A hypervisor (also known as a virtual machine monitor, VMM, or virtualizer) is a type of computer
software
Software is a set of computer programs and associated software documentation, documentation and data (computing), data. This is in contrast to Computer hardware, hardware, from which the system is built and which actually performs the work.
...
,
firmware
In computing, firmware is a specific class of computer software that provides the low-level control for a device's specific hardware. Firmware, such as the BIOS of a personal computer, may contain basic functions of a device, and may provide ...
or
hardware that creates and runs
virtual machine
In computing, a virtual machine (VM) is the virtualization/ emulation of a computer system. Virtual machines are based on computer architectures and provide functionality of a physical computer. Their implementations may involve specialized har ...
s. A computer on which a hypervisor runs one or more virtual machines is called a ''host machine'', and each virtual machine is called a ''guest machine''. The hypervisor presents the guest operating systems with a
virtual operating platform and manages the execution of the guest operating systems. Unlike an
emulator, the guest executes most instructions on the native hardware.
Multiple instances of a variety of operating systems may share the virtualized hardware resources: for example,
Linux
Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which i ...
,
Windows
Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for ...
, and
macOS
macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac (computer), Mac computers. Within the market of ...
instances can all run on a single physical
x86 machine. This contrasts with
operating-system–level virtualization, where all instances (usually called ''containers'') must share a single kernel, though the guest operating systems can differ in
user space, such as different
Linux distributions with the same kernel.
The term ''hypervisor'' is a variant of ''supervisor'', a traditional term for the
kernel
Kernel may refer to:
Computing
* Kernel (operating system), the central component of most operating systems
* Kernel (image processing), a matrix used for image convolution
* Compute kernel, in GPGPU programming
* Kernel method, in machine lea ...
of an
operating system
An operating system (OS) is system software that manages computer hardware, software resources, and provides common daemon (computing), services for computer programs.
Time-sharing operating systems scheduler (computing), schedule tasks for ef ...
: the hypervisor is the supervisor of the supervisors, with ''
hyper-'' used as a stronger variant of ''
super-''. The term dates to circa 1970; IBM coined it for the
360/65 and later used it for the DIAG handler of CP-67. In the earlier
CP/CMS (1967) system, the term ''Control Program'' was used instead.
Classification
In his 1973 thesis, "Architectural Principles for Virtual Computer Systems,"
Robert P. Goldberg
Robert P. Goldberg (December 4, 1944 – February 25, 1994) was an American computer scientist, known for his research on operating systems and virtualization.
With Gerald J. Popek he proposed the Popek and Goldberg virtualization requirements ...
classified two types of hypervisor:
; Type-1, native or bare-metal hypervisors
: These hypervisors run directly on the host's hardware to control the hardware and to manage guest operating systems. For this reason, they are sometimes called
bare-metal hypervisors. The first hypervisors, which IBM developed in the 1960s, were native hypervisors. These included the test software
SIMMON and the
CP/CMS operating system, the predecessor of IBM
z/VM.
; Type-2 or hosted hypervisors
: These hypervisors run on a conventional operating system (OS) just as other computer programs do. A virtual machine monitor runs as a
process on the host. Type-2 hypervisors abstract guest operating systems from the host operating system.
The distinction between these two types is not always clear. For instance,
KVM and
bhyve are
kernel modules that effectively convert the host operating system to a type-1 hypervisor.
At the same time, since
Linux distributions and
FreeBSD are still general-purpose operating systems, with applications competing with each other for VM resources, KVM and bhyve can also be categorized as type-2 hypervisors.
Mainframe origins
The first hypervisors providing
full virtualization were the test tool
SIMMON and the one-off
IBM CP-40 research system, which began production use in January 1967 and became the first version of the IBM
CP/CMS operating system. CP-40 ran on a
S/360-40 modified at the
Cambridge Scientific Center to support
dynamic address translation
The IBM System/360 Model 67 (S/360-67) was an important IBM mainframe model in the late 1960s.
