ch09 virtualbox passthrough

Chapter 9 . Advanced topicsTable of Contents

VBoxSDL, the sim plified VM displayerI nt roduct ionSecure labeling with VBoxSDLReleasing modifiers with VBoxSDL on Linux

Automated guest logonsAutomated Windows guest logonsAutomated Linux/ Unix guest logons

Advanced configurat ion for Windows guestsAutomated Windows system preparat ion

Advanced configurat ion for Linux and Solaris guestsManual setup of selected guest services on LinuxGuest graphics and mouse driver setup in depth

CPU hot -pluggingPCI passthroughAdvanced display configurat ion

Custom VESA resolut ionsConfiguring the maximum resolut ion of guests when using the graphical frontend

Advanced storage configurat ionUsing a raw host hard disk from a guestConfiguring the hard disk vendor product data (VPD)Access iSCSI targets via I nternal Networking

Launching more than 120 VMs on Solar is hostsTemporary solut ion while VirtualBox is runningPersistent solut ion, requires user to re- login

Legacy com mands for using ser ial por tsFine- tuning the VirtualBox NAT engine

Configuring the address of a NAT network interfaceConfiguring the boot server (next server) of a NAT network interfaceTuning TCP/ I P buffers for NATBinding NAT sockets to a specific interfaceEnabling DNS proxy in NAT m odeUsing the host 's resolver as a DNS proxy in NAT modeConfiguring aliasing of the NAT engine

Configuring the BI OS DMI informat ionFine- tuning t imers and t im e synchronizat ion

Configuring the guest t ime stamp counter (TSC) to reflect guest execut ionAccelerate or slow down the guest clockTuning the Guest Addit ions t ime synchronizat ion parameters

Installing the alternate bridged networking driver on Solaris 11 hostsVirtualBox VNI C templates for VLANs on Solaris 11 hostsConfiguring mult iple host -only network interfaces on Solaris hostsConfiguring the Vir tualBox CoreDumper on Solar is hostsLocking down the Vir tualBox m anager GUIStart ing the Vir tualBox web service autom at icallyMemory Ballooning Service

VBoxSDL, the sim plified VM displayer

I nt roduct ion

VBoxSDL is a simple graphical user interface (GUI ) that lacks the nice point -and-click support which VirtualBox, our m ain GUI ,provides. VBoxSDL is current ly primar ily used internally for debugging VirtualBox and therefore not officially supported. St ill, youmay find it useful for environments where the virtual machines are not necessarily cont rolled by the sam e person that uses thevirtual m achine.

NoteVBoxSDL is not available on the Mac OS X host plat form .

As you can see in the following screenshot , VBoxSDL does indeed only provide a sim ple window that contains only the "pure"virtual m achine, without menus or other cont rols to click upon and no addit ional indicators of vir tual machine act ivity:

Page1 of 17Chapter 9. Advanced topics

2/22/2012http://www.virtualbox.org/manual/ch09.html

To star t a virtual machine with VBoxSDL instead of the VirtualBox GUI , enter the following on a comm and line:

VBoxSDL - - st ar t vm <vm>

where <vm> is, as usual with VirtualBox com mand line param eters, the name or UUI D of an exist ing virtual machine.

Secure labeling w ith VBoxSDL

When running guest operat ing systems in fullscreen mode, the guest operat ing system usually has cont rol over the whole screen.This could present a securit y r isk as the guest operat ing system m ight fool the user into thinking that it is either a differentsystem (which m ight have a higher security level) or it m ight present messages on the screen that appear to stem from the hostoperat ing system.

In order to protect the user against the above ment ioned security r isks, the secure labeling feature has been developed. Securelabeling is current ly available only for VBoxSDL. When enabled, a port ion of the display area is reserved for a label in which auser defined message is displayed. The label height in set to 20 pixels in VBoxSDL. The label font color and background color canbe opt ionally set as hexadecimal RGB color values. The following syntax is used to enable secure labeling:

VBoxSDL - - st ar t vm " VM name"- - secur el abel - - secl abel f nt ~/ f ont s/ ar i al . t t f- - secl abel s i z 14 - - secl abel f gcol 00FF00 - - secl abel bgcol 00FFFF

I n addit ion to enabling secure labeling, a TrueType font has to be supplied. To use another font size than 12 point use theparameter - - secl abel s i z .

The label text can be set with

VBoxManage set ext r adat a " VM name" " VBoxSDL/ Secur eLabel " " The Label "

Changing this label will take effect immediately.

Typically, full screen resolut ions are lim ited to certain "standard" geometries such as 1024 x 768. I ncreasing this by twenty linesis not usually feasible, so in most cases, VBoxSDL will chose the next higher resolut ion, e.g. 1280 x 1024 and the guest 's screenwill not cover the whole display surface. I f VBoxSDL is unable to choose a higher resolut ion, the secure label will be painted ontop of the guest 's screen surface. I n order to address the problem of the bot tom part of t he guest screen being hidden, VBoxSDLcan provide custom video modes to the guest that are reduced by the height of the label. For Windows guests and recent Solarisand Linux guests, the VirtualBox Guest Addit ions autom at ically provide the reduced video modes. Addit ionally, the VESA BIOShas been adjusted to duplicate its standard mode table with adjusted resolut ions. The adjusted mode I Ds can be calculated usingthe following formula:

r educed_modei d = modei d + 0x30

For exam ple, in order to start Linux with 1024 x 748 x 16, the standard mode 0x117 (1024 x 768 x 16) is used as a base. TheLinux video mode kernel param eter can then be calculated using:

vga = 0x200 | 0x117 + 0x30vga = 839

The reason for duplicat ing the standard modes instead of only supplying the adjusted modes is that most guest operat ingsystem s require the standard VESA modes to be fixed and refuse to start with different m odes.

When using the X.org VESA driver , custom m odelines have to be calculated and added to the configurat ion (usuallyin / et c/ X11/ xor g. conf . A handy tool to determ ine modeline ent r ies can be found atht t p: / / www. t kk. f i / Mi sc/ El ect r oni cs/ f aq/ vga2r gb/ cal c. ht ml .)

Releasing m odifiers w ith VBoxSDL on Linux

When switching from a X virtual term inal (VT) to another VT using Ct rl -Alt -Fx while the VBoxSDL window has the input focus, theguest will receive Ctr l and Alt keypress events without receiving the corresponding key release events. This is an architecturallim itat ion of Linux. I n order to reset the modifier keys, it is possible to send SI GUSR1 to the VBoxSDL m ain thread ( first ent ry in



the ps list ) . For example, when swit ching away to another VT and saving the vir tual machine from this term inal, the followingsequence can be used to make sure the VM is not saved with stuck modifiers:

ki l l - usr 1 <pi d>VBoxManage cont r ol vm " Wi ndows 2000" savest at e

Autom ated guest logonsVirtualBox provides Guest Addit ion modules for Windows, Linux and Solaris to enable autom ated logons on the guest .

When a guest operat ing system is running in a virtual machine, it m ight be desirable to perform coordinated and automatedlogons using credent ials from a m aster logon system . (With "credent ials" , we are referring to logon informat ion consist ing of usernam e, password and dom ain name, where each value m ight be empty.)

Autom ated W indow s guest logons

Since Windows NT, Windows has provided a modular system logon subsystem ( "Winlogon") which can be custom ized andextended by means of so-called GI NA modules (Graphical I dent if icat ion and Authent icat ion) . With Windows Vista and Windows 7,the GI NA m odules were replaced with a new m echanism called "credent ial providers" . The Vir tualBox Guest Addit ions forWindows come with both, a GI NA and a credent ial provider module, and therefore enable any Windows guest to performautom ated logons.

To act ivate the VirtualBox GI NA or credent ial provider module, install the Guest Addit ions with using the command lineswitch / wi t h_aut ol ogon. All t he following manual steps required for installing these modules will be then done by the installer.

To manually install t he VirtualBox GI NA module, ext ract the Guest Addit ions (see the sect ion called “Manual file ext ract ion” ) andcopy the file VBoxGI NA. dl l to the Windows SYSTEM32 directory. Then, in the regist ry, create the following key:

HKEY_LOCAL_MACHI NE\ SOFTWARE\ Mi cr osof t \ Wi ndows NT\ Cur r ent Ver si on\ Wi nl ogon\ Gi naDLL

with a value of VBoxGI NA. dl l .

NoteThe Vir tualBox GI NA module is implem ented as a wrapper around the standard Windows GI NA m odule ( MSGI NA. DLL) .As a result , it will most likely not work correct ly with 3rd party GI NA m odules.

