Wednesday, June 18, 2008

HyperV - Architecture

Hyper-V supports isolation in terms of a partition. A partition is a logical unit of isolation, supported by the hypervisor, in which operating systems execute. A hypervisor instance has to have at least one root partition, running Windows Server 2008. The virtualization stack runs in the root partition and has direct access to the hardware devices. The root partition then creates the child partitions which hosts the guests OSs. A child partition can also spawn further child partitions of their own. A parent partition creates child partitions using the hypercall API, which is the application programming interface exposed by Hyper-V.

A virtualized partition does not have access to the physical processor, nor does it handle its real interrupts. Instead, they have a virtual view of the processor and run in Guest Virtual Address, which depending on the configuration of the hypervisor, may or may not be the entire virtual address space. A hypervisor may choose to expose only a subset of the processors to each partition. The hypervisor handles the interrupts to the processor, and redirects them to the respective partition using a logical Synthetic Interrupt Controller (SynIC). Hyper-V can hardware accelerate the address translation between various Guest Virtual Address-spaces by using an IOMMU (I/O Memory Management Unit) which operates independent of the memory management hardware used by the CPU.

Child partitions do not have direct access to hardware resources, instead they have a virtual view of the resources, in terms of virtual devices. Any request to the virtual devices is redirected via the VMBus to the devices in the parent partition, which will manage the requests. The VMBus is a logical channel which enables inter-partition communication. The response is also redirected via the VMBus. If the devices in the parent partition are also virtual devices, it will be redirected further till it reaches the root partition, where it will gain access to the physical devices. Parent partitions run a Virtualization Service Provider (VSP) which connects to the VMBus and handles device access requests from child partitions. Child partition virtual devices internally run Virtualization Service Client (VSC) which redirect the request to VSPs in the parent partition via the VMBus. This entire process is transparent to the guest OS.

Virtual Devices can also take advantage of a Windows Server Virtualization feature, named Enlightened I/O, for storage, networking and graphics subsystems, among others. Enlightened I/O is specialized virtualization-aware implementation of high level communication protocols like SCSI to take advantage of VMBus directly, bypassing any device emulation layer. This makes the communication more efficient but requires the guest OS to support Enlightened I/O.



No comments: