How a Virtual Machine Works?

A virtual machine (VM) is a software program that creates a simulated computer and its resources. VMs allow you to run an operating system and applications in an isolated environment without directly interacting with physical hardware. Understanding how VMs work provides insight into their capabilities and limitations.

How a Virtual Machine Works?

How VMs Are Created

Virtual machines are built by installing a hypervisor, also called a virtual machine monitor (VMM), on the physical “host” server hardware.

Common hypervisors:

  • VMware ESXi
  • Microsoft Hyper-V
  • Citrix XenServer
  • Oracle VM VirtualBox

The hypervisor creates a layer between the host hardware and the virtual machine, managing and distributing resources to any virtual machines operating on top of it.

The virtual machine consists of:

  • A virtual processor
  • Ram
  • Storage on a virtual hard disk file
  • A virtual network interface card
  • Other simulated hardware

These virtual components are mapped to genuine underlying physical resources. The hypervisor allocates to each VM what is needed from the physical components to operate – processor cycles, memory space, storage capacity and network bandwidth.

Benefits of Virtual Machines

Virtual machines offer many benefits:

  • Isolation – Issues in one VM don’t affect others or host hardware
  • Security – Increased attack surface protection for host and between VMs
  • Portability – Easily move and copy VMs
  • Flexibility – Run different operating systems on one host
  • Efficient resource utilization – Optimize hardware use across many VMs
  • Scalability – Spin up additional VMs quickly as needed
  • Testing environments – Safely replicateconfigurations for testing purposes
  • Legacy support – Maintain access to outdated configurations

The virtual environment enables capabilities far exceeding what could be done with just physical gear.

Benefit Description
Isolation Issues in one VM don’t propagate to host or other VMs
Security Increased attack surface protection for host and between VMs
Portability Easily move and copy entire VMs
Flexibility Run different guest operating systems on one host
Efficient Resource Use Optimize hardware utilization across many VMs
Scalability Quickly spin up additional VMs on demand
Testing Environments Safely replicate configurations for development & testing
Legacy Support Maintain access to outdated legacy configurations

How a VM Interacts with Hardware Components

Even though a VM simulates a full computer, it doesn’t truly contain dedicated hardware components. The hypervisor manages pools of resources available from the host server to supply what each virtual machine needs.

Let’s look at how the hypervisor allocates physical resources for common virtualized system components:

Virtual CPU

The hypervisor timeshares access to physical CPU cores from the host server to appear to guest VMs as dedicated processors. Using multiple virtual CPUs improves performance by allowing parallel computation.

Virtual RAM

Host server RAM is partitioned by the hypervisor to provide memory space for each VM based on configured requirements. Enabling overcommitment means allocating more memory to VMs than physically present allowing improved hardware utilization.

Virtual Storage

VM file systems reside on datastores carved out from the host’s storage resources. These can include directly attached disks, networked block storage like SAN volumes, or file-based storage presented over protocols like NFS or SMB.

Virtual Network

A virtual network switch is implemented in software and emulates an Ethernet network switch. This connects VMs to each other and provides outbound access to wider networks by linking to physical NICs in the host.

Network traffic travels between VMs and hosts over the virtual networks as if connected by real switches, routers, and cables.

What Runs Inside a Virtual Machine?

The contents of a virtual machine depend on the intended role:

  • For server consolidation, a VM hosts the guest operating system and applications providing networked services. Server workloads like web, database, messaging, or authentication servers run well virtualized.
  • A desktop VM runs a client OS with applications for an end user. This allows access from devices without installing directly on hardware.
  • Appliances package up application software inside a customized operating system image to streamline delivery. Backup software or DNS servers often come as virtual appliances.
  • For development and testing, disposable VM templates stand up predefined environments with available tools. These are tuned for programmers, app testers, or IT testing teams who need to simulate complex setups.

Common operating systems hosted in VMs:

  • Linux distributions
  • Windows client and server editions
  • MacOS (via macOS Server in data centers)
  • BSD variants

Though less common, you can also virtualize operating systems on non-x86 CPU architectures if the hypervisor supports it.

How Does a VM Communicate with External Networks and Devices?

Network interfaces connect virtual machines to external networks, storage resources and peripherals. The hypervisor can supply both virtual and physical connections:

Virtual Network Interfaces

These emulate network adapters in software, linking VMs into logical, isolated networks. Common types include:

  • NAT networks – Give outbound internet connectivity from VMs using network address translation (NAT) through the host computer’s IP address.
  • Host-only networks– Enable direct communication between VMs and hosts, but no wider connectivity.
  • Internal networks – Link VMs together through a virtual network contained within the host.
  • Bridged networks – Connect VMs to external wired or wireless networks by bridging virtual and physical interfaces. This presents the VM as standalone device on the network.

Direct Attached Devices

VMs see virtual disks, optical drives, sound devices and other peripherals mapped in by the hypervisor. Their contents come from image files or drives attached to the host.

Physical Device Passthrough

For demanding workloads needing direct access to equipment, a physical device can be exclusively assigned to a VM using PCI device passthrough. Examples include GPU accelerators for machine learning, hardware security modules for encryption, or specialty RAID controllers. This provides native performance, but limits mobility.

Virtual SAN Storage Networks

Software defined, virtualized storage area networks abstract physical storage hardware into networked pools of capacity and performance that can be flexibly provisioned to VMs. This facilitates automated resource delivery.

What Makes VMs Secure?

Virtual machines contain the ability to exploit or infect other VMs or the host platform by design. The hypervisor implements controls ensuring guest VMs can’t “break out” and access resources or data outside allowed channels.

