What virtualization is
Virtualization is the abstraction of computing resources from the physical hardware, making it possible to run several operating systems on one computer. The underlying virtualization platform where the hypervisor software resides is called a host, and the guests are virtual machines running on top of the hypervisor.
IBM introduced virtualization for mainframes in the 1960s, it was a solution when many different systems were incompatible, and it was difficult to transfer information between them, as well as the cost of educating personnel on multiple systems.
In 1974 Gerald J. Popek and Robert P. Goldberg wrote an article, Formal Requirements for Virtualizable Third Generation Architectures, with requirements for virtualization, which are still in use today. Their requirements are for virtual machines to be identical to actual machines, with their virtual requests to be processed on real physical processors and let the hypervisor control all resources.
Virtualizing x86 processors
For a long time, virtualizing x86 processors was unthinkable until VMware did it, and in 2001 released their hypervisors, ESX, and GSX, making server consolidation possible. Consolidation is converting physical servers to virtual servers residing together on a hypervisor on a shared physical device. Virtualization of the x86 processor was made possible by binary translation together with direct processor execution, adding a layer between the hardware and the operating system.
When virtualizing a server, the consolidation ratio refers to how many virtual machines are on a physical server. For example, when a physical server has twelve virtual machines, the consolidation ratio is 12:1, as can be seen in figure 1 above. The First generation x86 hypervisors had a consolidation ratio of 5:1. As the development of hardware gives physical servers more memory and processing power, the number of virtual machines that one physical server can host has dramatically increased over the years. Gordon E. Moore, a co-founder of Intel Corporation, predicted in 1965 what later became known as Moore’s Law. In 1975 he revised it, which then stated: “that the number of transistors in a circuit would double every two years” (Intel, 2022). With an increase of transistors in a computer chip, the result is more processing power for less money. The term became relevant for the evolution of technology for years, not only for processing power but also for other parts.
Levels of privilege
The x86 architecture has different levels of privilege, called rings, for processor requests to be performed; these levels can protect against unwanted system calls, whether malicious or by accident. Ring 0, also called kernel mode, where the operating system kernel operates, software running here has total control over the hardware. Ring 1 and 2 are for device drivers, while applications run in Ring 3, also called user mode. When applications send requests for processing, they move through the levels with the help of system calls. The guest operating system believes it runs in Ring 0, while it is the hypervisor, type-1. Type-2 hypervisor and its guests all run in ring 3. Whenever requests are made in guests, the hypervisor halts the request command and takes over the processing request to prevent guests from communicating directly with hardware resources and detain them in isolation.
Binary translation makes it possible for the hypervisor to run in ring 0 and completely isolate the guests, making them more secure. The guest operating system is unaware of being in a virtualized environment, as the hypervisor picks up its requests and translates them before sending them off for processing. While user requests have direct access to hardware for an increase in performance.
The guest operating system kernel is modified for communication with the hypervisor through hypercalls, which are also used to manage memory, interruptions, and time synchronization. User requests communicate directly with the hardware. Virtual machines perform better with a paravirtualized hypervisor because of the direct communication between the guest operating system and the hypervisor. Guest operating systems know they are virtualized and share resources with other operating systems on the host, as they can see each other’s information. Hypervisors offer an additional installation with tools to improve machine performance and user experience. VMware offers VMware tools that use paravirtualization techniques even when the hypervisor uses full virtualization.
Hardware assisted virtualization
Hardware assisted virtualization offers a new level below ring 0 called root mode, where the hypervisor resides. Rings 0 to 3 are in non-root mode, with the guest operating system in ring 0. Requests in the guest operating system get trapped to the hypervisor without binary translation or hypercalls. While user requests have direct access to hardware.
Citrix: What is hardware virtualization
Intel: Five Things to Know about Gordon Moore
Popek, G. and Goldberg. R. 1974. Formal Requirements for Virtualizable Third Generation Architectures
Portnoy, M. 2016. Virtualization Essentials. 2nd ed.
Shackleford, D. 2012. Virtualization Security.
VMware: Understanding Full Virtualization, Paravirtualization, and Hardware Assist