For what hypervisor is responsible for?

Hypervisor security is the process of ensuring the hypervisor, the software that enables virtualization, is secure throughout its life cycle. This includes during development and in implementation. Common security practices for hypervisors include limiting the users in a local system, limiting attack surfaces and keeping all systems updated.

A hypervisor is a software process which will separate a computers operating system (OS) from underlying physical hardware. Virtual machines (VMs) can be created and managed by system administrators through a hypervisor such as Hyper-V Manager and VMware vSphere. In a VM, a hypervisor will emulate hardware such as CPUs, memory and RAM. The emulated hardware can be shared numerous times to create multiple instances of the VM.

However, having multiple VMs on a single server has its downsides because security with hypervisors can become a large concern. For example, if an attacker gains unauthorized accesses to the hypervisor, virtual machine monitor (VMM) or the software which orchestrates the virtual environment, then they would have access to every VM under the hypervisor's control. The attacker could then gain access to all the data stored in each VM. Additional points of vulnerability include shared hardware caches, the network, as well as access to the physical server.

Implementing hypervisor security will help security professionals and administration ensure the protection against such intrusions during development, implementation, provisioning, management de-provisioning.

Hypervisor security techniques and best practices

Numerous methods exist to help protect hypervisors, including practices such as using additional monitoring and network security tools, minimizing attack surfaces, setting access privilege, updating the hypervisor and keeping the physical server out of reach from unauthorized individuals.

Using monitoring and network security tools will allow administrators to monitor their virtual environments and detect any unusual behavior early on. Monitoring tools from vendors such as SolarWinds Inc. and VMware can help monitor and detect attacks. Administrators can use additional tools such as firewalls for network security tools.

Minimizing potential attack surfaces will make it more difficult to access a virtual system by decreasing potential access points. Many operating systems or hypervisors will have additive features that an organization may not need or use which will increase the attack surface of a VM. To minimize threat surfaces, administrators should disable unnecessary services and only allow services needed for successful operation. This includes disconnecting unused physical hardware from host systems.  

A system administrator should also set restrictions to who can have remote and console access to the hypervisor. This practice will also limit who can control the settings of the hypervisor and will prevent unauthorized users from changing or accessing information. Most hypervisor platforms allow multiple access types, including SSH, RDP, specialized management client and server connectivity.

Installing patches and updates to the hypervisor as the vendor releases them is another way to ensure hypervisor security. Updates released by the hypervisor’s vendor may contain security patches or additional security features. Automatic updates are a setting available to most hypervisors for users.

Blocking access to physical servers is another best practice, as access to the physical server is a relatively easy way to access the hypervisors.

Implementing these techniques will help ensure a secure hypervisor and all fall under the term of hypervisor security.

Hypervisors have become a key component to most enterprises’ virtual infrastructure and even many IT pros’ personal PC environments. If you’ve managed virtual machines or even worked with a computer that can dual boot into, say, Windows or Linux, you’ve likely interacted with a hypervisor. Or maybe you’ve just heard of the resource-efficiency and cost-control possibilities of virtualization and are wondering how to get there.

The first step is understanding the purpose of a hypervisor, the types you have to choose from, and the basics of how this technology works. Let’s embark!

What Is a Hypervisor?

A hypervisor is a type of software or hardware used to create virtual machines and then run those virtual machines day to day. You’ll sometimes see the same technology referred to as a ‘virtual machine monitor,’ or VMM, which is a reasonable encapsulation of what a hypervisor does.

If that definition isn’t intuitive for you, allow us to take one step back. To understand what a hypervisor is, you must know about virtual machines, an advance on physical servers. Think back to the early days of computing. In that era, each physical server could only have one operating system. There was no partitioning and workloads affected each other. It was a fine way to do things, but limited.

Enter virtualization. This technology allows multiple virtual machines to run on one server. Now, a single piece of equipment in the physical world can actually look and act like multiple independent servers in the virtual world. (We’ll get to the advantages of a virtualization environment in a moment.)

A hypervisor might be hardware, or it could be a program to manage virtual machines, whether software or firmware. What makes a hypervisor a hypervisor is what it’s used for—it creates, monitors, and manages virtual machines.

The Role of Hypervisor Technology

The hypervisor is the boss of virtual machines, which we’ll call VMs from here on. The hypervisor allocates resources to VMs or, in other words, manages the physical resources, such as CPU, memory, and storage, that execute functions in the VM environments.

It’s a bit like entering The Matrix. In this metaphor, Neo’s body is the physical hardware. It can operate in the real world as a single, physical server or his mind (still reliant on his physical brain) can go virtual. The interface that enables Tank, ‘the operator,’ to simultaneously monitor and manage the different, individual experiences of all the humans on his ship who are plugged into the Matrix—that’s akin to the hypervisor.

