RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2
2010/05/19 12:40:39

Hardware Virtualization

Hardware virtualization  is one of the areas of virtualization in information systems. Hardware virtualization allows you to run multiple independent virtual machines in the appropriate partitions of your computer's hardware space.

A catalog of virtualization technologies and projects is available on TAdviser.

Content

Virtualization (Global Market)

Key article: Virtualization (Global Market)

The Evolution of Hardware Virtualization

The rapid growth of the virtualization technology market over the past few years has been largely due to the increase in hardware capacity, which has made it possible to create truly efficient virtualization platforms, both for server systems and for desktops. Virtualization technologies allow you to run multiple virtual instances of operating systems (guest OS) on a single physical computer (host) in order to ensure their independence from the hardware platform and concentrate several virtual machines on a single physical one. Virtualization offers many benefits, both for enterprise infrastructure and for end users. Virtualization provides significant savings in hardware, maintenance, increased IT flexibility, and simplified backup and disaster recovery. Virtual machines, being equipment-independent units, can be distributed as pre-installed templates that can be run on any hardware platform of the supported architecture.

Until recently, efforts in the field of operating system virtualization were concentrated mainly in the field of software development. In 1998, VMware for the first time seriously outlined the prospects for the development of virtual systems, patenting virtualization software technologies. Thanks to the efforts of VMware, as well as other virtual platform vendors, and the increasing pace of improvement in computer technology, enterprise and home users saw the benefits and prospects of the new technology, and the virtualization market began to grow rapidly. Of course, large companies such as Intel and AMD, which control most of the processor market, could not ignore this promising technology. Intel was the first to see the new technology as a source of technological superiority over competitors and began work on improving x86 processor architecture to support virtualization platforms. Following Intel, AMD also joined developments to support hardware virtualization in processors so as not to lose ground in the market. At the moment, both companies offer processor models that have an expanded set of instructions and allow you to directly use hardware resources in virtual machines.

Hardware Virtualization Technology Development

The idea of ​ ​ hardware virtualization is not new: it was first embodied in 386 processors and was called V86 mode. This mode of operation of the 8086th processor allowed you to run several DOS applications in parallel. Hardware virtualization now allows you to run multiple independent virtual machines in the appropriate partitions of your computer's hardware space. Hardware virtualization is a logical continuation of the evolution of software platform abstraction levels  - from multitasking to virtualization:

Multitasking. Multitasking is the first layer of application abstraction. Each application divides the physical processor resources in the time-division mode of code execution.

HyperThreading. HyperThreading technology, in a broad sense, is also hardware-based virtualization technology, since when it is used in a single physical processor, two virtual processors are simulated in a single physical processor using the Symmetric Multi Processing (SMP) technique.

Virtualization. Virtualization is an emulation of multiple virtual processors for each of the guest operating systems. At the same time, virtual SMP technology allows you to represent several virtual processors on the guest OS if there is HyperThreading or more cores in the physical processor.

Advantages of hardware virtualization over software

Software virtualization is now taking precedence over hardware in the virtualization technology market because for a long time, processor manufacturers have not been able to properly implement virtualization support. The process of introducing new technology into processors required a major change in their architecture, the introduction of additional instructions and processor modes. This gave rise to compatibility and stability problems, which were completely solved in 2005-2006 in new processor models. While software platforms have advanced in terms of performance and the provision of virtual machine management, hardware virtualization technology has some undeniable advantages over software:

  • Simplify the development of virtualization platforms by providing hardware management interfaces and support for virtual guest systems. This contributes to the emergence and development of new virtualization platforms and management tools, due to the reduction of labor intensity and time for their development.
  • The ability to increase the performance of virtualization platforms. Since virtual guest systems are managed directly using a small middleware layer (hypervisor), the performance of hardware-based virtualization platforms is expected to increase in the future.
  • The ability to independently run multiple virtual platforms with the ability to switch between them at the hardware level. Multiple VMs can run independently, each in their own hardware space, eliminating performance loss on host platform maintenance, and increasing virtual machine security by completely isolating them.
  • Unlink the guest system from the host platform architecture and virtualization platform implementation. With hardware virtualization technologies, 64-bit guest systems can be launched from 32-bit host systems with 32-bit virtualization environments running on them.

How hardware virtualization works

The need to support hardware virtualization has led processor manufacturers to slightly change their architecture by introducing additional instructions to provide direct access to processor resources from guest systems. This set of additional instructions is called Virtual Machine Extensions (VMX). VMX provides the following instructions: VMPTRLD, VMPTRST, VMCLEAR, VMREAD, VMWRITE, VMCALL, VMLAUNCH, VMRESUME, VMXON and VMXOFF.

