CN111240802A

CN111240802A - Virtualization method suitable for equipment side

Info

Publication number: CN111240802A
Application number: CN202010011020.4A
Authority: CN
Inventors: 史建琦; 吕万友; 黄滟鸿; 蔡方达; 石奇; 佘庆
Original assignee: Shanghai Formal Tech Information Technology Co ltd; East China Normal University
Current assignee: SHANGHAI FORMAL TECH INFORMATION TECHNOLOGY Co.,Ltd.
Priority date: 2020-01-06
Filing date: 2020-01-06
Publication date: 2020-06-05

Abstract

The invention discloses a virtualization method applicable to a device side, which comprises the following steps: forming a virtualization framework suitable for the equipment side according to the QEMU network and a containerization mechanism; according to the virtualization framework suitable for the equipment side, a virtualization method suitable for the equipment side is realized; and verifying the reliability and the safety of the virtualization method suitable for the equipment side. By the virtualization method, not only can the virtualization of computing resources, storage resources and network resources be completed, but also the centralized scheduling and management can be performed on the virtual resources through a uniform interface, so that the operation cost of the service is reduced, and the safety and the reliability of the system are ensured.

Description

Virtualization method suitable for equipment side

Technical Field

The invention relates to the technical field of virtualization, in particular to a virtualization method suitable for an equipment side.

Background

With the rapid development of computer technology in China, the construction requirements of enterprise-level department business systems will increase continuously, and the number of special servers of application systems will increase continuously in the traditional IT infrastructure mode. In addition, purchasing a new server and deploying a service system often results in a plurality of service deployment process links and a long online period, and the requirement for rapidly coping with service application is difficult to meet. According to investigation and analysis of service conditions of relevant servers of the national IT system, the fact that most application systems adopt a mode that each application system is provided with a dedicated server is found, the resource utilization rate of most servers is very low, and resources are idle seriously. And continuous purchase of server, accessory, software, computer lab extension, refrigerating system transformation, the charges of electricity continuously rise, IT operation and maintenance administrative cost continuously increases, and IT is a huge challenge to advocating green, low carbon economy, operation and maintenance administrative cost control.

Therefore, the development of virtual computing, virtual storage and virtual network technologies has great practical significance in centralized scheduling and management of the virtual resources.

Disclosure of Invention

The embodiment of the disclosure provides a virtualization method applicable to a device side. The following presents a simplified summary in order to provide a basic understanding of some aspects of the disclosed embodiments. This summary is not an extensive overview and is intended to neither identify key/critical elements nor delineate the scope of such embodiments. Its sole purpose is to present some concepts in a simplified form as a prelude to the more detailed description that is presented later.

In some optional embodiments, a virtualization method applied to a device side includes:

forming a virtualization framework suitable for the equipment side according to the QEMU network and a containerization mechanism;

according to the virtualization framework applicable to the equipment side, a virtualization method applicable to the equipment side is realized;

and verifying the reliability and safety of the virtualization method applicable to the equipment side.

Further, a virtualization framework, comprising:

the system comprises a Hypervisor module, a TCG module, an MMU module, a binary translation cache module, a disk subsystem module and a hardware equipment module.

Further, according to a virtualization architecture applicable to the device side, a virtualization method applicable to the device side is implemented, including:

and determining a Hypervisor module, a TCG module, an MMU module, a binary translation cache module, a disk subsystem module and a hardware equipment module in the virtualization framework, thereby realizing the virtualization method applicable to the equipment side.

Further, determining a TCG module in the virtualization framework includes:

analyzing the running state of the TCG module to obtain an optimization scheme aiming at different instruction sets;

constructing a simple translation state machine;

and writing a C language program for memory access and jump.

Further, analyzing the running state of the TCG module to obtain an optimization scheme aiming at different instruction sets, wherein the optimization scheme comprises the following steps:

analyzing the running state of the TCG module, and determining the running safety of the TCG module;

and calculating the complexity of different instruction sets, and taking the scheme with the lowest complexity as an optimization scheme.

Further, before forming a virtualization framework applicable to the device side according to the QEMU network and the containerization mechanism, the method further includes:

determining a QEMU-based virtualization mode;

and determining the Linux operating system.

Further, determining a QEMU-based virtualization mode includes:

determining a virtualization mode adopted by QEMU-based computational virtualization;

determining a virtualization mode adopted by QEMU-based storage virtualization;

a virtualization mode employed by the QEMU-based network virtualization is determined.

