fault tolerance: crash does not effect other systems
but: system running the hypervisor is single point of failure for all running VMs
hypervisor relatively robust though
isolation: security comprimieses do not effect other systems
efficient resource use: no dedicated hardware required
deployability: software may need specific SO, libraries
migration: freeze and suspend VM -> copy whole VM -> continue
Requirements for Virtualization
safety: hypervisor should have full control of virtualized resources
fidelity: program does not care wheter it is run virtually or bare metal
efficiency: hypervisor should not have to intervene often
Sensitive instructions ⊆ Privileged instructions
Sensitive instructions: Verhalten sich je nach ausführungsmodi unterschiedlich (IO, MMU Konfiguration, DMA einrichten)
Priviledged instructions: lösen trap aus wenn sie im user mode ausgeführt werden.
issue if privileged and nonprivileged instructions are not separated on old CPUs
modern CPUs use containers to run guest OS
Guest OS calls privileged operation -> trap -> hypervisor examines call and either carrys out the instruction or emulates reaction of bare metal
if HW doesn't support trapping all sensitive instructions
rewrite guest system on the fly to replace replace all sensitive but not privileged instructions
Binary Translation
Each basic block is examined and rewritten by virtualisation software before execution
Instructions that should trigger a trap but do not in the host system, are replaced with priviledged instructions so that the emulation routines are activated in the hypervisor
Live Migrations
a running VM is transfered to different hardware
(+) dynamically allocate load acros different systems
(+) maintenance work
Types of Hypervisors
Type 1
also called bare-metal hypervisor.
Hypervisor runs directly on hardware
all functions required to access hardware implemented in the hypervisor itself
Type 2
also called hosted hpervisor.
runs as a programm inside an OS
does not need to implement hardware management functionality itself
must share the host resources with the host operating system and other executed processes
(-) generally less performant
Paravirtualizsation
no full eumulation of hardware, instead modifying guest OS to interact more efficiently with underlying virtualizsation layer
machine-like interface for hypercalls to performe sensitive operations (updating page tables)
