DOCSLIB.ORG

Security Implications of Different Virtualization Approaches for Secure Cyber Architectures

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Security Implications of Different Virtualization Approaches for Secure Cyber Architectures Security Implications of Different Virtualization Approaches for Secure Cyber Architectures Sanaz Rahimi and Mehdi Zargham Department of Computer Science Southern Illinois University Carbondale, IL Email: {srahimi, mehdi}@cs.siu.edu Abstract—Virtualization is increasingly being used as a monitoring, fault tolerance, intrusion tracking, software component in designing secure cyber architectures. The impact analysis, and execution replay. However different proposed applications include strong isolation, monitoring, virtualization approaches differ considerably in their fault tolerance, execution replay, etc. However, there are various virtualization approaches which differ in their security implications, proper applications, overheads, re- security implications, proper applications, overheads, re- quirements, and threat models. Unfortunately, this simple quirements, and most importantly threat models. Firstly, fact is sometimes ignored when virtualization is used as virtualization solutions range from hardware assisted to a security component. Moreover, as a software system, completely software emulated. They can be further catego- a virtual machine monitor (VMM, a.k.a hypervisor) rized by their abstraction level from hardware virtualiza- tion, to operating system level virtualization (containers), is prone to software flaws and vulnerabilities. Relying to application virtualization. Finally, they differ widely in on a large VMM as an always trusted component is the way they handle I/O; from having a separate I/O no more justified than relying on any other pieces of virtual machine (privileged partition) to hardware assisted software. However, what can potentially be different I/O virtualization (IOMMU). In order to deploy the most is the size of the trusted computing base (TCB) and effective virtualization approach when designing a secure cyber system, it is imperative to fully understand the the abstraction levels when using virtualization as a benefits offered and the trade-offs involved in each method. security component. In order to utilize virtualization In this work, we study the spectrum of virtualization modes effectively one has to understand the trade-offs and se- and discuss their strengths, weaknesses, requirements, and curity implications of different virtualization techniques. threat models. For instance, lightweight paravirtualization In this paper, we study each of these techniques, their with IOMMU can reduce the size of the trusted computing base (TCB) significantly which makes it a proper candidate security implications, and proper applications. We use for high assurance isolation and thin client applications. the size of TCB as a measure of security. Of course On the other hand, containers have the similar TCB size rigorous software/hardware verification techniques can as a full blown operating system, but they preserve the result in fewer flaws and vulnerabilities, but given similar semantic information lost in the lower level virtualizations techniques and limited verification resources, TCB can which makes them suitable for replay and monitoring ap- plications. Moreover, we identify several gaps combinations be a good indicator of how much trust can be placed on that have not been implemented yet, to the best of our a system. In the rest of the paper, the system hardware knowledge which, if available, can be valuable for specific is always part of the TCB unless otherwise stated. applications and assurance requirements. The rest of the paper is organized as follows. Section II describes full and paravirtualization techniques. Section I. INTRODUCTION III explains virtualization in software and hardware. Virtualization is increasingly being used as a compo- The abstraction level of each virtualization techniques nent in designing secure cyber architectures. Although is described in Section IV. Section V studies important it was originally developed decades ago in the early I/O virtualization methods. We describe the entire vir- days of computing as a means of resource sharing, tualization spectrum and its applications in Section VI virtualization has reemerged as a viable solution for before concluding the paper in Section VIII. The security secure and high performance computing in recent years. implications of each approach is discussed in the section With the advent of fast and virtualization extended describing that element and summarized in Section VI. hardware, the performance penalty of virtualization has been reduced significantly enabling a personal computer II. FULL VS. PARAVIRTUALIZATION to run multiple virtual machines (VMs) at the same time. Operating system (OS) virtualization techniques can In the realm of security, virtualization has been used be divided into two large categories: full virtualization in a wide variety of applications including isolation, and paravirtualization. In paravirtualization, an OS kernel must be modified Unmodified OS code translates into complex and large and ported to the application programming interface full virtualization VMMs. In addition, the code scanning (API) of the VMM. The OS kernel consists of virtualiz- and software emulation logic add to the complexity of able and non-virtualizable instructions. The virtualizable the VMM. Among the full virtualization techniques, instructions (non-privileged) are executed directly on the hardware assisted model can achieve the smallest code hardware of the machine. However, the non-virtualizable size and