Features of working with virtual disks VirtualBox

The article discusses the features of using virtual disks in VirtualBox, the use of different read-write modes, the principle and organization of snapshots, caching of input / output data, as well as some aspects of using virtual disks from the point of view of information security. For those who are interested in the security example, you can immediately go anchor to the section on special recording modes .

Let's start with some general concepts. VirtualBox has 3 main methods for providing a guest operating system (OS) access to data. This text focuses on the use of virtual disks.

Virtual disks are connected to the virtual guest OS, by emulating the connection through the appropriate controller, IDE, SATA (AHCI), SCSI, SAS.

The behavior of the controllers is programmed in such a way as to simulate physical prototypes, therefore the IDE controller will run slower than SATA and consume more processor resources , the OS will not interact with virtual disks without the appropriate drivers and hardware support, etc. For example, in the Windows family prior to Windows Vista there is no support for the Advanced Host Controller Interface (AHCI), to which SATA belongs, so in particular, a Windows XP virtual machine with SATA will not work.

Virtual disk files

VirtualBox allows you to work with different virtual disk file formats. In addition to its own VDI, it supports VMDK (VMware), VHD (Microsoft), Parallels version 2 HDD format (Parallels).

Each virtual disk is assigned a unique UUID, this helps VirtualBox to make sure that each disk is used only once and does not allow to import regular copies of disks into the guest OS (there is a separate cloning procedure for this).

Virtual disks can be either a fixed size or dynamically allocated, and VirtualBox allows you to increase the size of disk space, regardless of the size and format of the disk, and even if the disk contains data. Below is an example of how to do this using the vboxmanage utility .

vboxmanage modifyhd  --resize 

When you select a dynamically allocated image, the container file will "grow" gradually, as the sectors fill with data, until the container size reaches the limit specified when creating the virtual machine.

Considering the fact that additional computational resources are involved in the process of regularly increasing the size of the container, the write speed when using the fixed-size option is usually higher, in comparison with a dynamic disk. Nevertheless, if the size of a dynamic disk does not increase significantly in the long run, the difference in recording speed is almost leveled.

Virtual Media Manager

VirtualBox maintains a register of all virtual media used by all guest operating systems. These are the so-called "known media", access to the list (registry) of which can be obtained using the Virtual Media Manager utility (available from the File menu). This utility shows detailed information about each virtual disk, including the full path to the file, as well as which virtual machine the file is attached to. Information from the registry can be deleted using the built-in “Remove” delete function.



Each individual image can be “detached” from the virtual machine to which it is attached using the “Release” function.

Having unfastened the image, it will not be possible to attach it back by pressing a single button; for this, you will need to add the image as a hard disk. In a similar way, snapshots (disk snapshots) are “attached”.



Once again, I note that because of the UUIDs mentioned above, you can’t just copy and attach the disk image.

Snapshots

As you know snapshot translated from English means snapshot. The principle of the mechanism is simple. When creating a snapshot, VirtualBox transfers the current image (if there are several images) attached to the VM in read-only mode and creates a separate virtual disk (s) and all subsequent recording procedures are already performed in the new virtual storage. Moreover, only changes in certain sectors are recorded, in other words, when creating a snapshot of a 10GB disk, the new snapshot will be much smaller and will increase in size gradually as the sectors fill up.



It is logical to assume that the more snapshots of one virtual machine are used, the more computing resources are used to perform disk read operations. Indeed, if there are 2 snapshots, then VirtualBox first looks to see if there is a sector in the snapshot2 image, if not, the system turns to snapshot1, if nothing is found there, then the main disk is accessed. The load will nevertheless be insignificant and hardly noticeable to the end user, since the entire table of sectors is constantly present in memory.

It is worth remembering that when a snapshot is deleted, all changes made after its creation are “merged” with the previously “frozen” image.

Input / output caching

Touching upon the topic of performance, it will be appropriate to mention caching. Initially, VirtualBox works with image files, as with ordinary files that are cached by the host OS itself. This is done as stupidly with the goal of increasing speed. When the guest OS performs a write operation, the operation is cached by the host OS and a message about the successful completion of the operation is sent to the guest OS immediately, while the operation itself is processed by the guest OS asynchronously. This approach is not always justified, because disk image files tend to increase in volume and the whole procedure begins to produce the opposite effect - there is double caching on the side of the guest and host operating systems and the speed of operations is reduced.

In addition to the expense of resources, another lack of caching is the lack of reliability. For example, if there was a sudden power outage at a time when the host OS had already informed the guest that the recording was successful, and the asynchronous recording process had not yet completed. Such a scenario certainly leads to data loss.

Disabling caching is as follows:

vboxmanage storagectl "VM name" --name  --hostiocache off

Bandwidth

VirtualBox allows you to limit the bandwidth for one or more virtual disks.

