Hypervisors and Virtualization

Questions and Answers

What is the primary role of a hypervisor?

• To manage and allocate physical resources among virtual machines. (correct)
• To encrypt network traffic.
• To provide firewall protection.
• To monitor system logs.

Hypervisors are only used in large enterprise environments and are not relevant for individual users.

False (B)

Name the two main types of hypervisors.

Type 1 (bare-metal) and Type 2 (hosted)

A Type 1 hypervisor is also known as a ______ hypervisor.

bare-metal

Which of the following is a key advantage of using bare-metal hypervisors?

Direct access to hardware resources. (B)

Type 2 hypervisors generally offer better performance than Type 1 hypervisors due to their direct access to hardware.

False (B)

What is a significant advantage of using hosted hypervisors in development environments?

Ease of use and compatibility with various operating systems

The core component in a bare-metal hypervisor responsible for managing and allocating physical resources to virtual machines is the ______ core.

hypervisor

What component oversees the execution of virtual machines in a bare-metal hypervisor?

The VM Monitor (VMM). (C)

Virtual switches in hypervisors are primarily used for managing CPU allocation among virtual machines.

False (B)

Name one example of a bare-metal hypervisor.

VMware ESXi, Microsoft Hyper-V Server, KVM

Parallels Desktop is a hosted hypervisor designed primarily for ______ users.

macOS

Which feature enhances security by isolating virtual machines from each other?

Security Isolation. (D)

Live migration allows the movement of virtual machines between physical hosts with service interruption.

False (B)

What is a significant security challenge associated with hypervisors?

Hypervisor vulnerabilities or VM escape attacks

[Blank] attacks involve an attacker breaking out of a virtual machine to gain unauthorized access to the hypervisor or other VMs.

VM escape

What can result from insufficient isolation between virtual machines?

One VM accessing or interfering with another VM's resources. (A)

Using insecure or compromised VM images does not pose a significant security risk to the virtualized environment.

False (B)

Why is regular patch management essential for hypervisor software?

To address known vulnerabilities

Failing to apply security patches and updates to the hypervisor software leaves it susceptible to known ______.

vulnerabilities

What should organizations implement to limit who can access the hypervisor and its management interfaces?

Strong access controls and authentication. (C)

Disabling unnecessary features and services on a hypervisor can improve its security posture.

True (A)

What is the purpose of implementing network segmentation in a hypervisor environment?

To isolate hypervisor management traffic

Enabling secure boot features ensures that only authorized and digitally ______ hypervisor components are loaded during the boot process.

signed

Match the following hypervisor features with their descriptions:

Resource Virtualization = Abstracts physical resources, creating virtual instances Live Migration = Moves VMs between physical hosts without service interruption Security Isolation = Prevents VMs from interfering with each other Snapshot and Cloning = Creates point-in-time copies for backup and testing

Flashcards

What are Hypervisors?

Also known as Virtual Machine Monitors (VMMs), they enable multiple operating systems to share a single hardware host.

Primary role of a hypervisor

Manage and allocate physical resources like CPU, memory, and storage among virtual machines.

Hypervisors in IaaS

Virtualizing compute resources allowing cloud service providers to offer virtual machines on a pay-as-you-go basis.

Hypervisors in PaaS

Abstracts the underlying infrastructure from developers, enabling scalable platforms for app development.

Hypervisors in SaaS

They manage infrastructure for software services, allowing efficient delivery and scaling.

Hypervisors in DaaS

They provide virtual desktops, enabling remote access to desktop resources.

Resource Virtualization.

Abstracts and virtualizes physical resources to create virtual instances that can run separate operating systems.

Isolation

Ensures each virtual machine operates independently, preventing interference.

CPU and Memory Management

Manages allocation of CPU and memory resources among virtual machines, ensuring fair and efficient utilization.

Device Emulation

Provides emulated or para-virtualized devices to virtual machines, allowing interaction with hardware resources.

Live Migration

Permits moving virtual machines from one physical host to another without service interruption.

Snapshot and Cloning

Allows creating snapshots (point-in-time copies) and cloning of virtual machines for backup and testing.

Security Isolation

Enhances security by isolating virtual machines from each other, preventing potential security breaches.

Resource Scaling

Enables dynamic adjustment of allocated resources to virtual machines based on demand.

Type 1 Hypervisor

A virtualization platform that runs directly on the hardware of a physical server without needing an OS.

Direct Hardware Access

Operates directly on the server's hardware without an additional OS layer.

Efficiency and Performance

Offer better performance and resource efficiency compared to Type 2 hypervisors.