Further, verifying the reliability and security of the virtualization method applied to the device side includes:

verifying the storage reliability of the virtualization method applicable to the equipment side;

verifying the network reliability of the virtualization method applicable to the equipment side;

verifying the reliability of a virtualization host applicable to the virtualization method on the device side;

verifying the management reliability of the virtualization method applicable to the equipment side;

and verifying the virtualization security of the virtualization method applicable to the equipment side.

The embodiment of the present disclosure further provides a virtualization system suitable for a device side, including:

the virtualization framework determining module is used for forming a virtualization framework suitable for the equipment side according to the QEMU network and the containerization mechanism;

the virtualization method implementation module is used for implementing the virtualization method applicable to the equipment side according to the virtualization framework applicable to the equipment side;

and the verification module is used for verifying the reliability and the safety of the virtualization method suitable for the equipment side.

Further, a virtualization framework, comprising:

Further, the virtualization architecture determination module includes:

and the virtualization framework determining unit is used for determining a Hypervisor module, a TCG module, an MMU module, a binary translation cache module, a disk subsystem module and a hardware device module in the virtualization framework, so that the virtualization method applicable to the device side is realized.

Further, the method for determining a TCG module in a virtualization framework includes:

the system is used for analyzing the running state of the TCG module and acquiring an optimization scheme aiming at different instruction sets;

for constructing a simple translation state machine;

the method is used for writing C language programs for memory access and jump.

Further, the method for analyzing the runtime state of the TCG module and obtaining the optimization schemes for different instruction sets includes:

the system is used for analyzing the running state of the TCG module and determining the running safety of the TCG module;

and the method is used for calculating the complexity of different instruction sets, and the scheme with the lowest complexity is taken as an optimization scheme.

Further, still include:

and the QEMU network determining module is used for determining a QEMU-based virtualization mode and determining a Linux operating system.

Further, the method for determining the QEMU-based virtualization mode includes:

determining a virtualization mode to employ for QEMU-based computational virtualization;

determining a virtualization mode to be employed for QEMU-based storage virtualization;

for determining a virtualization mode to be employed for QEMU-based network virtualization.

Further, a verification module comprising:

a storage reliability verification unit for verifying the storage reliability of the virtualization method applied to the device side;

a network reliability verification unit for verifying the network reliability of the virtualization method applied to the device side;

a reliability verification unit of the virtualization host, configured to verify reliability of the virtualization host applicable to the virtualization method on the device side;

a management reliability verification unit for verifying the management reliability of the virtualization method applied to the device side;

and the virtualization security verification unit is used for verifying the virtualization security of the virtualization method applied to the equipment side.

The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects:

the invention provides a virtualization method applicable to a device side, which forms a virtualization framework applicable to the device side according to a QEMU network and a containerization mechanism; according to the virtualization framework applicable to the equipment side, a virtualization method applicable to the equipment side is realized; and verifying the reliability and safety of the virtualization method applicable to the equipment side. By the virtualization method suitable for the equipment side, not only can the virtualization of computing resources, storage resources and network resources be completed, but also the centralized scheduling and management can be performed on the virtual resources through a uniform interface, so that the operation cost of services is reduced, and the safety and the reliability of a system are ensured.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.

FIG. 1 is a flow diagram illustrating a virtualization method applicable on the device side in accordance with an exemplary embodiment;

FIG. 2 is a block diagram illustrating a virtualization method applicable to the device side in accordance with an exemplary embodiment;

FIG. 3 is a schematic diagram illustrating a suitable device-side virtualization architecture in accordance with an illustrative embodiment;

FIG. 4 is a schematic diagram illustrating the operation of a TCG module in accordance with an exemplary embodiment;

FIG. 5 is a block diagram illustrating an overall architecture of a virtualization platform suitable for use on the device side, according to an example embodiment.

Fig. 6 is a block diagram of a virtualization system adapted for use on the device side in accordance with an exemplary embodiment.

Detailed Description

So that the manner in which the features and elements of the disclosed embodiments can be understood in detail, a more particular description of the disclosed embodiments, briefly summarized above, may be had by reference to the embodiments, some of which are illustrated in the appended drawings. In the following description of the technology, for purposes of explanation, numerous details are set forth in order to provide a thorough understanding of the disclosed embodiments. However, one or more embodiments may be practiced without these details. In other instances, well-known structures and devices may be shown in simplified form in order to simplify the drawing.

