A business model that offers computers or other electronic devices at a subsidized price may rely on the enforcement of pay-per-use terms and conditions to recover the investment of an underwriter. Metering and policy enforcement may require special circuitry to ensure that an unscrupulous user does not obtain a computer for free or at a reduced price and then renege on subsequent payments.
Such special circuitry may be effective, and, at some points, necessary. However the special circuitry may be expensive and require not only special handling during manufacturing, but may also require special training and equipment to maintain and service.
A concept of a virtual machine was developed to allow software to be written once and run in many different hardware and operating system environments. Briefly, software written for a virtual machine is written to an abstraction layer. A virtual machine monitor that implements the abstraction layer may be written for many different hardware/OS combinations. Then, the software may be run on any machine for which a virtual machine monitor environment is available. The virtual machine monitor may include an interpreter in some embodiments. The software may be compiled, interpreted, or a combination of both.
FIG. 1A illustrates prior art computing environment 10 with a virtual machine implementation typical of a Java Virtual Machine (JVM) developed by Sun Microsystems Corporation. The environment may have a hardware layer 11 including a processor, memory, and peripherals. In this embodiment, the host operating system 12 runs on the hardware layer 11 and a virtual machine monitor 14 runs on the host operating system 12. Applications may run in virtual machine containers 16 and 18 on the virtual machine monitor 14. The virtual machine containers 16 and 18 may be individual operating environments presented by the virtual machine monitor 14 such that any application or similar service running in the virtual machine container 16 or 18 appears to have full and exclusive use of all the services available in the computing environment. In this configuration, the computing environment may support different levels of security, or rings. The host operating system 12 may run in highest security ring, ring 0. Applications may run at a low security ring, such as ring 3.
FIG. 1B illustrates a prior art computing environment 20 with a virtual machine monitor implementation typical of a Virtual PC from Microsoft Corp. or VMware GSX available from VMware, Inc. In this embodiment, a hardware layer 21 supports both a host operating system 22 and a virtual machine monitor 24. Both the host operating system 22 and the virtual machine monitor may run in security ring 0, while the virtual machine containers 26 28 and their associated applications, including other operating systems, may run in security ring 3.
FIG. 1C illustrates a prior art computing environment 30 with a virtual machine monitor implementation typical of Viridian from Microsoft Corporation or VMware ESX from VMware, Inc. The hardware layer 31 supports a virtual machine monitor 32 running containers 34 and 36. Since the virtual machine monitor 32 provides the only access to the hardware layer 31, the virtual machine containers 34 and 36 will run both operating systems and applications. Since an operating system expects to have the highest level of security access, ring 0, the OS of the virtual machine container 34 or 36 must be given ring-0 security rights. However, to protect the virtual machine monitor 32 from tampering by the OS, such embodiments have implemented a more secure operating layer than ring 0, sometimes called VMX root or ring −1.