Placeholder Image

字幕表 動画を再生する

  • >> GERTZFIELD: So, the real gist though is that with any computer, what you want is applications.

  • You know, you might want your Safari for web browsing, you're iTunes, or maybe you want

  • your web services application. You know, on the server side. And the problem is, until

  • today, outside of the web, all of your applications are tied physically to an OS. You know, by

  • APIs, ABI's, other things. You know, it's not true for the web of course. And you're

  • OS, until today has been tied to your hardware. So, Windows runs on Intel machine from Dell,

  • Compaq, whatever. Mac runs on the shiny silver laptops that we see peeking out here and there.

  • How--one, to three, okay. I think we've met quorum of laptops--of Mac laptops. This is,

  • you know, quickly becoming--yes, thank you. The mating--the mating call of the Macbook

  • pro. It's quickly becoming a way of the past in virtualization, and Google are, as well,

  • are trying to break these chains. And that's kind of the point of my talk here, is virtualizations

  • frees your apps from silicon chains. Before, you know, you wanted to run your favorite

  • Windows app, you know, heaven forbid Outlook or IE when you happen to do some web testing.

  • You had to have a physical install of Windows that was tied to that box. The aim of VMware

  • and Google is to just break that chain. Wherever you are, you apps go with you. From Google's

  • point of view, it's basically your apps are hosted for you. You go use your Picasa, you

  • go use your word editing, your presentation editor, it's all hosting for you. VMware takes

  • kind of an inverse look where you just take your entire computer in a little bundle, stick

  • it on your iPod or your single hard drive and just plug it in wherever you go. It runs

  • on your Mac, your pc, Windows, Linux, it doesn't matter. You've got the same platform underneath.

  • So, I wanted to just like, to tell you a little bit about how we got to this stage. Application

  • development has gone through a lot of different eras. You know, back in the 80's, application

  • development was really centered around source level APIs. We got the birth of [INDISTINCT]

  • for the first time and people were able to say "Hey, I can distribute my application

  • just by giving you the source code and it doesn't matter where I [INDISTINCT] running,

  • you can recompile it and it'll basically work more or less." You know, the good example

  • is Fork. You know, entire operation systems were designed around this one API. To really

  • know Fork, you really have to know UNIX and vice versa. To have Fork, you have to have

  • UNIX. And, you know, in the 90s when business computing got a lot more popular, people kind

  • of seized on the notion that "Okay, I've got these applications. I want the same application

  • to work as I upgrade my hardware. I want binary compatibility for my applications." And Microsoft

  • really seized on this. They made them a lot of money. But as we're finding out, you know,

  • in the current era, this is changing really, really fast. People don't want their application

  • to be tied to a physical computer or a location at all. So, in the current decade, what we're

  • moving more towards is a virtualized infrastructure where applications can actually go with you

  • anywhere. Specifically, what virtualization does is it brings the Intel--oh, I'm sorry,

  • VMware virtualization, brings the Intel binary layer, the ISA, to any platform anywhere.

  • It gives you a whole set of virtual hardware. It perfectly emulates the Intel instruction

  • set without people having to recompile or change a single byte of their existing programs.

  • So, they can take their ancients, you know, Windows 3.1 development environment and just

  • copy, import into a VM and bring it around and there's a shiny new Macbooks. Or, a good

  • example is, you know, there's all sorts of people in Japan, they run power plants off

  • Windows 98, and that's all that they have. There's offer runs on Windows 98 and they--you

  • can't even buy hardware for it. But the Intel ISA actually stays the same. So you can actually

  • install this, you know, you could--you could run a power plant [INDISTINCT] of your Mac

  • if you want to know. An important thing to know is that there's a lot of other people

  • who have tried and failed at this. Java really promised to provide another virtual, you know,

  • ISA that people could code to that would give their promise of being able to be portable

  • everywhere, run the same apps no matter where you go. We're pretty sure that Java's promise

  • to do that has failed to this point. Two main reasons, one is, they didn't really have a

  • stable ISA to work from. You know, the Intel ISA has been around for a long time. It's

  • cruddy. The current processors don't even really implement it, they just--they just

  • emulate it on a virtual processor inside. But with Java, you know, I've already had

  • to rewrite their programs, you know, nth times, once for every version of the Java virtual

  • machine when they broke the backwards compatibility. The VM gives you perfect backwards compatibility

  • at the machine instruction layer and--because it virtualizes out the restrictions of the

  • hardware, you don't actually need to depend on, you know, the version requirements that

  • Java introduced. But VMware didn't introduce this. Like VMware did not invent this notion

  • of virtualization and people--people have been doing this for four years now. IBM introduced

  • that way back when with system 360, 67, you know, we're time sharing again. You know,

  • we've got server loads that are completely spread out all over the place and, you know,

  • we're just revisiting the past. Like, everything goes in cycles. Virtualization really isn't

  • just about, you know, installing monster machines and partitioning though, because it gives

  • you an individual container that has identical hardware wherever you go, identical machine

  • compatibility. You can just lift it up and move it form your PC to your Mac, to your

  • Linux box. Or you can have a cluster of server farms, and maybe the hardware isn't exactly

  • identical but I'm sure anybody who's worked in IT knows you spend all your time installing

  • operation systems, and, you know, your applications are tied to that particular install unless

  • you have a really clever folks like the Google people who know how to write massively parallel

  • applications. I mean, most system administrators and IT organizations aren't quite up to snuff

  • [INDISTINCT] huge, you know, massively parallel architectures just yet. So, VM what gives

  • those people a way to make fault tolerance, distributed systems from another aspect, you

  • know. You basically take the computer out of the picture and move the [INDISTINCT] into

  • their own little compartment that you can take around. So, what I wanted to--what I

  • wanted to get at is what VMware brings the table is, specifically, x86 virtualization.

