Compartmentalization is the leitmotiv in most of this chapter. The basic idea is to isolate applications from one another and therefore reduce the risk of a complete system compromise when one application is successfully attacked.
One of the ways to isolate applications is to have them run in separate instances of operating systems. Of course, running a single application per physical machine may not always make a lot of sense, but the past few years have seen the advent of virtualization solutions gaining momentum. In effect, virtualization allows a single computer to run multiple operating systems simultaneously. The technology itself has been around for decades but has recently moved from expensive mainframes to software running on PCs and, more recently, has even become a common feature of both Intel and AMD off-the-shelf CPUs.
There are three ways to virtualize a system, and each has its advantages:
- Virtual machines (VMs)
These work by emulating hardware and running an operating system within the emulated hardware. Because the OS does not have the knowledge of where it is running, it does not need to be modified to execute in a virtualized host. The drawback is the performance drop due to running a Virtual Machine Monitor (VMM), also known as a hypervisor. The VMM is necessary because some instructions cannot run in user mode; therefore, they need to be filtered out by the VMM.
- Paravirtualization
This is a technique similar to Virtual Machines and uses a VMM as well. The difference is that the guest OS will be modified to not use privileged instructions, thus reducing the performance penalty. With paravirtualization, speed is increased and any OS is still supported. The downside is that those OSes need to be ported so as to avoid the privileged instructions.
- Virtualization at the OS level
This lets you run multiple instances of a given OS, all of which have to be aware that they are running in a virtualized environment. The advantage of this approach is better performance. While it is the most restrictive implementation of virtualization because it imposes a single kernel shared by all hosts and guests, it is the most optimal resource utilization.
The coLinux project (http://www.colinux.org/)is a Linux kernel patchset that allows Linux to run under Microsoft Windows. When Cooperative Linux executes, it will appear as a Windows process. This virtualization technique is mainly used by kernel hackers wanting to boot Linux without a full-fledged commercial virtualization solution such as VMware. It has been made somewhat irrelevant by the release of VMWare Server as freeware in 2006.
Linux Kernel-based Virtual Machine (http://kvm.qumranet.com/kvmwiki) takes advantage of recently released Intel VT and AMD-V instructions to provide near native performance in virtualized environments. KVM is a loadable kernel module that provides the necessary infrastructure for each specific processor. It needs QEMU running in userspace to emulate the rest of the PC architecture.
KVM can run unmodified versions of guest OSes at near native speeds, but it needs the specifically new CPUs that support Virtualization. Due to its newness at the time of this writing, I have little experience with KVM, but it looks like a promising technology.
Reserved for Linux only, OpenVZ (http://openvz.org/) runs a single instance of a modified Linux kernel as the host as well as for all guest OSes. Directly running a single kernel translates into performance gains because the kernel's overhead is minimal (one kernel runs all the systems). The single-kernel approach also allows the processes scheduled for execution to run on all available CPUs and not be restricted to one CPU only. OpenVZ supports running different Linux distributions at the same time, but all will have to use the OpenVZ-modified kernel.
If Linux is the only variety of operating system that has to run on the host, I recommend running OpenVZ for its better performance. As an example, the Virtual Private Asterisk (VPA) project commonly runs 15 simultaneous instances of Asterisk (the Voice over IP server) on a Dual 2.8 GHz Xeon system with 2 GB of RAM.
Linux VServer is a kernel-level virtualization project similar to OpenVZ, which you might also want to try.
Parallels (http://www.parallels.com/) is a virtual machine monitor running natively on Mac OS X. It can either run in hardware emulation mode or take advantage of the latest advances in CPU emulation. It's a good solution for people wanting to run Windows or Linux on their Macs.
QEMU (http://fabrice.bellard.free.fr/qemu/) is a CPU emulator that supports two modes. In "Full system emulation," it emulates a CPU and a variety of peripherals allowing for OS installation and full hardware emulation. In "User mode emulation," it permits code compiled for a given architecture to run on a different CPU. The advantage of QEMU is that it runs on numerous architectures and emulates a lot of target platforms.
Here is the list of supported host CPUs for QEMU—in other words, the list of hardware architecture that can run QEMU:
x86 OK
x86_64 OK
PowerPC OK
Alpha testing
SPARC32 testing
ARM testing
S390 testing
SPARC64 dev only
ia64 dev only
m68k dev only
Table 14-2 is the list of CPUs that can be emulated (i.e., run) by QEMU, and it shows the guest CPU and its emulation support.
QEMU can be particularly slow because it needs to translate instructions one at a time. However, if you are running QEMU on Linux x86, x86_64, Windows, or FreeBSD, a proprietary kernel module can be loaded to fast track instructions and have them run natively on the host CPU.
UserMode Linux (http://user-mode-linux.sourceforge.net/) is reserved for Linux and is mainly used by the Linux hackers community to test new kernels. It is quite slow, and only recently was improved to create guest virtual memory instead of having each process within the guest OS appear as independent processes on the host. I do not recommend UserMode Linux for a production setup.
VMware (http://www.vmware.com/) is the granddaddy commercial hardware emulation program that was released for the PC in 2002. It can run unmodified versions of all major PC operating systems and has a fairly low performance overhead. With the commoditization of virtualization, VMware made its landmark server product freeware in 2006 hoping to maintain its market dominance. VMware is a mature product that ships with excellent administration tools including a web interface shown in Figure 14-12, and a remote console. I definitely recommend VMware if you need to run different operating systems on a given piece of hardware.
Xen (http://www.xensource.com/) is definitely a high-profile open source paravirtualization project. It is native to Linux and requires changes to guest operating systems. However, it is also really fast and often used to benchmark other technologies. Because it has been out for a few years, it is now reasonably mature and stable. If you need to run enterprise class paravirtualization software with security in mind, I definitely recommend Xen. With wide support by all major distributions, it is one of the safest bets. Also, if this is your cup of tea, check out the numerous administration tools available for managing Xen.
Virtualization is a complex field, not only because of the technology but because so many options make it difficult to choose the best-suited solution. Match your needs with the advantages of each product. We suggest going with the best–supported and largest user base—hence:
VMware for multiple OS support
QEMU for its cross-compiling capabilities (running PowerPC code on a x86 is really nice)
OpenVZ for its outstanding performance when only running Linux
—Eric Markham and Eric Moret