Understanding Intel® Virtualization Technology (VT)
Session Outline
Virtual Machine Monitors (VMMs)
Virtualization Capabilities
Virtualization Usage Models
What is Intel® Virtualization Technology ? Formerly known by the codenames Vanderpool* & Silvervale*
Challenges of Running a VMM
VT-x Overview
Operating Modes
VM Entry and VM Exit
VT-x Operations
Virtual Machine Control Structure (VMCS)
Principal Causes of VMEXIT
Benefits: VT Helps Improve VMMs
VT Client Roadmap
VT Server Roadmap
VT Ecosystem
Call to Action:
Additional Resources
Community Resources
846.50K
Похожие презентации:
Setup for VM launch. Using ‘vmxwrite’ and ‘vmxread’ for access to state-information in a Virtual Machine Control Structure
Setup for VM launch. Using ‘vmxwrite’ and ‘vmxread’ for access to state-information in a Virtual Machine Control Structure
Virtualization Technology
Virtualization Technology
Virtualization tools
Virtualization tools
Operating System Concepts – 10h Edition (сhapter 1)
Operating System Concepts – 10h Edition (сhapter 1)
DJS Tech. Каталог продуктов
DJS Tech. Каталог продуктов
Operating System Concepts. Chapter 1: Introduction
Operating System Concepts. Chapter 1: Introduction
Supermicro New Product Introduction
Supermicro New Product Introduction
The World’s First Secure Integrated SIM for IoT
The World’s First Secure Integrated SIM for IoT
Trustworthy Workshop 2022. Cyberimmune cloud computing Sergei Petrenko, Innopolis University
Trustworthy Workshop 2022. Cyberimmune cloud computing Sergei Petrenko, Innopolis University
Introduction to Hyper-V
Introduction to Hyper-V

TWAR05015_WinHEC05

1. Understanding Intel® Virtualization Technology (VT)

Narendar B. Sahgal
Director, Initiative Planning
Digital Enterprise Group
Intel Corporation
Dion Rodgers
Sr. Principal Engineer

2. Session Outline

Virtualization
Capabilities and usage models
Intel® Virtualization Technology (VT)
Challenges of IA CPU virtualization today
VT eliminates challenges by design
VT-x technical overview
VT Roadmap
Call to Action

3. Virtual Machine Monitors (VMMs)

VM0
Virtual
Machines
(VMs)
App0
Guest OS0
VM1
VMn
App1
Guest OS1
...
Appn
Guest OSn
Virtual Machine Monitor (VMM)
Platform HW
Memory
Processor/CS
I/O Devices
VMM is a layer of system software
Enables multiple VMs to share platform hardware
Allows Apps to run without modifications

4. Virtualization Capabilities

Workload Isolation
App1
App2
OS
Workload Consolidation
App1
App2
App1
App2
App1
App2
OS
OS
OS1
OS2
OS1
OS2
HW1
HW2
VMM
HW
HW
VMM
HW
Workload Embedding
Workload Migration
App
App
App
App
OS
OS
OS1
OS2
VMM
HW1
VMM
HW2
VMM
HW1
VMM
HW2
VMM
HW
Virtualization has powerful capabilities

5. Virtualization Usage Models

SERVER
CLIENT
Virtualization Usage Models
Legacy SW Support
Training/QA
Activity Partitioning
Manageability

Consolidation
Consolidation
Isolation
Isolation
Migration
Embedding
Consolidation
Server Consolidation
Migration
Failover infrastructure
Migration
Flexible Datacenter
Manageability
Isolation
Migration
Embedding

Virtualization has a broad range of usages

6. What is Intel® Virtualization Technology ? Formerly known by the codenames Vanderpool* & Silvervale*

What is Intel® Virtualization Technology ?
Formerly known by the codenames Vanderpool* & Silvervale*
VT is a set of hardware enhancements to Intel server and
client platforms
VT is designed to simplify virtualization software
Virtualization brings new end user value and new
differentiation opportunities
VT-x and VT-i are the first in the VT series of Intel
processor and chipset innovations
VT-x refers to IA-32 CPU virtualization enhancements
VT-i refers to IPF CPU virtualization enhancements
"We are on record as saying that VT is the most
significant change to PC architecture this decade"
Martin Reynolds, Gartner Senior Analyst – eWeek September 9, 2004

7. Challenges of Running a VMM

OS and Apps in a VM
don't know that the
VMM exists or that they
share CPU resources
with other VMs
VM0
App
VM1
App
... App
Guest OS0
App
...
VM Monitor
Platform Hardware
App
...
App
Guest OS1
VMM should isolate
Guest SW stacks from
one another
VMM should run
protected from all
Guest software
VMM should present a
virtual platform interface
to Guest SW

8.

SW Solution: Guest Ring Deprivileging
Run Guest OS above Ring-0 and
have privileged instructions
generate faults...
VM0
App
Run VMM in Ring-0 as a
collection of fault handlers
VM1
App
... App
Guest OS0
App
...
App
...
App
Guest OS1
Top IA Virtualization Holes :
• Ring Aliasing
• Non-trapping instructions
• Excessive Faulting
• Interrupt Virtualization Issues
• CPU state context switching
• Addr Space Compression
VM Monitor
Platform Hardware
Complex Software Techniques :
• Source guest OS Modifications
• Binary guest OS Modifications
Virtualization of current IA CPUs
requires complex software workarounds

9.

