hoakley July 17, 2022 Macs, Technology

Last Week on My Mac: How virtualization is important to the future of macOS

The more I look at the changes Apple has introduced to bring lightweight virtualization to macOS, the more suspicious I become. Virtualizing a guest operating system on Macs has always been important to some, but hardly a cornerstone of macOS. We’ve had fine commercial products such as VMware and Parallels, and outstanding alternatives like UTM. So why should Apple have invested so much in its Virtualization framework on Apple silicon Macs?

What may at first seem just another API has taken Apple some years to implement, as lightweight virtualization goes much deeper than might appear. As a form of what’s often known as para-virtualization, its easily accessible devices have required implementation of the Virtio open standard, and in the case of the accelerated display device available to macOS guests, giving access to the GPU and Metal.

There are signs that this goes back well before WWDC 2020 and the release of Apple’s Developer Transition Kit. When Craig Federighi announced the details of Apple silicon in June 2020, he identified three pillars supporting a diversity of apps on Apple Silicon: Universal apps, Rosetta 2 and Virtualization. The latter was promoted for hosting Linux and Docker, and Andreas Wendker demonstrated a pre-release version of Parallels Desktop running Linux as a guest. Conspicuous by their absence at that time were the two most popular and important guest operating systems, Windows and macOS.

Big Sur brought the essential foundation for lightweight virtualization in its Hypervisor framework, which had already been working on Intel Macs with hardware support in the VT-x feature set including Extended Page Tables (EPT) and Unrestricted Mode. Hardware support is also required on Apple silicon, this time described by Apple as “the Virtualization Extensions”, presumably referring to AArch64 virtualization as documented by arm.

It wasn’t until Monterey, though, that Apple was able to offer lightweight virtualization on top of its Hypervisor, presumably because of the engineering work required to implement those virtio and other devices, and some of those are only now being completed in Ventura. Benjamin Poulain’s account at WWDC 2022 included an impressive demonstration of how simple it is to implement in code, and left us with the invitation to experiment, saying on behalf of the virtualization team “we cannot wait to see what you will do next with this technology”.

Does Apple really invest several years of engineering effort involving both hardware and software development just to see what third-party developers might do with it?

Let’s look forward to a macOS of the future, maybe around version 16 or later. Many older apps that have coped with Monterey, particularly those that haven’t been ported to Universal binaries, no longer run in the current release. Continuing support for Rosetta 2 in new versions of macOS is getting harder to justify, and Apple’s management has itchy feet for phasing out Intel support.

How then do those users still dependent on older Intel-only apps look to the future? They don’t want to have to pay for a full virtualization environment like today’s products from VMware or Parallels, but being able to run their apps in Monterey using free or far cheaper lightweight virtualization is a more attractive proposition.

These lightweight virtualizers also run entirely within a sandbox, without any system extensions, but with Rosetta 2 support when needed. The security consequences of running an old, vulnerable version of macOS are well mitigated by virtualization which doesn’t give access to iCloud, for instance. Thus lightweight virtualization makes it easier, safer and cheaper for ordinary users to run old versions of macOS, which in turn gives Apple greater scope to accelerate macOS into the future without having to care so much about supporting the past.

There’s also scope for those software developers who feel unable to invest in updating an app to run native in a future macOS on Apple silicon hardware to bundle it into a lightweight virtual machine, a container similar to Docker, perhaps, yet still deliver similar performance and features.

Universal apps have had great impact on Apple silicon Macs since day one. Rosetta 2 has been decisive in the success of Apple’s big gamble. The time has come to see what that third pillar can do with virtualization.

18Comments

Add yours

1

John Gilbert on July 17, 2022 at 9:18 am

As I am sure you are aware from previous comments, I am an (over?)enthusiastic supporter of VMware Fusion for running macOS virtual machines. But, as well as the move to Apple Silicon, the Intel macOS VMs are becoming very problematic with (lack of) older graphics and CPU support in macOS 12 and 13.

Whilst VMware is great for running older macOS (e.g. High Sierra) on Intel macOS hosts, it has become very hit and miss with Monterey and Ventura clients. Sometimes, with a few tricks, everything is fine (my Ventura VM is surprisingly good), but I have an Intel host which is Apple supported (CPU and graphics) for Ventura. Others with older CPU or graphics are unlikely to get Ventura running in a VM (even if they have found tricks to get Monterey VMs to work). Worse, VMware people seem to have given up on helpful assistance – as judged by their forum.

What is left? VMware Fusion on Apple Silicon? For Linux VMs, perhaps. I fear it will quietly die for anything else. No doubt Parallels will continue to work with Windows for ARM VMs (in spite of doubtful licensing).