the highest assurance level. (privileged) instructions including memory management, interrupt handling, time keeping, I/O handling require III. SOFTWARE VS.HARDWARE ASSISTED more care. They cannot be executed directly on the VIRTUALIZATION hardware because they may interfere with the other VMs Virtualization can be performed in software or hard- running on the same machine. In the paravirtualization ware. The software based model performs all the virtu- model, these instructions are replaced with calls into alization tasks in software and it can run on commodity the VMM (hypercalls.) In this sense, a paravirtualized processors. operating system is aware of the virtualization layer. As Software based VMMs perform memory and I/O a result, paravirtualization can achieve near hardware virtualization in software. Most OSes support paged performances with minimum overhead. Xen [5] is an virtual memory and manage that by directly accessing example of a paravirtualization VMM. Its downside is the processor memory management unit (MMU), but that it requires access to the source code of the operating direct access to MMU or physical memory by a VM system for porting. can result in an interference with other VMs. Since the Full virtualization, on the other hand, virtualizes the VMM has to isolate different VMs from each other it entire hardware platform (including BIOS, I/O, etc.). has to virtualize the paged memory for the guest OSes. It can virtualize unmodified OS code and it does not This is done by adding an extra address translation step require access to the source code. VMWare Workstation to virtual memory. The VMM manages a data structure [28] is a full virtualization VMM. There are several called a shadow page table which translates a VM’s techniques to deal with non-virtualizable instructions in virtual address (a.k.a guest virtual address) to system full virtualization: software emulation, binary translation physical address. Also software based virtualization has (code scanning), and hardware assisted. The first tech- to emulate the I/O devices for the VMs which adds to nique, emulates the hardware instruction in software, the complexity of the VMM. thus providing the desired effect for the OS. Binary trans- Hardware assisted virtualization simplifies the VMM lation runs the majority of the OS code on the hardware, by supporting many of the tasks in hardware. First, but replaces the binary of the non-virtualizable instruc- hardware assisted virtualization including Intel VT [2] tions by new code sequences to achieve the intended and AMD SVM [1] support two-step address translation effect on the virtual hardware. This is done by scanning in hardware (called Extended Page Table for Intel and the OS code pages in the memory (hence the name Nested Page Table for AMD.) They also virtualize “code scanning”). Finally the hardware assisted model interrupts and I/O (see Section V) which simplifies full uses hardware support to trap privileged instructions and virtualization. Moreover, hardware assisted virtualization call the VMM for proper handling. We explain hardware provides simple instructions to access hidden processor assisted virtualization in more detail in the next section. states (non-software accessible) which facilitates VM en- Full virtualization is in general slower than paravir- try/exits. This feature makes context switching between tualization. Among the full virtualization techniques, VMs very efficient. Finally, registers that are frequently hardware assisted model has the lowest and software accessed by the guest OS (e.g. task priority register) may emulation has the highest overhead. also be shadowed for performance reasons. In paravirtualization, the VMM can avoid virtualizing Hardware assisted virtualization can greatly simplify many of the hardware features (e.g. BIOS) simply by the VMM. In fact, thin hypervisors often use hardware changing the OS privileged instructions. Moreover, by features to avoid software emulation of virtualization placing hypercalls in the OS code, it can also avoid tasks (e.g. SecVisor).
Load more

Recommended publications
  • Oracle VM Virtualbox User Manual
    Oracle VM VirtualBox R User Manual Version 5.1.20 c 2004-2017 Oracle Corporation http://www.virtualbox.org Contents 1 First steps 11 1.1 Why is virtualization useful?............................. 12 1.2 Some terminology................................... 12 1.3 Features overview................................... 13 1.4 Supported host operating systems.......................... 15 1.5 Installing VirtualBox and extension packs...................... 16 1.6 Starting VirtualBox.................................. 17 1.7 Creating your first virtual machine......................... 18 1.8 Running your virtual machine............................ 21 1.8.1 Starting a new VM for the first time.................... 21 1.8.2 Capturing and releasing keyboard and mouse.............. 22 1.8.3 Typing special characters.......................... 23 1.8.4 Changing removable media......................... 24 1.8.5 Resizing the machine’s window...................... 24 1.8.6 Saving the state of the machine...................... 25 1.9 Using VM groups................................... 26 1.10 Snapshots....................................... 26 1.10.1 Taking, restoring and deleting snapshots................. 27 1.10.2 Snapshot contents.............................. 28 1.11 Virtual machine configuration............................ 29 1.12 Removing virtual machines.............................. 30 1.13 Cloning virtual machines............................... 30 1.14 Importing and exporting virtual machines..................... 31 1.15 Global Settings...................................
