Cloud Computing

Cloud Computing & Security

Module 2 Virtual Machines and Virtualization of Clusters and Data Centers

Text Books: 1. Kai Hwang, Geoffrey C Fox, and Jack J

Dongarra, Distributed and Cloud Computing, Morgan
Kaufmann, Elsevier 2012
Text Books 2. Dan C. Marinescu, Cloud Computing
Theory and Practice, Morgan Kaufmann, 2nd Edition,
Elsevier 2018
Module 2
Virtual Machines and Virtualization of Clusters and Data Centers

3.1 Implementation Levels of Virtualization

3.2 Virtualization Structures/Tools and
Mechanisms
3.3 Virtualization of CPU, Memory, and I/O
Devices
3.4 Virtual Clusters and Resource Management
3.5 Virtualization for Data-Center
3.1 Implementation Levels of Virtualization
 Virtualization allows multiple virtual machines (VMs) to run
on the same physical hardware, improving resource sharing,
performance, and flexibility.
 It enhances system efficiency by separating hardware from
software.
 It has gained importance in distributed and cloud computing
. Traditional Computing Model:
• computer runs a host OS tailored for its
3.1.1 Levels of VirtualizationAImplementation
hardware architecture.
•The host OS directly manages applications and
system resources.
Virtualization Concept:
•Allows multiple guest OSes to run on the same
hardware.
•Each guest OS operates independently from the
host OS.
Virtualization Layer (Hypervisor/VMM):
•A software layer added to enable virtualization.
•Manages virtual machines (VMs) and allocates
virtualized CPU, memory, and I/O resources
Virtualization ranging from hardware to applications in
five abstraction levels
Instruction Set Architecture
(ISA) Level: Software designed
for one type of processor can
run on another.
Hardware Level :
In hardware-level virtualization, a
hypervisor (Virtual Machine
Monitor - VMM) directly
interacts with the physical
hardware to create and manage
multiple virtual machines.
Operating System Level – Uses
container-based virtualization.
Library Support Level – a level
where middleware, acting as a
software layer between
applications and the operating
system
Application Level –
3.1.1.1 Instruction Set Architecture Level
 Virtualizes the instruction set of the host machine to emulate(allows
software designed for one type of CPU to run on a completely different
hardware platform.) different processor architectures (e.g., running MIPS
code on an x86 machine).
 Uses code interpretation or dynamic binary translation for better
performance
3.1.1.2 Hardware Abstraction Level
 Virtualizes hardware resources like CPU, memory, and I/O devices to
allow multiple users to utilize the hardware concurrently
3.1.1.3 Operating System Level
 Creates isolated containers on a single server to allocate hardware
resources among users.
 Commonly used in virtual hosting environments and server consolidation .

3.1.1.4 Library Support Level

 Virtualizes the communication link between applications and the OS
through API hooks.
3.1.1.5 User-Application Level
 Virtualizes applications as isolated VMs (process-level
virtualization) to run independently of the OS
3.1.2 VMM Design Requirements and Providers
• Inserts a Virtual Machine Monitor (VMM) between
real hardware and traditional OSes.
• The VMM (Hypervisor) manages hardware resources
and virtualizes components like CPU, memory, and I/O.
Key Requirements for a VMM:
 Identical Environment: Programs should run as if on
real hardware.
 Efficiency: Performance overhead should be minimal.
 Complete Control: The VMM fully manages system
resources.
Advantages:
• Multiple OSes can run simultaneously on the same
hardware.
• Better resource utilization in cloud and data centers.
• Stronger security through isolation of VMs.
3.1.3 Virtualization Support at the OS Level
 Cloud computing relies on virtualization to shift hardware and
management costs to third-party providers.
Two major challenges:
 1. Dynamic resource allocation – Scaling CPU resources based
on demand.
 2. Slow VM instantiation – Fresh VM boots take time and lack
awareness of the application state.
Why OS-Level Virtualization?
 Hardware-level virtualization is slow and inefficient due to
redundant VM image storage and performance overhead.
 OS-level virtualization creates multiple isolated Virtual
Execution Environments (VEs) or Containers within a single OS
kernel.
 Also known as single-OS image virtualization.
3.1.3.2 Advantages of OS Extensions
 Fast startup/shutdown, low resource use, high scalability.
 State synchronization between VMs and the host OS –
Allows better application state awareness.
 Efficiency through resource sharing – VEs can access most
host resources without modifying them.
 Overcomes slow VM initialization and application state
unawareness in cloud computing.
3.1.3.3 Disadvantages of OS Extensions
 Same OS requirement – All VMs on a single container must
belong to the same OS family (e.g., Windows-based VMs cannot
run on a Linux host).
 User preference issues – Some cloud users require different OS
types, limiting flexibility.
 Resource duplication problem – If each VM has a full copy of
system resources, it leads to high storage and performance
costs.
3.1.3.4 Virtualization on Linux or Windows Platforms

Linux-Based Virtualization:
• Most OS-level virtualization tools are
designed for Linux.
• The Linux kernel provides an abstraction
layer for software to interact with hardware.
Windows-Based Virtualization:
• Still in research and development
compared to Linux-based solutions.
• Windows NT-based FVM is an early attempt
at OS-level virtualization.
3.1.4 Middleware Support for Virtualization

•Instead of virtualizing the entire OS, it creates execution environments

for running programs from different platforms.
 API call interception (converting system calls between different OSes).