  • So, this wasn't really hard--this isn't really hard. A lot of people said this couldn't be

  • done. There's a really seminal paper by Popet and Goldberg that a lot of people latch on

  • to instead. You know, you can't actually virtualize the Intel ISA, it's not possible. There's

  • all sorts of instructions that actually mess with internals of the processor that you can't

  • trap. You know, several things like call and return, push up and pop off. I mean, you can't

  • actually trap them and emulate those at any time. So, you know, what VMware innovated

  • in is actually being able to rewrite this on the fly so that they are safe to virtualize

  • and that let's us do it on Linux, Windows, Mac, whatever. The reason I bring up the Intel

  • point is, for the Mac market, there was a really momentous occasion in summer of 05

  • when Steve Jobs got up with Intel on stage and basically said, "Okay, we were wrong all

  • along, [INDISTINCT] wasn't the light and it's time to actually jump ship." I know it's hard

  • to believe for the Mac had to--who heard all the [INDISTINCT] promises and--what was 3

  • gigahertz but 20065 wasn't it? Or 2004? Yeah, it never happened. They jumped on to the Intel

  • ISA bandwagon again, which basically says it's another platform that the Intel ISA is

  • supported on that can become another way to have virtual machines on. So, the engineers

  • at VMware really knew, you know, "this is going to be something momentous, this is really

  • huge." So, you know, a couple of us just started hacking around for fun and eventually came

  • up with what became VMware fusion. I heard that happens a lot at Google, people just

  • messing around to start their spare time and coming up with something that gets procuctized.

  • Funny, how that works. The difference on the Apple platform is Apple builds products specifically

  • for one purpose. Their products are meant to run Apple applications. They give you all

  • the APIs you need to run iTunes, iPhoto, Safari, but they're not actually going to give you

  • the kind of robust tools to develop a huge client server network or a massively scalable,

  • you know, database infrastructure. I mean, that's just not what they do. If you're coding

  • to make a really cool image browser or a multimedia editor, it's totally the way to go. It's really

  • easy. It's fast, you know, it's well understood. But if you're going out of the box, it's tough.

  • Of course, there's one product that people want to run on Apple apps on is that, that

  • is the iPhone. I wrote this slide before this morning. So, I missed this morning's announcement

  • of the new Apple API, but it is--it was true when I wrote the slide that the iPhone did

  • not run the Apple apps, but if you didn't hear this morning, Steve announced from on

  • high that we will get an API to run--to write our own iPhone application. That's actually

  • pretty exciting, even more VMware. Virtual machine on an iPhone [INDISTINCT] Intel. So

  • what we did in Fusion is we focused on one and use case which was totally new for VMware

  • which was consumers want their Macs to run PC apps. They really want to run their Outlook.

  • They want to run their IE for web testing. There's a million little PC apps. I use it

  • to update the firmer on my phone. You know, there's all these crazy little apps that require

  • Windows support in hardware and software and these--I don't expect Sony to go out and write

  • drivers from Mac for my phone. It's not very likely. But they will support and write drivers

  • for Windows and not use a virtual machine to flash my phone. The whole point of virtualization

  • is that, unlike things like boot camp, you don't have to stop all the applications you've

  • been using, shut everything down and reboot. Your PC apps and your Mac apps are both first

  • class citizens for the virtualization. So you can actually drag and drop between your

  • PC and your Mac. You can copy and paste text, share your files and, you know, more and more,

  • the lines get blurred. There's even something called unity that we worked on that completely

  • gets rid of the Mac desktop and you just got your Windows application just floating there

  • on your Mac. I'll show you guys a little bit later. It's pretty exciting. It makes you

  • want to jump out and go, you know, grab a Mac, like this lady. So, she's really excited

  • about Leopard. And--this is the new OS 10.5 that's coming out. It sent all of the Mac

  • developers into a usual Steve Jobs Beetle style hysteria. Lot of things are really nice

  • on the Mac platform, but it's not perfect. And what I wanted to tell you guys about was--some

  • of the lessons we've learned from developing VMware fusion and some of the internals of

  • how we brought the VMware fusion to the Mac. So, the Mac platform, it's a--kind of a bipolar

  • situation, and I kind of like to given an analogy from my favorite 60s TV show called

  • The Prisoner. So, The Prisoner was a 60s TV show about a super spy who came to this--he

  • was shipped off to this idyllic island and everything was perfect and planned for you.

  • There was this beautiful scenery everywhere and you could never leave the village. You

  • were never allowed to escape. Everyday he tried to escape and there was a new face of

  • the number two who ran the village. And--it's pretty similar to the Mac development world.

  • You know, you're kind of enticed into it by saying, "Oh, what a cool platform. We're going

  • to make exciting new apps for it," and then you kind of dive into the inside [INDISTINCT].

  • Inside, it's actually four or five different operating systems, kind of jumbled together

  • in different pieces. And as Apple needed different pieces to build iTunes, safari, iPhoto, iWeb,

  • they use each of this piece and develop them, but there's really no cohesive whole. To learn

  • these different pieces, you kind of got to learn through trial by fire, and I kind of

  • call it the Mac Club. And as the first rule of Mac club and everybody knows the first

  • rule of Mac club is "You don't talk about the Mac Club." So, what I mean by that is,

  • you know, the APIs, there's documentation, but they're not telling you what's going on

  • under the hood and they're not telling you about all the side effects, the scary, you

  • know, callbacks that are being registered for you under the hood. You know, you really

  • have to dig deep. With good books like "Mac OS X: Internal Assistance Approach" by Mr.

  • Amit Singh, you can actually start to learn some of the internals under the hood. But

  • seriously, before that existed, there was nothing and it was all just handed down over

  • the years. Very interestingly, you know, how many people here have done like Windows development,

  • professionally? So--I mean you've interacted with Microsoft, with MSDN. It's kind of frightening

  • but it's thorough, right? And if you have a problem, you can write to somebody. Apple's

  • equivalent is a once a year conference called WWDC. And you can sign up with WWDC, pay a

  • couple of thousand, and get direct access to the engineers. But other than that, you

  • know, there's no way to get information about the actual innards of the operating system.

  • You can submit support request, but they're more intended to shield the developers from

  • the hoards of hungry third party application vendors than anything else. So, here's some

  • of the real rules of the Mac club. So I wanted to share these, for anybody who's doing Mac

  • application development, because if I could travel back in time and give myself a couple

  • of tips before I started down this road and helping VMware fusion with my team, I wish

  • somebody would have told me. The first big rule, know and fear Carbon. Carbon is scary.

