Virtualization Layer allows multiple operating system instances to run concurrently within Virtual Machines on a single computer, dynamically partitioning and sharing the available physical resources such as CPU, Storage, Memory and IO Devices.
To understand the utility of this layer, one firstly has to consider the architecture of a normal x-86 computer. Normally a computer exists of a set of hardware devices (like the CPU, PCI-Devices) and an OS like Windows or Linux which is installed on top of the existing hardware. Without the usage of a virtualization layer it is only possible to run one OS at a time. This OS has the whole control of the underlying hardware. This is mainly reducible to the x86- CPU architecture which is designed in a way that only one OS has the control over the CPU.
The virtualization layer, also called hypervisor or virtual machine monitor (VMM), solves this problem by partitioning the hardware into virtual environments, also called virtual machines (VM´s). The virtualization layer is the software responsible for hosting and managing all virtual machines on virtual machine monitors (VMMs).
As depicted in Figure above, the virtualization layer is a hypervisor running directly on the hardware. Each VMM running on the hypervisor implements the virtual machine hardware abstraction and is responsible for running a guest OS.
CPU VIRTUALIZATION CHALLENGES OF TRADITIONAL x86 Architecture
As shown in above Figure, the x86 architecture offers four levels of privilege known as Ring 0, 1, 2 and 3 to operating systems and applications to manage access to the computer hardware. While user level applications typically run in Ring 3, the operating system needs to have direct access to the memory and hardware and must execute its privileged instructions in Ring 0.
Virtualizing the x86 architecture requires placing a virtualization layer under the operating system (which expects to be in the most privileged Ring 0) to create and manage the virtual machines that deliver shared resources. Further complicating the situation, some sensitive instructions can’t effectively be virtualized as they have different semantics when they are not executed in Ring 0. The difficulty in trapping and translating these sensitive and privileged instruction requests at runtime was the challenge that originally made x86 architecture virtualization look impossible.
VMware resolved the challenge in 1998, developing binary translation techniques that allow the VMM to run in Ring 0 for isolation and performance, while moving the operating system to a user level ring with greater privilege than applications in Ring 3 but less privilege than the virtual machine monitor in Ring 0.
As clarified below, three alternative techniques now exist for handling sensitive and privileged instructions to virtualize the CPU on the x86 architecture:
• Full virtualization using binary translation
• OS assisted virtualization or paravirtualization
• Hardware assisted virtualization