IT Explained >
Virtualization is the process of creating a virtual version of something like computer hardware. It involves using specialized software to create a virtual or software-created version of a computing resource rather than the actual version of the same resource.
For example, a virtual computer is a computer system that exists only inside the software of another system rather than as an actual computer with its own processor and storage. Often several virtual resources can be created and used within a single non-virtual resource.
Imagine a flight simulator. One is that good enough to fool an actual pilot. The simulator would have to mimic not only the controls, but the sounds, feelings, and even smells of a real airplane cockpit. It would have to react not only to any input from the joysticks, knobs, and levers, it would also have to return the expected response to each of those things, such as being harder to turn, or generating the sound of landing gear retracting or extending.
In this case, a pilot would fly the plane the same way as a regular plane, never knowing that it wasn’t a real airplane. A virtual server works in the same way. To the operating system, the installed programs, and even the user, the virtualized server is really receiving all input and generating all responses exactly the same as a physical system, even though it is only simulated.
Regardless of the type of virtualization, this effect is achieved by installing a specialized program that mimics the exact nature of what is being virtualized. In the case of a bare metal virtualization, the virtualization simulates actual hardware, taking input, and returning data from the operating system just like it was an actual server. This mimicry goes so far as to reporting a battery status, or CPU temperature, even though only a virtual CPU exists.
The host machine is the physical hardware upon which the virtualization takes place. This machine runs the virtualization software that allows virtual machines to exist. Its physical components such as memory, storage, and processor ultimately handle the needs of the virtual machines. These resources are typically hidden or masked from the guest machines.
To produce this effect, a virtualization software, such as a hypervisor, is installed on the actual physical hardware.
The purpose of the host machine is to provide the physical computing power to the virtual machines in the form of CPU, memory, storage, and network connection.
Virtual Machine (Guest Machine)
The software-only machine runs on the host machine within the created virtual environment. There can be multiple virtual machines running on a single host. A virtual machine need not be a computer. It is possible to virtualize various types of storage, databases, and other systems as well.
A virtual machine runs its own environment. It emulates, or simulates, a single piece of physical hardware such as a desktop computer or server. However, everything is passed through the hypervisor, which makes the actual requests to the real hardware. The hardware returns any data or feedback to the hypervisor, which passes it on to the virtual machine.
Each virtual machine runs separately for all other virtual machines. In fact, each virtual machine believes it is the only system running on the hardware.
It is possible to emulate alternate computer hardware as well. For example, a virtual machine that emulates a storage array can be created on standard server hardware. The virtual storage array will behave the same as if it was 20 hard drives wired to the network, because the hypervisor will act as if that is true.
The purpose of the guest machine is to run the applications and user environment for each virtual system.
Sometimes called a virtual machine manager, the Hypervisor is the software that exists to run, create and manage the virtual machines. The hypervisor is what makes virtualization possible and creates a virtual environment in which the guest machines run. To the guest machine, the hypervisor’s virtual machine is the only one that exists, even if there are numerous virtual machines running on the same physical hardware.
Type-1, or bare-metal hypervisors, are installed directly onto the physical hardware. As such, they must contain their own operating systems for booting, running the hardware, and connecting to the network. Popular Type-1 hypervisors include Microsoft Hyper-V and VMware ESXi.
Type-2, or hosted hypervisors, run on an operating system that is directly installed on the hardware. In this case, a copy of Windows, or a Unix-based system must be installed to boot the system and access the hardware. Once the operating system is running, the hosted hypervisor can launch. Type-2 hypervisors are often used to run multiple operating systems on a single machine, rather than to emulate numerous running systems on the hardware.
Popular Type-2 hypervisors include VMware Workstation, VirtualBox, and Parallels that emulates a Windows operating system while running on a Mac-based computer.
The purpose of the hypervisor is to manage each virtual machine and provide it with the resources it needs to run.
The most common kind of virtualization is hardware virtualization. With hardware virtualization, a software program abstracts the physical hardware as virtual hardware. The hypervisor acts as a middleman between virtual machines and the physical hardware.
