Virtual Square Frequently Answered Questions

What is Virtual Square?

It started as a research project, now it is a framework containing several projects.

Virtual Square investigates on what is the "Virtuality" today. The projects inside virtual square tends to give a unified approach to several forms of virtuality. All the projects includes tools to provide users with effective, testable, studiable, hackarable proofs of the ideas. Virtual Square tools interoperate, thus they can be used as building blocks to set up virtual environments for a wide range of applications.

Virtual Square Research and Development Team is mainly at the Department of Computer Science, University of Bologna, Italy but there are researchers working on the project also at the Department of Mathematics and Computer Science, Xavier University, Cincinnati OH.

Which are the projects that belong to the Virtual Square?

• VDE: Virtual Distributed Ethernet. This is our virtual network.
• View-OS: A process with a view. The idea is to give each process its own "view" of the execution environmnent. This includes process personalization of file system access and structure, of networking, devices, ids, time etc. There are currently two tools implementing View-OS ideas:
  • UMview: user mode View-OS. It runs on vanilla linux kernels and it is able to support standard GNU/Linux applications.
  • KMview: kernel module View-OS. It needs a kernel supporting utrace (not yet included in official kernels). There is a kmview.ko kernel module. Obviously it runs faster than UMView.
• MPS, uMPS. MIPS based system emulators for education. These tools have been designed for teaching several computer science subjects: System Architecture, Operating System, Networking.
• LWIPv6: an entire IPV4/IPV6 hybrid stack as a library.
• Free-OS Zoo. A web site [1] providing a lot of disk images of pre-installed Free Operating System. Just download'n go: download using bittorrent and go on qemu or kvm. Otherwise, if you can run a java applet on your browser, it is also possible to test some Free Operating System on our servers, using them directly from your browser.
• SRL, SNC: Simple remote lecturing, simple network conferencing. Not directly related to the others, these tools are by the same research team. We use them as cooperative tools, to give lectures or seminars on the net.

Virtual Distributed Ethernet: Is it different from {VPN, uml-switch}?

A VPN is a way to connect one or more remote computer to a protected network, generally tunnelling the traffic through another network. VDE implements a virtual ethernet in all its aspects, virtual switches, virtual cables. A VDE can be used to create a VPN. VDE interconnects real computers running Linux, Free-BSD, MacOSX kernels (through a tap interface), virtual machines (qemu, kvm, user-mode linux, pearpc, gxemul...) as well as the other Virtual Square components like ViewOS implementations (UMview/Kmview) and Lwipv6.

uml-switch (like similar virtual network systems provided with virtual machines) is able to interconnect several user-mode linux virtual machines among them and with the hosting computer. VDE supports heterogeneous virtual machines running on different hosting computers.

LWIPv6: Is it different from LWIP?

LWIP (by Adam Dunkel [2]) is an IPv4 only stack for embedded systems that can be used as a UNIX library. LWIPv6 is an an evolution of LWIP: it is an IPv4/IPv6 hybrid stack implemented as a library.

View-OS: Is it different from Solaris Containers (or Zones)?

(or other Operating System Layer virtualization [3])

Like Operating System Layer virtualization,

• starting a View-OS implementation does not mean to boot a kernel.
• it is possible to share networking, the entire file system or parts of it with the hosting machine

Unlike Operating System Layer virtualization,

• View-OS is for users, not (or not only) for system administrators.
• In View-OS the real kernel can act as it were an hypervisor for user-level containers (e.g. kmview): there are hooks in the kernel but the virtualization management takes place at user-level. This means View-OS runs a simpler kernel and the kernel is not a single point of failure.
• View-OS can use networking protocols, file system formats, devices not supported by the undrelying kernel.

View-OS extends the idea of Operating System Layer virtualization.

View-OS: Is it different from Plan/9?

View-OS implements some of the ideas of Plan/9:

• services (file system implementation/device drivers/network stacks etc) can be provided by user-level servers.
• View-OS tends to use the file system (and the mount command) as a global naming space.

