SlideShare a Scribd company logo

isca10 virtual cloud infrastructure without virtualization

Download as PPTX, PDF
S
SuriaRao2

The document discusses 'nohype,' a cloud infrastructure approach that eliminates the hypervisor layer, reducing vulnerabilities associated with traditional virtualization. It explains the roles of hypervisors in managing virtual resources and outlines how nohype can enhance performance and security by directly managing hardware resources. The paper suggests that this model could be a solution to significant security concerns in cloud computing, paving the way for future advancements in hardware support.

Devices & Hardware
1 of 41
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
NoHype: Virtualized Cloud Infrastructure without the Virtualization Eric Keller, Jakub Szefer, Jennifer Rexford, Ruby Lee ISCA 2010 Princeton University
Virtualized Cloud Infrastructure • Run virtual machines on a hosted infrastructure • Benefits… – Economies of scale – Dynamically scale (pay for what you use)
3 Without the Virtualization • Virtualization used to share servers – Software layer running under each virtual machine Physical Hardware Hypervisor OS OS Apps Apps Guest VM1 Guest VM2 servers
4 Without the Virtualization • Virtualization used to share servers – Software layer running under each virtual machine • Malicious software can run on the same server – Attack hypervisor – Access/Obstruct other VMs Physical Hardware Hypervisor OS OS Apps Apps Guest VM1 Guest VM2 servers
5 Are these vulnerabilities imagined? • No headlines… doesn’t mean it’s not real – Not enticing enough to hackers yet? (small market size, lack of confidential data) • Virtualization layer huge and growing – 100 Thousand lines of code in hypervisor – 1 Million lines in privileged virtual machine • Derived from existing operating systems – Which have security holes
6 NoHype • NoHype removes the hypervisor – There’s nothing to attack – Complete systems solution – Still retains the needs of a virtualized cloud infrastructure Physical Hardware OS OS Apps Apps Guest VM1 Guest VM2 No hypervisor
7 Virtualization in the Cloud • Why does a cloud infrastructure use virtualization? – To support dynamically starting/stopping VMs – To allow servers to be shared (multi-tenancy) • Do not need full power of modern hypervisors – Emulating diverse (potentially older) hardware – Maximizing server consolidation
8 Roles of the Hypervisor • Isolating/Emulating resources – CPU: Scheduling virtual machines – Memory: Managing memory – I/O: Emulating I/O devices • Networking • Managing virtual machines
9 Roles of the Hypervisor • Isolating/Emulating resources – CPU: Scheduling virtual machines – Memory: Managing memory – I/O: Emulating I/O devices • Networking • Managing virtual machines Push to HW / Pre-allocation
10 Roles of the Hypervisor • Isolating/Emulating resources – CPU: Scheduling virtual machines – Memory: Managing memory – I/O: Emulating I/O devices • Networking • Managing virtual machines Push to HW / Pre-allocation Remove
11 Roles of the Hypervisor • Isolating/Emulating resources – CPU: Scheduling virtual machines – Memory: Managing memory – I/O: Emulating I/O devices • Networking • Managing virtual machines Push to HW / Pre-allocation Remove Push to side
12 Roles of the Hypervisor • Isolating/Emulating resources – CPU: Scheduling virtual machines – Memory: Managing memory – I/O: Emulating I/O devices • Networking • Managing virtual machines Push to HW / Pre-allocation Remove Push to side NoHype has a double meaning… “no hype”
13 Scheduling Virtual Machines • Scheduler called each time hypervisor runs (periodically, I/O events, etc.) – Chooses what to run next on given core – Balances load across cores hypervisor timer switch I/O switch timer switch VMs time Today
14 Dedicate a core to a single VM • Ride the multi-core trend – 1 core on 128-core device is ~0.8% of the processor • Cloud computing is pay-per-use – During high demand, spawn more VMs – During low demand, kill some VMs – Customer maximizing each VMs work, which minimizes opportunity for over-subscription NoHype
15 Managing Memory • Goal: system-wide optimal usage – i.e., maximize server consolidation • Hypervisor controls allocation of physical memory 0 100 200 300 400 500 600 VM/app 3 (max 400) VM/app 2 (max 300) VM/app 1 (max 400) Today
16 Pre-allocate Memory • In cloud computing: charged per unit – e.g., VM with 2GB memory • Pre-allocate a fixed amount of memory – Memory is fixed and guaranteed – Guest VM manages its own physical memory (deciding what pages to swap to disk) • Processor support for enforcing: – allocation and bus utilization NoHype