The first embodiment;

the embodiment of the present disclosure provides a virtualization method applicable to a device side, and fig. 1 is a flowchart illustrating a virtualization method applicable to a device side according to an exemplary embodiment.

As shown in fig. 1, a virtualization method applied to a device side includes:

s101, forming a virtualization framework suitable for a device side according to a QEMU network and a containerization mechanism;

in the embodiment of the present disclosure, a device-side lightweight virtualization scheme is designed by using the QEMU virtual operating system.

Before executing step S101, determining a QEMU network facing the device side platform is further included.

The method comprises the steps of determining a QEMU network facing a device side platform, determining a QEMU-based virtualization mode and determining a Linux operating system.

Specifically, determining the QEMU-based virtualization mode includes determining a virtualization mode employed for QEMU-based computational virtualization, determining a virtualization mode employed for QEMU-based storage virtualization, and determining a virtualization mode employed for QEMU-based network virtualization. When x86 processor hardware virtualization is performed using a kernel-based virtual machine, computational tasks are performed at speeds that are nearly comparable to the speed of the hardware native, and second, other processors are emulated through real-time translation of machine code for the virtual machine to run the operating system of a different platform.

Specifically, according to a determined functional module of the Linux operating system, the VMX function is opened and initialized, a corresponding interface is provided to support the operation of the virtual machine, that is, the corresponding functional module can be called and the virtual machine can be operated, for example, the Linux kernel function is called, the bottom layer virtualization of the CPU and the virtualization of the memory are realized, so that the Linux kernel becomes a virtualization layer, and finally, a driver for managing the virtual hardware device is designed and mainly responsible for the creation of the vCPU, the allocation of the virtual memory, the reading and writing of the vCPU register, and the operation of the vCPU.

The QEMU network and the management scheduling technology are combined with a containerization mechanism to form a lightweight virtualization framework suitable for containers.

In the embodiment of the disclosure, the Linux operating system and the containerization mechanism are combined, and a lightweight virtualization framework suitable for the container is realized under the scheduling of a management scheduling technology.

Fig. 3 is a schematic diagram illustrating a virtualization architecture suitable for use on the device side in accordance with an example embodiment.

As shown in fig. 3, the lightweight virtualization architecture suitable for the device side includes a Hypervisor module, a TCG module, an MMU module, a disk subsystem module, a device subsystem module, a hardware device module, and a binary translation cache module.

The Hypervisor module loads binary machine codes from the disk image, converts the binary machine codes into native machine codes by using the TCG module, connects to virtual or actual equipment, and starts the MMU module, so that an operating system can be simulated in the disk image.

The TCG module can convert the machine code of a source processor into a machine code block required by the running of a virtual machine, translate and convert different processor instruction set architectures, place the translated code block in a conversion cache, link the instruction set of the source processor and the instruction set of a target processor through a jump instruction, and translate and convert the different processor instruction set architectures, which is a technical approach and a solution for realizing virtualization universality.

If the machine code of the source processor and the machine code block required by the running of the virtual machine are machine codes compiled by the same instruction set architecture, the code blocks are directly placed in a conversion cache, and the instruction sets of the source processor are linked together through a jump instruction and run on different translated code blocks.

If the source processor machine code and the machine code blocks required for the virtual machine to run are machine code compiled for different instruction set architectures, it is not possible from the architectural and physical hardware perspective to run machine code compiled for the instruction set architecture of another processor on one processor, for example, to execute ARM machine code on an x86 processor. Therefore, the introduction of an intermediate link to translate and convert different processor instruction set architectures is a technical approach and solution for realizing virtualization universality. In the TCG, these translated code blocks are placed in a translation cache and the instruction set of the source processor and the instruction set of the target processor are linked together by a jump instruction.

For example, when the Hypervisor module is executing code, the linked instructions stored in the translation cache may jump to a specified code block and execution may run on a different translated code block until a new code block needs to be translated, in accordance with the example component relationships shown in FIG. 3. During execution, if a code block needing to be translated is encountered, the execution action is suspended and jumps back to the Hypervisor module, and the Hypervisor module uses and coordinates the TCG module to convert and translate the instruction set of the source processor needing to be subjected to binary translation and stores the instruction set into a conversion cache.