Unlike Plan/9

• View-OS does not support (yet?) transparent access to distributed resources
• View-OS current implementations run on the top of vanilla Linux kernels (umview) or an experimental version of Linux (including utrace) with a specific module (kmview). It means that View-OS works with all the devices supported by Linux. On the contrary it is possible to add support for devices/file systems/network stacks, provided the linux kernel is able to provide raw access to the device. Umview and kmview could be ported to any processor architecture supported by Linux. Actually umview works on i386 and ppc32, experimental versions run on x86_64 and ppc64. kmview is currently released only for i386. Plan/9 works just on a very narrow set of mainboards and supports a few devices.

View-OS: Is it different from Microkernels?

View-OS and Microkernels share the idea that services can be implemented by server processes outside the kernel. However:

• Microkernels are complete kernels, thus they need specific drivers for devices and runs on a few architectures.
• Microkernels run all the services and the drivers as specific processes.
• View-OS runs on a wide set of hardware configurations.
• View-OS gives system administrators the flexibility to choose between monolithic and microkernel approach service by service, device by device, depending on the availability of the solution and the performance requirements of the application. View-OS gives to users the ability to define their own services.

Practical question: what can I do with Virtual Square?

I mean: what can I do with the software as it is? (Say the debian sid version).

The list is not complete, but It gives an idea of a set of possible applications. Nothing requires administration privileges (i.e. you do not need to log in as root, sudo or similar), unless indicated.

• (VDE) Virtual LAN of Virtual Machines. Different virtual machines (Qemu, kvm, user-mode linux, pearpc) can interoperate. The Virtual Machines can run on several hosts.
• (VDE) Virtual Networks of Virtual Machines can be connected to real networks (e.g. the Internet) by routing, bridging (/dev/net/tun access required) or as masqueraded (NAT) networks.
• (VDE) Layer 2 Virtual Private Networks or Overlay Networks of any topology. Fast spanning tree techniques can reroute packets in case of (virtual) link failures. Being Layer2, any Ethernet compatible protocol can pass through the tunnel: IPv4, IPv6, IPv8 (when somebody defines it), iso, rarp, etc... (/dev/net/tun access, or use UMVIEW, see over).
• (VDE+LWIPv6) Remote run time management of virtual switches (telnet and web interface)
• (UMVIEW+UMFUSE) Mount of a file system image. The mount operation has a local effect: only the processes running inside the UMVIEW instance will see the mounted partitions. Other processes will not see any effect from the UMVIEW mount operation and other instances of UMVIEW can mount other filesystems on the same mountpoint.
• (UMVIEW+UMFUSE) Mount of a removable device (e.g. cdrom, usb key) provided you have access to the device.
• (UMVIEW+LWIPv6) Assign IP address to a process or to a group of processes. These virtual netork entities can communicate among them using a VDE switch, with the host computer using tuntap (access rights to /dev/net/tun required). The virtual entities can communicate also with other networks (e.g. the Internet) if the VDE switch or tuntap interfaces are bridged or routed to real interfaces or there are tunnels in place with other VDE switches.
• (UMVIEW+LWIPv6) Users can test the network traffic generated by their applications using standard tools like wireshark or tcpdump.
• (UMVIEW+UMDEV) Take a disk image and access its partitions.
• (UMVIEW+UMDEV+UMFUSE) Create a disk image, partitionate it, create file systems on each partition and mount the resulting partitions.
• (UMVIEW+UMDEV) Create and access a ramdisk.
• (UMVIEW+UMBINFMT) Transparently choose and run an interpreter for "alien" executables: e.g. on a i386 it is possible to run powerpc executables like they were native. UMVIEW+BINFMT recognizes the executable format and run the interpreter, say qemu. Different UMVIEW instances can define different interpreters for the same format (the same file will use different interpreters depending on from which UMVIEW instance it was started).
• (UMVIEW+UMMISC) Change the name of the machine, the network domain, and other uname fields, change the time and the "time flowing speed". One "virtual second" in a UMVIEW instance can last half or 10 seconds.

Practical question: what will I be able to do soon with Virtual Square?

I mean: what can I do with experimental versions downloadable from svn?

• (KMVIEW) You can do everything you do with UMVIEW, but faster. All the limitations imposed by ptrace have been eliminated: strace or other debuggers works for processes running inside KMVIEW sessions, job control signals like SIGSTOP and SIGCONT can be used.

Practical Question: what I could do with Virtual Square?