To manually install t he VirtualBox credent ial provider module, ext ract the Guest Addit ions (see the sect ion called “Manual fileext ract ion” ) and copy the file VBoxCr edPr ov. dl l t o the Windows SYSTEM32 directory. Then, in the regist ry, create the following keys:

HKEY_LOCAL_MACHI NE\ SOFTWARE\ Mi cr osof t \ Wi ndows\ Cur r ent Ver si on\ Aut hent i cat i on\ Cr edent i al Pr ovi der s\ { 275D3BCC- 22BB- 4948- A7F6- 3A3054EBA92B}

HKEY_CLASSES_ROOT\ CLSI D\ { 275D3BCC- 22BB- 4948- A7F6- 3A3054EBA92B}

HKEY_CLASSES_ROOT\ CLSI D\ { 275D3BCC- 22BB- 4948- A7F6- 3A3054EBA92B} \ I npr ocSer ver 32

with all default values ( the key nam ed ( Def aul t ) in each key) set to VBoxCr edPr ov . After that a new st r ing named

HKEY_CLASSES_ROOT\ CLSI D\ { 275D3BCC- 22BB- 4948- A7F6- 3A3054EBA92B} \ I npr ocSer ver 32\ Thr eadi ngModel

with a value of Apar t ment has to be created.

To set credent ials, use the following com mand on a running VM:

VBoxManage cont r ol vm " Wi ndows XP" set cr edent i al s " John Doe" " secr et passwor d" " DOMTEST"

While the VM is running, the credent ials can be quer ied by the Vir tualBox logon modules (GI NA or credent ial provider) using theVirtualBox Guest Addit ions device dr iver. When Windows is in " logged out" mode, the logon modules will constant ly poll forcredent ials and if they are present , a logon will be at tempted. After ret r ieving the credent ials, the logon modules will erase themso that the above comm and will have to be repeated for subsequent logons.

For security reasons, credent ials are not stored in any persistent manner and will be lost when the VM is reset . Also, thecredent ials are "wr ite-only" , i.e. there is no way to ret r ieve the credent ials from the host side. Credent ials can be reset from thehost side by set t ing empty values.

Depending on the part icular variant of the Windows guest , the following rest r ict ions apply:

1. For W indow s XP guests, the logon subsystem needs to be configured to use the classic logon dialog as the VirtualBoxGI NA module does not support the XP-style welcom e dialog.

2. For W indow s Vista and W indow s 7 guests, the logon subsystem does not support the so-called Secure At tent ionSequence ( CTRL+ALT+DEL) . As a result , t he guest 's group policy set t ings need to be changed to not use the Secure At tent ionSequence. Also, the user name given is only compared to the t rue user nam e, not the user fr iendly name. This means thatwhen you rename a user, you st ill have to supply the or iginal user nam e ( internally, Windows never renames user



accounts) .

3. Auto- logon handling of the built - in Windows Rem ote Desktop Service ( formerly known as Term inal Services) is disabled bydefault . To enable it , create the regist ry key

HKEY_LOCAL_MACHI NE\ SOFTWARE\ Or acl e\ Vi r t ual Box Guest Addi t i ons\ Aut oLogon

with a DWORD value of 1.

The following comm and forces Vir tualBox to keep the credent ials after they were read by the guest and on VM reset :

VBoxManage set ext r adat a " Wi ndows XP" VBoxI nt er nal / Devi ces/ VMMDev/ 0/ Conf i g/ KeepCr edent i al s 1

Note that this is a potent ial secur ity r isk as a malicious applicat ion running on the guest could request this inform at ion using theproper interface.

Autom ated Linux/ Unix guest logons

Start ing with version 3.2, VirtualBox provides a custom PAM module (Pluggable Authent icat ion Module) which can be used toperform automated guest logons on plat forms which support this framework. Vir tually all m odern Linux/ Unix dist r ibut ions rely onPAM.

The pam_vbox. so m odule itself does not do an actual verif icat ion of the credent ials passed to the guest OS; instead it relies onother modules such as pam_uni x. so or pam_uni x2. so down in the PAM stack to do the actual validat ion using the credent ialsret r ieved by pam_vbox. so. Therefore pam_vbox. so has to be on top of the authent icat ion PAM service list .

NoteThe pam_vbox. so only supports the aut h prim it ive. Other prim it ives such as account , sessi on or passwor d are notsupported.

The pam_vbox. so m odule is shipped as part of t he Guest Addit ions but it is not installed and/ or act ivated on the guest OS bydefault . I n order to install it , it has to be copied from / opt / VBoxGuest Addi t i ons - <ver si on>/ l i b/ VBoxGuest Addi t i ons/ to the securitymodules directory, usually / l i b/ secur i t y / on 32-bit guest Linuxes or / l i b64/ secur i t y / on 64-bit ones. Please refer to your guestOS documentat ion for the correct PAM module directory.

For exam ple, to use pam_vbox. so with a Ubuntu Linux guest OS and GDM ( the GNOME Desktop Manager) to logon usersautom at ically with the credent ials passed by the host , the guest OS has to be configured like the following:

1. The pam_vbox. so m odule has to be copied to the security m odules directory, in this case it is / l i b/ secur i t y.

2. Edit the PAM configurat ion file for GDM found at / et c/ pam. d/ gdm, adding the line aut h r equi s i t e pam_vbox. so at t he top.Addit ionaly, in most Linux dist r ibut ions there is a file called / et c/ pam. d/ common- aut h. This f ile is included in many otherservices ( like the GDM file m ent ioned above) . There you also have to add the line aut h r equi s i t e pam_vbox. so.

3. I f authent icat ion against the shadow database using pam_uni x. so or pam_uni x2. so is desired, the argument t r y_f i r s t _pass forpam_uni x. so or use_f i r st _pass for pam_uni x2. so is needed in order to pass the credent ials from the VirtualBox module to theshadow database authent icat ion module. For Ubuntu, this needs to be added to / et c/ pam. d/ common- aut h, to the end of the linereferencing pam_uni x. so. This argum ent tells the PAM module to use credent ials already present in the stack, i.e. the onesprovided by the VirtualBox PAM module.

W arningAn incorrect ly configured PAM stack can effect ively prevent you from logging into your guest system!

To make deployment easier, you can pass the argument debug r ight after the pam_vbox. so statement . Debug log output will then berecorded using syslog.

W arningAt present , the GDM display manager only ret r ieves credent ials at startup so unless the credent ials have beensupplied to the guest before GDM starts, automat ic logon will not work. This lim itat ion needs to be addressed bythe GDM developers or another display manager must be used.

Advanced configurat ion for W indow s guests

Autom ated W indow s system preparat ion

Beginning with Windows NT 4.0, Microsoft offers a "system preparat ion" tool ( in short : Sysprep) to prepare a Windows systemfor deployment or redist r ibut ion. Whereas Windows 2000 and XP ship with Sysprep on the installat ion m edium, the tool also isavailable for download on the Microsoft web site. I n a standard installat ion of Windows Vista and 7, Sysprep is already included.Sysprep mainly consists of an executable called syspr ep. exe which is invoked by the user to put the Windows installat ion intopreparat ion m ode.



Start ing with Vir tualBox 3.2.2, the Guest Addit ions offer a way to launch a system preparat ion on the guest operat ing system inan automated way, cont rolled from the host system . To achieve that , see the sect ion called “Guest cont rol” for using the featurewith the special ident if ier syspr ep as the program to execute, along with the user name syspr ep and password syspr ep for thecredent ials. Sysprep then gets launched with the required system r ights.

NoteSpecifying the locat ion of "sysprep.exe" is not possible - - instead the following paths are used (based on theoperat ing system) :

C: \ syspr ep\ syspr ep. exe for Windows NT 4.0, 2000 and XP %WI NDI R%\ Syst em32\ Syspr ep\ syspr ep. exe for Windows Vista, 2008 Server and 7

The Guest Addit ions will automat ically use the appropr iate path to execute the system preparat ion tool.

Advanced configurat ion for Linux and Solar is guests

Manual setup of selected guest services on Linux

The Vir tualBox Guest Addit ions contain several different drivers. I f for any reason you do not wish to set them all up, you caninstall the Guest Addit ions using the following command:

sh . / VBoxLi nuxAddi t i ons. r un no_set up

After this, you will need to at least compile the kernel modules by running the command

/ usr / l i b/ VBoxGuest Addi t i ons/ vboxadd set up

as root ( you will need to replace lib by lib64 on some 64bit guests) , and on older guests without the udev service you will need toadd the vboxadd service to the default runlevel to ensure that the m odules get loaded.

To setup the t ime synchronizat ion service, run the command

/ usr / l i b/ VBoxGuest Addi t i ons/ vboxadd- ser v i ce set up

and add the service vboxadd-service to the default runlevel. To set up the X11 and OpenGL part of t he Guest Addit ions, run thecommand

/ usr / l i b/ VBoxGuest Addi t i ons/ vboxadd- x11 set up

(you do not need to enable any services for this) .