Create a group “Limit” and set a limit of 20 Mb / s

vboxmanage bandwidthctl "VM name" add Limit --type disk --limit 20M

Add the desired drives to the group.

vboxmanage storageattach "VM name" --storagectl "SATA" --port 0 --device 0 --type hdd --medium disk1.vdi --bandwidthgroup Limit 
vboxmanage storageattach "VM name" --storagectl "SATA" --port 1 --device 0 --type hdd  --medium disk2.vdi --bandwidthgroup Limit

The total bandwidth for both drives will not exceed 20 MB / s. This limit can be changed at any time without turning off the virtual machine.

vboxmanage bandwidthctl "VM name" set Limit --limit 100M

Special modes for recording images

For each virtual disk image supported by VirtualBox, regardless of the format , you can determine the behavior when writing data, whether it is a consequence of operations inside the virtual machine or a snapshot. Such modes are called “non-standard”, while by default all disk images function in “normal” mode. In order to switch the mode from “normal” to “non-standard”, you can use the aforementioned Virtual Media Manager or the console utility vboxmanage

vboxmanage modifyhd .vdi settype immutable

In the “normal” recording mode, the guest OS can read and write from the physical disk without any restrictions. A When creating snapshots of the disk, VirtualBox creates a separate file in which all changes are recorded.

In the “write through” mode, the snapshot function does not work.

The “shareable” mode of operation is a kind of variation of the previous one. Here, too, there is no way to work with "snapshots", but there is the possibility of using several simultaneously running virtual machines of the same disk image, a clustering scenario.

The “multiattach” mode, which is similar in name but differs by the operating principles, also allows you to use one disk image for several virtual machines, but in this mode each individual virtual machine uses its own independent “snapshot” and changes made in one VM are not available for others.

The "read only" mode is mainly used for working with CD / DVD images, as involves reading only.

The mode you should pay attention to is called " Immutable". As the name implies, immutable images do not change over time. Any changes to the immutable disk are relevant exactly as long as the virtual machine is running. After shutting down the virtual machine, all changes disappear. Before putting a disk into immutable mode, you should first create a “normal” disk, install and configure the system to the optimal state, preferably without connecting to the Internet, and only after the guest system is ready to “detach” the disk and put it into immutable mode.

One of the scenarios of work may be a scheme in which two disks are used - one in immutable mode, on which the system itself is located, the second in normal or write-through mode. At first glance, it’s a completely safe and understandable work scenario - each time a “fresh” system is loaded. But not everything is so transparent and there are some nuances.

First, there are one important exception for immutable disks. They do not “nullify ” when attached to a virtual machine whose disk image was taken while it was running- the so-called online-snapshot. This means that if, for example, the user created an immutable disk, and then, in the process, created a “snapshot” without shutting down the virtual machine, then starting from the said “snapshot” all subsequent operations and actions within the system will have an irreversible effect, t. to. all actions will occur de facto in a snapshot.

If the main goal is a “fresh system” at every start, then it is better to refrain from using snapshots.

Secondly, the above “zeroing” of a separate image occurs only when the virtual machine enable / disable command is sent by the VirtualBox environment itself, and does not occur inside the guest OS. Simply put, if, for example, you restart the Windows guest OS using the standard method (Start menu, reboot the system), then the immutable disk will not be reset.

Finally, the last and most important thing - all changes that occur inside the virtual machine are saved on the physical disk and remain there until the virtual machine is restarted .

After the current container is set to immutable mode, VirtualBox ceases to use this container and in fact the disk goes into read only mode. All write operations are redirected to a separate image, and each time the virtual machine starts working, this new “separate” image is “reset”. In reality, a temporary “snapshot” is created on the hard disk, which is located in the Snapshots folder of the corresponding virtual machine, inside which all the work takes place. After the virtual machine shuts down, the above temporary screenshot remains untouched.

Let's look at a simple example.

Bob created a virtual machine, configured the OS, and put the disk into immutable mode. Bob regularly uses his virtual machine to communicate privately with Alice. At each launch, a “fresh” system is loaded that does not contain any logs of previous communication, texts, videos or photos. Once again having finished the correspondence, Bob calmly turns off the virtual machine and goes to sleep.
Assume also that before each OS startup, Bob checks that the disk mode is set to “immutable”.

Eve has access to the computer on which the virtual machine is installed. It is enough for her to go into the Snapshots folder inside the directory of the corresponding virtual machine and there will be the required “snapshot”.

All that Eva has to do to see all the correspondence, as well as the result of all actions performed by Bob inside the OS, is to put the disk into “normal” mode and attach a snapshot to it before starting the virtual machine. Moreover, Eve can make backups of such “snapshots” every day, the main thing is that this would be done before Bob starts the virtual machine again.

The solution for Bob in this situation will be after completion of work, manually delete the entire contents of the Snapshots folder. Not to mention the fact that you need to constantly check in what mode the disk works and it is desirable, or even block some elements of the GUI, which is quite simple to implement

vboxmanage setextradata global GUI/Customizations OPTION[,OPTION...]

In fairness, it is worth saying that those same Parallels, from the earliest versions, in order to transfer disks from one mode to another, you need a superuser password, and temporary “snapshots” are deleted immediately after completion of work.

Instead of a conclusion

VirtualBox is a wonderful and highly customizable virtualization system, comparable in capabilities with commercial products from the flagships of the industry. This article shows some features that are appropriate to pay attention to and only a tiny fraction of all the capabilities of VirtualBox.