* It had "its own powerful operating system... heTime Sharing System monitor (TSS)" offering "virtually instantaneous access to and response from t ...
, a feature that enabled virtualization. Prior to this time, computer hardware had only been virtualized to the extent to allow multiple user applications to run concurrently, such as in
CTSS and
IBM M44/44X. With CP-40, the hardware's ''supervisor state'' was virtualized as well, allowing multiple operating systems to run concurrently in separate
virtual machine
In computing, a virtual machine (VM) is the virtualization/ emulation of a computer system. Virtual machines are based on computer architectures and provide functionality of a physical computer. Their implementations may involve specialized har ...
contexts.
Programmers soon implemented CP-40 (as
CP-67) for the
IBM System/360-67, the first production computer system capable of full virtualization. IBM shipped this machine in 1966; it included
page-translation-table hardware for virtual memory and other techniques that allowed a full virtualization of all kernel tasks, including I/O and interrupt handling. (Note that the "official" operating system, the ill-fated
TSS/360, did not employ full virtualization.) Both CP-40 and CP-67 began production use in 1967.
CP/CMS was available to IBM customers from 1968 to early 1970s, in source code form without support.
CP/CMS formed part of IBM's attempt to build robust
time-sharing systems for its
mainframe computers. By running multiple operating systems concurrently, the hypervisor increased system robustness and stability: Even if one operating system crashed, the others would continue working without interruption. Indeed, this even allowed
beta
Beta (, ; uppercase , lowercase , or cursive ; grc, βῆτα, bē̂ta or ell, βήτα, víta) is the second letter of the Greek alphabet. In the system of Greek numerals, it has a value of 2. In Modern Greek, it represents the voiced labi ...
or experimental versions of operating systemsor even of new hardwareto be deployed and debugged, without jeopardizing the stable main production system, and without requiring costly additional development systems.
IBM announced its
System/370 series in 1970 without the
virtual memory feature needed for virtualization, but added it in the August 1972 Advanced Function announcement. Virtualization has been featured in all successor systems, such that all modern-day IBM mainframes, including the
zSeries line, retain backward compatibility with the 1960s-era IBM S/360 line. The 1972 announcement also included
VM/370, a reimplementation of
CP/CMS for the S/370. Unlike
CP/CMS, IBM provided support for this version (though it was still distributed in source code form for several releases). VM stands for ''
Virtual Machine
In computing, a virtual machine (VM) is the virtualization/ emulation of a computer system. Virtual machines are based on computer architectures and provide functionality of a physical computer. Their implementations may involve specialized har ...
'', emphasizing that all, not just some, of the hardware interfaces are virtualized. Both VM and CP/CMS enjoyed early acceptance and rapid development by universities, corporate users, and
time-sharing vendors, as well as within IBM. Users played an active role in ongoing development, anticipating trends seen in modern
open source
Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized sof ...
projects. However, in a series of disputed and bitter battles, time-sharing lost out to
batch processing
Computerized batch processing is a method of running software programs called jobs in batches automatically. While users are required to submit the jobs, no other interaction by the user is required to process the batch. Batches may automatically ...
through IBM political infighting, and VM remained IBM's "other" mainframe operating system for decades, losing to
MVS. It enjoyed a resurgence of popularity and support from 2000 as the
z/VM product, for example as the platform for
Linux on IBM Z.
As mentioned above, the VM control program includes a ''hypervisor-call'' handler that intercepts DIAG ("Diagnose", opcode x'83') instructions used within a virtual machine. This provides fast-path non-virtualized execution of file-system access and other operations (DIAG is a model-dependent privileged instruction, not used in normal programming, and thus is not virtualized. It is therefore available for use as a signal to the "host" operating system). When first implemented in
CP/CMS release 3.1, this use of DIAG provided an operating system interface that was analogous to the
System/360
The IBM System/360 (S/360) is a family of mainframe computer systems that was announced by IBM on April 7, 1964, and delivered between 1965 and 1978. It was the first family of computers designed to cover both commercial and scientific applic ...
