Virtualisation is not a new technology and has existed since the 1960s when IBM pioneered the first ‘full virtualisation’ CP/CMS operating system, providing virtual System/360 computer instances.
However, arguably it wasn’t until the advent of x86 virtualisation in the late 1990s that the technology achieved critical mass in terms of exposure and implementation potential.
Initially only one form of x86 virtualisation technique was mastered, which has now become almost ubiquitous for enterprise deployments. However, as Atiek Arian, senior consultant at GlassHosue Technologies outlines, today there are three forms of x86 virtualisation that operate in a different ways.
In order to understand the differences between the three, it’s first important to identify the primary barrier towards virtualising x86 platforms.
This is the issue of privilege isolation between the hardware, operating system and applications. x86 operating systems expect ownership of the hardware upon which they are running. They traditionally run at the lowest privilege sphere, just above the hardware, with the applications running in a sphere above that.
The main achievement of x86 virtualisation was inserting hypervisor and ‘virtual machine monitor’ (VMM) layers between the hardware and the operating system, whilst still allowing the latter to operate in a more privileged sphere than the applications.
The VMMs abstract the hardware from each guest operating system and provide the interface via which the necessary translation is performed between them and the hypervisor.
This translation process between the guest operating system and the underlying hardware is the pivot upon which the three x86 virtualisation techniques differ.
Full Virtualisation – This technique was first developed in the late 1990s and has since become the de-facto standard. Guest operating system requests undergo a process of binary translation via the VMM to and from the hardware.
User calls initiated by application code are directly executed on the CPUs and it is this combination of binary and direct techniques that is known as full virtualisation.
The guest operating systems are entirely unaware they are virtualised and the VMM provides each of them a set of virtual BIOSes, devices and memory.
This form of virtualisation provides the ultimate level of isolation between virtual machines and is generally performant.
Paravirtualisation – This approach is also known as OS assisted virtualisation. It relies upon the modification of the operating system to enable the initiation of hypercalls from within that OS to the hypervisor. Since an element of guest OS modification is required, paravirtualisation introduces issues related to compatibility and portability.
Support can also be a problem where complex modifications to the running kernel of differing operating systems are required.
Paravirtualisation is useful in scenarios where developing binary translation support is too onerous or in combination with fully virtualised platforms by providing paravirtualised devices in order to supplement core virtual machine functionality.
Hardware Assisted Virtualisation – This is a nascent virtualisation technique which will potentially provide significant benefits to virtual machine performance. It relies upon specific execution functionality within the CPU that allows guest OS calls to be automatically trapped by the hypervisor, hence removing the need for binary translation.
The various OS states are stored directly in control structures provided by the CPU chipset. Since this technology is relatively new, it currently involves a programming model whose rigidity is out-performed by the traditional binary translation mechanism.
However, as the technology develops it will provide better performance for the two other components of x86 virtualisation – memory and device I/O.
Being able to identify the differences between each x86 virtualisation technique allows organisations to deploy the most effective technology in their virtualised environments.
While full virtualisation currently provides the best balance between performance, functionality and security, hardware assisted virtualisation is set to improve upon these areas even further.
Moving specific virtualisation functionality to the hardware layer will assist with the co-ordination between each key component of x86 virtualisation – CPU instructions, memory management and device I/O.