设计虚拟化系统

System requirements

In this problem we will look at the system design of a Type-1 Hypervisor. A hypervisor, also known as a virtual machine monitor (VMM), is a software or firmware component that creates and manages virtual machines (VMs) on a physical computer. It allows multiple operating systems to run concurrently on a single physical machine, providing isolation between them.

There are two main types of hypervisors:

1. Type 1 Hypervisor (Bare-metal Hypervisor): This type of hypervisor runs directly on the physical hardware of the host machine without the need for an underlying operating system. It manages the hardware resources and directly controls the execution of guest operating systems. Examples of Type 1 hypervisors include VMware vSphere/ESXi, Microsoft Hyper-V (when installed on the bare metal), and Xen.
2. Type 2 Hypervisor (Hosted Hypervisor): This type of hypervisor runs on top of a conventional operating system, utilizing its resources to create and manage virtual machines. The underlying operating system provides services to the hypervisor and helps manage hardware resources. Examples of Type 2 hypervisors include VMware Workstation, Oracle VirtualBox, and Parallels Desktop.

Functional:

1. Virtual Machine Creation and Management:
2. Users should be able to create, start, stop, pause, and delete virtual machines.
3. Provide options for configuring VM settings such as CPU, memory, and networking.
4. Allow for automated provisioning and deployment of virtual machines.
5. Resource Allocation:
6. Allocate CPU, memory, storage, and network bandwidth to virtual machines based on their requirements.
7. Implement resource prioritization and scheduling algorithms to ensure fair and efficient resource utilization.
8. Support dynamic resource adjustment to accommodate changing workload demands.
9. Isolation:
10. Ensure strong isolation between virtual machines to prevent interference and maintain security.
11. Enforce memory and CPU isolation to prevent one VM from accessing another VM's resources.
12. Implement network isolation to prevent unauthorized communication between VMs.
13. Networking:
14. Provide virtual network interfaces, switches, and routers for inter-VM communication.
15. Support connectivity between virtual machines, host system, and external networks.
16. Implement network security measures such as firewalls and VLANs to protect VM traffic.
17. Snapshot and Cloning:
18. Enable users to take snapshots of virtual machines for backup and disaster recovery purposes.
19. Support cloning of virtual machines to create identical copies for scalability or testing purposes.
20. Ensure efficient storage management for storing snapshots and clones.
21. Monitoring and Management:
22. Monitor VM resource usage, performance metrics, and health status.
23. Provide administrators with dashboards and reports for monitoring the virtualized environment.
24. Support management operations such as live migration, VM migration, and resource scaling.

Non-Functional:

1. Performance:
2. Ensure minimal overhead for virtualization to maximize performance.
3. Optimize resource allocation and scheduling algorithms for low latency and high throughput.
4. Support hardware acceleration technologies (e.g., VT-x/AMD-V) for improved performance.
5. Scalability:
6. Scale the hypervisor system to support a large number of virtual machines and concurrent users.
7. Implement distributed management and resource pooling for horizontal scalability.
8. Reliability:
9. Ensure high availability of virtual machines and the hypervisor system.
10. Implement fault tolerance mechanisms to handle hardware failures and VM crashes gracefully.
11. Support automated failover and recovery procedures.
12. Security:
13. Enforce access control and authentication mechanisms to prevent unauthorized access to virtual machines and management interfaces.
14. Implement encryption for data in transit and at rest to protect against data breaches.
15. Regularly update and patch the hypervisor system to address security vulnerabilities.
16. Compatibility:
17. Ensure compatibility with a wide range of hardware platforms and guest operating systems.
18. Support industry-standard virtualization formats (e.g., VMDK, VHD) for VM images and snapshots.
19. Provide APIs and SDKs for integration with third-party management tools and cloud platforms.
20. Usability:
21. Design intuitive user interfaces for administrators and end-users.
22. Provide comprehensive documentation and training materials for system configuration and management.
23. Support remote management and monitoring capabilities for easy administration.

