Chapter 14 - Virtual Machines

What is a hypervisor?

The software for virtualization. It acts as a layer between the hardware and the VMs to act as a resource broker. It allows multiple VMs to safely coexist on a single physical host.

Consolidation Ratio

Number of VMs that can run on a host

Reasons for virtualization

-Legacy Hardware
-Rapid Deployment
-Versatility
-Consolidation
-Aggregating
-Dynamics
-Ease of Management
-Increased Availability

___ physical host can support ____ VMs

One; Many

How do privileged instructions work in a VM?

must be caught and handled by the hypervisor. This creates some performance loss, though improvements have minimalized this overhead

VM as files

VM instance is defined in files.

- configuration file defines the number of virtual processors (vCPUs), amount of memory, I/O device access, and network connectivity

- storage the VM sees may just be files in the physical file system

- When the VM is booted, additional files for logging, paging, and other functions are created

Hypervisor Functuons

Execution Management of VMS

Devices emulation and access control

Execution of privileged operations

Management of VMs (lifecycle management)

Administration

Type 1 Hypervisor

•Hypervisor runs directly on host hardware much like an OS would run.
•Directly controls host resources.
•Examples: VMware ESXi, Microsoft Hyper-V, Xen variants.

BARE METAL

Type 2 Hypervisor

•Hypervisor runs on host's OS.
•Relies on host OS for hardware interactions.
•Examples: VMware Workstation, Oracle VM Virtual Box

HOSTED

Type 1 vs Type 2

•Type 1 typically performs better.
•Type 1 is typically more secure.
•Type 2 can run on a system being used for other things, such as a user's workstation.

Paravirtualization

The OS is modified so that calls to the hardware are replaced with calls to the hypervisor. This is faster with less overhead, but requires a modified OS

Hardware-assisted virtualization

•Both AMD and Intel processors provide support for hypervisors.
•Called AMD-V and Intel VT-X, they provide hardware-assisted virtualization extensions for the hypervisor to use.
•Intel processors offer extra instructions called VMX (Virtual Machine Extensions).
•Hypervisors can use these instructions rather than performing these functions in code.
•The OS does not require modification in this case.

Virtual appliance

appliance consists of applications and an operating system distributed as a virtual machine image.

Why would you use a virtual appliance?

Deploying a virtual appliance is far easier than installing an OS, installing the applications, configuring, setting it up. It is independent of hypervisor or processor architecture, and can run on type 1 or 2 hypervisor.

Container Virtualization

•Another approach to virtualization is container virtualization.
•Software running on top of the host OS kernel provides an isolated execution environment.
•Unlike hypervisor VMs, containers do not aim to emulate physical servers.
•Instead, all containerized applications on a host share a common OS kernel.
•This eliminates the need for each VM to run its own OS and greatly reduces overhead.

Kernel Control Groups

•Normally all processes are descendants of the init process forming a single process hierarchy.
•Control groups allow for multiple process hierarchies in a single OS.
•The hierarchy is associated with system resources at configuration time.

What do control groups provide?

•Resource limiting: limit how much memory is usable.
•Prioritization: some groups can get a larger share of CPU or disk I/O .
•Accounting: can be used for billings purposes.
•Control: groups of processes can be frozen or stopped and restarted.

Container lifecycle

•Setup: enabling the Linux kernel containers, installation of tools and utilities to create the container environment.
•Configuration: specify IP address, root file system, and allowed devices.
•Management: startup, shutdown, migration.

Container I/O

•In a VM environment, a process executes inside a guest virtual machine.
•An I/O request is sent to the guest OS to an emulated device the guest OS sees.
•The hypervisor sends it through to the host OS which sends it to the physical device.
•By contrast, an I/O request in a container environment is routed through kernel control group indirection to the physical device.

Advantages of a container

By sharing the OS kernel, a system may run many containers compared to the limited number of VMs and guest OSs of a hypervisor environment.

Application performance is close to native system performance.

Container Disadvantages

•Container applications are only portable across systems with the same OS kernel and virtualization support features.

•An app for a different OS than the host is not supported.

•May be less secure if there are vulnerabilities in the host OS.

Container file system

•Each container sees its own isolated file system.
•OS files and many common applications are symbolically linked into each container.
•Using this approach, considerable space savings is achieved with only locally created files actually existing in the container's file system.

What is a microservice?

Microservices is an architectural style in which an application is decomposed into loosely coupled self-contained services. Containers are a natural fit for microservices.

Instead of having a monolithic application design, each service is broken out as an individual part.

Advantages of microservice

- smaller deployable unit than the whole application, making it easier and quicker to push out updates or add features. This helps to support a continuous delivery practice.

- part of a much larger application, and there can be multiple instances to share the load for each part versus doing so for the entire application.

What is Docker and why is used?

•Docker provides a simpler and more standardized way to run containers.
•Docker makes it easy to load the container image in a simple and quick manner.
•Docker containers are stored in the cloud as images which can be pulled and executed when needed.

Two ways to provide processor resources

- Emulation

- Schedule time on physical CPUs

Emulation

Emulated chip and software.
Examples: QEMU And Android Emulator.

•Advantages: emulation software may run on different platforms
•Disadvantages: not very efficient

Page Sharing

•To save physical memory, the hypervisor can maintain one copy of a block in physical memory and map each VM's request to it.
•This typically results in a savings from 10% to 40% of physical memory.

Memory Overcommit

•The hypervisor may temporarily borrow memory from one VM to satisfy the needs of another.
•The mechanism used is called a balloon driver.
•The balloon driver requests memory (inflates) in the guest OS which causes the guest OS to free up pages no longer needed.
•The balloon driver can now deflate and these freed pages can be used for some other VM that is short on memory.

Advantages of I/O Virtualization

•It enables hardware independence since the VM sees a more general device.
•This helps with VM migration, since the new host may not have the exact same device.