✅ Module 3: Virtualization – Complete Notes

� Definition
 Virtualization = Creating a virtual (not real) version of hardware, OS, storage, or network.
 Provides an abstract environment to run applications.

� Why Virtualization is Popular Now

 Modern PCs can easily run virtual machines (VMs).
 Underutilized resources (hardware/software) are reused efficiently.
 Server consolidation reduces physical server count.
 Greener IT: Saves energy, reduces carbon footprint.
 Lower admin costs: Fewer servers = less maintenance & cooling needs.

� Virtualization Reference Model

 Host: Original hardware.
 Guest: System/app running in virtual environment.
 Virtualization Layer: Creates the virtual environment for the guest.

Interaction:

 The Guest does not access the host directly.

 Instead, it interacts with the virtualization layer.
 The virtualization layer manages the host and provides abstracted resources to the guest.
� Characteristics of Virtualized Environments
 Security: Isolates guest from host; filters harmful operations.
 Managed Execution: Supports sharing, aggregation, emulation, isolation.
 Sharing: Host used by multiple guests.
 Aggregation: Multiple hosts appear as one.
 Emulation: Runs programs for different hardware (e.g., MS-DOS on Windows).
 Isolation: Guests don’t interfere with each other.
 Performance Tuning: Resources (CPU, RAM) finely controlled.
 Portability: Run the same app on different platforms without changes.

� 6. Machine Reference Model:

 The Machine Reference Model provides a layered view of computing systems, showing how
virtualization can intercept and emulate system layers.
 At the bottom layer, the model for the hardware is expressed in terms of the Instruction Set
Architecture (ISA), which defines the instruction set for the processor, registers, memory, and
interrupts management.
 ISA is the interface between hardware and software and it is important for
-System developers (System ISA) – like OS developers.
-Low-level app developers (User ISA) – who directly use hardware instructions.
 The Application Binary Interface (ABI) separates the operating system layer from the applications and
libraries, which are managed by the OS.
 ABI covers details such as low-level data types, alignment, and call conventions and defines a format
for executable programs. System calls are defined at this level. This interface allows portability of
applications and libraries across operating systems that implement the same ABI.
  The highest level of abstraction is represented by the Application Programming Interface (API), which
interfaces applications to libraries and/or the underlying operating system.
 The machine level resources such as processor registers and main memory capacities are used to
perform the operation in the hardware level of CPU.
 This layered model simplifies development, multitasking, and allows multiple environments (like VMs)
to exist simultaneously.

 ✅ Security Rings and Privileged Modes – Key Points

 Purpose:
The machine reference model includes a basic security model by dividing system instructions into
privileged and non-privileged types, controlling who can access what.
 Non-Privileged Instructions:
o Executed by user programs.
o Do not access shared system resources.
o Include operations like floating point, arithmetic, etc.
 Privileged Instructions:
o Executed under strict control.
o Used for sensitive operations that either expose (behavior-sensitive) or modify (control-
sensitive) the system state.
o Only the OS or trusted services can run them.
 Ring-Based Security Model:
o Ring 0: Most privileged (used by OS kernel).
o Ring 1 & 2: For OS-level services.
o Ring 3: Least privileged, used by user applications.
 The closer to Ring 0, the more control over hardware.
 Modern Systems:
Typically support only two levels:
o Ring 0 = Supervisor Mode
o Ring 3 = User Mode
This simplifies system design and security management.

� Taxonomy / Types of Virtualization

A. Execution Virtualization
 Emulates an execution environment.
 We can divide these execution virtualization techniques into two major categories by considering
the type of host they require
 o Process level techniques  implemented on top of an existing operating system, which has
full control of the hardware.
o System level techniques  are implemented directly on hardware and do not require―or
require a minimum support from―an existing operating system.

B. Hardware Level Virtualization

 Definition:
Hardware-level virtualization creates a virtual version of hardware (like CPU, memory) so that
guest operating systems can run on it.

 Key Components:
o Guest = represented by Operating system
o Host = represented by Physical hardware
o Virtual Machine (VM) = represented by Emulated hardware

 Role of Hypervisor:
The hypervisor is generally a program, or a combination of software and hardware, that allows the
abstraction of the underlying physical hardware.

 Also Called:
This type is also known as System Virtualization because it provides the Instruction Set
Architecture (ISA) to VMs (hardware-level interface).

 Comparison with Process Virtualization:

Unlike process virtual machines that provide ABI (Application Binary Interface) for apps, hardware
virtualization gives ISA, allowing full OS to run.

� Hypervisor :

 Definition:
The hypervisor is generally a program, or a combination of software and hardware, that allows the
abstraction of the underlying physical hardware.
 Type I Hypervisor (Native):
o Runs directly on physical hardware.
o Replaces the OS and interacts directly with the hardware using ISA (Instruction Set
Architecture).
o Example: VMware ESXi, Microsoft Hyper-V (bare-metal).