17 Emulate I/O Devices • Guest sees virtual devices – Access to a device’s memory range traps to hypervisor – Hypervisor handles interrupts – Privileged VM emulates devices and performs I/O Physical Hardware Hypervisor OS OS Apps Apps Guest VM1 Guest VM2 Real Drivers Priv. VM Device Emulation trap trap hypercall Today
18 • Guest sees virtual devices – Access to a device’s memory range traps to hypervisor – Hypervisor handles interrupts – Privileged VM emulates devices and performs I/O Emulate I/O Devices Physical Hardware Hypervisor OS OS Apps Apps Guest VM1 Guest VM2 Real Drivers Priv. VM Device Emulation trap trap hypercall Today
19 Dedicate Devices to a VM • In cloud computing, only networking and storage • Static memory partitioning for enforcing access – Processor (for to device), IOMMU (for from device) Physical Hardware OS OS Apps Apps Guest VM1 Guest VM2 NoHype
20 Virtualize the Devices • Per-VM physical device doesn’t scale • Multiple queues on device – Multiple memory ranges mapping to different queues Processor Chipset Memory Classify MUX MAC/PHY Network Card Peripheral bus NoHype
21 • Ethernet switches connect servers Networking server server Today
22 • Software Ethernet switches connect VMs Networking (in virtualized server) Virtual server Virtual server Software Virtual switch Today
23 • Software Ethernet switches connect VMs Networking (in virtualized server) OS Apps Guest VM1 Hypervisor OS Apps Guest VM2 hypervisor Today
24 • Software Ethernet switches connect VMs Networking (in virtualized server) OS Apps Guest VM1 Hypervisor OS Apps Guest VM2 Software Switch Priv. VM Today
25 Do Networking in the Network • Co-located VMs communicate through software – Performance penalty for not co-located VMs – Special case in cloud computing – Artifact of going through hypervisor anyway • Instead: utilize hardware switches in the network – Modification to support hairpin turnaround NoHype
26 Managing Virtual Machines • Allowing a customer to start and stop VMs Wide Area Network Request: Start VM Cloud Customer Cloud Provider Today
27 Managing Virtual Machines • Allowing a customer to start and stop VMs Wide Area Network Servers Request: Start VM Cloud Customer Cloud Provider . . . VM images Cloud Manager Request: Start VM Today
28 Hypervisor’s Role in Management • Run as application in privileged VM Physical Hardware Hypervisor Priv. VM VM Mgmt. Today
29 Hypervisor’s Role in Management • Receive request from cloud manager Physical Hardware Hypervisor Priv. VM VM Mgmt. Today
30 Hypervisor’s Role in Management • Form request to hypervisor Physical Hardware Hypervisor Priv. VM VM Mgmt. Today
31 Hypervisor’s Role in Management • Launch VM Physical Hardware Hypervisor Priv. VM VM Mgmt. OS Apps Guest VM1 Today
32 Decouple Management And Operation • System manager runs on its own core Core 0 System Manager Core 1 NoHype
33 Decouple Management And Operation • System manager runs on its own core • Sends an IPI to start/stop a VM Core 0 System Manager Core 1 IPI NoHype
34 Decouple Management And Operation • System manager runs on its own core • Sends an IPI to start/stop a VM • Core manager sets up core, launches VM – Not run again until VM is killed Core 0 System Manager Core 1 Core Manager OS Apps Guest VM2 IPI NoHype
35 Removing the Hypervisor Summary • Scheduling virtual machines – One VM per core • Managing memory – Pre-allocate memory with processor support • Emulating I/O devices – Direct access to virtualized devices • Networking – Utilize hardware Ethernet switches • Managing virtual machines – Decouple the management from operation
36 Security Benefits • Confidentiality/Integrity of data • Availability • Side channels
37 Security Benefits • Confidentiality/Integrity of data • Availability • Side channels
38 Confidentiality/Integrity of Data Requires access to the data • System manager can alter memory access rules – But, guest VMs do not interact with the system manager With hypervisor NoHype Registers upon VM exit No scheduling Packets sent through software switch No software switch Memory accessible by hypervisor No hypervisor
39 NoHype Double Meaning • Means no hypervisor, also means “no hype” • Multi-core processors – Available now • Extended (Nested) Page Tables – Available now • SR-IOV and Directed I/O (VT-d) – Network cards now, Storage devices near future • Virtual Ethernet Port Aggregator (VEPA) – Next-generation switches
40 Conclusions and Future Work • Trend towards hosted and shared infrastructures • Significant security issue threatens adoption • NoHype solves this by removing the hypervisor • Performance improvement is a side benefit • Future work: – Implement on current hardware – Assess needs for future processors
41 Questions? Contact info: ekeller@princeton.edu http://www.princeton.edu/~ekeller szefer@princeton.edu http://www.princeton.edu/~szefer