Intel® Virtualization Technology
VM0
App
Guest SW runs deprivileged
in a new operating mode:
VM1
App
... App
Guest OS0
App
...
VM Monitor
Platform Hardware
App
...
App
Guest OS1
• Apps run deprivileged in ring 3
• OS runs deprivileged in ring 0
• VMM runs in new mode with full privilege
VMM preempts execution of Guest
SW via new HW-based transition
mechanism
By design, VT eliminates virtualization holes and
the need for complex software workarounds

10. VT-x Overview

Operating modes
Guest SW VMM Transitions
Virtual-machine control structure
Principal causes of VM Exits
Benefits

11. Operating Modes

VMX root operation:
Fully privileged, intended for VM monitor
VMX non-root operation:
Not fully privileged, intended for guest software
Reduces Guest SW privilege w/o relying on rings
Solution to Ring Aliasing and Ring Compression

12. VM Entry and VM Exit

VM Entry
Transition from VMM to Guest
Enters VMX non-root operation
Loads Guest state and Exit criteria from VMCS
VMLAUNCH instruction used on initial entry
VMRESUME instruction used on subsequent entries
VM Exit
VMEXIT instruction used on transition from Guest to VMM
Enters VMX root operation
VM0
VM1
Saves Guest state in VMCS
App
App ... App
App
Loads VMM state from VMCS
...
Guest OS0
VM Exit
App
...
App
Guest OS1
VM Entry
Physical Host Hardware
VM Monitor

13. VT-x Operations

VMX
Non-root
Operation
VM Exit
VMX Root
IA-32
Operation
VM 1
VM 2
VM n
Ring 3
Ring 3
Ring 3
Ring 0
Ring 0
Ring 0
VMCS
1
VMCS
2
VMCS
n
Ring 3
VMRESUME
VMLAUNCH
VMXON
Ring 0
...

14. Virtual Machine Control Structure (VMCS)

VMCSs are Control Structures in Memory
Only one VMCS active per virtual processor at any
given time
VMCS Payload:
VM execution, VM exit, and VM entry controls
Guest and host state
VM-exit information fields
VMCS Format not defined and may vary
VMPTRLD: Establishes a pointer to a desired VMCS
VMREAD/VMWRITE: New VMCS Access instructions

15. Principal Causes of VMEXIT

Paging state exits allow page-table control
CR3 accesses, INVLPG cause exits
Selectively exit on page faults
CR0/CR4 controls allow exiting on changes to selected bits
State-based exits allow function virtualization
CPUID, RDMSR, WRMSR, RDPMC, RDTSC, MOV DRx
Selective exception and I/O exiting reduce
unnecessary exits
32-entry exception bitmap, I/O-port access bitmap
Controls provided for asynchronous events
Host interrupt control allows delivery to VMM even when guest
blocking interrupts
Detection of guest inactivity to support VM scheduling
HLT, MWAIT, PAUSE

16. Benefits: VT Helps Improve VMMs

VT Reduces guest OS dependency
Eliminates need for binary patching / translation
Facilitates support for Legacy OS
VT improves robustness
Eliminates need for complex SW techniques
Simpler and smaller VMMs
Smaller trusted-computing base
VT improves performance
Fewer unwanted Guest VMM transitions

17. VT Client Roadmap

2005 Lyndon*
Intel® Pentium® 4 Processor
945G Chipset
HT, XD, EM64T, EIST, Intel AMT, VT
2006 Averill*
Intel Pentium 4 Processor & DC
Broadwater Chipset
2005 features plus Intel AMT2, LT
2005 Intel Centrino™ Mobile Technology
Intel Pentium M Processor
Intel 915 Chipset Family
Intel PRO Wireless Network Connection 2915ABG & 2200BG,
XD, EIST
2006 Napa*
Mobile Dual Core Processor code-named “Yonah”
Chipset code-named “Calistoga”
Wireless LAN solution code-named “Golan”
2005 features plus VT, Intel AM

18. VT Server Roadmap

2005 - 2006
2 Socket
Millington / DP Montvale
Intel® 8870, Enabled
Dual Core, MT, Foxton, Pellston, VT
2005 - 2006
≥ 4 Socket
Montecito / Montvale
Intel® 8870 / Enabled
MT, Foxton, Pellston, VT
2 Socket
2006 Bensley*, Glidewell*
Dempsey
Blackford & Greencreek
2005 features plus VT, IAMT, I/OAT

19. VT Ecosystem

Intel plans to ship VT-based platforms as follows:
Intel® Desktop and Itanium® 2 platforms in 2005
Intel® Xeon™ and Intel® Centrino™ mobile platforms in
1H ’06
VT features require support from VMM providers
and a few selected infrastructure vendors. Most
ISVs won’t need to do anything for VT
All major VMM providers have embraced VT
Intel working with Microsoft and others to enable the
software ecosystem for VT

20. Call to Action:

VMM vendor/developer:
Learn how to harvest VT benefits
Seek new business opportunities by teaming with
OEMs/ISVs
PC/Server OEM:
Learn more about virtualization usage models
Identify differentiation opportunities in your markets
Prepare for productization of VT
Application, Service, or Solution provider:
Consider the implications and new opportunities to
your product line and market
Explore new business opportunities on a virtualized
platform

21. Additional Resources

For specs / whitepapers / web resources:
www.intel.com/technology/vt
For discussions on VT opportunities:
fernando.martins @ intel.com

22. Community Resources

Windows Hardware & Driver Central (WHDC)
www.microsoft.com/whdc/default.mspx
Technical Communities
www.microsoft.com/communities/products/default.mspx
Non-Microsoft Community Sites
www.microsoft.com/communities/related/default.mspx
Microsoft Public Newsgroups
www.microsoft.com/communities/newsgroups
Technical Chats and Webcasts
www.microsoft.com/communities/chats/default.mspx
www.microsoft.com/webcasts
Microsoft Blogs
www.microsoft.com/communities/blogs
English     Русский Правила