Features of working with virtual disks VirtualBox

The article discusses the features of using virtual disks in VirtualBox, the use of different read-write modes, the principle and organization of snapshot work, data input / output caching, as well as some aspects of using virtual disks from an information security point of view. For those who are interested in the example of security, you can immediately move through the anchor to the section on special recording modes .

Let's start with some common concepts. VirtualBox has 3 main methods for providing guest operating system (OS) data access. This text concentrates on the use of virtual disks.

Virtual disks are connected to the virtual - guest OS, by emulating the connection through the corresponding controller, IDE, SATA (AHCI), SCSI, SAS.

The behavior of the controllers is programmed to simulate physical prototypes, hence the IDE controller will run slower than SATA and consume more processor resources , the OS without the appropriate drivers and hardware support will not interact with virtual disks, etc. For example, in the Windows family before Windows Vista, there is no support for the Advanced Host Controller Interface (AHCI) to which SATA belongs, therefore, in particular, a Windows XP virtual machine with SATA will not work.
')

Virtual disk files

VirtualBox allows you to work with different file formats of virtual disks. In addition to its own VDI, VMDK (VMware), VHD (Microsoft), Parallels version 2 HDD format (Parallels) are supported.

Each virtual disk is assigned a unique UUID, it helps VirtualBox to make sure that each disk is used only once and does not allow you to import regular copies of disks into the guest OS (there is a separate cloning procedure for this).

Virtual disks can be either of a fixed size or dynamically allocated, and VirtualBox allows you to increase the size of disk space, regardless of the size and format of the disk, and even if the disk contains data. Below is an example of how to do this using the vboxmanage utility.

vboxmanage modifyhd <uuid|filename> --resize <megabytes> 

When choosing a dynamically allocated image, the container file will “grow out” gradually, as the sectors are filled with data, until the container size reaches the limit specified when creating the virtual machine.

Considering the fact that in the process of regular increase in the size of the container, additional computational resources are used, the recording speed when using the option with a fixed size, as a rule, is higher in relation to the dynamic disk. However, if the size of a dynamic disk does not increase significantly in the long run, the difference in write speed is almost leveled.

Virtual Media Manager

VirtualBox keeps a registry of all virtual media that is used by all guest OSs. These are the so-called ”known media”, access to the list (registry) of which can be obtained using the Virtual Media Manager utility (available from the File menu). This utility displays detailed information about each virtual disk, including the full path to the file, as well as to which virtual machine the file is attached. Information from the registry can be removed using the built-in removal function “Remove”



Each individual image can be “detached” from the virtual machine to which it is attached using the “Release” function.

Having detached the image, it will not be possible to attach it back by pressing one button, for this it will be necessary to add the image as a hard disk. Similarly, "attached" and snapshots (disk images).



Once again, I note that due to the presence of the UUID, which was mentioned above, one cannot simply copy and attach a disk image.

Snapshots (Snapshots)

As you know snapshot in English means snapshot. The principle of operation of the mechanism is simple. When creating a snapshot, VirtualBox translates the current image (images if there are several) attached to the VM in read-only mode and creates a separate virtual disk (s) and all subsequent recording procedures are performed in the new virtual storage. Moreover, only changes in certain sectors are recorded, in other words, when creating a 10GB disk snapshot, the new snapshot will be much smaller, and will increase in size gradually as the sectors are filled.



It is logical to assume that the more snapshots of one virtual machine are used, the more computing resources are used to perform disk read operations. Indeed, if there are 2 snapshots, then at first VirtualBox looks to see if there is a necessary sector in the snapshot image2, if not, then the system refers to snapshot1, if nothing is detected there, then the main disk is being accessed. The load will still be insignificant and little noticeable to the end user, t, k. The entire sector table is constantly present in memory.

It is worth remembering that when a snapshot is deleted, all changes made after its creation are “merged” with the previously “frozen” image.

I / O caching

Having mentioned the topic of performance, it will be appropriate to mention caching. Initially, VirtualBox works with image files, as with ordinary files that are self-cached by the host OS. This is done as it is for the purpose of increasing speed. When the guest OS performs a write operation, the operation is cached by the host OS and the message about the successful completion of the operation is sent to the guest OS immediately, while the operation itself is processed by the guest OS asynchronously. Such an approach does not always justify itself, since disk image files tend to increase in volume and the whole procedure begins to have the opposite effect - double caching occurs on the side of the guest and host operating systems and the speed of operations is reduced.

In addition to the consumption of resources, another disadvantage of caching is insufficient reliability. For example, if suddenly there was a power outage at the moment when the operating system already reported the guest about the successful execution of the recording, and the asynchronous recording process itself was not yet completed. Such a scenario certainly leads to data loss.

Disable caching as follows:

 vboxmanage storagectl "VM name" --name <controllername> --hostiocache off 

Bandwidth

VirtualBox allows you to limit the width of the bandwidth channel for one or more virtual disks.

