Server virtualization is the abstraction of computer resources, in simple words, the mechanism to run multiple instances/copies of various operating systems inside a base operating system, mainly to utilize under-used resources on the physical host.
Server virtualization technology can be categorized into two based on the approach through which the virtualization is achieved.
1) Hypervisor based virtualization.
2) Container based virtualization.
Most of the virtualization softwares in use nowadays will fall under any of these two categories.
Before explaining the difference between Hypervisor based and Container based virtualization mechanism,we need to familiarize with some of the common virtualization terminologies.
Hypervisor: Software that enables the running of multiple Virtual Machines on a single physical computer and that manages the sharing of the computing resources between them.
Type 1 Hypervisior: Bare-metal hypervisor runs directly on top of hardware.
Type 2 Hypervisor: Operates as an application on top of an existing operating system.
Emulation: Emulation is where software is used to simulate hardware for a guest operating system to run in
Full Virtualization : Provide total abstraction of the underlying physical system and creates a complete virtual system in which the guest operating systems can work. No modification in guest OS or application is required. The guest OS or application is will not be aware that its being virtualized.
Full virtualization can be classified into two
a)Software assisted or OS assited full virtualization
In this method, hypervisor software itself will provide cpu virtualization by using techniques like binary translation and trap & emulate ,mechanisms to handle privileged instruction from the guest OS.
b)Hardware assisted full virtualization
To implement Hardware assisted full virtualization ,host machine CPUs should have virtualization extensions (AMD-V and Intel-VT).Host CPU itself will take care of “trap and emulation” of privileged instructions from the guest OS.
Para virtualization : Para-virtualization techniques require modifications to the guest operating systems that are running on the VMs.Modification is done by replacing the privileged instructions of the guest kernel with corresponding hypercalls. This will eliminate the need for techniques like binary translation, trap and emulate etc, thereby offers better performance compared to that of full virtualization. As a result, the guest operating systems are aware that they are executing on a VM. Only downside of this approach is that,we can run only such Guest OS types whose kernel code can be modified. In short we can only use open source Operating systems for this purpose.
Intel-VT and AMD-V : CPU ‘s with virtualization extensions enabled,from Intel and AMD family respectively. It is used to improve performance of Virtual Machines by removing the need for emulation through the hypervisor or virtualization software.
The Privilege Rings Architecture
Privilege_rings
The x86 architecture offers a range of protection levels, also known as rings, in which code can execute through which operating systems and applications use to manage access to the computer hardware. Ring 0 has the highest level privilege and it is in this ring that the operating system kernel normally runs. Code executing in ring 0 is said to be running in system space, kernel mode or supervisor mode. All other code such as applications running on the operating system operates in less privileged rings, typically ring 3. Keep in mind that the CPU privilege level has nothing to do with operating system users. Whether you’re root, Administrator, guest, or a regular user, it does not matter. All user code runs in ring 3 and all kernel code runs in ring 0, regardless of the OS user on whose behalf the code operates.Ring 0 is the outermost ring and providedthe most protection, allowing only the execution of instructions that could not affect overall processor state. Ring 0 was the innermost ring and allowed total control of the processor.Some virtualization technologies makes use of Ring 1 to run guest OS. More explanation on this will be there in my next post.
Now we shall see what is the difference between Hypervisor based and Container based virtualization.
Hypervisor Based Virtualization:
1) A full operating system is running in a virtual machine on top of the hypervisor or host .Hypervisor interacts directly with the hardware and allocates resources needed for the VMs to run .Hardware components are emulated or virtualized,so that the Virtual Machines running on the host will see fake hardware.
2)A wide range of guest Operating systems can be installed on a host.
3)Hypervisor consumes significant amount of resources,which will have some performance impact on the VMs running on top of it.Performance is slightly affected since hardware virtualization/emulation is needed.
4)Since a wide array of Operating Systems are supported, management is done via usual methods of a regular dedicated server
5)Requires separate update or upgrade of each individual virtual machine .
6)Some of the hypervisor based virtualization softwares are VMware ,Xen,KVM, VirtualBox etc.
Container Based Virtualization:
1)One kernel installed and runs on the hardware node, with different isolated guest instances or containers installed on top of it.Host kernel is shared between the guest instances. Hardware components are not virtualized. Several guest instances are running isolated from each other on top of the shared host kernel, each with their own processes, libraries, root, and users. Each isolated guest instance is called as containers.
2)Since the host kernel is shared with all the guest instances,no other Operating System other than the native OS is allowed. For example: We cannot install a windows guest instance on top of the linux host.
3)The processes performing the isolation of various VM instances is resource intensive,but it is much lower when compared with that of the hypervisor case.Overall performance will be better than hypervisor based virtualization.
4)Easily manageable since it is using shared kernel method.
I hope this will give you all an idea about server virtualization and its classifications.