowed a full virtualization of all kernel tasks, including I/O and interrupt handling. (Note that its "official" operating system, the ill-fated TSS/360, did not employ full virtualization.) Both CP-40 and CP-67 began production use in 1967. CP/CMS was available to IBM customers from 1968 to 1972, in source code form without support.

CP/CMS was part of IBM's attempt to build robust time-sharing systems for its mainframe computers. By running multiple operating systems simultaneously, the hypervisor increased system robustness and stability: Even if one operating system crashed, the others would continue working without interruption. Indeed, this even allowed beta or experimental versions of operating systems – or even of new hardware[2] – to be deployed and debugged, without jeopardizing the stable main production system, and without requiring costly additional development systems.

IBM's System/370 series was announced in 1970 without any virtualization features, but these were added to the series in 1972, and have appeared in all successor systems. (All modern-day IBM mainframes, such as the zSeries line, continue to be backwards-compatible with the 1960s-era IBM S/360 line.) The 1972 announcement also included VM/370, a reimplementation of CP/CMS for the S/370. Unlike CP/CMS, IBM provided support for this version (though it was still distributed in source code form for several releases). VM stands for Virtual Machine, emphasizing that all, and not just some, of the hardware interfaces are virtualized. Both VM and CP/CMS enjoyed early acceptance and rapid development by universities, corporate users, and time-sharing vendors, as well as within IBM. Users played an active role in ongoing development, anticipating trends seen in modern open source projects. However, in a series of disputed and bitter battles, time-sharing lost out to batch processing through IBM political infighting, and VM remained IBM's "other" mainframe operating system for decades, losing over MVS. It has enjoyed a resurgence of popularity and support in recent years as the current z/VM product, e.g. as the platform for Linux for zSeries.

As mentioned above, the VM control program includes a hypervisor call handler which intercepts DIAG ("Diagnose") instructions used within a virtual machine. This provides fast-path non-virtualized execution of file system access and other operations. (DIAG is a model-dependent privileged instruction, not used in normal programming, and thus is not virtualized. It is therefore available for use as a signal to the "host" operating system.) When first implemented in CP/CMS release 3.1, this use of DIAG provided an operating system interface that was analogous to the System/360 SVC ("supervisor call") instruction, but that did not require altering or extending the system's virtualization of SVC.

[edit] UNIX and Linux servers

Several factors led to a resurgence in the use of virtualization technology among UNIX and Linux server vendors:

  • Expanding hardware capabilities, allowing more simultaneous work to be done per machine
  • Efforts to control costs and simplify management through consolidation of servers
  • The need to control large multiprocessor and cluster installations, e.g. in server farms and render farms
  • The improved security, reliability, and device independence possible from hypervisor architectures
  • The desire to run complex, OS-dependent applications in different hardware or OS environments

The major UNIX vendors, including Sun Microsystems, HP, IBM, and SGI, have been selling virtualized hardware since before 2000. These have generally been large systems with hefty, server-class price tags (in the multi-million dollar range at the high end), although virtualization is also available on some mid-range systems, such as IBM's System-P servers, Sun's CoolThreads T1000, T2000 and T5x00 servers and HP 9000 Superdome series.

Multiple host operating systems have been modified to run as guest OSes on Sun's Logical Domains Hypervisor. As of late 2006, Solaris, Linux (Ubuntu and Gentoo), and FreeBSD have been ported to run on top of Hypervisor (and can all run simultaneously on the same processor, as fully-virtualized independent guest OSes). Wind River "Carrier Grade Linux" also plans to run on Sun's Hypervisor. Full virtualization on SPARC processors was not difficult because the SPARC architecture, since its inception in the mid-1980s, was deliberately kept clean of artifacts that would have impeded virtualization. (Compare with virtualization on x86 processors below)

HP's technology to host multiple OS technology on its Itanium powered systems (Integrity) is called Integrity Virtual Machines (Integrity VM). Since Itanium is capable of running HP-UX, Linux, and Windows - these environments are also supported as virtual servers on HP's Integrity VM platform. The HP-UX operating system hosts the Integrity VM hypervisor layer which allows for many important features of HP-UX to be taken advantage of and provides major differentiation between this platform and other commodity platforms - such as processor hotswap, memory hotswap, and dynamic kernel updates without system reboot. HP also provides more rigid partitioning of their Integrity and HP9000 systems by way of VPAR and NPAR technology, the former offering shared resource partitioning and the later offering complete I/O and processing isolation. The flexibility of VSE has given way to its use more frequently in newer deployments.[citation needed]

IBM provides non virtualization partition technology known as logical partitioning (LPAR) and applies to System/390, zSeries, pSeries and iSeries systems.

Similar trends have been seen with x86/x86_64 server platforms, where virtualization efforts have been led by open source projects such as Xen. These include hypervisors built on Linux and Solaris kernels as well as custom kernels. Since these technologies span from large systems down to desktops, they are described in the next section.

[edit] PCs and desktop systems

Interest in the high-profit server hardware market sector has led to the development of hypervisors for the Intel x86 instruction-set machines, including traditional desktop PCs. One of the early PC hypervisors was the commercial VMware, introduced in 1998. Parallels, Inc. introduced Parallels Workstation, which is primarily used on PCs, in 2005 and Parallels Desktop for Mac, which runs on Mac OS X, in 2006.

