Hypervisor

In computing, a hypervisor, also called "virtual machine monitor", is a virtualization platform that allows multiple operating systems to run on a host computer at the same time.

Classifications

Hypervisors are currently classified in two types: ["IBM Systems Virtualization", IBM Corporation, Version 2 Release 1 (2005), available on-line at [http://publib.boulder.ibm.com/infocenter/eserver/v1r2/topic/eicay/eicay.pdf publib.boulder.ibm.com] – description of basic concepts]

* A "Type 1" (or "native", "bare-metal") hypervisor is software that runs directly on a given hardware platform (as an operating system control program). A guest operating system thus runs at the second level above the hardware.:The classic type 1 hypervisor was CP/CMS, developed at IBM in the 1960s, ancestor of IBM's current z/VM.:More recent examples are Oracle VM, VMware's ESX Server, LynxSecure from LynuxWorks, L4 microkernels, Green Hills Software's INTEGRITY Padded Cell, VirtualLogix's VLX, TRANGO, IBM's POWER Hypervisor (PR/SM), Microsoft's Hyper-V (released in June 2008), Xen, Citrix XenServer, Parallels Server (released in 2008), ScaleMP's vSMP Foundation (released in 2005) and Sun's Logical Domains Hypervisor (released in 2005).:A variation of this is embedding the hypervisor in the firmware of the platform, as is done in the case of Hitachi's Virtage hypervisor. KVM, which turns a complete Linux kernel into a hypervisor, is also Type 1.

* A "Type 2" (or "hosted") hypervisor is software that runs within an operating system environment. A "guest" operating system thus runs at the third level above the hardware.:Examples include VMware Server (formerly known as GSX), VMware Workstation, VMware Fusion, the open source QEMU, Microsoft's Virtual PC and Microsoft Virtual Server products, Sun's (formerly InnoTek) VirtualBox, as well as Parallels Workstation and Parallels Desktop.

The term "hypervisor" apparently originated in IBM's CP-370 reimplementation of CP-67 for the System/370, released in 1972 as VM/370. The term "hypervisor call", or "hypercall", referred to the paravirtualization interface, by which a "guest" operating system could access services directly from the (higher-level) control program – analogous to making a "supervisor call" to the (same level) operating system. The term "supervisor" refers to the operating system kernel, which on IBM mainframes runs in "supervisor state".

Mainframe origins

The first hypervisor providing full virtualization was IBM's CP-40, a one-off research system that began production use in January 1967, and which became the first version of IBM's CP/CMS operating system. CP-40 ran on a one-off S/360-40 that was customized to support virtualization. Prior to this time, computer hardware had only been virtualized enough to allow multiple user applications to be run (see CTSS and IBM M44/44X). With CP-40, the hardware's "supervisor state" was virtualized as well, allowing multiple operating systems to run simultaneously. CP-40 was soon re-implemented (as CP-67) for the IBM System/360-67, the first production computer system capable of full virtualization. This machine was first shipped in 1966, and included page translation table hardware for virtual memory, and other techniques that allowed a full virtualization of all kernel tasks, including I/O and interrupt handling. (Note that its "official" operating system, the ill-fated TSS/360, did not employ full virtualization.) Both CP-40 and CP-67 began production use in 1967. CP/CMS was available to IBM customers from 1968 to 1972, in source code form without support.

CP/CMS was part of IBM's attempt to build robust time-sharing systems for its mainframe computers. By running multiple operating systems simultaneously, the hypervisor increased system robustness and stability: Even if one operating system crashed, the others would continue working without interruption. Indeed, this even allowed beta or experimental versions of operating systems – or even of new hardware [See History of CP/CMS for virtual hardware simulation in the development of the System/370] – to be deployed and debugged, without jeopardizing the stable main production system, and without requiring costly additional development systems.

