Cloud Computing || Quiz 1

Interpreters/processors

Memory

Communications links

Three fundamental abstractions are necessary to describe the operation of a computing systems:

provision for peak demands → overprovisioning

heterogeneity of hardware and software

machine failures

Resource Management Issues

Virtualization; Cloud Computing

is a basic enabler of __________, it simplifies the management of physical resources for the three abstractions

Virtualization

in computing, refers to the act of creating a virtual (rather than actual) version of something, including but not limited to a virtual computer hardware platform, operating system (OS), storage device, or computer network resources.” from Wikipedia

Virtualization

abstracts the underlying resources; simplifies their use; isolates users from one another; and supports replication which increases the elasticity of a system

Performance Isolation
System Security
Performance and Reliability
The development and management of services offered by a provider.

Cloud Resource virtualization is important for:

Performance isolation

as we can dynamically assign and account for resources across different applications

System security

as it allows isolation of services running on the same hardware

Performance and reliability

as it allows applications to migrate from one platform to another

Multiplexing
Aggregation
Emulation
Multiplexing and emulation.

Virtualization simulates the interface to a physical object by

Multiplexing:

creates multiple virtual objects from one instance of a physical object. Many virtual objects to one physical.

Aggregation

creates one virtual object from multiple physical objects. One virtual object to many physical objects.

Emulation

constructs a virtual object of a certain type from a different type of a physical object.

Layering

a common approach to manage system complexity

Layering

Simplifies the description of the subsystems; each subsystem is abstracted through its interfaces with the other subsystems

Layering

Minimises the interactions among the subsystems of a complex system

Layering

we are able to design, implement, and modify the individual subsystems independently.

Hardware

Software

• Operating system

• Libraries

• Applications

Layering in a computer system:

Instruction Set Architecture (ISA)

at the boundary between hardware and software.

Application Binary Interface (ABI)

allows the ensemble consisting of the application and the library modules to access the hardware

Application Binary Interface (ABI)

does not include privileged system instructions, instead it invokes system calls.

Application Program Interface

defines the set of instructions the hardware was designed to execute and gives the application access to the ISA

Application Program Interface

it includes high-level language (HLL) library calls which often invoke system calls.

Binaries; Portable

_________ created by a compiler for a specific ISA and a specific operating system are not _______

HLL program; portable code

It is possible, though, to compile a ________ for a virtual machine(VM) environment where ______ is produced and distributed and then converted by binary translators to the ISA of the host system

dynamic binary translation

A __________ converts blocks of guest instructions from the portable code to the host instruction and leads to a significant performance improvement, as such blocks are cached and reused.

1960’s, IBM

CP/CMS control program: a virtual machine operating system for the IBM System/360 Model 67

2000, IBM

z-series with 64-bit virtual address spaces and backward compatible with the System/360

Popek; Golberg

______ and ______ from UCLA published“ Formal Requirements for Virtualizable Third Generation Architectures” where they listed the conditions a computer architecture should satisfy to support virtualization

Formal Requirements for Virtualizable Third Generation Architectures

Popek and Golberg from UCLA published “_________________” where they listed the conditions a computer architecture should satisfy to support virtualization

1974

Popek and Golberg from UCLA published“ Formal Requirements for Virtualizable Third Generation Architectures” where they listed the conditions a computer architecture should satisfy to support virtualization.

1990’s; 1999

Stanford researchers, VMware: Researchers developed a new hypervisor and founded VMware, the biggest virtualization company of today’s. First virtualization solution was _________ for x86.

IBM

was the first to produce and sell virtualization for the mainframe.But, VMware popularised virtualization for the masses.

virtual machine monitor

partitions the resources of a computer system into one or more virtual machines(VMs).

virtual machine monitor

Allows several operating systems to run concurrently on a single hardware platform

Virtual Machine (VM)

is an execution environment that runs an OS

Virtual Machine (VM)

an isolated environment that appears to be a whole computer, but actually only has access to a portion of the computer resources.

Multiple services to share the same platform
Live Migration
System modification while maintaining backward compatibility with the original system
Enforces isolation among the systems, thus security

A VMM allows

guest operating system

is an OS that runs in a VM under the control of the VMM.

shadow page table

points to the actual page frame and it is used by the Memory Management Unit (MMU) for dynamic address translation.

cache, main memory, disk and network access

The run-time behavior of an application is affected by other applications running concurrently on the same platform and competing for CPUcycles

Performance isolation

a critical condition for QoS guarantees in shared computing environments

VMM

is a much simpler and better specified system than a traditional operating system

28; 100s

Xen VMM has ______ hypercalls while Linux has ______ of system calls.

A program running under the VMM should exhibit a behavior essentially identical to that demonstrated when running on an equivalent machine directly.

The VMM should be in complete control of the virtualized resources.

A statistically significant fraction of machine instructions must be executed without the intervention of the VMM. (Why?)