More Related Content

PPTX
Virtualizaiton-3.pptx
sebghataslamzai
 
PPTX
cloud concepts and technologies
Kalai Selvi
 
PDF
Cloud Computing Virtualization and containers
Selvaraj Kesavan
 
PPTX
lecture5-virtualization-190301171613.pptx
Anilkumarbehera16
 
PPTX
6-Virtualizaiton-6.pptx
AnsarHasas1
 
PDF
Lecture5 virtualization
hktripathy
 
PPTX
KIIT_Cloud_scaling and Virtualization.pptx
bhaskarkumar0125
 
PPTX
CSC_406_5_Virtualization - Case Study, it's base on virtualization
dolandarc2
 
Virtualizaiton-3.pptx
sebghataslamzai
 
cloud concepts and technologies
Kalai Selvi
 
Cloud Computing Virtualization and containers
Selvaraj Kesavan
 
lecture5-virtualization-190301171613.pptx
Anilkumarbehera16
 
6-Virtualizaiton-6.pptx
AnsarHasas1
 
Lecture5 virtualization
hktripathy
 
KIIT_Cloud_scaling and Virtualization.pptx
bhaskarkumar0125
 
CSC_406_5_Virtualization - Case Study, it's base on virtualization
dolandarc2
 

Similar to isca10 virtual cloud infrastructure without virtualization (20)

