====== Virtualization and Containers ======

----

{{https://d2f9gqwlnfnjcb.cloudfront.net/blog/wp-content/uploads/2015/09/12.jpg?400|Hypervisor Virtualization and Containers}}

===== Hypervisor Virtualization =====

  * Virtualization software on a host computer creates virtual hardware on which an OS file system image is installed and run (a guest OS).
    * The hypervisor (AKA "virtual machine monitor")
      * Software layer that mediates between virtual machines (VMs) and the underlying hardware on which they run.
      * Responsible for sharing system resources among the guest operating systems
      * Guest OSes are isolated from one another, and access the hardware exclusively through the hypervisor.
  * Full virtualization
    * Emulate an entire computer in software only
    * Guest OSes run unmodified on the simulated computer and don't "know" they are being virtualized.
    * Example: [[https://en.wikipedia.org/wiki/QEMU|QEMU]]
  * Paravirtualization
    * Guest OSes are modified to cooperate with a hypervisor, gaining performance benefits over full virtualization.
      * Modified guests "know" that they are running virtualized and cooperate actively with the hypervisor.
    * Example: [[https://en.wikipedia.org/wiki/Xen|Xen]]
  * Hardware-assisted virtualization
    * Intel and AMD CPUs contain features (Intel VT and AMD-V) that accelerate virtualization.
      * "accelerated virtualization"
      * Access to CPU virtualization instructions controlled by hypervisor
    * Guest OSes need not "know" that they are being virtualized to gain performance benefits.
    * Benefits both full- and paravirtualization
  * Type 1 vs Type 2 hypervisors
    * Type 1 hypervisors run directly on the hardware without a supporting OS.
      * "bare-metal" or native hypervisor
      * Examples: VMware ESXi, XenServer
    * Type 2 hypervisors are userspace applications that run on top of another general-purpose OS.
      * Examples: [[https://en.wikipedia.org/wiki/Kernel-based_Virtual_Machine|KVM]], QEMU, Workstation-oriented virtualization packages such as Oracle’s VirtualBox and VMware Workstation and Parallels

{{:cs471:hypervisors_types.png?400|Type 1 vs. Type 2 Hypervisors }}

----

===== Containers =====

  * or [[https://en.wikipedia.org/wiki/Operating-system-level_virtualization|operating-system-level virtualization]]
  * Containerization
    * Different approach to guest OS isolation that does not use a hypervisor
    * Relies on kernel features that isolate processes from the rest of the system.
    * Each process "container" or "jail" has a private root filesystem and process namespace.
    * Contained processes share the kernel and other services of the host OS, but they cannot access files or resources outside of their containers.
    * Containers do not require virtualization of the hardware
      * Low resource overhead
      * Most container implementations offer near-native performance.
      * Examples: Linux’s [[https://en.wikipedia.org/wiki/LXC|LXC]], [[https://en.wikipedia.org/wiki/Docker_(software)|Docker]] containers, and [[https://en.wikipedia.org/wiki/FreeBSD_jail|FreeBSD jails]]

{{:cs471:container_jails.png?200|Container Jails}}

----

===== Comparison of Virtual Machines and Containers =====

  * Book, Table 24.1: Comparing virtual machines with containers

{{:cs471:virtualization_containers.png?400|}}

----