A hypervisor is a piece of software used to create virtual machines. A virtual machine is an emulation of a computer. Virtual machines are used to create multiple computing environments on a single piece of hardware.
Virtual machines are useful because each VM can run a different operating system, behave like a separate computer, and provide a high level of security.
So how does a hypervisor work?
What Is a Hypervisor?
A hypervisor is a piece of software that sits between a virtual machine and the underlying hardware. It's not possible to create a virtual machine without one.
The hypervisor is responsible for dividing up the hardware resources such as memory, CPU power, and network bandwidth. It then allocates these resources to each VM.
The hypervisor is responsible for keeping each virtual machine isolated. This is what allows each virtual machine to function independently of any problems that affect the others.
The hypervisor also enables communication between virtual machines on the same computer and across networks.
Why Are Hypervisors Used?
Virtual machines provide several advantages over physical computers. Depending on the application, a virtual machine may either be a necessity or simply more convenient.
- VMs allow new computer environments to be added to existing hardware. This allows organizations to better use what they have rather than investing in new technology.
- Physical machines take up physical space. VMs do not. Having multiple systems on a single computer is highly beneficial in a large organization or even on a single desk.
- A new VM can be set up much faster than a new physical system. A VM can also be deleted once it is no longer necessary. This makes VMs ideal for temporary projects.
- A VM can be moved from one server to another, allowing IT processes to be performed at different locations without any physical hardware being moved.
- A virtual machine is completely isolated from everything around it. VMs, therefore, provide all of the security benefits of separate physical machines without any of the costs.
Native vs. Hosted Hypervisors
Hypervisors can be divided into two distinct categories, namely native and hosted. They are also known as Type 1 and Type 2.
Before discussing the difference, it's worth noting that a computer that runs VMs is known as a host machine while individual VMs are known as guest machines.
Native Hypervisors
A native hypervisor runs directly on the host machine's hardware. It doesn't require an operating system to run beneath it. Because of this, it's also known as a bare-metal hypervisor.
- Native hypervisors are more efficient because they don't need to share resources with a host OS. This allows them to offer higher performance levels.
- Native hypervisors are also more secure. Because there's no host OS, there's no host OS that an attacker could compromise.
- Native hypervisors are more expensive and are typically used in data centers where performance, uptime, and security are prioritized.
Hosted Hypervisors
A hosted hypervisor does have an underlying operating system, typically installed directly above it. The host OS is then used to obtain resources from the host machine.
This may cause a drop in performance. It also means that an attack on that OS has the potential to affect all VMs installed by the hypervisor above it.
The primary advantage of hosted hypervisors is that they are cheaper and usually easier to install. Hosted hypervisors are typically used when increased performance and security aren't worth the added cost.
For example, they are often used for testing software and for creating virtual desktops.
Which Hypervisor Should I Use?
If you're trying to run a virtual machine on a personal computer, your choice of hypervisor depends on your existing operating system.
If you're a Windows Pro user, your computer already has a native hypervisor installed, Hyper-V. However, if you're running a home edition of Windows or macOS, you will instead be limited to hosted hypervisors such as VirtualBox or VMware.
Hypervisors vs. Containers
Hypervisors and containers are both used for emulation. They are similar, but they are also very different.
Hypervisors create virtual machines with independent operating systems (hosted hypervisors require a host OS, but the individual VMs still have their own).
Containers all share the same host operating system, leading to them being used for very different applications.
Hypervisors can be used to run applications that are not compatible with the host OS. Each virtual machine is also completely isolated from everything around it. This makes virtual machines superior from a security standpoint.
Containers are significantly smaller than virtual machines, making them cheaper and more portable. They also start-up in seconds while a VM needs to wait for its operating system to load.
Why Hypervisors Are Important for VM Security
The isolation offered by virtual machines means that they are often used for applications where security is a priority. The hypervisor plays a very important role in this.
If a single virtual machine is compromised, this will not affect the rest of the system. However, if the hypervisor is compromised, this may affect all of the virtual machines under its control.
If you are using virtual machines for security purposes, it's important to understand that the hypervisor is the optimal component for a hacker to compromise.
The hypervisor should be kept updated at all times, the network it connects to should be monitored, and no user should have access to it unless necessary.
Is a Hypervisor Right for Your Project?
If you want to run a virtual machine, a hypervisor is the software that will allow you to do so. It takes the underlying hardware and provides the resource allocation necessary to create isolated environments.
If you'd like to keep your existing operating system, your choice is limited by which OS you have installed.
Otherwise, a native hypervisor provides the best performance and security, while a hosted hypervisor provides an alternative when these advantages are not prioritized.