A hypervisor is a virtual machine monitor. It’s software that runs on top of a physical computer’s operating system and manages all the host computer’s hardware resources.
A hypervisor can be used to create virtual machines (VMs). These are virtual copies of physical computers inside a single operating system (OS). A VM can run in isolation from other VMs but shares its resources with them.
Hypervisors are essential to cloud computing infrastructure because they allow organizations to run multiple identical VMs simultaneously. This can help companies significantly cut back on capital expenses, because other than the hypervisor itself, VMs don’t require any additional hardware to run.
Types of hypervisors
There are two types of hypervisors: type 1, also known as bare-metal hypervisors, and type 2, also known as hosted hypervisors. Here are some pros and cons of each, along with recommended use cases and examples.
Type 1 hypervisors: Bare metal
A type 1 hypervisor, also known as a native or bare-metal hypervisor, runs directly on the system’s underlying hardware. The hypervisor manages the hardware resources and directly hosts multiple VMs without needing a separate underlying OS.
Instead, each OS is installed and run on its own respective VM, each of which is managed by the hypervisor. Each VM has its own virtual resources, including vCPU, memory, and storage abstracted from the underlying hardware, and operates independently.
Pros
Type 1 hypervisors offer excellent performance due to their direct hardware access, meaning they are not competing for resources with other software. This lets them maximize server resources by efficiently managing multiple VMs simultaneously.
They also provide advanced security, thanks to each guest VM running on its own OS. In the event a guest VM is attacked, the guest is isolated to ensure other VMs on the same hardware are not affected.
In addition, advanced features like live migration allow VMs to be moved between physical servers without disruption.
Cons
The biggest drawback of type 1 hypervisors is their complexity and potential for compatibility issues. As they operate at a low level, they require expert knowledge to configure and manage effectively. This makes them more expensive both to implement and maintain than type 2 hypervisors.
Use cases
Type 1 hypervisors are made and used extensively in enterprises where scalability, availability, high performance, and security are crucial. They are commonly deployed in server virtualization scenarios, consolidating multiple physical servers into a single host machine. They are also used in cloud computing platforms, enabling efficient resource allocation and isolation between guests.
Examples
Examples of type 1 hypervisors include VMware’s suite of hypervisors like ESXi, Citrix XenServer, and KVM (Kernel-based Virtual Machine) for Linux and ESX, which provide comprehensive virtualization solutions for enterprise environments.
Integrated into the Windows ecosystem, Microsoft’s Azure Virtual Desktop Infrastructure (VDI) runs on the company’s Hyper-V hypervisor, which offers native type 1 virtualization capabilities. And Oracle VM Server, another type 1 hypervisor, is designed to run Oracle applications.
These hypervisors empower organizations to manage and virtualize their infrastructure efficiently, enabling consolidation, resource optimization, and seamless VM deployment.
Type 2 hypervisors: Hosted
Type 2 hypervisors, also known as hosted or nested hypervisors, are virtualization technologies that run on top of a host OS. Unlike type 1 hypervisors, which directly access the underlying hardware, type 2 hypervisors are installed as an application and rely on the underlying OS for accessing the necessary hardware resources.
Pros
Type 2 hypervisors are easy to install and use, making them much more accessible to many users than bare-metal hypervisors, as well as less expensive.
They also offer flexibility by allowing users to run multiple operating systems concurrently on a single machine. And they support features like snapshots, which allow users to capture and restore the state of a VM.
Cons
The primary issue with type 2 hypervisors is their performance overhead. Since they rely on the host OS for hardware access, an additional layer of abstraction can introduce latency and impact overall performance compared to type 1 hypervisors.
Additionally, the dependency on the host OS can introduce compatibility issues, as updates or changes to the host OS may affect the hypervisor and VMs’ functionality.
Use cases
Type 2 hypervisors are commonly used for personal like home labs or small-scale virtualization scenarios. They are ideal for developers who can test applications on different OS environments without needing separate physical machines.
They are also helpful for running legacy software or different OS versions on a single device.
Examples
Oracle VirtualBox, Qemu, Parallels, and VMware Workstation Player are famous examples of type 2 hypervisors. Hypervisors such as Oracle VirtualBox support a wide range of host and guest operating systems.
Qemu is another open-source hypervisor that provides full system emulation. Parallels is a commercial hypervisor designed for Mac systems, offering seamless integration between macOS and VMs.
VMware Workstation Player is a popular choice for desktop virtualization, providing a user-friendly interface and robust virtual machine management capabilities.
Benefits of hypervisors
Hypervisors provide many benefits over traditional desktop machines, from speed and flexibility to efficiency and portability.