Security measures include:

  • CPU modes limiting instructions VMs can execute
  • Memory address checking
  • Disk partition alignment to block metadata access
  • Virtual network traffic filtering, isolation and encryption
  • User permissions restricting VM access and actions
  • Code integrity monitoring to detect malicious activity

General best practices also apply for hardening and monitoring virtual machines just like physical computers. Installing only the minimum necessary components, staying current on system updates, configuring access controls and auditing changes through logging all improve the VM security posture.

Key Takeaways

  • Virtual machines simulate dedicated compute environments while using shared physical resources for efficiency and flexibility
  • A hypervisor manages the underlying hardware and distributes resources to VMs per configured limits
  • VMs improve hardware utilization, scalability and standardized deployments
  • VMs provide full operating systems allowing installation of whatever software desired, but need protection against breakout attempts
  • Network interfaces connect VMs to other systems and resources they need access to

Conclusion

Virtual machines have transformed computing environments by bringing portability, efficiency and standardization. Using a hypervisor to coordinate pooled hardware enables safely running many VMs with a range of operating systems and applications on common industry hardware.

While very useful, potential security risks require protecting the hypervisor, host platform and inter-VM communications against malicious attacks. When configured properly VMs deliver flexible, optimized compute with quick deployment for programmers, infrastructure and everyone in between relying on simulated computing environments.

Frequently Asked Questions

  1. What are the requirements to run a VM?
    You need physical server hardware, enough RAM and disk space to host guest VMs, a supported hypervisor like VMware vSphere or Microsoft Hyper-V installed on the bare metal host, and VM files containing virtual disk images, configuration, and other components making up simulated guest machines.

  2. Can I move VMs between hosts?
    Generally yes, VM portability allows migration between compatible hypervisor hosts running the same product edition. This facilitates maintenance, hardware refreshes and balancing workloads across infrastructure.

  3. How does virtual networking work?
    Virtual switches implemented in the hypervisor emulate physical Ethernet switches, creating isolated virtual networks. These connect VMs to each other, to virtualized storage resources, and optionally to external networks by linking virtual and physical NICs.

  4. Is virtualizing desktop computers possible?
    Yes, hosted desktop VMs can run client operating systems with user applications and settings. This facilitates access from any capable device through remote display protocols. It centralizes management while allowing personalized configurations.

  5. What are the risks of virtual machines?
    By design VMs share hardware with potential risks if virtual separation mechanisms fail. Guest breakout, where a VM escapes to access other VMs or the host, poses severe exploitation concerns. Continual hypervisor, host and VM security patching together with isolation and monitoring controls minimize exposure.

  6. How does LAN networking work with VMs?
    Virtual switch connections enable VMs communicating over the same protocols as physical LANs – Ethernet, TCP/IP, DHCP, VLANs etc. Various network types give VMs internal or bridged external LAN connectivity.

  7. Can VMs improve hardware efficiency?
    Yes, running multiple VMs optimizes resource utilization vs dedicating hardware per system. The hypervisor enables over commitment so installed memory, storage and network capacity is larger than the physical amount allowing improved efficiency.

  8. Is GPU passthrough possible with VMs?
    Yes, dedicating a GPU to a VM is called PCI passthrough. This assigns full access avoiding virtualized drivers for native graphics performance needed by some workloads. It limits mobility with the tradeoff of bare metal throughput.

  9. Do VMs work on both Windows and Linux?
    Yes, common hypervisors run on Linux, Windows, or purpose-built appliances. They host VMs with a broad range of guest operating systems – Windows, Linux, BSD, etc. Hypervisor and VM mobility depends on matching editions between environments.

  10. How does RAM allocation work for VMs?
    The hypervisor partitions host server RAM providing portions as needed to active VMs per configured minimums and maximums. Overcommitting allows allocating more VM memory than physically present using page sharing and disk paging techniques.

  11. Is VM security complicated?
    VM security incorporates both virtualization-specific isolation and general system hardening best practices. Protecting hypervisors, hosts, inter-VM networking and storage access together with keeping VMs hardened and patched delivers robust defenses combined with monitoring.

  12. Why use VM templates?
    VM templates allow quick duplication of tuned environments with standardized software preinstalled. This accelerates deployment of developer sandboxes, tester configurations, infrastructure builds and other use cases requiring known starting states.

  13. How does virtual storage work?
    Virtual disks reside on files or block devices mapped by the hypervisor from various datastores providing capacity, performance and data protection levels based on technical needs. Storage networks simplify adding/moving virtual disks dynamically.

  14. What are examples of VM appliances?
    Virtual appliances package application environments for simplified deployment. Some examples include DNS or DHCP servers, containers hosting microservices, network security tools like next-gen firewalls or intrusion prevention systems and specialty databases.

  15. How does live migration work?
    Hypervisors can move active VMs across compatible hosts without interruption using shared storage for the VM files. This facilitates maintenance, load balancing and failovers since applications and services keep running during migrations.

  16. What is virtualization?
    Virtualization uses software abstraction to simulate physical hardware for creating, running and managing virtual objects like compute instances, networks or storage more efficiently than dedicated gear. Hypervisors enable robust virtualized infrastructure.

  17. How are peripherals handled with desktop VMs?
    Choices for connecting peripherals to desktop VMs deployed in data centers include redirection over display protocols to user devices or specialized virtual out-of-band USB equipment giving remote physical access to needed items.
  18. Why not virtualize everything?
    Some system roles see minimal improvement from virtualization or need such extensive integration moving away from direct hardware access causes unacceptable drawbacks. Still, hosting core services virtually often makes sense even in physical application stacks.

Leave a Comment