The Denali isolation kernel embodies all of the principles described in the previous section of this paper. Architecturally, Denali is a thin software layer that runs directly on x86 hardware. Denali exposes a virtual machine (VM) architecture that is based on the x86 hardware, and supports the secure multiplexing of many VMs on an underlying physical machine. Each VM can run its own ``guest'' operating system and applications (Figure 1).
Figure 1: The Denali architecture: the Denali isolation kernel is a thin software layer that exposes a virtual machine abstraction that is based on the underlying x86 architecture.
This section of the paper presents the design of the Denali virtual architecture, and the implementation of an isolation kernel to support it. We also describe the Ilwaco guest OS, which is tailored for building Internet services that execute on the Denali virtual architecture.