Using Virtualization

By Zvi Grauer, PEER 1 Contributor

Virtualization of servers has been getting a lot of buzz lately. Let's see what virtualization is, why it is important and how we can use it to our benefit.


What is Virtualization

Something is said to be virtual when it is visible and perceivable, but does not actually exist physically in its perceived form. From a computing perspective, virtualization is the representation (to the user) of a hardware resource (storage, memory, network) in a different form than it actually is. For example, virtualization can make a computer appear to be a different computer than it actually is. Windows 2000 can run on a Linux computer and vice versa, network attached storage can appear as local storage, and an Intel CPU computer may appear as a device with an ARM processor.

Another manifestation of virtualization is when a single computer runs multiple virtual machines (VMs), each appearing to its user(s) as an independent computer. In this respect, server virtualization means hosting multiple (guest) operating systems (OSs) on a single (host) computer. These instances can be the same OS as the host, or different OSs, depending on the technology used (see below).

Virtualization can also mean multiple computers acting as or appearing to be a single entity. This is commonly known as clustering, server aggregation, grid computing or cloud computing (depending on the implementation), and will be discussed elsewhere.

Virtualization has been around since the sixties, and is an integral part of the IBM mainframes, beginning with System/360 and continuing today in the 9th generation mainframe, the System z9™. It provides backward compatibility with older generations of mainframe software, and can also run special versions of the Linux OS. Virtualization of PC computers has only emerged in the last decade, with the advent of advanced hardware systems and the increasing use of PC hardware in ever growing data centers. Increases in PC  CPU speed and memory have made virtualization more commonplace, and advances in hardware design promise to make it ubiquitous in the coming years.


Virtualization Types and Technologies

The original x86 architecture has a protection scheme which allows the OS (kernel space, privileged mode) more access than is available to applications (user space, unprivileged mode). Since (guest) virtual machines are applications that run in user space, or unprivileged mode, they can not access hardware and memory directly like the OS, and hence are unable to run properly. As such, original X86 PCs are not directly virtualizable. Newer motherboards with Intel VT and AMD-V capable CPUs can run all instructions in an unprivileged virtual machine, and software can take advantage of these features to provide hardware assisted full virtualization. However, the great majority of hardware in operation today does not have these CPUs.

There are several approaches to platform virtualization: Hardware Emulation/Simulation, Native/Full Virtulization, Paravirtualization, and Operating System (OS) Level Virtualization (container/jail system). Each one has its unique benefits and shortcomings.

Emulation/Simulation
In this method, a VM is created on a host system to emulate the hardware of interest. The guest OS interacts with the VM, which in turn interacts with the hardware. The VM scans the instructions the guest is about to run, and replaces instructions with alternatives as necessary.

Needless to say, emulation has a substantial computational overhead, and can be excruciatingly slow. Because every instruction must be simulated on the underlying hardware, a 100 times slowdown is not uncommon. Emulation's main advantage is the ability to simulate hardware, even hardware that is not yet in existence. Using hardware emulation, one can run an unmodified operating system intended for a PowerPC® on an ARM processor host, or even run multiple virtual machines, each simulating a different processor. For example, testing software for the XO computer (the One Laptop Per Child $100 green laptop) was done on PCs with Qemu VMs running the XO operating system. Emulation also made it possible to run  software designed for the Intel PC on PowerPC (Mac) hardware. Examples of emulators are Qemu, BOCHS, and Softmac.

Full/Native Virtulization
Full, or native, virtualization uses a higher privilege virtual machine that mediates between the guest operating systems and the native hardware. Since (guest) VMs run in unprivileged mode, instructions that require a privileged mode do not work properly. To resolve this problem, a hypervisor, or virtual machine manager, traps protected instructions, replace them and rewrites them to the bare hardware. Full virtualization is faster than hardware emulation, but less than bare hardware because of the hypervisor mediation. The biggest advantage of full virtualization is that a guest operating system can run unmodified. The only requirement is that the guest operating system support the underlying hardware. Examples include Parallels for Mac, Virtual Iron, VMware Workstation, VMware Server (formerly GSX Server), and z/VM for the mainframe.

Paravirtualization
'Convincing' the guest VM not to use un-virtualizable instructions can eliminate the overhead associated with trapping and rewriting messages. Paravirtualization accomplishes that by giving the guests a virtual device, or hypervisor, for shared access to the underlying hardware. The guest operating system's kernel is replaced with one that integrates virtualization-aware code into the operating system itself. The guest OSs cooperate in the virtualization process, obviating the need for any instructions trapping or recompilation. Paravirtualization offers performance near that of an unvirtualized system, and, like full virtualization, can support multiple different OSs concurrently.

