OS - New York Enterprise Windows Users Group

advertisement
 INFORMATION IN THIS DOCUMENT IS PROVIDED IN
CONNECTION WITH INTEL® PRODUCTS. EXCEPT AS PROVIDED
IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH
PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND
INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY
RELATING TO SALE AND/OR USE OF INTEL PRODUCTS,
INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS
FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR
INFRINGEMENT OF ANY PATENT, COPYRIGHT, OR OTHER
INTELLECTUAL PROPERTY RIGHT.
 INTEL MAY MAKE CHANGES TO SPECIFICATIONS, PRODUCT
DESCRIPTIONS, AND PLANS AT ANY TIME, WITHOUT NOTICE.
 ALL DATES PROVIDED ARE SUBJECT TO CHANGE WITHOUT
NOTICE.
1
Intel® Virtualization
Technology:
Strategy & Evolution
Buzz Schadel
Senior Strategist
Software Solutions Group
Agenda
Virtualization in Enterprise Computing
System Virtualization Today
Intel® Virtualization Technology (VT)
Future VT Directions
Intel Virtualization Roadmap
*Third party marks and brands are the property of their respective owners
3
Why Virtualization?
“…enterprises should be evaluating
virtualization technology NOW.”
Improved Capabilities
“Virtualization technologies will
increase the ability to effectively
consolidate to larger servers.
…Virtualization technologies will
also make distributed small servers
easier to manage, re-provision
and use efficiently.”
Quote from: The Future of Server
Acquisition and Deployment, Andrew
Butler, Vice President & Research
Area Leader, Server Technologies,
Gartner*, March 2004.
Lower Costs
“Enterprises that do not leverage
virtualization will pay up to 40
percent more in acquisition
costs by 2008, and roughly 20
percent more in administrative
costs…”
Quotes from: The Future of Server Virtualization, T.
Bittman, Gartner* Research Note, July 2003.
Business Competitiveness is a key driver
for broad adoption and deployment
*Third party marks and brands are the property of their respective owners
4
Market Drivers and Trends for
Consolidation
 Key Motivators
– Reduce TCO; (Gartner Survey, 48%)
– Gain control and manage
systems better; (Gartner Survey,
44%)
 Figures on TCO reduction
– Hardware: 28 – 53%
– Operations: 72 – 79%
– Total: 29 – 64%
Source: VMware Analysis, TCO White Paper
– Deliver better service and agility
for the Service Oriented
Enterprise; (Gartner Survey, 7%)
Consolidation Trend
5%
7%
28%
Source: Gartner
Datacenter Survey
60%
 Trends
– 59% of F1000 Companies are
using server consolidation (TIP
research)
60% - Consolidation Underway
28% - Consolidation Planning (considering)
5% - Consolidation Done
7% - No Plans
TCO reduction, Manageability, Agility are all
catalysts for server consolidation
*Third party marks and brands are the property of their respective owners
5
Virtual Machine Monitors (VMMs)
VM0
Virtual
Machines
(VMs)
App0
Guest OS0
VM1
VMn
App1
Guest OS1
...
