Techniques of Virtualization

The focus on virtualization is to escalate the utilization of underlined hardware resource to its maximum capacity. This results in decreased hardware costs by running multiple virtualized instances in one physical machine and minimizing power consumption.

However, a running application demands exclusive access to the processor and this is the task of the operating system to implement abstraction and make sure that there is no interference between the applications.

This protection is usually implemented as a set of concentric rings as shown in the figure below.

Privilege levels of an operation system

Privilege levels of an operation system

Also known as privilege level or protecting ring, they provide security and fault tolerance by restricting usage of resources to specific privilege levels:

Level 0 runs the OS kernel and therefore is the most privileged one whereas in Level 3, user programs run and thus it is the least privileged level.

Device drivers and other operating system services execute in Level 1 and Level 2. The operating system switches between these level as per the requirement and the type of the program in execution; for example, when the OS is booted, the CPU usually is in Level 0.

Techniques of virtualization can be categorized into the following three categories:

  • Full Virtualization
  • Para Virtualization
  • Hardware Assisted Virtualization

Full Virtualization

In full virtualization, primary hardware is replicated and made available to the guest operating system. The guest OS is not aware that it is being virtualized and requires no further modification but the user level code (executing in Ring 3) is directly executed on the processor for high performance virtualization.

Since, this technique translates kernel code to replace non-virtualization instructions with new sequences of instructions that have the intended effect on the virtual hardware, VMM must be executed in Ring 0.

Full virtualization

Full virtualization

Full Virtualized architecture provides virtualized memory, virtual devices and also virtual BIOS. To run the guest operating system without any modification, a particular technique is used which is known as Binary Translation.

VMWare ESXi and Microsoft Virtual Server are examples of full virtualization.

Para Virtualization

Para Virtualization is an extension of virtualization which recompiles the guest operating system (Guest OS) before installing it inside a virtual machine.

It is sometimes also known as OS assisted Virtualization. Para virtualization improves the communication between the guest operating system and the hypervisor by replacing the non-virtualized instructions with hypercalls that communicated directly with the virtualization layer hypervisor. Due to this reason, the OS must run its privileged instructions in Ring 0. Ring 3 is for less privileged user applications.

Para Virtualization

Para Virtualization

As para virtualization modifies operating systems before executing, its compatibility and portability is poor. The open source Xen project is an example of paravirtualization that virtualizes the processor and memory using a modified Linux kernel and virtualizes the I/O using custom guest OS devices drivers.

Hardware Assisted Virtualization

As the name suggests, it is a virtualization approach that provides full virtualization using hardware capabilities.

The technology is invented by Intel and AMD to improve the performance of processor utilization and to overcome other challenges like memory and address resolution and instruction translation.

Hard virtualization is actually embedding of VM into the hardware component of a server. The idea is to aggregate small physical servers into one large physical server and use the processor effectively.

Hardware Virtualization

Hardware Virtualization

Since, the OS needs direct access to hardware and memory modules in this approach, it must execute its privileged instructions in Ring 0. While user level applications typically run in Ring 3. Privileged instructions are executed into a CPU execution mode that allows the VMM to run in a new root mode below Ring 0.