To recompile the guest kernel m odules, use this com mand:

/ usr / l i b/ VBoxGuest Addi t i ons/ vboxadd set up

After compilat ion you should reboot your guest to ensure that the new modules are actually used.

Guest graphics and m ouse dr iver setup in depth

This sect ion assumes that you are fam iliar with configuring the X.Org server using xorg.conf and opt ionally the newermechanism s using hal or udev and xorg.conf.d. I f not you can learn about them by studying the documentat ion which comeswith X.Org.

The Vir tualBox Guest Addit ions come with drivers for X.Org versions

X11R6.8/ X11R6.9 and XFree86 version 4.3 (vboxvideo_drv_68.o and vboxmouse_drv_68.o) X11R7.0 (vboxvideo_drv_70.so and vboxmouse_drv_70.so) X11R7.1 (vboxvideo_drv_71.so and vboxmouse_drv_71.so) X.Org Server versions 1.3 and later ( vboxvideo_drv_13.so and vboxmouse_drv_13.so and so on) .

By default t hese drivers can be found in the directory

/ opt / VBoxGuest Addi t i ons - <ver si on>/ l i b/ VBoxGuest Addi t i ons

and the correct versions for the X server are sym bolically linked into the X.Org dr iver director ies.

For graphics integrat ion to work correct ly, the X server m ust load the vboxvideo driver (many recent X server versions look for itautom at ically if they see that they are running in Vir tualBox) and for an opt imal user exper ience the guest kernel drivers m ust beloaded and the Guest Addit ions tool VBoxClient must be running as a client in the X session. For mouse integrat ion to workcorrect ly, the guest kernel drivers must be loaded and in addit ion, in X servers from X.Org X11R6.8 to X11R7.1 and in XFree86version 4.3 the r ight vboxm ouse driver m ust be loaded and associated with / dev/ mouse or / dev/ psaux; in X.Org server 1.3 orlater a dr iver for a PS/ 2 mouse must be loaded and the r ight vboxmouse driver must be associated with / dev/ vboxguest .

The Vir tualBox guest graphics driver can use any graphics configurat ion for which the vir tual resolut ion fits into the virtual video



memory allocated to the virtual machine (m inus a sm all amount used by the guest driver) as described in the sect ion called“Display set t ings” . The driver will offer a range of standard modes at least up to the default guest resolut ion for all act ive guestmonitors. I n X.Org Server 1.3 and later the default mode can be changed by set t ing the output property VBOX_MODE to"< width> x< height> " for any guest m onitor . When VBoxClient and the kernel dr ivers are act ive this is done automat ically whenthe host requests a m ode change. The driver for older versions can only receive new modes by querying the host for requests atregular intervals.

With pre-1.3 X Servers you can also add your own modes to the X server configurat ion file. You simply need to add them to the"Modes" list in the "Display" subsect ion of the "Screen" sect ion. For example, the sect ion shown here has a custom 2048x800resolut ion mode added:

Sect i on " Scr een" I dent i f i er " Def aul t Scr een" Devi ce " Vi r t ual Box gr aphi cs car d" Moni t or " Gener i c Moni t or " Def aul t Dept h 24 SubSect i on " Di spl ay" Dept h 24 Modes " 2048x800" " 800x600" " 640x480" EndSubSect i onEndSect i on

CPU hot - plugging

With virtual m achines running modern server operat ing systems, VirtualBox supports CPU hot -plugging. [ 38] Whereas on aphysical computer this would mean that a CPU can be added or removed while the m achine is running, VirtualBox supportsadding and removing virtual CPUs while a virtual m achine is running.

CPU hot -plugging works only with guest operat ing systems that support it . So far this applies only to Linux and Windows Server2008 x64 Data Center Edit ion. Windows supports only hot -add while Linux supports hot -add and hot - remove but to use thisfeature with m ore than 8 CPUs a 64bit Linux guest is required.

At this t ime, CPU hot -plugging requires using the VBoxManage command- line interface. First , hot -plugging needs to be enabledfor a virtual machine:

VBoxManage modi f yvm " VM name" - - cpuhot pl ug on

After that , the - -cpus opt ion specifies the maximum num ber of CPUs that the virtual machine can have:

VBoxManage modi f yvm " VM name" - - cpus 8

When the VM is off, you can then add and remove virtual CPUs with the m odifyvm --plugcpu and - -unplugcpu subcomm ands,which take the number of the vir tual CPU as a parameter , like this:

VBoxManage modi f yvm " VM name" - - pl ugcpu 3VBoxManage modi f yvm " VM name" - - unpl ugcpu 3

Note that CPU 0 can never be removed.

While the VM is running, CPUs can be added with the cont r ol vm pl ugcpu/ unpl ugcpu comm ands instead:

VBoxManage cont r ol vm " VM name" pl ugcpu 3VBoxManage cont r ol vm " VM name" unpl ugcpu 3

See the sect ion called “VBoxManage m odifyvm ” and the sect ion called “VBoxManage cont rolvm ” for details.

With Linux guests, the following applies: To prevent eject ion while the CPU is st ill used it has to be ejected from within the guestbefore. The Linux Guest Addit ions contain a service which receives hot - remove events and ejects the CPU. Also, after a CPU isadded to the VM it is not automat ically used by Linux. The Linux Guest Addit ions service will take care of that if installed. I f not aCPU can be star ted with the following command:

echo 1 > / sys/ devi ces/ syst em/ cpu/ cpu<i d>/ onl i ne

PCI passthroughWhen running on Linux hosts, with a recent enough kernel (at least version 2. 6. 31) experimental host PCI devices passthrough isavailable. [ 39]

NoteThe PCI passthrough module is shipped as a VirtualBox extension package, which must be installed separately. Seethe sect ion called “ I nstalling VirtualBox and extension packs” for more informat ion.

Essent ially this feature allows to direct ly use physical PCI devices on the host by the guest even if host doesn't have dr ivers forthis part icular device. Both, regular PCI and some PCI Express cards, are supported. AGP and certain PCI Express cards are notsupported at the m om ent if they rely on GART (Graphics Address Remapping Table) unit program ming for texture m anagement



as it does rather nont riv ial operat ions with pages remapping inter fering with I OMMU. This lim itat ion may be lift ed in futurereleases.

To be fully funct ional, PCI passthrough support in VirtualBox depends upon an I OMMU hardware unit which is not yet too widelyavailable. I f the device uses bus mastering ( i.e. it performs DMA to the OS memory on its own) , then an I OMMU is required,otherwise such DMA t ransact ions m ay write to the wrong physical memory address as the device DMA engine is programm edusing a device-specific protocol to perform mem ory t ransact ions. The IOMMU funct ions as t ranslat ion unit mapping physicalmemory access requests from the device using knowledge of the guest physical address to host physical addresses t ranslat ionrules.

Intel's solut ion for I OMMU is marketed as " I ntel Virtualizat ion Technology for Directed I / O" (VT-d) , and AMD's one is called AMD-Vi. So please check if your motherboard datasheet has appropr iate technology. Even if your hardware doesn't have a I OMMU,certain PCI cards may work (such as serial PCI adapters) , but the guest will show a warning on boot and the VM execut ion willterm inate if the guest driver will at tempt to enable card bus mastering.

I t is very com mon that the BI OS or the host OS disables the I OMMU by default . So before any at tem pt to use it please m ake surethat

1. Your motherboard has an I OMMU unit .

2. Your CPU supports the I OMMU.

3. The I OMMU is enabled in the BI OS.

4. The VM must run with VT-x/ AMD-V and nested paging enabled.

5. Your Linux kernel was com piled with I OMMU support ( including DMA remapping, see CONFI G_DMAR kernel com pilat ion opt ion) .The PCI stub driver ( CONFI G_PCI _STUB) is required as well.

6. Your Linux kernel recognizes and uses the I OMMU unit ( i nt el _i ommu=on boot opt ion could be needed) . Search for DMAR andPCI -DMA in kernel boot log.

