Jianbao Ren,Yong Qi,Yuehua Dai,Yu Xuan,Yi Shi

DOI: https://doi.org/10.1016/j.jss.2016.11.001

IF: 3.5

2016-01-01

Journal of Systems and Software

Abstract:Moving the high performance computing (HPC) to Cloud not only reduces the costs but also gives users the ability to customize their system. Besides, compared with the traditional HPC computing environments, such as grid and cluster which run HPC applications on bare-metal, cloud equipped with virtualization not only improves resource utilization but also reduces maintenance cost. While for some reasons, current virtualization-based cloud has limited performance for HPC. Such performance overhead could be caused by Virtual Machine Monitor (VMM) interceptions, virtualized I/O devices or cross Virtual Machine (VM) interference, etc. In order to guarantee the performance of HPC applications on Cloud, the VMM should interfere guest VMs as less as possible and allocate dedicated resources such as CPU cores, DRAM and devices to guest VMs running HPC applications.In this paper, we propose a novel cloud infrastructure to serve the HPC applications and normal applications concurrently. This novel infrastructure is based on a lightweight high performance VMM named nOSV. For HPC applications, nOSV constructs a strong isolated high performance guest VM with dedicated resources. At runtime, the high performance VM manages all resources by itself and is not interfered by nOSV. By supporting nested virtualization, nOSV can run HPC with commodity application and keep the flexibility of traditional Cloud. nOSV runs other virtualization environments, like Xen and Docker, as high performance guest VMs. All commodity Cloud applications are hosted in these virtualization environments and share hardware resources with each other. The prototype of nOSV shows that it provides a bare-metal like performance for HPC applications and has about 23% improvement compared to HPC applications running on Xen. (C) 2016 Elsevier Inc. All rights reserved.

Yuehua Dai,Yong Qi,Jianbao Ren,Yi Shi,Xiaoguang Wang,Xuan Yu

DOI: https://doi.org/10.1145/2517326.2451535

2013-01-01

ACM SIGPLAN Notices

Abstract:Traditional Virtual Machine Monitor (VMM) virtualizes some devices and instructions, which induces performance overhead to guest operating systems. Furthermore, the virtualization contributes a large amount of codes to VMM, which makes a VMM prone to bugs and vulnerabilities. On the other hand, in cloud computing, cloud service provider configures virtual machines based on requirements which are specified by customers in advance. As resources in a multi-core server increase to more than adequate in the future, virtualization is not necessary although it provides convenience for cloud computing. Based on the above observations, this paper presents an alternative way for constructing a VMM: configuring a booting interface instead of virtualization technology. A lightweight virtual machine monitor - OSV is proposed based on this idea. OSV can host multiple full functional Linux kernels with little performance overhead. There are only 6 hyper-calls in OSV. The Linux running on top of OSV is intercepted only for the inter-processor interrupts. The resource isolation is implemented with hardware-assist virtualization. The resource sharing is controlled by distributed protocols embedded in current operating systems. We implement a prototype of OSV on AMD Opteron processor based 32-core servers with SVM and cache-coherent NUMA architectures. OSV can host up to 8 Linux kernels on the server with less than 10 lines of code modifications to Linux kernel. OSV has about 8000 lines of code which can be easily tuned and debugged. The experiment results show that OSV VMM has 23.7% performance improvement compared with Xen VMM.

Zhenhao Pan,Qing He,Wei Jiang,Yu Chen,Yaozu Dong

DOI: https://doi.org/10.1109/csc.2011.6138541

2011-01-01

Abstract:This paper describes a nested virtualization solution, which allows virtual machine monitor (VMM) with virtual machine to run within another virtual machine with low overhead. Previous nested virtualization solutions on x86 platform are mainly based on emulation, which result in poor performance and poor usability. We propose and implement NestCloud, a practical high performance nested virtualization architecture, which fully employs the hardware virtualization extensions. Furthermore, three optimizations are provided to reduce the overhead of nested guests: (1) Guest Page Fault Bypassing, which permits nested guests to handle page faults without VM Exit; (2) Virtual EPT (Extended Page Table), which eliminates unnecessary page faults introduced by shadow page table in nested VMM; (3) PV VMCS, which provides more effective VMCS accessing for nested VMM. Experimental results show that the performance of NestCloud guest is close to single level guest in both CPU-intensive and memory-intensive benchmarks. The CPU overhead is 5.22% and the memory overhead is 5.69%, which makes the nested guest of NestCloud comparable with a conventional one.

