Linux Virtualization Part 3: Multiple Operating Systems, Foreign Hardware

Last week I gave you an overview of the spectrum of Linux virtualization technologies, and earlier this week we went deeper with Linux Containers (or LXC) and Docker. Those are adequate solutions for many situations, but what about these:

• You need to run a different Linux kernel on the virtual machine. The host OS runs the 3.10.0 release standard on RHEL 7, but you want to test an earlier kernel for legacy reasons, or run a newer kernel to take advantage of added features.
• You need to run a different operating system: Management requires you to run Windows applications on Windows for some tasks.
• You want to use virtualization but you need to run a different architecture: You are developing embedded systems that will use an ARM architecture but you want to do the work on existing x86-64 platforms.
• You have strict compartmentalization requirements: Data stored on the file systems of the virtualized machine must not be readable from the host OS.
  • To some extent, this is possible if you use encrypted file systems on the virtualized servers. On the host OS you will see that the files containing their disk images are filled with ciphertext.
  • The exploit would be to open /dev/kmem with a debugger on the host OS and search for memory pages of the qemu-kvm processes containing memory pages of the kernel and processes running on the virtual machine. root on the host gets you to the virtual machine. If this really matters to you, it’s time to buy dedicated hardware!

We show you how to do the first three of those in Learning Tree’s new course on Linux virtualization. What is involved?

KVM and QEMU

There are several ways of achieving those goals, but KVM and QEMU make a nice combination. KVM or Kernel-based Virtual Machine is a set of modules within the Linux kernel. Since it’s running in the kernel, right on top of the hardware, this makes it fast. For acceptable performance you will need hardware acceleration support. Recent Intel and AMD processes will have this support, but you may need to go into your firmware and enable it.

QEMU or the Quick Emulator is the collection of user-space tools to manipulate, control, and monitor virtual machines running on top of the OS. Unlike KVM, QEMU is not Linux-specific. I have used it to run Windows as a virtual machine on an OpenBSD laptop, but without the underlying support in the kernel the performance is pretty poor.

x86-64 on x86-64

If you run Linux or Windows on x86-64 on top of Linux/x86-64 in the obvious and straightforward way, you don’t even notice that you are using QEMU and KVM. You simply define a new virtual machine, point its storage at an empty disk image file, and tell it that its CD/DVD drive is an ISO image of Linux or Windows install media. Or, you can tell it that its disk is an image file you already created, possibly in VMware or another virtualization product.

Virtualizing the Architecture

When you virtualize the architecture, providing an ARM (or SPARC, or MIPS, or M68k, or …) processor to the virtual machine, you realize that QEMU is involved as you have to install and run the appropriate qemu-system-* command to simulate the processor.

Linux virtualization beyond chroot is configured through XML files. The XML definition of a container or virtual machine also specifies how many Ethernet interfaces of which chipsets and MAC addresses, and how they are connected to virtual networks. Plus connections to the host’s USB ports, sound interface, and more. If you are familiar with VMware, this is like the whatever.vmx file.

Tie It Together On A Friendly Graphical Console

We show you how to manipulate the XML directly in Learning Tree’s course on Linux virtualization, so you can always get a virtual machine defined.

But once it’s defined, you can tie it and all these other virtualization technologies together in one easy-to-use interface. Check back next time for that!