Virtualization

Virtualization is the process of creating a virtual version of something, such as a server, desktop, operating system, or storage device. This involves using specialized software to create a virtual or software-created version of a computing resource rather than the actual version of the same resource.

Virtualization - One Server for Multiple Applications/OS

Virtualization allows a single physical server to host multiple operating systems and applications, maximizing the utilization and flexibility of hardware resources.

Why Virtualization?

• Resource Utilization: Allows multiple operating systems and applications to run on the same machine and hardware simultaneously.

• Cost Efficiency: Reduces IT infrastructure costs.

• Flexibility: Enhances development productivity and enables remote access.

• Scalability: Provides rapid scalability and high availability.

• Disaster Recovery: Facilitates high availability and disaster recovery.

• Pay-per-Use: Offers IT infrastructure on-demand.

Benefits of Virtualization

1. Flexible and efficient resource allocation.

2. Enhanced development productivity.

3. Reduced IT infrastructure costs.

4. Remote access and rapid scalability.

5. High availability and disaster recovery.

6. Pay-per-use IT infrastructure on demand.

7. Capability to run multiple operating systems.

Virtualization and Cloud Computing

• Virtualization is a key technique for cost-effectiveness, hardware reduction, and energy savings used by cloud providers.

• It allows sharing of a single physical instance of a resource or application among multiple customers.

• Provides a virtual environment for applications, storage, memory, and networking.

• In Infrastructure as a Service (IaaS), virtualization is crucial for providing services from cloud providers to subscribers.

Virtual Machine Monitor (VMM) or Hypervisor

• The operating system layer is divided into the lower layer (utilized by the VMM or Hypervisor) and the higher layer (guest operating systems).

• Hypervisor: A form of virtualization software that divides and allocates resources on various hardware pieces. It allows multiple guest operating systems to run on a single host system simultaneously.

Types of Operating System

• Host Operating System: The OS running directly on the hardware.

• Guest Operating System: The OS running in a virtual environment like VMware or VirtualBox.

Virtualization Techniques

1. Para-virtualization

2. Full-virtualization

3. OS Level-virtualization

Full Virtualization

• Developed by IBM in 1966.

• Host OS runs directly on hardware, while guest OS runs on a virtual machine.

• Guest OS operates as independent computers, unaware of the hypervisor's presence.

• Technologies providing full virtualization support include VMware, ESXi, and Microsoft virtual servers.

• Involves direct execution and binary translation, but can cause performance overhead, especially for I/O-intensive applications.

Para-Virtualization

• Guest OS interacts with the hypervisor to boost performance and productivity.

• Unlike full virtualization, it does not implement complete isolation but rather partial isolation.

• Involves altering the OS kernel to replace non-virtualizable instructions with hypercalls.

• Reduces virtualization overhead but is less compatible and portable due to the need for OS kernel modifications.

Full Virtualization vs. Para-Virtualization

• Full Virtualization: Complete isolation and independence for guest OS, suitable for unmodified OS, but can incur significant performance overhead.

• Para-Virtualization: Better performance and lower overhead, but requires modifications to the guest OS kernel, leading to potential compatibility and maintainability issues.
  

OS-level virtualization is a lightweight virtualization technique where the operating system (OS) kernel allows for multiple isolated user-space instances, known as containers, to run on a single host OS. Each container shares the host OS kernel but operates as if it has its own dedicated environment. Here's what you need to know:

• Key Points:

• Efficiency: Containers share the host OS kernel, making them lightweight and efficient.

• Isolation: Each container is isolated from others, but they all use the same OS kernel.

• Resource Management: Uses less overhead compared to full virtualization, making it suitable for environments where maximizing efficiency and minimizing overhead are crucial.

• Examples: Docker, Kubernetes (uses Docker containers), and LXC (Linux Containers) are popular tools and platforms that use OS-level virtualization.

