Hypervisor is a technology for deploying software on physical hardware using virtualization.
The tool speeds and simplifies software development, testing and support, and also saves resources on deploying expensive server systems.
Selectel offers modern technologies for server virtualization ( VPS / VDS ) and workstations ( VDI ). We leverage Intel® Xeon® processor-based hardware resources and SSDs to deliver fast responsiveness, high performance, and reliability. For server virtualization, VMware and KVM solutions are used.
Table of Contents
The main tasks of the hypervisor:
- emulation of hardware resources;
- safe execution of machine instructions;
- preventing the execution of commands of guest operating systems in supervisor mode on the host machine (excluding interception and analysis of commands).
History of hypervisors
Virtualization technologies have been actively used by developers since the late 60s of the last century. IBM mainframes were the first to support virtualization and provide developers with hypervisors in embedded software. Initially, development teams used them to emulate the system processes of a computer, test various operating systems and improve them.
The growing interest of the IT community in hypervisors falls on the mid-2000s. During this period, virtualization technologies began to be actively used in UNIX-like systems. First of all, this was due to an increase in the performance of server equipment. Also, the optimization of the architecture of the hypervisors themselves played a significant role, making them more reliable and secure.
In addition, virtualization made it possible to deploy and run applications requiring an OS in various software or functional environments. And in 2005, virtualization technologies began to be supported at the hardware level in x86 processors, which allows them to be used in both server and home systems.
Hypervisor security issues
There are discussions in the IT community on the topic of virtualization security. The main problem is the possibility of cyber criminals creating malware that is installed on the OS under the guise of hypervisors. This process is called “hyperjacking”. It is difficult to track down because malicious algorithms run under the control of the OS and intercept its actions (for example, authorization, requests to services, etc.).
Various hypervisor-based rootkit detection approaches are currently being developed:
- malware concept: SubVirt, Blue Pill;
- anti-rootkits: Hooksafe (OS protection without performance loss).
Containers or hypervisors
Recently, container technology has become increasingly popular. This is because containers, compared to hypervisors, can deploy more applications on a single physical host.
The hypervisor virtualizes the hardware resources necessary for the OS to operate. When using hypervisors, the need for increasing hardware capacities (disk devices, CPU, memory, etc.) increases.
At the same time, the performance and resource intensity of using a particular technology should be considered in the context of security. It is believed that containers are more vulnerable than hypervisors. This is due to the logic of the technologies under consideration. The hypervisor creates on a physical server several virtual machines isolated from each other with their own OS and applications. The container runs on the host’s main OS.
Thus, when attacking a host that uses virtualization, there is a risk of losing one or more virtual machines and the applications used on them. If a container is deployed on a host, then all of its contents can be damaged or lost as malware gains access to the host’s main OS.
Among the containers, the most popular is OpenVZ, which is the basis of the Virtuozzo platform. The solution has good performance, and also uses the resources of the physical server to the maximum due to the high density of virtual machines.
Also worth paying attention to is Jailhouse. Siemens’ solution runs on hardware and runs from a running Linux operating system. During operation, the container creates isolated sections in the OS for executing custom applications.
Hypervisor types
There are two main types of hypervisors. Hypervisors of the first type (this includes Hyper-V, KVM, ESXi solutions) work at the hardware level without the need to install any OS on the host. Therefore, they are also called hardware. Hypervisors of the second type (VMware Workstation, Oracle Virtual Box, OpenVZ) need an OS to access the virtual machine monitor to the host’s hardware resources.
Note that solutions of the first type are better suited for the corporate segment, since working at the hardware level without software intermediaries, they provide the best performance. Hybrid hypervisors also stand out. Let’s consider each of the types in more detail.
Comparison of hypervisors
When choosing a virtualization technology, you should keep in mind the tasks solved by hypervisors. It is also necessary to take into account the moment with licensing, the hardware requirements of a particular solution, and its capabilities.
Hyper-V: There is a basic Hyper-V role for server hardware running Windows Server. In addition, there is a dedicated Hyper-V Server solution on the market. The Windows Server operating system can be delivered in two editions – Datacenter and Standard. The standard version allows you to deploy only two virtual machines on one licensed copy. In the Datacenter version, their number is not limited.