A virtualization-enabled processor can operate in two root operation and non-root operation modes. In root operation mode, there is special software that is a "lightweight" layer between guest operating systems and equipment  - the Virtual Machine Monitor (VMM), also called hypervisor. The word "hypervisor" appeared in an interesting way: once very long ago, the operating system was called "supervisor," and the software under the supervisor was called "hypervisor."

To put the processor in virtualization mode, the virtualization platform must call the VMXON statement and pass control to the hypervisor, which starts the virtual guest system with the VMLAUNCH statement and VMRESUME (virtual machine entry points). Virtual Machine Monitor can exit processor virtualization mode by calling the VMXOFF statement. Virtual Machine Startup Procedure Virtual Machine Startup Procedure

Each of the guest operating systems runs and operates independently of the others and is isolated in terms of hardware resources and security.

Hardware Virtualization versus Software Virtualization

The classic software virtualization architecture implies a host operating system on top of which a virtualization platform is launched, emulating the operation of hardware components and managing hardware resources in relation to the guest operating system. The implementation of such a platform is quite complex and labor-intensive, there are performance losses due to the fact that virtualization is performed on top of the host system. The security of virtual machines is also threatened, since gaining control on the host operating system automatically means gaining control over all guest systems.

Unlike software, hardware virtualization can provide isolated guest systems managed directly by the hypervisor. This approach can make it easy to implement a virtualization platform and increase the reliability of a platform with several simultaneously running guest systems, without sacrificing performance on host system maintenance. Such a model will bring guest performance closer to real ones and reduce the cost of performance to maintain the host platform. Hardware Virtualization Flaws

It is also worth noting that hardware virtualization is potentially not only positive. The ability to manage guest systems through a hypervisor and the ease of writing a virtualization platform using hardware techniques allow you to develop malicious software that, after gaining control on the host operating system, virtualizes it and performs all actions outside it.

In early 2006, a rootkit codenamed SubVirt was created in the laboratories of Microsoft Research, affecting Windows and Linux host systems and making its presence practically undetectable. The principle of operation of this rootkit was as follows:

1. Through one of the vulnerabilities in the operating system of the computer, malicious software receives administrative access.

2. After that, the rootkit begins the procedure of migrating the physical platform to the virtual one, after which the virtualized platform starts using a hypervisor. However, nothing changes for the user, everything continues to work as before, and all the tools and services necessary to access the hypervisor from outside (for example, terminal access) are outside the virtualized system.

3. Antivirus software cannot detect malicious code after the migration process because it is outside the virtualized system.

Clearly, this procedure looks like this: Rootkit operation diagram SubVirt

However, you should not exaggerate the danger. Developing malware that uses virtualization technologies is still much more difficult than using "traditional" tools that exploit various vulnerabilities in operating systems. At the same time, the main assumption that is made by those who claim that such malware is more difficult to detect and, moreover, may not use the "holes" in the OS, acting exclusively "within the framework of the rules," is that the allegedly virtualized operating system is not able to detect that it is running on a virtual machine, which is an initially incorrect package. Accordingly, antivirus software has every possibility to detect the fact of infection. And, therefore, the point is lost to develop such a resource-intensive and complex Trojan, given the presence of much simpler methods of invasion. Intel and AMD Virtualization Technologies

Intel and AMD, the leading processor manufacturers for server and desktop platforms, have developed hardware virtualization techniques for use in virtualization platforms. These techniques do not have direct compatibility, but perform mainly similar functions. Both of them involve a hypervisor that manages non-modified guest systems, and have the ability to develop virtualization platforms without the need for hardware emulation. Both virtualization-enabled processors provide additional instructions for calling them with a hypervisor to manage virtual systems. Currently, the virtualization hardware technology research team includes AMD, Intel, Dell, Fujitsu Siemens, Hewlett-Packard, IBM, Sun Microsystems, and VMware. Intel Virtualization

Intel officially announced the launch of virtualization technology in early 2005 at the 2005 Intel Developer Forum Spring Conference. The new technology is codenamed Vanderpool and the official Intel Virtualization Technology (abbreviated as Intel VT). Intel VT contains a number of techniques of various classes that have VT-x version numbers, where x  is a letter indicating a subspecies of hardware. Support was announced for the new technology in the Pentium 4, Pentium D, Xeon, Core Duo and Core 2 Duo processors. Intel also published specifications for Intel VT for Itanium-based processors, where virtualization technology appeared under the code name "Silvervale" and the VT-i version. However, starting in 2005, the new Itanium processor models do not support x86 instructions in hardware, and x86 virtualization can only be used on the IA-64 architecture using emulation.

