Intel® Virtualization Technology (Intel® VT) enhances the reliability, supportability, security, and flexibility of software-only virtualization solutions. These silicon advances represent a quantum leap forward, removing overhead and supporting a variety of operating systems.

By Matt Gillespie

Intel Virtualization Technology is a set of silicon-based capabilities that enhance software-only virtualization solutions. These virtualization solutions allow multiple operating systems and associated applications to work in individual partitions simultaneously. Thus, a single physical system is able to function as a number of logical virtual systems. Intel's hardware technology (Intel Virtualization Technology) improves on existing software-only virtualization solutions by enhancing the reliability, supportability, security, and flexibility of virtualization solutions.

Intel works with leading virtual machine monitor (VMM) vendors to collaboratively ensure that hardware and software virtualization solutions work together optimally to power the next generation of customer solutions.

Virtualization software is available today from a number of providers, giving Intel® architecture-based servers capabilities that were previously available only on mainframes. Examples of the solutions available in this ecosystem include the following:

• VMware(EMC): ESX Server*, VMware Server*, VMware Player*, and VirtualCenter
• Microsoft: Virtual Server* and Virtual PC*
• Xen opensource community: Xen
• Virtual Iron: Virtual Iron*
• SW Soft: Virtuozzo*
• Parallels: Parallels Workstation*

Intel is actively working with software vendors to help this ecosystem develop. Intel and VMware are collaborating on several market acceleration and education initiatives, including educating and bringing the value of virtualization directly to IT managers through direct engagements and targeted materials. To help educate the market and drive virtualization ubiquity, the companies are also investing in the development of a comprehensive virtualization starter kit. The start kit contains fully featured products and the supporting resources required for new customers to start using virtualization.

Intel and Microsoft have also joined together to extend Intel Virtualization Technology to include support for mapping I/O devices to virtual machines on servers with a new specification called Intel® Virtualization Technology for Directed I/O (Intel® VTDIO). Part of the Intel VT family of technologies, Intel VTDIO helps improve the reliability, flexibility and performance of I/O in a virtualized environment. Microsoft has collaborated with Intel on development of the specification to help ensure it provides optimal functionality for users.

Intel platforms supporting Intel Virtualization Technology started shipping in 2005 for desktop, and early in 2006 for mobile platforms and Intel® Xeon® processor-based servers and workstations. Itanium®-based servers supporting Intel Virtualization Technology will start shipping later in 2006.

By operating a number of virtual machines on a single server, IT managers can consolidate various environments on a smaller number of machines than would otherwise be possible. For instance, many enterprises maintain dedicated legacy or otherwise non-standard environments for applications that are not compatible with the operating system in use by the majority of the enterprise. That requirement may require dedicated hardware, adding equipment and maintenance expense to often-strained operating budgets. Intel Virtualization Technology removes the requirement for such single-use hardware, enabling a more efficient use of resources. Likewise, virtualization can allow a dedicated failover partition to provide systems-redundancy without requiring additional hardware. Moreover, virtualization provides robust security support by allowing administrators to configure different security settings as needed on each container.

In the desktop space, Intel Virtualization Technology allows the configuration of separate builds for different uses on the same machine. For instance, IT departments could set up end-user systems with an isolated partition that performs upgrades and maintenance in the background. They might even set up separate work and personal environments on user machines, with different user permissions assigned to each environment with which to install software and otherwise control the system. Such configuration could, for example, isolate virus and spyware attacks from corporate resources while also increasing flexibility. It is similarly possible to run an Internet-connected partition under limited rights to protect against external attacks, while also running a separate virtual machine as Administrator, providing the ability to perform restricted tasks on the system.

While software-only virtualization solutions offer tremendous benefits to IT departments and end-users alike, they also have significant limitations. The 'guest' operating systems each communicate with the hardware largely through the VMM, which must arbitrate access for all of the virtual machines on the system. (Note, however, that much of the access to the processor and memory is independent of the VMM, and the VMM will only get involved when certain events happen, such as a page fault.) In a software-only virtualization solution, the VMM runs in the space in the software stack where the operating system would conventionally be, and the operating system runs in the space where applications would conventionally run.

This extra layer of communication requires binary translation to occur in order to emulate the hardware environment by providing interfaces to physical resources such as processors, memory, storage, graphics cards, and network adapters. That translation necessarily adds to system complexity. Moreover, support for guest operating systems is limited by the capabilities of virtual-machine environments, which hampers the deployment of certain technologies, such as 64-bit guest operating systems. The added complexity of the software stack under software-only solutions means that these environments are complex to administer, which adds to the difficu lty of assuring reliability and security in the systems.

Intel Virtualization Technology provides silicon-based functionality that works together with compatible VMM software to improve on software-only solutions. Because this virtualization hardware provides a new architecture upon which the operating system can run directly, it removes the need for binary translation. Thus, it eliminates associated performance overhead and vastly simplifies the design of the VMM, in turn allowing VMMs to be written to common standards and to be more robust.

These advantages increase supportability of the overall virtual-machine solution. VMMs running under Intel Virtualization Technology can be fully validated on the hardware, including certification that they execute directly using the architecture's full instruction set.

The range of operating systems supported by VMMs under Intel Virtualization Technology is broader than that available from software-only VMM solutions. For example, there is a lack of support for 64-bit guest operating systems under software-only VMMs, an increasingly significant shortcoming as the deployment of Itanium® processors and processors with Intel® Extended Memory 64 Technology (Intel® EM64T) continues to expand. Virtual-machine technology based on Intel Virtualization Technology will support 64-bit guest operating systems, in addition to supporting a wide range of legacy operating systems, including many Linux* distributions.

Intel Virtualization Technology provides the basis for a rich ecosystem of virtualization solutions that encompass both server and desktop environments. These hardware-assisted virtualization solutions extend the capabilities of powerful compute engines to handle multiple, disparate roles simultaneously. They provide headroom for the next generation of server consolidations and fail-safe operation, and they also provide heightened availability and security for desktop and mobile client platforms.

Readers who want a more technical overview of this technology will benefit from the Intel® Virtualization Technology Primer. This document examines the benefits provided by virtualization such as reliability, security, and manageability for information technology (IT) managers, and increased productivity for developers. It also explains how software-based virtualization products are enhanced by Intel Virtualization Technology.

The implementation of Intel Virtualization Technology on the desktop and on servers raises somewhat separate needs. The following resources provide theoretical and practical information about using virtualization to manage systems and applications:

• Look to the Intel® Virtualization Developer Community for the latest virtualization news and information.
• The Intel® Virtualization Technology web site provides in-depth information about the specifications and technologies associated with virtualization from Intel.
• Intel also has a separate Web site dedicated to Virtualization for the Desktop PC, which helps to outline steps that businesses can use to improve security and productivity using Intel Virtualization Technology.
• Finally, the Virtualization for Servers site provides guidance about how to achieve the full range of benefits from Intel Virtualization Technology on enterprise servers.