Presentation on theme: "Virtualization: An Overview Brendan Lynch. Forms of virtualization In all cases virtualization is taking a physical component and simulating the interface."— Presentation transcript:
Forms of virtualization In all cases virtualization is taking a physical component and simulating the interface through multiplexing, aggregation, and/or emulation. VMs can exist at the application level as well as the hardware level. – Process VMs, System VMs and simply virtualized resources.
System VMs Critical aspect of cloud computing and utility computing in general. – Pooling resources for higher utilization is a requirement of utility computing. – In a cloud this allows higher elasticity and system security
Virtual Machine Monitor - VMM A thin middleware that manages virtual machines. The VMM facilitates all operations between the host and guest system. – The guest system is an OS; the host system can be another OS or actual hardware or virtualized hardware.
VMM - continued Guest Operating systems run all OS operations through the virtual hardware. – These calls are ‘trapped’ by the VMM and run on the host system. This layer of abstraction can greatly increase security. – In the case of a host OS all the VMM does is scan these instructions and send them to the host OS for scheduling. – Hardware VMMs must provide all scheduling, I/O ect.
VMM - continued This extra layer between the host/guest incurs additional overhead. This cost is in addition to the hardware being simulated. Benefits include: exclusive access to declared resources, system isolation for security, easy scalability for deployment, and performance monitoring optimizations.
Security Risk The biggest concerns associated to off-site storage are the ones we can not control: – Physical security of components – What is the level of security of the overall system? Am I running on the hardware? Is the host OS secure?
Security Risk cont. VMM based threats: – Starvation: Is my VM being context swapped, what does this do too performance. Malicious VMs can attempt to bypass resource limits – VM side-channel attacks VM maliciously/non-maliciously flooded from other VM communications – As mentioned earlier vulnerabilities could exist at a lower level. The VM is helpless to these attacks.
Conclusions Virtual machines and VMMs are a requirement of utility computing. Trust must exist in the hardware/host OS owner that the system is kept secure. Virtual machines allow high levels of hardware utilization and provide portability. – HLL level portability and OS image level portability.