Create a group “Limit” and set a limit of 20 Mb / s

 vboxmanage bandwidthctl "VM name" add Limit --type disk --limit 20M 

We add the necessary disks to group.

 vboxmanage storageattach "VM name" --storagectl "SATA" --port 0 --device 0 --type hdd --medium disk1.vdi --bandwidthgroup Limit vboxmanage storageattach "VM name" --storagectl "SATA" --port 1 --device 0 --type hdd --medium disk2.vdi --bandwidthgroup Limit 

The total bandwidth for both disks will not exceed 20 MB / s. This limit can be changed at any time without turning off the virtual machine.

 vboxmanage bandwidthctl "VM name" set Limit --limit 100M 

Special modes of recording images

For each virtual disk image supported by VirtualBox, regardless of the format , you can determine the behavior mode when writing data, be it a result of operations inside the virtual machine or a snapshot. Such modes are called “non-standard”, while by default all disk images function in “normal” mode. In order to transfer the mode from “normal” to “non-standard”, you can use the above-mentioned Virtual Media Manager or the console utility vboxmanage

 vboxmanage modifyhd <disk image>.vdi settype immutable 

In the "normal" recording mode, the guest OS can read and write from the physical disk without any restrictions on a while creating snapshots of the disk (snapshot), VirtualBox creates a separate file in which all changes are recorded.

In the “write through” mode, the snapshot function does not work.

The “shareable” mode of operation is a kind of previous one. Here, too, there is no possibility of working with “snapshots”, but there is the possibility of using several simultaneously working virtual machines of a single disk image, a clustering script.

Similar in name, but differing in how it works, the “multiattach” mode also allows you to use one disk image for several virtual machines, but in this mode each individual virtual machine uses its independent “snapshot” and changes made in one VM are not available for others.

The “read only” mode is mainly used for working with CD / DVD images, since involves reading only.

The mode you should pay attention to is called “ Immutable ”. As the name suggests immutable images do not change over time. Any changes to the immutable disk are relevant exactly as long as the virtual machine is running. After disconnecting the virtual machine, all changes disappear. Before transferring a disk to immutable mode, you should first create a “normal” disk, install and configure the system in an optimal state, preferably without connecting to the Internet, and only after the guest system is ready - “unpin” the disk and transfer it to immutable mode.

One of the scenarios of work can be a scheme in which two disks are used - one in immutable mode, on which the system itself is located, the second in normal or write-through mode. At first glance, a completely safe and understandable scenario of work - every time a “fresh” system is loaded. But not everything is so transparent and there are some nuances.

First, there is one important exception for immutable disks. They are not “zeroed out ” when attached to a virtual machine whose disk snapshot was taken while it was running — the so-called online-snapshot. This means that if, for example, a user created an immutable disk, and then in the process, created a “snapshot” without shutting down the virtual machine, then starting from the mentioned “snapshot” all subsequent operations and actions inside the system will have an irreversible effect, t. to. All actions will de facto occur in the "snepshot."

If the main goal is a “fresh system” at each launch, then it is better to refrain from using snapshots.

Secondly, the above-described “zeroing” of an individual image occurs only when the on / off command of the virtual machine is sent by the VirtualBox environment itself, and does not occur inside the guest OS. Simply put, if, for example, restarting the Windows guest OS using the standard method (Start menu, reboot the system), the immutable disk will not reset.

Finally, the last and most important thing is that all changes that took place inside the virtual machine are saved on the physical disk and remain there until the virtual machine is restarted .

After the current container is set to immutable mode, VirtualBox stops using this container and in fact the disk goes into read only mode. All write operations are redirected to a separate image and every time the virtual machine starts up this new “separate” image is “reset”. In reality, a temporary “snapshot” is created on the hard disk, which is located in the Snapshots folder of the corresponding virtual machine, within which all the work takes place. After the virtual machine is completed, the above temporary screenshot remains intact.

Consider a simple example.

Bob created a virtual machine, set up the OS, and set the disk in immutable mode. Bob regularly uses his virtual machine for secret communication with Alice. At each launch, a “fresh” system is loaded, which does not contain any logs of previous communication, texts, videos or photos. Once again, after finishing the correspondence, Bob quietly turns off the virtual machine and goes to bed.
Suppose also that before each OS launch, Bob verifies that the disk mode is set to “immutable”.

Eva has access to the computer where the virtual machine is installed. She just needs to go to the Snapshots folder inside the directory of the corresponding virtual machine and there will be the required "snapshot".

All that remains is for Eve to see all the correspondence, as well as the result of all the actions that Bob does inside the OS, to put the disk in “normal” mode and attach a snapshot to it before starting the virtual machine. Moreover, Eva can make backup copies of such “snapshots” every day, the main thing is that this would be done before Bob starts the virtual machine again.

The solution for Bob in this situation will be after the completion of the work, manually delete the entire contents of the Snapshots folder. Not to mention the fact that it is necessary to constantly check in what mode the disk works and it is desirable, or to block some GUI elements altogether, which is quite simply implemented

 vboxmanage setextradata global GUI/Customizations OPTION[,OPTION...] 

For the sake of fairness, it is worth saying that Parallels, from the earliest versions, needs a superuser password to transfer disks from one mode to another, and temporary snapshots are deleted immediately after the work is completed.

Instead of conclusion

VirtualBox is wonderful and very flexible in setting up a virtualization system, comparable in capabilities to commercial products from industry flagships. This article shows some features that are appropriate to pay attention to and only a tiny fraction of all the features of VirtualBox.