Capacity estimation

Estimate the scale of the system you are going to design...

API design

Define what APIs are expected from the system...

Database design

Defining the system data model early on will clarify how data will flow among different components of the system. Also you could draw an ER diagram using the diagramming tool to enhance your design...

High-level design

To design the high-level components of the Type 1 hypervisor system, we'll break down the architecture into several key components, each responsible for specific functions. Here's an overview:

1. Hypervisor Core:

The core of the hypervisor interacts directly with the physical hardware and manages virtual machines. It includes:

• Hardware Abstraction Layer (HAL): Interfaces directly with the hardware to abstract and manage resources such as CPU, memory, storage, and networking.
• Virtual Machine Monitor (VMM): Responsible for creating, managing, and monitoring virtual machines. It intercepts and handles privileged instructions from guest operating systems.
• Memory Management Unit (MMU): Manages memory virtualization, including address translation, page allocation, and memory protection for each virtual machine.

2. Virtual Machines:

Each virtual machine represents a guest operating system and associated applications running on the physical hardware. Key components include:

• Guest Operating Systems: Virtual instances of operating systems such as Windows, Linux, or others running within the virtual machine environment.
• Virtual Hardware Abstraction Layer (VHAL): Provides virtualized hardware interfaces to guest operating systems, abstracting physical hardware resources.

3. Resource Management:

Responsible for efficiently allocating and managing physical resources among virtual machines. Components include:

• Resource Allocator: Allocates CPU, memory, storage, and network resources based on VM requirements and policies.
• Scheduler: Manages CPU scheduling and allocation to ensure fair and efficient resource utilization among virtual machines.

4. Networking:

Facilitates network communication between virtual machines, host system, and external networks. Components include:

• Virtual Switches and Routers: Provides virtualized network infrastructure for inter-VM communication and connectivity to external networks.
• Network Interface Controller (NIC) Emulation: Enables virtual machines to access network resources by emulating physical network interface controllers.

5. Storage Management:

Manages storage resources for virtual machines, including virtual disks, snapshots, and backups. Components include:

• Virtual Disk Management: Manages virtual disk images and provides storage abstraction for virtual machines.
• Snapshot and Cloning Services: Supports the creation of snapshots for backup and cloning of virtual machines for scalability.

6. Monitoring and Management:

Monitors VM resource usage, performance metrics, and provides management tools for administrators. Components include:

• Monitoring Agent: Collects performance metrics and health status information from virtual machines and hypervisor components.
• Management Interface: Provides a user-friendly interface for administrators to configure, monitor, and manage the virtualized environment.

7. Security:

Implements security mechanisms to ensure VM isolation, integrity, and protection against threats. Components include:

• Security Module: Enforces access control, authentication, and encryption to prevent unauthorized access and protect sensitive data.
• Vulnerability Management: Regularly updates and patches the hypervisor system to address security vulnerabilities.

Request flows

When a virtual machine (VM) starts a CPU-intensive task, several interactions occur within the hypervisor to handle the request and ensure efficient execution. Here's a step-by-step flow describing what happens:

