🖥️

Virtualization and Hypervisors

Jul 6, 2025

Overview

This lecture covers virtualization, hypervisors, virtual machine management, security concerns, networking configurations, virtual desktop infrastructure, and application containerization.

Virtualization & Hypervisors

  • Virtualization enables running multiple independent systems on a single physical device.
  • A virtual machine manager, called a hypervisor, manages virtual machines (VMs) and resources.
  • Hypervisors allocate CPU, memory, networking, and storage to VMs, keeping them isolated.
  • Two types of hypervisors: Type 1 (bare metal) runs directly on hardware, while Type 2 (hosted) runs on top of a host OS.
  • Type 1 examples: VMware ESXi, Microsoft HyperV; Type 2 examples: VMware Workstation, Oracle VirtualBox, Parallels Desktop.
  • CPUs may have virtualization support (Intel VT, AMD-V) for better performance.

Resource Requirements & Networking

  • Each VM needs its own OS, applications, CPU, RAM, and storage, increasing resource demands.
  • Hypervisors manage VM networking, offering options like NAT (shared IP subnet), bridge (same subnet as host), or private (isolated).
  • Networking controls which VMs can communicate externally or stay isolated.

Security Considerations

  • VM escape is a potential vulnerability where malware escapes one VM and affects others via the hypervisor.
  • Security best practices: treat each VM as a separate system with firewalls, anti-malware software, and OS hardening.
  • Be cautious with pre-built VMs from the internet, as these may contain embedded malware.

Virtual Desktop Infrastructure (VDI)

  • VDI runs a user's desktop OS as a VM on remote hardware, accessed via a thin client (keyboard, mouse, display).
  • Desktop as a Service (DaaS) moves desktops to the cloud, requiring minimal local resources.

Application Containerization

  • Containerization virtualizes at the application level, removing the need for a full guest OS per app.
  • Containers are smaller, portable, and managed through containerization software like Docker.
  • Unlike VMs, containers share a single host OS and are best for running multiple instances of the same OS type.
  • Containers cannot natively run different OS types on the same host, unlike VMs.

Key Terms & Definitions

  • Hypervisor — Software that manages VMs and allocates hardware resources.
  • Type 1 Hypervisor (Bare Metal) — Runs directly on hardware without a host OS.
  • Type 2 Hypervisor (Hosted) — Runs on top of an existing OS.
  • VM (Virtual Machine) — An emulated computer system running its own OS and applications.
  • VM Escape — A security flaw where malware leaves its VM boundary to affect others.
  • Virtual Desktop Infrastructure (VDI) — Technology that hosts desktop environments on a central server.
  • Application Containerization — Packaging applications and dependencies in isolated units called containers.
  • Docker — A popular containerization platform.

Action Items / Next Steps

  • Review hypervisor security best practices for VM deployment.
  • Explore Docker or similar software for containerization exercises.
  • Assess hardware requirements before setting up multiple VMs or containers.

Full transcript