Jianhua Che,Qinming He,Qinghua Gao,Dawei Huang

DOI: https://doi.org/10.1109/euc.2008.127

2008-01-01

Abstract:With its growth and wide applications, virtualization has come through a revival in computer system community. Virtualization offers a lot of benefits including flexibility, security, ease to configuration and management, reduction of cost and so forth, but at the same time it also brings a certain degree of performance overhead. Furthermore, virtual machine monitor (VMM) is the core component of virtual machine (VM) system and its effectiveness greatly impacts the performance of whole system. In this paper, we measure and analyze the performance of two open source virtual machine monitors-Xen and KVM using LINPACK, LMbench and IOzone, and provide a quantitative and qualitative comparison of both virtual machine monitors.

Yuehua Dai,Yi Shi,Yong Qi,Jianbao Ren,Peijian Wang

DOI: https://doi.org/10.1007/s11704-012-2084-0

2013-01-01

Abstract:Virtual machine monitors (VMMs) play a central role in cloud computing. Their reliability and availability are critical for cloud computing. Virtualization and device emulation make the VMM code base large and the interface between OS and VMM complex. This results in a code base that is very hard to verify the security of the VMM. For example, a misuse of a VMM hyper-call by a malicious guest OS can corrupt the whole VMM. The complexity of the VMM also makes it hard to formally verify the correctness of the system's behavior. In this paper a new VMM, operating system virtualization (OSV), is proposed. The multiprocessor boot interface and memory configuration interface are virtualized in OSV at boot time in the Linux kernel. After booting, only inter-processor interrupt operations are intercepted by OSV, which makes the interface between OSV and OS simple. The interface is verified using formal model checking, which ensures a malicious OS cannot attack OSV through the interface. Currently, OSV is implemented based on the AMD Opteron multi-core server architecture. Evaluation results show that Linux running on OSV has a similar performance to native Linux. OSV has a performance improvement of 4%-13% over Xen.

Kejiang Ye,Xiaohong Jiang,Siding Chen,Dawei Huang,Bei Wang

DOI: https://doi.org/10.1109/HPCC.2010.79

2010-01-01

Abstract:Virtualization technology is currently widely used due to its benefits on high resource utilization, flexible manageability and powerful system security. However, its use for high performance computing (HPC) is still not popular due to the unclearness of the virtualization overheads. It's worthy to evaluate the virtualization cost and to find the performance bottleneck when running HPC applications in virtual cluster. We first evaluate the basic performance overheads due to virtualization. Then we create a 16-node virtual cluster and perform a performance evaluation for both para-virtualization and full virtualization. After that, we evaluate the MPI (Message Passing Interface) scalability to investigate the impact of MPI and network communication between virtual machines. In addition to the macro assessment, we use the Oprofile/Xenoprof to investigate the architecture characterization like CPU cycle, L2 cache misses, DTLB misses and ITLB misses which is an auxiliary explanation to the performance bottleneck. Experimental results indicate that performance overheads of virtualization are acceptable for HPC, para-virtualization is very suitable for HPC due to the high virtualization efficiency and efficient inter-domain communication. Finally, we use the non-linear regression modeling technology to present a performance model for network latency and bandwidth to predict the performance in virtual cluster environment.

陈文智,姚远,杨建华,何钦铭

DOI: https://doi.org/10.3724/sp.j.1016.2009.01311

2009-01-01

Chinese Journal of Computers

Abstract:With the rapidly development of personal computer hardware,to construct multiple isolated computing domains through virtualization technology has already become a future direction of PC. To avoid the difficulties caused by implementing VMM on traditional IA-32 architecture through software virtualization technology,the authors designed and implemented a VMM based on Intel VT-x technology — Pcanel/V2. Pcanel/V2 utilizes the latest hardware virtualization technology to configure a controllable virtual execution environment and run multiple operating systems directly without any modification of source code. While the accesses to hardware resources by the guest operating system are monitored,various sensitive situations which occur in the guest operating system can also be handled correspondingly by Pcanel/V2. Concurrent execution of Linux and VxWorks on Pcanel/V2 has been realized and corresponding evaluation results show that Pcanel/V2 architecture simplifies the complexity of the design process while increasing the overall performance by approximately 10% compared to software virtual technology.