  • So, before OS came out, there was this huge legacy of APIs, all jumbled together based

  • on C and a little bit of C++ called Carbon. Carbon is intended, basically, to support

  • older applications, to get imported with a minimum of fuss. If you start using an OS10

  • though, you have to be really careful. Some of the stories that we actually learned when

  • we started using a little bit of Carbon, VMware fusion is basically based on our Linux application,

  • VMware work station, and as such, we use a lot of Linux APIs. You know, pull, select,

  • fork. And we kind of assumed that Mac was then being UNIX or "UNIX underpinnings" as

  • Steve put it, was a true UNIX. The truth is that, it's really splits among the UNIX side

  • and the Carbon's side, and they really don't interact. A good example is when you--there's

  • a library in Mac, was called disc arbitration and they'll tell you when discs are plugged

  • or unplugged. You can know when an iPod's connected or disconnected. If you don't actually

  • respond in time--a disc arbitration function will secretly, behind the scenes, register

  • a bunch of callbacks and Mac will assume that you will receive those callbacks by processing

  • something called the CFrunloop which every thread has one of these. Well, if your app

  • isn't based around that concept of a CFrunloop, you can just hang the entire system for 15

  • to 30 seconds while Mac [INDISTINCT] tries to repeatedly send messages to your runloop

  • saying, "Hello, there's a new disc. Are you there? Hello, there's a new disc," even if

  • you didn't know the API that you called have the side effect of registering with CFrunloop.

  • So, be very careful and know your side effects. Sometimes, you have to go down to the disassembly

  • level as we know, to figure out what these APIs are really doing. Next rule about Mac

  • Club, you have to be really careful of angering the Universal Buffer Cache. So, on Mac OS,

  • virtual memory is kind of a virtual notion again where it's cached by the same buffers

  • that hold your disc cache. So, if your photo shop or VMware fusion and you're reading a

  • gigantic, you know, 1.5 gigabyte file, OS10 is going to cache all of that memory, maybe

  • even in priority over other programs, forcing them to maybe even swap out the disc. You

  • have to be really careful and very explicit about, you know, when you do and don't anger

  • the buffer cache. They do provide API's to that, but again, there's no document that

  • says, "PS," you know, "if you read a large file, you better," you know, "disable caching

  • on this file or you can make every single program on the systems swap the disc." So

  • be very careful about the buffer cache. The last real rule that I wanted to share, whenever

  • you're doing dynamic 2D, you have to go straight OpenGL in Mac OS. If you're doing things like

  • static layout of curves and text and buttons, it's great to use Quarts and coco and these

  • very high level obstructions. But if you need to render, you know, video or a fast 2D drawing

  • stream, you need to use other technologies. One of them is OpenGL. And normally, I mean,

  • people don't think of OpenGL as a 2D technology, right? You think of it for video games, doom,

  • and quake, and that kind of stuff. On the Mac OpenGL is really the closest thing you're

  • going to get to bit [INDISTINCT] on Windows. You don't get direct access to the video rom

  • on the hardware, but you got the next best thing which is access to video rom that will

  • be composited later by the Window manager. Meditate heavily upon OpenGL because it will

  • reward you once you learn that there's lots of fast paths and slow paths. You have to

  • make very, very sure that you can recognize when you're being kicked off to the slow path

  • in OpenGL. Good candidates are if you're using the wrong texture type, has to be BGRA. You

  • know, make sure that's a, you know, you're not using anything but 15 or a 24 bit color

  • or you're going to be booted off to the slow path. So, be very, very careful. I have mentioned

  • before, OS X is kind of bipolar as we learned through developing VMware fusion. It's got

  • a chunk called Mac. So, you know, the Mac 5 is not a very good logo for Mac, but it

  • was the best I can find. They don't have a cute penguin or a demon or anything. So, the

  • Mac OS came from CMU, as everything good seems to come from, just kidding. And it's a really

  • simple operating--it's a really simple operating system that just manages memory management,

  • message passing, scheduling, and a little bit of threading. You know, really, really

  • basic stuff. And this was the reason of the foundation of OS X, but that didn't give them

  • any actual functionality. It just gave them a really cool abstraction. So, in a hurry,

  • back in the next step days, they dumped a huge monolithic guy called BSD right on top.

  • And the reason they did this because they needed file systems, they needed TCPIP, they

  • needed, you know, UNIX interoperability, most of all. So they said, "Ah, well kind of [INDISTINCT]

  • of BSD layer on top of Mac and see what happens." So it kind of got this top heavy, two headed

  • demon that has half Mac and half BSD, and they call it Darwin. So, they--this one does

  • have a cool little mascot. It's kind of like the platypus with the devil's head. I don't

  • know. It's kind of sinister. But we have to remember is that even inside Apple, their

  • own kernel is called X and U which stands for X and U is not UNIX. This is really true.

  • I mean, it's UNIXish, sort of, but if you really depend on UNIX's semantics for things

  • like, just as simple as, you know, when you call a--when you flush, right? If you want

  • to flush--if you want to Msync all your pages to disc, Msync does everything except for

  • Mmap pages. They don't tell you that. Every other UNIX in the world, if you Msync, any

  • page in their Mmap will also be written to disc--excuse me, Fsync. Msync is the one that

  • does work, right? Excuse me, Fsync. So, you know, there are always little needly things

  • that aren't documented anywhere that you just kind of have to discover through trial by

  • fire, but just keep in mind that if you're porting UNIX code, expect the unexpected because

  • it's going to keep happening. Ann so what we did for fusion was we took the VMware platform

  • that was, you know, VMware work station, server, player, and we moved it all to the Mac. There's

  • several components of this that we ended up porting using a nice sprinkling of different

  • programming languages and libraries along the way. The first chunk I like to portray

  • it here is like bit from Tron. It's our faithful UI. It's says "Yes", it says "No", it does

  • whatever the virtual machine tells it to do. It's, you know, its job is basically to look

  • pretty and connect to one or more virtual machines running behind the scenes. One of

  • the neat things about our infrastructure though, is that it's actually completely client server

  • based in that UIs can talk to separate virtual machines running behind the scenes. So, any

  • number of UIs can connect to any number of virtual machines and manage them locally or

  • remotely. So, the VMX is the separate process that runs--that manages a single virtual machine.

  • This is like hardworking Tron with his, you know, with his faithful data disc. He does

  • the heavy lifting of actually binding a virtual machine, emulating discs, network cards, graphics.

