HOME

TheInfoList



OR:

A hypervisor (also known as a virtual machine monitor, VMM, or virtualizer) is a type of computer
software Software is a set of computer programs and associated documentation and data. This is in contrast to hardware, from which the system is built and which actually performs the work. At the lowest programming level, executable code consists ...
, firmware or hardware that creates and runs
virtual machine In computing, a virtual machine (VM) is the virtualization/emulation of a computer system. Virtual machines are based on computer architectures and provide functionality of a physical computer. Their implementations may involve specialized hardw ...
s. A computer on which a hypervisor runs one or more virtual machines is called a ''host machine'', and each virtual machine is called a ''guest machine''. The hypervisor presents the guest operating systems with a virtual operating platform and manages the execution of the guest operating systems. Unlike an
emulator In computing, an emulator is hardware or software that enables one computer system (called the ''host'') to behave like another computer system (called the ''guest''). An emulator typically enables the host system to run software or use pe ...
, the guest executes most instructions on the native hardware. Multiple instances of a variety of operating systems may share the virtualized hardware resources: for example,
Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...
,
Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
, and
macOS macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac computers. Within the market of desktop and lapt ...
instances can all run on a single physical
x86 x86 (also known as 80x86 or the 8086 family) is a family of complex instruction set computer (CISC) instruction set architectures initially developed by Intel based on the Intel 8086 microprocessor and its 8088 variant. The 8086 was intr ...
machine. This contrasts with operating-system–level virtualization, where all instances (usually called ''containers'') must share a single kernel, though the guest operating systems can differ in
user space A modern computer operating system usually segregates virtual memory into user space and kernel space. Primarily, this separation serves to provide memory protection and hardware protection from malicious or errant software behaviour. Kernel ...
, such as different Linux distributions with the same kernel. The term ''hypervisor'' is a variant of ''supervisor'', a traditional term for the
kernel Kernel may refer to: Computing * Kernel (operating system), the central component of most operating systems * Kernel (image processing), a matrix used for image convolution * Compute kernel, in GPGPU programming * Kernel method, in machine learn ...
of an
operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...
: the hypervisor is the supervisor of the supervisors, with '' hyper-'' used as a stronger variant of '' super-''. The term dates to circa 1970; IBM coined it for the 360/65 and later used it for the DIAG handler of CP-67. In the earlier
CP/CMS CP/CMS (Control Program/Cambridge Monitor System) is a discontinued time-sharing operating system of the late 1960s and early 1970s, known for its excellent performance and advanced features. It had three distinct versions: * CP-40/CMS, an im ...
(1967) system, the term ''Control Program'' was used instead.


Classification

In his 1973 thesis, "Architectural Principles for Virtual Computer Systems," Robert P. Goldberg classified two types of hypervisor: ; Type-1, native or bare-metal hypervisors : These hypervisors run directly on the host's hardware to control the hardware and to manage guest operating systems. For this reason, they are sometimes called
bare-metal In computer science, bare machine (or bare metal) refers to a computer executing instructions directly on logic hardware without an intervening operating system. Modern operating systems evolved through various stages, from elementary to the pre ...
hypervisors. The first hypervisors, which IBM developed in the 1960s, were native hypervisors. These included the test software
SIMMON SIMMON (SIMulation MONitor) was a proprietary software testing system developed in the late 1960s in the IBM Product Test Laboratory, then at Poughkeepsie, N.Y. It was designed for the then-new line of System/360 computers as a vehicle for testi ...
and the
CP/CMS CP/CMS (Control Program/Cambridge Monitor System) is a discontinued time-sharing operating system of the late 1960s and early 1970s, known for its excellent performance and advanced features. It had three distinct versions: * CP-40/CMS, an im ...
operating system, the predecessor of IBM
z/VM z/VM is the current version in IBM's VM family of virtual machine operating systems. z/VM was first released in October 2000 and remains in active use and development . It is directly based on technology and concepts dating back to the 1960s, wi ...
. ; Type-2 or hosted hypervisors : These hypervisors run on a conventional operating system (OS) just as other computer programs do. A virtual machine monitor runs as a
process A process is a series or set of activities that interact to produce a result; it may occur once-only or be recurrent or periodic. Things called a process include: Business and management *Business process, activities that produce a specific se ...
on the host. Type-2 hypervisors abstract guest operating systems from the host operating system. The distinction between these two types is not always clear. For instance, KVM and
bhyve bhyve (pronounced "bee hive", formerly written as BHyVe for "BSD hypervisor") is a type-2 hypervisor initially written for FreeBSD. It can also be used on a number of illumos based distributions including SmartOS, OpenIndiana, and OmniOS. A por ...
are
kernel module In computing, a loadable kernel module (LKM) is an object file that contains code to extend the running kernel, or so-called ''base kernel'', of an operating system. LKMs are typically used to add support for new hardware (as device drivers) and/o ...
s that effectively convert the host operating system to a type-1 hypervisor. At the same time, since Linux distributions and FreeBSD are still general-purpose operating systems, with applications competing with each other for VM resources, KVM and bhyve can also be categorized as type-2 hypervisors.