Once you made sure that the host kernel supports the IOMMU, the next step is to select the PCI card and at tach it to the guest .To figure out the list of available PCI devices, use the l spci com mand. The output will look like this

01: 00. 0 VGA compat i bl e cont r ol l er : ATI Technol ogi es I nc Cedar PRO [ Radeon HD 5450] 01: 00. 1 Audi o devi ce: ATI Technol ogi es I nc Manhat t an HDMI Audi o [ Mobi l i t y Radeon HD 5000 Ser i es] 02: 00. 0 Et her net cont r ol l er : Real t ek Semi conduct or Co. , Lt d. RTL8111/ 8168B PCI Expr ess Gi gabi t Et her net cont r ol l er ( r ev 03) 03: 00. 0 SATA cont r ol l er : JMi cr on Technol ogy Cor p. JMB362/ JMB363 Ser i al ATA Cont r ol l er ( r ev 03) 03: 00. 1 I DE i nt er f ace: JMi cr on Technol ogy Cor p. JMB362/ JMB363 Ser i al ATA Cont r ol l er ( r ev 03) 06: 00. 0 VGA compat i bl e cont r ol l er : nVi di a Cor por at i on G86 [ GeFor ce 8500 GT] ( r ev a1)

The first column is a PCI address ( in format bus: devi ce. f unct i on) . This address could be used to ident ify the device for fur theroperat ions. For example, to at tach a PCI network cont roller on the system listed above to the second PCI bus in the guest , asdevice 5, funct ion 0, use the following comm and:

VBoxManage modi f yvm " VM name" - - pci at t ach 02: 00. 0@01: 05. 0

To detach same device, use

VBoxManage modi f yvm " VM name" - - pci det ach 02: 00. 0

Please note that both host and guest could freely assign a different PCI address to the card at tached dur ing runt ime, so thoseaddresses only apply to the address of the card at the moment of at tachm ent (host ) , and dur ing BI OS PCI init (guest ) .

I f t he vir tual machine has a PCI device at tached, certain lim itat ions apply:

1. Only PCI cards with non-shared interrupts (such as using MSI on host ) are supported at the moment .2. No guest state can be reliably saved/ restored (as the internal state of the PCI card could not be ret r ieved) .3. Teleportat ion ( live m igrat ion) doesn't work ( for the sam e reason) .4. No lazy physical memory allocat ion. The host will preallocate the whole RAM required for the VM on startup (as we cannot

catch physical hardware accesses to the physical memory) .

Advanced display configurat ion

Custom VESA resolut ions

Apart from the standard VESA resolut ions, the Vir tualBox VESA BI OS allows you to add up to 16 custom video modes which willbe reported to the guest operat ing system. When using Windows guests with the Vir tualBox Guest Addit ions, a custom graphicsdr iver will be used instead of the fallback VESA solut ion so this informat ion does not apply.

Addit ional video modes can be configured for each VM using the ext ra data facilit y. The ext ra data key is called Cust omVi deoMode<x>with x being a num ber from 1 to 16. Please note that m odes will be read from 1 unt il either the following number is not definedor 16 is reached. The following example adds a video mode that corresponds to the nat ive display resolut ion of m any notebook



computers:

VBoxManage set ext r adat a " VM name" " Cust omVi deoMode1" " 1400x1050x16"

The VESA mode I Ds for custom video modes star t at 0x160. I n order to use the above defined custom video mode, the followingcommand line has be supplied to Linux:

vga = 0x200 | 0x160vga = 864

For guest operat ing system s with VirtualBox Guest Addit ions, a custom video mode can be set using the video m ode hint feature.

Configuring the m axim um resolut ion of guests w hen using the graphical frontend

When guest systems with the Guest Addit ions installed are star ted using the graphical frontend ( the normal VirtualBoxapplicat ion) , t hey will not be allowed to use screen resolut ions greater than the host 's screen size unless the user manuallyresizes them by dragging the window, switching to fullscreen or seam less mode or sending a video mode hint using VBoxManage.This behavior is what most users will want , but if you have different needs, it is possible to change it by issuing one of thefollowing commands from the command line:

VBoxManage set ext r adat a gl obal GUI / MaxGuest Resol ut i on any

will rem ove all lim its on guest resolut ions.

VBoxManage set ext r adat a gl obal GUI / MaxGuest Resol ut i on >wi dt h, hei ght <

manually specifies a maxim um resolut ion.

VBoxManage set ext r adat a gl obal GUI / MaxGuest Resol ut i on aut o

restores the default set t ings. Note that these set t ings apply globally to all guest system s, not just to a single machine.

Advanced storage configurat ion

Using a raw host hard disk from a guest

Start ing with version 1.4, as an alternat ive to using virtual disk im ages (as described in detail in Chapter 5, Virtual storage) ,VirtualBox can also present either ent ire physical hard disks or selected part it ions thereof as virtual disks to virtual machines.

With VirtualBox, this t ype of access is called "raw hard disk access" ; it allows a guest operat ing system to access its vir tual harddisk without going through the host OS file system. The actual perform ance difference for image files vs. raw disk var ies great lydepending on the overhead of the host f ile system, whether dynamically growing images are used, and on host OS cachingst rategies. The caching indirect ly also affects other aspects such as failure behavior, i.e. whether the virtual disk contains all datawrit ten before a host OS crash. Consult your host OS documentat ion for details on this.

W arningRaw hard disk access is for expert users only. I ncorrect use or use of an outdated configurat ion can lead to totalloss of data on the physical disk. Most important ly, do not at tempt to boot the part it ion with the current ly runninghost operat ing system in a guest . This will lead to severe data corrupt ion.

Raw hard disk access - - both for ent ire disks and individual part it ions - - is implemented as part of t he VMDK image formatsupport . As a result , you will need to create a special VMDK im age file which defines where the data will be stored. After creat ingsuch a special VMDK image, you can use it like a regular virtual disk image. For example, you can use the Vir tualBox Manager( the sect ion called “The Virtual Media Manager” ) or VBoxManage t o assign the image to a vir tual machine.

Access to ent ire physical hard disk

While this var iant is the simplest to set up, you must be aware that this will give a guest operat ing system direct and full accessto an ent ire physical disk . I f your host operat ing system is also booted from this disk, please take special care to not access thepart it ion from the guest at all. On the posit ive side, the physical disk can be repart it ioned in arbit rary ways without having torecreate the image file that gives access to the raw disk.

To create an image that represents an ent ire physical hard disk (which will not contain any actual data, as this will all be storedon the physical disk) , on a Linux host , use the command

VBoxManage i nt er nal commands cr eat er awvmdk - f i l ename / pat h/ t o/ f i l e. vmdk- r awdi sk / dev/ sda

This creates the image / pat h/ t o/ f i l e. vmdk (must be absolute) , and all data will be read and wr it t en from / dev/ sda.

On a Windows host , instead of the above device specificat ion, use e.g. \ \ . \ Physi cal Dr i ve0. On a Mac OS X host , instead of theabove device specificat ion use e.g. / dev/ di sk1. Note that on OS X you can only get access to an ent ire disk if no volume ismounted from it .



Creat ing the image requires read/ wr ite access for the given device. Read/ wr ite access is also later needed when using the imagefrom a vir tual machine. On some host plat forms (e.g. Windows Vista and later) , raw disk access may be rest r icted and notperm it ted by the host OS in some situat ions.

Just like with regular disk images, this does not automat ically at tach the newly created image to a virtual machine. This can bedone with e.g.

VBoxManage st or ageat t ach Wi ndowsXP - - st or agect l " I DE Cont r ol l er "- - por t 0 - - devi ce 0 - - t ype hdd - - medi um / pat h/ t o/ f i l e. vmdk

When this is done the selected virtual machine will boot from the specified physical disk.

Access to individual physical hard disk part it ions

This "raw part it ion support " is quite sim ilar to the " full hard disk" access described above. However, in this case, any part it ioninginformat ion will be stored inside the VMDK image, so you can e.g. install a different boot loader in the vir tual hard disk withoutaffect ing the host 's part it ioning informat ion. While the guest will be able to see all part it ions that exist on the physical disk,access will be filt ered in that reading from part it ions for which no access is allowed the part it ions will only yield zeroes, and allwrites to them are ignored.

To create a special im age for raw part it ion support (which will contain a small amount of data, as already ment ioned) , on a Linuxhost , use the comm and

VBoxManage i nt er nal commands cr eat er awvmdk - f i l ename / pat h/ t o/ f i l e. vmdk- r awdi sk / dev/ sda - par t i t i ons 1, 5

As you can see, the com mand is ident ical to the one for " full hard disk" access, except for the addit ional - par t i t i ons parameter.This example would create the image / pat h/ t o/ f i l e. vmdk (which, again, must be absolute) , and part it ions 1 and 5 of / dev/ sdawould be made accessible to the guest .

VirtualBox uses the same part it ion numbering as your Linux host . As a result , t he numbers given in the above exam ple wouldrefer to the first pr im ary part it ion and the first logical dr ive in the extended part it ion, respect ively.

On a Windows host , instead of the above device specificat ion, use e.g. \ \ . \ Physi cal Dr i ve0. On a Mac OS X host , instead of theabove device specificat ion use e.g. / dev/ di sk1. Note that on OS X you can only use part it ions which are not mounted (eject therespect ive volume first ) . Part it ion numbers are the same on Linux, Windows and Mac OS X hosts.