Yuxia Cheng,Wenzhi Chen,Zonghui Wang,Xinjie Yu

DOI: https://doi.org/10.1109/jsyst.2015.2469652

IF: 4.802

2015-01-01

IEEE Systems Journal

Abstract:Virtualization technology enables multiple virtual machines (VMs) to share a single physical server. Commercial servers increasingly use the nonuniform memory access (NUMA) architecture due to its scalable memory performance. However, multiple VMs running on a NUMA physical server will cause performance overheads such as remote memory access latency and shared microarchitectural resource contention, which makes the VM performance less efficient and stable. These performance overheads are mainly caused by memory traffic from data-intensive workloads. In this paper, we propose a traffic-aware VM optimization (TAVO) scheme on NUMA systems. Based on the performance monitoring of the data traffic and CPU/memory resource usages in the system, TAVO addresses VM memory access locality and shared resource contention problems via automatic VM initial placement and NUMA-aware VM online scheduling. Our experimental results show that TAVO improves VM performance in terms of benchmark runtime by up to 22.6% compared with the default KVM CFS scheduler. TAVO also achieves a much stable performance with benchmark's average runtime variation under 3%.

Yi Ren,Renshi Liu,Qi Zhang,Jianbo Guan,Ziqi You,Yusong Tan,Qingbo Wu

DOI: https://doi.org/10.1109/icpads47876.2019.00014

2019-01-01

Abstract:Network I/O workloads are dominating as one of the leading costs for most of the virtualized clouds. One way to improve the inter virtual machine (VM) inefficiency is to build shared memory channels between VMs co-located on the same physical node to by-pass traditional TCP/IP network stack, so that the overhead is reduced by shorter communication path and fewer kernel interactions. However, it is a key challenge for existing work to achieve high performance inter-VM communication while keeping the capability of VM live migration, and most of existing work are neither seamlessly agile in the presence of VM live migration nor transparent to upper users as well as to operating system kernels, which limits the application of current co-location aware shared-memory based approaches. In this paper, we present the design and implementation of XenVMC, an adaptive and transparent inter-VM communication system for high performance network I/O in virtualized clouds. With proposed dynamic co-located VM membership update mechanism, XenVMC is applicable not only to intra-node VM communication, but also to cross-node communication. It also supports adaptive switching between shared-memory based channel and traditional network-based channel in case of VM live migration, with the aid of proposed VM migration perception and handling mechanisms. XenVMC enables efficient data transmission for both TCP and UDP workloads, with multilevel transparency guaranteed. Extensive experiments show that XenVMC achieves better performance for both TCP and UDP workloads with high transparency, compared with both native virtualized environment and representative existing work. Experimental results also show that it is capable of automatically handling VM migration correctly with acceptable latency.

Zhao Long Jiang,Mingfa Zhu,Limin Xiao

DOI: https://doi.org/10.1109/CCCM.2009.5267543

2009-01-01

Abstract:I/O virtualizations especially NIC ones is a hot spot in the research filed. In order to utilize the global NIC resources deployed in the distributed virtual machine monitor system, this paper proposes a new approach to implement the NIC virtualization for DVMM. The approach is implemented by the hybrid of hardware-assisted virtualization and the single system image technologies, and resides in the level between the virtual machine monitor and the operating system. This implementation can fully utilize advantages of both virtualization and SSI and meanwhile avoid their defects. The implementation strategies and the experiments result reflect the approach makes features of high transparency, high availability, low dependency and low implementation cost, and can effectively collect, unify and utilize the global NIC resources deployed in each node of the distributed virtual machine monitor.