Mainframe origins

The first hypervisors providing
full virtualization In computer science, virtualization is a modern technique developed in late 1990s and is different from simulation and emulation. Virtualization employs techniques used to create instances of an environment, as opposed to simulation, which model ...
were the test tool
SIMMON SIMMON (SIMulation MONitor) was a proprietary software testing system developed in the late 1960s in the IBM Product Test Laboratory, then at Poughkeepsie, N.Y. It was designed for the then-new line of System/360 computers as a vehicle for testi ...
and the one-off
IBM CP-40 CP-40 was a research precursor to CP-67, which in turn was part of IBM's then-revolutionary CP/CMS, CP 67CMS – a virtual machine/virtual memory time-sharing operating system for the IBM System/360 Model 67, and the parent of IBM's VM (operati ...
research system, which began production use in January 1967 and became the first version of the IBM
CP/CMS CP/CMS (Control Program/Cambridge Monitor System) is a discontinued time-sharing operating system of the late 1960s and early 1970s, known for its excellent performance and advanced features. It had three distinct versions: * CP-40/CMS, an im ...
operating system. CP-40 ran on a S/360-40 modified at the
Cambridge Scientific Center The IBM Cambridge Scientific Center was a company research laboratory established in February 1964 in Cambridge, Massachusetts. Situated at 545 Technology Square (''Tech Square''), in the same building as MIT's Project MAC, it was later renamed ...
to support dynamic address translation, a feature that enabled virtualization. Prior to this time, computer hardware had only been virtualized to the extent to allow multiple user applications to run concurrently, such as in CTSS and
IBM M44/44X The IBM M44/44X was an experimental computer system from the mid-1960s, designed and operated at IBM's Thomas J. Watson Research Center at Yorktown Heights, New York. It was based on an IBM 7044 (the 'M44'), and simulated multiple 7044 virtual mach ...
. With CP-40, the hardware's ''supervisor state'' was virtualized as well, allowing multiple operating systems to run concurrently in separate
virtual machine In computing, a virtual machine (VM) is the virtualization/emulation of a computer system. Virtual machines are based on computer architectures and provide functionality of a physical computer. Their implementations may involve specialized hardw ...
contexts. Programmers soon implemented CP-40 (as
CP-67 CP-67 was the ''control program'' portion of CP/CMS, a virtual machine operating system developed for the IBM System/360-67 by IBM's Cambridge Scientific Center. It was a reimplementation of their earlier research system CP-40, which ran on a on ...
) for the
IBM System/360-67 The IBM System/360 Model 67 (S/360-67) was an important IBM mainframe model in the late 1960s. * It had "its own powerful operating system... heTime Sharing System monitor (TSS)" offering "virtually instantaneous access to and response from t ...
, the first production computer system capable of full virtualization. IBM shipped this machine in 1966; it included page-translation-table hardware for virtual memory and other techniques that allowed a full virtualization of all kernel tasks, including I/O and interrupt handling. (Note that the "official" operating system, the ill-fated
TSS/360 The IBM Time Sharing System TSS/360 is a discontinued early time-sharing operating system designed exclusively for a special model of the System/360 line of mainframes, the Model 67. Made available on a trial basis to a limited set of custom ...
, did not employ full virtualization.) Both CP-40 and CP-67 began production use in 1967.
CP/CMS CP/CMS (Control Program/Cambridge Monitor System) is a discontinued time-sharing operating system of the late 1960s and early 1970s, known for its excellent performance and advanced features. It had three distinct versions: * CP-40/CMS, an im ...
was available to IBM customers from 1968 to early 1970s, in source code form without support.
CP/CMS CP/CMS (Control Program/Cambridge Monitor System) is a discontinued time-sharing operating system of the late 1960s and early 1970s, known for its excellent performance and advanced features. It had three distinct versions: * CP-40/CMS, an im ...
formed part of IBM's attempt to build robust
time-sharing In computing, time-sharing is the sharing of a computing resource among many users at the same time by means of multiprogramming and multi-tasking.DEC Timesharing (1965), by Peter Clark, The DEC Professional, Volume 1, Number 1 Its emergence ...
systems for its mainframe computers. By running multiple operating systems concurrently, the hypervisor increased system robustness and stability: Even if one operating system crashed, the others would continue working without interruption. Indeed, this even allowed beta or experimental versions of operating systemsor even of new hardwareto be deployed and debugged, without jeopardizing the stable main production system, and without requiring costly additional development systems. IBM announced its
System/370 The IBM System/370 (S/370) is a model range of IBM mainframe computers announced on June 30, 1970, as the successors to the System/360 family. The series mostly maintains backward compatibility with the S/360, allowing an easy migration path ...
series in 1970 without the