Examples of Library-Level Virtualization Systems:

1.WABI – Converts Windows system calls to Solaris system
calls.
2. Lxrun – Emulates Linux system calls to run Linux apps on
UNIX systems.
3.2 VIRTUALIZATION STRUCTURES/TOOLS AND MECHANISMS
 After virtualization, a virtualization layer is inserted between the
hardware and OS, converting real hardware into virtual
hardware.
 allows multiple OSes (Linux, Windows, etc.) to run
simultaneously on a single machine.
There are three main classes of VM architecture:
1. Hypervisor-based virtualization (VMM – Virtual Machine Monitor)
2. Paravirtualization
3. Host-based virtualization
3.2.1 Hypervisor and Xen Architecture
 The hypervisor enables hardware-level virtualization by running
directly on bare metal hardware (CPU, memory, disk, network
interfaces).
 It acts as an interface between physical hardware and guest
OSes.
 Xen hypervisor is a free, open-source software that
allows multiple operating systems to run on a single
computer
Domain 0 & Domain U: Domain 0 is a privileged(Special rights)
guest OS responsible for hardware access and resource
allocation, while Domain U consists of unprivileged guest OSes.
Security Concerns: If Domain 0 is compromised, the entire
system is vulnerable, requiring strong security policies.
VM State ManagementVM State Management: Xen enables
features like VM creation, migration, rollback, and execution
branching, improving flexibility but introducing security
challenges.
(Create – Set up new VMs dynamically.
Migrate – Move running VMs between physical hosts.
Rollback – Restore a VM to a previous state.
Execution Branching – Run multiple instances of a VM from the
same saved state.)challenge
3.2.2 Binary Translation with Full Virtualization
Full Virtualization
• Does not require modifications to the host OS.
• Uses binary translation(is used to rewrite these instructions
dynamically, allowing safe execution in a virtualized
environment) to handle non-virtualizable instructions.
• Allows unmodified guest OSes to run on virtualized hardware.
Host-Based Virtualization
Involves both a host OS and a guest OS.
The host OS provides hardware access, while the guest OS runs
inside a virtual environment.
3.2.2.1 Full Virtualization
Critical Instructions: These are privileged instructions that
attempt to modify system state, interact with hardware, or
impact security.
• If executed directly on hardware by a guest OS, they could
cause conflicts or security vulnerabilities.
• The VMM intercepts these instructions, emulates their
behavior safely, and ensures they do not compromise the
system.
Noncritical Instructions: These are unprivileged instructions that
do not affect system control or security.
• They can be executed directly on the physical hardware
3.2.2.2 Binary Translation of Guest OS Requests Using a VMM

• Full virtualization in
VMware places the VMM
at Ring 0 and the guest
OS at Ring 1.
• VMM
emulates(Achievement or
Surpass) the behavior of
the instructions. The
method used in this
emulation is called
binary translation.
• Full virtualization
combines binary
3.2.2.3 Host-Based Virtualization
 A virtualization layer runs on top of the host OS, which
manages hardware and provides device drivers.
 Guest OSes run on this layer, allowing easy installation
without modifying the host OS.
Advantages
 Ease of Deployment – No need to modify the host OS.
 Simplified VM Design – Uses host OS drivers and system
services.
 Broad Compatibility – Works with various host machine
configurations.
Disadvantages
• Lower Performance – Requests pass through four layers (App
→ Guest OS → Virtualization Layer → Host OS → Hardware),
causing delays.
• Binary Translation Overhead – Required when the guest OS
and host hardware have different ISAs, further reducing
performance.
3.2.3 Para-Virtualization with Compiler Support
 Para-virtualization improves VM performance by modifying the
guest OS kernel to replace non-virtualizable instructions with
hypercalls
 Which directly communicate with the hypervisor. This reduces
virtualization
Key Features overhead and enhances efficiency.
• Requires guest OS modifications but not application
changes.
• Uses hypercalls instead of privileged instructions.
• Reduces binary translation overhead, improving speed
3.2.3.2 KVM (Kernel-Based VM)
 KVM (Kernel-based Virtual Machine) is a hardware-
assisted para-virtualization solution integrated into the
Linux 2.6.20 kernel.
 Can run unmodified guest OSes (Windows, Linux, Solaris,
etc.), unlike traditional para-virtualization.
3.2.3.3 Para-Virtualization with Compiler
Support

• The guest OS runs at Ring 1 instead of Ring 0.

• Privileged instructions are replaced with hypercalls to the
hypervisor.
• Hypercalls function similarly to system calls in UNIX
3.3 VIRTUALIZATION OF CPU, MEMORY, AND I/O DEVICES