IBM's System/370 series was announced in 1970 without any virtualization features, but these were added to the series in 1972, and have appeared in all successor systems. (All modern-day IBM mainframes, such as the zSeries line, continue to be backwards-compatible with the 1960s-era IBM S/360 line.) The 1972 announcement also included VM/370, a reimplementation of CP/CMS for the S/370. Unlike CP/CMS, IBM provided support for this version (though it was still distributed in source code form for several releases). VM stands for "Virtual Machine", emphasizing that all, and not just some, of the hardware interfaces are virtualized. Both VM and CP/CMS enjoyed early acceptance and rapid development by universities, corporate users, and time-sharing vendors, as well as within IBM. Users played an active role in ongoing development, anticipating trends seen in modern open source projects. However, in a series of disputed and bitter battles, time-sharing lost out to batch processing through IBM political infighting, and VM remained IBM's "other" mainframe operating system for decades, losing over MVS. It has enjoyed a resurgence of popularity and support in recent years as the current z/VM product, e.g. as the platform for Linux for zSeries.

As mentioned above, the VM control program includes a "hypervisor call" handler which intercepts DIAG ("Diagnose") instructions used within a virtual machine. This provides fast-path non-virtualized execution of file system access and other operations. (DIAG is a model-dependent privileged instruction, not used in normal programming, and thus is not virtualized. It is therefore available for use as a signal to the "host" operating system.) When first implemented in CP/CMS release 3.1, this use of DIAG provided an operating system interface that was analogous to the System/360 SVC ("supervisor call") instruction, but that did not require altering or extending the system's virtualization of SVC.

UNIX and Linux servers

Several factors led to a resurgence in the use of virtualization technology among UNIX and Linux server vendors:

* Expanding hardware capabilities, allowing more simultaneous work to be done per machine
* Efforts to control costs and simplify management through consolidation of servers
* The need to control large multiprocessor and cluster installations, e.g. in server farms and render farms
* The improved security, reliability, and device independence possible from hypervisor architectures
* The desire to run complex, OS-dependent applications in different hardware or OS environments

The major UNIX vendors, including Sun Microsystems, HP, IBM, and SGI, have been selling virtualized hardware since before 2000. These have generally been large systems with hefty, server-class price tags (in the multi-million dollar range at the high end), although virtualization is also available on some mid-range systems, such as IBM's System-P servers, Sun's CoolThreads T1000, T2000 and T5x00 servers and HP 9000 Superdome series.

Multiple host operating systems have been modified to run as guest OSes on Sun's Logical Domains Hypervisor. As of late 2006, Solaris, Linux (Ubuntu and Gentoo), and FreeBSD have been ported to run on top of Hypervisor (and can all run simultaneously on the same processor, as fully-virtualized independent guest OSes). Wind River "Carrier Grade Linux" also plans to run on Sun's Hypervisor. Full virtualization on SPARC processors was not difficult because the SPARC architecture, since its inception in the mid-1980s, was deliberately kept clean of artifacts that would have impeded virtualization. (Compare with virtualization on x86 processors below)

HP's technology to host multiple OS technology on its Itanium powered systems (Integrity) is called Integrity Virtual Machines (Integrity VM). Since Itanium is capable of running HP-UX, Linux, and Windows - these environments are also supported as virtual servers on HP's Integrity VM platform. The HP-UX operating system hosts the Integrity VM hypervisor layer which allows for many important features of HP-UX to be taken advantage of and provides major differentiation between this platform and other commodity platforms - such as processor hotswap, memory hotswap, and dyanmic kernel updates without system reboot. HP also provides more rigid partitioning of their Integrity and HP9000 systems by way of VPAR and NPAR technology, the former offering shared resource partitioning and the later offering complete I/O and processing isolation. The flexibility of VSE has given way to its use more frequently in newer deployments.

IBM provides non virtualization partition technology known as logical partitioning (LPAR) and applies to System/390, zSeries, pSeries and iSeries systems.