virtual memory In computing, virtual memory, or virtual storage is a memory management technique that provides an "idealized abstraction of the storage resources that are actually available on a given machine" which "creates the illusion to users of a very ...
feature needed for virtualization, but added it in the August 1972 Advanced Function announcement. Virtualization has been featured in all successor systems, such that all modern-day IBM mainframes, including the
zSeries IBM Z is a family name used by IBM for all of its z/Architecture mainframe computers. In July 2017, with another generation of products, the official family was changed to IBM Z from IBM z Systems; the IBM Z family now includes the newest mo ...
line, retain backward compatibility with the 1960s-era IBM S/360 line. The 1972 announcement also included
VM/370 VM (often: VM/CMS) is a family of IBM virtual machine operating systems used on IBM mainframes System/370, System/390, zSeries, System z and compatible systems, including the Hercules (emulator), Hercules emulator for personal computers. The ...
, a reimplementation of
CP/CMS CP/CMS (Control Program/Cambridge Monitor System) is a discontinued time-sharing operating system of the late 1960s and early 1970s, known for its excellent performance and advanced features. It had three distinct versions: * CP-40/CMS, an im ...
for the S/370. Unlike
CP/CMS CP/CMS (Control Program/Cambridge Monitor System) is a discontinued time-sharing operating system of the late 1960s and early 1970s, known for its excellent performance and advanced features. It had three distinct versions: * CP-40/CMS, an im ...
, IBM provided support for this version (though it was still distributed in source code form for several releases). VM stands for ''
Virtual Machine In computing, a virtual machine (VM) is the virtualization/emulation of a computer system. Virtual machines are based on computer architectures and provide functionality of a physical computer. Their implementations may involve specialized hardw ...
'', emphasizing that all, not just some, of the hardware interfaces are virtualized. Both VM and CP/CMS enjoyed early acceptance and rapid development by universities, corporate users, and
time-sharing In computing, time-sharing is the sharing of a computing resource among many users at the same time by means of multiprogramming and multi-tasking.DEC Timesharing (1965), by Peter Clark, The DEC Professional, Volume 1, Number 1 Its emergence ...
vendors, as well as within IBM. Users played an active role in ongoing development, anticipating trends seen in modern open source projects. However, in a series of disputed and bitter battles, time-sharing lost out to
batch processing Computerized batch processing is a method of running software programs called jobs in batches automatically. While users are required to submit the jobs, no other interaction by the user is required to process the batch. Batches may automatically ...
through IBM political infighting, and VM remained IBM's "other" mainframe operating system for decades, losing to
MVS Multiple Virtual Storage, more commonly called MVS, was the most commonly used operating system on the System/370 and System/390 IBM mainframe computers. IBM developed MVS, along with OS/VS1 and SVS, as a successor to OS/360. It is unrelated ...
. It enjoyed a resurgence of popularity and support from 2000 as the
z/VM z/VM is the current version in IBM's VM family of virtual machine operating systems. z/VM was first released in October 2000 and remains in active use and development . It is directly based on technology and concepts dating back to the 1960s, wi ...
product, for example as the platform for
Linux on IBM Z Linux on IBM Z or Linux on zSystems is the collective term for the Linux operating system compiled to run on IBM mainframes, especially IBM Z / IBM zSystems and IBM LinuxONE servers. Similar terms which imply the same meaning are ''Linux/390'', ...
. As mentioned above, the VM control program includes a ''hypervisor-call'' handler that intercepts DIAG ("Diagnose", opcode x'83') instructions used within a virtual machine. This provides fast-path non-virtualized execution of file-system access and other operations (DIAG is a model-dependent privileged instruction, not used in normal programming, and thus is not virtualized. It is therefore available for use as a signal to the "host" operating system). When first implemented in
CP/CMS CP/CMS (Control Program/Cambridge Monitor System) is a discontinued time-sharing operating system of the late 1960s and early 1970s, known for its excellent performance and advanced features. It had three distinct versions: * CP-40/CMS, an im ...
release 3.1, this use of DIAG provided an operating system interface that was analogous to the System/360
Supervisor Call instruction A supervisor, or lead, (also known as foreman, boss, overseer, facilitator, monitor, area coordinator, line-manager or sometimes gaffer) is the job title of a lower-level management position that is primarily based on authority over workers or ...
(SVC), but that did not require altering or extending the system's virtualization of SVC. In 1985 IBM introduced the
PR/SM A logical partition (LPAR) is a subset of a computer's hardware resources, virtualized as a separate computer. In effect, a physical machine can be partitioned into multiple logical partitions, each hosting a separate instance of an operating ...
hypervisor to manage logical partitions (LPAR).


