CPU Virtualization Challenges of Traditional x86 Architecture

 

Virtualization Layer allows multiple operating system instances to run concurrently within Virtual Machines on a single computer, dynamically partitioning and sharing the available physical resources such as CPU, Storage, Memory and IO Devices.

To understand the utility of this layer, one firstly has to consider the architecture of a normal x-86 computer. Normally a computer exists of a set of hardware devices (like the CPU, PCI-Devices) and an OS like Windows or Linux which is installed on top of the existing hardware. Without the usage of a virtualization layer it is only possible to run one OS at a time. This OS has the whole control of the underlying hardware. This is mainly reducible to the x86- CPU architecture which is designed in a way that only one OS has the control over the CPU.

The virtualization layer, also called hypervisor or virtual machine monitor (VMM), solves this problem by partitioning the hardware into virtual environments, also called virtual machines (VM´s). The virtualization layer is the software responsible for hosting and managing all virtual machines on virtual machine monitors (VMMs).

Hypervisor&VMM

 

As depicted in Figure above, the virtualization layer is a hypervisor running directly on the hardware. Each VMM running on the hypervisor implements the virtual machine hardware abstraction and is responsible for running a guest OS.

 

CPU VIRTUALIZATION CHALLENGES OF TRADITIONAL x86 Architecture

x86 Privilege Level Architecture without Virtualization

x86 Privilege Level Architecture without Virtualization

 

As shown in above Figure, the x86 architecture offers four levels of privilege known as Ring 0, 1, 2 and 3 to operating systems and applications to manage access to the computer hardware. While user level applications typically run in Ring 3, the operating system needs to have direct access to the memory and hardware and must execute its privileged instructions in Ring 0.

Virtualizing the x86 architecture requires placing a virtualization layer under the operating system (which expects to be in the most privileged Ring 0) to create and manage the virtual machines that deliver shared resources. Further complicating the situation, some sensitive instructions can’t effectively be virtualized as they have different semantics when they are not executed in Ring 0. The difficulty in trapping and translating these sensitive and privileged instruction requests at runtime was the challenge that originally made x86 architecture virtualization look impossible.

VMware resolved the challenge in 1998, developing binary translation techniques that allow the VMM to run in Ring 0 for isolation and performance, while moving the operating system to a user level ring with greater privilege than applications in Ring 3 but less privilege than the virtual machine monitor in Ring 0.

 

As clarified below, three alternative techniques now exist for handling sensitive and privileged instructions to virtualize the CPU on the x86 architecture:

Full virtualization using binary translation

• OS assisted virtualization or paravirtualization

• Hardware assisted virtualization

govmlab on sabtwittergovmlab on sablinkedingovmlab on sabgooglegovmlab on sabfacebookgovmlab on sabemail
I am VMware Solution Architect with 10+ Years of enriching experience in Datacenter Virtualization Technologies, Storage Area Networks and Software Defined Datacenter, Networking and Storage.
I hold Numerous certification including RHCE, CCNA, VCP4.0, VCP5.1, VCP5.5, vCloud and EMC certification.
While spending countless hours exploring the product inside and out and learning everything about it, Eventually I discovered my passion for teaching and helping others learn from my knowledge and experience so turned to Trainer cum Blogger to educate every single person keen to learn Virtualization.

Leave a Reply