 Alrighty, welcome back to Operating Systems. So, this lecture yet not on the final, but comes full circle and it's kind of like review. So we started with the virtual machine, didn't know what the hell it did or why we did it, and now we can finally, finally, finally explain what a virtual machine is and what it does. So, we know virtual memory now. Everyone loves virtual memory. So, virtual memory was just fooling processes and thinking it has access to all the memory when really the kernel is controlling actual physical memory. So, you can extend that to an entire machine. So, you can virtualize an entire machine and just like memory, the goal is that multiple operating systems all think they have control over the machine when really there's something else behind the scenes that is controlling access to the hardware and not the kernel itself. So, with virtual machines, there's some terminology. One is called the host and the host is the thing that has direct control over the hardware. So, the hypervisor or virtual machine manager, they mean the same thing. They control virtual machines, so they control creating virtual machines, managing them and isolating them. So, picking which hardware a virtual machine is able to access and which ones it is not able to access. So, there's two kinds of hypervisors, a type one and a type two. A type one hypervisor is also called a bare metal hypervisor and it runs directly on the host hardware and it requires special hardware support because the virtual machine, the kernel and the virtual machine is actually going to execute in kernel mode. So, turns out the kernel mode is not the most privileged instruction set, which we kind of saw at the beginning. There's something even more privileged than that if you have proper hardware support. If you have a type two hypervisor, that means it simulates what goes on with kernel mode. Your virtual machine and that kernel actually runs in user mode instead of kernel mode. So, you essentially or the hypervisor in this case has to simulate all the things that would happen in kernel mode to create the illusion that you're actually running in kernel mode when you're actually not. So, type two, generally no one uses these anymore because we have hardware support now. Everything you will have done in this course probably runs on a type one hypervisor. So, the guest is the operating system that is running on the virtual machine and it sees its own virtual copy of the host. Yep, yep, yep. Basically, if you want to know, so if you compare what CPU mode the guest kernel is running in, in type one it's actually running in kernel mode and then in type two it's running in user mode. And we will explore that, why that is today. So, on the left here is what we have in this course and it's also kind of review. So, we had hardware at the bottom and then we had the kernel as the only thing that controls hardware because, well, there's kernel mode instructions that allow it to access the hardware and while there would be also special memory locations that map to hardware as well that it can access. And then on top of kernel mode, there is user mode and that's where all the processes are implemented. So, as quick review, what is this programming interface called between the kernel and processes? Remember what that's called? It should be like that for this course. The system, the system call interface. Yeah, so the system call interface, do we remember how to monitor all the system calls? What the little command is? Strace, there, there's anything you take away from this course, it should be that. If any bad thing happens, Strace it, you can figure out what it's actually doing. So, that's what we have on the left and on the right is what happens once we bring virtual machines into the picture. So, the hardware is still at the bottom, there's still a physical machine that is executing all the instructions and then on top of that is the virtual machine manager or the hypervisor and then that is the only thing that can go ahead and directly access hardware. And then on top of the hypervisor, it would create the virtual machine, so that's like a subset of the hardware and then on top of each virtual machine, there would be a kernel running on top of that, so this could be Linux, Windows and macOS and then each of those kernels would be managing their own processes. So, the hypervisor manages virtual machines, then the virtual machines manage their own processes. So, a note here too that virtual machines are not emulation, so emulation is typically when you have one instruction set architecture or some machine code and you need to translate it to another one. So, like for example, x86 to ARM or something like that is emulation or another word from emulation is just simulating. You don't actually have that instruction on your CPU, so you just have to simulate what it's doing. So, generally when we are virtualizing things, the guest operating system executes instructions directly on the same CPU using the same instruction set architecture, otherwise it would have to translate it or emulate it, which is really slow. So, that's why if you had x86, you downloaded an x86 virtual machine. If you had a newer ARM processor, like a newer M-Series MacBook or something like that, you downloaded an ARM64 virtual machine so it matched the actual hardware on your machine. So, sometimes it's okay to emulate, like for example, like an old Nintendo emulator, you don't need to actually support those instructions because it's an 8-bit CPU that runs at one megahertz and it's really simple, doesn't even have that many instructions. So, you could write a Nintendo emulator yourself, like in the summer, like I did one summer when I was bored and didn't