Similar trends have been seen with x86/x64 server platforms, where virtualization efforts have been led by open source projects such as Xen. These include hypervisors built on Linux and Solaris kernels as well as custom kernels. Since these technologies span from large systems down to desktops, they are described in the next section.

PCs and desktop systems

Interest in the high-profit server hardware market sector has led to the development of hypervisors for the Intel x86 instruction-set machines, including traditional desktop PCs. One of the early PC hypervisors was the commercial VMware, introduced in 1998. Parallels, Inc. introduced Parallels Workstation, which is primarily used on PCs, in 2005 and Parallels Desktop for Mac, which runs on Mac OS X, in 2006.

The x86 architecture used in most PC systems is particularly difficult to virtualize. Full virtualization (presenting the illusion of a complete set of standard hardware) on x86 has significant costs in hypervisor complexity and runtime performance.

An alternative approach requires that the guest operating system be modified to make system calls to the hypervisor, rather than executing machine I/O instructions which are then simulated by the hypervisor. This is called paravirtualization in Xen, a "hypercall" in Parallels Workstation, and a "DIAGNOSE code" in IBM's VM. VMware supplements the slowest rough corners of virtualization with device drivers for the guest. All are really the same thing, a system call to the hypervisor below. Some microkernels such as Mach and L4 are flexible enough such that "paravirtualization" of guest operating systems is possible.

CPU vendors have added hardware virtualization assistance to their products. Intel's is called VT (codenamed Vanderpool), AMD's is referred to as AMD Virtualization or AMD-V (codename: Pacifica). These extensions address the parts of x86 that are difficult or inefficient to virtualize, providing additional support to the hypervisor. This enables simpler virtualization code and a higher performance for full virtualization.

Others, like Xen, are implemented as software-only virtual machines. Xen runs on a normal host operating system such as Linux, and is able to run both paravirtualized and fully virtualized (i.e. unmodified) operating systems with the help of the hardware virtualization extensions Intel VTx. In fact, Xen has successfully demonstrated Windows XP running unmodified. The Xen distribution already contains versions of FreeBSD, Linux, NetBSD, and Plan 9 from Bell Labs that have been so modified. User programs will continue to work on Xen without change. Also, Xen has been re-implemented on the OpenSolaris operating system as of build 75 — the result is called Sun xVM Server.

In June 2008, Microsoft delivered a new Type 1 hypervisor called Hyper-V (codenamed "Viridian" and previously referred to as Windows Server virtualization); the design features OS integration at the lowest level. [Peter Galli. [http://www.eweek.com/article2/0,1895,1946420,00.asp "Microsoft Sheds More Light on Windows Hypervisor Technology."] April 5, 2006.] New versions of the Windows operating system beginning with Windows Vista include extensions to boost performance when running on top of the Viridian hypervisor.

Embedded systems

Virtual machines have recently appeared in embedded systems, such as mobile phones. This is driven by the desire to provide a high-level operating-system interface for application programming, such as Linux or Microsoft Windows, while at the same time maintaining traditional real-time operating system (RTOS) APIs. The low-level RTOS environments need to be retained for legacy support, and because the real-time capabilities of high-level OSes are insufficient for many embedded applications.

Hypervisors for embedded use must therefore be real-time capable, a design criterion not present for hypervisors used in other domains. The resource-constrained nature of many embedded systems, especially battery-powered mobile systems, imposes a further requirement for small memory size and low overhead. Finally, in contrast to the ubiquity of the x86 architecture in the PC world, the embedded world uses a wider variety of architectures. Support for virtualization requires memory protection (in the form of a memory management unit or at least a memory protection unit) and a distinction between user mode and privileged mode, which rules out most microcontrollers. This still leaves x86, MIPS, ARM and PowerPC as widely-deployed architectures on medium- to high-end embedded systems.

