Linux DevCenter    
 Published on Linux DevCenter (
 See this if you're having trouble printing code examples

Interview: Mendel Rosenblum of VMware

by David Sims

VMWare is virtual machine software that lets you run multiple operating systems on a single-processor x86 machine. We talked with VMWare's cofounder and chief scientist, Mendel Rosenblum about VMWare's technology, users, and applications.

Mendel Rosenblum: VMWare is a company that has basically pioneered the idea of running what is referred to as a virtual machine monitor on a commodity PC. And what a virtual machine monitor provides for you is the ability to run multiple operating system environments simultaneously on the PC, so rather than having the limitation which most PCs have now, where you install an OP and that's the one that you boot one at a time and you get to use that. Here, with VMWare, you can actually run as many as you want and basically switch between them as easily as you would switch between processes on a multitasking operating system.

David Sims: How is that handled? Is the virtual machine an application that's running these operating systems?

Rosenblum: Well, we have sort of a unique architecture where we're both an application and what is technically referred to as a virtual machine monitor which is like a special type of operating system. So, when we run one of the additional operating systems you add to your machine, we're actually running in the most privileged mode of the processor and have control of all the hardware on the machine. So, in that sense, you know, we're an operating system that just happens to allow other operating systems to run on top of them. So, we also have a mode in which we run in which we appear to the user as just a normal application running on one of the operating systems. That makes it a lot easier for the user to interact and makes it a lot easier to install and configure us. You download our product on say NT and it installs like using an install shield like any other application. So, the answer is we're kind of both, an application and an operating system.

   Mendel RosenblumMendel Rosenblum, Ph.D.

Chief Scientist, VMWare

• Dr. Rosenblum is an associate professor of computer science at Stanford University.

• He leads the operating systems research group of the FLASH project.

• He is part of the team that developed the the Hive operating system, the SimOS machine simulator and the Disco virtual machine monitor.

• Ph.D. and M.S. in computer science from the UC Berkeley, B.A. in mathematics from University of Virginia.

Sims: I think the analogy that more people have heard of VMWare or would be familiar with would be running PC applications, something like PC soft on the Macintosh.

Rosenblum: Right.

Sims: Is it similar technology?

Rosenblum: Well it appears similar in that you can have it appear like an application that runs a PC application and PC operating system, but the technology is actually very different.

Because we're running on the same like Intel x86 hardware, we can actually directly use the hardware to run the PC software like the operating system applications. And so what our software actually does is actually takes the hardware and uses it to run in these additional operating systems directly. So, unlike the sort of emulation technology like Virtual PC and the stuff that has come up on the Mac, we're not really a simulator and we don't really have the kind of slowdowns you experience when you're running through all these simulation layers, since literally what we're doing is just sort of giving the hardware directly to the operating system and having it run it.

Sims: You know, it's interesting that you mention the slowdown. I have heard that it takes quite a bit of memory to VMWare. Is that your feedback also? How much memory do you recommend on, say a Linux running on a Pentium box?

Rosenblum: Well, I think the minimum memory you would even probably consider doing this is 64 megs and it runs very comfortably in a 128 megs. So we recommend is put as much memory as you can on your machine, but we have people write us all the time saying "I'm running with 64 megs and it's enough." The issue is that, you know, you're running this whole new environment with the applications. It will still run if you don't have the memory, enough physical memory on your machine, it's just that you end up having to go to disk and that can slow you down tremendously. The minimum requirements to actually run the software is even lower than 64 megs it's just that end-user experience, your disk light would be on most of the time, you'd be sitting there waiting for the disk.

Sims: So, who's the target market or your target user for this? It was easy with the idea of running PC software on Macintosh, there was a lot of software that wasn't available on Macintosh and there's also the situation of Mac users having to sort of work in a largely PC world, but, for your system, who are you seeing as the target users? What's the target application?

Rosenblum: Well, one of the things this technology is is this very low level capability that you can use it to do all kinds of things with. We have people using it for a wide range of different uses. I can describe some of the ones that, you know, seem to be more prominent than others. We came out with a version that sort of installs with the Linux operating system, and so a fairly large percentage of the people that get it actually use it to run a Microsoft operating system like Windows 98 or Windows NT or Windows 2000 when it comes out. So, what they see is that, suppose you are a user kind of going to have difficulty running Linux and somebody sends you an Office document, like an Excel spreadsheet or Word document, you kind of have difficulty interpreting that.

If you have Windows 98 running right next door on the same machine, you can just switch to it and run Office on it and read it that way. So, what you can see here is people are running an operating system and they want to run applications that may not, have not been ported to that operating system so they can run it in, in this case, the Microsoft operating system. So, that gives you one idea of use. I can give you another totally unrelated one.

Sims: OK.

"Let's say you're running Windows NT and you have an IT department that says you should not install anything like games ... on your company machine. Well that's hard for a lot of people."

Rosenblum: For example, let's say you're running Windows NT and you're in a company and you have an IT department that says you should not install anything like games or any personal software on your company machine. Well that's hard for a lot of people. You have this PC, you'd like to be able to do some things on it. Well, one of the compromises that the IT department can do is actually install VMWare and another copy of the same operating system and say here's this other virtual machine running maybe Windows NT, you can install your software on that and it won't mess up the company one. So you have a company Windows and a personal Windows.

Sims: On the same hardware?

Rosenblum: Yeah, on the same hardware.

