|
What is virtualization?
VirtualLogix™ VLX real-time virtualization technology
VirtualLogix real-time virtualization technology enables multiple Operating Systems, named guest OS's, to run simultaneously on the same single-core or multi-core processor. The guest OS's are independent from each other, but can cooperate via efficient communication mechanisms.
IBM has pioneered virtualization in the server virtualization space in the 1960's. The architecture and design choices required by the embedded and real-time focus of VirtualLogix VLX virtualization technology have led to a different approach.
A thin abstraction layer, named VLX Virtualizer, manages key system resources to isolate the guest OS's from the underlying hardware. More precisely, VirtualLogix VLX virtualization technology relies primarily on partitioning of resources between the guest OS's and on virtualization of resources which cannot be partitioned.
Typically, physical memory is partitioned between the guest OS's while the CPU, FPU, MMU or some other system parts such as the real-time clock and interrupt controller are virtualized by VirtualLogix VLX.
This approach enables the VirtualLogix VLX virtualization technology to be applied to embedded and real-time systems.
Partitioning
Partitioned resources such as memory, which will only be used by a single given guest OS, are exclusively owned by that guest OS. Thus, each OS may use its own native mechanisms and policies, such as memory management, without interfering with other guest OS's.
With VirtualLogix VLX, I/O devices which will be used by a single guest OS are assigned to that guest OS, thus native device drivers can be re-used without any modification.
Virtualization
Resources that are common to more than one guest OS such as the CPU and real-time clock are virtualized so that they can be shared between those various guest OS's which need to access such a resource.
In order to ensure efficiency, VirtualLogix employs paravirtualization techniques, meaning that some adaptation of the guest OS kernel has been done by VirtualLogix. These changes are comparable in both effort and scope to porting that OS to a hardware very similar to the underlying one. Therefore, adding support for new OS's is straightforward.
VirtualLogix VLX always virtualizes the CPU, FPU and MMU (if any) resources. The CPU is shared by means of a scheduler which assigns the processor to the selected guest OS based on one of VirtualLogix VLX's scheduling policies which guarantee that a real-time guest OS will get a higher priority.
When a guest OS has been granted CPU access, it still uses its own native scheduling policies for its applications.
If present, the MMU is virtualized so that each guest OS may use it for its own purposes. With VirtualLogix VLX, usage of the MMU by one guest OS is independent from the usage of the MMU by another guest OS.
Device virtualization
Running different OS's simultaneously on the same processor is just one small part of the problem. Running OS's which neither communicate nor share devices or resources would be of little value.
An OS which supports multiple processes, provides them with memory allocation and scheduling policies, and offers them services such as synchronization, shared access to file systems and network interfaces and inter-process communication.
Similarly, VirtualLogix VLX virtualization technology provides each guest OS with synchronization (cross-interrupt mechanism), shared access to devices such as disk controllers, network interfaces, serial lines and inter-OS communication mechanisms through virtual devices (virtual Ethernet or virtual UART).
Shared I/O devices
Devices such as an Ethernet controller or a serial line may need to be accessed by more than a single guest OS. For such standard I/O devices, VirtualLogix VLX includes "back-end" device drivers which manages the physical hardware devices, virtualizes the corresponding device, and exports a virtual view of that device to other guest OS. This approach provides these guest OS's with access to features of each device without actual access to the device.
Virtual I/O devices
Communications between the different guest OS's are provided by virtual communication devices. Different types of such devices can be configured depending upon the needs of the communicating applications. For example, a system might use a virtual Ethernet to implement a local private network that is located wholly internally to the machine, and/or it might use virtual UART device to pass AT modem commands from one guest OS to the other.
Modularity, performance, footprint
There is no universal unique solution which may adequately solve every product's problems. VirtualLogix VLX virtualization technology uses a modular architecture which enables developers to configure a custom product specific virtualization solution that meets the required product-specific trade-offs between footprint, performance, isolation and security.
VLX Virtualizer provides the foundation services for partitioning and virtualization. It can be optionally complemented with hypervisor modules to provide additional services.
VirtualLogix VLX default configuration gives each guest OS its own physical memory, providing effective memory isolation between each of the guest OS's. This provides enough isolation to catch most memory access errors.
Modularity, isolation and security
Stronger inter-guest OS isolation may be required to resist malware that may potentially be injected in one guest OS. To this end, VirtualLogix VLX may be configured with optional hypervisor modules to provide an unbreakable and complete isolation between guest OS's.
Isolation in itself is not security but only a prerequisite to the creation of a secure system. VirtualLogix VLX virtualization technology enables the full isolation of untrusted guest OS in a sandboxed partition. The VirtualLogix secure guest OS environment can be configured to let trusted agents manage the core security services of the platform. Such trusted agents may be configured and used as required by the overall system, either to run DRM policies, to store keys or to perform the management of multi-level security platforms.
The modular architecture of VirtualLogix VLX allows developers to make explicit trade-offs between the required level of isolation and the desired level of performances. |
|