As embedded-system manufacturers usually have source code to their operating systems, there is less need for full virtualization in this space. Instead, the performance advantages of paravirtualization make this usually the virtualization technology of choice. Nevertheless, ARM has recently added a limited form of support for full virtualization (single guest only) with their TrustZone technology.

Other differences between virtualization in server/desktop and embedded environments are requirements for efficient sharing of resources across virtual machines, high-bandwidth, low-latency inter-VM communication, a global view of scheduling and power management, and fine-grained information-flow control.cite converence | author=Gernot Heiser | title=The role of virtualization in embedded systems | booktitle = Proc. 1st Workshop on Isolation and Integration in Embedded Systems (IIES'08) | pages=11–16 | year=2008 | month=April | url=http://ertos.nicta.com.au/publications/papers/Heiser_08.abstract ]

The first (and so far only) hypervisor deployed in a commercially-sold mobile embedded system (a Toshiba mobile phone) is [http://okl4.org OKL4] , a commercial member of the L4 microkernel family. It supports x86, ARM and MIPS processors.

Other hypervisors for embedded use include TRANGO, which supports ARM, MIPS and PowerPC. [ [http://www.trango-vp.com/download/TGO-TEC-0340-TRANGO_GPL.pdf Reconcile GPL Software and Proprietary Code on Embedded Systems with a Secure Hypervisor] , TRANGO Virtual Processors, August 2007] and x86-based LynxSecure from LynuxWorks.

Rootkits

A rootkit can in theory install itself as a hypervisor, and thereby intercept any operations of the original operating system, which unknowingly becomes a virtual machine. The concept has been demonstrated via the "SubVirt" laboratory rootkit, developed jointly by Microsoft and University of Michigan researchers [cite web|url=http://www.eecs.umich.edu/virtual/papers/king06.pdf|accessdate=2008-09-15|title=SubVirt: Implementing malware with virtual machines|date=2006-04-03|publisher=University of Michigan, Microsoft] , as well as Blue Pill. Security best practice therefore is to disable hardware virtualization features at BIOS level on machines that will not be using this technology.

References

ee also

* Comparison of virtual machines
* Virtualization
* Nanokernel

External links

* [http://www.microsoft.com/windowsserversystem/virtualserver/default.mspx Microsoft Virtual Server 2005 R2 SP1] from Microsoft
* [http://h71028.www7.hp.com/enterprise/cache/258348-0-0-0-121.html HP Virtual Server Environment] from Hewlett Packard Company
* [http://www.oracle.com/technology/tech/virtualization/index.html OracleVM] from Oracle
* [http://www.research.ibm.com/secure_systems_department/projects/hypervisor/ sHype] from IBM Research
* [http://www.xen.org Xen] from the open source Xen.org community
* [http://portal.ok-labs.com OKL4] open-source hypervisor based on L4 microkernel technology from [http://ok-labs.com Open Kernel Labs]
* [http://www.ghs.com/products/rtos/integrity_pc.html INTEGRITY Padded Cell] secure, real-time hypervisor from Green Hills Software
* [http://www.virtuallogix.com/ VirtualLogix] Trusted Real-Time Virtualization^TM for Connected Devices from VirtualLogix
* [http://www.trango-vp.com/ TRANGO] real-time and secure hypervisor for embedded CPUs, from TRANGO Virtual Processors
* [http://www.real-time-systems.com/real-time_hypervisor/index.php RTS Hypervisor] real-time hypervisor for x86 CPUs, from Real-Time Systems
* [http://www.lynuxworks.com/rtos/secure-rtos-kernel.php LynxSecure] real-time separation kernel and hypervisor from LynuxWorks
* [http://openxvm.org/ OpenxVM Core Projects] xVM, from SUN, is the intersection of virtualization and management
* [http://www.virtualizacion.com Virtualization,ParaVirtualization,FullVirtualization ]
* [http://www.virtualbox.org/ Virtual Box] Full virtualizer for x86 hardware