Appn
Guest OSn
Virtual Machine Monitor (VMM)
Platform HW
Memory
Processor/CS
I/O Devices
 VMM is a layer of system software
– Enables multiple Virtual Machines to share platform
hardware
– Allows Apps to run without modifications
*Third party marks and brands are the property of their respective owners
6
Virtual Machine Monitor – What It Does
Apps
Apps
Apps
OS
…
Apps
Apps
Apps
Apps
Apps
Apps
OS
OS
Min
Virtual Machine Monitor
Platform Hardware
 Emulates a complete hardware environment
 Isolates execution in each virtual machine
 Allocates platform resources
 Encapsulates software stacks
*Third party marks and brands are the property of their respective owners
7
Virtualization Capabilities
Workload Consolidation
Workload Isolation
App1
App2
App1
App2
OS1
OS2
OS1
OS2
HW1
HW2
App1
VMM
App2
OS
App1
App2
OS
OS
HW
VMM
HW
HW
Workload Embedding
Workload Migration
App
App
App
OS
OS
OS1
App
OS2
VMM
VMM
VMM
VMM
VMM
HW1
HW2
HW1
HW2
HW
*Third party marks and brands are the property of their respective owners
8
Data Center Design Evolution
App1
App2
App3
Business Agility
Isolation
Centralization
App1
App2
App3
OS
OS1
OS2
OS3
HW
HW1
HW2
HW3
App1
App2
App3
OS1
OS2
OS3
VMM
VMM
HW
HW
• Reduce Capital and Operation costs
• Ease of Management
• Flexible Failover Infrastructure
• Policy-Based Workload Balancing
• Maximized Utilization
• Rapid Provisioning
• Business Continuity
• Higher Server Density
• Finer Workload Granularity
Virtualization enables Business Agility in Data Centers
*Third party marks and brands are the property of their respective owners
9
Embedded IT Management Appliance
Embedded SW Stack
controlled by IT
Mgmt VM
User VM
User Visible
Applications
IT Mgmt
Applications
User OS
Mgmt Agents run
protected from Users:
Mgmt OS
VMM
Platform HW
Isolated Execution
Intel®
VT
Intel®
AMT
NIC
Network isolation:
Virtual Network activity can be
restricted by Mgmt VM
•Firewall/ Packet
Inspection
•Provisioning / Reprovisioning
•Recovery/Patch
•Failure Prediction
•…
Virtualization enables Embedded Appliances in Clients
*Third party marks and brands are the property of their respective owners
10
Enterprise Computing Trends
 Server Consolidation increasing Server
utilization and VM granularity
“Robust
solutions combined
withworkload
VT and Dual– ServerVMware
consolidation
is a parallel
Core technology stand to drive virtualization even more
– mainstream.”
VT & Multi-core further extend max capacity
– Ease of VM deployment increases granularity
Brian Byun
Vice President of Strategic Alliances, VMware
 Virtualization extending beyond single server
– Mainstream workloads will run virtualized
– New Enterprise management technologies emerging
– Data Center == Virtual pool of computing resources
VT and Multi-core will drive virtualization to mainstream
*Third party marks and brands are the property of their respective owners
11
IA-based System Virtualization Today
*Third party marks and brands are the property of their respective owners
12
VMM Software Architecture Options
Hypervisor Architecture
VM0
VM1
Guest OS
and Apps
Guest OS
and Apps
OS-hosted Architecture
User-level VMM
VMn
...
Guest OS
and Apps
Hypervisor
VMn
VM0
User
Apps
Device
Models
Guest OS
and Apps
Host OS
Device Models (Top)
Device Drivers (Bottom)
Host HW
Device
Drivers
Ring-0 VM Monitor
“Kernel”
Host HW
 Stand-alone “Hypervisor”
architecture provides its own
device drivers and services
 “OS-hosted” architecture
leverages device drivers and
services of a “host OS”
Intel VT Goal: Support both styles of VMM Architecture
*Third party marks and brands are the property of their respective owners
13
Case Study: IA-32 Virtualization Holes
Ring 3
Ring 1
Guest
Apps
Expose that
guest
OS is
running
in ring 1
Guest
OS
PUSH CS/SS
CALL
Ring 0
LAR
LSL
VERR
VERW
Non-trapping
writes of
privileged
state
POPF
Guest
Apps
CPUID
SYSENTER
Guest
OS
Non-trapping
Reads of
Privileged
State
SGDT
SIDT
SLDT
STR
CLI
STI
VMM
Incorporate current ring #
in computation
(issues if executed in ring 1)
Unable to access “hidden”
segment-register state
on VM context switch
Excessive Faulting
Common Virtualization Technique: “Ring Deprivileging”
*Third party marks and brands are the property of their respective owners
14
Closing Virtualization Holes
 Method 1: Paravirtualization Techniques
– Modify guest OS to work around virtualization holes
– Typically limited to OSes that can be easily modified
 Method 2: Binary Translation or Patching
– Modify guest OS binaries “on-the-fly”
– Extends range of supported OSes, but is complex:
– HW limitations require Self-modifying code, translation
caching, etc.