Operating system support

Several factors led to a resurgence around 2005 in the use of
virtualization In computing, virtualization or virtualisation (sometimes abbreviated v12n, a numeronym) is the act of creating a virtual (rather than actual) version of something at the same abstraction level, including virtual computer hardware platforms, stor ...
technology among
Unix Unix (; trademarked as UNIX) is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, an ...
,
Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...
, and other
Unix-like A Unix-like (sometimes referred to as UN*X or *nix) operating system is one that behaves in a manner similar to a Unix system, although not necessarily conforming to or being certified to any version of the Single UNIX Specification. A Unix-li ...
operating systems: * Expanding hardware capabilities, allowing each single machine to do more simultaneous work * Efforts to control costs and to simplify management through consolidation of servers * The need to control large
multiprocessor Multiprocessing is the use of two or more central processing units (CPUs) within a single computer system. The term also refers to the ability of a system to support more than one processor or the ability to allocate tasks between them. There ar ...
and
cluster may refer to: Science and technology Astronomy * Cluster (spacecraft), constellation of four European Space Agency spacecraft * Asteroid cluster, a small asteroid family * Cluster II (spacecraft), a European Space Agency mission to study t ...
installations, for example in
server farm A server farm or server cluster is a collection of computer servers, usually maintained by an organization to supply server functionality far beyond the capability of a single machine. They often consist of thousands of computers which require ...
s and
render farm A render farm is a high-performance computer system, e.g. a computer cluster, built to render computer-generated imagery (CGI), typically for film and television visual effects. Origin of the term The term ''render farm'' was born during the p ...
s * The improved security, reliability, and device independence possible from hypervisor architectures * The ability to run complex, OS-dependent applications in different hardware or OS environments Major Unix vendors, including HP, IBM,
SGI SGI may refer to: Companies *Saskatchewan Government Insurance *Scientific Games International, a gambling company *Silicon Graphics, Inc., a former manufacturer of high-performance computing products *Silicon Graphics International, formerly Rac ...
, and
Sun Microsystems Sun Microsystems, Inc. (Sun for short) was an American technology company that sold computers, computer components, software, and information technology services and created the Java programming language, the Solaris operating system, ZFS, the ...
, have been selling virtualized hardware since before 2000. These have generally been large, expensive systems (in the multimillion-dollar range at the high end), although virtualization has also been available on some low- and mid-range systems, such as IBM
pSeries The IBM System p is a high-end line of RISC (Power)/UNIX-based servers. It was the successor of the RS/6000 line, and predecessor of the IBM Power Systems server series. History The previous RS/6000 line was originally a line of workstations an ...
servers,
HP Superdome The HP Superdome is a high-end server computer designed and manufactured by Hewlett Packard Enterprise (formerly Hewlett-Packard). The product's most recent version, "Superdome 2," was released in 2010. Superdome 2 supports 2 to 32 sockets (up to ...
series machines, and
Sun The Sun is the star at the center of the Solar System. It is a nearly perfect ball of hot plasma, heated to incandescence by nuclear fusion reactions in its core. The Sun radiates this energy mainly as light, ultraviolet, and infrared radi ...
