VLX Real-Time Virtualization technology enables multiple operating systems (guest OSs) to run simultaneously on the same single-core or multi-core processor. This technology enables a new generation of mobile devices that offer more user features at lower prices.  Virtualization can cut engineering and development time by 35% to 50%.  In addition, VLX Real-Time Virtualization reduces complexity, risk and time-to-market for smart phones, MIDs, netbooks, and notebooks.

Architecture and Partitioning 

VirtualLogix utilizes a bare-metal architecture where a thin abstraction layer manages key system resources to isolate the guest OSs from the underlying hardware. More precisely, VLX virtualization technology relies primarily on partitioning of resources between the guest OSs and on virtualization of resources that cannot be partitioned.

Physical memory is typically partitioned between the guest OSs while the CPU, FPU, MMU, or other system parts (e.g., the real-time clock and interrupt controller) are virtualized.  This approach enables VLX virtualization technology to be applied to embedded and real-time systems.

Partitioned resources such as memory, which will only be used by a single guest OS, are exclusively owned by that guest OS.  Thus, each OS can use its own native mechanisms and policies, such as memory management, without interfering with other guest OSs.

Virtualization 

Resources that are common to more than one guest OS, such as the CPU and real-time clock, are virtualized so that they can be shared between various guest OSs that need to access such a resource.

To ensure efficiency, VLX employs paravirtualization techniques, meaning that some adaptation of the guest OS kernel has been done by VLX. These changes are comparable in both effort and scope to porting that OS to hardware that is very similar to the underlying hardware.  This simplifies the addition of support for new OSs. 

VLX always virtualizes the CPU, FPU, and MMU resources. The CPU is shared by means of a scheduler that assigns the processor to the selected guest OS based on one of VLX's scheduling policies which guarantee that a real-time guest OS will get a higher priority.  When a guest OS has been granted CPU access, it still uses its own native scheduling policies for its applications.

If present, the MMU is virtualized so that each guest OS can use it for its own purposes. With VLX, usage of the MMU by one guest OS is independent from the usage of the MMU by another guest OS.

Device Virtualization  

Running OSs that do not communicate or share devices or resources would be of little value.  An OS that supports multiple processes will provide them with memory allocation and scheduling policies and offer them services such as synchronization, and shared access to file systems and network interfaces, and interprocess communication.

With VLX Real-Time Virtualization technology, guest OSs are independent of each other, but work together efficiently via unique communication mechanisms.  This technology provides each guest OS with synchronization (cross-interrupt mechanism), shared access to devices such as disk controllers, network interfaces, serial lines, and inter-OS communication mechanisms through virtual devices (virtual Ethernet or virtual UART).

Shared I/O Devices 

Devices such as an Ethernet controller or a serial line may need to be accessed by more than a single guest OS. For these standard I/O devices, VLX includes back-end device drivers that manage the physical hardware devices, virtualize the corresponding device, and export a virtual view of that device to other guest OS. This approach provides guest OSs with access to features of each device without actual access to the device.

Virtual I/O Devices  

Communications between the different guest OSs are provided by virtual communication devices. Different types of such devices can be configured depending upon the needs of the communicating applications. For example, a system might use a virtual Ethernet to implement a local private network that is located wholly internally to the machine, and/or it might use virtual UART device to pass AT modem commands from one guest OS to the other.

Modularity, Isolation, and Security  

VLX Real-Time Virtualization technology employs a modular architecture that enables developers to configure a custom product-specific virtualization solution that meets the required product-specific trade-offs between footprint, performance, isolation, and security.

VLX default configuration gives each guest OS its own physical memory, providing effective memory isolation between each of the guest OSs. This provides enough isolation to catch most memory access errors.

Stronger interguest OS isolation may be required to resist malware that can potentially be injected in one guest OS. To this end, VLX can be configured with optional hypervisor modules to provide an unbreakable and complete isolation between guest OSs.

Isolation in itself is not security but only a prerequisite to the creation of a secure system. VLX Real-Time Virtualization technology enables the full isolation of an untrusted guest OS in a sandboxed partition. The secure guest OS environment can be configured to let trusted agents manage the core security services of the platform. Such trusted agents can be configured and used as required by the overall system, either to run DRM policies, to store keys, or to perform the management of multilevel security platforms. The modular architecture of VLX allows developers to make explicit trade-offs between the required level of isolation and the desired level of performance.