Full virtualization using binary translation
Full Virtualization is a technique that provides entire simulation of the underlying hardware. Certain protected instructions must be trapped and handled by the VMM (Virtual Machine Monitor) because the guest OS believes that it owns the hardware but in fact the hardware is shared through the VMM. To overcome this, binary translation is employed which translates the kernel code so that instructions that cannot be virtualized are replaced with new instructions that will have the same effect on the virtual hardware. Another technique used in Full Virtualization is direct execution, in which the user level code is executed directly on the processor so that higher performance can be achieved.
A result of this approach is the Guest OS is fully abstracted from the underlying hardware by the virtualization layer, therefore the Guest OS does not know that it is being virtualized and thus, it does not need any modifications (Figure 1). Full virtualization is the only out of the server virtualization techniques that does not require hardware or operating system assistance because the VMM translates all the instructions and it allows the user level applications to run unmodified at native speed.
- Full virtualization provides complete isolation of the virtual machines
- Operating systems can be installed without any modification
- Provides near-native CPU and memory performance
- It offers flexibility because many different operating systems and versions from different vendors can be installed and run.
- Because the guest OS remains unmodified, migration and portability is very easy.
- Requires the correct combination of hardware and software elements
- Performance can be affected because of the trap-and-emulate techniques of x86 protected instructions.
OS assisted virtualization or paravirtualization
Paravirtualization is the virtualization technique in which the guest OS is modified so that it can communicate with the hypervisor (VMM). In paravirtualization the kernel of the OS is modified to replace instructions that cannot be virtualised with hypercalls that can communicate directly with the virtualization layer hypervisor (VMware, 2007b). The hypervisor also provides hypercall interfaces for other critical kernel operations such as memory management and interrupt handling. In this technique some but not all of the underlying hardware are simulated.
The guest OS in paravirtualization knows that it is being virtualised in contrast to full virtualization and therefore it achieves greater performance than full virtualization because the guest OS communicates directly with the hypervisor so overheads needed for emulation are reduced.
- Easier to implement than full virtualization where no hardware assistance is available.
- Greater performance because overheads from emulation are reduced.
- Modification required for the guest OS
- The modification of the guest OS results in poor portability and compatibility.
- Citrix-XEN Server
Hardware Assisted Virtualization
First generation enhancements include Intel Virtualization Technology (VT-x) and AMD’s AMD-V which both target privileged instructions with a new CPU execution mode feature that allows the VMM to run in a new root mode below ring 0. As depicted in Figure 7, privileged and sensitive calls are set to automatically trap to the hypervisor, removing the need for either binary translation or paravirtualization. The guest state is stored in Virtual Machine Control Structures (VT-x) or Virtual Machine Control Blocks (AMD-V).