A hypervisor, also known as a virtual machine monitor (VMM), is a piece of computer software, firmware or hardware that creates and runs virtual machines. A hypervisor allows multiple operating systems to share a single hardware host.
Overview of hypervisors
Hypervisors are the foundation of server virtualization, as they provide and manage the virtualization of processors as well as creation and execution of virtual machines (VMs). A hypervisor allows multiple VMs to run on a single server at the same time while ensuring workloads are securely isolated from each other.
Some key responsibilities and characteristics of hypervisors include:
- Partitioning hardware resources – Hypervisors partition the underlying server hardware resources, including CPU, memory, storage and network bandwidth to create virtualized, software-based representations of these resources.
- Isolating virtual machines – VMs running on a common hypervisor are completely isolated from one another to guarantee security and integrity between workloads. The hypervisor creates individual VM containers and does not allow them to interfere with each other.
- Managing virtual machines – Hypervisors fully manage and control the life cycles of each VM, including start, stop, suspend, pause and snapshot capabilities. Administration tasks can be performed on each VM as if it was a standalone server.
- Enabling virtual hardware – The hypervisor emulates virtual hardware like virtual CPU, network adapters, storage adapters for the VMs. This provides VMs the experience of running on their own dedicated hardware.
There are two main types of hypervisors:
Types of hypervisors
Bare Metal hypervisors
Bare metal hypervisors, also known as Type 1 hypervisors, run directly on the system hardware. They isolate the hardware resources between VMs and control how these resources are allocated to each VM. Examples of bare metal hypervisors include VMware vSphere, Microsoft Hyper-V, Citrix XenServer.
Benefits of bare metal hypervisors:
- Excellent performance – There is no intermediary software layer, so I/O, CPU and network latency are very low
- Greater security and isolation – Runs directly on top of hardware without an intervening OS layer
- Reliability – Less layers means less opportunities for crashes and issues
- No licensing costs – Can run on commodity servers unlike Type 2 hypervisors like VMware Workstation that require licensing OS installation
Hosted hypervisors, also known as Type 2 hypervisors, run as an application inside a traditional OS environment. The hypervisor layer in this model is encapsulated within a host OS that provides device support and environment services. Examples of hosted hypervisors include VMware Workstation, Microsoft Virtual PC, VirtualBox and Parallels Desktop.
Benefits of hosted hypervisors:
- Lightweight and easy to deploy – No need to separately install a privileged hypervisor layer
- Developer testing – Useful for software developers to test applications in different OS environments
- Client-based access – ability to run VMs locally on desktops and laptops
- Switch between virtual and local OS – Some hosted hypervisors allow switching directly between host and guest OS
Fundamentally, hypervisor architecture provides a layer between the hardware and virtual machines to manage the use of underlying physical resources. Hypervisors have three key components:
- Virtual machines – These are abstractions of physical computers mapped onto the underlying hardware. The hypervisor allocates resources to each VM.
- Guest operating system – The guest OS is the actual OS environment running inside each VM such as Windows, Linux or BSD.
- Virtualization layer – The virtualization layer, provided by the hypervisor software, creates the VMs and manages and monitors VM resource usage.
Hypervisor architecture (Credit: Wikimedia)
The hypervisor architecture may also include the following components, depending on type:
- Parent partition – Some bare metal hypervisors use a parent partition, which is a small piece of software that starts before the hypervisor boots and helps launch the hypervisor. It then creates child VMs under the hypervisor.
- Management layer – This software layer works along with the hypervisor to control creation of VMs, allocate resources to them and monitor their functioning.
- Device drivers – For Type 2 hypervisors, the management layer interacts with the host operating system’s device drivers to provide virtual device support to VMs.
- Firmware and processors – Modern servers provide firmware and CPU assist technologies like Intel VT and AMD-V to make virtualization more efficient. The hypervisor interacts directly with these to share hardware resources between VMs.
