Xen Lecture Notes
Introduction
- OS -> vary, different
- Multiplex physical resources
- Secure colocation (AWS)
- Xen: Para virtualization -> Modify Guest OS
- Full virtualization -> Not modify Guest OS
Requirement
- Isolation
- Resource allocation
- Apps library unmodified
- S/W Heterogeneous
- Performance overhead
- Scale instances
Structure
XEN
+-------------+ +-------------+
| | | |
| Apps | | Apps |
| | | |
+-------------+ +-------------+ ...
| | | |
| Linux | | Windows |
+-------------+ +-------------+
Domain0
+------------------------------------------+
XEN VMM
VM Ware Workstation
+-------------+ +-------------+
| | | |
| Apps | | Apps |
| | | |
+-------------+ +-------------+ ...
| | | |
| Linux | | Windows |
+-------------+ +-------------+
VM Ware Workstation
+------------------------------------------+
LINUX
VM Ware ESX
+-------------+ +-------------+
| | | |
| Apps | | Apps |
| | | |
+-------------+ +-------------+ ...
| | | |
| Linux | | Windows |
+-------------+ +-------------+
+------------------------------------------+
VM Ware ESX
IBM
VM Ware ESX is a full virtualization with the benefit of allowing unmodified OS to be hosted. It has a number of drawbacks. First, this increased complexity especially on x86 architecture because virtualization was never part of the x86 architecture design. This full virtualization also reduced performance. ESX Server dynamically rewrites portions of the hosted machine code to insert traps wherever VMM intervention might be required. ESX Server implements shadow versions of system structures such as page tables and maintains consistency with the virtual tables by trapping every update attempt.
VP in Cells
+-------------+ +-------------+ +---------------+
| | | | | |
| Apps | | Apps | | |
| | | | | |
+-------------+ +-------------+ | ROOT |
| VP | | VP | | |
| | | | | |
+-------------+ +-------------+ +---------------+
+---------------------------------------------------------+
LINUX
Domain 0
Domain 0 is in control, managing. Mechanism and policy are separate. Xen provides mechanism, while Domain 0 is in charge of all the policy.
CPU
- BVT scheduling policy
- Like context switch, Xen distribute the time chunk to domains, and interrupt while the domain's time is up.
- Hypercall Domain -> Xen
- Events Xen -> Domain (Emulated H/W interrupt)
- All high privileged instructions are replaced with a hypercall to Xen, e.g., H/W TLB flush. Xen has those executions done.
H/W supported virtualization
H/W designed to support virtualization. There is an emulation mode. This is first introduced on the IBM System/370, making it easier to implement virtualized system. H/W virtualization was added to x86 processors (Intel VT-x or AMD-V).
VM Ware Workstation
+-------------+ +-------------+
| | | |
| Apps | | Apps |
| | | |
+-------------+ +-------------+ ...
| | | |
| Linux | | Windows |
+-------------+ +-------------+
R ^ +W VM Ware Workstation
| |
+-------------------------------------------------+
| | LINUX
+-+--v---+
| DISK |
+--------+
The virtualized disk is just a file in the host Linux, from which the Guested OS do Read / Write operation.
The VM Ware Workstation acts as a JIT binary interpreter of the privileged instructions.
VM Ware and Xen
VM Ware starts from a research on x86 emulator. Now it is widely used in Data Centers, like AWS. Their ESX Server is for DC, Workstation for desktop. Xen is mainly for DC.
VM Ware focuses a lot on the management, such as how to manage 10,000 VMs efficiently. Their vCD and vCenter are good tools in this field.
Dummy Device Driver
For Xen, each domain has a dummy device driver, which pass pages to the real device drive, which resides in domain 0. There is no copy overhead because it is passing the pointer to a memory location.
In contrast, in VM Ware ESX, the driver is located outside of the guested OS, and there is no dummy driver. Data copy is thus needed.
Virtualize Virtual Memory
This is a big challenge in virtualization. The task will be easier if the architecture provides a software-managed TLB or a tagged TLB, associating an address-space identifier tag with each TLB entry.
Full Virtualization
We do not modify the guest OS, so we need Shadow PT.
Xen
Guest OS has read access to hardware page tables, but updates are batched and validated by the hypervisor.
Modify guest OS, add PT entry by making hypercall to Xen and Xen will check if this is valid, if yes, Xen will update the TLB instead of the guest OS.
VM Ware Workstation
The PT is down in Host OS. One PT for one Guest OS.
Machine Memory
New technology by Intel.
OS VM
+----------+ +----------+
+ + + +
+---------------+ +--------------+ +--------------+
| | | | | |
| | | | | |
| +---+ +---+ |
| Virtual | | Physical | | Machine |
| Memory +---+ Memory +---+ Memory |
| | | | | |
| +---+ +---+ |
| | | | | |
+---------------+ +--------------+ +--------------+