Virtual PC

Welcome !

By
PIYUSH .R. CHORDIA Seminar Guide
TE (Div. - I) Prof.C.A.Laulkar
Sinhgad College of Engineering
Agenda
Virtual PC
Architecture
Features
Terms & Concepts
Scenarios
Demo
Solution Accelerators
Why Virtualization ?
30 % per year 40 % per year
Virtualization
Virtualization is a framework or
methodology of dividing the resources of a
computer into multiple execution
environments, by applying one or more
concepts or technologies such as :

hardware and software partitioning,

time-sharing,
partial or complete machine simulation,
emulation,
quality of service and many others
Virtual PC
Normal PC Operation

Application
Application Software
Software
Operating
Operating System
System
Device
Device Drivers
Drivers

Hardware
Hardware
Virtual PC Architecture
PC Virtualization

Guest
Guest Applications
Applications
Guest Guest
Guest Operating
OperatingSystem
System
Environment
Guest
Guest Drivers
Drivers

Virtual PC Virtualized
Virtualized Hardware
Hardware

Host
HostOperating
OperatingSystem
System
Host
Host
HostDrivers
Drivers
Host
HostHardware
Hardware
Environment
 How does Virtual PC work
Architecture
config in
vmc-file
Sound

Virtual Diskette

Machine CPU Mem Disk CD/DVD

Network

Ports USB

Software Virtual PC

VMM VPC host host host host

driver VPC driver driver driver

Hardware
.vfd

CPU0 CPU1 Disk .iso

file
Virtual Machine Monitors
(VMMs) VM0 App0 VM1 App1 VMn Appn

...
Virtual Guest OS0 Guest OS1 Guest OSn
Machines
(VMs)
Virtual Machine Monitor (VMM)

Platform HW
Memory Processor/CS I/O Devices

VMM is a layer of system software

Enables multiple VMs to share platform hardware
Allows Apps to run without modifications
VMM Arrangements
Type-2 VMM Hybrid VMM Type-1 VMM
(Hypervisor)
Guest 1 Guest 2

VMM Guest 1 Guest 2 Guest 1 Guest 2

Host OS Host OS VMM VMM

Hardware Hardware Hardware

Examples: Examples: Examples:

JVM Virtual PC & Virtual Windows
CLR Server Virtualization

What we have today What we’re building

for the future
IA System Virtualization Today

Virtual
Machines

Virtual Machine Monitor (VMM)

Binary IO-Device
Translation Emulation

Paravirtualization Interrupt
Virtualization
Page-table
Shadowing DMA Remap
Logical
Physical Memory I/O Devices
Processors

IA-based System Virtualization Today

Requires Frequent VMM Software Intervention
The Hypervisor
• Thin layer of software running on the hardware
• Supports creation of partitions
• Each partition is a virtual machine
• Each partition has one or more virtual processors
• Partitions can own or share hardware resources
• Software running in partition is called a guest
• Enforces memory access rules
• Enforces policy for CPU usage
• Virtual processors are scheduled on real processors
• Enforces ownership of other devices
• Provides simple inter-partition messaging
• Messages appear as interrupts
• Exposes simple programmatic interface called
Parent Partition
“hypercalls”

Hypervisor

Hard Ethernet
Drive NIC CPU RAM
Device I/O Accesses
I/O accesses (IN & OUT Host context Guest context
instructions)
- Trap into VMM kernel
- Force a context switch back Virtual PC
to the host context where Guest User Code
device emulation module
is invoked Device
3
- “Fast I/O handlers” can be Emulation
Module
called from within the VMM
3
context
Guest Kernel
- Some OUTs can be batched 1

MMIO accesses Host Kernel VMM

Driver
0 1
- Caught in VMM’s page OUT instr. Guest HAL
fault handler Context Switch GPF trap
0 Host HAL 0 VMM Kernel
- Very expensive
Host Physical Machine
 VM Components
VMM Kernel Host context Guest Context

Thin layer, all in assembly

Virtual Virtual
Code executed at ring-0 PC Server

Exception handling
External Interrupt pass- Guest Code
through
Page table maintenance
Located within a 32MB area Virtual
of address space known as Machine
the “VMM work area” “Additions”

Work area is relocatable Host

NDIS VMM
Kernel Driver Driver
One VMM instance per VMM Kernel
virtual processor
Host Physical Machine
VM Components
VMM Driver
Host context Guest context
- Provides kernel-level VM-related
services
- Create Virtual Machine Virtual Virtual
PC Server
- Create Virtual Processor
- Execute Virtual Processor
Guest Code
- Implements context switching
mechanism between the host
and guest contexts
- Loads and bootstraps Virtual
the VMM kernel Machine
- “Additions”
Much of the security work we’ve
done recently involved Host
Kernel NDIS VMM
repackaging the VMM kernel Driver Driver
code into the VMM driver VMM Kernel