  • He does--he does all the stuff of making the bits actually show up on the screen of the

  • Mac. So, he'll do all the OpenGL drawing, all the core audio for sound, and the mouse

  • and keyboard input. So the UI and VMX kind of work together. Those of you who have seen

  • Tron probably know where I'm going with the third member of the triumvirates. And this

  • is--this is the most interesting part of VMware, it's called The Monitor. It's kind of like

  • the master control program in Tron of this giant spinning. We actually have giant spinning

  • top. It just kind of stares at us all day long while we're coding, tells us what to

  • do. The monitor's job is basically--it's a bit of Intel code, you know, that's identical

  • on all VMware platforms. You know, Linux, Windows, Mac, and all specific releases of

  • software can use the exact same monitor. Its job is basically to manage the few physical

  • resources that a virtual machine actually needs. Virtual Machines basically depend on

  • processor resources and memory resources. And the monitor's job is to make sure that

  • these are available when we switch a thousand times a second or more, to and from of virtual

  • machine back to the host virtual machine, back to the host. The monitor actually makes

  • sure that every--all the registers are set correctly, the memory is all available for

  • the virtual machine that needs it and vise-versa, that the virtual machine doesn't overstep

  • its bounds. So, we talked back earlier about the Intel ISA. Intel ISA is really hard because

  • you have to trap all these exceptions that aren't trappable. So, what the monitor actually

  • does is, he'll actually rewrite a fending instructions on the fly into a completely

  • equivalent but safe version, except that the virtual has no idea they were rewritten, but

  • it gets the same effect on--when it comes back. The reason for that is if the virtual

  • machine could, say, do any raw interrupt call that it wanted, what will stop a virtual machine

  • from rebooting your physical machine, or taking all the memory, or scribbling all over your

  • disc? So, it's provides that boundary between the virtual machine and the actual hardware.

  • So--oh crap, just kidding. So, what we learned in fusion development is that, you know, you

  • want to stay out of the kernel of OS X absolutely as much as possible. You know, there's some

  • times that you can't avoid it, but by large, the vast majority of the work that you need

  • to do in OS X can be done in user space. And if you need some raw kernel access, the best

  • thing to do is actually to set up a communication channel, whether it's a BSD socket or a Mac

  • port to communicate back and forth between user space and the kernel. And--so a good

  • example is like, user space can actually do pretty much every Mac operation. You know,

  • open ports, create tasks, it can do everything. A lot of these--I see aren't publicly available

  • inside the kernel itself. So if you write that kernel extension you can't actually do

  • these things, but user space can, vice-versa. We just found we needed to work around the

  • bug and one of the kernel drivers in OS X; we had to check what version of the kernel

  • extensions was loaded on the machine. You can actually do that from inside the kernel,

  • but you can ask user space to do it for you. Do a little processing and send you a message

  • backup over a socket of a Mac port. So, the lesson to be learned here is stay out of the

  • kernel if you can. I'll talk about the technology that you can use instead. Again, I don't mean

  • to pitch. I misspoke again. But if you do need to go into the kernel, the only resource

  • out there is basically Amit's book. So read it. It's really good. So if you have to go

  • inside the kernel, there's two main inter-phases for you to use when you're writing your kernel

  • extensions. And VMware fusion uses both of these, which is why I kind of want to talk

  • about them. So, I/O kit came from some research from the next days. It's kind of scary actually.

  • It's a big C++ framework for use inside of a kernel. I'll say that again, it's C++ inside

  • the kernel. If that doesn't scare you, I don't what will? It is--it is a restricted [INDISTINCT]

  • of C++. So, there's no exceptions, no multiple inheritance, no templates, but what it does

  • give you is transparent access to things like busses. So if you need to interact with USB

  • devices, PCI devices, [INDISTINCT], any of that kind of stuff. You want to notify when

  • the machine goes to sleep or wakes up, you know, synchronously, you have to do through

  • I/O K. On the other side of the Jekyll and Hyde personality inside OS X's kernel is BSD.

  • So BSD, you need to interact with it in your kernel extensions if you need to do any file

  • system work, any networking. So if you want--one big thing that VMware fusion does a ton of

  • is transparently bridging the networking inside of virtual machine, to networking outside.

  • And maybe that's not too hard for like, physical Ethernet but think about that for a second

  • for things like, wireless, right? A wireless card has one IP and one Mac address, and you

  • can't just put it into promiscuous mode and start blasting packets on the network that

  • you could with Ethernet. So, there's a lot of work that fusion has to do under the scenes

  • to make sure that things like networking are just, you know, they just work for the end

  • user. So if you need to do any of that, you know, go to the BSD layer. And like I said,

  • if you must, you must. Fusion has three main kernel components that actually use I/O kit

  • and BSD. We [INDISTINCT] called VMX 86 for the VM on. His job is actually--is mostly

  • an optimization task. He's the one who's actually responsible for getting the monitor, that

  • huge master control program--well, [INDISTINCT] pretty small, kind of cute. Getting him inside

  • the physical memory of the machine and locking those pages down, so that we can reliably

  • jump to and from it and make it actually run a virtual machine. VMnet is the one I just

  • mentioned. You know, this is what actually talks to the BSD layer, makes virtual machines,

  • networks inter-phases, bridge, if you want them to be bridged, or be nodded if you want

  • them to be in nodded to be protected from viruses or, you know, you don't want it--or

  • maybe you don't have a DACP server on your local LAN. You know, it will handle transparently

  • setting up virtual networks. What's interesting about VMnet is it can be a simple or as complicated

  • as you want. You know, by default, fusion comes out of the box with one bridge network,

  • one net network, and one host to only network which means that you're VM can only talk to

  • the physical machine for like researching viruses or honey pots, that kind of stuff.

  • But you can make it as complicated or as simple as you want just by editing some shell script

  • in the library applications support in VMware fusion directory. So if you need to have,

  • you know, a network that, you know, specifically binds with specific [INDISTINCT] demon that

  • has specific behavior or only allows two machines at a time, what's another good example [INDISTINCT]?

  • >> [INDISTINCT] the firewall, you know. Have a machine that has [INDISTINCT] and [INDISTINCT].