Xing Pu,Ling Liu,Yiduo Mei,Sankaran Sivathanu,Younggyun Koh,Calton Pu,Yuanda Cao

DOI: https://doi.org/10.1109/TSC.2012.2

IF: 11.019

2013-01-01

IEEE Transactions on Services Computing

Abstract:User-perceived performance continues to be the most important QoS indicator in cloud-based data centers today. Effective allocation of virtual machines (VMs) to handle both CPU intensive and I/O intensive workloads is a crucial performance management capability in virtualized clouds. Although a fair amount of researches have dedicated to measuring and scheduling jobs among VMs, there still lacks of in-depth understanding of performance factors that impact the efficiency and effectiveness of resource multiplexing and scheduling among VMs. In this paper, we present the experimental research on performance interference in parallel processing of CPU-intensive and network-intensive workloads on Xen virtual machine monitor (VMM). Based on our study, we conclude with five key findings which are critical for effective performance management and tuning in virtualized clouds. First, colocating network-intensive workloads in isolated VMs incurs high overheads of switches and events in Dom0 and VMM. Second, colocating CPU-intensive workloads in isolated VMs incurs high CPU contention due to fast I/O processing in I/O channel. Third, running CPU-intensive and network-intensive workloads in conjunction incurs the least resource contention, delivering higher aggregate performance. Fourth, performance of network-intensive workload is insensitive to CPU assignment among VMs, whereas adaptive CPU assignment among VMs is critical to CPU-intensive workload. The more CPUs pinned on Dom0 the worse performance is achieved by CPU-intensive workload. Last, due to fast I/O processing in I/O channel, limitation on grant table is a potential bottleneck in Xen. We argue that identifying the factors that impact the total demand of exchanged memory pages is important to the in-depth understanding of interference costs in Dom0 and VMM.

Nan Li,Bo Li,Jianxin Li,Tianyu Wo,Jinpeng Huai

DOI: https://doi.org/10.1109/HPCC.and.EUC.2013.194

2013-01-01

Abstract:Cloud computing service has been evolved in providing a whole virtual data center from selling scattered virtual machines (VMs). Process Monitoring of a VM is a fundamental feature to guarantee the security of the virtual data center because of the rapid growth of the malware. Existing approaches are mainly based on virtual machine introspection (VMI) technique to isolate the monitor out-of-vm and designed to inspect the VM internal processes. However, few of them consider the real time control of process execution in the VMs, such as process termination or files operation conducted by the process. Early VMI-based solutions relied on some specific OS kernel data structures, so they need to know the OS information in advance instead of identifying the OS version at runtime for operating system compatible. In this paper, we propose a novel out-of-the-box process monitor named vMON, which can not only identify different guest OS versions and reconstruct rich semantic information for the target VM processes at runtime, but also control the behaviors of processes with fine granularity. In addition, vMON provides uniform programming interfaces to support the development of application-level security tools. A prototype of vMON has been implemented in kernel-based virtual machine (KVM) hypervisor, and its effectiveness and performance have also been evaluated through several experiments. The results show that vMON can successfully identify, analyze and control the behaviors of the processes in Guest OS with acceptable performance overhead. vMon incurs 0.74%similar to 10.20% I/O overhead and 0.003s average interface return time.

Kun Cheng,Yuebin Bai,Yongwang Zhao,Yao Ma,Duo Lu,Yuanfeng Peng,Minxuan Zhou

DOI: https://doi.org/10.1016/j.jss.2015.12.002

IF: 3.5

2016-01-01

Journal of Systems and Software

Abstract:Despite the rapid development and the wide use, virtualization confronts new challenges on improving network I/O performance. For virtual machines co-existed on a server, inter-VM network performance turns out to be worse than expected. Although many efforts have been dedicated to that issue on paravirtualized (PV) machines, HVMs (Hardware Virtual Machines) get less attention. However, co-resident HVMs are also suffering from low network I/O performance which troubles IaaS cloud infrastructure providers. Such problem is prominent as in the front-back network model several performance bottlenecks appear when inter-VM traffic is being handled.In this paper, we propose a novel approach and implement a prototype called "(HVM)-M-2" to optimize inter-HVM network performance, which mainly address the throughput issues. (HVM)-M-2 takes advantages of the existing mechanisms for HVMs provided by Xen and is totally hardware independent. Unlike the existing idea, (HVM)-M-2 pushes data to the receivers without using shared memory buffer to transfer the pending network data. To evaluate our work, we test and compare network response time, network throughput and CPU utilization with other popular approaches such as SR-IOV. The result shows that the new communication model has great improvements in network delay and throughput with little pressure on Domain-0. (c) 2015 Elsevier Inc. All rights reserved.

Xing Pu,Mengxiao Liu,Jun Jin,Yuanda Cao

DOI: https://doi.org/10.1109/ICECC.2011.6067679

2011-01-01

Abstract:Cloud computing derives from the concepts of distributed computing, parallel computing and grid computing originally. Today, more and more commercial organizations and academic institutes join in the area of cloud computing for safety and low spending reasons. With plenty positive advantages, system virtualization is becoming a prevalent technology to build underlying infrastructures in virtualized cloud environment. Among a number of state-of-the-art Virtual Machine Monitors (VMMs), Xen is definitely to be a conspicuous hypervisor based VMM. However, there still lacks of in- depth understanding of the efficiency of I/O communication among multiple Virtual Machines (VMs) in both academic and industry worlds, especially the burdensome network I/O works. In this paper, based on the server side and client side, two groups of equations are proposed to mathematical modeling the exchanged memory pages in Xen I/O channel. According to our carefully designed experiments, the proposed functions calculated the number of exchanged memory pages accurately, with an average error rate around 6%, even in multiple VMs scenario. Meanwhile, we illustrated and analyzed the effects of varying MTU (Maximum Transmission Unit) size respectively based on our experimental results and proposed equations. Afterwards, an effective improvement for optimizing network I/O performance is also proposed in this paper.