The numbers for the list of part it ions can be taken from the output of

VBoxManage i nt er nal commands l i s t par t i t i ons - r awdi sk / dev/ sda

The output lists the part it ion t ypes and sizes to give the user enough informat ion to ident ify the part it ions necessary for theguest .

Im ages which give access to individual part it ions are specific to a part icular host disk setup. You cannot t ransfer these images toanother host ; also, whenever the host part it ioning changes, the image must be recreated .

Creat ing the image requires read/ wr ite access for the given device. Read/ wr ite access is also later needed when using the imagefrom a vir tual machine. I f this is not feasible, there is a special variant for raw part it ion access (current ly only available on Linuxhosts) that avoids having to give the current user access to the ent ire disk. To set up such an image, use

VBoxManage i nt er nal commands cr eat er awvmdk - f i l ename / pat h/ t o/ f i l e. vmdk- r awdi sk / dev/ sda - par t i t i ons 1, 5 - r el at i ve

When used from a vir tual machine, the image will then refer not to the ent ire disk, but only to the individual par t it ions ( in theexample / dev/ sda1 and / dev/ sda5) . As a consequence, read/ write access is only required for the affected part it ions, not for theent ire disk. During creat ion however, read-only access to the ent ire disk is required to obtain the part it ioning informat ion.

In some configurat ions it m ay be necessary to change the MBR code of the created image, e.g. to replace the Linux boot loaderthat is used on the host by another boot loader. This allows e.g. the guest to boot direct ly to Windows, while the host boots Linuxfrom the "sam e" disk. For this purpose the - mbr parameter is provided. I t specifies a file nam e from which to take the MBR code.The part it ion table is not modified at all, so a MBR file from a system with totally different part it ioning can be used. An exampleof this is

VBoxManage i nt er nal commands cr eat er awvmdk - f i l ename / pat h/ t o/ f i l e. vmdk- r awdi sk / dev/ sda - par t i t i ons 1, 5 - mbr wi nxp. mbr

The modified MBR will be stored inside the im age, not on the host disk.

The created im age can be at tached to a storage cont roller in a VM configurat ion as usual.

Configuring the hard disk vendor product data ( VPD)

VirtualBox reports vendor product data for its vir tual hard disks which consist of hard disk ser ial number, firm ware revision andmodel number. These can be changed using the following commands:



VBoxManage set ext r adat a " VM name" " VBoxI nt er nal / Devi ces/ ahci / 0/ Conf i g/ Por t 0/ Ser i al Number " " ser i al "VBoxManage set ext r adat a " VM name" " VBoxI nt er nal / Devi ces/ ahci / 0/ Conf i g/ Por t 0/ Fi r mwar eRevi s i on" " f i r mwar e"VBoxManage set ext r adat a " VM name" " VBoxI nt er nal / Devi ces/ ahci / 0/ Conf i g/ Por t 0/ Model Number " " model "

The ser ial number is a 20 byte alphanum eric st r ing, the firmware revision an 8 byte alphanumeric st r ing and the model number a40 byte alphanumeric st r ing. I nstead of "Port0" ( referr ing to the first port ) , specify the desired SATA hard disk port .

The above commands apply to virtual machines with an AHCI (SATA) cont roller. The commands for vir tual machines with an I DEcontroller are:

VBoxManage set ext r adat a " VM name" " VBoxI nt er nal / Devi ces/ pi i x3i de/ 0/ Conf i g/ Pr i mar yMast er / Ser i al Number " " ser i al "VBoxManage set ext r adat a " VM name" " VBoxI nt er nal / Devi ces/ pi i x3i de/ 0/ Conf i g/ Pr i mar yMast er / Fi r mwar eRevi s i on" " f i r mwar e"VBoxManage set ext r adat a " VM name" " VBoxI nt er nal / Devi ces/ pi i x3i de/ 0/ Conf i g/ Pr i mar yMast er / Model Number " " model "

For hard disks it 's also possible to mark the dr ive as having a non- rotat ional medium with:

VBoxManage set ext r adat a " VM name" " VBoxI nt er nal / Devi ces/ ahci / 0/ Conf i g/ Por t 0/ NonRot at i onal " " 1"

Addit ional three parameters are needed for CD/ DVD drives to report t he vendor product data:

VBoxManage set ext r adat a " VM name" " VBoxI nt er nal / Devi ces/ ahci / 0/ Conf i g/ Por t 0/ ATAPI Vendor I d" " vendor "VBoxManage set ext r adat a " VM name" " VBoxI nt er nal / Devi ces/ ahci / 0/ Conf i g/ Por t 0/ ATAPI Pr oduct I d" " pr oduct "VBoxManage set ext r adat a " VM name" " VBoxI nt er nal / Devi ces/ ahci / 0/ Conf i g/ Por t 0/ ATAPI Revi s i on" " r evi s i on"

The vendor id is an 8 byte alphanum eric st r ing, the product id an 16 byte alphanumeric st r ing and the revision a 4 bytealphanum eric st r ing. I nstead of "Port0" ( referr ing to the first port ) , specify the desired SATA hard disk port .

Access iSCSI targets via I nterna l Netw ork ing

As an exper im ental feature, VirtualBox allows for accessing an iSCSI target running in a virtual machine which is configured forusing I nternal Networking mode. Please see the sect ion called “ iSCSI servers” ; the sect ion called “ I nternal networking” ; and thesect ion called “VBoxManage storageat tach” for addit ional informat ion.

The I P stack accessing I nternal Networking must be configured in the virtual machine which accesses the iSCSI target . A freestat ic I P and a MAC address not used by other vir tual machines m ust be chosen. I n the example below, adapt the name of thevirtual m achine, the MAC address, the I P configurat ion and the I nternal Networking nam e ( "MyI ntNet" ) according to your needs.The following seven commands must first be issued:

VBoxManage set ext r adat a " VM name" VBoxI nt er nal / Devi ces/ I nt Net I P/ 0/ Tr ust ed 1VBoxManage set ext r adat a " VM name" VBoxI nt er nal / Devi ces/ I nt Net I P/ 0/ Conf i g/ MAC 08: 00: 27: 01: 02: 0fVBoxManage set ext r adat a " VM name" VBoxI nt er nal / Devi ces/ I nt Net I P/ 0/ Conf i g/ I P 10. 0. 9. 1VBoxManage set ext r adat a " VM name" VBoxI nt er nal / Devi ces/ I nt Net I P/ 0/ Conf i g/ Net mask 255. 255. 255. 0VBoxManage set ext r adat a " VM name" VBoxI nt er nal / Devi ces/ I nt Net I P/ 0/ LUN#0/ Dr i ver I nt NetVBoxManage set ext r adat a " VM name" VBoxI nt er nal / Devi ces/ I nt Net I P/ 0/ LUN#0/ Conf i g/ Net wor k MyI nt NetVBoxManage set ext r adat a " VM name" VBoxI nt er nal / Devi ces/ I nt Net I P/ 0/ LUN#0/ Conf i g/ I sSer vi ce 1

Finally the iSCSI disk must be at tached with the - - i nt net opt ion to tell t he iSCSI init iator to use internal networking:

VBoxManage st or ageat t ach . . . - - medi um i scsi- - ser ver 10. 0. 9. 30 - - t ar get i qn. 2008- 12. com. sun: sampl et ar get - - i nt net

Compared to a "regular" iSCSI setup, I P address of the target must be specified as a numeric I P address, as there is no DNSresolver for internal networking.

The vir tual machine with the iSCSI target should be started before the VM using it is powered on. I f a virtual m achine using aniSCSI disk is started without having the iSCSI target powered up, it can take up to 200 seconds to detect this situat ion. The VMwill fail to power up.

Launching m ore than 1 2 0 VMs on Solar is hostsSolaris hosts have a fixed number of I PC semaphores I Ds per process prevent ing users from start ing more than 120 VMs. Whilet rying to launch more VMs you would be shown a "Cannot create I PC semaphore" error . I n order to run more VMs, you will needto increase the semaphore I D lim it of the VBoxSVC process.

Tem porary solut ion w hile Vir tualBox is running

Execute as root the pr ct l command as shown below for the current ly running VBoxSVC process. The process I D of VBoxSVC canbe obtained using the ps comm and.



pr ct l - r - n pr oj ect . max- sem- i ds - v 2048 <pi d- of - VBoxSVC>

This will immediately increase the semaphore lim it of the current ly running VBoxSVC process and allow you to launch more VMs.However, this change is not persistent and will be lost when VBoxSVC term inates.

