[From the last episode: We looked at the notion of “virtual,” which is key to safe and reliable cloud computing.]
So: we, as cloud-computing folks, have a problem. We can’t afford to give every user their own machine – well, we could, but we’d have to charge more, and the customers couldn’t afford it except in certain critical cases. But if we use multi-tenantingIn the Cloud, this refers to a situation where multiple different users or systems are sharing the same server. Ideally, those different "tenants" will never affect each other. on a standard computer, then we’ve seen how mistakes – or attacks – can let one process invade the privacy of another process. Is there any way to create a situation where we get the benefit of everyone having their own machine while not literally giving them that?
Yes, there is. Give them virtualIn our context, refers to what are usually software models of some physical thing. The model behaves like the real thing except, in some cases, in performance. machinesIn our context, a machine is anything that isn't human (or living). That includes electronic equipment like computers and phones., or VMs. The notion of a VM is not new, although this usage is newer. For instance, there’s a programming language called Java. Rather than compiling Java computers for every possible variety of computer, each computer installed a Java VM. This made it look like, inside the computer, was a machine that could read Java (which the real machine couldn’t do directly). So, as long as the computer had a Java VM, it could execute any Java program without someone having to compile that program for that machine.
In our case, we’re doing something less specific. Since we’re not going to be giving every user their own real-world machine, how about if we create a bunch of VMs on one real machine? Let’s talk about what that might even mean.
Configuring a Virtual Machine
What’s in a computer? Well, there’s a processorA computer chip that does computing work for a computer. It may do general work (like in your home computer) or it may do specialized work (like some of the processors in your smartphone). (one or more); there’s memory; there are inputs and outputs – the internet connectionThis refers to some kind of electrical connection. It might be through a network cable, a cable connection, a wireless connection, or a phone - just to name some options. The connection might be to the internet or to some other local device., the USB ports, the printers, the display. We want our VM to have all of these things so that programs running on the VM don’t realize that it’s not a real-deal computer.
Parts of this aren’t conceptually difficult. We can certainly divide memory up so that every VM gets its own slice of memory. The processor is a bit trickier – we can’t give every VM its own actual processor. But using concepts like processes and threads, the operating systemSoftware – or firmware – that handles the low-level aspects of a computer or IoT device. It gets direct access to all the resources. Software asks the OS for access to those resources. can swap jobs out so that all of the jobs get some access to the processor(s). Exactly how that’s done is a detail, and there are probably a variety of ways to get there. For our purposes, we can simply assume that, somehow, every VM gets a turn at running on the processor.
HardwareIn this context, "hardware" refers to functions in an IoT device that are built into a silicon chip or some other dedicated component. It's distinct from "software," which refers to instructions running on a processor. like printers and USB and such are a little harder. There is, in fact, only one physical set of those, and they don’t have “threading” or other concepts available for sharing. In that case, we need arbitration. An arbiter is a special program that takes multiple requests from multiple jobs and grants access based on some policy. So, for instance, one VM may need the printer, and if, for the moment, it’s the only one needing to print, then the arbiter lets it through to the printer. If, while printing, another VM or two ask for access, they’ll have to wait until the first one is done, and then the arbiter will make a decision as to who goes next. That decision might be based on first-come first-serve, or who has higher priority, or – more likely – a combination.
Faking Out the Program
What’s important here is that, when the program on the VM asks for the printer, it doesn’t know it’s not getting exclusive access to the printer. It behaves more or less like it would if it had its own machine. That’s the thing about a VM – at least in theory: the programs running on the VM can’t tell whether it’s a VM or a real machine.
For cloud use, things get a little more complicated. For instance, if you’re running a cloud version of Microsoft Excel, you’re probably running in a virtual machineA way of configuring a portion of a real-world computer to look and act like a complete computer on its own. The idea is to have multiple virtual machines on a single real machine.. But when you want to print, you aren’t actually going to use the printer attached to the cloudA generic phrase referring to large numbers of computers located somewhere far away and accessed over the internet. For the IoT, computing may be local, done in the same system or building, or in the cloud, with data shipped up to the cloud and then the result shipped back down. serverA computer with a dedicated purpose. Older familiar examples are print servers (a computer that controls local printing) and file servers (a computer used for storing files centrally). More modern examples are web servers (the computers that handle your web requests when you use your browser) or application servers (computers dedicated to handling the computing needs of a specific application). Servers are often powerful, expensive machines since they have to handle a heavy load.. There probably is no real printer there. You’re going to send it to your home printer. So, for the cloud computer, “printing” means sending the data back to your local printer – it’s an internet connection to the server and a printer to you.
So the details of these things aren’t quite so simple, but hopefully the idea is clear.
(NIC = “NetworkA collection of items like computers, printers, phones, and other electronic items that are connected together by switches and routers. A network allows the connected devices to talk to each other electronically. The internet is an example of an extremely large network. Your home network, if you have one, is an example of a small local network. InterfaceThe point where two different domains meet, like a border. For example, a wall plug could be thought of as the interface between the power grid and the appliances you plug in. Card”. Image credit: By John Aplessed – Own work, Public Domain)
Managing the VM
And how is all of this done? Through yet another set of softwareIn this context, "software" refers to functions in an IoT device that are implemented by running instructions through some kind of processor. It's distinct from "hardware," where functions are built into a silicon chip or some other component. that operates in conjunction with the operating system. It allocates the resources and carefully enforces what gets access to what in a manner much stricter than we saw with a standard configuration. This management software is often called a hypervisor. This makes it look like each VM has its own separate operating system! In fact, you could have one VM that looks like Windows, another that looks like iOS, and yet another that looks like Linux.
There’s a variant of this idea that can apply to microcontrollers in IoTThe Internet of Things. A broad term covering many different applications where "things" are interconnected through the internet. devices (although not super-cheap ones), and there are new ideas being built on top of the VM one. We’ll look at some of those in upcoming posts.
Leave a Reply