Hypervisors, virtualization, and the cloud: Dive into the KVM hypervisor

This article describes the features, deployment processes, and VM management issues for the KVM (Kernel-based Virtual Machine) hypervisor. KVM is a virtualization infrastructure for the Linux kernel that supports native virtualization on processors with hardware virtualization extensions. Originally, it supported x86 processors, but it now supports a wide variety of processors and guest operating systems including many variations of Linux, BSD, Solaris, Windows, Haiku, ReactOS, and the AROS Research Operating System (there's even a modified version of Qemu that can use KVM to run Mac OS X).

System virtualization is most commonly implemented with hypervisor technology; hypervisors are software or firmware components that are able to virtualize system resources. In this series, the author provides a round-up look at the features, deployment processes, and VM management issues for five hypervisors that help establish system virtualization within the cloud — PowerVM™, VMware ESX Server, Xen, KVM, and z/VM®.

Share:

Bhanu P Tholeti (btholeti@in.ibm.com), Systems Engineer and Architect, IBM

Bhanuprakash has worked in the software industry for the past 10 years on various technologies and products such as application development for Pocket PCs, web-based applications, video streaming solutions, and products like Tivoli Workload Scheduler, WebSphere Data Interchange, Tivoli Service Automation Manager, and Tivoli Provisioning Manager. He is part of IBM SmartCloud Enterprise+, working on cloud infrastructures and hypervisors.



23 September 2011

Also available in Chinese Russian Japanese

About this series

This series starts with a background on hypervisor types and system virtualization, and then describes the features of five hypervisors, their deployment processes, and the management issues you might encounter.

Use this series as a simple starting point for understanding the hypervisor's role in virtualization in the cloud or explore the individual articles to help you determine which hypervisor is best suited for your cloud needs.

What to know to start

The Kernel-based Virtual Machine (KVM) is a full native virtualization solution for Linux on x86 hardware containing virtualization extensions (Intel VT or AMD-V). Limited support for paravirtualization is also available for Linux and Windows guests in the form of a paravirtual network driver.

KVM is currently designed to interface with the kernel via a loadable kernel module. Operating system versions supported include a wide variety of guest operating systems like Linux, BSD, Solaris, Windows, Haiku, ReactOS, and AROS Research Operating System. A patched version of KVM (qemu) is able to run on Mac OS X.

Note: KVM does not perform any emulation itself; instead, a user-space program uses the /dev/kvm interface to set up a guest virtual server's address space, feed it simulated I/O, and map its video display back onto the host's display.

Figure 1 shows the KVM architecture.

Figure 1. The KVM architecture
KVM architecture

Paravirtualization

Paravirtualization is a virtualization technique that presents a software interface to the virtual machines that is similar to but not identical to that of the underlying hardware. The intent of this modified interface is to reduce the portion of the guest operating system's execution time that is spent performing operations which are substantially more difficult to run in a virtual environment compared to a non-virtualized environment.

There are specially defined "hooks" that allow the guest and host to request and acknowledge these difficult tasks that would otherwise be executed in the virtual domain, where execution performance is slower.

In the KVM architecture, the virtual machine is implemented as regular Linux process, scheduled by the standard Linux scheduler. In fact, each virtual CPU appears as a regular Linux process. This allows KVM to benefit from all the features of the Linux kernel.

Device emulation is handle by a modified version of qemu that provides an emulated BIOS, PCI bus, USB bus, and a standard set of devices such as IDE and SCSI disk controllers, network cards, etc.


Features

The following features are key to KVM.

Security

Since a virtual machine is implemented as a Linux process, it leverages the standard Linux security model to provide isolation and resource controls. The Linux kernel uses SELinux (Security-Enhanced Linux) to add mandatory access controls, multi-level and multi-category security, and to handle policy enforcement. SELinux provides strict resource isolation and confinement for processes running in the Linux kernel.

The SVirt project — a community effort attempting to integrate Mandatory Access Control (MAC) security and Linux-based virtualization (KVM) — builds on SELinux to provide an infrastructure to allow an administrator to define policies for virtual machine isolation. Out of the box, SVirt ensures that a virtual machines resources cannot be accessed by any other process (or virtual machine); this can be extended by the sysadmin to define fine-grained permissions; for example, to group virtual machines together to share resources.

Memory management

KVM inherits powerful memory management features from Linux. The memory of a virtual machine is stored the same as memory is for any other Linux process and can be swapped, backed by large pages for better performance, shared, or backed by a disk file. NUMA support (Non-Uniform Memory Access, memory design for multiprocessors) allows virtual machines to efficiently access large amounts of memory.

KVM supports the latest memory virtualization features from CPU vendors with support for Intel's Extended Page Table (EPT) and AMD's Rapid Virtualization Indexing (RVI) to deliver reduced CPU utilization and higher throughput.

Memory page sharing is supported through a kernel feature called Kernel Same-page Merging (KSM). KSM scans the memory of each virtual machine and where virtual machines have identical memory pages, KSM merges these into a single page that it shares between the virtual machines, storing only a single copy. If a guest attempts to change this shared page, it will be given its own private copy.

Storage

KVM is able to use any storage supported by Linux to store virtual machine images, including local disks with IDE, SCSI and SATA, Network Attached Storage (NAS) including NFS and SAMBA/CIFS, or SAN with support for iSCSI and Fibre Channel. Multipath I/O may be used to improve storage throughput and to provide redundancy.