Persistent solut ion, requires user to re - login

I f t he user running VirtualBox is root , execute the following command:

pr ct l - n pr oj ect . max- sem- i ds - v 2048 - r - i pr oj ect user . r oot

From this point , start ing new processes will have the increased lim it of 2048. You may then re- login or close all VMs and restartVBoxSVC. You can check the current VBoxSVC semaphore I D lim it using the following command:

pr ct l - n pr oj ect . max- sem- i ds - i pr ocess <pi d- of - VBoxSVC>

I f t he user running VirtualBox is not root , you must add the property to the user's default project . Create the default project andset the lim it by execut ing as root :

pr oj add - U <user name> user . <user name>pr oj mod - s - K " pr oj ect . max- sem- i ds=( pr i v , 2048, deny) " user . <user name>

Subst itute "< username> " with the name of the user running Vir tualBox. Then re- login as this user to be able to run more than120 VMs.

Legacy com m ands for using ser ial portsStart ing with version 1.4, VirtualBox provided support for virtual serial ports, which, at the t im e, was rather complicated to setup with a sequence of VBoxManage set ext r adat a statements. Since version 1.5, that way of set t ing up serial port s is no longernecessary and deprecated. To set up virtual serial ports, use the methods now described in the sect ion called “Serial ports” .

NoteFor backwards com pat ibility, the old set ext r adat a statements, whose descr ipt ion is retained below from the oldversion of the manual, take precedence over the new way of configuring serial port s. As a result , if configuringserial ports the new way doesn't work, make sure the VM in quest ion does not have old configurat ion data such asbelow st ill act ive.

The old sequence of configuring a serial por t used the following 6 com mands:

VBoxManage set ext r adat a " VM name" " VBoxI nt er nal / Devi ces/ ser i al / 0/ Conf i g/ I RQ" 4VBoxManage set ext r adat a " VM name" " VBoxI nt er nal / Devi ces/ ser i al / 0/ Conf i g/ I OBase" 0x3f 8VBoxManage set ext r adat a " VM name" " VBoxI nt er nal / Devi ces/ ser i al / 0/ LUN#0/ Dr i ver " CharVBoxManage set ext r adat a " VM name" " VBoxI nt er nal / Devi ces/ ser i al / 0/ LUN#0/ At t achedDr i ver / Dr i ver " NamedPi peVBoxManage set ext r adat a " VM name" " VBoxI nt er nal / Devi ces/ ser i al / 0/ LUN#0/ At t achedDr i ver / Conf i g/ Locat i on" " \ \ . \ pi pe\ vboxCOM1"VBoxManage set ext r adat a " VM name" " VBoxI nt er nal / Devi ces/ ser i al / 0/ LUN#0/ At t achedDr i ver / Conf i g/ I sSer ver " 1

This sets up a serial port in the guest with the default set t ings for COM1 ( I RQ 4, I / O address 0x3f8) and the Locat i on set t ingassumes that this configurat ion is used on a Windows host , because the Windows named pipe syntax is used. Keep in m ind thaton Windows hosts a named pipe must always start with \ \ . \ pi pe\ . On Linux the same config set t ings apply, except that the pathnam e for the Locat i on can be chosen more freely. Local domain sockets can be placed anywhere, provided the user runningVirtualBox has the perm ission to create a new file in the directory. The final comm and above defines that VirtualBox acts as aserver, i.e. it creates the named pipe itself instead of connect ing to an already exist ing one.

Fine- tuning the Vir tualBox NAT engine

Configuring the address of a NAT netw ork interface

I n NAT mode, the guest network interface is assigned to the I Pv4 range 10. 0. x. 0/ 24 by default where x corresponds to theinstance of the NAT interface + 2. So x is 2 when there is only one NAT instance act ive. I n that case the guest is assigned to theaddress 10. 0. 2. 15, the gateway is set to 10. 0. 2. 2 and the name server can be found at 10. 0. 2. 3.

I f, for any reason, the NAT network needs to be changed, this can be achieved with the following comm and:

VBoxManage modi f yvm " VM name" - - nat net 1 " 192. 168/ 16"

This command would reserve the network addresses from 192. 168. 0. 0 to 192. 168. 254. 254 for the first NAT network instance of "VMnam e". The guest I P would be assigned to 192. 168. 0. 15 and the default gateway could be found at 192. 168. 0. 2.

Configuring the boot server ( next server) of a NAT netw ork interface



For network boot ing in NAT mode, by default VirtualBox uses a built - in TFTP server at the I P address 10.0.2.3. This defaultbehavior should work fine for typical remote-boot ing scenarios. However, it is possible to change the boot server I P and thelocat ion of the boot image with the following comm ands:

VBoxManage modi f yvm " VM name" - - nat t f t pser ver 1 10. 0. 2. 2VBoxManage modi f yvm " VM name" - - nat t f t pf i l e1 / sr v/ t f t p/ boot / MyPXEBoot . pxe

Tuning TCP/ I P buffers for NAT

The Vir tualBox NAT stack performance is often determ ined by its interact ion with the host 's TCP/ I P stack and the size of severalbuffers ( SO_RCVBUF and SO_SNDBUF) . For certain setups users m ight want to adjust the buffer size for a bet ter perform ance. This canby achieved using the following commands (values are in kilobytes and can range from 8 to 1024) :

VBoxManage modi f yvm " VM name" - - nat set t i ngs1 16000, 128, 128, 0, 0

This example illust rates tuning the NAT set t ings. The first param eter is the MTU, then the size of the socket 's send buffer and thesize of the socket 's receive buffer, the init ial size of the TCP send window, and last ly the init ial size of the TCP receive window.Note that specifying zero means fallback to the default value.

Each of these buffers has a default size of 64KB and default MTU is 1500.

Binding NAT sockets to a specific interface

By default , VirtualBox's NAT engine will route TCP/ I P packets through the default inter face assigned by the host 's TCP/ I P stack.(The technical reason for this is that the NAT engine uses sockets for comm unicat ion.) I f, for som e reason, you want to changethis behavior, you can tell the NAT engine to bind to a part icular I P address instead. Use the following com mand:

VBoxManage modi f yvm " VM name" - - nat bi ndi p1 " 10. 45. 0. 2"

After this, all outgoing t raffic will be sent through the interface with the I P address 10.45.0.2. Please make sure that thisinterface is up and running prior to this assignment .

Enabling DNS proxy in NAT m ode

The NAT engine by default offers the same DNS servers to the guest that are configured on the host . I n som e scenarios, it can bedesirable to hide the DNS server I Ps from the guest , for example when this informat ion can change on the host due to expir ingDHCP leases. I n this case, you can tell the NAT engine to act as DNS proxy using the following com mand:

VBoxManage modi f yvm " VM name" - - nat dnspr oxy1 on

Using the host 's resolver as a DNS proxy in NAT m ode

For resolving network names, the DHCP server of the NAT engine offers a list of registered DNS servers of the host . I f for somereason you need to hide this DNS server list and use the host 's resolver set t ings, thereby forcing the VirtualBox NAT engine tointercept DNS requests and forward them to host 's resolver , use the following com mand:

VBoxManage modi f yvm " VM name" - - nat dnshost r esol ver 1 on

Note that this set t ing is sim ilar to the DNS proxy mode, however whereas the proxy m ode just forwards DNS requests to theappropriate servers, the resolver mode will interpret the DNS requests and use the host 's DNS API to query the informat ion andreturn it to the guest .

Configuring aliasing of the NAT engine

By default , the NAT core uses aliasing and uses random ports when generat ing an alias for a connect ion. This works well for themost protocols like SSH, FTP and so on. Though some protocols m ight need a more t ransparent behavior or m ay depend on thereal port number the packet was sent from. I t is possible to change the NAT m ode via the VBoxManage frontend with thefollowing commands:

VBoxManage modi f yvm " VM name" - - nat al i asmode1 pr oxyonl y

and

VBoxManage modi f yvm " Li nux Guest " - - nat al i asmode1 samepor t s

The first example disables aliasing and switches NAT into t ransparent mode, the second example enforces preserving of por tvalues. These modes can be com bined if necessary.

