Hypervisor and functionality

Creation the virtualization systems or the cloud computing environments could require a high resource of the costs to use expensive servers.

For reducing these costs, it is worth to use a hypervisor technology.

History of a hypervisor

At the dawn of its inception (in late 60s and early 70s) the hypervisors existed as an embedded software supported by IBM mainframes. Its technology used for the emulate system processes and for OS test.

At the beginning of 2000s a hypervisor actively used in Unix, Linux and in the other similar operating systems. The growth popularity of its technology was conditioned with a creation of the faster machines, improved security and of a fault tolerance in the architecture of a hypervisor itself. In other words, it became possible to run OS-dependent applications in the various hardware or in the operating environments. Also in 2005, the processor vendors began adding the hardware virtualization to their x86-based products, expanding the availability (and benefits) of virtualization to PC and server audience.

So, what is a hypervisor

A hypervisor is a software providing to the underlying host hardware the ability of autonomously run and manage the virtual machines (with the guest privileges) isolated from the hardware. The hypervisors typically supported in a virtualization software such as vCenter Server.

The use of a hypervisor allows to increase the level of control and management over data centers and corporate environments. Employees of the companies will have an access to configuring the virtual machines, migrations and the snapshots of file systems, centralized storage pools, networks and the network devices.

The hypervisor’s types

The hypervisors divided into two types:

• type 1 - including the so-called "the standalone hypervisors". They run directly on the host hardware (without installing any OS) to control the hardware and the guest virtual machines. Type 1 of the hypervisors instead of unordered set of hardware provides an abstract set of resources for the application programs (according to the “top-down” principle) and allocate processor time, memory, I / O devices between programs that claim to use computer resources (under the “under-view” scheme). ). This group includes VMware ESX/ESXi (as part of the vSphere product), Citrix XenServer, and Microsoft Hyper-V;
• Type 2 - Type 2 hypervisors, or "host hypervisors", run on a regular OS like the other applications on a system. In this case, the OS guest runs as a process on a host and the hypervisors separate the OS guest from a host OS. In fact, the second type of the hypervisor works as one of the processes executed by the main OS. Most often it is Linux. In this case, the hypervisor has much less authority: it controls the guest operating systems and OS host takes over the emulation and management of the physical resources. The most popular hypervisors of the second type are Oracle VM VirtualBox, VMware Workstation, KVM.

At the same time, type 1 hypervisors directly connected to the equipment. It’s considered the most productive, reliable and a secure.

Compare the hypervisors

Let's consider each hypervisor of the first and second types in more detail.

• Xen is a cross-platform hypervisor that supports the hardware virtualization and the paravirtualization. Contains a minimal amount of code, since most of the components moved outside a hypervisor. Xen is a fully open source hypervisor licensed under GNU GPL 2 with the unlimited possibilities modifying a product. Due to the support of paravirtualization and the hardware virtualization, Xen also referred as a hybrid type of hypervisor.
• The VMware ESXi standalone hypervisor is an enterprise-class virtualization solution developed by VMware. Like other VMware products, ESXi is available in a free version with the limited functionality. Its paid version with the advanced features, such as a centralized management of all virtual machines on all project hosts using the vCenter platform. But even a free version of a hypervisor successfully implements all its required functions. The attracted users by a high stability with a product, ease of administration, the minimal code, a wide range of the supported guest systems - the main OS versions using in a corporate sector.
• Hyper-V is a system solution for the hardware virtualization from Microsoft for x64 systems. It exists in two versions - as a role in server operating systems of the Windows family (Windows Server 2008, Windows Server 2012 and others, as well as in the x64-bit Pro and Enterprise versions of Windows 8, Windows 8.1, Windows 10) and as a separate product Microsoft Hyper-V Server. Many of those who used to work with Microsoft consider Hyper-V to be the most user-friendly solution when it comes to a virtualization.
• Oracle VM VirtualBox is a modular, cross-platform hypervisor for Linux, macOS, Microsoft Windows, FreeBSD, Solaris/OpenSolaris, ReactOS, DOS and the other operating systems from Oracle Corporation. It created in 2007 at Sun Microsystems Corporation. Later, its takeover by Oracle, work on a hypervisor continued. A source code of base version is open with GNU GPL. So, a hypervisor is popular and available for the unlimited modification. It’s worth to mention, VirtualBox is able to support 64-bit guest systems even if the host OS is 32-bit.
• VMware Workstation is proprietary software that works with x86-64 host operating systems Microsoft Windows, Linux, Ubuntu, CentOS. Supports more than 200 guest OS.
• Kernel-based Virtual Machine, KVM is a hypervisor adapted as a kernel module in FreeBSD. KVM includes the virtualization kernel load module kvm.ko, the processor-specific load module for AMD or Intel kvm-amd.ko or kvm-intel.ko, and the QEMU user-mode components. KVM is fully open source licensed under the GNU GPL and GNU LGPL.

What to look for

During the buying a hypervisor, it should pay attention on the ability of a program to solve the following tasks:

• imitate the computer hardware resources;
• reliably and securely execute instructions from the host;
• prevent guest OS actions on the main host.

These actions include blocking interrupts; changes in data in memory cells allocated for other running processes (except when it provided in advance by logic of work and with data exchange between them); modification of the tables mapping the pages of virtual memory to a physical for the entire computer. You should also check whether the hypervisor matches with the physical capabilities of a computer, its software, and whether a hypervisor has a technical support.

Security issues

Hypervisor protection is needed when there is a risk of gaining unauthorized access to the hypervisor that controls the virtual environment (giving an attacker potential access to all data stored on each virtual machine), or when shared hardware caches, networking, and potential access to a physical server are vulnerable.

Solving hypervisor security issues is related to ensuring its protection throughout its entire life cycle, including development and implementation. There are several methods for this - entering user restrictions in the local system; reducing attack surfaces by running hypervisors on a dedicated host that does not perform any additional roles; updating systems by adhering to patch management best practices; configuring the host to work as part of a secure network.

In addition, you can apply:

• encryption of the virtual machines to prevent an access to VM by the intruders;
• encrypting a storage where the virtual machines locate using BitLocker or another similar system;
• use role-based access control (RBAC) to restrict the administrative rights;
• use a dedicated physical network adapter for the traffic management;
• use a dedicated physical network adapter for the virtual machine migration traffic;
• use a dedicated physical network adapter for the cluster traffic.

These safeguards should be applied to keep both a hypervisor and its associated VMs operational.

The major players in a hypervisor market

The biggest players in a hypervisor market are Hyper-V and VMware.

Hyper-V hypervisor allows organize a virtualization without paying for OS license. This solution has free access and an unlimited number of the procedures. However, Hyper-V functionality has its own specifics:

• setting up and debugging via a remote console - no graphical interface is provided;
• licensing - it is necessary to license all virtual machines running Windows;
• technical support - Microsoft doesn’t provide a technical support, but at the same time regularly updates a product.

Therefore, Hyper-V solution can cause difficulties for the some companies and “fly a pretty penny”.