Introduction to Virtualization
- Virtualization allows multiple virtual machines (VMs) to run on a single physical
system.
- A hypervisor (or virtual machine manager) manages the interaction
between virtual systems and physical hardware.
- Hypervisors allocate CPU cycles, memory, storage,
and networking to each VM while keeping them isolated.
Types of Hypervisors
- Type 1 Hypervisor (Bare Metal):
- Runs directly on physical hardware without an underlying OS.
- Acts as the primary OS managing the hardware.
- Examples: VMware ESXi, Microsoft Hyper-V.
- Type 2 Hypervisor (Hosted):
- Runs on top of an existing OS (e.g., Windows, macOS, Linux).
- Used for desktop virtualization.
- Examples: VMware Workstation, Oracle VirtualBox,
Parallels Desktop.
- Both types support VMs with identical functionality; the difference is deployment.
Hardware Support for Virtualization
- Modern CPUs include virtualization extensions for improved performance:
- Intel VT (Virtualization Technology).
- AMD-V (AMD Virtualization).
- Hypervisors require sufficient RAM, CPU, and
storage to support multiple VMs.
- Each VM includes a full guest OS, applications, and data, increasing resource
demands.
Networking in Virtualization
- Hypervisors control VM network configurations:
- Shared Network Address: VMs use a private subnet; traffic is translated via
NAT.
- Bridged Network: VMs appear as physical devices on the local network.
- Private Network: VMs communicate only with each other or themselves
(isolated).
Security Considerations
- VM Escape: A rare but critical vulnerability where malware exploits hypervisor
flaws to access other VMs.
- Each VM must be secured like a standalone system:
- Firewalls, anti-malware, and OS hardening.
- Risks of pre-built VMs:
- Malware authors may distribute infected VMs.
- Always build or verify VMs before use.
Virtual Desktop Infrastructure (VDI)
- VDI runs desktops as VMs on remote servers (e.g., cloud).
- Users access VMs via thin clients (keyboard, mouse, display).
- Also called Desktop as a Service (DaaS).
- Reduces local hardware requirements but requires reliable network bandwidth.
Application Containerization
- Alternative to full VMs; virtualizes only applications, not entire OS.
- Containers are lightweight, portable, and share the host OS.
- Examples: Docker, which runs containerized apps on a single host OS.
- Advantages:
- Smaller footprint (no guest OS overhead).
- Faster deployment and migration.
- Limitations:
- Apps must be compatible with the host OS.
- Less isolation than VMs (shared kernel).