I mean: being a programmer, which extensions/application can I implement?

• (VDE) Every kind of virtual machine can be connected to VDE by using the libvdeplug library.
• (VDE) Change protocols parameters and test network behavior. (e.g. there is a group working on VDE to study TCP congection management policies).
• (UMVIEW or KMVIEW+UMFUSE) Virtual File System can be coded using UMFUSE. The source code is compatible with the standard fuse module already included in the kernel. Write you program once and use it in the old way (fuse, with the problems related to the global view) and the new way (UMFUSE, the View-OS way)
• (UMVIEW or KMVIEW+UMDEV) It is possible to create device drivers for virtual devices or for real devices.
• (UMVIEW) It is possible to implement system call interposition tools, to give speccific protections or to set up system intrusion detection mechanisms.

Almost Practical Question: what will you do about Virtual Square?

I mean: which new extensions the Virtual Square Research and Development Team is actually implementing?

• (UMVIEW+VIEWFS) It is possible to move around subtrees of your file system, what is really here appears there or disappears (so it is protected). It is like a user configurable chroot that is not limited to one subtree. It is also possibile to access Copy-on-Write to some directories (modifications are confined only to the UMview or KMview environment bur the files have not been changed for real).
• (UMVIEW+UMFUSE+FSFS) It is at the same time an encrypted file system (data are store in encrypted format) and encrypted remote file system (data are encripted on the network). In effect FSFS sends directly encrypted data from the disks on the net and move the computation load for decryption to clients. This is a very scalable approach (it scales far more than encrypted NFS) and solves the privacy problem for hard disk maintenance. (Many servers protect user data on the network and then give faulty disks to the maintenance service. Disks have plain clear users' data on them.)
• (LWIPv6) Multi Stack support. Processes will be able to use several network stacks at the same time.
• (KMview+Kernel) More efficient menagement of poll/select, mmap.
• (UMview/KMview) Remote system call - RPC at system call level.

I teach Computer Science. How can I use Virtual Square in my courses?

Students can use Virtual square for many interesting exercises:

• (VDE) set up, configure and manage a complex network. VDE provides Ethernet and point-to point links. Routers can be implemented on user-mode linux machines, running quagga.
• (VDE) let student run their own kvm or qemu machine and learn how to install operating systems, services, and everything related to system administration. Private networks of student managed virtual computer could be accessed from the dormitories or from home, giving them the experience of how to manage real 24/24h services.
• (LWIPv6) write programs directly connected to virtual networks.
• (VDE+libvdeplug) write and test protocols from layer 3 up.
• (OSZoo) test many different Operating Systems/Distribution
• (UMview+UMdev) write device drivers
• (UMview+UMFuse) write file system implementations
• (MPS or uMPS) write an entire operating system from scratch
• (MPS or uMPS + VDE) write low level networking drivers (student OS can communicate).
• (VDE) create a cluster of User-Mode Linux, Qemu and KVM machines (disconnected from the Internet) and use it as a shooting polygon to test security related tools and procedures: attacks, IDS, firewalls, etc.

Virtual Square gives users a lot of possibilities. Sysadm question: It is dangerous?

Virtual Square does not give user any authorization he/she does not have already. It just simplify the way to use the assigned resources for the user's needs. Examples follow.

• If a user owns a file that happens to be a disk image, accessing, modifying in any way the contents of that disk image is nothing more than a specialized form of file editing.
• If a user is allowed to have a ssh connection to a remote computer, the use of ssh to carry a tunnel of a user's private network is just a sofisticated use of a TCP connection.

Just a final note to say that if you are a sysadm you can do about nothing to prevent your users to install and run Virtual Square tools, they can be installed without any system administrator involvement. As a system administrator you can only provide your users with services to have their Virtual Square tool run faster.

Legalese question: I have heard VDE for something different. Are there correlations?

Unfortunately there is a German association having the same acronym Verband der Elektrotechnik, Elektronik und Informationstechnik. Virtual Distributed Ethernet is just a concept, like LAN, WAN, VPN and so on. Maybe there are associations named LAN, WAN, VPN, too. We have been asked to specify that Virtual Distributed Ethernet is not related in any way to Verband der Elektrotechnik, Elektronik und Informationstechnik (www.vde.com). We do.