Quoting from Techworld:
With hardware virtualisation shortly to become part of Intel processors’ feature set, we asked Alan Priestley, Intel’s European marketing manager, to explain what the new technology consists of and how it works. We started by asking him to justify the technology.
Q: How many people are staying with a single box per application, rather than consolidate? You must have some idea if you bothered to build it into the CPU. After all, it’s not free, it uses some of your transistor budget.
A: I don’t know what the mix will be. We have a generous transistor budget at the moment, it doesn’t significantly impact that.
There are still people out there today deploying thousands of DP servers as opposed to scaling up and going on to four or eight-way servers, and there will always be different theories or rationalisations about what processing model to deploy. Is it a big SMP box, is it a Superdome or at the other extreme, thousands of DP servers like Google? There’ll always be things in between. And we wanted to build a platform that’s general purpose that’s not specific to one segment, so VT [Virtual Technology] is there if you want it.
But there’s a lot of people who want to virtualise. They’re using VMware and Virtual Server and so on, Intel’s VT increases the reliability of virtualisation, an increased robustness, it doesn’t remove the need for software like VMware.
Q: How does it work?
A: OSes that have been virtualised run as if they owned the whole system. We have to change the protection model. Right now, they think they’re running at ring zero [which gives the OS total access to and control over the hardware] but they’re actually running at ring 1. The OS executes instructions that are ring zero instructions and then you’ve got to trap them. So there’s a risk in terms of doing it and it limits some IT departments’ desire to use virtualisation, because it’s only in software, not like the old mainframe days when it was hard-wired.
Putting VT in gives us increased robustness because we move the virtual machine monitor (VMM) down another layer, or ring. It means the OS runs where it should do and the VMM sits underneath it. So that gives a benefit in terms of stability, which will probably increase the uptake on it.
We’ve published the programming instructions for ISVs and it’s basically a set of instructions that allows you to switch context. Once you’re in the privileged ring, you use that set of instructions. Ring zero is where the OS sits normally and it’s allowed to access the hardware directly. Today the place where the VMM sits is at ring -1, under ring zero.
Q: What’s the significance of ring -1?
A: Today when you run VMware, it has to push the OS up so it runs at ring 1 so it can run at ring zero and have total control. The problem then is that the OS doesn’t realise that it’s at ring 1 and you have to trap and emulate those ring zero instructions. This has performance costs and stability risks. By putting the VMM underneath, we’re letting the OS have total control but then when we want to switch context, given that you’re in a multi-tasking environment, that VMM can cut in.
It has instructions that saves the context state because one of the things that impacts performance is saving the complete machine state so you can make that switch to the other instance, and that’s now hardware assisted. So we’ve got new instructions that enable you to get into that state and manage the virtual machine.
Q: Is there a set of virtual stacks that you save the machine state to?
A: The stack’s not saved in hardware, you have to flush the stack. It’s a bit like when you enter the system management mode. You flush out a set of registers — the processor context — and the chances are that there’s more context in the processor than the normal instruction set can save because of some of the state of the machines.
But it doesn’t save it into the processor — it’s not like the Itanium register stack engine where you’ve got these 228 registers which set up as general purpose registers and flip between them. It has to maintain the programming model that we have and know. You’ve got be able to run NT3, virtualised.
Q: Or a DOS box?
A: Exactly.