Hypervisor vs. Virtual Machine?

It is possible to have VMs without a hypervisor. Such virtualization typically takes the form of containers, basically tinier, cheaper, more portable VMs that use the same O/S as the host machine.

It’s probably best to think of hypervisors and VMs as a package deal, however, with containers representing a different architecture with its own advantages and use cases.

The 4 Biggest Benefits of Hypervisor Virtualization

Okay, so that’s the ‘what’ of hypervisor technology but you may still be wondering ‘why?’ What advantages does a hypervisor bring?

1. Server Consolidation

A key feature of hypervisors is the dashboard, which centralize server management over multiple VMs, which may be running different operating systems. Admins can interact with numerous VMs via the hypervisor as of through a single pane of glass, as they say.

2. Data Replication

VMs are notoriously difficult to replicate using traditional methods. It’s usually necessary to replicate the entire volume for the VM and, frequently, all the VMs on a particular server. Talk about eating up storage!

Fortunately, hypervisor-based replication is more flexible. You can select which VMs and which parts of those VMs to replicate, a clear improvement.

3. Resource Optimization

Because various independent VMs can run on the same hardware at the same time via partitioning, hypervisors help enterprises make more efficient use of the underlying physical equipment. Virtualization has substantially increased server utilization rates.

By also distributing network and bandwidth in an increasingly intelligent manner, hypervisors can help you get more out of all sorts of resources.

4. Desktop Environment Mirroring

Hypervisors can also be used to host a virtual desktop that is the ‘twin’ of a user’s physical desktop. You might be familiar with this concept from various remote-work applications that allow employees to connect to and ‘use’ their office PC from anywhere.

Hypervisor Types

There are two main types of hypervisor used by System Administrators and Software Developers today. The following sections explain how these hypervisor types present unique advantages for different job functions.

Type 1 Hypervisor

Most common in enterprise data centers, a type 1 hypervisor replaces the host’s operating system and lies right on top of the hardware. For this reason, type 1 hypervisors are also called bare metal hypervisors or embedded hypervisors.

Type 1 Hypervisor Examples

Here’s a list of hypervisors of the type 1 variety:

• VMware hypervisors like vSphere, ESXi and ESX
• Microsoft Hyper-V
• Oracle VM Server
• Citrix Hypervisor

Type 2 Hypervisors

A type 2 hypervisor is hosted, running as software on the O/S, which in turn runs on the physical hardware. This form of hypervisor is typically used to run multiple operating systems on one personal computer, such as to enable the user to boot into either Windows or Linux.

Type 2 Hypervisor Examples

Type 2 hypervisor examples include:

• VMware Workstation
• VMware Fusion
• Oracle VirtualBox
• Oracle Solaris Zones
• Oracle VM Server for x86

Type 1 Hypervisor vs. Type 2

Which type of hypervisor do you need? It depends on your use case.

Type 1 hypervisors isolate VM partitions and, therefore, offer significant security advantages. A server farm will rely heavily on such bare metal hypervisors. Type 1 hypervisors can, for instance, be used to offer customers a virtual server in the cloud that behaves like a physical server down the hall. What’s more, different customers won’t be able to access or affect others’ VMs.

Hosted or embedded hypervisors, on the other hand, boast a lower cost and greater ease of installation and use. They’re great for creating test environments or simply running software that wouldn’t run on the native O/S.

Thus, if you’re a software developer, you’re likely going to set up type 2 hypervisors all the time. If you’re managing a production data center and charged with server management, expect to see plenty of type 1 hypervisors.

How Does a Hypervisor Work?

A hypervisor sits between the physical and the virtual. Depending on the type, it might sit right on top of the hardware or it on the O/S. Either way, hypervisors translate VM requests, which are by definition virtual, for the physical hardware on which the operations must still run.

Imagine you’re a VM in need of CPU, memory, storage space, bandwidth, etc., to perform an operation—ask (the hypervisor) and you shall receive!

A Single Source for Hardware and Hypervisor Maintenance and Support

As we’ve discussed, hypervisors, VMs, and the underlying physical hardware work together in an orchestrated manner to process workloads. It only makes sense, then, to seek maintenance and support for all these layers from a single provider.

ParkView IT infrastructure management services from Park Place Technologies offer an all-in-one support solution for virtualized environments, similar to OEM services but with distinct advantages in terms of cost, responsiveness, management complexity and flexibility.

The value proposition is pretty simple. Whether the hardware breaks or the hypervisor breaks, we’ll fix it. Effectively, whatever happens, we respond anytime, anywhere around the globe, because Park Place is a full service, full stack provider.

Sound good? Contact us for more information today!