Configuring the BI OS DMI inform at ionThe DMI data Vir tualBox provides to guests can be changed for a specific VM. Use the following com mands to configure the DMIBI OS informat ion:

VBoxManage set ext r adat a " VM name" " VBoxI nt er nal / Devi ces/ pcbi os/ 0/ Conf i g/ Dmi BI OSVendor " " BI OS Vendor "



VBoxManage set ext r adat a " VM name" " VBoxI nt er nal / Devi ces/ pcbi os/ 0/ Conf i g/ Dmi BI OSVer si on" " BI OS Ver si on"VBoxManage set ext r adat a " VM name" " VBoxI nt er nal / Devi ces/ pcbi os/ 0/ Conf i g/ Dmi BI OSRel easeDat e" " BI OS Rel ease Dat e"VBoxManage set ext r adat a " VM name" " VBoxI nt er nal / Devi ces/ pcbi os/ 0/ Conf i g/ Dmi BI OSRel easeMaj or " 1VBoxManage set ext r adat a " VM name" " VBoxI nt er nal / Devi ces/ pcbi os/ 0/ Conf i g/ Dmi BI OSRel easeMi nor " 2VBoxManage set ext r adat a " VM name" " VBoxI nt er nal / Devi ces/ pcbi os/ 0/ Conf i g/ Dmi BI OSFi r mwar eMaj or " 3VBoxManage set ext r adat a " VM name" " VBoxI nt er nal / Devi ces/ pcbi os/ 0/ Conf i g/ Dmi BI OSFi r mwar eMi nor " 4VBoxManage set ext r adat a " VM name" " VBoxI nt er nal / Devi ces/ pcbi os/ 0/ Conf i g/ Dmi Syst emVendor " " Syst em Vendor "VBoxManage set ext r adat a " VM name" " VBoxI nt er nal / Devi ces/ pcbi os/ 0/ Conf i g/ Dmi Syst emPr oduct " " Syst em Pr oduct "VBoxManage set ext r adat a " VM name" " VBoxI nt er nal / Devi ces/ pcbi os/ 0/ Conf i g/ Dmi Syst emVer si on" " Syst em Ver si on"VBoxManage set ext r adat a " VM name" " VBoxI nt er nal / Devi ces/ pcbi os/ 0/ Conf i g/ Dmi Syst emSer i al " " Syst em Ser i al "VBoxManage set ext r adat a " VM name" " VBoxI nt er nal / Devi ces/ pcbi os/ 0/ Conf i g/ Dmi Syst emSKU" " Syst em SKU"VBoxManage set ext r adat a " VM name" " VBoxI nt er nal / Devi ces/ pcbi os/ 0/ Conf i g/ Dmi Syst emFami l y" " Syst em Fami l y"VBoxManage set ext r adat a " VM name" " VBoxI nt er nal / Devi ces/ pcbi os/ 0/ Conf i g/ Dmi Syst emUui d" " 9852bf 98 - b83c- 49db- a8de- 182c42c7226b"

I f a DMI st r ing is not set , the default value of Vir tualBox is used. To set an empty st r ing use " <EMPTY>" .

Note that in the above list , all quoted parameters (DmiBI OSVendor, Dm iBI OSVersion but not DmiBI OSReleaseMajor) areexpected to be st r ings. I f such a st r ing is a valid number, the param eter is t reated as num ber and the VM will most probablyrefuse to star t with an VERR_CFGM_NOT_STRI NG error. I n that case, use " st r i ng: <val ue>" , for instance

VBoxManage set ext r adat a " VM name" " VBoxI nt er nal / Devi ces/ pcbi os/ 0/ Conf i g/ Dmi Syst emSer i al " " s t r i ng: 1234"

Changing this informat ion can be necessary to provide the DMI informat ion of the host to the guest to prevent Windows fromasking for a new product key. On Linux hosts the DMI BI OS informat ion can be obtained with

dmi decode - t 0

and the DMI system informat ion can be obtained with

dmi decode - t 1

Fine- tuning t im ers and t im e synchronizat ion

Configuring the guest t im e stam p counter ( TSC) to reflect guest execut ion

By default , VirtualBox keeps all sources of t ime visible to the guest synchronized to a single t ime source, the monotonic hostt im e. This reflects the assumpt ions of m any guest operat ing systems, which expect all t im e sources to reflect "wall clock" t ime.In special circumstances it m ay be useful however to make the TSC ( t ime stamp counter) in the guest reflect the t ime actuallyspent execut ing the guest .

This special TSC handling mode can be enabled on a per -VM basis, and for best results must be used only in combinat ion withhardware virtualizat ion. To enable this mode use the following command:

VBoxManage set ext r adat a " VM name" " VBoxI nt er nal / TM/ TSCTi edToExecut i on" 1

To revert to the default TSC handling mode use:

VBoxManage set ext r adat a " VM name" " VBoxI nt er nal / TM/ TSCTi edToExecut i on"

Note that if you use the special TSC handling mode with a guest operat ing system which is very st r ict about the consistency oft im e sources you may get a warning or error message about the t im ing inconsistency. I t may also cause clocks to becomeunreliable with some guest operat ing systems depending on they use the TSC.

Accelerate or slow dow n the guest clock

For cer tain purposes it can be useful to accelerate or to slow down the (virtual) guest clock. This can be achieved as follows:

VBoxManage set ext r adat a " VM name" " VBoxI nt er nal / TM/ War pDr i vePer cent age" 200

The above example will double the speed of the guest clock while

VBoxManage set ext r adat a " VM name" " VBoxI nt er nal / TM/ War pDr i vePer cent age" 50

will halve the speed of the guest clock. Note that changing the rate of the vir tual clock can confuse the guest and can even leadto abnormal guest behavior . For instance, a higher clock rate means shorter t imeouts for vir tual devices with the result t hat a



slight ly increased response t ime of a virtual device due to an increased host load can cause guest failures. Note further that anyt im e synchronizat ion m echanism will frequent ly t ry to resynchronize the guest clock with the reference clock (which is the hostclock if t he VirtualBox Guest Addit ions are act ive) . Therefore any t ime synchronizat ion should be disabled if t he rate of the guestclock is changed as descr ibed above (see the sect ion called “Tuning the Guest Addit ions t ime synchronizat ion parameters” ) .

Tuning the Guest Addit ions t im e synchronizat ion param eters

The Vir tualBox Guest Addit ions ensure that the guest 's system t ime is synchronized with the host t ime. There are severalparameters which can be tuned. The parameters can be set for a specific VM using the following comm and:

VBoxManage guest pr oper t y set VM_NAME " / Vi r t ual Box/ Guest Add/ VBoxSer vi ce/ PARAMETER" VALUE

where PARAMETER is one of the following:

- - t i mesync- i nt er val

Specifies the interval at which to synchronize the t ime with the host . The default is 10000 m s (10 seconds) .

- - t i mesync- mi n- adj ust

The m inimum absolute drift value measured in m illiseconds to m ake adjustments for. The default is 1000 ms on OS/ 2 and100 ms elsewhere.

- - t i mesync- l at ency- f act or

The factor to mult iply the t ime query latency with to calculate the dynamic m inim um adjust t im e. The default is 8 t imes,that m eans in detail: Measure the t ime it takes to determ ine the host t ime ( the guest has to contact the VM host servicewhich may take some t ime) , m ult iply this value by 8 and do an adjustment only if t he t ime difference between host andguest is bigger than this value. Don't do any t ime adjustment otherwise.

- - t i mesync- max- l at ency

The max host t imer query latency to accept . The default is 250 ms.

- - t i mesync- set - t hr eshol d

The absolute dr ift t hreshold, given as m illiseconds where to start set t ing the t ime instead of t rying to smoothly adjust it . Thedefault is 20 m inutes.

- - t i mesync- set - st ar t

Set the t ime when start ing the t ime sync service.

- - t i mesync- set - on- r est or e 0| 1

Set the t ime after the VM was restored from a saved state when passing 1 as parameter (default ) . Disable by passing 0. I nthe lat ter case, the t ime will be adjusted smoothly which can take a long t im e.

All these parameters can be specified as command line parameters to VBoxService as well.

I nstalling the alternate br idged netw orking dr iver on Solar is 1 1 hostsStart ing with Vir tualBox 4.1, VirtualBox ships a new network filter driver that ut ilizes Solaris 11's Crossbow funct ionality. Bydefault , t his new driver is installed for Solar is 11 hosts (builds 159 and above) that has support for it .

To force installat ion of the older STREAMS based network filter driver, execute as root execute the below command beforeinstalling the VirtualBox package:

t ouch / et c/ vboxi nst _vboxf l t

To force installat ion of the Crossbow based network filter driver , execute as root the below command before installing theVirtualBox package:

t ouch / et c/ vboxi nst _vboxbow

To check which driver is current ly being used by VirtualBox, execute:

modi nf o | gr ep vbox

I f t he output contains "vboxbow", it indicates VirtualBox is using the Crossbow network filter driver, while the name "vboxflt "indicates usage of the older STREAMS network filt er.

VirtualBox VNI C tem plates for VLANs on Solaris 1 1 hosts



VirtualBox supports VNI C (Virtual Network I nterface) templates for configuring VMs over VLANs. [ 40] A VirtualBox VNI C templateis a VNI C whose name starts with "vboxvnic_template".