So, out with the past, look to the future!

LikeLiked by 1 person
- 2
  
  hoakley on July 17, 2022 at 10:45 am
  
  Perhaps you should be looking at lightweight virtualization on Apple silicon, rather than the more traditional products.
  VMware fumbled this badly, as I’m sure you’re aware. Initially they said they had no plans to support Apple silicon, which I found very surprising, although I appreciate how heavily committed they are to Intel architectures. Then, having realised that was a mistake, they announced plans to support Apple silicon, but that virtualising macOS on them wasn’t in their list of priorities. So it’s no small wonder that they’re now faltering.
  For Apple silicon, Parallels virtualises macOS and Linux excellently, and has done so for a year or more, although it still has more work to do. UTM is proving popular, and appears highly versatile with emulation options too. Then there are the new generation of lightweight virtualisers, which you’ll see more of by the time Ventura is released.
  The future is very bright, although perhaps not for VMware, depending on what it chooses to do.
  Howard.
  
  LikeLiked by 1 person
3

Jon Forrest on July 17, 2022 at 3:48 pm

Today virtualization, while extremely useful for technical users, adds nothing to the experience of the vast majority of Mac users. Sure, it can help smooth out the transition between hardware architectures, but that’s only a temporary benefit.

Maybe Apple will switch to virtualization as some kind of security mechanism. Other than that, I’m as puzzled as you by what Apple has in mind.

LikeLiked by 1 person
- 4
  
  hoakley on July 17, 2022 at 9:08 pm
  
  Thank you.
  Currently, virtualisation is little use in smoothing the transition from Intel to ARM. As Apple stated, the key technologies there are Rosetta 2 and Universal apps.
  What could be a much greater benefit is letting us run Intel-only or Universal apps in the future that are incompatible with, say, macOS 16 or 17. Provided that they run OK in Monterey, then a Monterey guest in future host versions of macOS can always be run, providing excellent backward compatibility.
  While that does provide better security for running unsupported versions of macOS, I don’t see Apple using it purely for security.
  Howard.
  
  LikeLike
- 5
  
  B on July 24, 2022 at 5:07 pm
  
  I think when / if the exclusivity agreement between Microsoft and Qualcomm ends, we will see more from this. Apple lost a big advantage in business by being able to dual boot with the switch to Apple Silicon. With great built in virtualization support it could once again become the platform that lets one do anything. I would like to see the day where Windows and Linux apps can just run without the user even knowing they’re different, because it would run in a container without the overhead of a full VM.
  
  LikeLiked by 1 person
  - 6
    
    hoakley on July 24, 2022 at 8:15 pm
    
    Thank you.
    I seriously doubt whether Microsoft has the slightest interest in licensing Windows for ARM to Apple. Why would it?
    Almost the whole ‘overhead’ of an app using the Virtualization framework is in macOS. So making small Linux VMs, which I’m currently working on, is easy. So you’re going to get your wish for Linux very soon.
    Windows is a bigger problem, though, as it doesn’t have virtio support. More about that tomorrow (Mon 25 July).
    Howard.
    
    LikeLike
7

hstriepe on July 17, 2022 at 5:11 pm

I could imagine Apple pushing apps not released through the App Store to a Virtualized Sandbox going beyond notarization.

LikeLiked by 1 person
- 8
  
  hoakley on July 17, 2022 at 9:09 pm
  
  I don’t think so. Can you imagine the effects on major non-App Store vendors like “our friends at Adobe”? No, Apple has invested a lot in notarization, and I don’t see it throwing all that away for some time to come.
  Howard.
  
  LikeLike
9

Ralph on July 17, 2022 at 11:05 pm

Isn’t lightweight virtualization a good way to make all Linux software available for Mac? Almost native? Including server software?

LikeLiked by 1 person
- 10
  
  hoakley on July 18, 2022 at 5:16 am
  
  Yes, it is. And what percentage of the Mac user base do you consider will do that? As I wrote in the first paragraph, running Linux has long been important to a small proportion of Mac users. You can already do that using Parallels Desktop, which works very well. But it doesn’t explain why Apple should invest so much to make this feature available to all Mac users in lightweight virtualisers, does it?
  Howard.
  
  LikeLike
  - 11
    
    Ralph on July 18, 2022 at 5:47 am
    
    Maybe this will help Apple to be more accepted in business environments? So virtualization might be for the admins, not the developers.
    