– Certain forms of excessive trapping remain
– SYSENTER example
*Third party marks and brands are the property of their respective owners
15
IA Virtualization Today:
Summary of General Challenges
 Complexity
– CPU “virtualization holes” require binary translation or paravirtualization
– Must emulate IO devices in software
 Performance
– Extra memory required (e.g., translated code, shadow page tables)
– Overheads of page-table virtualization
– IO requests must traverse two IO stacks (first guest OS, then host OS)
 Functionality
– Paravirtualization may limit supported guest OSes
– Guest OSes “see” only simulated platform and IO devices
 Reliability and Protection
– IO device drivers run as part of host OS or hypervisor
– No protection from errant DMA that corrupts memory
*Third party marks and brands are the property of their respective owners
16
Intel® Virtualization Technology
*Third party marks and brands are the property of their respective owners
17
Intel® Virtualization Technology Evolution
Assists for IO-device sharing
(e.g., multi-context IO devices, etc.)
Vector 3:
IO Focus
Today’s Focus Topics
Hardware assists for translated phys-mem access:
• Support for IO-device assignment to VMs
• DMA Remapping Mechanism
Vector 2:
Chipset Focus
Vector 1:
Processor Focus
VMM
Software
Evolution

VT-x
VT-i
Software-only VMMs
• Binary translation
• Paravirtualization
Today: No HW support
Close basic processor
“virtualization holes” in
IA-32 and IPF
processors
On-going evolution of processor virtualization
assists, some micro-architectural, others
architectural (e.g., extended page
tables, EPT)
Simpler and more
secure VMM through
use of hardware
support
Better IO/CPU perf
and functionality via
hardware-mediated
access to memory


Richer IO-device
functionality and IO
resource sharing
VMM evolution over time with hardware support
VT capabilities evolve to enhance platform virtualization
in sync with VMM software evolution
*Third party marks and brands are the property of their respective owners
18
IA-32 Processor Virtualization with VT-x
 Two new VT-x operating modes
– Less-privileged mode (VMX nonroot) for guest operating systems
– More-privileged mode (VMX root)
for monitor
 Two new transitions
– VM entry enters VMX non-root
operation
– VM exit enters VMX root operation
Virtual Machines (VMs)
Ring 3
Apps
Apps
Ring 0
OS
OS
VM Exit
VMX
Root
VM Entry
VM Monitor (VMM)
 Execution controls determine when exits occur
– Access to privilege state, occurrence of exceptions, etc.
– Flexibility provided to minimize unwanted exits
 VM Control Structure (VMCS) controls VT-x operation
– Also holds guest and host state
*Third party marks and brands are the property of their respective owners
19
How VT-x Closes Virtualization Holes
New execution control
causes instruction to VM exit
Ring 3
(Non-Root
Operation)
Guest
Apps
Ring 0
(Non-Root
Operation)
Guest
OS
Root
Operation
VMM
Report that
guest OS
is running
at ring 0
(as expected)
PUSH CS/SS
CALL
No longer
need to trap
(EFLAGS.IF does
not control
interrupt masking)
LAR
LSL
VERR
VERW
Instructions report correct
values without requiring traps
(no ring deprivileging)
POPF
Guest
Apps
CPUID
SYSENTER
Guest
OS
SGDT
SIDT
SLDT
STR
CLI
STI
Clean context switching
supported through VM entry / exit
and VMPTRLD operations
(no “hidden” state)
Excessive Faulting Avoided:
- SYSENTER functions correctly
- CLI / STI behavior optimized
*Third party marks and brands are the property of their respective owners
20
No longer need
to trap these because
relevant registers
are atomically
context switched
on VM entry/exit
How VT-x Addresses Virtualization
Challenges
 Reduced Complexity
– Closing CPU virtualization holes simplifies VMM
software
– VT-based VMMs have smaller code footprint and
reduced memory requirements
 Improved Functionality
– Overcomes guest-OS limitations of
paravirtualization
– Support for 64-bit guests
VT-x has been embraced by the major VMM vendors
*Third party marks and brands are the property of their respective owners
21
Pervasive Ecosystem Support For Intel®
Virtualization Technology
Xensource
Red Hat
“Intel has contributed code to the Xen project to enable support for Intel® Virtualization Technology
(formerly code named Vanderpool), part of a collection of premier Intel technologies that can deliver
new and improved computing benefits for home users and for business users and IT managers”
VMware
http://www.linuxelectrons.com/article.php/20050301154245548
Hitachi
“VMware will incorporate product support for Intel's Virtualization Technology as it
becomes available in Intel microprocessors.”
