Emerging trend of multi-core servers promises to be the panacea for all data-center issues with system virtualization as the enabling technology. System virtualization allows creation of independent virtual machines, complete with their individual operating systems, software and applications. This provides total system isolation of the virtual machines. The key driver for virtualization adoption in data-centers will be virtual machine performance and security isolation that can be achieved over a consolidated server with shared resources. This work identies the basic requirements for performance isolation of virtual machines on such servers. The consolidation focus is on enterprise workloads that are a mix of compute and I/O intensive workloads. Based on the observed lacunae, an end-to-end system virtualization architecture is proposed and evaluated. The proposal takes a holistic view of the end-to-end architecture from an application’s perspective. We re-look at the I/O virtualization architectures, with NIC as a specific example and present an end-to-end NIC irtualization architecture that aims to fulfill the three listed virtualization goals, namely efficiency, isolation and safety. The I/O virtualization architecture is achieved using hardware defined reconfigurable virtual device interface (HDReconfig-VDI). The HDReconfig-VDI enhances I/O device to support reconfigurable virtual device context in hardware so as to enable concurrent device access through time-sharing. The proposed architecture enhances I/O device virtualization to enable separation of device management from device access by building device protection mechanisms into the physical device and manageability into the virtual machine monitor. Evaluation results indicate throughput improvement for the proposedarchitecture, with an equivalent reduction in CPU utilization overheads due to virtualization. Enabling independent virtual device context on the hardware also improves resource usage controls. Furthermore, involving the physical device in access management of the virtual device provides better security management. By virtue of studying and evaluating I/Ovirtualization architectures we conclude that designing systems from an end-to-end perspective enables greater exibility in managing resources for virtualization and delivering additional bene ts of performance and security. We observe that both the characteristics, performance and security, can be handled with simple, elegant constructs that are built onhardware APIs.
- J. Lakshmi and S. K. Nandy, Modeling Architecture-OS Interactions using Layered Queuing Network Models, in the Proceedings of the 10th International Conference on the High Performance Computing Asia, Khaosiung, Taiwan, March 2-5, 2009 (PDF, Presentation)
- J. Lakshmi and S. K. Nandy, I/O Device Virtualization in the Multi-core era, a QoS perspective, in the Proceedings of the 4th International Conference on Grids and Pervasive Computing, as part of the 1st International Workshop on Grids, Clouds and Virtualization, Geneva, Switzerland, May 4-8, 2009 (PDF, Presentation)
- J. Lakshmi and S. K. Nandy, Is I/O Virtualization Ready for End-to-End Application Performance?, in the Proceedings of 17th International Conference on Advanced Computing and Communications, Bangalore, India, December 14-17, 2009 (PDF, Presentation)
- J. Lakshmi and S. K. Nandy, Quality of Service for I/O workloads in Multi-core Virtualized Servers, Book Chapter in Grids, Clouds and Virtualization, Springer-UK Publication, 2010 (PDF)
- J. Lakshmi and S. K. Nandy, I/O Virtualization Architecture for Security, in the Proceedings of the International Workshop on Virtualization Technology, held in conjunction with the 7th ICESS, Bradford, Leeds, UK, June 22-30, 2010 (PDF, Presentation)
This project was partially supported by a grant from ANRC under the project titled “Network Partitioning”.