The MMU module processes memory access, the disk subsystem processes different disk mapping formats, the equipment subsystem processes network cards and other hardware equipment, and the binary translation cache module caches translated codes.

The hardware device includes: connecting the actual physical device in the host and the hardware device in the virtual operating system through the QEMU. The hardware devices of the virtual machine are implemented, for example, by directly connecting to the actual physical devices in the host or by hardware device emulation in the QEMU virtual operating system. The following two ways of using hardware equipment to process input/output between a virtual machine and the hardware equipment are designed, wherein the first way is to use actual physical equipment of a host and equipment of QEMU to drive a direct-through mode of simulation virtual equipment realized by simulation; and secondly, processing input/output between the virtual machine and the hardware equipment by using a virtio semi-virtualization driver connected to the Linux kernel.

Optionally, in the embodiment of the present disclosure, a client mode is newly added to the original user mode and kernel mode.

By the method, the Linux operating system and the containerization mechanism are combined, and the virtualization framework suitable for the equipment side is realized under the scheduling of the management scheduling technology.

Step S102, realizing a virtualization method applicable to the equipment side according to a virtualization framework applicable to the equipment side;

the virtualization framework comprises a Hypervisor module, a TCG module, an MMU module, a binary translation cache module, a disk subsystem module and a hardware device module, and the Hypervisor module, the TCG module, the MMU module, the binary translation cache module, the disk subsystem module and the hardware device module in the virtualization framework are determined, so that the virtualization method applicable to the device side is realized.

The Hypervisor module loads a binary machine code from a disk image, converts the binary machine code into a native machine code by using the TCG module, connects the native machine code to virtual or actual equipment, and starts the MMU module, so that an operating system can be simulated in the disk image, the MMU module processes memory access, a disk subsystem processes different disk image formats, an equipment subsystem processes a network card and other hardware equipment, and the binary translation cache module caches the translated code.

The TCG module can convert the machine code of a source processor into a machine code block required by the running of a virtual machine, translate and convert different processor instruction set architectures, place the translated code block in a conversion cache, link the instruction set of the source processor and the instruction set of a target processor through a jump instruction, and translate and convert different processor instruction set architectures, which are technical approaches and solutions for realizing virtualization universality.

In general, the TCG module described above is implemented, comprising:

specifically, the state of the TCG module during operation is analyzed to determine the safety of the TCG module during operation, and the TCG module has a small disadvantage in the operation process that the TCG module cannot correctly run self-modifying codes because modified code pages are not marked and need to be translated again when the TCG module is operated again. The self-modifying code is easy to be utilized by a vulnerability in a software world, particularly a vulnerability of a buffer area which is easy to be damaged by an attack and the like, the vulnerability threats agent provides special codes to cover the application program code which is easy to be attacked, if the covered codes are already operated, the TCG module is operated and translated failure is caused in more times besides vulnerability utilization caused by normal operation, and therefore the program is abnormal or crashed.

The TCG module does not mark the modified code page and needs to be re-translated when running again, which affects the binary running efficiency of the QEMU virtual operating system, but from another perspective, it also increases some security.

And after the TCG module is determined to run in a safe state, calculating the complexity of different instruction sets, and taking the scheme with the lowest complexity as an optimization scheme.

Generally, the quality of a piece of software is evaluated by software metrics, and the complexity of the software, which is an important component of the software metrics, is an important index for evaluating the quality of a software product. And calculating the reconstruction complexity corresponding to each scheme to determine the optimal scheme through the reconstruction complexity.

Most processors supported by the QEMU virtual system have partially identical instruction sets. For example, "MOV" instructions are present in almost all processors and can simply be replicated unless there is some bit size difference in the CPU registers, e.g., simulating a 64-bit processor on a 32-bit processor may require many additional instructions, which also requires more time to program in the TCG converter.

In the embodiment of the disclosure, the sub-composite components and/or the atomic components which form each repeated composite component are called as the constituent members of the corresponding composite component, and when the reconstruction complexity of the TCG module repeated composite component is calculated, the reconstruction complexity of the Hypervisor repeated composite component is taken as the complexity of the whole working schematic diagram.

Constructing a translation state machine;

in the source code of the QEMU virtual system, there is a subdirectory named "tcg" which is a translation state machine written in the C language for converting machine instructions into corresponding x86 machine instructions.

And writing a C language program for memory access and jump.