To incorporate Intel VT into computer systems, Intel has worked with motherboard, BIOS, and peripherals manufacturers to ensure that Intel VT is compatible with existing systems. In many computer systems, hardware virtualization technology can be turned off in the BIOS. The Intel VT specifications indicate that the processor supporting this technology is not sufficient, and that the motherboard, BIOS, and software that uses Intel VT are also required. The list of supported Intel VT processors is as follows: Desktop Processors:

  • Intel® 2 Core™ Duo Extreme processor X6800
  • Intel® 2 Core™ Duo processor E6700
  • Intel® 2 Core™ Duo processor E6600
  • Intel® 2 Core™ Duo processor E6400 (E6420)
  • Intel® 2 Core™ Duo processor E6300 (E6320)
  • Intel® Core™ Duo processor T2600
  • Intel® Core™ Duo processor T2500
  • Intel® Core™ Duo processor T2400
  • Intel® Core™ Duo processor L2300
  • Intel® Pentium® processor Extreme Edition 965
  • Intel® Pentium® processor Extreme Edition 955
  • Intel® Pentium® D processor 960
  • Intel® Pentium® D processor 950
  • Intel® Pentium® D processor 940
  • Intel® Pentium® D processor 930
  • Intel® Pentium® D processor 920
  • Intel® Pentium® 4 processor 672
  • Intel® Pentium® 4 processor 662

Notebook Processors:

  • Intel® 2 Core™ Duo processor T7600
  • Intel® 2 Core™ Duo processor T7400
  • Intel® 2 Core™ Duo processor T7200
  • Intel® 2 Core™ Duo processor T5600
  • Intel® 2 Core™ Duo processor L7400
  • Intel® 2 Core™ Duo processor L7200
  • Intel® 2 Core™ Duo processor L7600
  • Intel® 2 Core™ Duo processor L7500

Processors for server platforms:

  • Intel® Xeon® processor 7041
  • Intel® Xeon® processor 7040
  • Intel® Xeon® processor 7030
  • Intel® Xeon® processor 7020
  • Intel® Xeon® processor 5080
  • Intel® Xeon® processor 5063
  • Intel® Xeon® processor 5060
  • Intel® Xeon® processor 5050
  • Intel® Xeon® processor 5030
  • Intel® Xeon® processor 5110
  • Intel® Xeon® processor 5120
  • Intel® Xeon® processor 5130
  • Intel® Xeon® processor 5140
  • Intel® Xeon® processor 5148
  • Intel® Xeon® processor 5150
  • Intel® Xeon® processor 5160
  • Intel® Xeon® processor E5310
  • Intel® Xeon® processor E5320
  • Intel® Xeon® processor E5335
  • Intel® Xeon® processor E5345
  • Intel® Xeon® processor X5355
  • Intel® Xeon® processor L5310
  • Intel® Xeon® processor L5320
  • Intel® Xeon® processor 7140M
  • Intel® Xeon® processor 7140N
  • Intel® Xeon® processor 7130M
  • Intel® Xeon® processor 7130N
  • Intel® Xeon® processor 7120M
  • Intel® Xeon® processor 7120N
  • Intel® Xeon® processor 7110M
  • Intel® Xeon® processor 7110N
  • Intel® Xeon® processor X3220
  • Intel® Xeon® processor X3210

Note that the following four processors do not support Intel VT:

  • Intel® 2 Core™ Duo processor E4300
  • Intel® 2 Core™ Duo processor E4400
  • Intel® 2 Core™ Duo processor T5500
  • Intel® Pentium® D processor 9x5 (D945)

Intel also plans to develop a technology called Virtualization for Directed I/O to Intel VT with VT-d. At the moment, it is known that these are significant changes in the I/O architecture that will improve the security, robustness and performance of virtual platforms using hardware virtualization technologies. AMD Virtualization

AMD, like Intel, recently set out to refine the processor architecture to support virtualization. In May 2005, AMD announced the introduction of virtualization support into processors. The official name that the new technology received  is AMD Virtualization (abbreviated AMD-V), and its internal code name  is AMD Pacifica. AMD-V technology is a logical continuation of Direct Connect technology for AMD64 processors, aimed at improving the performance of computer systems through close direct integration of the processor with other hardware components.

