How separating software from hardware has given us virtualization and cloud computing
Hypervisors often get overlooked as a technology in favor of the flashier concept of virtualization, but you can’t get to the fun of virtualization until you understand what a hypervisor does within a computing system.
While the benefits of virtualization and cloud computing may now seem like old hat within the IT infrastructure, that wasn’t always the case, and it is hypervisor technology that has helped drive innovation in the world of cloud computing.
Hypervisor definition
A hypervisor is a process that separates a computer’s operating system and applications from the underlying physical hardware. Usually done as software although embedded hypervisors can be created for things like mobile devices.
The hypervisor drives the concept of virtualization by allowing the physical host machine to operate multiple virtual machines as guests to help maximize the effective use of computing resources such as memory, network bandwidth and CPU cycles.
History of hypervisors
In the late 1960s and through the 1970s, most virtualization and hypervisor work was seen on mainframe computers developed by IBM, for use in building time-sharing systems, testing new operating system ideas or even exploring new hardware concepts. The virtualization aspect allowed programmers to deploy and debug without jeopardizing the stability of the main production system and without having to deploy additional costly development systems.
Jumping ahead to the mid-2000s, hypervisors took center stage when Unix, Linux and other Unix-like operating systems began to utilize virtualization technologies. Reasons for the growth of hypervisors and virtualization included better hardware capabilities, which would now allow a single machine to do more simultaneous work; cost-control efforts that led to consolidation of servers; improved security and reliability due to hypervisor architecture improvements; and the ability to run OS-dependent applications on different hardware or OS environments. In addition, in 2005, CPU vendors began adding hardware virtualization to their x86-based products, extending the availability (and benefits) of virtualization to PC- and server-based audiences.
Benefits of hypervisors
Even though VMs can run on the same physical hardware, they are still logically separated from each other. This means that if one VM experiences an error, crash or a malware attack, it doesn’t extend to other VMs on the same machine, or even other machines.
VMs are also very mobile – because they are independent of the underlying hardware, they can be moved or migrated between local or remote virtualized servers a whole lot easier than traditional applications that are tied to physical hardware.
Type 1 hypervisor: Bare metal
There are two types of hypervisors, creatively named Type 1 or Type 2. Type 1 hypervisors, sometimes called “native” or “bare metal” hypervisors, run directly on the host’s hardware to control the hardware and manage the guest VMs. Modern hypervisors include Xen, Oracle VM Server for SPARC, Oracle VM Server for x86, Microsoft Hyper-V and VMware’s ESX/ESXi.
Type 2 hypervisor: Hosted
Type 2 hypervisors, sometimes called “hosted hypervisors,” run on a conventional OS, just like other applications on the system. In this case, a guest OS runs as a process on the host, while the hypervisors separate the guest OS from the host OS. Examples of Type 2 hypervisors include VMware Workstation, VMware Player, VirtualBox and Parallels Desktop for Mac.
In the enterprise data center space, consolidation has resulted in three major vendors on the hypervisor front: VMware, Microsoft and Citrix Systems.
Containers vs. hypervisors
In recent years, container technology has grown in popularity as a possible replacement for hypervisors, as they can place more applications into a single physical server than a virtual machine can.
“VMs take up a lot of system resources. Each VM runs not just a full copy of an operating system, but a virtual copy of all the hardware that the operating system needs to run. This quickly adds up to a lot of RAM and CPU cycles. In contrast, all that a container requires is enough of an operating system, supporting programs and libraries, and system resources to run a specific program,” says Steven J. Vaughan-Nichols in this 2016 Network World article.
Security concerns and practical uses of VMs, however, mean that containers won’t necessarily replace hypervisors/VMs, but rather companies will use a combination of both, according to Vaughan-Nichols. On the security issue, some feel that containers are less secure than hypervisors, due to containers only having one OS that applications share, while VMs isolate not only the application, but the OS as well. If an application gets compromised, it could attack the single OS in a container, affecting other applications. If an application in a VM gets compromised, only one OS on that server would be affected, not other applications or OSes on the VM. Marvin Waschke writes about this issue in this InfoWorld blog post.
Hypervisor security concerns
While hypervisors can be considered more secure than containers by some measures, that doesn’t mean there aren’t security concerns associated with hypervisors. For example, in theory hackers can create malware and rootkits that install themselves as a hypervisor below the OS. Known as hyperjacking, this process can be more difficult to detect, as the malware could intercept operations of the OS (for example, entering a password) without anti-malware software necessarily detecting it, because the malware runs below the OS.
Debate continues whether it would be possible to detect the presence of a hypervisor-based rootkit. Some have implemented the concept – the SubVirt and Blue Pill malware – while others have demonstrated a hypervisor-layer anti-rootkit called Hooksafe, which provides generic protection against kernel-mode rootkits.
Hypervisor expansion
The concept of hypervisors hasn’t just been limited to server operation. Storage hypervisors, for example, take the same concept and apply it to data storage. A storage hypervisor can run on physical hardware, as a VM, inside a hypervisor OS or within a larger storage network. Just like hypervisors, a storage hypervisor can run on specific hardware or be independent of the hardware.
In addition to storage, hypervisors are key for other virtualization efforts, including desktop virtualization, OS virtualization and application virtualization.
Embedded hypervisors
Embedded hypervisors support the requirements of embedded systems. These are different from hypervisors that target server and desktop applications. The embedded hypervisor is designed into the embedded device from the outset, rather than loaded subsequent to device deployment.
While desktop and enterprise environments use hypervisors to consolidate hardware and isolate computing environments from one another, in an embedded system, the various components typically function collectively to provide the device’s functionality. Mobile virtualization overlaps with embedded system virtualization, and shares some use cases.