Hypertracing: Tracing through virtualization layers

Cloud computing enables on-demand access to remote computing resources. It provides dynamic scalability and elasticity with a low upfront cost. As the adoption of this computing model is rapidly growing, this increases the system complexity, since virtual machines (VMs) running on multiple virtualization layers become very difficult to monitor without interfering with their performance. In this paper, we present hypertracing, a novel method for tracing VMs by using various paravirtualization techniques, enabling efficient monitoring across virtualization boundaries. Hypertracing is a monitoring infrastructure that facilitates seamless trace sharing among host and guests. Our toolchain can detect latencies and their root causes within VMs, even for boot-up and shutdown sequences, whereas existing tools fail to handle these cases. We propose a new hypervisor optimization, for handling efficient nested paravirtualization, which allows hypertracing to be enabled in any nested environment without triggering VM exit multiplication. This is a significant improvement over current monitoring tools, with their large I/O overhead associated with activating monitoring within each virtualization layer

Virtual Organization Clusters: Self-Provisioned Clouds on the Grid

Virtual Organization Clusters (VOCs) provide a novel architecture for overlaying dedicated cluster systems on existing grid infrastructures. VOCs provide customized, homogeneous execution environments on a per-Virtual Organization basis, without the cost of physical cluster construction or the overhead of per-job containers. Administrative access and overlay network capabilities are granted to Virtual Organizations (VOs) that choose to implement VOC technology, while the system remains completely transparent to end users and non-participating VOs. Unlike alternative systems that require explicit leases, VOCs are autonomically self-provisioned according to configurable usage policies. As a grid computing architecture, VOCs are designed to be technology agnostic and are implementable by any combination of software and services that follows the Virtual Organization Cluster Model. As demonstrated through simulation testing and evaluation of an implemented prototype, VOCs are a viable mechanism for increasing end-user job compatibility on grid sites. On existing production grids, where jobs are frequently submitted to a small subset of sites and thus experience high queuing delays relative to average job length, the grid-wide addition of VOCs does not adversely affect mean job sojourn time. By load-balancing jobs among grid sites, VOCs can reduce the total amount of queuing on a grid to a level sufficient to counteract the performance overhead introduced by virtualization

Development of a virtualization systems architecture course for the information sciences and technologies department at the Rochester Institute of Technology (RIT)

Virtualization is a revolutionary technology that has changed the way computing is performed in data centers. By converting traditionally siloed computing assets to shared pools of resources, virtualization provides a considerable number of advantages such as more efficient use of physical server resources, more efficient use of datacenter space, reduced energy consumption, simplified system administration, simplified backup and disaster recovery, and a host of other advantages. Due to the considerable number of advantages, companies and organizations of various sizes have either migrated their workloads to virtualized environments or are considering virtualization of their workloads. As per Gartner Magic Quadrant for x86 Server Virtualization Infrastructure 2013 , roughly two-third of x86 server workloads are virtualized [1]. The need for virtualization solutions by companies and organizations has increased the demand for qualified virtualization professionals for planning, designing, implementing, and maintaining virtualized infrastructure of different scales. Although universities are the main source for educating IT professionals, the field of information technology is so dynamic and changing so rapidly that not all universities can keep pace with the change. As a result, providing the latest technology that is being used in the information technology industry in the curriculums of universities is a big advantage for information technology universities. Taking into consideration the trend toward virtualization in computing environments and the great demand for virtualization professionals in the industry, the faculty of Information Sciences and Technologies department at RIT decided to prepare a graduate course in the master\u27s program in Networking and System Administration entitled Virtualization Systems Architecture , which better prepares students to a find a career in the field of enterprise computing. This research is composed of five chapters. It starts by briefly going through the history of computer virtualization and exploring when and why it came into existence and how it evolved. The second chapter of the research goes through the challenges in virtualization of the x86 platform architecture and the solutions used to overcome the challenges. In the third chapter, various types of hypervisors are discussed and the advantages and disadvantages of each one are discussed. In the fourth chapter, the architecture and features of the two leading virtualization solutions are explored. Then in the final chapter, the research goes through the contents of the Virtualization Systems Architecture course

Exposing Inter-Virtual Machine Networking Traffic to External Applications

Virtualization is a powerful and fast growing technology that is widely accepted throughout the computing industry. The Department of Defense has moved its focus to virtualization and looks to take advantage of virtualized hardware, software, and networks. Virtual environments provide many benefits but create both administrative and security challenges. The challenge of monitoring virtual networks is having visibility of inter-virtual machine (VM) traffic that is passed within a single virtual host. This thesis attempts to gain visibility and evaluate performance of inter-VM traffic in a virtual environment. Separate virtual networks are produced using VMWare ESXi and Citrix XenServer platforms. The networks are comprised of three virtual hosts containing a Domain Controller VM, a Dynamic Host Configuration Protocol server VM, two management VMs, and four testing VMs. Configuration of virtual hosts, VMs, and networking components are identical on each network for a consistent comparison. Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) traffic is generated to test each network using custom batch files, Powershell scripts, and Python code. Results show standard virtual networks require additional resources (e.g., local Intrusion Detection System) and more hands-on administration for real-time traffic visibility than a virtual network using a distributed switch. Traffic visibility within a standard network is limited to using a local packet capture program such as pktcap-uw, tcpdump, or windump. However, distributed networks offer advanced options, such as port mirroring and NetFlow, that deliver higher visibility but come at a higher latency for both TCP and UDP inter-VM traffic

