Operating Systems

🖲️Operating Systems Unit 8 – Virtual Machines and Virtualization

Virtual machines are software-based emulations of physical computers that run on host hardware. They provide isolated environments for running operating systems and applications, enabling efficient resource utilization and flexible deployment of computing resources. Virtualization technology uses hypervisors to manage virtual machines, allocating hardware resources and ensuring isolation. This approach offers benefits like server consolidation, improved resource utilization, and enhanced flexibility in managing computing environments across various use cases.

What are Virtual Machines?

  • Virtual machines (VMs) are software-based emulations of physical computers that run on a host machine's hardware
  • VMs have their own virtual hardware resources (CPU, memory, storage, network interfaces) allocated from the host machine
  • Each VM runs its own operating system (guest OS) and applications, isolated from other VMs and the host OS
  • Multiple VMs can run simultaneously on a single physical machine, sharing the underlying hardware resources
  • VMs provide a flexible and efficient way to deploy, manage, and scale computing resources
  • VMs enable the consolidation of multiple physical servers into a single host machine, reducing hardware costs and energy consumption
  • VMs facilitate the creation of test and development environments, allowing developers to experiment with different configurations without affecting the host system

Types of Virtualization

  • Server virtualization involves partitioning a physical server into multiple virtual servers, each running its own OS and applications
    • Enables better utilization of server hardware resources and reduces the number of physical servers required
  • Desktop virtualization provides users with remote access to a virtual desktop environment hosted on a centralized server
    • Allows users to access their desktop from any device, anywhere, enhancing flexibility and mobility
  • Network virtualization abstracts the physical network infrastructure, creating virtual networks that can be managed and configured independently
    • Enables the creation of isolated network segments, improving security and network management
  • Storage virtualization pools physical storage devices from multiple servers into a single virtual storage resource
    • Provides a centralized and efficient way to manage and allocate storage resources across the organization
  • Application virtualization encapsulates an application and its dependencies into a virtual container that can run on any compatible host system
    • Enables the deployment of applications without the need for installation or configuration on each individual machine

How Virtualization Works

  • Virtualization relies on a software layer called a hypervisor (virtual machine monitor) that sits between the host hardware and the virtual machines
  • The hypervisor abstracts the physical hardware resources and presents them to the VMs as virtual hardware
  • Each VM is allocated a portion of the host machine's CPU, memory, storage, and network resources by the hypervisor
  • The hypervisor manages the allocation and scheduling of hardware resources among the VMs, ensuring isolation and preventing conflicts
  • When a VM is started, the hypervisor loads the guest OS and applications into the VM's virtual memory and starts executing them
  • The guest OS and applications running inside the VM interact with the virtual hardware provided by the hypervisor, unaware that they are running in a virtualized environment
  • The hypervisor intercepts and translates the VM's hardware requests, mapping them to the physical hardware resources of the host machine

Benefits and Use Cases

  • Server consolidation reduces the number of physical servers required, leading to lower hardware and energy costs
  • Improved resource utilization by allocating hardware resources dynamically based on the needs of each VM
  • Enhanced flexibility and agility in deploying and managing computing resources
    • VMs can be easily created, cloned, and moved between host machines as needed
  • Simplified disaster recovery and business continuity planning
    • VMs can be quickly restored from snapshots or replicated to a secondary site for failover
  • Isolated and secure environments for running untrusted or potentially malicious applications
    • VMs provide a sandboxed environment that prevents the spread of malware or unauthorized access to the host system
  • Streamlined software development and testing processes
    • Developers can create multiple VMs with different configurations to test their applications in various environments
  • Enabling cloud computing and Infrastructure-as-a-Service (IaaS) offerings
    • Cloud providers use virtualization to offer scalable and on-demand computing resources to their customers

Hypervisors: The Backbone of VMs

  • Hypervisors are the software layer responsible for creating, managing, and running virtual machines
  • There are two main types of hypervisors: Type 1 (bare-metal) and Type 2 (hosted)
    • Type 1 hypervisors run directly on the host machine's hardware, providing better performance and security
      • Examples of Type 1 hypervisors include VMware ESXi, Microsoft Hyper-V, and Citrix XenServer
    • Type 2 hypervisors run as a software layer on top of the host operating system, offering easier installation and compatibility
      • Examples of Type 2 hypervisors include VMware Workstation, Oracle VirtualBox, and Parallels Desktop
  • Hypervisors provide a range of features and functionalities for managing VMs, such as:
    • VM creation, configuration, and deletion
    • Resource allocation and management (CPU, memory, storage, network)
    • VM snapshots and cloning for backup and recovery
    • Live migration of VMs between host machines for load balancing and maintenance
  • Hypervisors ensure the isolation and security of VMs by enforcing strict boundaries between the VMs and the host system
    • Each VM operates in its own isolated environment, preventing unauthorized access or interference between VMs