Host Physical Machine

VM Execution Loop
Host code repeatedly calls ExecuteVirtualProcessor

VMM acts as “co-routine” (i.e. VMM state is saved and

restored each time ExecuteVirtualProcessor is called)

Cycles spent inside guest context are counted against the

calling thread
Host code can control how much time is spent in guest

Return code indicates why ExecuteVirtualProcessor returned

Time slice complete
IN or OUT instruction encountered
HLT instruction encountered
Virtualized Hardware
Memory (up to 4 GB)
Virtual Hard Disks
(3 VHD – upto 16 GB/vhd)
CD/DVD drive
Floppy drive
Serial ports (COM1, COM2)
Paralell port (LPT1)
Networking (4 NICs)
Sound
Display
No USB support
Terms
Term Description
Virtual Machine The virtual hardware environment provided by Virtual PC 2004
Host OS The operating system that is installed on the physical computer
Physical Computer The actual hardware that is being used and where Virtual PC 2004 is
installed
Guest OS The Operating software that is installed on the virtual machine
Virtual network A network created in software
Virtual Machine Software loaded on the guest operating system that provided increased
Additions functionality and performance enhancements
Virtual CDROM A CDROM implemented in software that can share the physical
computer CDROM or access ISO images
VHD Virtual Hard Disk (VHD) is the file on the physical computer that a virtual
machine uses as a hard disk and perform all the reads and writes
VMC Virtual Machine Configuration (VMC) file is where all the settings for a
virtual machine are stored
Shared Folders The ability to use a folder on the host as a mapped drive letter in the
virtual machine
Drag and Drop The ability to drag files or folders between the virtual machine and the
host
Extended Page Tables (EPT)
A VMM must protect host physical memory
Multiple guest operating systems share the
same host physical memory
VMM typically implements protections through
“page-table shadowing” in software

Page-table shadowing accounts for a large portion

of virtualization overheads

Goal of EPT is to reduce these overheads

 What Is EPT?
CR3 EPT Base Pointer (EPTP)

Host Physical Address

Guest Physical Address
Guest Linear Address Guest IA-32 Extended
Page Page
Tables Tables

Extended Page Table

A new page-table structure, under the control of the VMM
Defines mapping between guest- and host-physical addresses
EPT base pointer (new VMCS field) points to the EPT page tables
EPT (optionally) activated on VM entry, deactivated on VM exit
Guest has full control over its own IA-32 page tables
No VM exits due to guest page faults, INVLPG, or CR3 changes
EPT Translation: Details
CR3 Guest Linear Address
Host Physical Address

Page
Directory Page Table
EPT
Tables
EPT
+
Tables

+ EPT Tables

Guest
Physical
Page Base Guest Physical
Address Address

All guest-physical memory addresses go through EPT tables

(CR3, PDE, PTE, etc.)
Above example is for 2-level table for 32-bit address space
Translation possible for other page-table formats (e.g., PAE)
Direct Execution
In some processor modes, it’s safe to use direct execution,
others require emulation

Real Mode Emulation

Virtual 8086 (v86) mode Direct Execution

Protected Mode Ring 3 Direct Execution (with a few exceptions)

Protected Mode Ring 0 Emulation, unless known to be safe

Direct Execution
“Ring Compression”
Guest ring-0, 1, 2 code is executed at ring 1
Guest ring-3 code is executed at ring 3
Provides correct MMU protection semantics (since ring 0-2 can
access privileged pages)

Direct execution of ring-0 code is only allowed if the VMM is

notified that it’s “safe”
This requires patching certain “dangerous” instruction sequences in
the Windows kernel and HAL
Patching is performed at runtime in memory only
Patches are different for each version of Windows kernel & HAL
Guest OS Patching
Runtime Guest OS Patching
Replace synthetic instructions with subroutine calls
This technique prevents us from exposing internal VMM
implementation details to OS vendors. We can change the
subroutine implementations in the future.

