Transcript Understanding Intel® Virtualization Technology (VT) Narendar B. Sahgal Director, Initiative Planning Digital Enterprise Group Intel Corporation Dion Rodgers Sr.

Understanding
Intel® Virtualization Technology (VT)
Narendar B. Sahgal
Director, Initiative Planning
Digital Enterprise Group
Intel Corporation
Dion Rodgers
Sr. Principal Engineer
Session Outline
Virtualization
Capabilities and usage models
Intel® Virtualization Technology (VT)
Challenges of IA CPU virtualization today
VT eliminates challenges by design
VT-x technical overview
VT Roadmap
Call to Action
Virtual Machine Monitors (VMMs)
VM0
Virtual
Machines
(VMs)
App0
Guest OS0
VM1
VMn
App1
Guest OS1
...
Appn
Guest OSn
Virtual Machine Monitor (VMM)
Platform HW
Memory
Processor/CS
I/O Devices
VMM is a layer of system software
Enables multiple VMs to share platform hardware
Allows Apps to run without modifications
Virtualization Capabilities
Workload Isolation
App1
App2
App1
OS
OS
Workload Consolidation
App2
App1
App2
App1
App2
OS
OS1
OS2
OS1
OS2
HW1
HW2
VMM
HW
HW
Workload Embedding
Workload Migration
App
App
App
OS
OS
OS1
VMM
HW1
VMM
HW2
VMM
HW1
VMM
HW
VMM
HW2
App
OS2
VMM
HW
Virtualization has powerful capabilities
CLIENT
Legacy SW Support
Training/QA
Activity Partitioning
Manageability
…
SERVER
Virtualization Usage Models
Server Consolidation
Failover infrastructure
Flexible Datacenter
Manageability
…
Consolidation
Consolidation
Isolation
Isolation
Migration
Embedding
Consolidation
Migration
Migration
Isolation
Migration
Embedding
Virtualization has a broad range of usages
What is Intel® Virtualization Technology ?
Formerly known by the codenames Vanderpool* & Silvervale*
VT is a set of hardware enhancements to Intel server and
client platforms
VT is designed to simplify virtualization software
Virtualization brings new end user value and new
differentiation opportunities
VT-x and VT-i are the first in the VT series of Intel
processor and chipset innovations
VT-x refers to IA-32 CPU virtualization enhancements
VT-i refers to IPF CPU virtualization enhancements
"We are on record as saying that VT is the most
significant change to PC architecture this decade"
Martin Reynolds, Gartner Senior Analyst – eWeek September 9, 2004
Challenges of Running a VMM
OS and Apps in a VM
don't know that the
VMM exists or that they
share CPU resources
with other VMs
VM0
App
VM1
App
...
App
Guest OS0
App
...
VM Monitor
Platform Hardware
App
...
App
Guest OS1
VMM should isolate
Guest SW stacks from
one another
VMM should run
protected from all
Guest software
VMM should present a
virtual platform interface
to Guest SW
SW Solution: Guest Ring Deprivileging
Run Guest OS above Ring-0 and
have privileged instructions
generate faults...
VM0
App
Run VMM in Ring-0 as a
collection of fault handlers
VM1
App
...
App
Guest OS0
App
...
App
...
App
Guest OS1
Top IA Virtualization Holes :
• Ring Aliasing
• Non-trapping instructions
• Excessive Faulting
• Interrupt Virtualization Issues
• CPU state context switching
• Addr Space Compression
VM Monitor
Platform Hardware
Complex Software Techniques :
• Source guest OS Modifications
• Binary guest OS Modifications
Virtualization of current IA CPUs
requires complex software workarounds
Intel® Virtualization Technology
VM0
App
Guest SW runs deprivileged
in a new operating mode:
VM1
App
...
App
Guest OS0
App
...
VM Monitor
Platform Hardware
App
...
App
Guest OS1
• Apps run deprivileged in ring 3
• OS runs deprivileged in ring 0
• VMM runs in new mode with full privilege
VMM preempts execution of Guest
SW via new HW-based transition
mechanism
By design, VT eliminates virtualization holes and
the need for complex software workarounds
VT-x Overview
Operating modes
Guest SW  VMM Transitions
Virtual-machine control structure
Principal causes of VM Exits
Benefits
Operating Modes
VMX root operation:
Fully privileged, intended for VM monitor
VMX non-root operation:
Not fully privileged, intended for guest software
Reduces Guest SW privilege w/o relying on rings
Solution to Ring Aliasing and Ring Compression
VM Entry and VM Exit
VM Entry
Transition from VMM to Guest
Enters VMX non-root operation
Loads Guest state and Exit criteria from VMCS
VMLAUNCH instruction used on initial entry
VMRESUME instruction used on subsequent entries
VM Exit
VMEXIT instruction used on transition from Guest to VMM
Enters VMX root operation
VM0
VM1
Saves Guest state in VMCS
App
App ... App
App
Loads VMM state from VMCS
...
