The Hypervisor

Runecast Academy Series 1 – Part 3.The Hypervisor

Let's look under the hood of the virtualization host. The main component that makes everything happen is the hypervisor, sometimes called a virtual machine monitor (VMM). It is a software layer that allows multiple operating systems (OS) to be running alongside on one physical box. The hypervisor manages these virtual machines (VMs) and allows them to share the same resources, but at the same time separates them, so that crash or compromitation of one VM won’t affect the others.

The hypervisor is creating virtual hardware, a kind of envelope for the operating system. This is a slightly broader topic, and we will cover it in a separate Runecast Academy article. From the hypervisor's point of view, running a virtual machine is just a process, like Word or Vim editor on your desktop. And this process is consuming some CPU cycles, some memory, needs access to the storage and network, and it might need access to some special hardware available on the physical host.

Our earlier article in this series sorted hypervisors into Type 1 and Type 2. Let's look a bit deeper into Type 1, which is used typically for server virtualization. There are two bare-metal hypervisor concepts, Monolithic and Microkernel. The monolithic hypervisor contains everything inside. Microkernel hypervisors have just a thin virtualization layer – and all the drivers, management, and other stuff are included in the control domain (actually just another VM with special tools and permissions).

A Deeper Look at Various Hypervisors

Let's look into different products available on the market. Here’s a cool graphic representation of where hypervisors fit into the whole scheme of things:

ESXi (an abbreviation for Elastic Sky X Integrated) is the computing core of the VMware vSphere products family. It is a POSIX (Portable Operating System Interface) compatible Type 1 monolithic hypervisor. Everything needed for the VM to be running and secured is included in the hypervisor itself, but still keeps the memory footprint under 150 MB.

Monolithic hypervisors usually have troubles with hardware compatibility. The main reason is that they need special hardware drivers. ESXi driver interface subsystems are partially compatible with Linux drivers. That doesn't mean that you can directly use Linux drivers, on the other hand, these can be adapted for ESXi and it is not needed to develop them from scratch.

VMware ESXi is the market leader in server virtualization and there is a good reason for that: it simply works. It is stable, it provides great CPU and Memory management which allows you to overprovision your physical systems quite a lot without affecting availability, and the vSphere ecosystem helps with management of the environment very well. As a bonus, it is supported by Runecast Analyzer, so you can be assured that all the settings are correct.

XEN hypervisor is an example of a Type 1 Microkernel-based hypervisor. Its history is a bit turbulent and was affected by many different management decisions. It was developed by Citrix in the past, but these days it is maintained by the Linux foundation. The hypervisor itself contains only basic tools needed to work with CPU and devices. The control domain (called Dom0) is a specialized VM with high privileges. In most of the installations, it is Linux, but it can be a different UNIX system. Dom0 has access to the hardware and drivers for that, it handles I/O operations and comprises the running network and storage stack.

Because it is an open-source project (the software can be changed and re-used by anybody with enough knowledge), you can find XEN hypervisor in different server virtualization products: of course, Citrix Hypervisor (formerly called XenServer), but also in Huawei UVP or Oracle VM. It is the core of plenty of security-related products, for example, the free and completely virtualized desktop Qubes OS. 

Thanks to ARM platform support, XEN found it's way to different embedded systems, mainly in the automotive industry. Most probably, your gas pedal is not directly connected to the engine in your car. There is software watching your gas pedal and telling your engine how fast it should go. And there is a multimedia system connected to your cell phone. And to save money and make things easier for the manufacturer, these systems are running on one small computer, meaning that a "black hat" hacker who has access to your cell phone has access to your engine. Or there can be XEN hypervisor and two VMs, one managing the engine and the second one playing your favorite song. As a bonus, each VM can be running a different operating system specialized for the task.

Microsoft Hyper-V is very similar to XEN, from the design point of view, with Windows in the control domain and much more active marketing. Compared to XEN, Hyper-V contains network and storage stack directly in the hypervisor layer.

KVM is a bit of a special case, it lies somewhere between Type 1 and Type 2 hypervisors. KVM is a Linux kernel module and runs completely in the kernel userspace. Every VM runs as a standard Linux process, scheduled with standard Linux scheduler. It is an open-source project primarily developed by Red Hat. The KVM kernel module is used together with QEMU, which is responsible for providing virtual hardware. KVM is the core of Red Hat Virtualization and Nutanix Acropolis Hypervisor.