Setting Up and Managing VMs

  • The process of setting up a VM involves several steps:
    • Choosing the appropriate hypervisor and host machine based on performance, compatibility, and feature requirements
    • Allocating hardware resources (CPU cores, memory, storage) to the VM based on the needs of the guest OS and applications
    • Installing the guest operating system and necessary drivers within the VM
    • Configuring network settings, such as virtual network adapters and IP addresses, to enable communication between the VM and other systems
  • VM management tasks include:
    • Monitoring VM performance and resource utilization using built-in or third-party tools
    • Adjusting resource allocations dynamically to optimize performance and ensure fair distribution among VMs
    • Applying updates and patches to the guest OS and applications to maintain security and stability
    • Creating and managing VM snapshots for backup, recovery, and testing purposes
    • Implementing access controls and security policies to protect VMs from unauthorized access or malicious activities
  • Automation tools and scripts can be used to streamline VM provisioning, configuration, and management tasks
    • Tools like Ansible, Puppet, and Chef enable the automated deployment and configuration of VMs across multiple host machines

Performance Considerations

  • Virtualization introduces a performance overhead due to the additional layer of abstraction between the guest OS and the physical hardware
  • The performance impact of virtualization depends on factors such as:
    • The type and configuration of the hypervisor
    • The allocation of hardware resources to the VMs
    • The workload characteristics and resource requirements of the guest OS and applications
  • To optimize VM performance, consider the following:
    • Allocate sufficient CPU, memory, and storage resources to each VM based on its workload requirements
    • Use high-performance storage devices (SSDs) and network interfaces to minimize I/O bottlenecks
    • Enable hardware-assisted virtualization features (Intel VT-x, AMD-V) on the host machine to improve VM performance
    • Configure the hypervisor's resource scheduling and allocation policies to ensure fair distribution among VMs
    • Monitor VM performance regularly and adjust resource allocations as needed to maintain optimal performance
  • Techniques like memory ballooning and CPU overcommitment can help optimize resource utilization and improve overall performance
    • Memory ballooning allows the hypervisor to dynamically reclaim unused memory from VMs and allocate it to other VMs that need it
    • CPU overcommitment enables the allocation of more virtual CPUs to VMs than the number of physical CPU cores available, improving CPU utilization

Security in Virtualized Environments

  • Virtualization introduces new security challenges and considerations compared to traditional physical environments
  • The security of virtualized environments depends on the security of the hypervisor, host machine, and guest VMs
  • Potential security risks in virtualized environments include:
    • Hypervisor vulnerabilities that could allow an attacker to compromise the host machine and all the VMs running on it
    • Inter-VM attacks, where a compromised VM attempts to access or manipulate other VMs on the same host
    • Unauthorized access to VM consoles, storage, or network traffic
    • Malware infections spreading from one VM to another or to the host machine
  • To enhance security in virtualized environments, consider the following best practices:
    • Keep the hypervisor, host OS, and guest VMs up to date with the latest security patches and updates
    • Use strong authentication and access controls to prevent unauthorized access to VMs and management interfaces
    • Implement network segmentation and firewalls to isolate VMs and restrict inter-VM communication
    • Enable secure boot and disk encryption features to protect VM data at rest and during boot
    • Regularly monitor VM activity and logs for signs of suspicious or malicious behavior
    • Use intrusion detection and prevention systems (IDPS) to detect and respond to potential security threats
  • Conduct regular security assessments and penetration testing to identify and remediate vulnerabilities in the virtualized environment


© 2024 Fiveable Inc. All rights reserved.
AP® and SAT® are trademarks registered by the College Board, which is not affiliated with, and does not endorse this website.

© 2024 Fiveable Inc. All rights reserved.
AP® and SAT® are trademarks registered by the College Board, which is not affiliated with, and does not endorse this website.