- Speed: The speed of a hypervisor is determined by its underlying hardware, ranging from processors to storage systems. Hypervisors can be optimized for different types of workloads or use cases and thus may perform differently on the same hardware.
- Flexibility: Hypervisors allow you to change how resources are allocated across multiple VMs without restarting or rebooting them. This can help you create flexible environments that are designed to meet your specific needs without being constrained by hardware limitations.
- Efficiency: When VM resources are shared among VMs, they consume less RAM than if running on their own host machine.
- Portability: Hypervisors allow you to move your VMs between different physical servers without having to install new operating systems or reboot them completely.
How do hypervisors work?
Hypervisors enable VMs to be deployed and controlled by separating the hardware and software of a physical computer. This allows the creation of a virtual environment (or several) running on top of the host OS, partitioning and allocating the system’s resources to each VM as necessary.
Some operating systems can also access and use bare-metal hypervisors by integrating them into the firmware on the same level as the motherboard’s basic input/output system (BIOS).
How secure are hypervisors?
Both type 1 and type 2 hypervisors strive to provide a secure virtualization environment. Ultimately type 1 hypervisors have the edge thanks to their greater level of separation between the VM and the hardware itself. No system is completely immune to vulnerabilities or risks, however.
Regardless of type, some key points regarding the security of hypervisors include isolation, attack surface, privilege escalation, and shared components.
Isolation
Hypervisors aim to achieve strong isolation between VMs. They utilize hardware-assisted virtualization and memory management techniques to prevent unauthorized access or interference between VMs. The isolation helps minimize the risk of one compromised VM affecting others.
Attack surface
Hypervisors typically have a small and tightly controlled attack surface, as they operate at a low level, directly interfacing with hardware. This limited attack surface reduces the potential for exploitation.
Vulnerabilities
However, like any software, hypervisors can have vulnerabilities. These vulnerabilities could be due to implementation errors, design flaws, or hardware issues. It is crucial to keep hypervisors updated with the latest security patches and follow best practices for secure configuration.
Privilege escalation
To manage and control VMs, hypervisors rely on secret code. Any vulnerability or exploit that allows an attacker to escalate their privileges within the hypervisor could have severe consequences. Hypervisor vendors employ rigorous security practices and conduct regular security audits to mitigate this risk.
Hypervisor-based attacks
Hypervisor-based attacks, such as VM escape or guest-to-host attacks, are rare but can be highly impactful if successfully executed. These attacks target vulnerabilities in the hypervisor to break out of a VM and gain unauthorized access to the host system. Hypervisor vendors invest significant effort in VM security hardening and vulnerability mitigation to protect against such attacks.
Configuration and management
Secure configuration and proper management of hypervisors are crucial. This includes features like secure boot, enabling secure management interfaces, enforcing strong access controls, and regularly monitoring and auditing hypervisor settings and activities.
Shared components
Hypervisors often utilize shared components, such as device drivers or management interfaces, which may introduce additional attack vectors. It is essential to regularly update and secure these shared components to minimize security risks.
Hypervisors vs. containers
Hypervisors and containers both work on improving the speed and effectiveness of applications, but they do it in distinct ways.
Hypervisors
- The OS can function independently of the underlying hardware using VMs.
- On a single server, different operating systems can be installed and kept separate from one another (hosted hypervisors) or operate simultaneously (bare metal hypervisors).
- Share memory, storage, and computational resources.
Containers
- May operate on any OS; all they require is a container engine.
- Permit OS-independent application operation.
- High portability since the program has everything to run inside the container.
Both of them are employed in a variety of ways. Hypervisors create and run VMs. The operating systems of each VM are safely separated from one another, and each has a full OS of its own.
Containers bundle apps and accompanying services, but not full operating systems. Because of their lack of VMs, they are lighter and more portable than VMs and are frequently used for rapid and flexible application development.
Bottom line: Deploying hypervisor servers in the enterprise
Hypervisors are powerful virtualization technologies that enable efficient utilization of server resources, robust isolation between VMs, and advanced features for various use cases.
While type 1 hypervisors excel in providing strong isolation, security, and management capabilities, type 2 hypervisors are better for quick, inexpensive rollouts such as sandbox testing instances. Meanwhile, containers offer lightweight virtualization with faster startup times and greater scalability.
Choosing between types of hypervisors — and between hypervisors and containers — depends on specific requirements and priorities, but both play essential roles in modern virtualization and cloud computing environments.
If you’re regularly working with VMs, make sure you have backups in place in the event of a data breach or malfunction. Here are some of the best VM backup software.