Supervisor Call instruction (SVC), but that did not require altering or extending the system's virtualization of SVC.
In 1985 IBM introduced the
PR/SM hypervisor to manage
logical partitions (LPAR).
Operating system support
Several factors led to a resurgence around 2005 in the use of
virtualization
In computing, virtualization or virtualisation (sometimes abbreviated v12n, a numeronym) is the act of creating a virtual (rather than actual) version of something at the same abstraction level, including virtual computer hardware platforms, st ...
technology among
Unix
Unix (; trademarked as UNIX) is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, a ...
,
Linux
Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which i ...
, and other
Unix-like
A Unix-like (sometimes referred to as UN*X or *nix) operating system is one that behaves in a manner similar to a Unix system, although not necessarily conforming to or being certified to any version of the Single UNIX Specification. A Unix-li ...
operating systems:
* Expanding hardware capabilities, allowing each single machine to do more simultaneous work
* Efforts to control costs and to simplify management through consolidation of servers
* The need to control large
multiprocessor
Multiprocessing is the use of two or more central processing units (CPUs) within a single computer system. The term also refers to the ability of a system to support more than one processor or the ability to allocate tasks between them. There ar ...
and
cluster
may refer to:
Science and technology Astronomy
* Cluster (spacecraft), constellation of four European Space Agency spacecraft
* Asteroid cluster, a small asteroid family
* Cluster II (spacecraft), a European Space Agency mission to study th ...
installations, for example in
server farms and
render farms
* The improved security, reliability, and device independence possible from hypervisor architectures
* The ability to run complex, OS-dependent applications in different hardware or OS environments
Major Unix vendors, including
HP,
IBM,
SGI, and
Sun Microsystems
Sun Microsystems, Inc. (Sun for short) was an American technology company that sold computers, computer components, software, and information technology services and created the Java programming language, the Solaris operating system, ZFS, ...
, have been selling virtualized hardware since before 2000. These have generally been large, expensive systems (in the multimillion-dollar range at the high end), although virtualization has also been available on some low- and mid-range systems, such as IBM
pSeries servers,
HP Superdome series machines, and
Sun/
Oracle
An oracle is a person or agency considered to provide wise and insightful counsel or prophetic predictions, most notably including precognition of the future, inspired by deities. As such, it is a form of divination.
Description
The wor ...
T-series CoolThreads servers.
Although
Solaris has always been the only guest domain OS officially supported by Sun/Oracle on their
Logical Domains hypervisor, ,
Linux
Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which i ...
(Ubuntu and Gentoo), and
FreeBSD have been ported to run on top of the hypervisor (and can all run simultaneously on the same processor, as fully virtualized independent guest OSes). Wind River "
Carrier Grade Linux" also runs on Sun's Hypervisor. Full virtualization on
SPARC processors proved straightforward: since its inception in the mid-1980s Sun deliberately kept the SPARC architecture clean of artifacts that would have impeded virtualization. (Compare with virtualization on x86 processors below.)
HPE provides
HP Integrity Virtual Machines (Integrity VM) to host multiple operating systems on their
Itanium powered Integrity systems. Itanium can run
HP-UX
HP-UX (from "Hewlett Packard Unix") is Hewlett Packard Enterprise's proprietary implementation of the Unix operating system, based on Unix System V (initially System III) and first released in 1984. Current versions support HPE Integrit ...
, Linux, Windows and
OpenVMS
OpenVMS, often referred to as just VMS, is a multi-user, multiprocessing and virtual memory-based operating system. It is designed to support time-sharing, batch processing, transaction processing and workstation applications. Customers using Ope ...