PPTX
Virtualization unit 3.pptx
Binod Rimal
 
PPTX
Lecture 11 (Virtualization and Load Balancer).pptx
ShvnhRthOr
 
PPTX
Cloud Computing 2023 - Lecture 02.pptx
emanamin19
 
PPTX
1 virtualization
ROSHNI PRADHAN
 
PPTX
Virtualization
preethipreethi35
 
PPTX
aravind_kmdfdgmfmfmmfmkmkmmgmbmgmbmgbmgmkm.pptx
aravym456
 
PPTX
unit-2.pptx
sujatha629799
 
PPT
Cloud Computing using virtulization
AJIT NEGI
 
PPTX
Virtualization: A Key to Efficient Cloud Computing
Hitesh Mohapatra
 
PPTX
Virtualization Technique.pptx in operating systems
vikrammadhad2446
 
PPTX
Virtualization
vishnurk
 
PDF
Intro to virtualization
Kalpna Saharan
 
PPTX
Virtualization concepts in cloud computing
Integral university, India
 
PDF
Virtualization and cloud Computing
Rishikese MR
 
PPTX
week 3 cloud computing northumbria foudation
MarufFarhanRigan1
 
PDF
Handout2o
Shahbaz Sidhu
 
PPTX
virtualization(1).pptx
AkashRajBehera
 
PPTX
Virtualization
3M Construction
 
PPTX
virtualization.pptx
Ali Fraz Khan
 
PPTX
Parth virt
Parth Monga
 
Virtualization unit 3.pptx
Binod Rimal
 
Lecture 11 (Virtualization and Load Balancer).pptx
ShvnhRthOr
 
Cloud Computing 2023 - Lecture 02.pptx
emanamin19
 
1 virtualization
ROSHNI PRADHAN
 
Virtualization
preethipreethi35
 
aravind_kmdfdgmfmfmmfmkmkmmgmbmgmbmgbmgmkm.pptx
aravym456
 
unit-2.pptx
sujatha629799
 
Cloud Computing using virtulization
AJIT NEGI
 
Virtualization: A Key to Efficient Cloud Computing
Hitesh Mohapatra
 
Virtualization Technique.pptx in operating systems
vikrammadhad2446
 
Virtualization
vishnurk
 
Intro to virtualization
Kalpna Saharan
 
Virtualization concepts in cloud computing
Integral university, India
 
Virtualization and cloud Computing
Rishikese MR
 
week 3 cloud computing northumbria foudation
MarufFarhanRigan1
 
Handout2o
Shahbaz Sidhu
 
virtualization(1).pptx
AkashRajBehera
 
Virtualization
3M Construction
 
virtualization.pptx
Ali Fraz Khan
 
Parth virt
Parth Monga
 
Ad

More from SuriaRao2 (8)

PPT
Topology of DNA and Quantum Computing.ppt
SuriaRao2
 
PPTX
the PDF Signing Slide slide howto guidance
SuriaRao2
 
PPTX
Project Status Update for year 2022 month 06 date 22.pptx
SuriaRao2
 
PDF
Asia Pacific countries Trust Services Globalization
SuriaRao2
 
PPTX
PeeringOne - Raffcomm Migration Proposal v1.4 (1).pptx
SuriaRao2
 
PPT
quantum cryptography introduction for understanding
SuriaRao2
 
PPTX
Disaster-Recovery related Presentation11.pptx
SuriaRao2
 
PDF
2-2b-contingency-planning-swanson-nist.pdf
SuriaRao2
 
Topology of DNA and Quantum Computing.ppt
SuriaRao2
 
the PDF Signing Slide slide howto guidance
SuriaRao2
 
Project Status Update for year 2022 month 06 date 22.pptx
SuriaRao2
 
Asia Pacific countries Trust Services Globalization
SuriaRao2
 
PeeringOne - Raffcomm Migration Proposal v1.4 (1).pptx
SuriaRao2
 
quantum cryptography introduction for understanding
SuriaRao2
 
Disaster-Recovery related Presentation11.pptx
SuriaRao2
 
2-2b-contingency-planning-swanson-nist.pdf
SuriaRao2
 
Ad

Recently uploaded (20)

PPTX
5. MEASURE OF INTERIOR AND EXTERIOR- MATATAG CURRICULUM.pptx
MelanieEstebanVentur1
 
PPTX
Lecture-3-Computer-programming for BS InfoTech
UzumakiNamikaze
 
PPTX
PLC ANALOGUE DONE BY KISMEC KULIM TD 5 .0
MahadzirMatRabi1
 
PPTX
Operating System Processes_Scheduler OSS
UzumakiNamikaze
 
PPT
Lines and angles cbse class 9 math chemistry
cuteprincessmisty
 
PPTX
Embedded for Artificial Intelligence 1.pptx
ifnadeksisa
 
PPTX
quadraticequations-111211090004-phpapp02.pptx
marcusaviso1101
 
PPT
chapter_1_a.ppthduushshwhwbshshshsbbsbsbsbsh
sriram270905
 
PPTX
material for studying about lift elevators escalation
maxgunner1212001
 
PPTX
Prograce_Present.....ggation_Simple.pptx
KVENKATESH47
 
PDF
Smarter Security: How Door Access Control Works with Alarms & CCTV
Ighty Support
 