1. Task Initiation by VM:
2. The VM initiates a CPU-intensive task, such as running a computational algorithm or processing a large dataset.
3. Resource Request:
4. The VM sends a request to the hypervisor for CPU resources to execute the task. This request includes information about the task's resource requirements, such as CPU cores, memory, and any other necessary resources.
5. Hypervisor Resource Allocation:
6. The hypervisor receives the resource request from the VM and evaluates the available resources in the system.
7. Based on the task's requirements and the current system load, the hypervisor allocates CPU resources to the VM for executing the CPU-intensive task.
8. Scheduler Interaction:
9. The hypervisor's scheduler plays a crucial role in allocating CPU time to the VM's task.
10. The scheduler may use various scheduling algorithms (such as round-robin, weighted round-robin, or priority-based scheduling) to determine when and for how long the VM's task will be executed.
11. CPU Execution:
12. The allocated CPU resources are made available to the VM for executing the CPU-intensive task.
13. The VM's task starts executing on the assigned CPU cores, utilizing the CPU resources allocated by the hypervisor.
14. Monitoring and Management:
15. During task execution, the hypervisor's monitoring and management components continuously monitor the CPU usage, performance metrics, and health status of the VM and the system.
16. Performance metrics such as CPU utilization, memory usage, and task completion times are tracked to ensure optimal system performance.
17. Resource Adjustment (Optional):
18. If the CPU-intensive task significantly impacts the overall system performance or violates resource allocation policies, the hypervisor may dynamically adjust resource allocations.
19. This adjustment could involve reallocating CPU resources, adjusting task priorities, or taking corrective actions to maintain system stability and fairness.
20. Task Completion:
21. Once the CPU-intensive task completes its execution, the VM notifies the hypervisor of the task's completion.
22. The hypervisor releases the allocated CPU resources, making them available for other tasks or VMs in the system.
23. Feedback Loop:
24. The hypervisor may provide feedback to the VM regarding its resource usage, performance, and any system-wide impacts caused by the CPU-intensive task.
25. This feedback loop helps the VM optimize its resource utilization and performance in future task executions.

Throughout this flow, various components of the hypervisor, including the resource allocator, scheduler, monitoring, and management modules, interact to ensure efficient allocation of CPU resources, optimal task execution, and overall system stability.

Detailed component design

Scheduling Algorithm

The scheduler in a hypervisor is responsible for managing CPU resources and determining how to allocate CPU time among virtual machines (VMs) running on the system. It plays a critical role in ensuring fair and efficient utilization of CPU resources while meeting the performance requirements of each VM. Here's how the scheduler works and some common scheduling algorithms used in hypervisors:

How the Scheduler Works:

1. Resource Monitoring:
2. The scheduler continuously monitors the CPU usage of each VM and the overall system to determine resource demands and availability.
3. Scheduling Decisions:
4. Based on the current CPU usage and the scheduling policy in place, the scheduler decides which VMs should be allowed to run, for how long, and in what order.
5. Context Switching:
6. When switching between VMs, the scheduler performs a context switch, saving the state of the currently running VM and restoring the state of the next VM to be executed.
7. Prioritization:
8. Some scheduling algorithms prioritize VMs based on factors such as service level agreements (SLAs), priority levels assigned by administrators, or real-time requirements of applications running in the VM.
9. Fairness:
10. The scheduler aims to provide fair CPU allocation among VMs, ensuring that no VM monopolizes CPU resources at the expense of others.
11. Overhead Management:
12. The scheduler minimizes overhead associated with context switching and scheduling decisions to avoid unnecessary delays and resource wastage.

Gang Scheduling

While there are many other algorithms available. let's now discuss Gang Scheduling which is used by VMware HyperV. Gang scheduling is a technique used in parallel computing environments to schedule related tasks, or processes, to execute simultaneously across multiple processors or cores. The goal of gang scheduling is to ensure that all tasks within a group, or "gang," start and finish their execution together, maintaining synchronization and coherence among them.

How Gang Scheduling Works:

1. Task Grouping:
2. Gang scheduling requires tasks to be organized into groups, often referred to as gangs. These gangs typically consist of tasks that are related or have dependencies on each other's results.
3. Simultaneous Execution:
4. The gang scheduler ensures that all tasks within a gang start executing simultaneously across multiple processors or cores. This synchronization ensures that the tasks progress together and maintain data consistency.
5. Coordinated Execution:
6. During execution, the gang scheduler coordinates communication and synchronization among tasks within the gang. This coordination may involve exchanging data, sharing resources, or synchronizing access to shared data structures.
7. Completion Synchronization:
8. Gang scheduling ensures that all tasks within a gang finish their execution together. If any task within the gang completes or encounters an error, the gang scheduler may suspend or terminate the entire gang to maintain coherence.
9. Resource Allocation:
10. The gang scheduler allocates resources, such as CPU time and memory, to each task within the gang based on predefined policies or priorities. It aims to optimize resource utilization and performance while meeting the requirements of the parallel workload.

