Virtual Machine Technology Introduction 3-virtual machine technology at the operating system layer

A typical application running environment includes the operating system, user function library, file system, and environment settings. If a running environment contains all these key components, the application itself cannot distinguish whether it is running in a physical system or a virtual system. The main idea of the virtualization technology at the operating system layer lies in this: dynamically copying the software runtime environment on the host operating system to create multiple virtual systems.

Jail [1, 2] is the operating system-layer Virtual Machine Technology on FreeBSD. It divides the operating system into multiple independent environments, called jail. Each jail can independently manage typical operating system resources, such as processes, file systems, and network resources. The user's access to resources is restricted within the user's jail. Jail is created by calling the jail system. All Sub-processes of the first process in jail belong to the jail. No process can belong to multiple jail at the same time. Jail virtualization technology has some application value in isolating applications.

The zone technology [3, 4] provided by the Solaris operating system also uses a similar mechanism. A region is a virtual operating system environment created in a single instance of the Solaris operating system. It is a partition technology used to virtualize operating system services, the purpose is to provide a secure isolation environment for carrying and running various applications. There are two types of regions: Global zone and non-Global zone ). The Solaris installation process guided by the system hardware is installed in a global region, and only one global region can be run in a system. Global region administrators can use zonecfg and zoneadm to create non-global regions. Global zones control installation, maintenance, operations, and damages for all non-global zones. The Solaris region function provides virtual service and namespace isolation for processes running in non-global zones. It isolates processes running in a non-global region from those running in other regions, this isolation prevents processes running in a non-global region from monitoring or affecting processes running in other regions. For processes running in non-global regions, they cannot be viewed or affected even if they have super user permissions. The region also provides an abstraction layer to separate the physical properties of the application and the computer on which the application is deployed, such as the physical device path and Network Interface Name.

Virtual Private server (VPs) [5] technology divides the operating system environment of the server into multiple isolated virtual running containers, which are called VPs. The administrator can allocate a specified amount of memory, disk, network bandwidth, and other resources to each VPs, and migrate the customer's virtual system between the physical server and the virtual environment or physical server. VPs has good applications in server integration and resource utilization improvement of websites.

Figure 2.4 user mode Linux architecture

UML (user mode Linux) [6-8] is an open source project that enables a Linux instance to run on another Linux instance as an independent process, it is a virtualization method that runs multiple Linux instances at the same time. UML does not require any additional virtualization software. It only needs to install patches on the Linux kernel source code. The UML patch converts the Linux standard kernel into an operating system that can be executed as an independent process. When running the UML kernel, You need to assign it a complete file system. The new system kernel runs as a user-mode application. As shown in UML architecture 2.4, the UML kernel receives System Call requests from applications and sends them to the host Linux kernel for processing. Because the UML kernel and the user-state process are in the same address space, you need to place the kernel code and data segments where the UML process is generally not used. To allow UML to share kernel data, the UML kernel is mapped to a file and then mapped to the UML process. Currently, UML is mainly used for system software debugging and testing.

 References

[1] Kamp p H, Watson R n. jails: confining the omnipotent root [C]. 2nd International System Administration and network engineering conference (sane '00), 2000. 2000: 1-15.

[2] Evan S. Securing FreeBSD using jail [J]. sys admin. 2001, 10 (5): 31-37.

[3] Price D, Tucker. solaris zones: operating system support for scaling lidating into cial workloads [C]. usenix 18th large installation system administration conference (Lisa '04), 2004. 2004: 241-254.

[4] Tucker a, Comay D. solaris zones: Operating System Support for server validation lidation [C]. usenix 3rd Virtual Machine Research and Technology Symposium (Vm "04), 2004. 2004: 1-2.

[5] Linux-vserver, http://linux-vserver.org [Z].

[6] dike J. A user-mode port of the Linux kernel [C]. proceedings of the 4th Annual Linux showcase & Conference, Atlanta, Georgia, USA, 2000. atlanta, Georgia, USA: 2000: 7-16.

[7] hoxer h j, buchacker K, Sieh v. implementing a user-mode Linux with minimal changes from original kernel [C]. proceedings of the 2002 International Linux System Technology Conference, 2002. 2002: 72-82.

[8] Jeff D. User Mode Linux [M]. Prentice Hall, 2006.