PDF
PPT Determiners.pdf.......................
kanikadhiman1001
 
PPT
Hypersensitivity Namisha1111111111-WPS.ppt
namisharamotra
 
PPTX
Embeded System for Artificial intelligence 2.pptx
ifnadeksisa
 
PPTX
Computers and mobile device: Evaluating options for home and work
4mqw9zch22
 
PPTX
02fdgfhfhfhghghhhhhhhhhhhhhhhhhhhhh.pptx
eeshakhanzadi43
 
PPTX
Lecture 3b C Library _ ESP32.pptxjfjfjffkkfkfk
indalrenu
 
PPTX
Syllabus Computer Six class curriculum s
nitu kedia
 
PPTX
Wireless and Mobile Backhaul Market.pptx
ashishjadhav559203
 
PPTX
ERP good ERP good ERP good ERP good good ERP good ERP good
APWCourses
 
5. MEASURE OF INTERIOR AND EXTERIOR- MATATAG CURRICULUM.pptx
MelanieEstebanVentur1
 
Lecture-3-Computer-programming for BS InfoTech
UzumakiNamikaze
 
PLC ANALOGUE DONE BY KISMEC KULIM TD 5 .0
MahadzirMatRabi1
 
Operating System Processes_Scheduler OSS
UzumakiNamikaze
 
Lines and angles cbse class 9 math chemistry
cuteprincessmisty
 
Embedded for Artificial Intelligence 1.pptx
ifnadeksisa
 
quadraticequations-111211090004-phpapp02.pptx
marcusaviso1101
 
chapter_1_a.ppthduushshwhwbshshshsbbsbsbsbsh
sriram270905
 
material for studying about lift elevators escalation
maxgunner1212001
 
Prograce_Present.....ggation_Simple.pptx
KVENKATESH47
 
Smarter Security: How Door Access Control Works with Alarms & CCTV
Ighty Support
 
PPT Determiners.pdf.......................
kanikadhiman1001
 
Hypersensitivity Namisha1111111111-WPS.ppt
namisharamotra
 
Embeded System for Artificial intelligence 2.pptx
ifnadeksisa
 
Computers and mobile device: Evaluating options for home and work
4mqw9zch22
 
02fdgfhfhfhghghhhhhhhhhhhhhhhhhhhhh.pptx
eeshakhanzadi43
 
Lecture 3b C Library _ ESP32.pptxjfjfjffkkfkfk
indalrenu
 
Syllabus Computer Six class curriculum s
nitu kedia
 
Wireless and Mobile Backhaul Market.pptx
ashishjadhav559203
 
ERP good ERP good ERP good ERP good good ERP good ERP good
APWCourses
 

isca10 virtual cloud infrastructure without virtualization

  • 1. NoHype: Virtualized Cloud Infrastructure without the Virtualization Eric Keller, Jakub Szefer, Jennifer Rexford, Ruby Lee ISCA 2010 Princeton University
  • 2. Virtualized Cloud Infrastructure • Run virtual machines on a hosted infrastructure • Benefits… – Economies of scale – Dynamically scale (pay for what you use)
  • 3. 3 Without the Virtualization • Virtualization used to share servers – Software layer running under each virtual machine Physical Hardware Hypervisor OS OS Apps Apps Guest VM1 Guest VM2 servers
  • 4. 4 Without the Virtualization • Virtualization used to share servers – Software layer running under each virtual machine • Malicious software can run on the same server – Attack hypervisor – Access/Obstruct other VMs Physical Hardware Hypervisor OS OS Apps Apps Guest VM1 Guest VM2 servers
  • 5. 5 Are these vulnerabilities imagined? • No headlines… doesn’t mean it’s not real – Not enticing enough to hackers yet? (small market size, lack of confidential data) • Virtualization layer huge and growing – 100 Thousand lines of code in hypervisor – 1 Million lines in privileged virtual machine • Derived from existing operating systems – Which have security holes
  • 6. 6 NoHype • NoHype removes the hypervisor – There’s nothing to attack – Complete systems solution – Still retains the needs of a virtualized cloud infrastructure Physical Hardware OS OS Apps Apps Guest VM1 Guest VM2 No hypervisor
  • 7. 7 Virtualization in the Cloud • Why does a cloud infrastructure use virtualization? – To support dynamically starting/stopping VMs – To allow servers to be shared (multi-tenancy) • Do not need full power of modern hypervisors – Emulating diverse (potentially older) hardware – Maximizing server consolidation
