Sims: So, why didn't anyone do this before? How did you come upon it, or how did the development process go?
Rosenblum: Well, you know, to tell you truth, this idea of virtual machine monitor was very popular in the 1970s, even back to the 60s. And, what it was used for was on IBM mainframes, which are very, very expensive pieces of hardware you can run multiple -- you can have one mainframe and have a bunch of different environments like a production environment and a development environment all running on the same piece of hardware since computers were scarce at the time.
|"People stopped building hardware that was capable of being easily virtualized. ... So, we had to invent some new techniques to actually bring back virtual machines."|
And, what happened was, the techniques fell out of disuse, and one of the reasons they disappeared completely is people stopped building hardware that was capable of being easily virtualized. And in fact, there's this whole research literature on how to build machines that you can do virtual machine monitors, and most of the machines today aren't built to those specifications.
So, we had to invent some new techniques to actually bring back virtual machines. Before we started to announce and shipped our products, you ask any computer scientist, they would say it's impossible to do what we did. And the reason it's impossible is all the new techniques for virtualization don't work on the x86 PC. So we developed some new ones that allowed us to basically do the same sort of abstraction, you know, of a virtual machine.
Sims: You said that the hardware isn't being built that could accommodate those kinds of virtual machines. Can you touch a little on what the differences are that didn't allow that?
Rosenblum: The basic trick that was used in the 70s was that you take the operating system environment and run it at a higher privilege level. You run it at user level or something like that, and then you run the virtual machine monitor in the privilege level.
And the hope is if the operating system you're running the virtual machine on tries to do any privileged operation, like access an IO device or change the memory mapping hardware on the machine, it will actually trap down into the virtual machine monitor which then emulates the operation and then returns back to the virtual machine.
This only works if your hardware is set up so all the privilege operations trap, and also any queries to what kind of state you're running into also trap or return, whatever the answer the virtual machine wants. And that's exactly what a virtualizable hardware meant or used to mean. Unfortunately, the x86 architecture doesn't have that. When they designed it, they didn't see any need of having instructions that have different semantics when they're run in the operating system than when on the user level, but you still don't trap.
So, the classic example is, on the x86 is instructions for like manipulating the flag registers end up doing something very different if you run them at user level than if you run them in the proposed privileged mode. So if you just took the standard trick and took a PC operating system that ran at user level, it wouldn't trap but it also wouldn't run correctly either.
Sims: Is this sort of, in some ways I'm wondering if it was replaced by multitasking? I mean in the sense you are running multiple processes at once, you're just running them within a single machine rather than virtual machines.
Rosenblum: Yeah. So, there are actually a lot of analogies you can think of. What a virtual machine monitor is is a multi-tasking operating system that the processes look just like the hardware the underlying machine is running on, so that you can just install another copy of the operating system. It's totally happy since it thinks it's running on the real hardware. You know, most of the time, most multitasking operating systems have a much higher level abstraction like processes and styles and things like that and that's very different than what the hardware abstractions look like.
Sims: One other question I had, and you sort of touched on this when you talked about uses, but are there people who are using it in ways that you hadn't planned and has that shaped how you think about the technology going forward?
|"As soon as we got it out there, we had people writing in and saying, I'm using it in this way, and it was totally different than any of the scenarios that we had before."|
Rosenblum: One of the things I think I personally have found most satisfying about this is, when we developed it, we had certain applications we thought this would be a very good solution for. And obviously when we first came up on the Web site we listed here are some uses of the technology. And as soon as we got it out there, we immediately had people writing in and saying here I'm using it in this way and it was totally different than any of the scenarios that we had before.
That's been, at least for the engineers here and the people that developed the technology, it's so neat to see your stuff used and solve problems that you hadn't even envisioned or didn't know they existed.