    [Show full text]
  • Understanding Full Virtualization, Paravirtualization, and Hardware Assist
    VMware Understanding Full Virtualization, Paravirtualization, and Hardware Assist Contents Introduction .................................................................................................................1 Overview of x86 Virtualization..................................................................................2 CPU Virtualization .......................................................................................................3 The Challenges of x86 Hardware Virtualization ...........................................................................................................3 Technique 1 - Full Virtualization using Binary Translation......................................................................................4 Technique 2 - OS Assisted Virtualization or Paravirtualization.............................................................................5 Technique 3 - Hardware Assisted Virtualization ..........................................................................................................6 Memory Virtualization................................................................................................6 Device and I/O Virtualization.....................................................................................7 Summarizing the Current State of x86 Virtualization Techniques......................8 Full Virtualization with Binary Translation is the Most Established Technology Today..........................8 Hardware Assist is the Future of Virtualization, but the Real Gains Have
    [Show full text]
  • Paravirtualization (PV)
    Full and Para Virtualization Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF x86 Hardware Virtualization The x86 architecture offers four levels of privilege known as Ring 0, 1, 2 and 3 to operating systems and applications to manage access to the computer hardware. While user level applications typically run in Ring 3, the operating system needs to have direct access to the memory and hardware and must execute its privileged instructions in Ring 0. x86 privilege level architecture without virtualization Technique 1: Full Virtualization using Binary Translation This approach relies on binary translation to trap (into the VMM) and to virtualize certain sensitive and non-virtualizable instructions with new sequences of instructions that have the intended effect on the virtual hardware. Meanwhile, user level code is directly executed on the processor for high performance virtualization. Binary translation approach to x86 virtualization Full Virtualization using Binary Translation This combination of binary translation and direct execution provides Full Virtualization as the guest OS is completely decoupled from the underlying hardware by the virtualization layer. The guest OS is not aware it is being virtualized and requires no modification. The hypervisor translates all operating system instructions at run-time on the fly and caches the results for future use, while user level instructions run unmodified at native speed. VMware’s virtualization products such as VMWare ESXi and Microsoft Virtual Server are examples of full virtualization. Full Virtualization using Binary Translation The performance of full virtualization may not be ideal because it involves binary translation at run-time which is time consuming and can incur a large performance overhead.
    [Show full text]
  • Vulnerability Assessment
    Security Patterns for AMP-based Embedded Systems Doctoral Thesis (Dissertation) to be awarded the degree of Doktor-Ingenieur (Dr. -Ing.) submitted by Pierre Schnarz from Alzenau approved by the Department of Informatics, Clausthal University of Technology 2018 Dissertation Clausthal, SSE-Dissertation 19, 2018 D 104 Chairperson of the Board of Examiners Prof. Dr. Jorg¨ P. Muller¨ Chief Reviewer Prof. Dr. Andreas Rausch 2. Reviewer Prof. Dr. Joachim Wietzke 3. Reviewer Prof. Dr. Jorn¨ Eichler Date of oral examination: December 19, 2018 Für Katrin Declaration I hereby declare that except where specific reference is made to the work of others, the contents of this dissertation are original and have not been submitted in whole or in part for consideration for any other degree or qualification in this, or by any other university. This dissertation is my own work and contains nothing which is the outcome of work done in collaboration with others, except as specified in the text and Acknowledgements. Pierre Schnarz April 2019 Acknowledgements - Danksagung The probability that we may fail in the struggle ought not to deter us from the support of a cause we believe to be just. Abraham Lincoln Viele Menschen haben mich auf dem langen Weg bis zur Fertigstellung dieser Arbeit begleitet. Daher möchte ich mich hier bei all Jenen bedanken, die beigetragen haben mir dies zu ermöglichen. Bei Prof. Dr. Joachim Wietzke bedanke ich mich für die Betreuung meiner Promotion. Gerade die Mitarbeit in seiner Forschungsgruppe und darüber hinaus hat mir die nötige Hartnäckigkeit vermittelt, welche es brauchte um dieses große Projekt zu Ende zu bringen.