Benefits of Gang Scheduling:

• Improved Synchronization: Gang scheduling ensures that related tasks progress together, minimizing synchronization overhead and ensuring data consistency.
• Enhanced Performance: By coordinating the execution of related tasks, gang scheduling can improve overall system performance and throughput.
• Simplified Coordination: Gang scheduling simplifies the coordination and management of parallel tasks by treating them as a single unit, reducing complexity and overhead.

Networking

Inorder to enable virtual machines to interact with the internet, we have some more additional components in the Hypervisor which enable the networking. let's check 2 of the essential components and then consider a request flow example.

Virtual Switch:

• A virtual switch is a software-based networking component within a hypervisor that facilitates communication between virtual machines (VMs) and bridges traffic between virtual and physical networks.
• It acts as a traffic manager, directing network packets between VMs on the same host and between VMs and external devices connected to the physical network.
• Virtual switches include features such as port configuration, packet forwarding, security policies, and filtering to ensure efficient and secure network communication within the virtualized environment.
• By abstracting the complexities of physical network hardware, virtual switches enhance flexibility, scalability, and manageability in virtualized environments.

Virtual NIC Emulation:

• Virtual NIC emulation is the process of emulating virtual network interface controllers (NICs) for each VM hosted on a hypervisor, providing VMs with network connectivity and abstracting the underlying physical network hardware.
• It abstracts the physical NICs, allowing VMs to communicate with the virtualized network without direct access to physical hardware.
• Virtual NICs include software-based device drivers that translate network traffic generated by VMs into formats compatible with the virtualized network infrastructure.
• Through configuration and management tools, administrators can monitor and manage virtual NICs to ensure optimal network performance and security.

Incoming Requests to VM:

1. Network Interface Controller (NIC) Emulation:
2. The hypervisor emulates virtual NICs for each VM, allowing them to communicate over virtual networks.
3. Incoming network packets destined for a VM are received by the hypervisor's virtual NIC, which is associated with the respective VM.
4. Virtual Switching:
5. The hypervisor's virtual switch facilitates communication between VMs within the same virtual network and bridges traffic between virtual and physical networks.
6. When an incoming packet arrives, the virtual switch examines the packet's destination MAC address to determine the appropriate VM to forward the packet to.
7. Routing and Forwarding:
8. The virtual switch forwards incoming packets to the appropriate VM based on the destination MAC address contained in the packet header.
9. If the destination VM resides on a different host in a distributed environment, the hypervisor routes the packet to the destination host using network routing protocols or tunneling mechanisms.
10. Network Stack Processing:
11. Once the packet reaches the destination VM, the VM's network stack processes the packet, including protocol parsing, packet filtering, and higher-layer processing.

Outgoing Requests from VM:

1. Packet Generation:
2. When a VM initiates an outgoing network request (e.g., sending a packet to a remote server), the packet is generated by the VM's network stack.
3. Virtual NIC:
4. The packet is handed over to the hypervisor's virtual NIC associated with the source VM.
5. Virtual Switching:
6. The virtual switch forwards the outgoing packet to the appropriate physical or virtual network interface based on the packet's destination.
7. Physical Network Interface:
8. If the outgoing packet is destined for a device outside the virtualized environment (e.g., the internet), the hypervisor forwards the packet to the physical network interface connected to the external network.
9. Network Routing:
10. The hypervisor may perform network address translation (NAT) or routing to ensure that outgoing packets reach their intended destinations outside the virtualized environment.

Trade offs/Tech choices

Explain any trade offs you have made and why you made certain tech choices...

Failure scenarios/bottlenecks

Try to discuss as many failure scenarios/bottlenecks as possible.

Future improvements

What are some future improvements you would make? How would you mitigate the failure scenario(s) you described above?