Hypervisors are software products, and each hypervisor imposes a series of hardware requirements that every server,...
storage or network subsystem must meet. But the constant evolution of system hardware -- particularly processor technologies -- has resulted in a series of potentially confusing standards and acronyms. Sorting out this alphabet soup can take time and oversights can lead to unexpected system configuration problems, which can trigger malfunctions and performance issues. Let's take a closer look at some of the current and emerging CPU features and technologies needed to support leading hypervisors like VMware ESXi.
ESXi and NX/XD processor support
A vital aspect of virtualization is isolation -- preventing application code in one VM from accessing the memory space used by other VMs. This kind of isolation can help secure VMs from one another and protect the entire server from a wide range of malicious attacks including viruses, which always try to replicate and buffer overflow attacks.
Processors implement this kind of memory space isolation using a special bit that can mark certain memory areas as "non-executable." AMD processors provide an NX (never execute) bit, while Intel processors provide an XD (execute disable) bit. Both bits are effectively identical -- only the names are different -- and you may see both processor bits listed together as NX/XD. The idea is that when a memory area is marked as non-executable, the processor will refuse to run any code in those protected areas. If an attempt is made to execute code that is marked non-executable, a memory access violation is triggered, which can alert administrators to possible inappropriate activity on the server. This prevents one VM from affecting another VM, and stops malware from proliferating from one VM to another, making NX/XD an important processor feature.
Fortunately, both AMD and Intel processors have supported NX/XD bits since about 2006, and it is extremely unlikely that any current server is not equipped with suitable NX/XD-capable processors. However, it is always a good idea to verify NX/XD support in the server's documentation or check the BIOS to ensure options such as Execute Disable Bit, NX Technology and XD Support are enabled. If not (and you cannot enable such CPU features in BIOS), it may be necessary to replace the server before installing your hypervisor.
What are LAHF and SAHF instructions?
Processors make extensive use of registers. Registers are extremely small memory areas on each chip die that hold temporary results of mathematical or logical steps in progress, or set selected conditions through the use of flag bits in various registers.
In x86 processors, the AH register is known as an "accumulator" register used for I/O port access, basic floating point arithmetic and interrupts. These are all critical functions in a virtualized environment, so modern processors can speed up the handling of these activities by providing commands that allow direct control over the register contents; these are the Load AH from Flags (LAHF) and the Save AH to Flags (SAHF) commands.
We can easily get bogged down with technical, low-level processor architecture discussions here, but the basic idea is that a hypervisor like ESXi can use LAHF/SAHF instructions to take more direct control of the way each processor core handles I/O and interrupts. This hardware-level control can improve the performance of VMs running on each core. LAHF/SAHF commands are loosely related to broader virtualization support on modern processors like Intel-VT and AMD-V technologies.
As with NX and XD bit support, almost all modern Intel and AMD processors support LAHF/SAHF instructions along with the extended virtualization instruction set (Intel-VT and AMD-V). Although LAHF/SAHF instructions cannot be enabled or disabled discretely through the BIOS, the broader virtualization capabilities typically can be controlled through the BIOS. So, it's important to verify that Intel-VT and AMD-V support are enabled before installing a hypervisor.
How rapid virtualization indexing works
Rapid virtualization indexing (RVI) is part of the virtualization feature set included with AMD-V technology. This is also known as nested page tables or second level address translation (SLAT). Intel calls the technology extended page tables (EPT).
Address translation is required because processors must use a page table or translation look-aside buffer (TLB) to translate relative addresses into complete physical addresses anytime that a workload requires access to physical memory. In a virtualized computer, this address translation must be performed twice each time physical memory access is required -- first for the host instance, and a second time for the guest instance (the VM). This second level of address translation makes more work for the processor and reduces performance.
Technologies like Intel's EPT and AMD's RVI improve virtualization performance by extending the page table so that a hypervisor can determine the physical memory locations for both host and guest instances in a single step rather than two steps.
Top hypervisors have supported SLAT features for years, including Hyper-V with Windows Server 2008 R2, VMware ESX 3.5, Xen 3.2 and others. Today, hypervisors like Hyper-V for Windows 8 require SLAT-capable processors.
Other CPU features to consider for virtualization
Major processor vendors like Intel and AMD have wrapped most virtualization capabilities into one or more feature sets, like Intel's VT-x with EPT and VT-d for virtualized I/O, while AMD provides AMD-V features like RVI and TLBs.
Regardless of the particular vendor terms or trademarked names, all of these virtualization features are broadly intended to enhance the processor's ability to create and manage virtual resources from physical computing assets. This includes memory access and moving data across I/O devices (like Ethernet ports). The point is to provide these CPU features in processor hardware rather than operating system software.
While almost all recent processors do offer virtualization features, it's important to note that not all feature sets are available in each chip, or implemented in the same way between chip generations or between vendor families. This typically does not impact the individual server's ability to handle virtualization within its own system, but differences in virtualization features between servers can pose potential VM migration problems. IT planners should take the time to evaluate each new server's virtualization abilities and determine its interoperability in clusters and other migration -- or failover schemes -- before deployment in a production environment.