  • >> GERTZFIELD: So, what we just said is, you know, you could develop an entire network

  • of virtual machines that have layers of firewalls between them and you can have, you know, three

  • virtual networks. You can set all these up with the VMnet. And they're as separate as

  • physical--they're really just like physical switches or hubs from the virtual machine's

  • point of view. And the last kernel component that fusion uses is called VMIO plug. So,

  • VMIO plug is a necessity born on the Mac. One big thing that fusion does that I mentioned

  • earlier, is you can take any random USB device like a cell phone, an iPhone, or a printer,

  • scanner, whatever. Even if Mac OS X does not have drivers for it, you plug it in while

  • a virtual machine is running and VMIO plug's job is to seize that and connect it virtually

  • to one of the open ports in the virtual machine. So, Windows will just pop up say, "Hey, I

  • detected a new--a new scanner." And even though OS X doesn't have drivers for it, all it knows

  • is the VMIO plug is handling the USB traffic for that guy. And just because it goes to

  • Windows, Mac OS X doesn't have to know--know any better. That's actually really handy.

  • That's where we completely using I/O kit as it must. But--so far I just talked about how

  • virtual machines interact on the outside with, you know, MAC Os and the kernel components.

  • But what's inside virtual machine is actually really important, too. This is the other story

  • of the application is so important to the virtual machine. With full inoperability and

  • integration between windows, [INDISTINCT], Linux, BSD, even network, believe it or not,

  • we found out in network because we just broke the network build last and I am really embarrassed.

  • The tools basically handle full integration for drag and drop. So you can drag files in

  • and out of your Windows virtual machine to Mac, or Linux, or Solaris, or free BSD. You

  • can literally drag files in and out of the window, copy, paste to synchronize. So you

  • just go into your text editor in Linux and you can paste it in to your web browser on

  • the Mac. And it also do more advanced things like, you know, if the host needs more--has

  • pressure on it's memory, we can ask the virtual machine to swap some of its memory out son

  • that we can get that back for the physical machine, its called ballooning. It's a pretty

  • cool technique. So, you know, it's really important to know that, you know, integration

  • with the applications is really what we're aiming for. So, another really interesting

  • story I wanted to share about fusion development is, we learned this: You don't actually need

  • a Mac to build Mac software. Traditionally, people who develop, you know, apps for Mac

  • like the Picasa up-loader. You know, you just start hacking on it in X code and, you know,

  • eventually, you know, it becomes a full pledge product, but you need to have automated builds.

  • You need to have, you know, the--your build team needs to have a way to generate builds

  • on demand and you may need, you know, your friends maybe modifying some shared coding.

  • He might need to build it. What we do with VMware fusion is we actually do the entire

  • build on Linux. So, the entirety of VMware fusion is cross compiled on Linux--a cluster

  • of Linux virtual machines at VMware. The real big advantage here is, you know, you don't

  • need a physical Mac to run the Mac build. So, I don't know if anybody here--have anybody

  • here worked on cross platform software development? Okay, a lot of people have. I mean it's really

  • common for somebody to edit something in shared code, the string library, or the formatting

  • library and, you know, they break some of the secure platform because they have no way

  • of testing the build. Well, you know, when you concentrate on cross-compiling, they can

  • just pop open a virtual machine, cross compile inside that virtual machine if they're running

  • Windows, or if they're running Linux, they can just cross--they can just compile--cross

  • compile it directly and test the build before they check in. That was a real big boon for

  • us. But you have to be kind of careful. There are a couple of things--even though GCC is

  • completely open source, Apple's moribund, open Darwin tools are--they're kind of only

  • mostly dead. The linkering, what not, are still available. But there couple of things

  • that aren't yet available. Actually, packaging up a Mac--Mac's software for distribution,

  • people [INDISTINCT] .PKG and .DMB bundles. The disc images and what not, are still completely

  • proprietary and you do need a Mac for that final packaging step, unless you're clever

  • enough to reverse engineer it. We're not that clever. So, you do need a Mac for a couple

  • of things, but actually for the building--for the actual development and making sure that,

  • you know, things compile and--compile okay, you can actually do it all complete outside

  • a Mac. And then in the future, you know, if Steve Jobs gives the okay, there's no reason

  • my Mac virtual machine can't run on physical Windows or physical Linux boxes. You know,

  • so far it's basically been mostly a licensing issue, but there's no telling what will happen

  • in the future. I mean, if you run, you know, Mac OS inside a virtual machine, you know,

  • the possibilities are pretty--pretty limitless there. But you have to be careful, right?

  • Because Apple is a hardware vendor, they sell hardware. They sell shiny metal, beautiful

  • shiny metal boxes, they seem--one, two, three. All right, there's like twelve of them now.

  • They're multiplying. Apple sells hardware and they don't want OS X running on average

  • Dell and Compaq boxes. So, you know, the virtual machine world and Apple kind of collide. They

  • want to sell more boxes. You know, we want everybody to kind of consolidate everything

  • into one box and save power and energy and maintenance cost. So, you know, we got to

  • find a way to cut the Gordian knot, as it were, to make sure OS X can run as a virtual

  • machine. So, what I want to finish out with is, to talk a little bit and demonstrate some

  • of fusion's features. We really thought outside the box with fusion. This is a demonstration--this

  • is a screen shot of one of our features called Unity. This was kind of born of necessity.

  • Anybody who's used Parallels has heard of their feature, Coherence. This is a similar

  • idea where virtual machines can be running Windows and the host OS Mac can actually display

  • them as floating stand-alone applications from the user's point of view random at desktop.

  • So, even things like Expose' were great. You know, each of your individual Windows application

  • shrink down and displaying your desktop just as if they're Mac apps. I mean, it totally

  • breaks down the walls and again, kind of focus on the point that the application is king,

  • whether you need to, you know, contact it over a web interface to a server ring somewhere,

  • or run it natively in your Mac because you need, you know, the speed, 2D or even 3D,

  • right? One of the big--the big sticking points for a lot people I know with Mac users is,

  • they still hate to play those PC games. You know, everyone wants to play BioShock or Halo

  • 3 or whatever comes out. Is Halo 3 app for PC? Probably not. We will, in a year of two.

  • So there's always--there's always those, but virtualization is getting to the point where

  • you can start to play 3D games and fully interact with your virtual machines there ran on--your

  • virtual machines apps run the desktop. So, I want to give a quick demo of some of--some

  • of fusion here. So--all right. Let's see if I can actually get to my Window here. So,

  • that will do it. Ah, okay, cool. So, we have Windows running here. This is all inside a

  • virtual machine in full screen mode here. So, you know, I have very, very important

  • work to do on my Windows desktop. You know, I often have to play solitaire. It's very,

  • very important to me and it's a very huge a shortcoming on the Mac that we don't have

  • things like solitaire. But, you know, why stop there? I mean, why not go for things

  • like full 3D games? So, this one--I have a pretty old 3D download here, but I'll show

  • you guys some of the stuff that fusion can do now. So, this is just, you know, a pass

  • mark test. I can do 3D graphics. So this is just in the Window here. So you can actually,

  • you know, you can actually do--this is actually using hardware acceleration. So it's actually

  • translating everything to OpenGL on the fly. You know, it's--it's pretty cool. You can

  • do things like 2D games. So, you know, I can run my very, very important Bookworm adventures.

