While looking around the web for anything new with virtualization, I kept seeing more and more posts and articles about the new type of virtual hypervisor. Type 0, now this sounds interesting and I found these definitions for each type of hypervisor.
Type-2 hypervisors are computer emulation applications that run on general purpose operating systems. A Type-2 hypervisor allows users to run multiple operating systems (OSs) simultaneously on a single platform. For example, a Windows 7™ user can install a hypervisor application like VMware Workstation™, to run a Windows XP™ guest OS on top of their Windows 7 host OS. As an application the Type-2 hypervisor is subject to performance, security, and reliability penalties. The hosted hypervisor incurs performance hits because it competes with other user applications like web browsers and e-mail clients for system resources. Type-2 hypervisors are weak in reliability and security because they inherit the vulnerabilities of the user controlled host operating system.
Type-1 hypervisors are computer emulation software tightly integrated with embedded OSs that run transparent to the end-user. Type-1 hypervisors gain a significant performance improvement over Type-2 hypervisors because they are “Self-Hosted” with embedded OSs that are optimized for virtualization. Type-1 hypervisors significantly reduce the attack-surface over Type-2 hypervisors by limiting access to the hypervisor to only system administrators, preventing end-users and user applications from tampering with the hypervisor. Additionally Type-1 hypervisor vendors control all the software that comprise the hypervisor package including the virtualization functions and OS functions, like devices drivers and I/O stacks. Control over the software package prevents malicious software from being introduced into the hypervisor foundation. The limited access and strong control over the embedded OS greatly increase the reliability of Type-1 hypervisors.
Type 0is based on an architecture that allows for higher levels of performance, reliability, and security over Type-1 hypervisors. Type Zero hypervisor is built with the minimum software components required to fully virtualize guest OSs and control information flow between guest OSs. The Type 0architecture removes the need for an embedded host OS to support virtualization, allowing the hypervisor to run in an “Un-Hosted” environment. This drastically differs from Type-1 monolithic architectures where the hypervisor is integrated into a host OS, or Type-1 microkernel architectures where the hypervisor is controlled and assisted by a root or parent operating system.”
I agree with the definition of type 2 and not so much for the rest and I will tell you why.
“Type-1 hypervisors significantly reduce the attack-surface over Type-2 hypervisors by limiting access to the hypervisor to only system administrators, preventing end-users and user applications from tampering with the hypervisor.”
Last I checked there is nodirect access to the hypervisor, there are APIs for management calls that can be made to the hypervisor but there is no direct access to the hypervisors for users or administrators. Most people maybe confusing a management layer with direct access to a hypervisor. There is no direct access to a hypervisor via any modern management construct, however there was in the past such as VMware ESX 1.5 and 2.x versions (which are no longer in use).
“The limited access and strong control over the embedded OS greatly increase the reliability of Type-1 hypervisors.”
VMware vSphere is what I would consider a Type 1 Hypervisor, however there is no embedded OS in VMware ESXi. If you are connecting to VMware ESXi, you are connecting to an independent agent that is running directory on the VMkernel. This may give the appearance of connecting to the hypervisor itself but that is truly not the case.
” The Type Zero architecture removes the need for an embedded host OS to support virtualization, allowing the hypervisor to run in an “Un-Hosted” environment. This drastically differs from Type-1 monolithic architectures where the hypervisor is integrated into a host OS, or Type-1 microkernel architectures where the hypervisor is controlled and assisted by a root or parent operating system.”
This next statement is so far off the mark I have to wonder, who really comes up with some of this stuff? As was mentioned in VMware ESXi there is no host OS but there is a microkernel running below all management constructs, so I must ask how is this a monolithic architecture? All API calls are done via the independent agents that run on top of the VMkernel or the hypervisor.
Perhaps vSphere is really a Type 0 hypervisor?
Now looking at a couple of other types of hypervisors like Xen and Hyper-V there is a primary partition or primary domain. This embedded OS does all the relays for device drivers and I/O stacks with the only real flaw is if something happens to the primary partition, the entire system can crash.
So here are my thoughts on the types of hypervisors available today. I do not think there any more discussion or debate on Type 2 hypervisors, so we will leave that alone. I mentioned earlier that I consider VMware ESXi to be the true Type 1 hypervisor, based on the way vSphere loads and runs its vmkernel, virtual machines, and management constructs. Xen, KVM, and Hyper-V, I would consider a Type 1.5 based on the fact that all IO still travels through the parent domain or partition in order to reach external devices. There are two distinct architectures when creating hypervisors, the VMware architecture where the management construct is not involved in any form of IO transport or the Hyper-V/Xen Architecture where there is a parent partition or domain that manages IO.
There are merits to each architecture, so we want to make a distinction of the difference between the different hypervisors and to declare there is no real Type 0 hypervisor available today as there needs to be much more happening within the hardware to make this occur, how do devices interact with each VM? In a Type 0, we would think it would be handled by the hardware and not much more than a shim of a hypervisor.
It seems Marketing is working to define a new technology that is really not that new. If you still do not believe me you can go check for yourself on Wikipedia.
Share this Article:
Latest posts by Steve Beaver (see all)
- The Attack Seen Around the World - May 17, 2017
- Earnings for 1st Quarter of 2017 - May 12, 2017
- Have You Heard about the Shadow Brokers Tools Dump? - April 28, 2017