And writing a program for memory access and jump by using the C language, and calling the software memory management unit by using the program.

as shown in fig. 4, the non-native source machine code is converted into a machine code required by the virtual machine operation through the TCG module and is cached in the binary translation cache module, and the Hypervisor module loads the cached binary machine code required by the virtual machine operation from the binary translation cache module.

Specifically, the virtual encapsulation and the migration technology are combined, so that decoupling of a virtual machine and bottom-layer physical equipment can be realized, a plurality of physical equipment can form a virtual machine cluster platform to form a virtual machine resource pool, the resource pooling technology is realized, and the bottom-layer physical resources are transparent to upper-layer users and applications.

Specifically, logical isolation of resources such as a file system and a network of a process group is realized through a Namespaces module in a Linux operating system, and resource division of a CPU, a memory, a disk I/O and a network bandwidth in a container host system is realized through a Control Groups module in the Linux operating system, so that containerization management of an upper-layer task process is realized. Meanwhile, according to discovery, resource management, monitoring and deployment of services in the container, elastic expansion and migration of the container between the physical machine and the virtual machine of the server are achieved, and therefore basic capability support is provided for end edge cloud collaborative dynamic load balancing and efficient task scheduling.

According to the lightweight virtualization technology, the resource pooling technology and the containerization technology which are suitable for the equipment side, the lightweight virtualization method suitable for the equipment side is realized.

Fig. 2 is a schematic structural diagram illustrating a virtualization method applied to a device side according to an exemplary embodiment.

As shown in fig. 2, a virtualization method applicable to the device side is implemented according to a virtualization technology, a resource pooling technology and a containerization technology, where the virtualization technology includes computing virtualization, storage virtualization and network virtualization, the resource pooling technology includes computing resource pooling, storage resource pooling and network resource pooling, and the containerization technology includes containerization packaging technology, resource isolation technology and container arrangement technology.

And step S103, verifying the reliability and safety of the virtualization method applied to the equipment side.

And according to the realized virtualization method suitable for the equipment side, constructing a virtualization platform and verifying the reliability and the safety.

Fig. 5 is a block diagram of an overall architecture of a virtualization platform suitable for a device side according to an example embodiment.

As shown in fig. 5, the overall architecture block diagram of the virtualization platform includes a virtualization platform, a processor, a memory, a storage, a network, an application program, an operating system, and a virtual machine.

Specifically, verifying the reliability and security of a virtualization method applied to a device side includes: verifying the storage reliability of the virtualization method applicable to the equipment side; verifying the network reliability of the virtualization method applicable to the equipment side; verifying the reliability of a virtualization host applicable to the virtualization method on the device side; verifying the management reliability of the virtualization method applicable to the equipment side; and verifying the virtualization security of the virtualization method applicable to the equipment side.

The verifying the storage reliability of the virtualization method applicable to the equipment side comprises the following steps:

in this embodiment, at least two fully redundant paths are configured between each compute node and the storage cluster, thereby providing a multi-path access function for storage. The failure switching among the multiple paths is automatically provided by software, so that the storage access problem caused by single point failure is avoided.

The network reliability of the virtualization method applicable to the equipment side is verified, and the method comprises the following steps:

in this embodiment, the virtual network layer avoids service interruption caused by a single network card failure by using technologies such as multi-network card binding.

The verifying the reliability of the virtualization host applicable to the virtualization method of the device side includes:

in this embodiment, an automatic migration and manual migration scheme of the virtual machine is provided, and when the current computing node fails or the load of the computing node is too high, the virtual machine may be migrated to a normal computing node or a computing node with a relatively low load, so as to ensure normal operation of the virtual machine. The system provides functions of virtual machine and volume snapshot, and under a normal state of the system, a system snapshot can be triggered and used for restoring the system when the system fails.

The verifying the management reliability of the virtualization method applicable to the equipment side comprises the following steps:

in this embodiment, the reliability of the system is improved by adopting a structure in which the computing cluster and the storage cluster are separated. The computing cluster completes the on-demand allocation of the virtual machines and the live migration in the cluster, and the storage cluster completes the on-demand allocation of the system volumes and the user volumes of the virtual machines and the storage of the cross-disk.

The method for verifying the virtualization security of the virtualization method applicable to the equipment side comprises the following steps:

the cloud computing operation and maintenance management system supports operation administrator account period management, provides a default super administrator account, and can create other accounts and grant corresponding permissions by using the account.