 Type II Hypervisor (Hosted):

o Runs on top of an existing operating system.
o Works as an application that uses the OS and interacts through ABI (Application Binary
Interface).
o Example: VirtualBox, VMware Workstation.
  Key Difference:
o Type I is faster and more efficient (used in servers/data centers).
o Type II is easier to use but slightly slower (used on desktops/laptops).

 Purpose:
Both types allow guest operating systems to run in isolated environments as if they had their own
physical machines.
Hypervisor architecture :
 Dispatcher: Manages instructions from VM.
 Allocator: Assigns resources (CPU, RAM).
 Interpreter: Handles privileged instructions via trap mechanism.

� 9. Popek and Goldberg Virtualization Requirements

1. Equivalence – Guest should behave same as on real hardware.
2. Resource Control – VMM must control all resources.
3. Efficiency – Most instructions run without VMM intervention.

C. Hardware Virtualization Techniques

 Hardware-assisted: Hardware provides architectural support to run a guest operating system in
complete isolation. (e.g., Intel VT).
 Full Virtualization:
o Complete hardware emulation.
o Guest runs without changes.
 Paravirtualization:
o Guest OS is modified.
o Better performance.
 Partial Virtualization:
o Not all hardware emulated.
o Guest partially isolated.
D. Operating System Level Virtualization

 Operating system level virtualization creates isolated user-space environments within a single
operating system.

 It does not use a hypervisor; instead, the OS kernel handles resource sharing and isolation.

 Each instance has its own file system, IP address, software settings, and limited device access.

 The kernel ensures secure execution by preventing interference between instances.

 Examples include FreeBSD Jails, Solaris Zones, OpenVZ, and other Unix-based solutions.

E. Programming Language Level Virtualization

 Programming language level virtualization helps in easy deployment, managed execution, and
cross-platform portability.

 It uses a virtual machine to execute bytecode generated by compiling source code.

 The compiler produces bytecode for an abstract machine, not for specific hardware.

 This allows programs to run on any platform that has the corresponding virtual machine.

 Examples include Java Virtual Machine (JVM) and .NET CLR, which also support security features.

F. Application Level Virtualization

 App runs in a fake runtime environment.
 Emulation Methods:
o Interpretation – Each instruction emulated (slow).
o Binary Translation – Translates and caches (faster).
 Example: Wine (runs Windows apps on Linux).

G. Storage Virtualization

 Storage virtualization separates the physical hardware layout from its logical view for easier
management.

 It lets users access data using logical paths without knowing the exact storage location.

 Multiple storage devices can be combined and presented as a single logical file system.

 A common method is network-based virtualization using Storage Area Networks (SANs).

 SANs provide storage access over high-bandwidth networks, improving flexibility and scalability.
H. Network Virtualization:

 Network virtualization uses hardware and software to create and manage virtual networks.

 It can merge multiple physical networks into one logical network (external) or create virtual network
functions within a system (internal).

 External network virtualization often results in Virtual LANs (VLANs), where hosts act as if on the
same local network.

 Internal network virtualization allows virtual machines to communicate using virtual network
interfaces.

 It can be implemented using NAT, additional virtual network devices, or isolated private networks
for guests.

I.Desktop Virtualization:

 Desktop virtualization allows users to access a desktop environment remotely using a client-server
model.

 It functions like hardware virtualization but accesses a system stored on a remote server instead of
the local machine.

 The goal is to make the same desktop accessible from anywhere through a network.

 The desktop is usually hosted in a data center, ensuring high availability and data persistence.

 Examples include Windows Remote Services, VNC, X Server, and cloud-based tools like Citrix
XenDesktop and Sun VDI.

J. Application Server Virtualization:

 Application server virtualization combines multiple application servers to act as a single virtual
server.
 It uses load balancing to distribute workload and ensure efficient performance.
 The main goal is to provide high availability and reliability of services.
 Unlike other forms, it focuses on improving service quality, not simulating different environments.
 It is similar in purpose to storage virtualization, aiming at better resource utilization and service
delivery.
� Virtualization in Cloud Computing:
 Key Enabler for Cloud (especially IaaS).
 Used for:
o Resource isolation
o Custom execution environments
o Server consolidation
o Virtual Machine Migration (move VM between hosts)
 Virtualization is key to cloud computing as it enables customization, security, and isolation.
 It provides configurable environments and storage through various virtualization technologies.
 Hardware and programming language virtualization are mainly used in cloud systems.
 Virtualization supports efficient system design through techniques like server consolidation and VM
migration.
 It also enhances storage and desktop virtualization, making them vital components of cloud
infrastructure.

� Pros of Virtualization
 Managed execution and isolation(sandboxed environments)
 secure and controllable computing environments.
 Portability for execution virtualization techniques.
 Resource efficiency
 Lower costs
 Simplified maintenance

� 16. Cons of Virtualization

 Performance Degradation due to abstraction layers between the guest and the host, increased
latencies and delays can be experienced by the guest.
 Inefficiencies and Degraded User Experience: Not all host features are accessible.
 Security Threats: Malicious VMs may try to access host data.