Unlike full virtualization, which uses an unmodified OS, paravirtualization requires the guest OSs to be modified for the hypervisor. The main operational difference between full virtualization and paravirtualizarion is that in the former, the hypervisor mediates between the guests and the hardware, while in the latter the guest OS is modified to cooperate with the hypervisor and the access is shared. VMware ESX Server, Win4Lin 9x, Xen, and User Mode Linux (UML) provide paravirtualization on x86.

OS Level Virtualization (Containers)
Operating system-level virtualization places virtual servers on top of the operating system itself. This method supports a single operating system and simply isolates the independent servers from one another. Applications running in a given guest environment view it as a stand-alone system. The guests share the same OS as the host system – the OS kernel is used to implement both host and guests environments.

Container systems do not allow to run multiple different kernels, but different Linux distributions in the different containers are possible. Operating system-level virtualization requires changes to the operating system kernel, but the advantage is performance that is near native.  Examples are Linux-VServer, Virtuozzo (for Windows or Linux), OpenVZ, Solaris Containers.


Comparison of Technologies

Each virtualization technology has its own strengths and weaknesses, and is best suited for particular uses. Here is a brief summary.

Simulation is ideal for representing different hardware for testing, development, or running code written for a different architecture. There is a price to pay for this flexibility, namely, a significant reduction in performance, compared to the host system. The hit in performance makes emulation a method of last resort, because the overhead limits the VM density and the slowness can frustrate users.

Full virtualization has the advantages of good isolation between virtual machines, and the ability to run unmodified guest OS systems. In other words, as long as the guest OS supports the hardware that is used for virtualization, it can be run inside the virtual machine. That is essential for running proprietary operating systems, which can not be modified, such as different versions of Windows, or commercial Unix systems. The disadvantage is that the mediation by the hypervisor slows performance, and limits the guest density on the host, though not as badly as emulation. It is most useful for testing and distributing software, and for trying out software without affecting the host computer.

Paravirtualization also provides good isolation between guests and higher performance than either full virtualization and simulation. If having to use a modified guest operating system is not an issue, it offers the best of both worlds, and could be used to simulate computer networks, deploy client server software, and replace computers with virtual machines.

Container systems have low overhead and can provide high guest density, but the lower isolation between the different containers is potentially problematic. While they have limited utility for software testing or development, containers can simplify production usage since the shared kernel reduces the amount of software and security maintenance. They are a good fit for hosting multiple, quasi-independent, similar environments on a single computer system.


Choosing the Right Technology

Individual users can be satisfied with emulation or full virtualization products, since their use of the virtual machine would be limited in time and scope. Probably the most popular are the free players (VMware Player, VMWare Server for Linux and Windows, Virtual PC and Virtual Server for Windows), commercial products from VMware, and for those with a masochistic bent, free products for Linux, such as Qemu, BOCHS or XEN (XEN requires modifying the kernel). For deployment of software written for hardware other than X86 computers, emulation is a must.

Software developers are not all that different in their needs from individual users. Their best choice will depend on their platform (VMware is available for Mac, Linux, Unix and Windows, while Virtual Server/PC from Microsoft runs only on windows). VMware has been in business the longest and has a wide range of multi-platform products, such as VMware Workstation, which can create virtual machines to be used with VMware Player or VMware Server. Microsoft line is limited in scope, but is very closely integrated with Windows.

Data centers can deploy either full virtualization or paravirtualization, depending on their performance and isolation needs and whether their hosts use Linux or Windows. For some uses, such as employee's personal web pages or blogs, where isolation is less crucial, container systems might best meet the requirements.

For web hosting (either individuals or ISP server farms), container systems provide the best efficiency, if not the best server isolation.


Virtualization Uses and Benefits

Users have a variety of virtualization products to choose from. VMware offers free players (VM player and VM server) for Linux and Windows and a host of commercial products for individuals, corporations and data centers. VMware software is available for Mac OSX, Windows and Linux. For Mac users, Parallels offers virtualization. For Windows users, Microsoft offers Virtual PC and Virtual Server, and Softmac can run programs written for the Amiga and Mac (PowerPC) computers. Linux users are served by multiple product offerings, including Xen, User Mode Linux, Qemu, BOCHS, Linux Vserver and others.

Let's review the possible applications of virtualization, broken down by different constituencies.

Individual Users:
Possible uses at home include: Running a favorite OS inside whatever is available on the desktop - Windows 95 on an XP machine, Linux on Windows or vice versa, and so on; Trying out new software or operating systems before replacing or upgrading the current ones; Improving security by using vulnerable applications in a virtual machine or by using a virtual appliance to evade vulnerabilities in the host (a virtual browser appliance of Firefox on Linux instead of Internet Explorer on Windows); Improve privacy by browsing and chatting on a VM, which can easily be deleted.