How Virtualized Environments Affect Computer Forensics

Virtualized environments can make forensics investigation more difficult. Technological advances in virtualization tools essentially make removable media a PC that can be carried around in a pocket or around a neck. Running operating systems and applications this way leaves very little trace on the host system. This paper will explore all the newest methods for virtualized environments and the implications they have on the world of forensics. It will begin by describing and differentiating between software and hardware virtualization. It will then move on to explain the various methods used for server and desktop virtualization. Next, it will describe the fundamentals of a traditional forensic investigation and explain how virtualization affects this process. Finally, it will describe the common methods to find virtualization artifacts and identify virtual activities that affect the examination process. Keywords: Hardware-assisted, Hypervisor, Para-virtualization, Virtual Machine, virtualization, VMware, Moka5, MojoPac, Portable Virtual Privacy Machine, VirtualBox

Surveillance et analyse de machine virtuelle assistée par l'hôte

L’arrivée des extensions de processeurs Intel VMX et AMD SVM ont rendu possible la virtualisation de la plateforme x86 en exécutant des systèmes invités non modifiés. Les technologies de virtualisation telles que KVM et Xen sont devenues de plus en plus populaires et sont largement adoptées par l’industrie et les groupes de recherche pour une variété d’applications. Les systèmes virtualisés bénéficient de l’isolation virtuelle offerte par la virtualisation, ce qui donne l’illusion du contrôle absolu sur les ressources de l’hôte. Cette isolation affecte la performance de toute application s’exécutant dans un environnement de machine virtuelle, principalement en raison du surcoût induit par les interactions avec l’hyperviseur et aussi les interactions avec d’autres machines virtuelles cohabitant sur la même machine. Cependant, il est possible de bénéficier de cette fonctionnalité pour investiguer des causes profondes de dégradation de performance pendant que le système passe par des phases critiques comme le démarrage et l’arrêt, ce qui est très difficile à surveiller dans un environnement non virtualisé. L’objectif de cette étude est de fournir une infrastructure de surveillance basée sur des techniques de paravirtualisation qui facilite la collaboration entre l’hôte et les invités et permet ainsi une détection précise des temps de latence. Pour atteindre cet objectif, nous utilisons des canaux de communication, l’hypercall et la mémoire partagée, des techniques basées sur la paravirtualisation que nous avons développées dans le traceur Ftrace. Notre approche fonctionne à travers l’infrastructure de l’hyperviseur pour faciliter le partage des données des systèmes invités, sans recourir aux opérations d’E/S utilisant le réseau et le disque, car les deux ne sont pas disponibles pendant le démarrage ou l’arrêt de la VM. De plus, en utilisant ces opérations d’E/S, les machines virtuelles souffrent d’une baisse significative des performances. Enfin, nous avons développé une optimisation KVM afin de supprimer la multiplication de sortie et permettre à notre approche de surveiller efficacement les environnements imbriqués.----------ABSTRACT: The introduction of hardware-assisted virtualization capabilities support, in both Intel VMX and AMD SVM processor extensions, made x86 virtualization possible while running unmodified OS guests. Virtualization technologies such as KVM and Xen have become increasingly popular, and are widely adopted by industry and researchers for a variety of applications. Virtualized systems benefit from the virtual isolation offered by virtualization, which gives the illusion of absolute control over the host resources. This isolation impact the performance of any application running in a virtual machine environment, mostly because of the overhead induced from interactions happening with the host hypervisor and other co-located virtual machines. However, it is possible to benefit from virtualization features to find the root cause of performance problems while a system is executing in critical phases like boot-up and shutdown. During these phases, very few communication channels are available (e.g. only serial ports) and it is very difficult to monitor the execution in a non-virtualized environment. The objective of this study is to provide a paravirtualization-based monitoring infrastructure which facilitates host and guest collaboration and enables accurate latency detection. To accomplish this objective, we use hypercall and shared memory communication channels, a paravirtualization-based technique that we developed within the Ftrace tracer. Our approach relies on the hypervisor infrastructure to allow the guest trace data to be shared without relying on I/O operations from devices like the network and disk, because neither is available while a VM is booting up or shutting down. Moreover, when using I/O operations, VMs suffer from a significant performance drop. Finally, we developed a KVM optimization in order to remove exit multiplication and enable our approach to efficiently monitor nested environments