The following lists processors that support AMD-V hardware virtualization. Support for these features should work on all AMD-V series desktop processors under Socket AM2, starting with stepping F. It should also be noted that Sempron processors do not support hardware virtualization. Desktop Processors:

  • Athlon™ 64 3800+
  • Athlon™ 64 3500+
  • Athlon™ 64 3200+
  • Athlon™ 64 3000+
  • Athlon™ 64 FX FX-62
  • Athlon™ 64 FX FX-72
  • Athlon™ 64 FX FX-74
  • Athlon™ 64 X2 Dual-Core 6000+
  • Athlon™ 64 X2 Dual-Core 5600+
  • Athlon™ 64 X2 Dual-Core 5400+
  • Athlon™ 64 X2 Dual-Core 5200+
  • Athlon™ 64 X2 Dual-Core 5000+
  • Athlon™ 64 X2 Dual-Core 4800+
  • Athlon™ 64 X2 Dual-Core 4600+
  • Athlon™ 64 X2 Dual-Core 4400+
  • Athlon™ 64 X2 Dual-Core 4200+
  • Athlon™ 64 X2 Dual-Core 4000+
  • Athlon™ 64 X2 Dual-Core 3800+

For notebooks, processors with the Turion 64 X2 brand are supported:

  • Turion™ 64 X2 TL-60
  • Turion™ 64 X2 TL-56
  • Turion™ 64 X2 TL-52
  • Turion™ 64 X2 TL-50

The following Opteron processors are supported for server platforms:

  • Opteron 1000 Series
  • Opteron 2000 Series
  • Opteron 8000 Series

Hardware Virtualization Enabled Software

So far, the vast majority of virtualization software platform vendors have announced support for Intel hardware virtualization technologies and AMD. Virtual machines on these platforms can be started with hardware virtualization support. In addition, in many operating systems that include paravirtualization software platforms such as Xen or Virtual Iron, hardware virtualization will allow you to run unchanged guest operating systems. Since paravirtualization is one of the types of virtualization that requires modification of the guest operating system, the implementation of hardware virtualization support in paravirtualization platforms is a very acceptable solution for these platforms, in terms of the ability to run non-modified versions of guest systems.

Hardware Virtualization Today

VMware, a member of the Hardware Virtualization Technician Research Group, conducted a study in late 2006 on proprietary software virtualization versus Intel hardware virtualization technologies. In the document "A Comparison of Software and Hardware Techniques for x86 Virtualization," the results of this study were recorded (on the 3.8 GHz Intel Pentium 4 672 processor  with Hyper-Threading Technology disabled). One of the experiments was carried out using SPECint2000 and SPECjbb2005 test systems, which are the de facto standard for evaluating the performance of computer systems. The guest system was the Red Hat Enterprise Linux 3 operating system, controlled by a software and hardware hypervisor. Hardware virtualization was expected to yield a performance factor of about one hundred percent for native operating system startup. However, the results were very unexpected: while the software hypervisor without the use of hardware virtualization techniques gave 4 percent of the performance loss in relation to native startup, the hardware hypervisor, in general, lost 5 percent of the performance.

Conclusions

Support for hardware virtualization technologies in processors offers a broad perspective on the use of virtual machines as reliable, secure, and flexible tools to improve the efficiency of virtual infrastructures. The availability of support for hardware virtualization techniques in processors not only server, but also desktop systems, indicates the seriousness of the intentions of processor manufacturers in relation to all segments of the computer system user market. The use of hardware virtualization in the future should reduce the performance loss when starting multiple virtual machines on a single physical server. Of course, hardware virtualization will increase the security of virtual systems in enterprise environments. Now the ease of developing virtualization platforms using hardware technology has led to the emergence of new players in the virtualization market. Vendors of paravirtualization systems widely use hardware virtualization to run non-modified guest systems. An additional advantage of hardware virtualization techniques is the ability to run 64-bit guest systems on 32-bit versions of virtualization platforms (for example, VMware ESX Server).

Do not perceive performance results as the only true ones. Objective performance assessment of various hardware and software platforms for virtualization is a non-trivial task, said working group as part of SPEC is working to create a set of standard methods for evaluating such systems. Today, it can be noted that AMD virtualization tools are technically more advanced than Intel's. Much depends on the software used, for example, unlike VMWare, there are much more "responsive" to hardware support for the environment, for example, Xen 3.0.

Original article and full version