http://www.vmware.com/news/releases/intel_vmware.html
“[Hitachi] is also first to announce the integration of Intel's virtualization technology (VT), formerly
code-named "Vanderpool" into its products. Hitachi was highlighted during last week's IDF as one
of Intel's key partners in producing and marketing Itanium systems”
http://www.tomshardware.com/hardnews/20050307_120431.html
Microsoft
Novel / SuSE
Novell today announced it will incorporate support for Intel Virtualization Technology
into future versions of SUSE® LINUX-based servers and desktops
www.novell.com
"We are on record as saying that Vanderpool is the most significant
change to PC architecture this decade,"
- eWeek, Martin Reynolds of Gartner 2004
*Third party marks and brands are the property of their respective owners
22
Future IA-32 CPU Virtualization Support
 Future versions of VT processor support
– Leverage flexibility of VT architecture to provide
enhanced features for IA-32 processor virtualization
 A few examples
– Descriptor Table Exiting (e.g., IDTR, GDTR, etc.)
– Preemption Timer (to improve VM scheduling)
– Extended Page Table (EPT)
 Details for the EPT example follow…
*Third party marks and brands are the property of their respective owners
23
Motivation for EPT
 A VMM must protect host physical memory
– Multiple guest operating systems share the same
host physical memory
– VMM implements protections through “page-table
virtualization”
 Page-table virtualization accounts for a large
portion of virtualization overheads
– VM exits due to: #PF, INVLPG, MOV CR3
 Goal of EPT is to reduce these overheads…
*Third party marks and brands are the property of their respective owners
24
What is EPT?
CR3
Guest Linear Address
EPT Base Pointer (EPTP)
Guest IA-32 Guest Physical Address
Page
Tables
Extended
Page
Tables
Host Physical Address
 Extended Page-Table
 A new page-table structure, under the control of the VMM
– Defines mapping between guest- and host-physical address spaces
– EPT base pointer (new VMCS field) points to the EPT page tables
– EPT (optionally) activated on VM entry, deactivated on VM exit
 Guest has full control over its own IA-32 page tables
– No VM exits due to guest page faults (#PF), INVLPG, or CR3 changes
*Third party marks and brands are the property of their respective owners
25
Intel® VT Futures: Chipset
*Third party marks and brands are the property of their respective owners
26
Some Models for IO Virtualization
Service VMs
IO
Services
Device
Drivers
Guest VMs
VMn
VM0
Guest OS
and Apps
VMn
VM0
Guest OS
and Apps
Guest OS
and Apps
VMn
VM0
Guest OS
and Apps
Guest OS
and Apps
Device
Drivers
Device
Drivers
IO Services
Device Drivers
Hypervisor
Shared
Devices
Hypervisor
Hypervisor
Assigned
Devices
Shared
Devices
 Pro: Small Hypervisor
 Pro: Higher Performance
 Pro: Highest Performance
 Pro: IO Device Sharing
 Pro: VM Migration
 Pro: IO Device Sharing
 Pro: VM Migration
 Pro: Smaller Hypervisor
 Con: No IO Sharing
 Con: Lower Performance
 Con: Larger Hypervisor
 Con: Migration Limits
All models benefit from flexible HW support
for IO-device assignment (DMA remapping)
*Third party marks and brands are the property of their respective owners
27
DMA Remapping: Example
DMA Requests
Device ID Guest Physical Address Length
Fault Reporting
Device
Partitioning
Structures
DMA Remapping
Engine
Address Translation
Structures for
Device P1
Domain A
Device P2
IOTLB
Address Translation
Structures for
Domain B
Context Cache
Memory Access with
Host Physical Address
Memory-resident IO Partitioning
& Translation Structures
*Third party marks and brands are the property of their respective owners
28
EPT and DMA Remapping Working Together
Virtual
Machines
Virtual Machine Monitor (VMM)
DMA Remap
Phys Mem
EPT
Logical
Processors
Assigned
IO Devices
Hardware Translation
Mechanisms under VMM Control
*Third party marks and brands are the property of their respective owners
29
How EPT and DMA Remapping
Address Virtualization Challenges
 Reduced Complexity
– No need for page-table shadowing in software
– Can avoid IO emulation for direct-mapped IO devices
 Improved Performance
– Hardware page-table walkers reduce address-translation overheads
– No need for shadow page tables (saves memory)
– Gives VMM option to direct-map IO devices to VMs (when desired)
 Improved Functionality
– Guest OS has direct access to modern physical device functions
(for direct-mapped case)
 Enhanced Reliability and Protection
– Device DMA constrained by translation tables
– DMA misfires logged and reported to software
*Third party marks and brands are the property of their respective owners
30
Intel Virtualization Roadmap
*Third party marks and brands are the property of their respective owners
31
Demonstrating Virtualization Leadership!
