# Lecture 16: Virtual Machines # Slide Notes recall virtual machines is essentailly an abstraction of real hardware to make it look like we have many of that hardware (ex multiple CPUs) we do something in software to make it look like we have multiple computers. The virtual machine must appear to apps and users to be a real machine. We want to have virtual machines for several reasons: - fault isolation, better security, to use a different operating system, to provide better controlled sharing of the hardware ## Fault isolation operating systems must never crash, more specifically it should not take down the entire machine, just the virtaul machine. This allows for our correctness requirements to be relaxed. Similar advantages for faults that could damage devices ## Better Security The OS is supposed to provide security for processes. But the OS also provides shared resources such as the file system and IPC channels A virtual machine need not see the real shared resource so processes in other virtual machines are harder to reach and possibly damage ## Using a Different Operating System Let’s say you’re running Windows but you want to run a Linux executable. Windows has one system call interface, Linux has a different one so system calls from your Linux executable won’t work on Windows But if you have a virtual machine running Linux on top of the real machine running Windows . . . Now your application can run fine Assuming you get the virtualization right ## Sharing A Machine's Resources In principle, an OS can control how to share resources among processes But actually guaranteeing a particular allocation of resources is hard It’s easier to guarantee an entire virtual machine gets a set allocation of resources So the processes running in it will not steal resources from the other virtual machines - A very big deal for cloud computing ## How Do We Run Virtual Machines Easiest if the virtual and real machine use the same ISA (Instrucution Set Architechture) Basically, rely on limited direct execution, run as much VM activity directly on the CPU as possible (only trap when neccessary) ### The Hypervisor Also known as the virtual Machine Monitor (VMM) which is a controller that handles all virtual machines running on a real machine. When necessary, it traps from the virtual machine to the VMM and it performs whatever magic is necessary. Thne returns to limited direct execution. trapping is only necessary whenever the VM does something privileged. The initial system call instruction will trp to the VMM which will typically forward it to the VM's OS. But subsequent privileged operations trap back to the VMM.      if the VMM is going to do the instruction why not just run A with privilege so it can do its own instructions. - e.g. it could seize all the memory - we want to prevent OS and VM from hurting eachother The VMM might decide not to do the instructions or it might block VM A and run VM B for a while instead. The key point is the VMM controls what happens even though the OS in the VM thinks it is in control. ### The Core of the Problem Os A thinks it is in control and believes it is providing segregated virtual memories to APP 1 and App 2. The key technology for doing so is managing page tables and CPU registers pointing to them. But OS A has no control over those registers. THe VMM does but it knows nothing of the page tables OS A "controls" ### How To Virtualize Memory The virtual OS thinks it has physical memory addresses where it provides virtual memory addresses to its processes The VMM has machine addresses which translates to physical addresses within a single VM while still using the same paging hardware    ### Some Implications TLB misses are much more expensive sunce well be moving back and forth from privileged mode to unprivileged, paying overhead costs each time, and well run more systems code. Well also need extra paging data strucutres in the VMM which involves even more overhead. This virtual machines are this likely to suffer performance penalties. ### Making VMs Perform Better we can improve performance by adding special hardware. FOr example some CPUs have features to make issues of virtualizing the CPU and memory cheaper **Paravirualization**: The basic VM approach assumes the guest OSes in VM does not know about virtualization. If you make some changes to those OSes, they can help make virtualization cheaper. ## Virtual Machines and Cloud Computing Cloud computing is about sharing hardware amoung multiple customers. The cloud provider sells/rents computing services to customers which handles all difficult issues for them os they can just run their applications. Cloud providers need lots of costomers, to make money which implies they need losts of hardware. ### The Cloud Enviroment A warehouse fill of vast number of machines packed tightly into racks all connected by high speed internal networks and connect to the internet to allow customers remote access. The expectation is that the environmnent will run applications for many separate customers at a time, many of which might require multiple computers to run properly with strong guarantees of isolation between customers. The cloud provider makes the most money by making the most efficient use of the hardware. Often a customer does not need the full power of a machine. But they do need strong isolation which can be provided by virtual machines. ### So ... this means you can run everyone in a virtual machine. Some customers have many virtual machines to handle their big jobs. Some customers' virtual machines share physical machines with other custormers' VMs Customers' workloads fluctuate so you want the most efficient packing of VMs onto physical machines possible to maximize profits. ### How To Efficiently Place VMs There are many physical nodes and many more Vms that often reduces to a **bin packing algorithm** which tends to be NP-hard. - where n may depend on the number of servers and/or VMs considered - the more factors considered, the harder to solve ### VMs Aren't Just For Cloud Computing As you should know, since your projects use them. They allow experimentation not easily performed on real hardware. They allow basic servers to safely divide their resources and they allow greater flexibility in the software your computer can run. # Chapter B Virtual Machine Monitors [Text Here](https://pages.cs.wisc.edu/~remzi/OSTEP/vmm-intro.pdf) Years ago, IBM sold expensive mainframes to large organizations, and a problem arose: what if the organization wanted to run different operating systems on the machine at the same time? Some applications had been developed on one OS, and some on others, and thus the problem. As a solution, IBM introduced yet another level of indirection in the form of a **virtual machine monitor (VMM)** (also called a **hypervisor**). ## Motivation: Why VMMs virtualization enables an administrator to consolidate multiple OSes onto fewer hardware platforms, and thus lower costs and ease administration. Another reason is testing and debugging. While developers write code on one main platform, they often want to debug and test it on the many different platforms that they deploy the software to in the field ## Virtualizing the CPU To run a **virtual machine** on top of a virtual machine monitor, the basic technique that is used is **limited direct execution** we wish to multiplex between two virtual machines, that is, between two OSes and their respective applications. In a manner quite similar to an operating system switching between running processes (a **context switch**), a virtual machine monitor must perform a **machine switch** between running virtual machines. #### This is pretty much the Same as lecture so I'll only note what was not really said. recall VMM will handle only privleged instructions and the OS will handle the non privleged instructions