Hang Huang,Jiangshan Lai,Jia Rao,Hui Lu,Wenlong Hou,Hang Su,Quan Xu,Jiang Zhong,Jiahao Zeng,Xu Wang,Zhengyu He,Weidong Han,Jiang Liu,Tao Ma,Song Wu

DOI: https://doi.org/10.1145/3600006.3613158

2023-01-01

Abstract:In cloud-native environments, containers are often deployed within lightweight virtual machines (VMs) to ensure strong security isolation and privacy protection. With the growing demand for customized cloud services, third-party vendors are turning to infrastructure-as-a-service (IaaS) cloud providers to build their own cloud-native platforms, necessitating the need to run a VM or a guest that hosts containers inside another VM instance leased from an IaaS cloud. State-of-the-art nested virtualization in the x86 architecture relies heavily on the host hypervisor to expose hardware virtualization support to the guest hypervisor, not only complicating cloud management but also raising concerns about an increased attack surface at the host hypervisor. This paper presents the design and implementation of PVM, a high-performance guest hypervisor for KVM that is transparent to the host hypervisor and assumes no hardware virtualization support. PVM leverages two key designs: 1) a minimal shared memory region between the guest and guest hypervisor to facilitate state transition between different privilege levels and 2) an efficient shadow page table design to reduce the cost of memory virtualization. PVM has been adopted by Alibaba Cloud for hosting tens of thousands of secure containers on a daily basis. Our experiments demonstrate that PVM significantly outperforms current nested virtualization in KVM for memory virtualization, particularly for concurrent workloads, while maintaining comparable performance in CPU and I/O virtualization.

Yuan Tang,Jianping Li

DOI: https://doi.org/10.1109/ICACIA.2010.5709867

2010-01-01

Abstract:The virtual computing environments integrated with virtual machines (VMs) and virtual overlay networks play an important role in distributed computing and cloud computing. Overlay network with a layer 2 abstraction provides a powerful model for virtualized wide-area distributed computing resources on collections of virtual machines (VMs). However, the performance of existing virtual overlay network can not support the high-performance distributed computing. In this paper, we describe the design and implementation of a virtual overlay network system that has negligible latency and bandwidth in LAN networks. Our system, VON/KVM, is integrated with KVM (Kernel-based Virtual Machine), an open-sourced virtual machine monitor (VMM). VON/KVM achieves native performance and negligible overheads on 1 Gbps Ethernet networks.

Weizhong Qiang,Gongping Xu,Weiqi Dai,Deqing Zou,Hai Jin

DOI: https://doi.org/10.1109/access.2017.2758356

IF: 3.9

2017-01-01

IEEE Access

Abstract:IoT generates considerable amounts of data, which often requires leveraging cloud computing to effectively scale the costs of transferring and computing these data. The concern regarding cloud security is more severe because many devices are connected to the cloud. It is important to automatically monitor and control these resources and services to efficiently and securely deliver cloud computing. The writable virtual machine introspection (VMI) technique can not only detect the runtime state of a guest VM from the outside but also update the state from the outside without any need for administrator efforts. Thus, the writable VMI technique can provide the benefit of high automation, which is helpful for automated cloud management. However, the existing writable VMI technique produces high overhead, fails to monitor the VMs distributed on different host nodes, and fails to monitor multiple VMs with heterogeneous guest OSes within a cloud; therefore, it cannot be applied for automated and centralized cloud management. In this paper, we present CloudVMI, which is a writable and crossnode monitoring VMI framework that can overcome the aforementioned issues. CloudVMI solves the semantic gap problem by redirecting the critical execution of system calls issued by the VMI program into the monitored VM. It has strong practicability by allowing one introspection program to inspect heterogeneous guest OSes and to monitor VMs distributed on remote host nodes. Thus, CloudVMI can be directly applied for automated and centralized cloud management. Moreover, we implement some defensive measures to secure CloudVMI itself. To highlight the writable capability and practical usefulness of CloudVMI, we implement four applications based on CloudVMI. CloudVMI is designed, implemented, and systematically evaluated. The experimental results demonstrate that CloudVMI is effective and practical for cloud management and that its performance overhead is acceptable compared with existing VMI systems.

