Protection Rings and Types of Virtualizations
Contents
|
1. The Protection Rings
2. Types of Virtualizations
|
The Protection Rings
- x86 CPUs provide a range of protection levels, also known as rings, in which code can execute.
- Ring 0 has the highest level privilege and is where the operating system kernel normally runs.
- Code executing in Ring 0 is said to be running in system space, kernel mode or supervisor mode.
Types of Virtualizations:
Paravirtualization
- Under Para virtualization, the kernel of the guest operating system is modified specifically to run on the hypervisor.
- This typically involves replacing any privileged operations that will only run in ring 0 of the CPU with calls to the hypervisor (known as hyper calls). The hypervisor in turn performs the task on behalf of the guest kernel.
- This typically limits support to open source operating systems, such as Linux, which may be freely altered and proprietary operating systems where the owners have agreed to make the necessary code modifications to target a specific hypervisor. This results in the ability of the guest kernel to communicate directly with the hypervisor, resulting in greater performance levels than other virtualization approaches.
Full Virtualization without Hardware Assist
- Full virtualization provides support for unmodified guest operating systems. The term unmodified refers to operating system kernels which have not been altered to run on a hypervisor and, therefore, still execute privileged operations as though running in ring 0 of the CPU.
- In this scenario, the hypervisor provides CPU emulation to handle and modify privileged and protected CPU operations made by unmodified guest operating system kernels. Unfortunately, this emulation process requires both time and system resources to operate, resulting in inferior performance levels when compared to those provided by paravirtualization.
Full Virtualization with Hardware Assist
- Hardware virtualization leverages virtualization features built into the latest generations of CPUs from both Intel and AMD. These technologies, known as Intel VT and AMD-V, respectively, provide extensions necessary to run unmodified guest virtual machines without the overheads inherent in full virtualization CPU emulation.
- In very simplistic terms, these new processors provide an additional privilege mode below ring 0 in which the hypervisor can operate essentially, leaving ring 0 available for unmodified guest operating systems.
OS virtualization
- Compared with hypervisor based virtualization, container based virtualization offers a completely different approach to virtualization. Instead of virtualizing with a system in which there is a complete operating system installation, container based virtualization isolates containers work from within a single OS. In cases where only one operating system is needed, the main benefits of container based virtualization are that it doesn’t duplicate functionality and improves performance.
- OS virtualization has been making waves lately because Microsoft is rumored to be in the market for an OS virtualization technology. The most well-known products that use OS virtualization are Parallels Virtuozzo and Solaris Containers. This virtualization architecture has many benefits, speedy performance being the foremost. Another benefit is reduced disk space requirements. Many containers can use the same files, resulting in lowered disk space requirements.
- The big caveat with OS virtualization is the OS requirement. Container OSs must be the same OS as the host OS. This means that if you are utilizing Solaris containers then all containers must run Solaris. If you are implementing Virtuozzo containers on Windows 2003 Standard Edition, then all its containers must also be running Windows 2003 Standard Edition.
- Examples:
- Citrix XenSource
- VMWare ESX
- Virtual Iron
Hosted virtualization
- This is the type of virtualization with which most users are familiar with. All of the desktop virtualization products, such as VMware Workstation, VMware Fusion, and Parallels Desktop for the Mac, and Microsoft Virtual PC implement hosted virtualization architecture.
- There are many benefits to this type of virtualization. Users can install a virtualization product onto their desktop just as any other application, and continue to use their desktop OS.
- Hosted virtualization products also take advantage of the host OS’s device drivers, resulting in the virtualization product supporting whatever hardware the host does.
Application Virtualization
- Application Virtualization is a virtualization solution that can deliver applications that never installed, yet it can securely provide on demand access to users anywhere in the network.
- Examples:
- Citrix XenApp
- Microsoft SoftGrid
- ThinApps
Storage Virtualization
- Consists of the consolidation of multiple network storage resources into multiple or single storage device targets.
- Examples:
- DataCore SanSymphony
- LeftHand Networks SANiq
- Windows Storage Server
0 responses to “Protection Rings and Types of Virtualizations”