Guest OS0
VM Exit
App
...
App
Guest OS1
VM Entry
Physical Host Hardware
VM Monitor
VT-x Operations
VM 1
VMX
Non-root
Operation
VM Exit
VMX Root
IA-32
Operation
VM 2
VM n
Ring 3
Ring 3
Ring 0
Ring 0
Ring 0
VMCS
1
VMCS
2
VMCS
n
Ring 3
VMRESUME
VMLAUNCH
VMXON
Ring 0
...
Ring 3
Virtual Machine Control Structure (VMCS)
VMCSs are Control Structures in Memory
Only one VMCS active per virtual processor at any
given time
VMCS Payload:
VM execution, VM exit, and VM entry controls
Guest and host state
VM-exit information fields
VMCS Format not defined and may vary
VMPTRLD: Establishes a pointer to a desired VMCS
VMREAD/VMWRITE: New VMCS Access instructions
Principal Causes of VMEXIT
Paging state exits allow page-table control
CR3 accesses, INVLPG cause exits
Selectively exit on page faults
CR0/CR4 controls allow exiting on changes to selected bits
State-based exits allow function virtualization
CPUID, RDMSR, WRMSR, RDPMC, RDTSC, MOV DRx
Selective exception and I/O exiting reduce
unnecessary exits
32-entry exception bitmap, I/O-port access bitmap
Controls provided for asynchronous events
Host interrupt control allows delivery to VMM even when guest
blocking interrupts
Detection of guest inactivity to support VM scheduling
HLT, MWAIT, PAUSE
Benefits: VT Helps Improve VMMs
VT Reduces guest OS dependency
Eliminates need for binary patching / translation
Facilitates support for Legacy OS
VT improves robustness
Eliminates need for complex SW techniques
Simpler and smaller VMMs
Smaller trusted-computing base
VT improves performance
Fewer unwanted Guest  VMM transitions
VT Client Roadmap
2005 Lyndon*
Intel® Pentium® 4 Processor
945G Chipset
HT, XD, EM64T, EIST, Intel AMT, VT
2006 Averill*
Intel Pentium 4 Processor & DC
Broadwater Chipset
2005 features plus Intel AMT2, LT
2005 Intel Centrino™ Mobile Technology
Intel Pentium M Processor
Intel 915 Chipset Family
Intel PRO Wireless Network Connection 2915ABG & 2200BG,
XD, EIST
2006 Napa*
Mobile Dual Core Processor code-named “Yonah”
Chipset code-named “Calistoga”
Wireless LAN solution code-named “Golan”
2005 features plus VT, Intel AM
VT Server Roadmap
2005 - 2006
2 Socket
Millington / DP Montvale
Intel® 8870, Enabled
Dual Core, MT, Foxton, Pellston, VT
2005 - 2006
≥ 4 Socket
Montecito / Montvale
Intel® 8870 / Enabled
MT, Foxton, Pellston, VT
2 Socket
2006 Bensley*, Glidewell*
Dempsey
Blackford & Greencreek
2005 features plus VT, IAMT, I/OAT
VT Ecosystem
Intel plans to ship VT-based platforms as follows:
Intel® Desktop and Itanium® 2 platforms in 2005
Intel® Xeon™ and Intel® Centrino™ mobile platforms in
1H ’06
VT features require support from VMM providers
and a few selected infrastructure vendors. Most
ISVs won’t need to do anything for VT
All major VMM providers have embraced VT
Intel working with Microsoft and others to enable the
software ecosystem for VT
Call to Action:
VMM vendor/developer:
Learn how to harvest VT benefits
Seek new business opportunities by teaming with
OEMs/ISVs
PC/Server OEM:
Learn more about virtualization usage models
Identify differentiation opportunities in your markets
Prepare for productization of VT
Application, Service, or Solution provider:
Consider the implications and new opportunities to
your product line and market
Explore new business opportunities on a virtualized
platform
Additional Resources
For specs / whitepapers / web resources:
www.intel.com/technology/vt
For discussions on VT opportunities:
fernando.martins @ intel.com
Community Resources
Windows Hardware & Driver Central (WHDC)
www.microsoft.com/whdc/default.mspx
Technical Communities
www.microsoft.com/communities/products/default.mspx
Non-Microsoft Community Sites
www.microsoft.com/communities/related/default.mspx
Microsoft Public Newsgroups
www.microsoft.com/communities/newsgroups
Technical Chats and Webcasts
www.microsoft.com/communities/chats/default.mspx
www.microsoft.com/webcasts
Microsoft Blogs
www.microsoft.com/communities/blogs