    [Show full text]
  • Full Virtualization on Low-End Hardware: a Case Study
    Full Virtualization on Low-End Hardware: a Case Study Adriano Carvalho∗, Vitor Silva∗, Francisco Afonsoy, Paulo Cardoso∗, Jorge Cabral∗, Mongkol Ekpanyapongz, Sergio Montenegrox and Adriano Tavares∗ ∗Embedded Systems Research Group Universidade do Minho, 4800–058 Guimaraes˜ — Portugal yInstituto Politecnico´ de Coimbra (ESTGOH), 3400–124 Oliveira do Hospital — Portugal zAsian Institute of Technology, Pathumthani 12120 — Thailand xUniversitat¨ Wurzburg,¨ 97074 Wurzburg¨ — Germany Abstract—Most hypervisors today rely either on (1) full virtua- a hypervisor-specific, often proprietary, interface. Full virtua- lization on high-end hardware (i.e., hardware with virtualization lization on low-end hardware, on the other end, has none of extensions), (2) paravirtualization, or (3) both. These, however, those disadvantages. do not fulfill embedded systems’ requirements, or require legacy software to be modified. Full virtualization on low-end hardware Full virtualization on low-end hardware (i.e., hardware with- (i.e., hardware without virtualization extensions), on the other out dedicated support for virtualization) must be accomplished end, has none of those disadvantages. However, it is often using mechanisms which were not originally designed for it. claimed that it is not feasible due to an unacceptably high Therefore, full virtualization on low-end hardware is not al- virtualization overhead. We were, nevertheless, unable to find ways possible because the hardware may not fulfill the neces- real-world quantitative results supporting those claims. In this paper, performance and footprint measurements from a sary requirements (i.e., “the set of sensitive instructions for that case study on low-end hardware full virtualization for embedded computer is a subset of the set of privileged instructions” [1]).
    [Show full text]
  • Paravirtualization Poojitha, Umit Full Virtualization
    Paravirtualization Poojitha, Umit Full virtualization • Unmodified OS • It doesn’t know about hypervisor • Back and forth between hypervisor and MMU-visible shadow page table: inefficient • Unprivileged instructions which are sensitive: difficult to handle (binary translation VMware ESX) • Cannot access hardware in privileged mode • If guest OS wants real resource information? (Timer, superpages) 2 Paravirtualization • Modify Guest OS • It knows about hypervisor • Applications not modified • Some exposure to hardware and real resources like time • Improved performance (reduce redirections, allowing guest OS to use real hardware resources in a secure manner) • It can allow us to do virtualization without hardware support 3 Discussion – Xen • Memory Management • CPU • Protection • Exception • System call • Interrupt • Time • Device I/O 4 Protection • Privilege of OS must be less than Xen: • In x86, 4 levels of privilege • 3 for applications, Zero for OS - generally • Downgrade guest OS to level 1 or 2 • Xen will be at 0 Wikipedia 5 Exceptions • System calls, Page Faults • Register with Xen: descriptor table for exception handlers • No back and forth between Xen and Guest OS like in full Virtualization • Fast handlers for system call: • When Applications execute system call, it directly goes to Guest OS handler in ring 1 – not to Xen (But not page fault handler it has to go through Xen) • Handlers validated before installing in hardware exception table 6 Time • Guest OS can see: both real and virtual time • Real time • Virtual time • Wall clock time • Why do you want to see time? e.g., need it for TCP: TCP timeouts, RTT estimates 7 Memory Management • TLB flush on context switch (Guest OS – Guest OS) – Undesirable • Software TLB – can virtualize without flushing between switches • Hardware TLB – tag it with address space identifier.
    [Show full text]
  • KVM: Linux-Based Virtualization
    KVM: Linux-based Virtualization Avi Kivity [email protected] Columbia University Advanced OS/Virtualization course Agenda Quick view Power management Features Non-x86 KVM Execution loop Real time Memory management Xenner Linux Integration Community Paravirtualization Conclusions I/O Copyright © 2007 Qumranet, Inc. All rights reserved. At a glance KVM – the Kernel-based Virtual Machine – is a Linux kernel module that turns Linux into a hypervisor Requires hardware virtualization extensions Supports multiple architectures: x86 (32- and 64- bit) s390 (mainframes), PowerPC, ia64 (Itanium) Competitive performance and feature set Advanced memory management Tightly integrated into Linux 3 Copyright © 2007 Qumranet, Inc. All rights reserved. The KVM approach Reuse Linux code as much as possible Focus on virtualization, leave other things to respective developers Integrate well into existing infrastructure, codebase, and mindset Benefit from semi-related advances in Linux Copyright © 2007 Qumranet, Inc. All rights reserved. VMware Console User User User VM VM VM VM Hypervisor Driver Driver Driver Hardware Copyright © 2007 Qumranet, Inc. All rights reserved. Xen User User User Domain 0 VM VM VM Driver Driver Hypervisor Driver Hardware Copyright © 2007 Qumranet, Inc. All rights reserved. KVM Ordinary LinuxOrdinary User User User Ordinary ProcessLinux VM VM VM ProcessLinux Process KVM Modules Linux Driver Driver Driver Hardware Copyright © 2007 Qumranet, Inc. All rights reserved. KVM model enefits Reuse scheduler, memory management, bringup Reuse Linux driver portfolio Reuse I/O stack Reuse management stack Copyright © 2007 Qumranet, Inc. All rights reserved. KVM Process Model task task guest task task guest kernel 9 Copyright © 2007 Qumranet, Inc. All rights reserved. KVM Execution Model Three modes for thread execution instead of the traditional two: User mode Kernel mode Guest mode A virtual CPU is implemented using a Linux thread The Linux scheduler is responsible for scheduling a virtual cpu, as it is a normal thread 10 Copyright © 2007 Qumranet, Inc.
