| March 5, 2009 12:00 AM PST | |
Identify the limitations of software-based virtualization solutions as a means of determining business needs for alternatives (i.e., hardware-based virtualization). On systems that use Intel® architecture, virtualization is traditionally a software-only solution. Products such as Virtual Server* and Virtual PC* from Microsoft, ESX* and Virtual Server from VMware, and Xen from the Xen open-source community – known as virtual machine monitors (VMMs)—handle all virtualization of the system. Because the VMM must create the perception that the hosted OS is communicating directly with the hardware, it generally uses one of the following two approaches:
- Paravirtualization. This technique requires changes to the source code of the OS, especially the kernel so that it can be run on the specific VMM. This approach is akin to the mainframe approach, in which custom OS extensions are closely matched to the hardware. Paravirtualization will not work with off-the-shelf operating systems.
- Binary translation. The VMM makes changes to the binaries of the operating system as they are loaded into the VM. This approach is common in commercial products and has the singular limitation that only specific versions of the OS can be loaded, as each new release of the OS requires proof and testing and possibly upgrades to the VMM software.
The problem with both solutions listed in the Challenge section of this Knowledge Base item is that the software must use complex schemes to emulate certain hardware features to the software, and it must fool the hosting operating system into thinking the VM is just another application. VMMs also face other technical challenges:
- Use of Private Memory for VMM Use Only. In order to store system information, VMMs must use private blocks of memory that only they can access. The problem is how to allocate this memory in such a way that the guest OS will not access it (either inadvertently or on purpose). Today, the principal solution is for t he VMM to intercept accesses to these memory areas and emulate the expected result of the initial access. This cumbersome process is required by current Intel® architecture. However, on x86 processors with Intel® Virtualization Technology, certain memory pages for use by the VMM can be made accessible only from software—such as the VMM—that has the highest level of privilege, as granted by the processor. This step makes these areas inaccessible—and most importantly—invisible to all other software.
- Use of VMM Interrupt Handling. Interrupts — events that require immediate system attention — must be handled by the VMM. The problem is that OSs have the ability to prevent delivery of interrupts. This mechanism is used to block interruptions of certain activities that must be completed without interference from an external event. VMMs can manage the flow of interrupts to guest OSs, but to do so they must monitor the OSs’ attempts to mask and unmask (that is, block and allow) these interrupts. Some OSs today make heavy use of this feature, with consequent performance penalties on the VMM.
This item is part of a series of related pieces that together address the issues associated with software-based virtualization and how they are addressed using hardware-based virtualization:
- How to Overcome the Limitations of Software-Based Virtualization
- How to Obtain the Benefits of Hardware-Based Virtualization
Intel® Virtualization Technology: A Primer
For more complete information about compiler optimizations, see our Optimization Notice.