/ Oracle T-series CoolThreads servers. Although
Solaris Solaris may refer to: Arts and entertainment Literature, television and film * ''Solaris'' (novel), a 1961 science fiction novel by Stanisław Lem ** ''Solaris'' (1968 film), directed by Boris Nirenburg ** ''Solaris'' (1972 film), directed by ...
has always been the only guest domain OS officially supported by Sun/Oracle on their
Logical Domains Logic is the study of correct reasoning. It includes both formal and informal logic. Formal logic is the science of deductively valid inferences or of logical truths. It is a formal science investigating how conclusions follow from premise ...
hypervisor, ,
Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...
(Ubuntu and Gentoo), and FreeBSD have been ported to run on top of the hypervisor (and can all run simultaneously on the same processor, as fully virtualized independent guest OSes). Wind River "
Carrier Grade Linux Carrier Grade Linux (CGL) is a set of specifications which detail standards of availability, scalability, manageability, and service response characteristics which must be met in order for Linux kernel-based operating system to be considered "c ...
" also runs on Sun's Hypervisor. Full virtualization on
SPARC SPARC (Scalable Processor Architecture) is a reduced instruction set computer (RISC) instruction set architecture originally developed by Sun Microsystems. Its design was strongly influenced by the experimental Berkeley RISC system develope ...
processors proved straightforward: since its inception in the mid-1980s Sun deliberately kept the SPARC architecture clean of artifacts that would have impeded virtualization. (Compare with virtualization on x86 processors below.) HPE provides
HP Integrity Virtual Machines Integrity Virtual Machines is software from Hewlett-Packard that allows multiple virtual machines to run concurrently on any Itanium server running HP-UX, notably the HPE Integrity Servers line. It is part of HP's Virtual Server Environment suite ...
(Integrity VM) to host multiple operating systems on their
Itanium Itanium ( ) is a discontinued family of 64-bit Intel microprocessors that implement the Intel Itanium architecture (formerly called IA-64). Launched in June 2001, Intel marketed the processors for enterprise servers and high-performance comput ...
powered Integrity systems. Itanium can run HP-UX, Linux, Windows and OpenVMS, and these environments are also supported as virtual servers on HP's Integrity VM platform. The HP-UX operating system hosts the Integrity VM hypervisor layer that allows for many important features of HP-UX to be taken advantage of and provides major differentiation between this platform and other commodity platforms - such as processor hotswap, memory hotswap, and dynamic kernel updates without system reboot. While it heavily leverages HP-UX, the Integrity VM hypervisor is really a hybrid that runs on bare-metal while guests are executing. Running normal HP-UX applications on an Integrity VM host is heavily discouraged, because Integrity VM implements its own memory management, scheduling and I/O policies that are tuned for virtual machines and are not as effective for normal applications. HPE also provides more rigid partitioning of their Integrity and HP9000 systems by way of VPAR and
nPar nPar partitions are electrically isolated from other nPar partitions within the same chassis. Cells (a unit of processors/IO/memory) make up nPar partitions. Being electrically isolated means that if a nPar partition were to fail due to hardware f ...
technology, the former offering shared resource partitioning and the latter offering complete I/O and processing isolation. The flexibility of virtual server environment (VSE) has given way to its use more frequently in newer deployments. IBM provides virtualization partition technology known as logical partitioning (LPAR) on
