Brian Gammage pulls no punches when he assesses the importance of hardware-assisted virtualisation: "This is the most significant architectural change we've seen in the x86 processor in 25 years," says Gammage, Gartner's lead analyst on PC virtualisation.
Even Intel and Advanced Micro Devices haven't explained adequately how significantly the technology affects server virtualisation, he adds.
Server virtualisation is a watershed IT technology because it lets a single physical computer run multiple operating systems, vastly increasing rates of CPU use. But server virtualisation also is a highly complex process, and many vendors over the years have been stymied in their attempts to create good virtual machine software. VMware, on the other hand, figured out how to build a binary translator that scans the issue of privilege-instructions processors to operating systems and rewrites the ones that can't be virtualised.
Essentially, VMware's early virtualisation software tricked the operating system, Gammage says. Earlier processors contain four privilege levels, which create security boundaries - they're like one-way doors, he says. A process running in Ring 1 had to ask Ring 0 for permission to access objects to which Ring 1 normally wouldn't have access. Under this setup, virtualisation software "fools" an operating system into thinking it's running at Ring 0 - the most privileged ring - when it's really not.
Hardware-assisted virtualisation changes all this by doubling the number of a processor's privilege levels. If the chip has a greater number of privilege levels, modifying the operating system becomes unnecessary, Gammage says.
Supporting virtualisation at the chip level greatly reduces the amount of virtual-machine code needed, in part because routine operations now are handled in hardware. As XenSource CTO Simon Crosby says, "The more features in the hardware, the more code we can throw away."
Indeed, hardware-assisted virtualisation gives second-tier virtualisation vendors an opportunity to catch up to VMware, which established a clear lead over competitors by developing workarounds to many hardware limitations, says Frank Gillett, an analyst with Forrester Research.
XenSource, which sells products related to the Xen open source hypervisor, is among VMware competitors benefiting from hardware-assisted virtualisation, as is Virtual Iron.
Previously, Virtual Iron supported Linux because it could be rewritten to its purposes, says Alex Vasilevsky, the company's CTO. Now, without the need for modifications, it can support Windows, too, he says.
Virtual Iron now runs 12 to 15 virtual machines per processor, and future enhancements to hardware and software will expand that number. Planned improvements from Intel and AMD will raise the number of cores in multicore CPUs, and add input/output memory-management-unit virtualisation, which maps virtual addresses to physical addresses. "The goal is running 50 or 60 virtual machines on one CPU processor," Vasilevsky says.
As for VMware, Gillett says, the vendor "will be able to take code out, and performance will increase."
With hypervisors easier to build, customers have more options. Robert Wicks, senior AIX/Linux systems administrator at Rollins, an Atlanta-based pest-control company, speaks to that fact firsthand. VMware's ESX Server was the only real choice for Windows virtualisation before hardware assists became available, Wicks says, noting that in 2003 Rollins bought a VMware licence for one server that cost about $5,000.
But now Rollins uses XenSource virtualisation on Intel VT-enabled processors for $99 per server and may move to the more robust enterprise edition for $750 per server, Wicks says. With 25 XenSource licences, the business is expanding its use of virtualisation rapidly. Rollins no longer uses the original, fee-based VMware licence, but does use a free version with fewer functions.
XenSource has "allowed us to spin up some new environments very quickly. We're definitely considering Xen on just about every new rollout of hardware," Wicks says.
Jim Ni, Microsoft group product manager for Windows Server marketing, points to the free version of Virtual Server, which already takes advantage of hardware assists from Intel and AMD, and touts the impact hardware-assisted virtualisation is having on security.
"You get significantly greater security and isolation across each virtual machine, so each machine actually is its own entity, has its own IP address, own [media access control] address, even," he says.
Of course, the new Intel and AMD technology is not without its detractors. Computer security researcher Joanna Rutkowska says virtualisation at the chip level is "very immature as of today," and offers no practical and effective means of preventing and detecting attacks from malware that uses the vendors' hardware-assisted virtualisation technology to take control of an operating system. The hardware upgrades Intel and AMD plan to implement by next year, however, should provide a workable solution to this problem, she adds.
Indeed, Intel has a five-year development plan in place, says Steve Grobman, director of Intel's business-client architecture. "It's not going to be something that just ends."