Server virtualization is a watershed IT technology because it lets a single physical computer run multiple operating systems, vastly increasing rates of CPU use. But server virtualization also is a highly complex process, and many vendors over the years have been stymied in their attempts to create good virtual machine software. VMware, on the other hand, figured out how to build a binary translator that scans the issue of privilege-instructions processors to operating systems and rewrites the ones that can't be virtualized.
Essentially, VMware's early virtualization software tricked the operating system, Gammage says. Earlier processors contain four privilege levels, which create security Relevant Products/Services boundaries -- they're like one-way doors, he says. A process running in Ring 1 had to ask Ring 0 for permission to access objects to which Ring 1 normally wouldn't have access. Under this setup, virtualization software "fools" an operating system into thinking it's running at Ring 0 -- the most privileged ring -- when it's really not.
Hardware-assisted virtualization changes all this by doubling the number of a processor's privilege levels. If the chip Relevant Products/Services has a greater number of privilege levels, modifying the operating system becomes unnecessary, Gammage says.
I think I'll soon write a couple of posts about the future of virtualization and where VMware, Microsoft, Hitachi, IBM, Sun all fit in. This eco-system is evolving heavily, so don't bet on the leading horse, the race has only begun!
Link
Comments
Post a Comment