Temporal isolation among virtual machines
Encyclopedia
Temporal isolation or performance isolation among virtual machine (VMs) refers to the capability of isolating the temporal behavior
(or limiting the temporal interferences) of multiple VMs among each other, despite them running on the same physical host and sharing a set of physical resources such as processors, memory, and disks.
in server consolidation, is the possibility to seamlessly "pack" multiple under-utilized systems into a single physical host, thus achieving a better overall utilization of the available hardware resources. In fact, an entire Operating System
(OS), along with the applications running within, can be run in a virtual machine
(VM).
However, when multiple VMs concurrently run on the same physical host, they share the available physical resources, including CPU(s), network adapter(s), disk(s) and memory. This adds a level of unpredictability in the performance that may be exhibited by each individual VM, as compared to what is expected. For example, a VM with a temporary compute-intensive peak might disturb the other running VMs, causing a significant and undesirable temporary drop in their performance. In a world of computing that is shifting towards cloud computing
paradigms where resources (computing, storage, networking) may be remotely rented in virtualized form under precise service-level agreements, it would be highly desirable that the performance of the virtualized resources be as stable and predictable as possible.
across the concurrently running VMs, at the various critical levels of scheduling
: CPU scheduling, network scheduling and disk scheduling.
For the CPU, it is possible to use proper scheduling techniques at the hypervisor level in order to contain the amount of computing each VM may impose on a shared physical CPU or core. For example, on the Xen
hypervisor, the BVT, Credit-based and S-EDF schedulers have been proposed for controlling how the computing power is distributed among competing VMs .
In order to obtain a stable performance of virtualized applications, it is necessary to use those scheduler configurations which are not work-conserving.
Also, on the KVM
hypervisor, it has been proposed to use EDF-based scheduling strategies
in order to keep a stable and predictable performance of virtualized applications
. Finally, with a multi-core or multi-processor physical host, it is possible to deploy each VM on a separate processor or core, in order to temporally isolate the performance of various VMs.
For the network, it is possible to use traffic shaping
techniques in order to limit the amount of traffic that each VM may impose on the host. Also, it is possible to install multiple network adapters on the same physical host, and configure the virtualization layer so that each VM may grant exclusive access to each one of them. For example, this is possible with the driver domains of the Xen hypervisor. Multi-queue network adapters exist which support multiple VMs at the hardware level, having separate packet queues associated to the different hosted VMs (by means of the IP addresses of the VMs), such as the Virtual Machine Device Queue (VMDq) devices by Intel. Finally, real-time scheduling of the CPU may also be used for enhancing temporal isolation of network traffic from multiple VMs deployed on the same CPU.
When using real-time scheduling strategies for controlling the amount of CPU reserved to each VM, a challenging problem is the one of how to properly account for the CPU time spent in system-wide activities which might not be easy to account to each VM. For example, in the case of the Xen scheduler, the Dom0 and the driver domains services might be shared across multiple VMs accessing them. Similarly, in the case of the KVM hypervisor, the workload imposed on the host OS due to serving network traffic for each individual guest OS might not be easily distinguishable, because it mainly involves kernel-level device drivers and the networking infrastructure (on the host OS). Some techniques for mitigating such problems have been proposed for the Xen case
.
Along the lines of adaptive reservations, it is possible to apply feedback-control strategies in order to dynamically adapt the amount of resources reserved to each virtual machine, in order to keep a stable performance level for the virtualized application(s)
.
Following the trend of adaptiveness, in those cases in which a virtualized system is not fulfilling the expected performance levels (either due to unforeseen interferences of other concurrently running VMs, or due to a bad deployment strategy that simply picked up a machine with insufficient hardware resources), it is possible to live-migrate
virtual machines while they are running, so as to host them on a more capable (or less loaded) physical host.
Temporal isolation
In computer science, temporal isolation is the capability of a set of processes running on the same node to run without interferences concerning their temporal constraints among each other....
(or limiting the temporal interferences) of multiple VMs among each other, despite them running on the same physical host and sharing a set of physical resources such as processors, memory, and disks.
Introduction to the problem
One of the key advantages of using virtualizationHardware virtualization
Computer hardware virtualization is the virtualization of computers or operating systems. It hides the physical characteristics of a computing platform from users, instead showing another abstract computing platform...
in server consolidation, is the possibility to seamlessly "pack" multiple under-utilized systems into a single physical host, thus achieving a better overall utilization of the available hardware resources. In fact, an entire Operating System
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
(OS), along with the applications running within, can be run in a virtual machine
Virtual machine
A virtual machine is a "completely isolated guest operating system installation within a normal host operating system". Modern virtual machines are implemented with either software emulation or hardware virtualization or both together.-VM Definitions:A virtual machine is a software...