    LikeLiked by 1 person
12

David C. on July 18, 2022 at 4:09 pm

Lightweight virtualization provides opportunities to rethink many concepts we take for granted today. Many of which I experienced in the 90’s when working with IBM mainframe systems.

As you may already be aware, IBM has supported lightweight virtualization for a long time on their “VM/CMS” platform. Without going into detail every user’s login session is effectively its own independent single-user operating system, hosted on a system-wide VM platform. Additionally, other OS’s can be hosted, including an entire VM/CMS installation.

This lets you do some very interesting things. For instance:

* Select different operating systems for different apps. When I was working for that company, there was a specialized “RTPMS” (RealTime Plant Management System) designed for chemical process control systems. (The software was designed to provide advanced controls for oil refineries.)

* Different users can run different versions of their respective guest OS’s. They can be upgraded individually, as required.

* When it comes time to upgrade the main VM/CMS system and its hypervisor, (and this is incredibly slick), the admins can install it in a VM under the existing hypervisor. They can then migrate some user VMs to the new hypervisor for testing. When they’re satisfied with the installation, they can then switch the new hypervisor to be the one that runs directly over the hardware (I assume this requires a system-wide reboot), moving the old one (and its VMs) into a guest VM. Then the remaining per-user VMs can be migrated individually from the old hypervisor to the new one.

Given Apple’s migration path for macOS, including signed sealed system volumes, this sounds like a direction they may be heading towards. Imagine how much easier it would be to install, test and use new macOS releases if you didn’t have to replace your entire system all at once. Install the new version as a guest, start running apps on it, and then swap host/guest later on when you’re confident that it all works. And only later (if ever) delete the old version.

I don’t know if this is their actual plan, but it does seem that they are setting up all the building blocks that would be necessary to make it possible.

LikeLiked by 1 person
- 13
  
  hoakley on July 18, 2022 at 7:52 pm
  
  Thank you, David.
  I think that’s using a type 1 hypervisor, which essentially runs on bare metal. Type 2 hypervisors run on an existing OS, which is the model Apple has opted for, with the added twist of para-virtualisation in virtio devices. So these lightweight VMs are heavily dependent on the host macOS for all their devices and services. For Macs to do what your IBM systems did, macOS would have to be replaced by a master hypervisor.
  So that severely limits what you can do with them. For each OS you want to virtualise, you need support for virtio devices, and so on. That’s why, for the moment at least, Windows isn’t an option, as it doesn’t come with virtio support (although I think there is some third-party support for it).
  There are also major limitations with some devices like storage. The boot volume group is built inside a disk image, which means its read performance isn’t bad by any means, but write performance is appalling. But at the same time, you can’t give this type of VM direct access to the native file system.
  So I don’t see Apple going anywhere in terms of that type of full virtualisation, at least not with the current frameworks and architecture.
  Howard.
  
  LikeLike
14

Edoardo on July 19, 2022 at 3:20 am

May the lightweight virtualisation effort enable a future change of kernel? XNU is serving well Watches and Mac Pros alike and benefitted from tremendous investments over the past 25 years. Not only by Apple but also by 3rd party driver developers. But with drivers in the process of being expelled to user space and the relentless effort towards a more secure OS the opportunity may come for a clean sheet design to finally emerge.

LikeLiked by 1 person
- 15
  
  hoakley on July 19, 2022 at 10:25 am
  
  Thank you.
  I don’t think so. With a Type 1 hypervisor, that could be the case, but here Virtualisation relies on the host macOS for many of its key services, and for all its devices like accelerated graphics and networking.
  Howard.
  
  LikeLike
16

Kurt on July 22, 2022 at 12:17 am

I’m taking delivery of a 16GB M2 Air in a couple of weeks. What I’d really like is to be able to run MS Flight Simulator somehow!

LikeLiked by 1 person
- 17
  
  hoakley on July 22, 2022 at 8:27 am
  
  Thank you.
  Apple silicon Macs aren’t an ideal platform for running Windows, as has been made clear since their first announcement. Currently there are two main options for virtualization: UTM and Parallels Desktop, both of which work best with Windows for ARM. I suggest that you look at what they would require, and how to obtain a copy of Windows for ARM, presuming that Flight Simulator runs in that.
  Howard.
  
  LikeLike
  - 18
    
    Kurt on July 22, 2022 at 2:26 pm
    
    Agreed. I’m just trying to avoid spending $1000 building a gaming platform, because I’m not otherwise a gamer and don’t use any other MS products. Beside the two you mention, there is also the Steam service, which provides Mac versions of games. Once I get moved into the new machine, I’ll look at this more closely.
    
    LikeLiked by 1 person