  • 8. 8 Roles of the Hypervisor • Isolating/Emulating resources – CPU: Scheduling virtual machines – Memory: Managing memory – I/O: Emulating I/O devices • Networking • Managing virtual machines
  • 9. 9 Roles of the Hypervisor • Isolating/Emulating resources – CPU: Scheduling virtual machines – Memory: Managing memory – I/O: Emulating I/O devices • Networking • Managing virtual machines Push to HW / Pre-allocation
  • 10. 10 Roles of the Hypervisor • Isolating/Emulating resources – CPU: Scheduling virtual machines – Memory: Managing memory – I/O: Emulating I/O devices • Networking • Managing virtual machines Push to HW / Pre-allocation Remove
  • 11. 11 Roles of the Hypervisor • Isolating/Emulating resources – CPU: Scheduling virtual machines – Memory: Managing memory – I/O: Emulating I/O devices • Networking • Managing virtual machines Push to HW / Pre-allocation Remove Push to side
  • 12. 12 Roles of the Hypervisor • Isolating/Emulating resources – CPU: Scheduling virtual machines – Memory: Managing memory – I/O: Emulating I/O devices • Networking • Managing virtual machines Push to HW / Pre-allocation Remove Push to side NoHype has a double meaning… “no hype”
  • 13. 13 Scheduling Virtual Machines • Scheduler called each time hypervisor runs (periodically, I/O events, etc.) – Chooses what to run next on given core – Balances load across cores hypervisor timer switch I/O switch timer switch VMs time Today
  • 14. 14 Dedicate a core to a single VM • Ride the multi-core trend – 1 core on 128-core device is ~0.8% of the processor • Cloud computing is pay-per-use – During high demand, spawn more VMs – During low demand, kill some VMs – Customer maximizing each VMs work, which minimizes opportunity for over-subscription NoHype
  • 15. 15 Managing Memory • Goal: system-wide optimal usage – i.e., maximize server consolidation • Hypervisor controls allocation of physical memory 0 100 200 300 400 500 600 VM/app 3 (max 400) VM/app 2 (max 300) VM/app 1 (max 400) Today
  • 16. 16 Pre-allocate Memory • In cloud computing: charged per unit – e.g., VM with 2GB memory • Pre-allocate a fixed amount of memory – Memory is fixed and guaranteed – Guest VM manages its own physical memory (deciding what pages to swap to disk) • Processor support for enforcing: – allocation and bus utilization NoHype
  • 17. 17 Emulate I/O Devices • Guest sees virtual devices – Access to a device’s memory range traps to hypervisor – Hypervisor handles interrupts – Privileged VM emulates devices and performs I/O Physical Hardware Hypervisor OS OS Apps Apps Guest VM1 Guest VM2 Real Drivers Priv. VM Device Emulation trap trap hypercall Today
  • 18. 18 • Guest sees virtual devices – Access to a device’s memory range traps to hypervisor – Hypervisor handles interrupts – Privileged VM emulates devices and performs I/O Emulate I/O Devices Physical Hardware Hypervisor OS OS Apps Apps Guest VM1 Guest VM2 Real Drivers Priv. VM Device Emulation trap trap hypercall Today
  • 19. 19 Dedicate Devices to a VM • In cloud computing, only networking and storage • Static memory partitioning for enforcing access – Processor (for to device), IOMMU (for from device) Physical Hardware OS OS Apps Apps Guest VM1 Guest VM2 NoHype
  • 20. 20 Virtualize the Devices • Per-VM physical device doesn’t scale • Multiple queues on device – Multiple memory ranges mapping to different queues Processor Chipset Memory Classify MUX MAC/PHY Network Card Peripheral bus NoHype
  • 21. 21 • Ethernet switches connect servers Networking server server Today