Hardware virtualization creates a virtual, software-only, version of a physical machine, such as a computer, router, or storage array. The most basic form of hardware virtualization is the creation of a virtual computer or server. In this case, the virtual computer mimics an actual physical machine complete with processor, addressable memory, and hard disk space. When the virtual machine interacts with the processor or memory, it is actually interacting with the hypervisor, which then passes through the access. Likewise, the hypervisor receives any data from the physical hardware and then passes it on to the virtual machine as if it originated from the virtual hardware.
Anything one can do on an actual machine can be duplicated within the virtual machine, including installing different operating systems. A single virtualized server can run several different virtual machines each with its own OS, installed programs, running services, patch levels, and so on. Each one is configured, run, and installed as dictated by its use, completely separate from any other virtual machines.
Because the virtual machine is not aware that it is virtualized, software and services running inside do not need to be specially installed or configured to be virtualized.
Generally, each virtual machine is partitioned the ability to use a subset of the host machine’s full power. A guest machine might be setup with 20 GB of RAM, for example, even though the actual host machine has 512 GB of RAM.
To the guest machine, only the resources exposed by the hypervisor exist. In the above example, the virtual machine would never be able to access more than 20 GB of RAM regardless of the need. To the virtual machine only that amount exists.
The total resources exposed to all guest machines combined need not be limited to the total resources of the host machine. The hypervisor can offer 20 GB of RAM to 50 different virtual machines on a system with only 512 GB of RAM. Because most systems do not use the maximum available resources at all times, the hypervisor can dynamically allocate the underlying host memory to each system as needed. This is known as oversubscription.
Additionally, because the hypervisor presents the illusion of single, completely accessible physical machines, no virtual machine can see another virtual machine. This allows numerous virtual machines to run without interacting. As a result, on the same host machine, not only can virtual machines of different size exist, but with different operating systems as well.
Cloud Computing and Virtualization
Virtualization is the key to cloud computing. Vendors offer the ability to create, maintain, and administer a virtual machine on off-premises hardware. Because each virtual machine exists as a separate system, there is no need to segregate clients for security or stability purposes. Even if a user corrupted their entire system, such damage has no effect outside of that single virtual machine.
Before virtualization, storing and running servers off-site on another vendor’s network was accomplished as remote hosting. To do this, the cloud vendor would have to supply an actual physical server for each requested machine. It was very labor intensive and very costly to maintain this one-for-one physical server to client’s functional server ratio.
With the advent of cloud computing, a vendor need not match physical hardware to each request for a new machine. Rather, a virtual machine can be created instead.
Major cloud vendors install and operate enormously powerful server hardware, that itself is often virtualized from an array of hardware. For each of these larger servers, the cloud vendor carves out virtual machines as requested by the client.
For example, a client might request a new server with a certain amount of processing power, memory, and disk space. The cloud vendor will “spin up,” or start a new virtual machine with those specifications on one of its own existing host machines without installing any new physical hardware. Because each virtual machine has no direct access to the physical hardware underlying the hypervisor, there is no risk to data or system stability.
Virtualization Hypervisor Vendors
There are several companies that offer a hypervisor or virtual machine manager product that allows for total hardware virtualization. The biggest are VMware and its vSphere line, and Microsoft with Hyper-V. Others include Citrix XenServer and KVM.
The brilliance of virtualization is that each virtualized system cannot tell whether or not it is virtual, or running directly on the hardware. That makes it possible to create a virtual machine within a virtual machine, a process known as nested virtualization. A virtual machine created by a company on Amazon AWS might itself be within a virtual machine created by Amazon, for example.
In some ways, this is like a computer version of Blade Runner. The servers don’t know whether they are real servers or virtually created servers, although each of them believes, at all times that they are “real”.
There is no limit to this nesting. So, Amazon may install an enormous bare metal system in a data center. It installs a bare metal hypervisor on that system to create a system for use by its cloud computing division. The cloud computing division, in turn, installs a hypervisor that splits each system by region. When a client orders a new virtual machine, the cloud computing division at Amazon creates yet another virtual machine. Finally, the client also goes on to create two virtual machines out of that, one for production and another for a test environment. Each machine works exactly like a physical piece of hardware.