By adopting the method, the technologies of virtual computing, virtual storage, virtual network and the like are adopted, so that the virtualization of computing resources, storage resources and network resources can be completed, and the virtual resources can be centrally scheduled and managed through a uniform interface, thereby reducing the operation cost of services and ensuring the safety and reliability of the system.

Further, a virtualization framework, comprising:

Further, determining a TCG module in the virtualization framework includes:

constructing a simple translation state machine;

and writing a C language program for memory access and jump.

In general, the TCG module described above is implemented, comprising:

Constructing a translation state machine;

And writing a C language program for memory access and jump.

determining a QEMU-based virtualization mode;

and determining the Linux operating system.

Further, determining a QEMU-based virtualization mode includes: determining a virtualization mode adopted by QEMU-based computational virtualization; determining a virtualization mode adopted by QEMU-based storage virtualization; a virtualization mode employed by the QEMU-based network virtualization is determined.

Further, verifying the reliability and security of the virtualization method applied to the device side includes: verifying the storage reliability of the virtualization method applicable to the equipment side; verifying the network reliability of the virtualization method applicable to the equipment side; verifying the reliability of a virtualization host applicable to the virtualization method on the device side; verifying the management reliability of the virtualization method applicable to the equipment side; and verifying the virtualization security of the virtualization method applicable to the equipment side.

Example two

The embodiment of the present disclosure provides a virtualization system applicable to a device side, and fig. 6 is a structural diagram of a virtualization system applicable to a device side according to an exemplary embodiment.

As shown in fig. 6, a virtualization system suitable for a device side includes:

the S601 virtualization architecture determining module is used for forming a virtualization architecture suitable for the equipment side according to the QEMU network and the containerization mechanism;

s602 a virtualization method implementing module, configured to implement a virtualization method applicable to the device side according to a virtualization architecture applicable to the device side;

s603, a verification module for verifying the reliability and security of the virtualization method applied to the device side.

Further, a virtualization framework, comprising:

Further, the virtualization architecture determination module includes:

for constructing a simple translation state machine;

the method is used for writing C language programs for memory access and jump.

Further, still include:

Further, a verification module comprising:

The virtualization system applicable to the device side provided by the embodiments of the present disclosure performs the virtualization method applicable to the device side provided by the embodiments, and will not be described in detail herein.

It should be noted that:

the algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose devices may be used with the teachings herein. The required structure for constructing such a device will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.

In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known systems, structures, and techniques have not been shown in detail in order not to obscure an understanding of this description.

Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed system should not be interpreted to reflect the intent: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.

Those skilled in the art will appreciate that the steps in the devices of the embodiments may be adaptively changed and disposed in one or more devices other than the embodiments. Steps or components in the embodiments may be combined into one step or component, and further, may be divided into a plurality of steps or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or steps of any system or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or steps are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.

Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.

The various component embodiments of the invention may be implemented in hardware, or in software steps running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functions of some or all of the components in the creation apparatus of a virtual machine according to embodiments of the present invention. The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the system described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.

It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the step claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.

The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.

Claims

1. A virtualization method applied to a device side is characterized by comprising the following steps:

according to the virtualization framework suitable for the equipment side, a virtualization method suitable for the equipment side is realized;

and verifying the reliability and the safety of the virtualization method suitable for the equipment side.

2. The method of claim 1, wherein the virtualization framework comprises:

3. The method according to claim 1, wherein implementing the virtualization method applicable to the device side according to the virtualization architecture applicable to the device side includes:

4. The method of claim 3, wherein determining the TCG module in the virtualization architecture comprises:

constructing a simple translation state machine;

and writing a C language program for memory access and jump.

5. The method of claim 4, wherein analyzing the state of the TCG module during runtime to obtain optimization solutions for different instruction sets comprises:

6. The method of claim 1, wherein before forming the virtualization framework applicable to the device side according to the QEMU network and the containerization mechanism, the method further comprises:

determining a QEMU-based virtualization mode;

and determining the Linux operating system.

7. The method of claim 6, wherein determining the QEMU-based virtualization mode comprises:

determining a virtualization mode adopted by QEMU-based storage virtualization;

8. The method of claim 1, wherein verifying the reliability and security of the virtualization method applicable to the device side comprises:

verifying the reliability of the virtualization host applicable to the virtualization method on the equipment side;