Again, because KVM is part of the Linux kernel, it can leverage a proven and reliable storage infrastructure with support from all leading storage vendors; its storage stack has a proven record in production deployments.

KVM also supports virtual machine images on shared file systems such as the Global File System (GFS2) to allow virtual machine images to be shared between multiple hosts or shared using logical volumes. Disk images support thin provisioning allowing improved storage utilization by only allocating storage when it is required by the virtual machine rather than allocating the entire storage upfront. The native disk format for KVM is QCOW2 which includes support for snapshots allowing multiple levels of snapshots, compression, and encryption.

Live migration

KVM supports live migration which provides the ability to move a running virtual machine between physical hosts with no interruption to service. Live migration is transparent to the user, the virtual machine remains powered on, network connections remain active, and user applications continues to run while the virtual machine is relocated to a new physical host.

In addition to live migration, KVM supports saving a virtual machine's current state to disk to allow it to be stored and resumed at a later time.

Device drivers

KVM supports hybrid virtualization where paravirtualized drivers are installed in the guest operating system to allow virtual machines to use an optimized I/O interface rather than emulated devices to deliver high performance I/O for network and block devices.

The KVM hypervisor uses the VirtIO standard developed by IBM and Red Hat in conjunction with the Linux community for paravirtualized drivers; it is a hypervisor-independent interface for building device drivers allowing the same set of device drivers to be used for multiple hypervisors, allowing for better guest interoperability.

VirtIO drivers are included in modern Linux kernels (later than 2.6.25), included in Red Hat Enterprise Linux 4.8+ and 5.3+, and available for Red Hat Enterprise Linux 3. Red Hat had developed VirtIO drivers for Microsoft Windows guests for optimized network and disk I/O that have been certified under Microsoft's Windows Hardware Quality Labs certification program (WHQL).

Performance and scalability

KVM also inherits the performance and scalability of Linux, supporting virtual machines with up to 16 virtual CPUs and 256GB RAM and host systems with 256 cores and over 1TB RAM. It can deliver

  • Up to 95 to 135 percent performance relative to bare metal for real-world enterprise workloads like SAP, Oracle, LAMP, and Microsoft Exchange.
  • More than 1 million messages per second and sub-200-microsecond latency in virtual machines running on a standard server.
  • The highest consolidation ratios with more than 600 virtual machines running enterprise workloads on a single server.

That means KVM allows even the most demanding application workloads to be virtualized.


Deploying virtualization

Deploying KVM is rather complex, full of individual configuration considerations, so for more information, please see Resources.


Managing your virtual machines

There are several virtual machine managers available including:

  • Univention Virtual Manager.
  • qemu/KVM: You can run directly from the command line in a KVM machine.
  • Virsh: A minimal shell for managing VMs.
  • Virtual Machine Manager: Also known as virt-manager, a desktop user interface for managing VMs.

Choosing KVM

On the pro side:

  • Although KVM is a relative newcomer to hypervisors, this lightweight module that comes with the mainline Linux kernel offers the simplicity of its implementation plus continued support of Linux heavyweights.
  • KVM is flexible; since the guest operating systems are communicating to a hypervisor that is integrated into the Linux kernel, they can address hardware directly in all cases without the need to modify the virtualized operating system. This makes KVM a faster solution for virtual machines.
  • Patches to the KVM are compatible with the Linux kernel. KVM is implemented in the Linux kernel itself; consequently, that makes it easier to control virtualization processes.

On the con side:

  • There are no sophisticated tools for the management of the KVM server and VMs.
  • KVM still needs to improve virtual network support, virtual storage support, enhanced security, high availability, fault tolerance, power management, HPC/real-time support, virtual CPU scalability, cross-vendor compatibility, VM portability, and build an established cloud services ecosystem.

Resources

Learn

Get products and technologies

Discuss

Comments

developerWorks: Sign in

Required fields are indicated with an asterisk (*).


Need an IBM ID?
Forgot your IBM ID?


Forgot your password?
Change your password

By clicking Submit, you agree to the developerWorks terms of use.

 


The first time you sign into developerWorks, a profile is created for you. Information in your profile (your name, country/region, and company name) is displayed to the public and will accompany any content you post, unless you opt to hide your company name. You may update your IBM account at any time.

All information submitted is secure.

Choose your display name



The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerWorks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

Required fields are indicated with an asterisk (*).

(Must be between 3 – 31 characters.)

By clicking Submit, you agree to the developerWorks terms of use.

 


All information submitted is secure.

Dig deeper into Cloud computing on developerWorks


  • Bluemix Developers Community

    Get samples, articles, product docs, and community resources to help build, deploy, and manage your cloud apps.

  • developerWorks Labs

    Experiment with new directions in software development.

  • DevOps Services

    Software development in the cloud. Register today to create a project.

  • Try SoftLayer Cloud

    Deploy public cloud instances in as few as 5 minutes. Try the SoftLayer public cloud instance for one month.

static.content.url=http://www.ibm.com/developerworks/js/artrating/
SITE_ID=1
Zone=Cloud computing
ArticleID=758484
ArticleTitle=Hypervisors, virtualization, and the cloud: Dive into the KVM hypervisor
publish-date=09232011