Yaqiang Mao,Xujian Chen,Yuan Luo

DOI: https://doi.org/10.1049/cp.2014.1285

2014-01-01

Abstract:As a basic cloud service model, the Infrastructure-as-aService (IaaS) provides fundamental computing resources for PaaS and SaaS with a guaranteed ability to reduce costs and improve resource efficiency. Virtualization plays a crucial role to support the IaaS. However, it is not safety because of exposing the hosted virtual machines (VMs) to uncontrollable environment. In addition, traditional in-guest security solutions, relying on operation system kernel trustworthiness, are no longer effective to virtual infrastructure. In this paper, we introduce HVSM (Hybrid Virtualization Security Monitor) to deal with above security problems, which is a new In-OutVM hybrid virtualization-aware architecture depending on lightweight, comprehensive and dynamic security monitoring. First, as to Hybrid, HVSM utilizes virtual machine introspection technique to inspect kernel running state of the guest VM (GVM) from outside. Inside the GVM, measure agent (MA) tests and delivers processes' integrity information to security VM (SVM). In succession, MA is in the guard of measure agent keeper (MAK) running in the SVM. Second, dynamically, HVSM combines kernel state information with processes' integrity so as to provide a security report on GVM. Third, a proof-of-concept prototype is implemented using libvmi based on Xen hypervisor. Finally, we evaluate efficiency and the performance overhead of HVSM, which is acceptably low to support real-time monitoring.

Fengzhe Zhang,Jin Chen,Haibo Chen,Binyu Zang

DOI: https://doi.org/10.1145/2043556.2043576

2011-01-01

Abstract:Multi-tenant cloud, which usually leases resources in the form of virtual machines, has been commercially available for years. Unfortunately, with the adoption of commodity virtualized infrastructures, software stacks in typical multi-tenant clouds are non-trivially large and complex, and thus are prone to compromise or abuse from adversaries including the cloud operators, which may lead to leakage of security-sensitive data.In this paper, we propose a transparent, backward-compatible approach that protects the privacy and integrity of customers' virtual machines on commodity virtualized infrastructures, even facing a total compromise of the virtual machine monitor (VMM) and the management VM. The key of our approach is the separation of the resource management from security protection in the virtualization layer. A tiny security monitor is introduced underneath the commodity VMM using nested virtualization and provides protection to the hosted VMs. As a result, our approach allows virtualization software (e.g., VMM, management VM and tools) to handle complex tasks of managing leased VMs for the cloud, without breaking security of users' data inside the VMs.We have implemented a prototype by leveraging commercially-available hardware support for virtualization. The prototype system, called Cloud Visor, comprises only 5.5K LOCs and supports the Xen VMM with multiple Linux and Windows as the guest OSes. Performance evaluation shows that Cloud Visor incurs moderate slow-down for I/O intensive applications and very small slowdown for other applications.

Liu,Jie Xu,Hongfang Yu,Lemin Li,Chunming Qiao

DOI: https://doi.org/10.1007/s11227-015-1590-x

2015-01-01

Abstract:Server consolidation schemes whereby each server is replaced with a virtual machine (VM) and multiple such VMs are run on a single physical server can reduce the number of physical servers needed, and in turn, both the cost and energy consumption in data centers. However, existing schemes have not fully exploited the flexibility in the usage and allocation of virtualization resources, so as to allow one application originally deployed on a single large VM (LVM) to be split and hosted by multiple smaller VMs (SVM). Using multiple SVMs instead of an LVM enables resource allocation at a smaller granularity and thus may further increase the utilization and reduce the number of physical servers. However, a major challenge to overcome when deploying multiple SVMs for one application is to preserve the performance of the application in terms of response delay. In this paper, we show through theoretical analysis and experiments that in order to preserve the performance of the application, one needs to allocate sufficient resources to each SVM, and the total amount of resources required by all the SVMs will exceed that required by the LVM. Nevertheless, we also show that by using the proposed heuristic algorithm called VM splitting and assignment (VMSA), we can substantially improve the utilization and reduce the number of physical servers.