System/390 The IBM System/390 is a discontinued mainframe product family implementing the ESA/390, the fifth generation of the System/360 instruction set architecture. The first computers to use the ESA/390 were the Enterprise System/9000 (ES/9000 ...
,
zSeries IBM Z is a family name used by IBM for all of its z/Architecture mainframe computers. In July 2017, with another generation of products, the official family was changed to IBM Z from IBM z Systems; the IBM Z family now includes the newest mo ...
,
pSeries The IBM System p is a high-end line of RISC (Power)/UNIX-based servers. It was the successor of the RS/6000 line, and predecessor of the IBM Power Systems server series. History The previous RS/6000 line was originally a line of workstations an ...
and
IBM AS/400 The IBM AS/400 (Application System/400) is a family of midrange computers from IBM announced in June 1988 and released in August 1988. It was the successor to the System/36 and System/38 platforms, and ran the OS/400 operating system. Lower-cost ...
systems. For IBM's Power Systems, the POWER Hypervisor (PHYP) is a native (bare-metal) hypervisor in firmware and provides isolation between LPARs. Processor capacity is provided to LPARs in either a dedicated fashion or on an entitlement basis where unused capacity is harvested and can be re-allocated to busy workloads. Groups of LPARs can have their processor capacity managed as if they were in a "pool" - IBM refers to this capability as Multiple Shared-Processor Pools (MSPPs) and implements it in servers with the
POWER6 The POWER6 is a microprocessor developed by IBM that implemented the Power ISA v.2.03. When it became available in systems in 2007, it succeeded the POWER5+ as IBM's flagship Power microprocessor. It is claimed to be part of the eCLipz projec ...
processor. LPAR and MSPP capacity allocations can be dynamically changed. Memory is allocated to each LPAR (at LPAR initiation or dynamically) and is address-controlled by the POWER Hypervisor. For real-mode addressing by operating systems (
AIX Aix or AIX may refer to: Computing * AIX, a line of IBM computer operating systems *An Alternate Index, for a Virtual Storage Access Method Key Sequenced Data Set * Athens Internet Exchange, a European Internet exchange point Places Belgi ...
,
Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...
, IBM i), the
Power Power most often refers to: * Power (physics), meaning "rate of doing work" ** Engine power, the power put out by an engine ** Electric power * Power (social and political), the ability to influence people or events ** Abusive power Power may a ...
processors (
POWER4 The POWER4 is a microprocessor developed by International Business Machines (IBM) that implemented the 64-bit PowerPC and PowerPC AS instruction set architectures. Released in 2001, the POWER4 succeeded the POWER3 and RS64 microprocessors, ena ...
onwards) have designed virtualization capabilities where a hardware address-offset is evaluated with the OS address-offset to arrive at the physical memory address. Input/Output (I/O) adapters can be exclusively "owned" by LPARs or shared by LPARs through an appliance partition known as the Virtual I/O Server (VIOS). The Power Hypervisor provides for high levels of reliability, availability and serviceability (RAS) by facilitating hot add/replace of many parts (model dependent: processors, memory, I/O adapters, blowers, power units, disks, system controllers, etc.) Similar trends have occurred with x86/x86-64 server platforms, where open-source projects such as Xen have led virtualization efforts. These include hypervisors built on Linux and Solaris kernels as well as custom kernels. Since these technologies span from large systems down to desktops, they are described in the next section.


