Virtual Machines vs. Containers Revisited - Part 1
Oct 09, 2019•48 min•Ep. 81
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more
Episode description
Sponsor
Show Details
In this episode, we cover the following topics:
- VMs vs containers - why revisit?
- Originally talked about this in episode 1
- Got most of it right, but some inconsistencies/holes
- Let's revisit to fill in the gaps, and dive a whole LOT deeper this time around
- Originally talked about this in episode 1
- Types of virtualization
- Full virtualization ("virtual machines")
- Simulates enough hardware to allow an unmodified "guest" OS to be run in isolation
- Resources of computer are partitioned via hypervisor
- Examples:
- VMWare, Parallels, VirtualBox, Hyper-V
- Operating-system-level virtualization ("containers")
- Resources of computer are partitioned via the kernel
- "Guest" OSes share same running instance of OS as the host system
- Based on the virtualization, isolation, and resource management mechanisms provided by the Linux kernel
- namespaces and cgroups
- Examples:
- Docker, LXC, FreeBSD jails
- Resources of computer are partitioned via the kernel
- Full virtualization ("virtual machines")
- Hypervisors
- Also known as a Virtual Machine Manager (VMM)
- Creates and runs virtual machines
- It is a process that separates OS and apps from underlying physical hardware
- Multiple VMs share virtualized hardware resources
- When you create a new VM, the following happens:
- Hypervisor allocates memory and CPU space for VMs exclusive use
- Complete OS is installed onto the VM
- The VM's OS communicates with the hypervisor to perform tasks
- Host OS is able to see all physical hardware, whereas guest OS (VM) can only see hardware to which hypervisor has granted access
- Two types of hypervisors
- Type 1 (also called "native" or "bare metal" hypervisors)
- Run directly on the host’s hardware to control the hardware and manage the guest VMs
- runs in ring 0
- Are an OS themselves (simple OS on top of which you run VMs)
- the physical machine the hypervisor is running on serves only for virtualization purposes
- Exceptions: Hyper-V, KVM
- the physical machine the hypervisor is running on serves only for virtualization purposes
- Examples
- Xen, Microsoft Hyper-V, VMware ESX/ESXi
- Run directly on the host’s hardware to control the hardware and manage the guest VMs
- Type 2 (also called "hosted" hypervisors)
- Run on conventional OS, just like other apps
- Guest OS runs as a process on the host
- Hypervisor separates the guest OS from the host OS
- Examples
- VirtualBox, Parallels
- Type 1 (also called "native" or "bare metal" hypervisors)
- Protection levels (rings)
- x86 family of CPUs provide a range of protection levels also known as rings
- Ring 0 has the highest level privilege (kernel/supervisor)
- Ring 3 lowest level (applications)
- Hypervisor occupies ring 0 of CPU
- Kernels for any guest operating systems running on the system must run in less privileged CPU rings
- But most OS kernels are written explicitly to run in ring 0
- Techniques to deal with this:
- Full virtualization
- hypervisor provides CPU emulation to handle ring 0 operations made by unmodified guest OS kernels
- emulation process requires both time and system resources
- inferior performance
- Paravirtualization
- Technique in which hypervisor provides an API and the OS of the guest VM calls that API
- Requires guest OS to be modified (to make API calls)
- Replace any privileged operations that will only run in ring 0 of the CPU with calls to the hypervisor ("hypercalls")
- Allows tasks to run in host OS (instead of in guest OS where performance would be worse)
- Hardware virtualization
- Requires a CPU with hardware virtualization extensions, such as Intel VT or AMD-V
- Intel virtualization (VT-x)
- Virtual Machine Extensions
- Adds ten new instructions
- VMPTRLD, VMPTRST, VMCLEAR, VMREAD, VMWRITE, VMCALL, VMLAUNCH, VMRESUME, VMXOFF, and VMXON.
- These instructions permit entering and exiting a virtual execution mode where the guest OS perceives itself as running with full privilege (ring 0), but the host OS remains protected.
- Intel virtualization (VT-x)
- Reduces/eliminates any OS modifications in guest OS
- Provides an additional privilege mode above ring 0 in which the hypervisor can operate
- essentially leaving ring 0 available for unmodified guest OSes
- Better performance than paravirtualization
- Requires a CPU with hardware virtualization extensions, such as Intel VT or AMD-V
- Full virtualization
- x86 family of CPUs provide a range of protection levels also known as rings
Links
End Song
Time for Trees - Sad Livin in the (New York) City - (David Last Remix)
For a full transcription of this episode, please visit the episode webpage.
We'd love to hear from you! You can reach us at:
- Web: https://mobycast.fm
- Voicemail: 844-818-0993
- Email: [email protected]
- Twitter: https://twitter.com/hashtag/mobycast
For the best experience, listen in Metacast app for iOS or Android
Open in Metacast