(VM).
However, when multiple VMs concurrently run on the same physical host, they share the available physical resources, including CPU(s), network adapter(s), disk(s) and memory. This adds a level of unpredictability in the performance that may be exhibited by each individual VM, as compared to what is expected. For example, a VM with a temporary compute-intensive peak might disturb the other running VMs, causing a significant and undesirable temporary drop in their performance. In a world of computing that is shifting towards cloud computing
Cloud computing
Cloud computing is the delivery of computing as a service rather than a product, whereby shared resources, software, and information are provided to computers and other devices as a utility over a network ....
paradigms where resources (computing, storage, networking) may be remotely rented in virtualized form under precise service-level agreements, it would be highly desirable that the performance of the virtualized resources be as stable and predictable as possible.
Possible solutions
Multiple techniques may be used to face with the aforementioned problem. They aim to achieve some degree of temporal isolationTemporal isolation
In computer science, temporal isolation is the capability of a set of processes running on the same node to run without interferences concerning their temporal constraints among each other....
across the concurrently running VMs, at the various critical levels of scheduling
Scheduling (computing)
In computer science, a scheduling is the method by which threads, processes or data flows are given access to system resources . This is usually done to load balance a system effectively or achieve a target quality of service...
: CPU scheduling, network scheduling and disk scheduling.
For the CPU, it is possible to use proper scheduling techniques at the hypervisor level in order to contain the amount of computing each VM may impose on a shared physical CPU or core. For example, on the Xen
Xen
Xen is a virtual-machine monitor providing services that allow multiple computer operating systems to execute on the same computer hardware concurrently....
hypervisor, the BVT, Credit-based and S-EDF schedulers have been proposed for controlling how the computing power is distributed among competing VMs .
In order to obtain a stable performance of virtualized applications, it is necessary to use those scheduler configurations which are not work-conserving.
Also, on the KVM
KVM
KVM can mean:* K. V. Mahadevan, South Indian music composer* Kalamazoo Valley Museum, a museum in Kalamazoo, Michigan* Kheti Virasat Mission, a farmers' movement in Punjab* KV Mechelen, a Belgian football club...
hypervisor, it has been proposed to use EDF-based scheduling strategies
in order to keep a stable and predictable performance of virtualized applications
. Finally, with a multi-core or multi-processor physical host, it is possible to deploy each VM on a separate processor or core, in order to temporally isolate the performance of various VMs.
For the network, it is possible to use traffic shaping
Traffic shaping
Traffic shaping is the control of computer network traffic in order to optimize or guarantee performance, improve latency, and/or increase usable bandwidth for some kinds of packets by delaying other kinds of packets that meet certain criteria...
techniques in order to limit the amount of traffic that each VM may impose on the host. Also, it is possible to install multiple network adapters on the same physical host, and configure the virtualization layer so that each VM may grant exclusive access to each one of them. For example, this is possible with the driver domains of the Xen hypervisor. Multi-queue network adapters exist which support multiple VMs at the hardware level, having separate packet queues associated to the different hosted VMs (by means of the IP addresses of the VMs), such as the Virtual Machine Device Queue (VMDq) devices by Intel. Finally, real-time scheduling of the CPU may also be used for enhancing temporal isolation of network traffic from multiple VMs deployed on the same CPU.
When using real-time scheduling strategies for controlling the amount of CPU reserved to each VM, a challenging problem is the one of how to properly account for the CPU time spent in system-wide activities which might not be easy to account to each VM. For example, in the case of the Xen scheduler, the Dom0 and the driver domains services might be shared across multiple VMs accessing them. Similarly, in the case of the KVM hypervisor, the workload imposed on the host OS due to serving network traffic for each individual guest OS might not be easily distinguishable, because it mainly involves kernel-level device drivers and the networking infrastructure (on the host OS). Some techniques for mitigating such problems have been proposed for the Xen case
.
Along the lines of adaptive reservations, it is possible to apply feedback-control strategies in order to dynamically adapt the amount of resources reserved to each virtual machine, in order to keep a stable performance level for the virtualized application(s)
.
Following the trend of adaptiveness, in those cases in which a virtualized system is not fulfilling the expected performance levels (either due to unforeseen interferences of other concurrently running VMs, or due to a bad deployment strategy that simply picked up a machine with insufficient hardware resources), it is possible to live-migrate
Live Migration
Live migration allows a server administrator to move a running virtual machine or application between different physical machines without disconnecting the client or application...
virtual machines while they are running, so as to host them on a more capable (or less loaded) physical host.