Virtualization Development

In computing, virtualization is the use of a computer to simulate another computer. Through virtualization, a host simulates a guest by exposing virtual hardware devices, which may be done through software or by allowing access to a physical device connected to the machine.
Overview of Virtualization
As an overview, there are three levels of virtualization
* At the hardware level, the VMs can run multiple guest OSes. This is best used for testing and training that require networking interoperability between more than one OSes, since not only can the guest OSes be different from the host OS, there can be as many guest OS as VMs, as long as there is enough CPU, RAM and storage space. IBM introduced this around 1990 under the name logical partitioning (LPAR), at first only in the mainframe field.
* At the operating system level, it can only virtualize one OS: the guest OS is the host OS. This is similar to having many terminal server sessions without locking down the desktop. Thus, this is the best of both worlds, having the speed of a TS session with the benefit of full access to the desktop as a virtual machine, where the user can still control the quotas for CPU, RAM and HDD. Similar to the hardware level, this is still considered a Server Virtualization where each guest OS has its own IP address, so it can be used for networking applications such as web hosting.
* At the application level, it is running on the Host OS directly, without any guest OS, which can be in a locked down desktop, including in a terminal server session. This is called Application Virtualization or Desktop Virtualization, which virtualizes the front end, whereas Server Virtualization virtualizes the back end. Now, Application Streaming refers to delivering applications directly onto the desktop and running them locally. Traditionally in terminal server computing, the applications are running on the server, not locally, and streaming the screenshots onto the desktop.
Application virtualization
Application virtualization solutions such as VMware ThinApp, Softricity, and Trigence attempt to separate application-specific files and settings from the host operating system, thus allowing them to run in more-or-less isolated sandboxes without installation and without the memory and disk overhead of full machine virtualization. Application virtualization is tightly tied to the host OS and thus does not translate to other operating systems or hardware. VMware ThinApp and Softricity are Intel Windows centric, while Trigence supports Linux and Solaris. Unlike machine virtualization, Application virtualization does not use code emulation or translation so CPU-related benchmarks run with no changes, though filesystem benchmarks may experience some performance degradation. On Windows, VMware ThinApp and Softricity essentially work by intercepting filesystem and registry requests by an application and redirecting those requests to a preinstalled isolated sandbox, thus allowing the application to run without installation or changes to the local PC. Though VMware ThinApp and Softricity both began independent development around 1998, behind the scenes VMware ThinApp and Softricity are implemented using different techniques:
* VMware ThinApp works by packaging an application into a single "packaged" EXE which includes the runtime plus the application data files and registry. VMware ThinApp's runtime is loaded by Windows as a normal Windows application, from there the runtime replaces the Windows loader, filesystem, and registry for the target application and presents a merged image of the host PC as if the application had been previously installed. VMware ThinApp replaces all related API functions for the host application, for example the ReadFile API supplied to the application must pass through VMware ThinApp before it reaches the operating system. If the application is reading a virtual file, VMware ThinApp handles the request itself otherwise the request will be passed on to the operating system. Because VMware ThinApp is implemented in user-mode without device drivers and it does not have a client that is preinstalled, applications can run directly from USB Flash or network shares without previously needing elevated security privileges.
* Softricity (acquired by Microsoft) operates on a similar principle using device drivers to intercept file requests in ring0 at a level closer to the operating system. Softricity installs a client in Administrator mode which can then be accessed by restricted users on the machine. An advantage of virtualizing at the kernel level is the Windows Loader (responsible for loading EXE and DLL files) does not need to be re-implemented and greater application compatibility can be achieved with less work (Softricity claims to support most major applications). A disadvantage of ring0 implementation is that it requires elevated security privileges to be installed and crashes or security defects can occur system-wide rather than being isolated to a specific application.
Because Application Virtualization runs all application code natively, it can only provide security guarantees as strong as the host OS is able to provide. Unlike full machine virtualization, Application virtualization solutions currently do not work with device drivers and other code that runs at ring0 such as virus scanners. These special applications must be installed normally on the host PC to function.
Managed runtimes
Another technique sometimes referred to as virtualization, is portable byte code execution using a standard portable native runtime (aka Managed Runtimes). The two most popular solutions today include Java and .NET. These solutions both use a process called JIT (Just in time) compilation to translate code from a virtual portable Machine Language into the local processor's native code. This allows applications to be compiled for a single architecture and then run on many different machines. Beyond machine portable applications, an additional advantage to this technique includes strong security guarantees. Because all native application code is generated by the controlling environment, it can be checked for correctness (possible security exploits) prior to execution. Programs must be originally designed for the environment in question or manually rewritten and recompiled to work for these new environments. For example, one cannot automatically convert or run a Windows / Linux native app on .NET or Java. Because portable runtimes try to present a common API for applications for a wide variety of hardware, applications are less able to take advantage of OS-specific features. Portable application environments also have higher memory and CPU overheads than optimized native applications, but these overheads are much smaller compared with full machine virtualization. Portable Byte Code environments such as Java have become very popular on the server where a wide variety of hardware exists and the set of OS-specific APIs required is standard across most Unix and Windows flavors. Another popular feature among managed runtimes is garbage collection, which automatically detects unused data in memory and reclaims the memory without the developer having to explicitly invoke "free" operations.
Neutral view of application virtualization
Given the industry bias of the past, to be more neutral, there are also two other ways to look at the Application Level:
* The first type is application packagers (VMware ThinApp, Softricity) whereas the other is application compilers (Java and .NET). Because it is a packager, it can be used to stream applications without modifying the source code, whereas the latter can only be used to compile the source code.
* Another way to look at it is from the Hypervisor point of view. The first one is "hypervisor" in user mode, whereas the other is "hypervisor" in runtime mode. The hypervisor was put in quotation, because both of them have similar behavior in that they intercept system calls in a different mode: user mode; and runtime mode. The user mode intercepts the system calls from the runtime mode before going to kernel mode. The real hypervisor only needs to intercept the system call using hypercall in kernel mode. Hopefully, once Windows has a Hypervisor, Virtual machine monitor, there may even be no need for JRE and CLR. Moreover, in the case of Linux, maybe the JRE can be modified to run on top of the Hypervisor as a loadable kernel module running in kernel mode, instead of having slow legacy runtime in user mode. Now, if it were running on top of the Linux Hypervisor directly, then it should be called Java OS, not just another runtime mode JIT.
* Mendel Rosenblum called the runtime mode a High-level language virtual machine in August 2004. However, at that time, the first type, intercepting system calls in user mode, was irresponsible and unthinkable, so he didn't mention it in his article. Hence, Application Streaming was still mysterious in 2004. Now, when the JVM, no longer High-level language virtual machines, becomes Java OS running on Linux Hypervisor, then Java Applications will have a new level of playing field, just as Windows Applications already has with Softricity.
* In summary, the first one is virtualizing the Binary Code so that it can be installed once and run anywhere, whereas the other is virtualizing the source code using Byte code or Managed code so that it can be written once and run anywhere. Both of them are actually partial solutions to the twin portability problems of: application portability; and source code portability. Maybe it is time to combine the two problems into one complete solution at the hypervisor level in the kernel mode.
 
< Prev   Next >