Increasing Level of Solution Proof Point
Clients, 2H’05
Servers, 1H’06
Product Launches
Top to bottom with Intel®VT
Fall IDF’05
17 Intel®VT based
demos, clients and
servers (9 platforms)
Spring IDF’05
Multiple Intel®VT
based demos, clients
and servers
Server proof of concept and deployments of virtualization with
production software-only VMM on Intel platforms
Fall’04 IDF Demo
“Four Activities”
Business Client Concept
Fall’03 IDF Demo
Video and Gaming
Consumer Client Concept
2003
2004
2005
2006
Demonstrating Intel® VT across All Intel platforms
*Third party marks and brands are the property of their respective owners
32
VT Client Platform Roadmap
2005 Lyndon
Intel® Pentium® 4 Processor
945G Chipset
HT, XD, EM64T, EIST, AMT, VT
2006 Averill
Intel Pentium 4 Processor & DC
Broadwater Chipset
HT, XD, EM64T, EIST, AMT2, VT
2006 Napa
Mobile Dual Core Processor code-named “Yonah”
Calistoga Chipset and Golan Wireless LAN
2005 features plus AMT and VT
Dates and products are subject to change without notice.
*Third party marks and brands are the property of their respective owners
33
2006 Montecito
Intel® 8870, OEM chipset
DC, HT, Pellston, VT
2006 Millington
≥ 4 Socket
Intel® 8870, OEM chipset
Dual Core, HT, VT
2006 Truland
2 Socket
2 Socket
≥ 4 Socket
VT Server Platform Roadmap
2006 Bensley
MP Processor codename “Paxville MP”
Intel® E8500 chipset
2005 features plus I/OAT, VT
DP Processor codename “Dempsey”
Chipset codename “Blackford”
2005 features plus AMT, I/OAT, VT
Dates and products are subject to change without notice.
*Third party marks and brands are the property of their respective owners
34
Summary and Call to Action:
 Intel® Virtualization Technology (VT)
– A comprehensive architecture roadmap designed to address
virtualization challenges in sync with VMM evolution
– VT launches with Pentium4® in Q405, followed by Centrino®, Xeon®,
and Itanium® platforms in 1H06
 Intel and VMM vendors are working in close collaboration
– VT and Multi-core will drive mainstream adoption of virtualization
 Take advantage of Intel platforms and VMM products to implement
virtualization:
–
–
–
–
VMware Workstation with VT support available now
VMware ESX with Dual Core support now and VT support in 2006
Microsoft Virtual Server support now and VT support in 2H/06
Xen with support for VT in Xen 3.0 and subsequent OSD products
For specs, papers & latest news: www.intel.com/technology/VT
*Third party marks and brands are the property of their respective owners
35
Thank You!
*Third party marks and brands are the property of their respective owners
36
 Novell
– http://www.novell.com/products/suselinux/application
development.html
 Xensource
– http://www.xensource.com/news/pr082305.html
*Third party marks and brands are the property of their respective owners
37
Download