The x86 architecture used in most PC systems is particularly difficult to virtualize. Full virtualization (presenting the illusion of a complete set of standard hardware) on x86 has significant costs in hypervisor complexity and runtime performance. More recently CPU vendors have added hardware virtualization assistance to their products. Intel's is called Intel VT (codenamed Vanderpool) and AMD's is referred to as AMD-V (codenamed Pacifica). These extensions address the parts of x86 that are difficult or inefficient to virtualize, providing additional support to the hypervisor. This enables simpler virtualization code and a higher performance for full virtualization.

An alternative approach requires that the guest operating system be modified to make system calls to the hypervisor, rather than executing machine I/O instructions which are then simulated by the hypervisor. This is called paravirtualization in Xen, a "hypercall" in Parallels Workstation, and a "DIAGNOSE code" in IBM's VM. VMware supplements the slowest rough corners of virtualization with device drivers for the guest. All are really the same thing, a system call to the hypervisor below. Some microkernels such as Mach and L4 are flexible enough such that "paravirtualization" of guest operating systems is possible.

Others, like Xen, are implemented as software-only virtual machines. Xen runs on a normal host operating system such as Linux, and is able to run both paravirtualized and fully virtualized (i.e., unmodified) operating systems with the help of the hardware virtualization extensions Intel VT-x. The Xen distribution already contains versions of FreeBSD, Linux, NetBSD, and Plan 9 from Bell Labs that have been so modified. User programs will continue to work on Xen without change. Also, Xen has been re-implemented on the OpenSolaris operating system as of build 75 — the result is called Sun xVM Server.

In June 2008, Microsoft delivered a new Type 1 hypervisor called Hyper-V (codenamed "Viridian" and previously referred to as Windows Server virtualization); the design features OS integration at the lowest level.[3] New versions of the Windows operating system beginning with Windows Vista include extensions to boost performance when running on top of the Viridian hypervisor.

Green Hills Software's Integrity (operating system) uses Intel VT to provide its Type-1+ full virtualization on laptops, desktops, and mobile devices. Integrity can optionally use paravirtualized drivers for improved performance.

[edit] Embedded systems

Virtual machines have recently appeared in embedded systems, such as mobile phones. This is driven by the desire to provide a high-level operating-system interface for application programming, such as Linux or Microsoft Windows, while at the same time maintaining traditional real-time operating system (RTOS) APIs. The low-level RTOS environments need to be retained for legacy support, and because the real-time capabilities of high-level OSes are insufficient for many embedded applications.

Embedded hypervisors must therefore be real-time capable, a design criterion not present for hypervisors used in other domains. The resource-constrained nature of many embedded systems, especially battery-powered mobile systems, imposes a further requirement for small memory size and low overhead. Finally, in contrast to the ubiquity of the x86 architecture in the PC world, the embedded world uses a wider variety of architectures. Support for virtualization requires memory protection (in the form of a memory management unit or at least a memory protection unit) and a distinction between user mode and privileged mode, which rules out most microcontrollers. This still leaves x86, MIPS, ARM and PowerPC as widely-deployed architectures on medium- to high-end embedded systems.

As embedded-system manufacturers usually have source code to their operating systems, there is less need for full virtualization in this space. Instead, the performance advantages of paravirtualization make this usually the virtualization technology of choice. Nevertheless, ARM has recently added a limited form of support for full virtualization (single guest only) with their TrustZone technology.

Other differences between virtualization in server/desktop and embedded environments are requirements for efficient sharing of resources across virtual machines, high-bandwidth, low-latency inter-VM communication, a global view of scheduling and power management, and fine-grained information-flow control.[4]

Green Hills Software's real-time Integrity (operating system) has employed Type-1+ virtualization in embedded and mobile devices since 2003, and uses a combination of hardware-accelerated full virtualization (e.g. Intel VT) and paravirtualization), depending on the microprocessor's capabilities. Integrity supports Intel, Power, ARM, MIPS, and ColdFire architectures. Guest operating systems include Linux, Windows, Solaris, VxWorks, etc.

Another hypervisor deployed in mobile embedded systems (e.g. a Toshiba mobile phone) is OKL4, a commercial member of the L4 microkernel family. It supports x86, ARM and MIPS processors.

Other hypervisors for embedded use include:

[edit] Rootkits

A rootkit can in theory install itself as a hypervisor, and thereby intercept any operations of the original operating system, which unknowingly becomes a virtual machine. The concept has been demonstrated via the SubVirt laboratory rootkit, developed jointly by Microsoft and University of Michigan researchers[7], as well as Blue Pill. Security best practice therefore is to disable hardware virtualization features at BIOS level on machines that will not be using this technology.

[edit] References

  1. ^ IBM Systems Virtualization, IBM Corporation, Version 2 Release 1 (2005), available on-line at publib.boulder.ibm.com – description of basic concepts
  2. ^ See History of CP/CMS for virtual hardware simulation in the development of the System/370
  3. ^ Peter Galli. "Microsoft Sheds More Light on Windows Hypervisor Technology." April 5, 2006.
  4. ^ Gernot Heiser (April 2008). "The role of virtualization in embedded systems". Proc. 1st Workshop on Isolation and Integration in Embedded Systems (IIES'08): 11–16. 
  5. ^ Reconcile GPL Software and Proprietary Code on Embedded Systems with a Secure Hypervisor, TRANGO Virtual Processors, August 2007
  6. ^ RTS Real-Time Hypervisor, Real-Time Systems GmbH, retrieved on 2009-02-27.
  7. ^ "SubVirt: Implementing malware with virtual machines". University of Michigan, Microsoft. 2006-04-03. http://www.eecs.umich.edu/virtual/papers/king06.pdf. Retrieved on 2008-09-15. 

[edit] See also

Personal tools