Sims: This is really interesting to me because a lot of the IT people I know wouldn't want it even anywhere near the hardware but you've seen that application?

Rosenblum: Yes, we have. We've talked to a lot of companies. I think you're right though: if you look at the IT managers, a lot of times they want very strict control about what goes on it. But there are a lot of environments where they can't really exert as much control as they'd like, especially here in the valley. We have all these engineers and stuff, you know, like, if you're working in the company and they tell you "You have to run this," you know, the engineers usually find ways around things.

Sims: That's interesting. I can think of another application, too. With web companies, you have to download so much plug-in software and untrusted software that you're downloading over the Net to try things out that it might be nice to have a clean copy.

Rosenblum: Right. Well, that actually points to two other uses we're seeing, one of which is what we call a sandbox where you have this separate environment that you can do untrusted things on. So, even if you're not in a company, you might run this at home and decide that if I'm going to download the latest plug-ins or the latest games or something from some untrusted site, I can run that in a virtual machine.

One of the things that a virtual machine does is provide tremendous isolation. There's nothing any software can do running a virtual machine to get out and affect your other virtual machines or the actual host that you've installed this on top of. So it's pretty known technology how to do that kind of isolation, and it's pretty absolute.

The other thing that people do is like a help desk where people call in and ask questions. They might have a whole bunch of virtual machines with different combinations of software installed. So if somebody calls in and says, "I actually, I'm trying to install your software on a machine and I have NT4 and IE5 and Netscape 4 installed, and something blows up when I start your software," they can bring up a virtual machine that has that kind of configuration and try to work the person through how to get the thing to work.

Sims: So, why didn't anyone do this before? How did you come upon it, or how did the development process go?

Rosenblum: Well, you know, to tell you truth, this idea of virtual machine monitor was very popular in the 1970s, even back to the 60s. And, what it was used for was on IBM mainframes, which are very, very expensive pieces of hardware you can run multiple -- you can have one mainframe and have a bunch of different environments like a production environment and a development environment all running on the same piece of hardware since computers were scarce at the time.

"People stopped building hardware that was capable of being easily virtualized. ... So, we had to invent some new techniques to actually bring back virtual machines."

And, what happened was, the techniques fell out of disuse, and one of the reasons they disappeared completely is people stopped building hardware that was capable of being easily virtualized. And in fact, there's this whole research literature on how to build machines that you can do virtual machine monitors, and most of the machines today aren't built to those specifications.

So, we had to invent some new techniques to actually bring back virtual machines. Before we started to announce and shipped our products, you ask any computer scientist, they would say it's impossible to do what we did. And the reason it's impossible is all the new techniques for virtualization don't work on the x86 PC. So we developed some new ones that allowed us to basically do the same sort of abstraction, you know, of a virtual machine.

Sims: You said that the hardware isn't being built that could accommodate those kinds of virtual machines. Can you touch a little on what the differences are that didn't allow that?

Rosenblum: The basic trick that was used in the 70s was that you take the operating system environment and run it at a higher privilege level. You run it at user level or something like that, and then you run the virtual machine monitor in the privilege level.

And the hope is if the operating system you're running the virtual machine on tries to do any privileged operation, like access an IO device or change the memory mapping hardware on the machine, it will actually trap down into the virtual machine monitor which then emulates the operation and then returns back to the virtual machine.

This only works if your hardware is set up so all the privilege operations trap, and also any queries to what kind of state you're running into also trap or return, whatever the answer the virtual machine wants. And that's exactly what a virtualizable hardware meant or used to mean. Unfortunately, the x86 architecture doesn't have that. When they designed it, they didn't see any need of having instructions that have different semantics when they're run in the operating system than when on the user level, but you still don't trap.

So, the classic example is, on the x86 is instructions for like manipulating the flag registers end up doing something very different if you run them at user level than if you run them in the proposed privileged mode. So if you just took the standard trick and took a PC operating system that ran at user level, it wouldn't trap but it also wouldn't run correctly either.

Sims: Is this sort of, in some ways I'm wondering if it was replaced by multitasking? I mean in the sense you are running multiple processes at once, you're just running them within a single machine rather than virtual machines.

Rosenblum: Yeah. So, there are actually a lot of analogies you can think of. What a virtual machine monitor is is a multi-tasking operating system that the processes look just like the hardware the underlying machine is running on, so that you can just install another copy of the operating system. It's totally happy since it thinks it's running on the real hardware. You know, most of the time, most multitasking operating systems have a much higher level abstraction like processes and styles and things like that and that's very different than what the hardware abstractions look like.

Sims: One other question I had, and you sort of touched on this when you talked about uses, but are there people who are using it in ways that you hadn't planned and has that shaped how you think about the technology going forward?

"As soon as we got it out there, we had people writing in and saying, I'm using it in this way, and it was totally different than any of the scenarios that we had before."

Rosenblum: One of the things I think I personally have found most satisfying about this is, when we developed it, we had certain applications we thought this would be a very good solution for. And obviously when we first came up on the Web site we listed here are some uses of the technology. And as soon as we got it out there, we immediately had people writing in and saying here I'm using it in this way and it was totally different than any of the scenarios that we had before.

That's been, at least for the engineers here and the people that developed the technology, it's so neat to see your stuff used and solve problems that you hadn't even envisioned or didn't know they existed.

Copyright © 2009 O'Reilly Media, Inc.