    [Show full text]
  • Taxonomy of Virtualization Technologies Master’S Thesis
    A taxonomy of virtualization technologies Master’s thesis Delft University of Technology Faculty of Systems Engineering Policy Analysis & Management August, 2010 Paulus Kampert 1175998 Taxonomy of virtualization technologies Preface This thesis has been written as part of the Master Thesis Project (spm5910). This is the final course from the master programme Systems Engineering, Policy Analysis & Management (SEPAM), educated by Delft University of Technology at the Faculty of Technology, Policy and Management. This thesis is the product of six months of intensive work in order to obtain the Master degree. This research project provides an overview of the different types of virtualization technologies and virtualization trends. A taxonomy model has been developed that demonstrates the various layers of a virtual server architecture and virtualization domains in a structured way. Special thanks go to my supervisors. My effort would be useless without the priceless support from them. First, I would like to thank my professor Jan van Berg for his advice, support, time and effort for pushing me in the right direction. I am truly grateful. I would also like to thank my first supervisor Sietse Overbeek for frequently directing and commenting on my research. His advice and feedback was very constructive. Many thanks go to my external supervisor Joris Haverkort for his tremendous support and efforts. He made me feel right at home at Atos Origin and helped me a lot through the course of this research project. Especially, the lectures on virtualization technologies and his positive feedback gave me a better understanding of virtualization. Also, thanks go to Jeroen Klompenhouwer (operations manager at Atos Origin), who introduced me to Joris Haverkort and gave me the opportunity to do my graduation project at Atos Origin.
    [Show full text]
  • Vmware Security Best Practices
    VMware Security Best Practices Jeff Turley Lewis University April 25, 2010 Abstract Virtualization of x86 server infrastructure is one of the hottest trends in information technology. With many organizations relying on virtualization technologies from VMware and other vendors to run their mission critical systems, security has become a concern. In this paper, I will discuss the different types of virtualization technologies in use today. I will also discuss the architecture of VMware vSphere and security best practices for a VMware vSphere environment. 2 Table of Contents Introduction Page 5 Business Case For Virtualization Page 5 Understanding Virtualization Page 6 CPU Virtualization Page 6 The Hypervisor Page 11 Understanding VMware vSphere Page 12 VMware vSphere Architecture Page 12 VMware vSphere Components Page 13 The VMware vSphere Virtual Data Center Page 14 VMware vSphere Distributed Services Page 18 VMware Virtual Networking Page 25 VMware Virtual Storage Architecture Page 28 VMware vCenter Server Page 29 Securing a VMware Virtual Environment Page 30 VMware vSphere Network Security Page 32 VMware vSphere Virtual Machine Security Page 35 VMware vSphere ESX/ESXi Host Security Page 37 VMware vSphere vCenter Server Security Page 37 VMware vSphere Console Operating System (COS) Security Page 38 Conclusion Page 39 References Page 40 3 Table of Figures Figure 1: Operating system and applications running directly on physical hardware………………………………………………………..….....……………..…..Page 7 Figure 2: Operating system and applications running with
    [Show full text]
  • Open Enterprise Server 2015 SP1 OES Cluster Services Implementation Guide for Vmware
    Open Enterprise Server 2015 SP1 OES Cluster Services Implementation Guide for VMware July 2020 Legal Notices For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.microfocus.com/about/legal/. Copyright © 2020 Micro Focus Software, Inc. All Rights Reserved. Contents About This Guide 5 1 Getting Started with OES Cluster Services in an ESXi Virtualized Environment 7 1.1 Configuration Overview . 8 1.2 Understanding Virtualization . 8 1.2.1 Where Is Virtualization Today? . 9 1.2.2 Why Use Virtualization?. 9 1.2.3 Why Use Novell Cluster Services? . 9 1.2.4 Server versus Service Virtualization . .9 1.3 Architectural Scenarios . 11 1.3.1 Only Service Virtualization. 11 1.3.2 Only Server Virtualization . 12 1.3.3 NCS on Host Machines Managing Xen or KVM Guest Machines . 12 1.3.4 NCS Managing Services on Guest Machines . 13 1.3.5 NCS Managing Services on a Cluster of Physical and Guest Machines. 13 1.4 Design and Architecture Considerations . 14 1.4.1 Challenges of Server Virtualization . 14 1.4.2 Cost of Server Virtualization . 14 1.4.3 Challenges of Service Virtualization . 15 1.4.4 Cost of Service Virtualization. 15 1.4.5 Fault Tolerance and Scalability . 15 1.4.6 Planning Considerations . 15 1.4.7 Full Virtualization versus Paravirtualization . 15 1.4.8 Comparing Architectures . 16 2 Planning for the Virtualized Environment 17 2.1 Things to Explore . 17 2.2 Infrastructure Dependencies . 17 2.3 LAN and SAN Connectivity .
