️️ ️️ ️️ ️️ ️️
Avatar A personal blog about technical things I find useful. Also, random ramblings and rants...

Emulation, Simulation and Virtualization

Various techniques of virtualization explained

image

Emulation, Simulation and virtualization

The problem:

The early computers had a variety of processor architectures. The result was the assembly code generated by programs for these computers was different and hence the software had to be designed for a particular architecture.

Higher-level languages were introduced for the rapid development of programs.

Emulation:

It is a process of executing code intended to be used on a different architecture. This can be achieved in two ways. In High-level emulation, an application looks at the overall instructions and approximates them with pre-defined functions. The result could be however inaccurate.

The second way is using a low-level emulation under which the different sets of instructions, memory management, and CPU are converted into identical instructions the performant CPU can understand and execute. This technique is fairly accurate but resource intensive.

It is primarily used to run old software and games on new hardware.

Simulation:

This concept is older than emulation. During WW2, vacuum tubes would be used to estimate the trajectories of artilleries and bombers. IBM in the 1960s used to run multiple applications on a single mainframe by using the partitioning technique. Later on, Sun Microsystems came up with Java which allowed a program once written to be able to execute on any machine. This was achieved by introducing “intermediary code” called bytecode which uses java runtime to execute on a different architecture. This is known as process-level virtualization In the late 1990s, actual hardware could be virtualized by using VMware software also known as a hypervisor. The OS running on it was called guest OS.

Virtualization can be categorized broadly into these categories

Virtual Machine based

This type of virtualization virtualizes the complete OS. The VM is provided with virtual devices, virtual NIC, virtual disks, and virtual CPUs. In short, the entire ISA(Instruction set architecture) is virtualized. The software used to achieve this virtualization is called the hypervisor. It is composed of two parts:

Virtual Machine Monitor(VMM): Used for trapping and emulating the privileged instruction set that only OS can perform Device Model: Virtualizes I/O devices

Container-based virtualization

This form of virtualization doesn’t abstract the hardware but uses techniques within the Linux kernel to “isolate access paths” for different resources. It carves out logical boundaries within the same operating systems.

Unikernels:

Lightweight single-purpose immutable OS. These are high on performance but the development is complex as the device drivers, OS libraries along with the application need to be assembled with no major ecosystem available to support the developers. Docker acquired Unikernel Systems in 2016 and nothing has come out of it yet

MicroVM:

MicroVMs are a type of virtualization technology that provide the benefits of both virtual machines (VMs) and containers. They offer the security and workload isolation of VMs, allowing multiple applications to run securely on the same system, while also preserving the speed, resource efficiency, and ease of use of containers. MicroVMs use lightweight virtualization to provide a small and isolated environment for each application, resulting in improved security, reduced resource consumption, and greater flexibility for deployment and management. Example: AWS Firecracker

Isolates(Chrome/Cloudflare worker/serverless approach):

V8 Isolates in WebAssembly allow for lightweight and efficient execution of code in separate contexts within a single process. This enables fast startup times and low memory consumption, making it suitable for running on the edge. However, running multiple isolates in the same process can pose security risks and it’s recommended to avoid doing so for security reasons. Each isolate should have its own isolated environment to minimize the potential impact of security vulnerabilities. Example Cloudflare workers.

Web Assembly:

WebAssembly (Wasm) is a binary format for executable code on the web. It is designed to be fast, portable, and secure, allowing code written in different languages to run in the browser or any other environment that supports Wasm. Wasm code is compiled to a binary format that is optimized for performance and can run at near-native speeds, providing a safe and efficient way to execute code in the browser. It is something in between Isolates and microVM. Faster than VMs and similarly secure.

Conclusion:

The container technology lacks security which can be addressed by e-BPF-based tooling. It depends on the business problem being solved to choose the right virtualization technology. Container technology looks promising and VM is not going anywhere for huge loads, getting exposed to web assembly would be a great idea.

Further reading:

  • Linux Containers and Virtualization by Shashank Mohan Jain
  • https://notes.crmarsh.com/isolates-microvms-and-webassembly
  • https://mobycast.fm/the-future-of-containers-whats-next

Photo by Liz Pullan Pattathy on Unsplash

all tags