embeddded innovator

Maximize Performance in Virtualized Systems

Efficient Hardware Partitioning with Intel® Xeon® Processors

This post is also available in: Chinese (Simplified), Chinese (Traditional)

Virtualization can lower bill of materials (BOM) and operational costs by enabling consolidation of multiple application environments onto a single hardware platform. For example, virtualization can be used to consolidate multiple VPX or AdvancedTCA* (ATCA) blades onto a single blade, leading to a smaller, more efficient solution. However, virtualization presents a number of challenges, particularly when real-time responsiveness is required. To ensure that applications continue to operate as expected in a virtualized environment, architects need a platform optimized for virtualization – one that allows assignment of hardware resources to specific operating systems (OSs). Multi-core Intel® Xeon® processors offer features that help developers meet these goals. This paper explores issues to consider when consolidating workloads and offers solutions for resolving the challenges.

Basics of Virtualization
Many defense and aerospace systems use multiple OSs, each offering services uniquely hosted by that OS, which may be real-time, general-purpose, or homegrown. Traditionally each OS has been deployed on its own hardware. For example, each OS could be deployed on its own blade within a VPX or ATCA system. There are myriad development and debugging challenges that result from using multiple OSs, multiple processor boards, and disparate tool chains. These systems also pose operational challenges such as complicated upgrades and servicing. Embedded virtualization offers opportunities to streamline the development and operational processes by bringing these disparate environments onto a single hardware platform.

Figure 1 illustrates the basic mechanism of virtualization. As shown, virtualization introduces a new software layer known as a hypervisor below the OS level. The hypervisor enables operation of multiple virtual machines (VMs), each containing a guest OS and its associated applications, by presenting each guest OS with what appears to be a dedicated hardware platform. The hypervisor also manages the execution of guest OSs in much the same way that an OS manages the execution of applications.

Figure 1. Embedded hypervisors enable multiple OSs to run on the same hardware.

Device Access and Specification
In addition to streamlining development and operations, hardware consolidation can produce BOM and power savings through more efficient hardware utilization. Such benefits are clearly visible in the Enterprise IT domain where the number of physical servers can be greatly reduced by running multiple distinct and isolated workloads on a single physical server. This model requires complete virtualization of the underlying hardware and is acceptable due to the relaxed performance requirements of the workloads when compared to real-time embedded devices.

With embedded products, consolidation applies to combining the workloads of multiple system boards or multiple physical processors onto a single processor platform. Unlike enterprise or IT server workloads, embedded applications are tightly coupled to the underlying hardware. In order to maintain real-time responsiveness, for example, application access to physical devices must incur minimal latency. Embedded applications are also designed with implicit knowledge of the underlying physical devices and memory sizes and ranges, all of which must be maintained when adopting an embedded virtualization solution.

When selecting an embedded virtualization platform, careful consideration and attention must be paid to how the onboard devices are accessed and partitioned among the multiple operating environments, or VMs. Direct “bare-metal” access to certain devices, even on a virtualized platform, must be maintained in order for some applications to continue operating as expected. Developers also need the ability to specify which devices belong to which VM in such a manner that VMs do not detect devices that are outside of scope. It would be problematic for one VM to have access to a physical device on which another VM relies exclusively.

To support these requirements, Intel Xeon processors incorporate a hardware-assist technology called Intel® Virtualization Technology (Intel® VT). Intel® VT performs various virtualization tasks directly in hardware, reducing the footprint of the hypervisor and improving its performance and overall determinism. Specifically, Intel® Virtualization Technology (Intel® VT) for IA-32, Intel® 64, and Intel® Architecture (Intel® VT-x) speeds up the transfer of control between the hypervisor and the guest OSs. It uses hardware assist to trap and execute certain instructions for the guest OS. In addition to accelerating performance, Intel VT-x also enables the implementation of certain hypervisor security features.

Device access is also addressed with Intel® Virtualization Technology (Intel® VT) for Directed I/O (Intel® VT-d). Intel® VT-d adds hardware accelerators to the chipset that enable the hypervisor to securely assign specific I/O devices to specific guest OSs. This significantly reduces computational overhead. In the past, a hypervisor had to intervene in every I/O transaction. By taking the hypervisor out of the picture, Intel VT-d decreases the load on the processor and accelerates data movement (Figure 2). Intel VT-d also makes it possible to perform direct memory access (DMA) transfers between a device and specific guest memory, providing a significant performance boost for high-bandwidth applications. In addition, Intel VT-d enhances I/O security and availability because data intended for a specific device or VM cannot be accessed by any other hardware or VM.

(Click on image to enlarge)

Figure 2. In systems without Intel® VT-d (left), the hypervisor must be involved in every I/O transaction. With Intel® VT-d (right), VMs can access I/O without involving the hypervisor.

In order to gain these benefits, developers need a hypervisor that supports Intel VT, such as Wind River Hypervisor. The hypervisor must also support all of the OSs that will run on the consolidated system, and it must be optimized to provide real-time performance for each of the consolidated environments. For example, Wind River Hypervisor is performance-optimized for Wind River Linux and Wind River VxWorks, and it supports a number of other popular OSs such as Microsoft* Windows* XP and Microsoft* Windows* 7.

With the hardware and hypervisor in place, the discussion of consolidation can begin. As mentioned earlier, embedded applications present specific requirements and assumptions regarding the underlying hardware. These requirements and assumptions must be met in order for the applications to behave as expected on a virtualized platform. Ensuring that each operating environment has appropriate device access is particularly critical to obtaining correct operation.