Conditions for Efficient Virtualization

Dual-mode

allows OS to protect itself and other system components

Kernel-code; kernel mode

_________ (in particular, interrupt handlers) runs in __________

Kernel-mode

the hardware allows all machine instructions to be executed and allows unrestricted access to memory and I/O ports

user mode

Everything else runs in ________

User applications run in ring 3

OS runs in ring 0

Four layers of privilege execution → rings

In ring 0, then, same privileges as an OS → wrong

In rings 1,2,3, then OS has higher privileges → wrong

Move the OS to ring 1 and the VMM in ring 0 → OK

In which ring should the VMM run?

Full virtualization with binary translation

OS-assisted virtualization or paravirtualization

Hardware assisted virtualization

Techniques for Virtualizing CPU on x86

kernel mode

privileged instructions can be executed in ____________.

kernel mode

When attempted to be executed in user mode, they cause a strap and so are executed in ______________

user mode

nonprivileged instructions the ones that can be executed in __________

sensitive instructions; kernel'; user

________ can be executed in either ______ or _______but they behave differently

sensitive instructions

require special precautions at execution time.

sensitive; nonprivileged

_________ and _____________ are hard to virtualize

Full virtualization

a guest OS can run unchanged under the VMM as if it was running directly on the hardware platform. Each VM runs an exact copy of the actual hardware.

Binary Translation

rewrites parts of the code on the fly to replace sensitive but not privileged instructions with safe code to emulate the original instruction

hypervisor

translates all operating system instructions on the fly and caches the results for future use

user level

while ______ instructions run unmodified at native speed.

No hardware assistance,

No modifications of the guest OS

Isolation, Security

advantages of full virtualization

speed of execution

disadvantages of full virtualization

Paravirtualization

involves modifying the OS kernel to replace non-virtualizable instructions with hypercalls that communicate directly with the virtualization layer hypervisor

hypervisor

also provides hypercall interfaces for other critical kernel operations such as memory management, interrupt handling and time keeping.

faster execution, lower virtualization overhead

advantage of paravirtualization

poor portability

disadvantage of paravirtualization

Hardware Assisted Virtualization

a new CPU execution mode feature that allows the VMM to run in a new root mode below ring 0. As depicted inFigure 7, privileged and sensitive calls are set to automatically trap to the hypervisor, removing the need for either binary translation or paravirtualization

even faster execution

advantage hardware assisted virtualization

2005

In _______ Intel released two Pentium 4 models supporting VT-x.

VMX root
VMX non-root

VT-x supports two modes of operations

VMX root

for VMM operations.

VMX non-root

support a VM.

Virtual Machine Control Structure

And a new data structure called the ______________ including host-state and guest-state areas

VM entry

the processor state is loaded from the guest-state of the VM scheduled to run; then the control is transferred from VMM to the VM.

VM exit

saves the processor state in the guest-state area of the running VM; then it loads the processor state from the host-state area, finally transfers control to the VMM.

Linux, Minix, NetBSD, FreeBSD and others

can operate as paravirtualized

Xen domain

ensemble of address spaces hosting a guest OS and applications running under the guest OS. Runs on a virtual CPU.

Dom0

dedicated to execution of Xen control functions and privileged instructions

DomU

a user domain

XenStore

a Dom0 process.

Dom0privileges

Communicates with guest VMs via shared memory using __________________.

Toolstack

responsible for creating, destroying, and managing the resources and privileges of VMs.

Toolstack

parses this file and writes this information in XenStore.

Linux Container

is a Linux process (or processes) that is a virtual environment with its own process network space. (lightweight process virtualization)

Containers; kernel

________ share portions of the host _________

Namespaces

per-process isolation of OS resources (filesystem, network and user ids)

Cgroups

resource management and accounting per process

Xen

runs at privilege Level 0, the guest OS at Level 1, and applications at Level 3.

x86

does not support either the tagging of TLB entries or the software management of the TLB. Thus, address spaceswitching, when the VMM activates a different OS, requires a completeTLB flush; this has a negative impact on the performance

Solution

load Xen in a 64 MB segment at the top of each address space and delegate the management of hardware page tables to the guest OS with minimal intervention from Xen. This region is not accessible or re-mappable by the guest OS.

guest OS

must register with Xen a description table with the addresses of exception handlers for validation.

Virtual Network Interfaces (VIFs); network interface card

Each domain has one or more __________ which support the functionality of a _____________

DomU; Dom0; ring

Split drivers have a front-end in the ___________ and the back-end in __________;the two communicate via a _______ in shared memory.

Ring

a circular queue of descriptors allocated by a domain and accessible within Xen

Descriptors

do not contain data, the data buffers are allocated off-band by the guest OS.

packet sending; packet receiving

Two rings of buffer descriptors, one for _________ and one for _________, are supported.

XEN I/O

zero-copy semantics for data transfer using I/Orings.

Xen 2.0

Optimization of virtual interface, I/O channel, virtual memory