    [Show full text]
  • Operating System Virtualization
    Introduction to virtualisation technology Predrag Buncic CERN CERN School of Computing 2009 Introduction to Virtualisation Technology History . Credit for bringing virtualization into computing goes to IBM . IBM VM/370 was a reimplementation of CP/CMS, and was made available in 1972 . added virtual memory hardware and operating systems to the System/370 series. Even in the 1970s anyone with any sense could see the advantages virtualization offered . It separates applications and operating systems from the hardware . With VM/370 you could even run MVS on top - along with other operating systems such as Unix. In spite of that, VM/370 was not a great commercial success . The idea of abstracting computer resources continued to develop 2 Predrag Buncic – CERN Introduction to Virtualisation Technology Resource virtualization . Virtualization of specific system computer resources such as . Memory virtualization . Aggregates RAM resources from networked systems into Memory virtualized memory pool . Network virtualization . Creation of a virtualized network addressing space within or across network subnets . Using multiple links combined to work as though they Networking offered a single, higher-bandwidth link . Virtual memory . Allows uniform, contiguous addressing of physically separate and non-contiguous memory and disk areas . Storage virtualization Storage . Abstracting logical storage from physical storage . RAID, disk partitioning, logical volume management 3 Predrag Buncic – CERN Introduction to Virtualisation Technology Metacomputing . A computer cluster is a group of linked computers, working together closely so that in many respects they form a single computer. The components of a cluster are commonly connected to each other through fast local area networks. Grids are usually computer clusters, but more focused on throughput like a computing utility rather than running fewer, tightly-coupled jobs .
    [Show full text]
  • Virtualization Basics: Understanding Techniques and Fundamentals
    Virtualization Basics: Understanding Techniques and Fundamentals Hyungro Lee School of Informatics and Computing, Indiana University 815 E 10th St. Bloomington, IN 47408 [email protected] ABSTRACT example of growing involvement in virtualization technolo- Virtualization is a fundamental part of cloud computing, gies with the cloud. Early technologies and developments especially in delivering Infrastructure as a Service (IaaS). in the virtualization have been accomplished by some com- Exploring different techniques and architectures of the vir- panies such as IBM from 1967 and VMware from 1998. In tualization helps us understand the basic knowledge of virtu- open source communities, Xen, KVM, Linux-vServer, LXC alization and the server consolidation in the cloud with x86 and others have supported virtualization in different plat- architecture. This paper describes virtualization technolo- forms with different approaches. In this paper, x86 archi- gies, architectures and optimizations regarding the sharing tecture virtualization will be discussed with these historical CPU, memory and I/O devices on x86 virtual machine mon- changes. itor. In cloud computing, Infrastructure-as-a-Service (IaaS) pro- vides on-demand virtual machine instances with virtualiza- Categories and Subject Descriptors tion technologies. IaaS has been broadly used to provide re- C.0 [General]: Hardware/software interface; C.4 [Performance quired compute resources in shared resource environments. of systems]: Performance attributes; D.4.7 [Operating Amazon Web Services (AWS), Google Compute Engine, Mi- Systems]: Organization and design crosoft Windows Azure, and HP Cloud offer commercial cloud services. OpenStack, Eucalyptus, SaltStack, Nimbus, General Terms and many others provide private open source cloud plat- Performance, Design forms with community support in development.
    [Show full text]