x86 systems

Since 2005, CPU vendors have added hardware virtualization assistance to their products; for example,
Intel VT-x x86 virtualization is the use of hardware-assisted virtualization capabilities on an x86/x86-64 CPU. In the late 1990s x86 virtualization was achieved by complex software techniques, necessary to compensate for the processor's lack of hardware-a ...
(code-named Vanderpool) and AMD-V (code-named Pacifica). An alternative approach requires modifying the guest operating system to make a
system call In computing, a system call (commonly abbreviated to syscall) is the programmatic way in which a computer program requests a service from the operating system on which it is executed. This may include hardware-related services (for example, acc ...
to the underlying hypervisor, rather than executing machine I/O instructions that the hypervisor simulates. This is called
paravirtualization In computing, paravirtualization or para-virtualization is a virtualization technique that presents a software interface to the virtual machines which is similar, yet not identical, to the underlying hardware–software interface. The intent o ...
in Xen, a "hypercall" in
Parallels Workstation Parallels Workstation is the first commercial software product released by Parallels, Inc., a developer of desktop and server virtualization software. The Workstation software consists of a virtual machine suite for Intel x86-compatible computer ...
, and a "DIAGNOSE code" in IBM VM. Some microkernels, such as Mach and L4, are flexible enough to allow paravirtualization of guest operating systems.


