Virualization Basics

OK these are very broad brush strokes but they should establish a general baseline from which to proceed. In the most basic virtual machines are comprised of a processor, memory, network access card, and file storage just like their physical counterparts. The primary difference being that although a virtual machine may believe it is the exclusive device on a given set of resources it actually shares those resources among one or more other devices (including the host operating system).

The first step in accomplishing this is to immolate processor resources. Processor resources can be provided by binding a software CPU socket to an individual processing thread. The single thread then appears like a processor to the virtual machine. Process threads can run in isolation such that private information cannot be leaked and a crash in one thread does not affect other threads.

Memory allocation is somewhat similar. The virtualization platform begins by reserving a chunk of protected memory space. It then divides up that space among the hosted virtual machines. The underlying virtualization platform remaps memory address space for each virtual machine so that each machine thinks it has its own native memory. What’s great about this strategy is that protected memory space acts as a sand box so any execution errors inside it cannot bring down the host machine. Furthermore by remapping memory addresses virtual machines have no mechanism to gain illegal access to a companion virtual machine or the host operating system.

Network access is achieved by creating virtual network adapters within the virtual machine and mapping those virtual adapters to the physical network interface card via layer 2 protocols that support bridging and vLAN tagging. These protocols can be used to provide either tighly integrated high speed connectivity between the virtual NIC and the physical NIC (in the case of bridging) or vLAN tags can be used to create isolation between the virtual NIC and the host.

Lastly, (ok there is a lot more to it than this) disk space must be provided. I think many of us intuitively grasp how this works. The virtualization platform creates a file and maps that file to a drive interface. Host operating system file permission schemes insure that one virtual machine cannot access another virtual machine’s drive.