Transcript Hyper-V - La Salle University

CSIT 320 (Blum)
Windows Server 2008 R2
HYPERV
1
CSIT 320 (Blum)
VIRTUALIZATION SCENARIO 1
•
Server Consolidation
–
–
–
Today’s chips have enhanced capabilities compared to
those of the past. In particular they have multiple cores.
One “box” can now handle multiple services, but there
was some benefit (in maintaining & updating) to having
isolated servers. Virtualization provides (a kind of)
isolation.
In addition to saving on the cost of the hardware itself,
server consolidation can reduce power usage and in
some environments reduce the amount of cooling
needed.
2
CSIT 320 (Blum)
VIRTUALIZATION SCENARIO 2

Testing
 Having
a collection of virtual machines allows one a
convenient way to test software on a variety of
systems (e.g. Windows XP, Vista, 7) .
 One can save (and even transport) the “state” of
the machine allowing developers to see the results
of the trials.
 Scripting on the host allows much of the testing to
be automated.
3
CSIT 320 (Blum)
VIRTUALIZATION SCENARIO 2A

Network Testing
 The
virtual machines can be grouped into a virtual
network – allowing one to test various network
scenarios
4
CSIT 320 (Blum)
VIRTUALIZATION SCENARIO 3

Backup and Disaster Recovery
 Since
the “state” of the virtual machine can be
saved and transported, this provide a mechanism
for backing up not just user data but configuration
settings and so on.
 Then the backed up state can be used to recover
from a disaster – providing a key step in one’s
business continuity plan.
5
CSIT 320 (Blum)
PRIVILEGE RINGS FOR THE X86
6
CSIT 320 (Blum)
RINGS

Many implementations use only two rings 0 and 3

Ring 0 (kernel mode, supervisor mode, “in system
space”)
 unrestricted
access to hardware
 can execute any instruction & reference any memory address.
 reserved for the lowest-level, most trusted operating system
functions

Ring 3 (user mode)
 no

ability to directly access hardware or reference memory
must delegate to system APIs
7
CSIT 320 (Blum)
HYPER-V ARCHITECTURE
8
CSIT 320 (Blum)
“PARTITIONS”

Somewhat analogous to a dual-boot system,
one has different operating system instances in
different “partitions.”
 However,
one partition is the parent of the others –
children a.k.a. guest operating systems.
 The parent runs the so-called virtualization stack.
 And moving from parent to child or child to parent
does not require a reboot.
9
CSIT 320 (Blum)
PARENT PARTITION
The Parent Partition sits on top of the
Hypervisor layer and so is strictly speaking a
virtual machine.
 It includes the device drivers as well as files for
dealing with guest operating systems.
 It is the only partition with direct access to the
hardware. (Others go through it.)

10
CSIT 320 (Blum)
BEST PRACTICES

The Hyper-V Role should be the only server role
performed by the Parent Partition.
 We
are not doing this in lab because I did not want
to put you through yet another operating system
installation.
 Sorry or you’re welcome (depending on your point
of view)
11
CSIT 320 (Blum)
HYPERVISOR
Foundation for the partitions
 Responsible for keeping partitions separated.
 Microsoft tried to keep it as small as possible

 so
that it would be a very small target for any
security threat
 so too many systems resources wouldn’t be taken
up by the virtualization framework
12
CSIT 320 (Blum)
ARCHITECTURE (HYPERVISOR)
13
CSIT 320 (Blum)
VMBUSES
The child partitions do not directly access
resources instead they communicate requests
with the parent partition via the VMBus.
 It is the parent that then communicates with
hardware. Any response is communicated back
to the child through the VMBus.

14
CSIT 320 (Blum)
ARCHITECTURE (VMBUS)
15
CSIT 320 (Blum)
VIRTUAL SERVICE PROVIDER
The parent partition has the Virtual Service
Provider.
 The Virtual Service Provider receives the
requests through the VMBuses, handles the
requests, and sends the responses back to the
child partitions via the VMBuses.

16
CSIT 320 (Blum)
ARCHITECTURE (VSP)
17
CSIT 320 (Blum)
VIRTUAL SERVICE CONSUMER
The child partition applications make their
requests through the Virtual Service Consumer
which passes the request from the child
through the VMBus to the Virtual Service
Provider on the parent partition.
 Consider the bottom of the I/O stack on the
child

18
CSIT 320 (Blum)
ARCHITECTURE (VSC)
19
CSIT 320 (Blum)
VIRTUAL MACHINE MANAGEMENT SERVICE

The Virtual Machine Management Service is
the user-level application that allows a user
logged onto the parent partition to administrate
the virtual machines.
 E.g.
 Determine
if the virtual machine connect to the
DVD/CD drive
 Assign to the virtual machine a virtual network
adapter
20
CSIT 320 (Blum)
ARCHITECTURE (VMMS)
21
CSIT 320 (Blum)
WORKER PROCESS
Each virtual machine has its corresponding
“worker process” on the parent partition.
 It serves as the child’s representative on the
parent partition.

22
CSIT 320 (Blum)
ARCHITECTURE (VM WORKER PROCESSES)
23
CSIT 320 (Blum)
VIRTUAL DEVICE
The concept of virtual device can make each child
partition “believe” that it has sole access to a
device.
 Virtual devices are broken into two categories

Synthetic (enlightened) take advantage of the VMBus
and are more responsive
 Emulated (legacy or core) often used when virtual
machine is modeling an older system with older
devices, slow, function in parent partition’s worker
process

24
CSIT 320 (Blum)
REFERENCES
Windows Server 2008 R2 Hyper-V: Insiders
Guide to Microsoft’s Hypervisor, John Kelbley &
Mike Sterling, Sybex 2010.
 http://en.wikipedia.org/wiki/Ring_(computer_s
ecurity)
 http://en.wikipedia.org/wiki/Hyper-V
 download.microsoft.com/download/5/b/9/5b
97017b.../vir047_wh06.ppt

25