Hybrid virtualization combines elements of both full virtualization and para-virtualization. It's a flexible approach that aims to optimize performance and resource utilization by using different virtualization techniques as needed. Here’s a simplified explanation:

• Key Points:

• Flexibility: Allows for using different virtualization techniques (like full virtualization and para-virtualization) together.

• Performance Optimization: Tailors the virtualization approach to specific workloads or requirements.

• Use Cases: Often used in environments where some applications benefit from the efficiency of para-virtualization, while others require the full isolation of full virtualization.

• Implementation: Can involve using different hypervisors or virtualization technologies within the same infrastructure, based on application needs.

Summary

• OS-Level Virtualization: Lightweight, efficient, and shares the host OS kernel among multiple containers.

• Hybrid Virtualization: Combines different virtualization techniques to optimize performance and resource usage based on specific requirements or workloads.

• Application Virtualization:

• What it does: Allows applications to be accessed remotely from a server.

• Benefit: Users can run different versions of software without installing them locally.

• Example: Hosted applications like Microsoft Office 365.

• Network Virtualization:

• What it does: Creates multiple virtual networks on top of a single physical network.

• Benefit: Enables isolated network environments that can be managed separately.

• Example: Virtual LANs (VLANs) and software-defined networking (SDN) technologies.

• Desktop Virtualization:

• What it does: Stores user desktops on remote servers, allowing access from any device.

• Benefit: Enhances mobility and simplifies management of desktop environments.

• Example: Virtual Desktop Infrastructure (VDI) solutions like VMware Horizon.

• Storage Virtualization:

• What it does: Manages multiple physical storage devices as a single virtualized storage pool.

• Benefit: Improves storage efficiency, flexibility, and simplifies data management.

• Example: Storage Area Networks (SANs) and virtual storage appliances.

• Server Virtualization:

• What it does: Divides a physical server into multiple virtual servers, each running its own operating system.

• Benefit: Optimizes server resources, increases efficiency, and reduces costs.

• Example: Hypervisors like VMware ESXi, Microsoft Hyper-V, and KVM.

• Data Virtualization:

• What it does: Integrates data from various sources into a unified virtual layer, accessible without needing to know its physical location.

• Benefit: Simplifies data access, improves agility, and supports real-time data integration.

• Example: Data virtualization platforms like Denodo and Informatica.

Hypervisor:

• Definition: Software that abstracts and manages computer hardware, allowing multiple virtual machines (VMs) to run on a single physical machine.

• Function: Divides hardware resources and manages them among VMs, ensuring isolation and optimal resource utilization.

Types of Hypervisors:

1. Type 1 Hypervisor (Bare Metal):

• Description: Runs directly on the host machine's hardware.

• Advantages: Higher performance and efficiency, direct access to hardware resources.

• Examples: VMware ESXi, Citrix XenServer, Microsoft Hyper-V.

1. Type 2 Hypervisor (Hosted):

• Description: Runs as an application on a host operating system.

• Advantages: Easier to set up and manage, compatible with a wider range of hardware.

• Examples: VMware Workstation, VirtualBox.

1. KVM Hypervisor (Kernel-based Virtual Machine):

• Description: A Type 1 hypervisor integrated into Linux kernel.

• Advantages: Combines performance benefits of Type 1 with flexibility of Linux environment.

• Features: Secure, scalable, supports full hardware and memory management.

Criteria for Choosing a Hypervisor:

• Performance: Evaluate CPU overhead, memory support, and virtualization efficiency.

• Cost: Consider licensing fees, support costs, and potential savings in hardware and management.

• Usability: Assess ease of setup, management interface, and compatibility with existing systems.

• Scalability: Ability to grow with your organization's needs, supporting increasing VMs and workloads.

• Support and Expertise: Availability of support, documentation, and expertise within your team.

Choosing the right hypervisor depends on your specific requirements, budget, and IT infrastructure setup. Each type offers distinct advantages suited to different organizational needs and environments.

Docker:

• Definition: Docker is a platform that uses OS-level virtualization to deliver software in containers.