, and these environments are also supported as virtual servers on HP's Integrity VM platform. The HP-UX operating system hosts the Integrity VM hypervisor layer that allows for many important features of HP-UX to be taken advantage of and provides major differentiation between this platform and other commodity platforms - such as processor hotswap, memory hotswap, and dynamic kernel updates without system reboot. While it heavily leverages HP-UX, the Integrity VM hypervisor is really a hybrid that runs on bare-metal while guests are executing. Running normal HP-UX applications on an Integrity VM host is heavily discouraged, because Integrity VM implements its own memory management, scheduling and I/O policies that are tuned for virtual machines and are not as effective for normal applications. HPE also provides more rigid partitioning of their Integrity and HP9000 systems by way of VPAR and
nPar technology, the former offering shared resource partitioning and the latter offering complete I/O and processing isolation. The flexibility of virtual server environment (VSE) has given way to its use more frequently in newer deployments.
IBM provides virtualization partition technology known as
logical partitioning (LPAR) on
System/390,
zSeries,
pSeries and
IBM AS/400 systems. For IBM's Power Systems, the POWER Hypervisor (PHYP) is a native (bare-metal) hypervisor in firmware and provides isolation between LPARs. Processor capacity is provided to LPARs in either a dedicated fashion or on an entitlement basis where unused capacity is harvested and can be re-allocated to busy workloads. Groups of LPARs can have their processor capacity managed as if they were in a "pool" - IBM refers to this capability as Multiple Shared-Processor Pools (MSPPs) and implements it in servers with the
POWER6 processor. LPAR and MSPP capacity allocations can be dynamically changed. Memory is allocated to each LPAR (at LPAR initiation or dynamically) and is address-controlled by the POWER Hypervisor. For real-mode addressing by operating systems (
AIX,
Linux
Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which i ...
,
IBM i), the
Power processors (
POWER4 onwards) have designed virtualization capabilities where a hardware address-offset is evaluated with the OS address-offset to arrive at the physical memory address. Input/Output (I/O) adapters can be exclusively "owned" by LPARs or shared by LPARs through an appliance partition known as the Virtual I/O Server (VIOS). The Power Hypervisor provides for high levels of reliability, availability and serviceability (RAS) by facilitating hot add/replace of many parts (model dependent: processors, memory, I/O adapters, blowers, power units, disks, system controllers, etc.)
Similar trends have occurred with x86/x86-64 server platforms, where
open-source projects such as
Xen have led virtualization efforts. These include hypervisors built on Linux and Solaris kernels as well as custom kernels. Since these technologies span from large systems down to desktops, they are described in the next section.
x86 systems
Since 2005, CPU vendors have added hardware virtualization assistance to their products; for example,
Intel VT-x
x86 virtualization is the use of hardware-assisted virtualization capabilities on an x86/x86-64 CPU.
In the late 1990s x86 virtualization was achieved by complex software techniques, necessary to compensate for the processor's lack of hardware-a ...
(code-named Vanderpool) and
AMD-V (code-named Pacifica).
An alternative approach requires modifying the guest operating system to make a
system call
In computing, a system call (commonly abbreviated to syscall) is the programmatic way in which a computer program requests a service from the operating system on which it is executed. This may include hardware-related services (for example, acc ...
to the underlying hypervisor, rather than executing machine I/O instructions that the hypervisor simulates. This is called
paravirtualization in
Xen, a "hypercall" in
Parallels Workstation
Parallels Workstation is the first commercial software product released by Parallels, Inc., a developer of desktop and server virtualization software. The Workstation software consists of a virtual machine suite for Intel x86-compatible computers ...
, and a "DIAGNOSE code" in IBM
VM. Some microkernels, such as
Mach
Mach may refer to Mach number, the speed of sound in local conditions. It may also refer to:
Computing
* Mach (kernel), an operating systems kernel technology
* ATI Mach, a 2D GPU chip by ATI
* GNU Mach, the microkernel upon which GNU Hurd is bas ...
and
L4, are flexible enough to allow paravirtualization of guest operating systems.
