Hardware-assisted virtualization was first introduced on the IBM System/370 in 1972, for use with VM/370, the first virtual machine operating system. Virtualization was forgotten in the late 1970s but the proliferation of x86 servers rekindled interest in virtualization driven for the need for server consolidation; virtualization allowed a single server to replace multiple underutilized dedicated servers.
However, the x86 architecture did not meet the Popek and Goldberg Criteria to achieve the so called “classical virtualization″. To compensate for these limitations, virtualization of the x86 architecture has been accomplished through two methods: full virtualization or paravirtualization. Both create the illusion of physical hardware to achieve the goal of operating system independence from the hardware but present some trade-offs in performance and complexity.
Thus, Intel and AMD have introduced their new virtualization technologies, a handful of new instructions and — crucially — a new privilege level. The hypervisor can now run at "Ring -1"; so the guest operating systems can run in Ring 0.
Hardware virtualization leverages virtualization features built into the latest generations of CPUs from both Intel and AMD. These technologies, known as Intel VT and AMD-V respectively, provide extensions necessary to run unmodified virtual machines without the overheads inherent in full virtualization CPU emulation. In very simplistic terms these new processors provide an additional privilege mode below ring 0 in which the hypervisor can operate essentially leaving ring 0 available for unmodified guest operating systems.
With hardware-assisted virtualization, the VMM can efficiently virtualize the entire x86 instruction set by handling these sensitive instructions using a classic trap-and-emulate model in hardware, as opposed to software. The hypervisors that support this technology can load at Ring -1 and guest OSes can access the CPU at Ring 0, just as they normally would when running on a physical host. This allows for guest OSes to be virtualized without any modifications.
As depicted in the figure, privileged and sensitive calls are set to automatically trap to the hypervisor, removing the need for either binary translation or paravirtualization.
Advantages of Hardware-Assisted Virtualization
Hardware-assisted virtualization changes the access to the operating system itself. x86 operating systems are designed to have direct access to system resources to run. With software virtualization the VMM emulates the required hardware to the operating system. With hardware-assisted virtualization the operating system has direct access to resources without any emulation or modification and this improves overall performance.
This means OS kernels no longer need to be tweaked (as in paravirtualization) and can run as-is. At the same time, the hypervisor also does not need to be involved in the inefficient Binary Translation of the sensitive instructions. Thus not only does hardware-assisted virtualization satisfy the Popek and Goldberg criteria (of full virtualization) it also provides improved performance because the privileged instructions are now trapped and emulated in the hardware directly.
Limitations of Hardware-Assisted Virtualization
Hardware-assisted virtualization requires explicit support in the host CPU, which is not available on all processors. A “pure” hardware-assisted virtualization approach, using entirely unmodified guest operating systems, involves many VM traps, and thus high CPU overheads, limiting scalability and the efficiency of server consolidation. This performance hit can be mitigated by the use of paravirtualized drivers; the combination has been called “hybrid virtualization”.
This concludes, for now, the theoretical series on virtualization and high availability. Next I will produce a series of articles explaining how you can put it all together, at home, creating your own lab to test the power of these emerging technologies. Keep reading…