Brief Introduction

Most computer systems require the running of more threads than the processor can support directly. On a single-core consumer machine there is only a single thread of CPU execution. Operating Systems (OSs) allow a higher level of interface for software by not only offering process multiplexing, but also handling many of the underlying hardware management issues. Thus, operating systems offer a level of abstraction above the hardware, on which multiple processes can run concurrently. This arrangement only enables a single operating system to operate on a single hardware system at any given time in most circumstances.



Operating systems operate on the hardware as privileged software, and are generally able to perform any operation the hardware supports, whereas programs running inside an operating system are less privileged, and generally cannot perform operations except those that the operating system permits. These privilege levels are often called rings, with the lower numbered ring (i.e., ring 0) having higher privileges than those with higher designations. Operating system kernels generally run in the lowest ring, and thus have control over everything running in the lower privilege (higher numbered) rings.

Why systems virtualization?

System virtualization is widely used for a variety of applications, such as, among other things, the consolidation of physical servers, isolation of guest OSs, and software debugging.

There are many other uses to which system virtualization lends itself, and many different motivators for adoption of system virtualization technologies. System virtualization has been attracting a lot of attention, particularly in the last case, because of various technological trends. Some of these trends include increasing commodity operating system complexity, increasing cost of supporting hardware and software systems, and the availability of inexpensive, powerful, and flexible commodity hardware.

A modern commodity OS such as Windows or Linux is very complex (tens of millions of Lines Of Code (LOC) in the latest desktop OSs), and this results in a much larger vulnerability surface than can be easily or provably secured. Furthermore, OSs add a single point of failure for everything (processes and data) in them. This difficulty in securing a single complicated point of failure represents a security risk for the data and processes on the system. Consequently, with ever-decreasing commodity hardware costs, most organizations achieve different operational and security-based requirements through the use of multiple physical systems

The deployment of multiple physical systems to mitigate potential security risks stemming from a single point of failure has been enabled by increasing performance and flexibility, and reductions in the price of commodity hardware and networks. However, physical systems are associated with other significant costs (that include operational, physical, and technical) in addition to the initial purchasing outlay. Each physical machine requires physical space, cabling, energy, cooling, and software administration. Additionally, physical separation adds communication overheads such as data transfer and storage latencies. For some classes of problems workarounds and optimizations exist (such as improved caching for frequently accessed data, or power management to reduce energy costs) but for others these costs are hard to overcome or justify. Since every physical system has a cost, one of the most important issues that arises to be avoided is systems that are underutilized.

Problems of virtualization

By removing the dependency of operating systems on a system’s physical state, system virtualization allows multiple operating systems to be installed on a VMM, and thus multiple operating system VMs (called guest operating systems) can be installed on each physical system. Allowing multiple VMs on the same hardware offers many advantages. Near-complete isolation between guest operating systems on the same hardware protects against OSs being a single point of failure. It also allows OS consolidation from different machines as is necessary to reduce system underutilization and maintain efficiency of operation.

This abstraction from the hardware state allows not only multiple operating systems to coexist on the same hardware, but for one VMM to run on multiple different networked physical systems concurrently. By utilizing a VMM to mediate between the OS and the hardware, virtualization changes the one-to-one mapping of OSs to and hardware to many-to-many.

Although many real-world systems implement this model only loosely, as a VM does not usually run on multiple systems concurrently, allowing one VMM to be migrated across multiple physical systems seamlessly while running has improved the offerings for high-performance and high-availability systems and cloud computing, as well as for the commoditization of processing power in general. While we focus in this article on system virtualization, there are many other virtualization technologies that overlap with what we discuss, such as storage virtualization and network virtualization