Embedded systems
Embedded hypervisors, targeting
embedded system
An embedded system is a computer system—a combination of a computer processor, computer memory, and input/output peripheral devices—that has a dedicated function within a larger mechanical or electronic system. It is ''embedded'' ...
s and certain
real-time operating system (RTOS) environments, are designed with different requirements when compared to desktop and enterprise systems, including robustness, security and
real-time capabilities. The resource-constrained nature of many embedded systems, especially battery-powered mobile systems, imposes a further requirement for small memory-size and low overhead. Finally, in contrast to the ubiquity of the x86 architecture in the PC world, the embedded world uses a wider variety of architectures and less standardized environments. Support for virtualization requires
memory protection (in the form of a
memory management unit
A memory management unit (MMU), sometimes called paged memory management unit (PMMU), is a computer hardware unit having all memory references passed through itself, primarily performing the translation of virtual memory addresses to physical ...
or at least a memory protection unit) and a distinction between
user mode and
privileged mode
In computer science, hierarchical protection domains, often called protection rings, are mechanisms to protect data and functionality from faults (by improving fault tolerance) and malicious behavior (by providing computer security).
Computer ...
, which rules out most
microcontrollers. This still leaves
x86,
MIPS,
ARM and
PowerPC
PowerPC (with the backronym Performance Optimization With Enhanced RISC – Performance Computing, sometimes abbreviated as PPC) is a reduced instruction set computer (RISC) instruction set architecture (ISA) created by the 1991 Apple– IBM ...
as widely deployed architectures on medium- to high-end embedded systems.
As manufacturers of embedded systems usually have the source code to their operating systems, they have less need for full virtualization in this space. Instead, the performance advantages of
paravirtualization make this usually the virtualization technology of choice. Nevertheless, ARM and MIPS have recently added full virtualization support as an IP option and has included it in their latest high-end processors and architecture versions, such as
ARM Cortex-A15 MPCore and ARMv8 EL2.
Other differences between virtualization in server/desktop and embedded environments include requirements for efficient sharing of resources across virtual machines, high-bandwidth, low-latency inter-VM communication, a global view of scheduling and power management, and fine-grained control of information flows.
Security implications
The use of hypervisor technology by
malware
Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, de ...
and
rootkits installing themselves as a hypervisor below the operating system, known as ''
hyperjacking'', can make them more difficult to detect because the malware could intercept any operations of the operating system (such as someone entering a password) without the anti-malware software necessarily detecting it (since the malware runs below the entire operating system). Implementation of the concept has allegedly occurred in the
SubVirt laboratory rootkit (developed jointly by
Microsoft
Microsoft Corporation is an American multinational corporation, multinational technology company, technology corporation producing Software, computer software, consumer electronics, personal computers, and related services headquartered at th ...
and
University of Michigan
, mottoeng = "Arts, Knowledge, Truth"
, former_names = Catholepistemiad, or University of Michigania (1817–1821)
, budget = $10.3 billion (2021)
, endowment = $17 billion (2021)As o ...
researchers) as well as in the
Blue Pill malware package. However, such assertions have been disputed by others who claim that it would be possible to detect the presence of a hypervisor-based rootkit.
In 2009, researchers from Microsoft and
North Carolina State University
North Carolina State University (NC State) is a public land-grant research university in Raleigh, North Carolina. Founded in 1887 and part of the University of North Carolina system, it is the largest university in the Carolinas. The universi ...
demonstrated a hypervisor-layer anti-rootkit called
Hooksafe that can provide generic protection against kernel-mode
rootkits.
Notes
See also
*
Virtual memory
References
External links
Hypervisors and Virtual Machines: Implementation Insights on the x86 ArchitectureA Performance Comparison of Hypervisors VMware
{{Virtualization software
Servers (computing)
Virtualization software