Main uses of hypervisors
Some of the most common use cases and applications of hypervisors in enterprise IT include:
- Server consolidation – Hypervisors allow multiple application servers as virtual machines to run on a single physical server leading to increased compute density.
- Infrastructure isolation – Hypervisors provide strong isolation between infrastructure services spread across VMs helping avoid dangerous misconfigurations.
- Cloud computing – Cloud computing platforms depend heavily on hypervisors under the hood to enable the cloud abstraction model of resource pooling and on-demand provisioning.
- Software testing – Hypervisors can be very useful for QA teams for quickly spinning test environments across different operating systems.
- Disaster recovery – VMs running on hypervisors can be backed up or replicated in minutes for DR purposes compared to physical servers.
- Legacy app support – Encapsulating and running legacy apps needing outdated operating systems within VMs helps retain application compatibility and avert migration pains.
Some leading hypervisor platform vendors include:
- VMware – Major vendor in the hypervisor market with their VMware vSphere product targeted at enterprise data centers running business critical applications.
- Microsoft – Microsoft Hyper-V is their enterprise bare metal hypervisor solution and is frequently deployed by IT organizations running Windows infrastructure.
- Citrix – Citrix XenServer is a Type 1 hypervisor providing server virtualization capabilities combined with Citrix’s other application and desktop delivery technologies.
- Red Hat – Red Hat Virtualization is powered by open-source KVM technology and is targeted as a low-cost virtualization solution for Linux based workloads.
- Oracle – Oracle VM Server for x86 is Oracle’s Type 2 hypervisor offering designed for running mixed Oracle and non-Oracle enterprise workloads.
Since hypervisors manage access between workloads and hardware resources, ensuring hypervisor security is critical especially in multi-tenant cloud environments where multiple customers’ VMs may end up on the same physical infrastructure.
Some key hypervisor security measures include:
- Secure boot – Hypervisors should use UEFI secure boot which validates integrity of hypervisor code using public-key infrastructure (PKI) during host startup.
- Privilege rings – CPU privilege rings provide hierarchical protection domains to restrict access to tables and instructions governing virtualization. E.g. Intel VT-x uses Ring -1 to protect hypervisors.
- I/O MMU virtualization – I/O memory management unit (IOMMU) limits DMA access from devices to only authorized VM memory locations as mapped by the hypervisor.
- VM isolation – Prevent breakout attacks from compromised VMs using CPU and memory virtualization to block VM access to runtime state of other VMs.
- VM encryption – Hypervisors employ AES encryption standards to encrypt VM data at rest as well as secure key exchange protocols to protect VM data in transit between hosts.
- Logging and monitoring – Detect threats by recording security events like suspicious API calls, administrator logins and user authentication attempts.
Advantages of hypervisors
Some leading benefits of running enterprise applications on hyper-converged, software-defined infrastructure powered by hypervisors are:
- Increased efficiency – Better resource utilization from compute density by consolidating multiple apps as VMs running on shared infrastructure
- Improved agility – Provision, clone, back up and migrate VMs much faster than physical servers to speed up IT processes
- Enhanced availability – Spread application tiers horizontally across redundant VMs with ability to quickly failover during outages
- Painless scalability – Scale up VM hardware specs or scale out VMs linearly to deploy more application capacity on the fly
- Heightened security – Establish strong application-level segmentation policies between infrastructure tiers using VM constructs
- Streamlined management – Consolidate resources like underlying storage and networking to a single hypervisor control plane speeding up administration
- Hypervisors or virtual machine monitors enable hardware virtualization by abstracting underlying resources between virtual machines
- Bare metal or Type 1 hypervisors run directly on host hardware while Type 2 run as an application on traditional operating systems
- Hypervisors partition hardware, isolate VMs, manage life cycle and emulate virtual hardware to enable virtualization
- Leading uses include server consolidation, infrastructure isolation, cloud computing, software testing and disaster recovery
- VMware, Microsoft and Citrix are the dominant enterprise hypervisor vendors with solutions like vSphere, Hyper-V and XenServer
- Secure boot, privilege rings and IOMMU virtualization help hypervisors provide hardened system security enforced between VMs
In closing, server virtualization enabled by bare-metal and hosted hypervisors has become the cornerstone of enterprise infrastructure over the last 15 years.