  • 22. 22 • Software Ethernet switches connect VMs Networking (in virtualized server) Virtual server Virtual server Software Virtual switch Today
  • 23. 23 • Software Ethernet switches connect VMs Networking (in virtualized server) OS Apps Guest VM1 Hypervisor OS Apps Guest VM2 hypervisor Today
  • 24. 24 • Software Ethernet switches connect VMs Networking (in virtualized server) OS Apps Guest VM1 Hypervisor OS Apps Guest VM2 Software Switch Priv. VM Today
  • 25. 25 Do Networking in the Network • Co-located VMs communicate through software – Performance penalty for not co-located VMs – Special case in cloud computing – Artifact of going through hypervisor anyway • Instead: utilize hardware switches in the network – Modification to support hairpin turnaround NoHype
  • 26. 26 Managing Virtual Machines • Allowing a customer to start and stop VMs Wide Area Network Request: Start VM Cloud Customer Cloud Provider Today
  • 27. 27 Managing Virtual Machines • Allowing a customer to start and stop VMs Wide Area Network Servers Request: Start VM Cloud Customer Cloud Provider . . . VM images Cloud Manager Request: Start VM Today
  • 28. 28 Hypervisor’s Role in Management • Run as application in privileged VM Physical Hardware Hypervisor Priv. VM VM Mgmt. Today
  • 29. 29 Hypervisor’s Role in Management • Receive request from cloud manager Physical Hardware Hypervisor Priv. VM VM Mgmt. Today
  • 30. 30 Hypervisor’s Role in Management • Form request to hypervisor Physical Hardware Hypervisor Priv. VM VM Mgmt. Today
  • 31. 31 Hypervisor’s Role in Management • Launch VM Physical Hardware Hypervisor Priv. VM VM Mgmt. OS Apps Guest VM1 Today
  • 32. 32 Decouple Management And Operation • System manager runs on its own core Core 0 System Manager Core 1 NoHype
  • 33. 33 Decouple Management And Operation • System manager runs on its own core • Sends an IPI to start/stop a VM Core 0 System Manager Core 1 IPI NoHype
  • 34. 34 Decouple Management And Operation • System manager runs on its own core • Sends an IPI to start/stop a VM • Core manager sets up core, launches VM – Not run again until VM is killed Core 0 System Manager Core 1 Core Manager OS Apps Guest VM2 IPI NoHype
  • 35. 35 Removing the Hypervisor Summary • Scheduling virtual machines – One VM per core • Managing memory – Pre-allocate memory with processor support • Emulating I/O devices – Direct access to virtualized devices • Networking – Utilize hardware Ethernet switches • Managing virtual machines – Decouple the management from operation
  • 36. 36 Security Benefits • Confidentiality/Integrity of data • Availability • Side channels
  • 37. 37 Security Benefits • Confidentiality/Integrity of data • Availability • Side channels
  • 38. 38 Confidentiality/Integrity of Data Requires access to the data • System manager can alter memory access rules – But, guest VMs do not interact with the system manager With hypervisor NoHype Registers upon VM exit No scheduling Packets sent through software switch No software switch Memory accessible by hypervisor No hypervisor
  • 39. 39 NoHype Double Meaning • Means no hypervisor, also means “no hype” • Multi-core processors – Available now • Extended (Nested) Page Tables – Available now • SR-IOV and Directed I/O (VT-d) – Network cards now, Storage devices near future • Virtual Ethernet Port Aggregator (VEPA) – Next-generation switches
  • 40. 40 Conclusions and Future Work • Trend towards hosted and shared infrastructures • Significant security issue threatens adoption • NoHype solves this by removing the hypervisor • Performance improvement is a side benefit • Future work: – Implement on current hardware – Assess needs for future processors