thumb|upright=1.35|[[virt-manager running the Haiku operating system in a window]]

In computing, a virtual machine (VM) is the virtualization or emulation of a computer system. Virtual machines are based on computer architectures and provide the functionality of a physical computer. Their implementations may involve specialized hardware, software, or a combination of the two.

Virtual machines differ and are organized by their function, shown here:

  • System virtual machines (also called full virtualization VMs, or SysVMs) provide a substitute for a real machine. They provide the functionality needed to execute entire operating systems. A hypervisor uses native execution to share and manage hardware, allowing for multiple environments that are isolated from one another yet exist on the same physical machine. Modern hypervisors use hardware-assisted virtualization, with virtualization-specific hardware features on the host CPUs providing assistance to hypervisors.
  • Process virtual machines are designed to execute computer programs in a platform-independent environment.

Some virtual machine emulators, such as QEMU and video game console emulators, are designed to also emulate (or "virtually imitate") different system architectures, thus allowing execution of software applications and operating systems written for another CPU or architecture. OS-level virtualization allows the resources of a computer to be partitioned via the kernel. The terms are not universally interchangeable.

Definitions

System virtual machines

A 'virtual machine' was originally defined by Popek and Goldberg as "an efficient, isolated duplicate of a real computer machine."

In 2005 and 2006, Intel and AMD provided additional hardware to support virtualization. Sun Microsystems (acquired by Oracle Corporation) added similar features in their UltraSPARC T-Series processors in 2005. Examples of virtualization platforms adapted to such hardware include KVM, VMware Workstation, VMware Fusion, Hyper-V, Windows Virtual PC, Xen, Parallels Desktop for Mac, Oracle VM Server for SPARC, VirtualBox and Parallels Workstation.

In 2006, first-generation 32- and 64-bit x86 hardware support was found to rarely offer performance advantages over software virtualization.

Virtual machines frequently use virtual disks for their storage; in a very simple example, a 10-gigabyte hard disk drive is simulated with a 10-gigabyte flat file. Any requests by the VM for a location on its physical disk are transparently translated into an operation on the corresponding file. Once such a translation layer is present, however, it is possible to intercept the operations and send them to different files, depending on various criteria. Every time a snapshot is taken, a new file is created, and used as an overlay for its predecessors. New data is written to the topmost overlay; reading existing data, however, needs the overlay hierarchy to be scanned, resulting in accessing the most recent version. Thus, the entire stack of snapshots is virtually a single coherent disk; in that sense, creating snapshots works similarly to the incremental backup technique.

Other components of a virtual machine can also be included in a snapshot, such as the contents of its random-access memory (RAM), BIOS settings, or its configuration settings. "Save state" feature in video game console emulators is an example of such snapshots.

Restoring a snapshot consists of discarding or disregarding all overlay layers that are added after that snapshot, and directing all new changes to a new overlay.

Migration

The snapshots described above can be moved to another host machine with its own hypervisor; when the VM is temporarily stopped, snapshotted, moved, and then resumed on the new host, this is known as migration. If the older snapshots are kept in sync regularly, this operation can be quite fast, and allow the VM to provide uninterrupted service while its prior physical host is, for example, taken down for physical maintenance.

Failover

Similar to the migration mechanism described above, failover allows the VM to continue operations if the host fails. Generally it occurs if the migration has stopped working. However, in this case, the VM continues operation from the last-known coherent state, rather than the current state, based on whatever materials the backup server was last provided with.

Nested virtualization

Nested virtualization refers to the ability of running a virtual machine within another, having this general concept extendable to an arbitrary depth. In other words, nested virtualization refers to running one or more hypervisors inside another hypervisor. The nature of a nested guest virtual machine does not need to be homogeneous with its host virtual machine; for example, application virtualization can be deployed within a virtual machine created by using hardware virtualization.

Nested virtualization becomes more necessary as widespread operating systems gain built-in hypervisor functionality, which in a virtualized environment can be used only if the surrounding hypervisor supports nested virtualization; for example, Windows 7 is capable of running Windows XP applications inside a built-in virtual machine. Furthermore, moving already existing virtualized environments into a cloud, following the Infrastructure as a Service (IaaS) approach, is much more complicated if the destination IaaS platform does not support nested virtualization.

The way nested virtualization can be implemented on a particular computer architecture depends on supported hardware-assisted virtualization capabilities. If a particular architecture does not provide hardware support required for nested virtualization, various software techniques are employed to enable it.

Security

right|500px|thumb|[[Qubes OS Architecture Design Diagram shows how compromise of Firefox or Thunderbird (in AppVM 1) could not lead to compromise of the user's KeePass password manager (in AppVM 2), due to design using distinct VMs to obtain a compartmentalization architecture]]

Virtual machines are frequently used to isolate applications from one another for security.

This architectural design (used by Qubes OS, Whonix, KickSecure, and Dangerzone) can prevent the spread of malware from one compromised system (e.g. an email client opening an infected document) to another system (e.g. a password manager).

See also

  • Amazon Machine Image
  • Desktop virtualization
  • Linux containers
  • Native development kit
  • Paravirtualization
  • Storage hypervisor
  • Universal Turing machine
  • Virtual appliance
  • Virtual backup appliance
  • Virtual disk image
  • Virtual DOS machine (VDM)
  • Virtual machine escape
  • Virtual private server

References

Further reading

  • James E. Smith, Ravi Nair, Virtual Machines: Versatile Platforms For Systems And Processes, Morgan Kaufmann, May 2005, , 656 pages (covers both process and system virtual machines)
  • Craig, Iain D. Virtual Machines. Springer, 2006, , 269 pages (covers only process virtual machines)
  • Sandia National Laboratories Runs 1 Million Linux Kernels as Virtual Machines
  • The design of the Inferno virtual machine by Phil Winterbottom and Rob Pike