{"id":36254,"date":"2022-06-28T14:42:10","date_gmt":"2022-06-28T06:42:10","guid":{"rendered":"https:\/\/www.casbay.com\/blog\/?p=36254"},"modified":"2022-09-22T17:19:34","modified_gmt":"2022-09-22T09:19:34","slug":"dive-into-the-kvm-hypervisor","status":"publish","type":"post","link":"https:\/\/www.casbay.com\/blog\/vps-hosting\/dive-into-the-kvm-hypervisor","title":{"rendered":"Dive into the KVM hypervisor"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"KVM\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

The Kernel-based Virtual Machine (KVM)\u00a0could be a\u00a0full native virtualization solution for Linux on x86 hardware containing virtualization extensions (Intel VT or AMD-V). Limited support for paravirtualization\u00a0is additionally\u00a0available for Linux and Windows guests\u00a0within the\u00a0kind of\u00a0a paravirtual network driver.<\/p>

KVM is currently designed to interface with the kernel via a loadable kernel module. software system\u00a0versions supported include\u00a0a large\u00a0style of\u00a0guest operating systems like Linux, BSD, Solaris, Windows, Haiku, ReactOS, and AROS Research\u00a0package. A patched version of KVM (qemu)\u00a0is in a position\u00a0to run on Mac OS X.<\/p>

In the KVM architecture, the virtual machine is implemented as regular Linux process, scheduled by\u00a0the quality\u00a0Linux scheduler. In fact, each virtual CPU appears as\u00a0an everyday\u00a0Linux process.\u00a0this permits\u00a0KVM\u00a0to learn\u00a0from all the features of the Linux kernel.

Device emulation is handle by a modified version of qemu\u00a0that has\u00a0an emulated BIOS, PCI bus, USB bus, and\u00a0a typical\u00a0set of devices\u00a0like\u00a0IDE and SCSI disk controllers, network cards, etc.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

Security\u00a0<\/h2>

Since a virtual machine is implemented as a Linux process, it leverages\u00a0the quality\u00a0Linux security model\u00a0to supply\u00a0isolation and resource controls. The Linux kernel uses SELinux (Security-Enhanced Linux)\u00a0to feature\u00a0mandatory access controls, multi-level and multi-category security, and to handle policy enforcement. SELinux provides strict resource isolation and confinement for processes running\u00a0within the\u00a0Linux kernel.

The SVirt project \u2014 a community effort attempting to integrate Mandatory Access Control (MAC) security and Linux-based virtualization (KVM) \u2014 builds on SELinux\u00a0to supply\u00a0an infrastructure\u00a0to permit\u00a0an administrator to define policies for virtual machine isolation. Out of the box, SVirt ensures that a virtual machines resources\u00a0can not be\u00a0accessed by\u00a0the other\u00a0process (or virtual machine);\u00a0this will\u00a0be extended by the sysadmin to define fine-grained permissions;\u00a0for instance, to group virtual machines together to share resources.<\/p>

\u00a0<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

Memory\u00a0<\/h2>
KVM inherits powerful memory management features from Linux. The memory of a virtual machine is stored\u00a0the identical\u00a0as memory is for\u00a0the other\u00a0Linux process\u00a0and might\u00a0be swapped, backed by large pages for better performance, shared, or backed by a\u00a0computer file. NUMA support (Non-Uniform\u00a0access, memory design for multiprocessors) allows virtual machines to efficiently access large amounts of memory.

KVM supports\u00a0the most recent\u00a0memory virtualization features from CPU vendors with support for Intel’s Extended Page Table (EPT) and AMD’s Rapid Virtualization Indexing (RVI) to deliver reduced CPU utilization\u00a0and better\u00a0throughput.

Memory page sharing is supported through a kernel feature called Kernel Same-page Merging (KSM). KSM scans the memory\u00a0of every\u00a0virtual machine and where virtual machines have identical memory pages, KSM merges these into\u00a0one\u00a0page that it shares between the virtual machines, storing only\u00a0one\u00a0copy. If a guest attempts\u00a0to vary\u00a0this shared page,\u00a0it’ll\u00a0tend\u00a0its own private copy.<\/span><\/div><\/div><\/div><\/div><\/div><\/div>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

Storage<\/h2>

KVM\u00a0is ready\u00a0to use any storage supported by Linux to store virtual machine images, including local disks with IDE, SCSI and SATA, Network Attached Storage (NAS) including NFS and SAMBA\/CIFS, or SAN with support for iSCSI and Fibre Channel. Multipath I\/O\u00a0is also\u00a0wont to\u00a0improve storage throughput and\u00a0to produce\u00a0redundancy.<\/span><\/p>

Again, because KVM\u00a0is an element\u00a0of the Linux kernel, it can leverage a proven and reliable storage infrastructure with support from all leading storage vendors; its storage stack\u00a0contains a\u00a0proven record in production deployments.<\/p>

KVM also supports virtual machine images on shared file systems like the world filing system (GFS2) to permit virtual machine images to be shared between multiple hosts or shared using logical volumes. Disk images support thin provisioning allowing improved storage utilization by only allocating storage when it’s required by the virtual machine instead of allocating the whole storage upfront. The native disk format for KVM is QCOW2 which has support for snapshots allowing multiple levels of snapshots, compression, and encryption.<\/p><\/div><\/div><\/div><\/div><\/div><\/div>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

Choosing KVM\u00a0<\/h2>