Original Code With Synthetic Instructions With Runtime Patches

pushfd vmpushfd call _vmpushfd

cli vmcli call _vmcli
mov eax,[ebp+8] mov eax,[ebp+8] mov eax,[ebp+8]
call [eax] call [eax] call [eax]
popfd vmpopf call _vmpopfd
ret ret ret

This patched sequence is correct and fast

Emulated Hardware
Component Virtual machine emulated
hardware
BIOS AMI BIOS using Intel 440BX rev B
chipset
CPU Same as host
Chipset Intel 440BX
Network adapter DEC/Intel 21140A (10/100)
(multi-function)

Video card S3 Trio 32/64 PCI with 8 MB Video RAM

Soundcard Creative Labs Sound Blaster 16 ISA Plug

and Play
Virtual Disks
Types of virtual disks
Dynamically expanding virtual disk
Fixed virtual disk
Differencing
Linked drive - use a host partition

Default is dynamic – 16GB

35KB when created on disk, expands as you write data
to it

Use Virtual Disk Wizard to pre-create other disk types

Undo Disks

Allows all changes from power-on to be saved,

committed or discarded
Reboots are not affected

Enabled per virtual machine, applies to all disks

Writes are made to a separate undo file per disk

Virtual Machine States
Running states
Pause
Save State
Turn off
Shutdown the Guest OS

Undo disks add these states

Save State and save changes
Save State and commit changes
Turn off and Save changes
Turn off and discard changes
Virtual PC Features
Benefits and Usage Scenarios
Ease application migration
Run older legacy applications while migrating to a new operating
system
Pilot and test new operating systems in a controlled, fail-safe
environment
Technical support
Support multiple operating systems on a single computer without
rebooting the computer or buying additional computers
Set up numerous user-specific configurations on a single computer
for real-time scenario testing and evaluation
Training
Train people on any operating system without purchasing
additional computers
Dramatically reduce classroom turnaround time by instantly
switching configurations
Restore students’ crashed operating systems with a mouse-click
Virtual PC Features
Benefits and Usage Scenarios

Quality Assurance
Test and document software on different operating
systems on one computer
Compare application look and feel in multiple
environments simultaneously
Test potentially unstable prerelease software in a safe,
isolated environment
Accelerate application development
Increase QA by testing on multiple OSs using VMs
Decrease time-to-market with less reconfiguration
Do more in less time
Run multiple OSs on a single physical computer
Reduces the number of physical computers needed
Virtual PC Features
Key Features

Configurability
Adjust settings and allocate resources
Easy installation
No reboot required
Standardization
Avoid hardware conflicts
Convenience
Switch between OSs as easily as any application
Host integration
Drag and drop between guest and host
Virtual PC Features
Using Virtual Machines
Virtual Networking
Up to 4 NICs per virtual machine
Network Modes
Not Connected
Local Only (virtual machines only)
VM communicates with other VMs on the Local Only
network
External NIC (Virtual Networking)
Each VM appears to be a separate entity on the
network
Use a MS Loopback adapter to get internal only traffic
between host and virtual machine
Networking
Virtual Networking vs Local only

Virtual
Machine
#1
Virtual Host NIC
Network
Virtual
Machine
#2 External
Ethernet
Networking

Server

Virtual PC
Virtual
Machine Translators
Network
Host TCP/IP
Address
Connection
Translator
Virtual Machine Additions
Improved operating system performance
Drag and drop
Clipboard sharing
Shared folders
Integrated mouse
DOS CD-Rom support
Optimized video drivers
Time synchronization
Dynamic resizing of VM window
 Today’s Uses
Virtualization addresses today’s IT concerns

Server Consolidation Test and Development

VM1 VMn VM1 VMn VM1

App … App App … App App App

OS OS OS OS OS OS

HW0 HWn VMM VMM

HW HW

10:1 in many cases Enables rapid deployment

Virtualization Capabilities
Workload Isolation Workload Consolidation
App1 App2 App1 App2 App1 App2 App1 App2

OS OS OS OS1 OS2 OS1 OS2

HW VMM HW1 HW2 VMM

HW HW

Workload Migration Workload Embedding

App App App App

OS OS OS1 OS2

VMM VMM VMM VMM VMM

HW1 HW2 HW1 HW2 HW

Virtualization has powerful capabilities

Virtualization Today
Summary Of Challenges
Complexity
CPU virtualization requires binary translation or paravirtualization
Must emulate I/O devices in software
Functionality
Paravirtualization may limit supported guest OSes
Guest OSes “see” only simulated platform and I/O devices
Reliability and Security
I/O device drivers run as part of host OS or hypervisor
No protection from errant DMA that can corrupt memory
Performance
Overheads of address translation in software
Extra memory required (e.g., translated code, shadow tables)
Create a new VM
Review Virtual PC settings
Launch a VM