• Containers: These are isolated environments containing applications, libraries, and dependencies. They communicate through defined channels and run on a shared OS kernel.

• Advantages: Lightweight, efficient resource usage compared to virtual machines (VMs), and faster startup times.

Important Terminologies:

1. Docker Image: File with instructions to create a container.

2. Docker Container: Runtime instance of an image.

3. Dockerfile: Text document with build instructions for Docker images.

4. Docker Engine: Hosts and manages Docker containers.

5. Docker Hub: Official repository for Docker images.

Docker vs. Virtual Machines (VMs):

• Containers (Docker):

• Structure: Includes application, libraries, and dependencies. Shares OS kernel.

• Resource Usage: Lightweight, shares host OS resources.

• Isolation: Process-level isolation.

• Virtual Machines:

• Structure: Includes full OS, application, and dependencies.

• Resource Usage: Requires more resources due to separate OS instances.

• Isolation: Hardware-level isolation.

Hypervisor vs. Docker:

• Functionality:

• Hypervisor: Virtualizes hardware, supports multiple OS instances.

• Docker: Virtualizes OS, supports multiple containers on a single OS kernel.

• Instance Support:

• Hypervisor: Runs multiple instances of complete OS.

• Docker: Runs multiple applications or instances of applications in containers.

• Resource Requirements:

• Hypervisor: Needs dedicated resources for each VM.

• Docker: Shares resources, efficient resource usage.

• Boot-Time:

• Hypervisor: Longer boot times for full OS instances.

• Docker: Almost instant container creation and startup.

• OS Support:

• Hypervisor: Runs on various OS platforms.

• Docker: Primarily supports Linux, with growing ecosystem.

• Security:

• Hypervisor: Provides strong isolation with separate OS instances.

• Docker: Uses OS-level isolation; container security is improving but differs from VMs.

Hypervisor Memory Optimization

1. Memory Ballooning:

• Uses a balloon driver within VMs to temporarily transfer unused memory to other VMs.

• Can introduce performance issues if VMs don't have enough memory when needed.

1. Dynamic Memory Allocation:

• Automatically assigns memory to VMs based on workload demands.

• Allows overprovisioning but can lead to inefficient performance due to paging or swapping.

1. Memory Paging:

• Transfers data from host memory to disk when VM memory is low (uses page files).

• Ensures VMs don't crash due to memory shortages but can degrade application performance.

1. Memory Overcommitment:

• Allocates more memory to VMs than physically available.

• Can improve memory usage efficiency but may lead to swapping and performance degradation.

1. Memory Mirroring:

• Copies physical memory into separate channels for fault tolerance.

1. Transparent Page Sharing (TPS):

• Consolidates identical memory pages across VMs to reduce memory usage.

• Introduces potential security risks like unauthorized access to data.

Hardening the Virtualization Layers

1. Physical Hardware (PCI Passthrough):

• Allows VMs to access physical hardware like GPUs.

• Requires Input/Output Memory Management Unit (IOMMU) to manage DMA access securely.

• Risks include hardware infections from malicious firmware modifications.

1. Virtual Hardware (QEMU):

• QEMU provides virtual hardware interfaces for VMs (network, storage, etc.).

• Challenges include complex low-level code and potential security vulnerabilities.

• Recommendations include minimizing the QEMU code base, using compiler hardening, and implementing mandatory access controls like SELinux or AppArmor.

1. Secure Encrypted Virtualization (SEV):

• AMD's technology encrypts VM memory with unique keys for enhanced security.

• Provides isolation technologies for multi-tenancy environments.

1. Mandatory Access Control (sVirt):

• Uses SELinux to enforce separation controls between VM processes, devices, and system processes.

• Enhances security by applying access controls based on labels.

These strategies and technologies aim to optimize memory usage, enhance security, and ensure efficient performance within virtualized environments. Each approach addresses specific challenges related to resource management and security in virtualization.