By way of example, consider consolidating a Wind River VxWorks application alongside a Microsoft Windows 7 application. Figure 3 illustrates how the hardware could be partitioned so that the operating environments share access to most hardware, but Microsoft Windows 7 has exclusive access to the network and storage interfaces. This partitioning allows both operating environments to operate as intended while guarding access to critical resources to avoid conflicts.

Also note that Wind River Hypervisor enables partitioning of compute resources. In this scenario, Wind River VxWorks runs on a single core while Microsoft Windows 7 runs on two other cores. This partitioning illustrates the benefits of a multi-core architecture like the Intel Xeon processor, which can supply each operating environment with the compute resources needed to achieve real-time performance.

(Click on image to enlarge)

Figure 3. Devices may be shared or exclusive in a virtualized platform.

To present a device through the virtualization layer directly to a guest OS, the physical device’s registers are mapped into the guest’s memory space, rendering the device inaccessible to other VMs. A detailed article on device mapping using Wind River Hypervisor is available on the Intel® Embedded Community page. This article shows the power of a configurable hypervisor and the level of detail and control that the developer has over the system configuration. This level of configuration and control is necessary when consolidating multiple applications and OSs onto a single platform.

Benefits of Consolidation
As noted earlier, reducing the number of boards or processors in a system can produce substantial hardware component and power consumption savings. Components previously duplicated among the multiple processor boards can also be reduced. For example, duplicate sets of memory DIMMS, memory controllers or I/O hubs can be removed when multiple OSs are hosted on the same hardware platform. Consolidation can also simplify some aspects of the design processes. For example, inter-OS communication becomes a matter of passing messages within the same processor rather than the more complex scenario of communications between physically separate boards.

By reducing component counts, virtualization can also simplify procurement and support, particularly for larger multi-board products. For example, when large VPX or ATCA systems require additional processing or communication features, new boards must be inserted into the chassis in order to supply the new features. The delivery and manual insertion of these incremental processing boards is costly, error-prone, and requires the storage of stock boards in order to answer the increases in demand in a timely manner. Embedded virtualization allows system developers to re-architect systems in such a way that additional compute or communication applications can be added dynamically by instantiating VMs to host the applications. To further simplify the upgrade, these VMs can be instantiated remotely. The cost savings of eliminating the shipping and manual card insertion processes alone can be significant, let alone the value in having the ability to scale the processing power of an application almost instantly as demand dictates.

Other benefits that become apparent include the ability to add increased functionality to an embedded device without impacting existing applications. An example of this would be to add Microsoft Windows 7 as a new virtual machine to a device previously running only Wind River VxWorks. The benefit of doing so would include having the ability to write applications that leverage the enhanced human machine interface (HMI) of Microsoft Windows 7 for graphics applications. Similarly, another clear advantage of using Intel VT technology on Intel Xeon processors is the performance boost the hardware can provide over the legacy infrastructure. In some embedded scenarios where upgrades span multiple generations, there can be a significant boost in performance by moving to multi-core Intel Xeon processors.

Choosing the Right Platform
Embedded systems that are comprised of multiple boards bring with them development and operational challenges and inefficiencies that can be avoided with the adoption of embedded virtualization. Multi-core Intel Xeon processors with Intel VT offer a unique approach to consolidating application workloads and significantly reducing development and operational costs. Among other benefits, embedded virtualization can reduce replicated hardware components and significantly reduce power consumption. Product feature agility can be greatly increased as well.

Consolidating multiple OSs and applications onto a single processor board is not without challenge. Specific attention must be paid to how physical devices are presented to each OS in order for existing applications to continue to operate as designed on the new platform. An embedded virtualization solution that offers the designer the ability to explicitly partition physical devices among the multiple OSs is required in order for application consolidation to be successful. Each OS must be able to continue to interact with real-time external devices as designed, with no impact from other OSs. To meet these goals, developers should look for solutions like Wind River Hypervisor that take advantage of Intel VT.

To learn more about virtualizaiton for embedded devices, visit intel.com/go/embedded-virtualization

Wind River Systems is a wholly owned subsidiary of Intel Corporation and is an Associate member of the Intel® Embedded Alliance. As a world leader in embedded and mobile software, Wind River has been pioneering computing inside embedded devices since 1981. Its technology is found in more than 500 million products. Wind River is headquartered in Alameda, California, with offices in more than 15 countries.

Deep Packet Inspection (DPI) solutions for LTE must cope with exploding data capacity and increasingly complex packet inspection challenges. This article discusses how the latest Intel® Xeon® processors and specialized packet processing software deliver the necessary performance along with a scalable, flexible solution for the complex workloads involved.

To deal with growing traffic, the rise of new applications, and increasing attacks, today’s organizations seek multi-function security solutions that consolidate a full suite of networking and security functions in a single, highly-integrated platform. Here’s how developers can leverage Intel® Virtualization Technology to deliver such a solution.

This edition is sponsored by:
Intel Embedded Alliance
Learn more about the Intel®
Intelligent Systems Alliance

Copyright© 2012 Intel Corporation. Intel, the Intel logo, Intel Core, and Intel Atom
are trademarks of Intel Corporation in the U.S. and other countries. All other marks are property of their respective owners.

Intel Privacy Policy | Unsubscribe