Embedded systems

Embedded hypervisor An embedded hypervisor is a hypervisor that supports the requirements of embedded systems. The requirements for an embedded hypervisor are distinct from hypervisors targeting server and desktop applications. An embedded hypervisor is designed int ...
s, targeting
embedded system An embedded system is a computer system—a combination of a computer processor, computer memory, and input/output peripheral devices—that has a dedicated function within a larger mechanical or electronic system. It is ''embedded'' as ...
s and certain
real-time operating system A real-time operating system (RTOS) is an operating system (OS) for real-time applications that processes data and events that have critically defined time constraints. An RTOS is distinct from a time-sharing operating system, such as Unix, which m ...
(RTOS) environments, are designed with different requirements when compared to desktop and enterprise systems, including robustness, security and
real-time Real-time or real time describes various operations in computing or other processes that must guarantee response times within a specified time (deadline), usually a relatively short time. A real-time process is generally one that happens in defined ...
capabilities. The resource-constrained nature of many embedded systems, especially battery-powered mobile systems, imposes a further requirement for small memory-size and low overhead. Finally, in contrast to the ubiquity of the x86 architecture in the PC world, the embedded world uses a wider variety of architectures and less standardized environments. Support for virtualization requires
memory protection Memory protection is a way to control memory access rights on a computer, and is a part of most modern instruction set architectures and operating systems. The main purpose of memory protection is to prevent a process from accessing memory that h ...
(in the form of a
memory management unit A memory management unit (MMU), sometimes called paged memory management unit (PMMU), is a computer hardware unit having all memory references passed through itself, primarily performing the translation of virtual memory addresses to physical a ...
or at least a memory protection unit) and a distinction between
user mode A modern computer operating system usually segregates virtual memory into user space and kernel space. Primarily, this separation serves to provide memory protection and hardware protection from malicious or errant software behaviour. Kernel ...
and privileged mode, which rules out most microcontrollers. This still leaves
x86 x86 (also known as 80x86 or the 8086 family) is a family of complex instruction set computer (CISC) instruction set architectures initially developed by Intel based on the Intel 8086 microprocessor and its 8088 variant. The 8086 was intr ...
, MIPS,
ARM In human anatomy, the arm refers to the upper limb in common usage, although academically the term specifically means the upper arm between the glenohumeral joint (shoulder joint) and the elbow joint. The distal part of the upper limb between th ...
and
PowerPC PowerPC (with the backronym Performance Optimization With Enhanced RISC – Performance Computing, sometimes abbreviated as PPC) is a reduced instruction set computer (RISC) instruction set architecture (ISA) created by the 1991 Apple Inc., App ...
as widely deployed architectures on medium- to high-end embedded systems. As manufacturers of embedded systems usually have the source code to their operating systems, they have less need for full virtualization in this space. Instead, the performance advantages of
paravirtualization In computing, paravirtualization or para-virtualization is a virtualization technique that presents a software interface to the virtual machines which is similar, yet not identical, to the underlying hardware–software interface. The intent o ...
make this usually the virtualization technology of choice. Nevertheless, ARM and MIPS have recently added full virtualization support as an IP option and has included it in their latest high-end processors and architecture versions, such as
ARM Cortex-A15 MPCore The ARM Cortex-A15 MPCore is a 32-bit processor core licensed by ARM Holdings implementing the ARMv7-A architecture. It is a multicore processor with out-of-order superscalar pipeline running at up to 2.5  GHz. Overview ARM has claimed t ...
and ARMv8 EL2. Other differences between virtualization in server/desktop and embedded environments include requirements for efficient sharing of resources across virtual machines, high-bandwidth, low-latency inter-VM communication, a global view of scheduling and power management, and fine-grained control of information flows.


Security implications

The use of hypervisor technology by malware and
rootkit A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the exis ...
s installing themselves as a hypervisor below the operating system, known as ''
hyperjacking Hyperjacking is an attack in which a hacker takes malicious control over the hypervisor that creates the virtual environment within a virtual machine (VM) host. The point of the attack is to target the operating system that is below that of the v ...
'', can make them more difficult to detect because the malware could intercept any operations of the operating system (such as someone entering a password) without the anti-malware software necessarily detecting it (since the malware runs below the entire operating system). Implementation of the concept has allegedly occurred in the SubVirt laboratory rootkit (developed jointly by
Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washing ...
and
University of Michigan , mottoeng = "Arts, Knowledge, Truth" , former_names = Catholepistemiad, or University of Michigania (1817–1821) , budget = $10.3 billion (2021) , endowment = $17 billion (2021)As o ...
researchers) as well as in the Blue Pill malware package. However, such assertions have been disputed by others who claim that it would be possible to detect the presence of a hypervisor-based rootkit. In 2009, researchers from Microsoft and North Carolina State University demonstrated a hypervisor-layer anti-rootkit called
Hooksafe Hooksafe is a hypervisor-based lightweight system that protects an operating system's kernel hooks from rootkit attacks. It prevents thousands of kernel hooks in the guest operating system from being hijacked. This is achieved by making a shadow ...
that can provide generic protection against kernel-mode
rootkit A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the exis ...
s.


Notes


See also

*
Virtual memory In computing, virtual memory, or virtual storage is a memory management technique that provides an "idealized abstraction of the storage resources that are actually available on a given machine" which "creates the illusion to users of a very ...


References


External links


Hypervisors and Virtual Machines: Implementation Insights on the x86 Architecture

A Performance Comparison of Hypervisors
VMware {{Virtualization software Servers (computing) Virtualization software