### Lecture 11 - Operating system virtualisation **Virtualisation** refers to method for abstracting IT resources using software. **Virtual resource** behaves like the real resources. **Virtual variants** are virtual computers like server and desktop virtualisation is like operating system or platform virtualisation. There also exist Virtual Runtimes such as JVM, or virtual process environments like process model and virtual memory. **Terminology** - real machine vs virtual machine - host OS - synonym for OS hosting virtualised OS - guest OS - synonym for virtualised OS running on host - Virtual Machine Monitor (VMM) synonym for hypervisor **Emulation** is complete replacing of hardware in software, with virtualisation we usually have to have one small part of the command that can be reproduced, most command run directly on the hardware which are directly called from VM **Partitioning** - is well known approach from the mainframe environment which partitions the entire system into subsystem with executable operating system instances (VMs) Resources such as processor, main memory and I/O system are assigned to the VMs via the hardware/firmware. The first operating system of its kind was CTSS which was later further developed by IBM into VM/CMS today z/VM. allows for high degree of isolation with performance and security. Cons for OS virtualisation is lower performance then with real hardware with an overhead of 5-10%, it is also difficult with special hardware support, like dongles special graphic cards, accelerators. If one server computer fails, several virtual computers fail there is also high demand on failure concepts and redundancy Pros for OS virtualisation is less hardware necessary and better hardware utilisation through server consolidation, since todays servers are usually far from being fully utilised. Fewer power consumption for computers and air conditioning. Flexibility when setting up an infrastructure with rapid deployment is supported and VMs can be reproduced and archived as required. Simplified maintenance, life migration, non disruptive including technology changes without interrupting operations. It also supports availability and resilience concepts support too legacy applications. **Delimitation** Application virtualisation requires no additional guest OS everything runs in host OS, it has it's own isolated runtime env virtually in a closed container where applications run in the container ![[Pasted image 20240219212254.png|inlR|400]] Pros: Low resource requirements/overhead and high performances it is good for internet service providers to scale hosted servers or web services for cloud computing which is also supported Cons: All envs must use the same OS core, and different OS can't be used ad same time Examples are docker orchestration ecosystems such as Kubernetes, DockerSwarm, Charlie Cloud etc.... Virtualisation can be: - Full virtualisation - where hardware is completely virtualised without adjustment of the guest OS necessary - Parvirtualisation - which requires adaption of the guest OS ##### Virtualisation of Hardware In instruction set of processors there are: - **privileged commands** - which when called in user mode automatically trigger a jump (trap, interrupt or exception) to the higher privilege mode or kernel mode - **unprivileged commands** - which can be executed in all modes without generating a trap We can also distinguish in processor different set of command categories like: - **sensitive commands** - which make the state changes meaning the I/O devices or MMU might change their state and they may be included in kernel mode only - **critical orders** - while also sensitive, do not require privileged execution and can be run in user mode. However, these commands pose a challenge in virtualised environments as they lack a trapping mechanism. While also sensitive, do not require privileged execution and can be run in user mode. However, these commands pose a challenge in virtualised environments as they lack a trapping mechanism. As the name implies, critical commands can introduce complexities and concerns in the virtualisation of operating systems due to their sensitive nature and lack of inherent trapping mechanisms. According to Popek and Goldberg theorem - computer architecture can be virtualised if all sensitive commands are privileged which is a sufficient but not necessary condition ![[Pasted image 20240220170857.png|inlR|400]] With newer Intel and AMD Processors, sensitive commands are complete and include the privileged command, virtualisation is supported via additional technologies, for example Intel and AMD offer extended instruction set like: - AMD: Pacifica or ADM-V = SVM = Secure Virtual Machine Instruction Set - Intel: VMX (Virtual Machine Extension) = Virtualisation Instruction Set Architecture ISA Extension formerly Vanderpool ##### Virutalisation Variants There is a wide variety of virtualisation concept and technologies like: - **Type 1 hypervisor** -which is VMM of Type 1 and directly sits above the hardware as a small Mini OS, it requires hardware support. Examples are: XenServer from Citrix Systems, vSphere ESX from VMware and Hyper-V from Microsoft ![[Pasted image 20240220171352.png|inlR|400]] - **Type 2 hypervisor** - is hosted as fully virtualised machine, if there is no virtualisation support from processor type 2 hypervisor can overcome that. When an application program is started in VM sensitive commands are first translated into special hypervisor procedures like: *binary translation* or *hypervisor runs as a simple user program over host OS.* Host OS converts the calls into special calls to the hypervisor which then emulates the commands. Type 2 brings also more overhead then Type 1, it is not meant for production use and more for test and development environments, examples are Virtual Server / PC from Microsoft, VMware Workstation, Virtual Box ![[Pasted image 20240220171744.png|inlR|400]] - **Paravirtualisation** - hypervisor here is reduced to meta-OS and it works with modified Guest OS or paravirtualised OS. Hypervisor calls are made via special dedicated API, examples are VMware, ESXi, and open Xen ![[Pasted image 20240220172215.png|inlR|400]] ![[Pasted image 20240220172236.png|inlR|400]] > [!Summary] > There exist many possible variants of virtualisation where boundaries disappear. Paravirtualisation and hardware virtualisation gain in importance. Security is an issue and VMs need to be secured from all threats. Virtualisation gains its importance for cloud computing since cloud computing uses VMs to isolate themselves from one another and for scaling. It is important for operation Management tools required for administration