SponsorCircle CIEpisode on CI/CD with Circle CIShow DetailsIn this episode, we cover the following topics:VMs vs containers - why revisit?Originally talked about this in episode 1Got most of it right, but some inconsistencies/holesLet's revisit to fill in the gaps, and dive a whole LOT deeper this time aroundTypes of virtualizationFull virtualization ("virtual machines")Simulates enough hardware to allow an unmodified "guest" OS to be run in isolationResources of computer are partitioned via hypervisorExamples:VMWare, Parallels, VirtualBox, Hyper-VOperating-system-level virtualization ("containers")Resources of computer are partitioned via the kernel"Guest" OSes share same running instance of OS as the host systemBased on the virtualization, isolation, and resource management mechanisms provided by the Linux kernelnamespaces and cgroupsExamples:Docker, LXC, FreeBSD jailsHypervisorsAlso known as a Virtual Machine Manager (VMM)Creates and runs virtual machinesIt is a process that separates OS and apps from underlying physical hardwareMultiple VMs share virtualized hardware resourcesWhen you create a new VM, the following happens:Hypervisor allocates memory and CPU space for VMs exclusive useComplete OS is installed onto the VMThe VM's OS communicates with the hypervisor to perform tasksHost OS is able to see all physical hardware, whereas guest OS (VM) can only see hardware to which hypervisor has granted accessTwo types of hypervisorsType 1 (also called "native" or "bare metal" hypervisors)Run directly on the host’s hardware to control the hardware and manage the guest VMsruns in ring 0Are an OS themselves (simple OS on top of which you run VMs)the physical machine the hypervisor is running on serves only for virtualization purposesExceptions: Hyper-V, KVMExamplesXen, Microsoft Hyper-V, VMware ESX/ESXiType 2 (also called "hosted" hypervisors)Run on conventional OS, just like other appsGuest OS runs as a process on the hostHypervisor separates the guest OS from the host OSExamplesVirtualBox, ParallelsProtection levels (rings)x86 family of CPUs provide a range of protection levels also known as ringsRing 0 has the highest level privilege (kernel/supervisor)Ring 3 lowest level (applications)Hypervisor occupies ring 0 of CPUKernels for any guest operating systems running on the system must run in less privileged CPU ringsBut most OS kernels are written explicitly to run in ring 0Techniques to deal with this:Full virtualizationhypervisor provides CPU emulation to handle ring 0 operations made by unmodified guest OS kernelsemulation process requires both time and system resourcesinferior performanceParavirtualizationTechnique in which hypervisor provides an API and the OS of the guest VM calls that APIRequires guest OS to be modified (to make API calls)Replace any privileged operations that will only run in ring 0 of the CPU with calls to the hypervisor ("hypercalls")Allows tasks to run in host OS (instead of in guest OS where performance would be worse)Hardware virtualizationRequires a CPU with hardware virtualization extensions, such as Intel VT or AMD-VIntel virtualization (VT-x)Virtual Machine ExtensionsAdds ten new instructionsVMPTRLD, VMPTRST, VMCLEAR, VMREAD, VMWRITE, VMCALL, VMLAUNCH, VMRESUME, VMXOFF, and VMXON.These instructions permit entering and exiting a virtual execution mode where the guest OS perceives itself as running with full privilege (ring 0), but the host OS remains protected.Reduces/eliminates any OS modifications in guest OSProvides an additional privilege mode above ring 0 in which the hypervisor can operateessentially leaving ring 0 available for unmodified guest OSesBetter performance than paravirtualizationLinksVirtual machineHypervisorWhat is a hypervisor?What Is A Hypervisor? Types Of Hypervisors 1 & 2End SongTime for Trees - Sad Livin in the (New York) City - (David Last Remix)For a full transcription of this episode, please visit the episode webpage.We'd love to hear from you! You can reach us at:Web: https://mobycast.fmVoicemail: 844-818-0993Email: [email protected]: https://twitter.com/hashtag/mobycast

Ver todos los episodios