This nesting is critical to providing an environment where no knowledge of the previous system is required or useful.
Rather than creating a virtual physical machine, it is possible to create a virtual operating system or desktop. In this case, the user environment, everything above the operating system is encapsulated at a single virtual desktop. Multiple virtual desktops can be installed on the same computer. Each set of applications and customizations is locked within the virtual desktop and does not affect other virtual desktops.
A virtual desktop can be moved from one physical machine to another. When virtual desktops are stored on a networked server, this allows a user to move from one computer to another while always having their own desktop environment. Unlike hardware virtualization, which uses a hypervisor to control virtual machines below the operating system, a virtual desktop can only be used on an operating system that is properly installed and configured. Additionally, a virtual workspace can see through to the physical hardware running on the host machine.
It is possible to virtualize an application. Unlike physical virtualization in which the hypervisor mimics a full hardware configuration, application virtualization requires the application to be able to be virtualized. Unlike desktop virtualization, application virtualization typically does not allow for other applications to interact with the virtualized application.
Application virtualization is used primarily to allow an application to run on a system without having to install it. Rather, a virtual application contains its own virtual environment in which to run.
Just like physical virtualization requires a hypervisor to create and manage virtual machines, application virtualization requires an application manager such as Microsoft App-V or Citrix ZenApp.
The many benefits of virtualization are driving its growth. Understanding these benefits also often answers the question of why to virtualize.
One of the main benefits of virtualization is server consolidation. Traditionally, a business decision to purchase and install a server was driven by factors such as resources need, stability, and security. Using different servers provided load balancing by providing plenty of resources to every critical service and application. Additionally, being on different servers meant that if one server was compromised, the other could continue running. With virtualization, the same benefits can be realized on a single piece of hardware. Servers are still completely isolated by virtual machines, and servers no longer need be oversized.
Each new server draws more power to run its processor and other hardware. In addition, each of those components generates heat, which must be drawn away, usually via fans and air conditioning. Adding virtual machines adds no extra hardware, requiring no additional power or cooling.
Virtual machines are easily duplicated. This makes it easy both to create new copies of the same system, but also as a way to improve availability. Instead of scheduling downtime on the weekend, to install patches or upgrade a system, administrators can install the patches or upgrades on a copy of the running virtual machine, and then swap the old virtual machine out for the newly upgraded machine.
Snapshots of virtual machines offer a way to create or return a system to its exact state without the need to return to the same hardware. As a result, snapshots offer a great form of disaster recovery. Should something happen to an entire data center, the whole operation could theoretically be quickly restored by spinning up new virtual machines in a new location using snapshots of the original systems.
While virtualization offers many advantages, it does introduce additional complexity to the computing environment.
For companies installing and managing virtualization in their own data centers, the hypervisor represents another layer that needs to be installed, managed, licensed, and upgraded. This may require additional personal or training.
Because virtualization depends on resources powerful enough to run multiple virtual machines at once, virtualization may require greater investment in hardware, especially up front. While a much more powerful server may eventually replace dozens of less powerful servers via virtualization and drive lower long-term costs, in some environments that may take several years to earn back the initial investment.
With so many possible, mission critical, virtual machines running on a single piece of physical hardware, disaster recovery and fault-tolerance are even more important, perhaps driving extra expense and complexity.
The complete separation of virtual machines provides great security between systems. Any security breach, whether intentional or accidental, requires the ability to access the resources of the vulnerable system. With virtualization, each system runs independently, and is even unaware of the existence of other virtual machines. So, there is no way to mount any sort of security attack “through” the wall of virtualization.
There is a theoretical concern that a hypervisor, by definition, has some form of access to every virtual machine on a given physical system. If one could compromise the hypervisor itself somehow, there would be the possibility of a “man in the middle” type attack where data passing in and out of the hypervisor could be intercepted and then read or modified. While no successful attacks of this nature are currently known, it does not mean it couldn’t ever happen. The concept of attacking the hypervisor is called hyperjacking.