What does Intel Virtualization Technology do

What do CPUs with virtualization extension bring for the virtualization software?

Bertram Woehrmann

Before the x86 / x64 processors from AMD and Intel supported virtualization, certain privileged requests ("Ring0" requests) by the guest operating system to the CPU had to be intercepted and manipulated by the virtualization layer in order to avoid disruptions to the overall system. The background: x86 systems were originally only intended for the operation of ONE active operating system and therefore only expected Ring0 requests from an operating system.

VMware was the first provider to circumvent this problem by intercepting and redirecting these requests via the virtualization layer and continues to use this method in the VMware ESX Hypervisor product to this day. Xen initially used paravirtualization as an antidote, but is therefore dependent on adaptable operating system sources.

Thanks to the new functions in AMD and Intel processors, the CPUs are now able to handle privileged requests from several operating systems that are active at the same time. In the meantime, the products of all well-known manufacturers can only be installed with usable virtualization functions of the processors.

Can virtual machines (VMs) interfere with each other?

For security reasons, virtualization only makes sense where virtual machines (VMs) are isolated from each other and from the host system. Unintentional data access must be prevented and errors or the crash of a guest must not lead to the failure of other guests.

How can VMs be restored?

By using "snapshots" it is possible to freeze system statuses within a few seconds in order to back them up or to return to them. If, for example, an important update is made to the guest application, the guest system can be reset to its original state at any time using a previously created snapshot. However, snapshots are not a permanent data backup. All changes to the guest that are made after a snapshot are written to a separate file. This can also be larger than the actual hard disk file, because all changes are recorded. This can then lead to the LUN on which the VM is located running full and the operation of all VMs on the disk is disrupted.

A data backup itself can be done with classic means via an agent in the guest. Alternatively, there are solutions that can access the host's file system directly or agents are used in the host system.