In accordance with the current Microsoft licensing policy in effect since 2016, the cost of a software license depends on the number of physical cores. If we are talking about virtualizing Linux machines on servers running Windows Server, then their number in the standard edition is not limited. If virtualization of Windows machines is required, then it is necessary to resolve the issue of OS licensing for them.
Especially for such an audience, Hyper-V was created. It allows you to organize virtualization without paying for an OS license. The solution is available free of charge, and there are no restrictions on procedures. Nevertheless, the functionality of the product has its own characteristics:
- configuration and debugging via a remote console: no graphical interface is provided;
- licensing: all Windows virtual machines must be licensed;
- lack of support: Microsoft does not provide technical support, but it does update the product regularly.
These features are not critical, except for the moment with licensing. In addition, as noted earlier, the solution may be suitable for IT professionals planning to deploy only Linux virtualization.
VMware ESXi: At the heart of the solution is the lightweight Linux VMkernel, which contains the technologies and applications required for virtualization. Delivered inside VMware vSphere product. The license is purchased for each physical CPU of the server. RAM and virtual machines are not included in the license cost calculation.
VMware also offers free virtualization solutions, however, they are only suitable for amateur or semi-professional use, since they have a number of significant functional limitations. So, for example, the free version of this type 1 hypervisor provides a read-only API. A virtual machine cannot have more than 8 vCPUs, it is not provided to work with backups using Veeam products and other technologies necessary for the corporate segment.
The main disadvantage of Hyper-V over VMware is the lack of USB Redirection. It is required to connect USB hardware to virtual machines. Instead, Hyper-V offers Discrete Device Assignment. However, Hyper-V can reduce the disk space of virtual machines, not just expand it like VMware.
Hyper-V allows you to protect virtual machines with encryption. However, if hardware port forwarding is required, then VMware is the best solution, even free.
When choosing a hypervisor, you should pay special attention to virtual machine management tools. Hyper-V has a Virtual Machine Manager (VMM) that supports the creation, cloning, deployment, and other operations with virtual machines.
VMware’s management tool is called vSphere. It assumes the presence of ESXi hosts and vCenter Server for centralized management.
KVM is an open-source hypervisor: designed for Linux / x86-based servers, supports hardware extensions (Intel-VT and AMD-V).
Initially, it worked only with the x86 architecture, but the current versions of KVM support various CPUs and guest OSs, incl. Windows, Linux, BSD, etc.
The rich functionality of KVM has made it popular and widespread. Currently, the hypervisor is actively used in many network projects (Wiki resources, financial services, transport systems, the public sector, etc.).
The solution is considered fast and due to the integration into the Linux kernel.
Disadvantages of a hypervisor:
- Management of virtual machines: built-in services do not match the functionality of solutions for other hypervisors. To expand the functionality, you have to use third-party tools, for example, the SolusVM panel.
- Stability and Fault Tolerance: This drawback manifests itself with intensive I / O. Nevertheless, KVM is developed and refined by many independent developers, which positively affects the operation of the hypervisor.
Xen (XenServer, Citrix Hypervisor): The first public release of the thin hypervisor was released in 2003. In 2007, the project was acquired by Citrix. The product is a cross-platform hypervisor with support for hardware virtualization and paravirtualization (which is why it is often referred to as hybrid hypervisors). The amount of code is minimal because most of the modules are moved outside the hypervisor. The source code is open, which gives specialists unlimited possibilities for product modifications.
Oracle VM VirtualBox: A cross-platform modular hypervisor for Linux, macOS, FreeBSD, and other operating systems. Created by Sun Microsystems in 2007. After the acquisition of the developer Oracle, the project continued to develop under a different brand. The source code of the basic version is open and distributed under the GNU GPL license, which is the reason for the high popularity of the hypervisor. A distinctive feature of the hypervisor is the ability to work with 64-bit guest operating systems, even if the host operating system is 32-bit.
VMware Workstation: The first version of the hypervisor was released in 1999. The solution is proprietary for x86-64 host OS Windows, Linux, Ubuntu, CentOS. Supports over 200 guest operating systems. A free version with limited functionality is provided for review and testing.
Hybrid hypervisors: To improve stability, security, and performance, the virtualization approaches described above (running directly on the hardware and using the host OS) are combined. As a result, hybrid solutions appear on the market. In recent years, the IT community has referred to Xen and Hyper-V as hybrid hypervisors, since their current versions combine both approaches. Thus, there is a tendency to blur the boundaries between types of hypervisors.