  • You may--you have to have Bookworm adventures. You know, you can run your IE for testing,

  • your Google desktop. You know, very important on Windows. And if I don't want to interact

  • with a full screen, you know, I can just leave and go to a window. So, I can interact with

  • it, you know, anyway I want. You know, whether I want it to be just a window, you know, floating

  • around. No, I don't want that. Yes. So this is also a very key feature for me, its playing

  • Bookworm adventure between builds. So, well, I got a good word here. Squeezy. Squishiest.

  • Oh, very exciting. Nice. Get them. Okay, cool. But let say I don't want to have to deal with,

  • you know, the Window's desktop. I can actually escape from the confines of the Windows desktop

  • and go into Unity mode. So now my Windows applications are just kind of floating here

  • on my Mac desktop. So, you know, I can have my Mac apps and my Windows apps, kind of side

  • by side. I don't know why my desktop showed up there. You can do a lot of interesting

  • things because your Mac apps become, kind of fully integrated with--with Windows and

  • vice-versa. So, it's pretty exciting there. Let's get out of unity mode. Oh, actually

  • that was my--that wasn't my windows desktop. That was Mac desktop. I was forgetting because

  • I didn't see my--my icons there. That wasn't very exciting actually. Let's get--let's get

  • the Mac talk over there. Here we go. You can see we're actually in Mac quest here. So,

  • if I need to open up, you know, I don't know, IE or something because you have to--you know,

  • a lot of things that fusion is all about is getting access to those apps that don't exist

  • otherwise. So, I can go into Unity mode. And there you go. So now we have IE and my Mac

  • applications kind of side by side. So, I can open up, you know, finder and let's see. Where's

  • my finder window? Here it is. So, I have my finder windows, my IE windows and they are

  • all kind of--they're all kind of interacting. So, you know, if I minimize them, they go

  • into the dock. I un-minimize them they come back. It's a pretty cool way of interacting

  • with virtual machines. So, that's basically--that's basically my gist is, you know, virtual machines

  • are really coming along. Their--we're looking at it from an application development and

  • distribution standpoint. We really want people to think about--if they have to interact with

  • the hardware and they don't have the resources or the know-how to make a widely distributed

  • fault tolerance, client service system like you guys at Google do. You know, they can

  • take it from the other direction and take their existing Intel apps. As crummy as they

  • are, maybe they were written 20 years ago and packaged them up on a virtual machine

  • that will run in any Intel box, Mac, Windows, Linux, whatever they have lying around, and

  • run perfectly. Like there's no--there's no Java, VM that might be different on Mac, Window,

  • or Linux. It's literally identical and the same virtual hardware's available wherever

  • you go. So, yes, so that's basically my presentation. I want to take any questions. I have--so,

  • it is first internal and then external? Amit? First, external then internal or internal

  • then external? >> What?

  • >> GERTZFIELD: The Q&A session? >> Oh, no, it's [INDISTINCT].

  • >> GERTZFIELD: Okay, soů >> [INDISTINCT]

  • >> GERTZFIELD: Okay guys. So come on up and ask any questions. You can up to the microphone

  • or come on up. I'd love to answer anything about Mac developments, fusion in specific,

  • how we did, what we did, how we got here and what we learned along the way. Right there.

  • >> I was wondering about the--you use VT? The VT instruction set? Do you need to [INDISTINCT]

  • monitor if you use VT? >> GERTZFIELD: So, the question is, do we

  • still need VT--do we still need the monitor if we use VT? So VT is an extension, developed

  • by Intel at--VMware work pretty closely with Intel, any hardware vendors to provide hardware

  • assisted virtualization. The big thing that was really hard with virtualization and Intel

  • to begin with, was like I said, trapping this naughty instructions, like return and, you

  • know, push up and pop up. VT extensions basically gave--made the task of writing a virtual machine

  • monitor a lot easier. What we found with VT was the performance with VT is much better

  • for certain tasks and much worst for others. So things that require a lot of context switches

  • like system calls, perform way better under better VT. So we provide it as an option in

  • VMware fusion. Certain things you have to have VT for, like segmentation protection

  • was actually removed from the original 64 bit Intel I64 instruction set. I'm sorry,

  • not I64, the AMD 64 instruction set. So we actually had to use VT to emulate segmentation--to

  • remove the need for segmentation. We offer the availability for VT, but we don't depend

  • on it because VT basically, it boils down to making--writing a virtual machine monitor

  • a lot easier. That's why you see a lot of new products coming out that require VT. It's

  • just much, much easier than writing a binary translation monitor that performs really well.

  • So, we justů >> We're actually using free virtualization

  • technologies. One of them is VT binary translation [INDISTINCT]?

  • >> GERTZFIELD: You want to repeat yourself? >> Yes, thanks. We're actually using [INDISTINCT]

  • kinds of virtualization technologies. One of them is VT binary translation that Ben

  • described earlier, which is effectively just a time compiler. We compile--we take X36 code

  • and we write it to X36 code that is safe to run on the host. That's one technique. The

  • other one is VT or a--it's called also SVM on AMG processors which is not ready [INDISTINCT]

  • but just mentioning for completeness. And the third one is power of virtualization which

  • is the approach that the Zen folks have taken where you effectively rewrite your OS so that

  • it doesn't use the non-neutralizer but instructions of the X36. The difference between the VMware

  • and the competition in that space is that VMware has the free technologies. We do not

  • focus on just one, and we can also switch dynamically while you are--we're executing

  • the VM between these [INDISTINCT] of technologies. So we always get the one that's the best for

  • the workload that we are running depending on what we are running, we adapt. And that

  • gives us a lot of flexibility. And we usually don't mention that a lot in our documents

  • because to us it's an implementation detail. What we are trying to do is run the VMS files

  • as possible. That's what the customers care about.