wanna do my grad school work. So, I guess that's what I do for fun. So, virtual machine, it could use emulation to run it on a different architecture, but your performance is going to be bad and virtual machines are not emulation. So, nice thing virtual machines can do is enable like pause and play, so much like our kernel can just pause a process, a hypervisor can pause an entire virtual machine. So, the hypervisor could also contact switch between virtual machines, saves the state, restores it later. It would just have more state than we have for processes because you have to keep track of more things or keeping track of the entire machine, not just whatever a process can access in user mode. But the principles are the same, you can save it state, restore it later. Unlike with processes that you can take a process, save it state and then restore it on a different CPU core, while with virtual machines they're a bit more flexible. You can save it state and restore it on a different physical machine if you want, because, well, if you have all the information saved, it doesn't actually matter what machine it runs on. So, you can move it around exactly like a process. It could move different CPU cores on your machine. It could also move different machines if you so desire. It might be somewhat slow, but you can actually do that. So, other things they let you do is provide some protection through some isolation. So, like the guest will be isolated from each other and the host, the hypervisor can also set limits. So, it can set limits on CPU time, memory, network bandwidth, and that way if one of your operating systems gets hacked or for some, yeah, it gets hacked or something, while it can't bring down your whole physical machine because it's isolated, even if it has a fork bomb or something, while maybe it only gets like half of the CPU core, so you can use the other ones to shut it down, and maybe it doesn't even have network access. So, like, if it gets hacked, you roll it back to backup, restore it from a known good state, or you can just delete it and get rid of it and start a new one. So, with this, yeah, you could even install North Korea's operating system. So, their operating system is what's called Red Star OS, and if you want, you could install it directly on your hardware, probably not a good idea. So, you should probably install a virtual machine that probably doesn't have access to the network. So, then you can see what North Korea's up to without it actually breaking anything or sending data back to North Korea. Yeah. Yeah, yeah, penetration testers and malware people will use virtual machines all the time. They'll isolate it, install a bunch of viruses on there, just let them duke it out. Yeah, if there's no network connection, if the virtual machine's isolated, then it won't affect anything else, right? So, the hypervisor is still ultimately in control of the hardware, so you can just kill the virtual machine whenever you want. So, they'll just have a completely isolated virtual machine, no network connection, no anything, bunch of limits on it, install some viruses on it, and see what happens. Yeah, yeah, the host generally is the hypervisor. All right, so, but yeah, that depends. So, what virtual machines also help is with consolidation. So, in data centers, well, you have lots of servers running and you have multiple machines and balancing between the machines manually is pretty much impossible. So, what they do, yeah, it might not even be possible because some servers do different things. They share the same hardware, but sometimes you outscale it and then you need to move it and it's just a pain in the butt. So, what Amazon, Microsoft, Google will do is they'll have everything in a virtual machine and they will also monitor all of the physical machines. So, if one happens to get overloaded, like a bunch of virtual machines get picked to run on it and another machine is not running anything, well, all it's gonna do is move virtual machines to the unloaded and try and load balance like that. And because they're all virtual machines, it can just context switch them to different computers and it's not a problem at all. So, instead of just having a lightly used physical system, just make them virtual machines, you could just run as many of them as you want on a physical machine until it gets utilized completely and then you start moving them on different machines. Yep, yep, yep. You can run multiple virtual machines in parallel. In fact, that is a good way to start off with like a web application or something. So, you could have like a virtual machine for your database, a virtual machine for your backend, virtual machine for your front end. And then, since you have no users, you can run all those virtual machines on the same computer and then once you outgrow that physical computer, you just buy another one and then it's really easy, you just move a virtual machine over to it and then balance the load like that. You don't really have to reconfigure anything, it just moves a virtual machine and it lets you scale. And then after that point, you get into the situation where you just have like multiple front end virtual machines running and then you have something in front of that that picks the machine and then you just go up from there but everything starts with like a virtual machine. So, key abstraction for virtual machines. So, for processes, it was a process control block that acted kind of like a virtual CPU but didn't virtualize all the parts of a CPU just enough for user mode. So, once we talk about virtual machines, a virtual CPU which actually virtualizes the entire CPU is that core data structure that simulates it. So, it saves all the information about the...