By partitioning hardware between virtual machines (VMs) and intelligently distributing resources using fine-grained policies, hypervisors enable full isolation, security and interoperability between workloads across the hybrid cloud continuum.
With support for hypervisors and hardware-assisted virtualization firmly entrenched across today’s x86 servers, appliances and endpoint devices, virtualization will continue to profoundly transform IT infrastructure towards the software-defined data center model underpinned by automation and centralized orchestration.
Q: What is a hypervisor Type 1?
A: A Type 1 hypervisor, also called a bare-metal hypervisor, runs directly on the host’s hardware rather than within a host operating system. Examples include VMware ESXi, Citrix XenServer and Microsoft Hyper-V.
Q: What is a hypervisor Type 2?
A: A Type 2 hypervisor runs as software on an operating system, like other computer programs. Examples include Oracle VirtualBox, VMware Workstation and Windows Virtual PC, which require a host OS to run.
Q: Does hypervisor provide security?
A: Yes, hypervisors provide strong isolation and security between virtual machines (VMs) running on a shared hardware host. This includes encrypted VM data storage, restricted VM access to CPU and memory as well as user-based permissions.
Q: How does a hypervisor work?
A: A hypervisor creates virtual machines, allocates computing resources like CPU and memory to VMs, runs and manages VM lifecycles while isolating them from each other using CPU and memory virtualization capabilities.
Q: Why are hypervisors important?
A: Hypervisors enabled hardware virtualization which is crucial for modern data centers. They allow enterprises to efficiently consolidate servers while running mission critical apps securely and reliably using VMs.
Q: Can you install a hypervisor on any server?
A: Many servers have hardware-assisted virtualization capabilities making them efficient for hosting hypervisors. For older servers lacking such capabilities, Type 2 hypervisors may be used, but without optimal performance.
Q: Is vSphere a hypervisor?
A: No vSphere is VMware’s cloud computing virtualization platform. ESXi is the bare metal hypervisor component in vSphere responsible for CPU and memory virtualization enabling the creation of VMs.
Q: Is Nutanix a hypervisor?
A: No Nutanix sells hyperconverged infrastructure combining storage, networking, virtualization and management. Nutanix supports vSphere, Hyper-V and Acropolis Software-Defined Storage hypervisors across their HCI products.
Q: Is XenServer Type 1 or Type 2 hypervisor?
A: Citrix XenServer is a Type 1 or bare metal hypervisor running directly on server hardware without needing an operating system to allow installation of VMs and their guest OSes.
Q: What hardware is required for hypervisor?
A: Servers must have hardware virtualization capabilities like Intel VT-x or AMD-V to efficiently run hypervisors. Other requirements are 64-bit CPUs, hardware-assisted data execution protection, minimum 8 GB RAM and adequate storage.
Q: Is VMware Workstation a hypervisor?
A: Yes, VMware Workstation is a Type 2 hypervisor that installs on top of a host operating system allowing users to create, run and manage multiple guest virtual machines with different OS environments.
Q: Which Azure services use hypervisors?
A: Microsoft Azure Virtual Machines, Azure Virtual Machine Scale Sets and Azure Dedicated Hosts services use Microsoft Hyper-V hypervisors under the hood to enable VM creation and management at scale across Azure’s infrastructure.
Q: Can nested virtualization be used on hypervisors?
A: Yes, nested virtualization allows running hypervisors and virtual machines within other hypervisors. Intel VT-x and AMD-V CPU virtualization extensions allow nested levels to be used on top of Azure, VMware, Hyper-V or KVM hypervisors.
Q: Do Docker containers use a hypervisor?
A: No. Containers rely on operating system level virtualization running on the host’s kernel instead of full machine virtualization. So they run without need for hypervisors to manage system hardware resources underneath.