  • >> I was just wondering, in a situation like this for example, what do you do with files

  • that you want to share between the different virtual machines?

  • >> GERTZFIELD: So the question is, what do you do with files that you don't share between

  • the virtual machines? >> That you--well, that you do want to share

  • or--I mean, how do you control that? >> GERTZFIELD: There's a couple of different

  • technologies. So, we explicitly have the user opt in if they want to share, for example,

  • their home directory or their documents directory. You can create shared folders one by one and

  • specifically share them. So, a good example is--let's see if I can do it here. So, here's

  • the virtual machine. Here's the VMware window. And I can actually pull up the settings for

  • this guy. And you can actually add shared folders on the fly. So right now, I have a

  • shared folder that maps my home directory then read only, but I can actually make more

  • shared folders on the fly, you know, on the fly or manually that actually share explicit

  • more stuff. You can also--there's nothing stopping you from doing what you do with the

  • physical machine and using technologies like SMB, NFS, or AFP, it actually share your files

  • back and forth. And, you know, each--the nice thing about shared folder is that they don't

  • require any network set up. The nice thing about things like SMB and NFS is they're really

  • tuned and they, you know, Windows does SMB really, really well. And so, if you want to

  • do things like, you know, really heavy workloads, you know, you can use network files systems

  • as well. >> Best case, what kind of overhead that is

  • introduced by virtualizing? >> GERTZFIELD: So, what kind of overhead is

  • introduced by virtualizing? It depends very heavily in the workload. With today's technology

  • is, what you're going to find is CPU intensive workloads very, very fast. You're not going

  • to have very much overhead at all. So things like compiling or number crunching, work really

  • well. When you start getting into IO heavy workload, you know, lots of disc network,

  • those kind of things, there's more overhead because the cost of those is often, you know,

  • all the context switching copies that you have to make them happen. So, until you get--and

  • that's really an interesting point because we're actually starting to see virtualized

  • IO hardware supports. So you're starting to see more and more things like fiber channel

  • on the server side start to be aware of virtualization such that we can actually start offloading

  • some of the work of IO to the hardware because today, you know, discs network and what not,

  • that's all emulated in user space. We try to accelerate it by putting some of the work

  • into the kernel, but there's only so much you can do. It's not as fast as talking to

  • the hardware. So--but overall, I mean, you know, things like, you know, I can--I can

  • go into my virtual machine right here, open up a folder and the performance is really

  • good, I think. You know, I mean, it's pretty close to native.

  • >> Well, I guess I was asking more from a server perspective. This is not necessarily

  • from a desktop becauseů >> GERTZFIELD: From a server perspective,

  • it's pretty ideal unless you're doing really heavy IO bound workloads. So, if you're doing

  • things like, you know, web, you know, web services, you know, lot's of things that stay

  • in cache, it's not that bad. But if you're doing, you know, heavy disc, you know, like

  • a file server or something, you may see not see as much gain.

  • >> Okay. >> GERTZFIELD: Thanks.

  • >> What's the plan on multiple snapshots? >> GERTZFIELD: Multiple snapshots, so you're

  • saying when are they coming? >> Yeah, when are they coming?

  • > GERTZFIELD: So, multiple snap shots. So, the VMware platform supports something called

  • snapshots. When you have virtualized hardware, you don't actually--you can do some things

  • you can't do with physical hardware. You can just think called snapshots where the entire

  • state of the machine, devices, memory, CPU is frozen in time and you can keep going forward

  • form that point on. At any point, you can decide, you know what? I'm going to go back

  • to that point of my snapshot. It's kind of like TVO for virtual machines. So, I'll show

  • you. I don't know how long will it take here. I actually read--it might take a little while.

  • Snapshots basically let you, you know, just go back to the exact state. So if you want

  • to test out some new service pack for Windows, I know service pack 3 is about to come out

  • for XP for example, you can take a snapshot, install it, if it totally trashes your software,

  • you just go back to the previous snapshot. The question I was asking, you know, what

  • about multiple snapshots? So, in VMware workstation, there's a feature called multiple snapshots

  • that gives you an entire history in a tree form where you can have, you know, one snapshot

  • that branches out into three possible different scenarios. Maybe install application version

  • one, two, and three all separately in separate snapshots, you want to kind of toggle between

  • them. The abilities in the platform of the VMware fusion today, and we just didn't have

  • time to write the user interface for it. So, we just have--we haven't announced when the

  • actual user interface for that is coming out, but it's pretty--it's a pretty logical next

  • step. The one thing that we want to do with virtual snapshots on the Mac specifically

  • though, on Linux you have this giant tree and anybody who's ever used a tree interface

  • in consumer software knows the consumers are completely bewildered by it. They don't want

  • to have to navigate through branches and, you know, figure out a parent-child relationship.

  • Any computer science geeks, we know trees. We eat, breath, and sleep trees, but consumers

  • don't think in terms of trees. They don't know what pointers are or, you know, red black

  • trees or [INDISTINCT]. So, we want to come out with a better metaphor. Some of the ones

  • we've been talking about, you know, are pretty, pretty novel. So I think you guys were like,

  • overcoming up with. So I love to answer more questions about fusion, Mac, go ahead.

  • >> From a virtualizing hardware, I don't understand how unity would work. How would you tell something

  • is window versus something that's just artifact on screen?

  • >> GERTZFIELD: So the question is, you know, how does unity actually tell at the hardware

  • level, what is a window, what isn't? And that's the trick; it's not done at the hardware level.

  • So, I don't know how much I can talk about the internals, but it's basically all done

  • inside the guest. So, inside Windows, we actually have a process that knows when windows are

  • placed, shaped, or moved. And we echo that on screen with physical--well, physical "coco"

  • windows that, you know, refresh themselves with the contents of the virtual machine.

  • So, you know, if I run things like, Windows media player is a good example, as a perfect

  • example for unity, because its really--it's a funky, funky window. So here I am in my

  • single window, I'll go into unity, and here's media player slowly trying to connect to the

  • internet and failing, here it goes. All right, so you can see this is like a crazy shaped

  • window here, check out the edges here. So we actually have--I don't know if this would

  • work on the projector, we'll see, oh my God it does. You can actually see we went to the

  • trouble of making the shadow actually curve as the window curves. There's a lot of love

  • here. I have to tell you. So even funky shaped windows like this work, and the speed is actually

  • really good. So I can do things like play some Beethoven and, you know, the video speed

  • is actually pretty good. So we've done--we've done a lot of work to, you know, really transparently

  • integrate the applications with the host. I mean, you know, that's--that's pretty if--that's

  • pretty much as obvious that I'd like. Okay, let's get some Beethoven. It's pretty cool.

