Mobycast

Back in January 2018, Jon, Rich and Chris were having lunch together in Denver. The subject of virtualization came up, and Rich said he was confused on the difference between containers and virtual machines. As we answered Rich's question, we realized that explaining a complicated technical concept in a straight-forward manner would make for a great podcast format. And thus the idea of Mobycast was formed.
When we first discussed "Virtual Machines vs. Containers" in episode 1, we got most of it right, but there were some inconsistencies and holes. We didn't prepare as well as we should have for that first episode, and frankly, it shows. Now, more than 80 episodes later, we have learned a lot and expect more of ourselves. So, it's time for a "do over" on episode 1.
In this episode of Mobycast, Jon and Chris kick off a four-part series on virtual machines, containers and how they compare. We revisit this important subject to fill in the gaps, and dive a whole LOT deeper this time around.

Show Notes

Sponsor

Show Details

In this episode, we cover the following topics:
  • VMs vs containers - why revisit?
    • Originally talked about this in episode 1
      • Got most of it right, but some inconsistencies/holes
      • Let's revisit to fill in the gaps, and dive a whole LOT deeper this time around
  • Types of virtualization
    • Full virtualization ("virtual machines")
      • Simulates enough hardware to allow an unmodified "guest" OS to be run in isolation
      • Resources of computer are partitioned via hypervisor
      • Examples:
        • VMWare, Parallels, VirtualBox, Hyper-V
    • Operating-system-level virtualization ("containers")
      • Resources of computer are partitioned via the kernel
        • "Guest" OSes share same running instance of OS as the host system
      • Based on the virtualization, isolation, and resource management mechanisms provided by the Linux kernel
        • namespaces and cgroups
      • Examples:
        • Docker, LXC, FreeBSD jails
  • Hypervisors
    • Also known as a Virtual Machine Manager (VMM)
    • Creates and runs virtual machines
      • It is a process that separates OS and apps from underlying physical hardware
      • Multiple VMs share virtualized hardware resources
    • When you create a new VM, the following happens:
      • Hypervisor allocates memory and CPU space for VMs exclusive use
      • Complete OS is installed onto the VM
      • The VM's OS communicates with the hypervisor to perform tasks
    • Host OS is able to see all physical hardware, whereas guest OS (VM) can only see hardware to which hypervisor has granted access
    • Two types of hypervisors
      • Type 1 (also called "native" or "bare metal" hypervisors)
        • Run directly on the host’s hardware to control the hardware and manage the guest VMs
          • runs in ring 0
        • Are an OS themselves (simple OS on top of which you run VMs)
          • the physical machine the hypervisor is running on serves only for virtualization purposes
            • Exceptions: Hyper-V, KVM
        • Examples
          • Xen, Microsoft Hyper-V, VMware ESX/ESXi
      • Type 2 (also called "hosted" hypervisors)
        • Run on conventional OS, just like other apps
        • Guest OS runs as a process on the host
        • Hypervisor separates the guest OS from the host OS
        • Examples
          • VirtualBox, Parallels
    • Protection levels (rings)
      • x86 family of CPUs provide a range of protection levels also known as rings
        • Ring 0 has the highest level privilege (kernel/supervisor)
        • Ring 3 lowest level (applications)
      • Hypervisor occupies ring 0 of CPU
      • Kernels for any guest operating systems running on the system must run in less privileged CPU rings
        • But most OS kernels are written explicitly to run in ring 0
        • Techniques to deal with this:
          • Full virtualization
            • hypervisor provides CPU emulation to handle ring 0 operations made by unmodified guest OS kernels
            • emulation process requires both time and system resources
              • inferior performance
          • Paravirtualization
            • Technique in which hypervisor provides an API and the OS of the guest VM calls that API
            • Requires guest OS to be modified (to make API calls)
              • Replace any privileged operations that will only run in ring 0 of the CPU with calls to the hypervisor ("hypercalls")
            • Allows tasks to run in host OS (instead of in guest OS where performance would be worse)
          • Hardware virtualization
            • Requires a CPU with hardware virtualization extensions, such as Intel VT or AMD-V
              • Intel virtualization (VT-x)
                • Virtual Machine Extensions
                • Adds ten new instructions
                  • VMPTRLD, VMPTRST, VMCLEAR, VMREAD, VMWRITE, VMCALL, VMLAUNCH, VMRESUME, VMXOFF, and VMXON.
                  • These instructions permit entering and exiting a virtual execution mode where the guest OS perceives itself as running with full privilege (ring 0), but the host OS remains protected.
            • Reduces/eliminates any OS modifications in guest OS
            • Provides an additional privilege mode above ring 0 in which the hypervisor can operate
              • essentially leaving ring 0 available for unmodified guest OSes
            • Better performance than paravirtualization
Links
End Song
Time for Trees - Sad Livin in the (New York) City - (David Last Remix)


For a full transcription of this episode, please visit the episode webpage.

We'd love to hear from you! You can reach us at:

What is Mobycast?

A Podcast About Cloud Native Software Development, AWS, and Distributed Systems