Here is an example of how to use a VNI C template to configure a VLAN for VMs. Create a Vir tualBox VNI C template, by execut ingas root :

dl adm cr eat e- vni c - t - l nge0 - v 23 vboxvni c_t empl at e0

This will create a temporary VNI C over interface "nge0" with the VLAN I D 23. To create VNI C templates that are persistent acrosshost reboots, skip the - t parameter in the above com mand. You may check the current state of links using:

$ dl adm show- l i nkLI NK CLASS MTU STATE BRI DGE OVERnge0 phys 1500 up - - - -nge1 phys 1500 down - - - -vboxvni c_t empl at e0 vni c 1500 up - - nge0

$ dl adm show- vni cLI NK OVER SPEED MACADDRESS MACADDRTYPE VI Dvboxvni c_t empl at e0 nge0 1000 2: 8: 20: 25: 12: 75 r andom 23

Once the VNI C template is created, all VMs that need to be part of VLAN 23 over the physical inter face "nge0" can use the sam eVNI C template. This makes managing VMs on VLANs sim pler and efficient , as the VLAN details are not stored as part of everyVM's configurat ion but rather picked up via the VNI C template which can be modified anyt im e using dl adm. Apart from the VLANID, VNI C templates can be created with addit ional propert ies such as bandwidth lim it s, CPU fanout etc. Refer to your Solar isnetwork documentat ion on how to accom plish this. These addit ional propert ies, if any, are also applied to VMs which use theVNI C template.

Configuring m ult iple host - only netw ork interfaces on Solaris hostsBy default VirtualBox provides you with one host -only network interface. Adding more host -only network interfaces on Solarishosts requires manual configurat ion. Here's how to add two more host -only network interfaces.

You first need to stop all running VMs and unplumb all exist ing "vboxnet" interfaces. Execute the following commands as root :

i f conf i g vboxnet 0 unpl umb

Once you make sure all vboxnet interfaces are unplumbed, remove the driver using:

r em_dr v vboxnet

then edit the file / pl at f or m/ i 86pc/ ker nel / dr v/ vboxnet . conf and add a line for the new interfaces:

name=" vboxnet " par ent =" pseudo" i nst ance=1;name=" vboxnet " par ent =" pseudo" i nst ance=2;

Add as many of these lines as required and make sure " instance" number is uniquely increm ented. Next reload the vboxnetdr iver using:

add_dr v vboxnet

Now plumb all the inter faces using i f conf i g vboxnet X pl umb (where X can be 0, 1 or 2 in this case) and once plum bed you can thenconfigure the inter face like any other network interface.

To make your newly added inter faces' set t ings persistent across reboots you will need to edit the files / et c/ net masks , and if youare using NWAM / et c/ nwam/ l l p and add the appropr iate ent r ies to set the netmask and stat ic I P for each of those interfaces. TheVirtualBox installer only updates these configurat ion files for the one "vboxnet0" interface it creates by default .

Configuring the Vir tualBox CoreDum per on Solar is hosts

VirtualBox is capable of producing its own core files when things go wrong and for more extensive debugging. Current ly this isonly available on Solar is hosts.

The Vir tualBox CoreDumper can be enabled using the following comm and:

VBoxManage set ext r adat a " VM name" VBoxI nt er nal 2/ Cor eDumpEnabl ed 1

You can specify which directory to use for core dumps with this comm and:

VBoxManage set ext r adat a " VM name" VBoxI nt er nal 2/ Cor eDumpDi r <pat h- t o- di r ect or y>

Make sure the directory you specify is on a volume with sufficient free space and that the Vir tualBox process has sufficientperm issions to write files to this directory. I f you skip this command and don't specify any core dump directory, the currentdirectory of the VirtualBox executable will be used (which would m ost likely fail when wr it ing cores as they are protected withroot perm issions) . I t is recommended you explicity set a core dump directory.



You must specify when the VirtualBox CoreDumper should be t r iggered. This is done using the following commands:

VBoxManage set ext r adat a " VM name" VBoxI nt er nal 2/ Cor eDumpRepl aceSyst emDump 1VBoxManage set ext r adat a " VM name" VBoxI nt er nal 2/ Cor eDumpLi ve 1

At least one of the above two commands will have to be provided if you have enabled the VirtualBox CoreDumper.

Set t ing Cor eDumpRepl aceSyst emDump sets up the VM to override the host 's core dumping mechanism and in the event of any crashonly the Vir tualBox CoreDumper would produce the core file.

Set t ing Cor eDumpLi ve sets up the VM to produce cores whenever the VM receives a SI GUSR2 signal. After producing the core file, theVM will not be term inated and will cont inue to run. You can then take cores of the VM process using:

ki l l - s SI GUSR2 <VM- pr ocess- i d>

Core files produced by the VirtualBox CoreDum per are of the form cor e. vb. <Pr ocessName>. <Pr ocessI D>,e.g.cor e. vb. VBoxHeadl ess. 11321.

Locking dow n the Vir tualBox m anager GUIThere are several advanced custom izat ion set t ings for locking down the VirtualBox manager, that is, removing som e featuresthat the user should not see.

VBoxManage set ext r adat a gl obal GUI / Cust omi zat i ons OPTI ON[ , OPTI ON. . . ]

where OPTI ON is one of the following keywords:

noSel ect or

Don't allow to start the Vir tualBox manager. Trying to do so will show a window containing a proper error m essage.

noMenuBar

VM windows will not contain a m enu bar.

noSt at usBar

VM windows will not contain a status bar.

To disable any GUI custom izat ion do

VBoxManage set ext r adat a gl obal GUI / Cust omi zat i ons

To disable all host key com binat ions, open the preferences and change the host key to None. This m ight be useful when usingVirtualBox in a kiosk m ode.

Furthermore, you can disallow certain act ions when term inat ing a VM. To disallow specific act ions, type:

VBoxManage set ext r adat a " VM name" GUI / Rest r i c t edCl oseAct i ons OPTI ON[ , OPTI ON. . . ]

where OPTI ON is one of the following keywords:

SaveSt at e

Don't allow the user to save the VM state when term inat ing the VM.

Shut down

Don't allow the user to shutdown the VM by sending the ACPI power -off event to the guest .

Power Of f

Don't allow the user to power off the VM.

Rest or e

Don't allow the user to return to the last snapshot when powering off the VM.

Any com binat ion of the above is allowed. I f all opt ions are specified, the VM cannot be shut down at all.

Start ing the Vir tualBox w eb service autom at icallyThe Vir tualBox web service ( vboxwebsr v) is used for cont rolling VirtualBox remotely. I t is docum ented in detail in the VirtualBoxSoftware Development Kit (SDK) ; please see Chapter 11, Vir tualBox programming inter faces. As the client base using this



interface is growing, we added start scripts for the var ious operat ion system s we support . The following descr ibes how to usethem .

On Mac OS X, launchd is used. An example configurat ion file can be found in$HOME/ Li br ar y/ LaunchAgent s/ or g. v i r t ual box. vboxwebsr v. pl i s t . I t can be enabled by changing the Di sabl ed key from t r ue to f al se.To manually start the service use the following comm and:

l aunchct l l oad ~/ Li br ar y/ LaunchAgent s/ or g. v i r t ual box. vboxwebsr v. pl i s t

For addit ional informat ion on how launchd services could be configured seeht t p: / / devel oper . appl e. com/ mac/ l i br ar y/ document at i on/ MacOSX/ Concept ual / BPSyst emSt ar t up/ BPSyst emSt ar t up. ht ml .

Mem ory Ballooning Service

Start ing with Vir tualBox 4.0.8 a new host executable called VBoxBal l oonCt r l is available to automat ically take care of a VM'sconfigured m emory balloon (see the sect ion called “Memory ballooning” for an int roduct ion to mem ory ballooning) . This isespecially useful for server environments where VMs m ay dynamically require m ore or less memory dur ing runt ime.

VBoxBalloonCtr l periodically checks a VM's current m emory balloon and it s free guest RAM and autom at ically adjusts the currentmemory balloon by inflat ing or deflat ing it accordingly. This handling only applies to running VMs having recent Guest Addit ionsinstalled.

To set up VBoxBalloonCtrl and adjust the maximum ballooning size a VM can reach the following parameters will be checked inthe following order:

specified via VBoxBalloonCtr l command line parameter - - bal l oon- max per-VM parameter using

VBoxManage set ext r adat a " VM- Name" VBoxI nt er nal / Guest / Bal l oonSi zeMax <Si ze i n MB>

global parameter for all VMs using

VBoxManage set ext r adat a gl obal VBoxI nt er nal / Guest / Bal l oonSi zeMax <Si ze i n MB>

NoteI f no maxim um ballooning size is specified by at least one of the parameters above, no ballooning will be performedat all.

For more opt ions and parameters check the built - in comm and line help accessible with - - hel p.

[ 38] Support for CPU hot -plugging was int roduced with Vir tualBox 3.2.

[ 39] Experimental support for PCI passthrough was int roduced with Vir tualBox 4.1.

[ 40] Support for Crossbow based br idged networking was int roduced with VirtualBox 4.1 and requires Solar is 11 build 159 orabove.



Documents

ch09 virtualbox passthrough