  • There was one--there's another question? >> At book talks, they typically hand out

  • a few copies of the book at the end, are you going to be handing out VMware fusion copies?

  • Because I really miss BioShock. >> Come talk to me later.

  • >> So I got my copy the other dayů >> Thank you.

  • >> ůbut I have a question. I haven't figured out everything. So if I'm running multiple--multiple

  • OSS, multiple guest, is there a way to [INDISTINCT]? As to one guess more CPU and, you know, resources

  • from the--from the Mac OS versus the others becauseů?

  • >> So from a resource point of view, are you talking about CPU, memory, disk? Because there's

  • also two different resources that you would want to purchase.

  • >> Right. Just CPU, you know, if you [INDISTINCT] takes up like, you know, half my, you know,

  • CPU and I'm thinking "Well," you know, "I just want to swallow it down completely,"

  • you know, "by 115 % or something so thatů" >> On the server products, we do have the

  • capability. We can partition, you know, you can have a physical machine that has four

  • [INDISTINCT], whatever--as many processes as you want, and you can partition off the

  • amount of CPU. We didn't put that in fusion because it's not really consumer oriented

  • feature, but from a server perspective, it makes a lot of sense and we did do that. We

  • just--we just by the way, [INDISTINCT] our original VMware head, he's awesome.

  • >> There is another reason why we don't do CPU partitioning on the Mac is because again,

  • you know, Apple provides APIs to sweet Apple applications, and they don't provide what

  • they don't need and there is actually no way to do CPU affinity on Mac OS whether from

  • [INDISTINCT] or form the kernel--from a kernel extension.

  • >> Thanks. >> Can we set the VMX priority?

  • >> The question is, can we set the VMX priority? We can set the priority of the--of the threads

  • inside the VMX. We didn't expose that to the user. Amit might know more about what affect

  • that might have and we can push the thread priority up and down programmatically. So

  • we need--from that point of view, you know, we could come up with some sort of interface,

  • but we haven't done that yet. >> [INDISTINCT]

  • >> Sorry? >> Do not [INDISTINCT]

  • >> Yes. So, Amit's saying basically, you know, setting thread priority isn't a knob that

  • really make sense for the end user because the gain--the gain or the, what's the opposite

  • of gain? The gain to the user, the performance characteristics aren't going to change that

  • much by change just the thread priority. Any more questions on VMware fusion for Mac, the

  • development cycle orů? So one thing I wanted to bring up was, one of the really cool features

  • of the VMware fusion that I haven't demonstrated here is something on the inside. We support

  • for--even OSS that are still 32 bit, you can run 64 bit operating system as a guest. So,

  • if you need to do testing of XP64 bit or Linux 64 bit, you can actually run them on your

  • Mac book pro with core two duo or your Mac pro with Xeon processors. And even though

  • the OSS itself is pretty much strictly 32 bit and the kernel is strictly 32 bit, even

  • in Leopard, that's not [INDISTINCT] anymore, right? That's public? It's out now, so I don't

  • have--I don't have to pretend. The 64 bit [INDISTINCT] runs really well and on top of

  • that, we also support virtual SMP. So if the host has multiple processors, you can actually

  • give the guest multiple virtual processors and it will actually--inside, you know--you

  • know, you can write activity monitor in windows and see the multiple processors, you know,

  • the actual load graphs on each. It's actually pretty cool. And that's really good for CPU

  • bound things, like compiling and number crunching. That's a really cool feature that we put in

  • there. Any more questions on fusion? >> [INDISTINCT]

  • >> Can you hear me there? >> I can hear you, yes.

  • >> Okay. I was wondering what the story was with Mac OS as a guest operating system.

  • >> Mac OS as a guest. So, about 50 minutes ago, we talked about it a little bit. Technically,

  • it's very doable. VMware, you know, doesn't sanction piracy at all. And one of the big--the

  • big hoax--hang ups has been licensing. Mac OS X is not licensed to run on anything but

  • physical Apple hardware. We hope that the situation will change. And--but technologically

  • there's not a lot of barriers. Here's [INDISTINCT]. >> There are few differences between the Mac

  • hardware and the PC hardware. One of them is the Mac uses high performance timer device

  • called HPET and that is not usually standout on normal PCs. So we have to neutralize new

  • hardware. Another piece of hardware that might be useful is the securing--what they call

  • the securing device which I Amit told us is not a--is not a TPN but--so essentially it

  • means more work, right? We have to emulate a different kind of virtual machine. One was

  • [INDISTINCT] virtual hardware, but it's a--it's a matter of time and implementing that. There

  • is no--nothing--there is no technical thing that prevents it from being done. It must

  • be a legal [INDISTINCT] and--and putting resources on it.

  • >> But I will mention one thing and that is, initially we met with some resistance talking

  • about this because there are--not created by VMware, but hackers have actually used

  • VMware's disc format as a popular way of distributing hacked copies of OS X and, you know, while

  • that's it, you know, that's a pity that they chose the VMware because, you know, we don't

  • condone piracy or anything, but people have started doing this thing called Hacking Tosh

  • where they distributes copies of VMware running--OS X running in VMware virtual machines for Dell

  • or Compaq that have been hacked to smithereens to remove all Apple's hardware protection.

  • >> Another difference also that most PCs today boot way what's called a Vios and Mac's boot

  • was something called EFI, and there are ways to reconcile both but again, its more--more

  • things to implement. >> Right. Hope that answered your question.

  • That's kind of cool. It's like magic voice on Mr. [INDISTINCT] Theater. Do we have any

  • other questions from the other cameras? I see a bunch over there. That's kind of cool.

  • I've never seen that before. All right, well its 2 O'clock. Thank you guys very much for

  • attending my talk. I appreciate it very much.

>> GERTZFIELD: So, the real gist though is that with any computer, what you want is applications.

字幕と単語

ワンタップで英和辞典検索 単語をクリックすると、意味が表示されます

B1 中級

VMware Fusion の内部 (Inside VMware Fusion)

  • 82 2
    iamjarry520 に公開 2021 年 01 月 14 日
動画の中の単語