Software Developers:
Several uses exist for developers, depending on the stage of the software life cycle:

Development: Virtualization is useful for development on different platforms without having to purchase (and manage) new computers. Using emulation, it is possible to develop for architectures that are expensive, hard to find, or not yet commercially available.

Testing: Using virtualization, a single computer can be used to test applications in multiple configurations and on different OS's. Often, development is done on one platform (say Windows XP), but has to be verified in other environments (Windows NT, Windows 2000, Windows Vista operating systems, with Firefox, Opera and Netscape browsers). Using virtualization, it is possible to quickly create all combinations, and assign them to testers. Another benefit is testing multiple platforms concurrently, instead of consecutively, a more efficient process, since a bug or a crash in one VM would not stop testing in others.

Collaboration: VMs enable support, development, and QA to share customer scenarios in virtual machines.

Software Provisioning: Providing applications in virtual machines is an ideal way to let users evaluate beta software or try evaluation copies immediately, without the hassles of setup. VMs make it possible to package complex, sophisticated applications, with full control on the working environment. With the proper player (Qemu, VMware player, Xen) installed, the software can be used by anyone without any setup or any permanent changes to the host machines.

Corporate Data Centers:
Data centers have several possible uses for virtualization:

Server consolidation: For a business, virtualization is key to server consolidation - combining multiple workloads on one physical computer for savings in power, space, cooling, and administration costs. With virtualization, many servers can be managed within 1 OS per physical server, which is easier to operationalize than a group of individual (physical) servers.  Server consolidation benefits become more pronounced as the size of the data center and the number of servers grows.

Legacy operating systems: Sometimes, critical older application (for example, programs written for MS-DOS) won't boot on newer hardware or run under a new OS. With full virtualization or emulation, the virtualization layer can simulate simple hardware and legacy OS combinations, keeping the software operational. Since the new host is much more powerful than the older hardware, the application performance can improve in spite of the additional computational overhead of virtualization.

Maintenance and Migration: Most virtualization software supports 'live migration', which moves an operating system and its applications to new hardware with no downtime. If a virtual server requires more (or less) resources than it is getting, it can be migrated to to a different server to balance the load over the available hardware. Likewise, hardware upgrades or maintenance can be performed without shutting down the application, by moving the VM between physical servers.

Security: Security and performance can be enhanced by placing each application on its own virtual server, isolated from the rest. Thus, if an application is going awry, it would not affect the performance of other applications on the same server. Likewise, if an application is compromised, the damage will be limited to its instance, and the other virtual machines will be unaffected. This is especially true when virtual machines are well isolated from each other, which is typically the case in all virtualization technologies where each virtual machine runs its own kernel.

Individual Web Hosts:
Container technologies allow a host to provide the flexibility of a dedicated server, including root privileges, to multiple users on a single computer. Container software, such as Linux VServer, OpenVZ (Linux), or Virtuozzo (Linux/Windows), typically have a lower degree of isolation, in exchange for lower overhead and more flexible resource use. They allow the server administrator to put many users on a single server, while giving users root access to their instances, and all the functionality expected from a dedicated server. The main benefits are  higher revenues compared to shared hosting, as well as easier maintenance.

Server Farms (ISPs)
Server farms bear some similarity to corporate data centers, but due to the different nature of their businesses, some benefits of virtualization feature more prominently.

Consolidation: Web servers are often used at only 10-20% of capacity. Running many virtual machines on a few physical computers reduces the need for costly data center space, allowing 5-10 times as many users per data center. The savings on real estate accompany reductions in electricity and cooling costs.

Power Savings: Most servers loads are cyclical, often spiking predictably at given times, then dropping back to a baseline level. With virtualization it is possible to migrate virtual machines to match the load. Thus, at off peak hours, more VMs can be packed on fewer servers, dramatically reducing power consumption, without any loss in performance.

Hardware isolation: Moving an application to a new server requires installing an OS, configuring the new server to run the application, copying the data to the new server and praying that everything still works. Virtual machines do not interact with real hardware, making life much easier. All that it takes is to move an application is copying the virtual machine containing it to the new server.

Management: It is much easier to manage virtual machines than to manage individual servers, especially with commercial management tools. A crash in a virtual machine does not affect other users, and restarting a virtual machine can be done remotely, or even automatically. This translates to savings on administration cost and technical support.


Conclusion

The uses and benefits of virtualization are so varied and numerous, they are impossible to ignore. IT managers, web hosts, data center administrators, even home users, all stand to benefit from one or more of the available virtualization technologies. If you have not yet tried it or considered what it can do for you, investigate further. It is virtually impossible not to reap some rewards from virtualization.