Dedicated Virtualization Layer

Serves as a dedicated virtualization layer, managing multiple virtual machines (VMs) and providing isolation.

Hypervisor Core

A core component that manages and allocates physical resources to virtual machines.

VM Monitor (VMM)

Oversees the execution of virtual machines, ensuring independent operation and manages interactions with the hardware.

Resource Scheduler

Allocates and manages physical resources (CPU, memory, storage...).

Hypervisor API

Provides an interface for interacting with the hypervisor.

VMware ESXI

Known for performance, scalability, and extensive feature set, it’s an established enterprise-class hypervisor.

Type 2 Hypervisor

Hypervisor that requires an underlying operating system (host OS) to manage hardware resources.

Hypervisor Vulnerabilities

Vulnerabilities that, if exploited, could lead to unauthorized access, data breaches, or service disruption.

Study Notes

Hypervisors Overview

• Hypervisors, also known as Virtual Machine Monitors (VMMs), are essential to virtualization technology.
• They enable multiple operating systems to share a single hardware host.
• A hypervisor manages and allocates physical resources like CPU, memory, and storage among VMs.
• Two main types exist: Type 1 (bare-metal) and Type 2 (hosted).
• Crucial for providing Infrastructure as a Service (IaaS) in cloud computing, allowing on-demand VM deployment and management.
• Hypervisors are central to modern computing architectures, creating isolated environments and optimizing server utilization.

Role in Cloud Computing Implementations

• Hypervisors provide the virtualization layer for creating and managing VMs on physical hardware.
• Cloud providers create and manage VMs for customers on a pay-as-you-go basis using Hypervisors.
• Hypervisors abstract physical hardware, allowing multiple virtualized instances to run on a single server in IaaS.
• In PaaS, the cloud provider uses virtualization technologies, abstracting the hypervisor layer from developers.
• SaaS providers use hypervisors to manage the infrastructure supporting their services.
• Desktops are virtualized by hypervisors in Desktop as a Service so end-users have remote access.

Functions and Benefits of Hypervisors

• Resource Virtualization: Allows for the creation of virtual instances with separate operating systems by abstracting physical resources.
• Isolation: Each VM operates independently, preventing interference with other VMs.
• CPU and Memory Management: Manages the allocation of CPU and memory resources among VMs for fair and efficient utilization.
• Device Emulation: VMs can interact with hardware resources via emulated or para-virtualized devices.
• Live Migration: VMs can be moved from one physical host to another without service interruption.
• Snapshot and Cloning: Creation of snapshots or clones of VMs are allowed for backup and testing.
• Security Isolation: VMs are isolated from each other to enhance security, preventing potential security breaches.
• Resource Scaling: VM resources are dynamically adjusted according to demand.

Types of Hypervisors

Type 1: Bare-Metal Hypervisors

• Bare-metal hypervisors (Type 1) run directly on the hardware of a physical server, without needing an OS.
• Installed as the first layer of software with direct host machine resource access.
• Direct hardware access optimizes resource utilization.
• Better performance and resource efficiency versus Type 2 hypervisors as there is no underlying host OS.
• Manages multiple VMs and provides isolation between them acting as a dedicated virtualization layer.
• Security is enhanced because direct hardware control reduces the attack surface compared to systems with additional OS layers.
• Used in data centers for server consolidation allowing resource utilization on a single server.
• Prevalent in enterprise environments, cloud data centers, and scenarios where performance and scalability are critical.
• Core component manages and allocates physical resources, abstracting hardware and providing a virtualized environment.
• VM Monitor oversees the execution of VMs and manages their interactions with hardware.
• Resource Scheduler allocates and manages physical resources based on predefined policies.
• Hypervisor API allows interaction with external management tools.
• Virtual Switches manage network traffic with features like VLAN support and network isolation.
• VMware ESXi is enterprise-class, and known for performance, scalability, and extensive feature sets.
• Microsoft Hyper-V Server is designed for virtualization in Windows environments.
• KVM (Kernel-based Virtual Machine) turns the Linux kernel into a hypervisor, commonly used in open-source and cloud environments.

Type 2: Hosted Hypervisors

• Hosted hypervisors (Type 2) run on top of a host operating system.
• They rely on an underlying OS for resource management.
• Ease of installation is better than bare-metal.
• Performance overhead because host OS introduces extra layer for virtualization.
• Common in development environments prioritizing ease of use and compatibility.
• VMs can run multiple OSs on a single machine.
• The hypervisor application itself is the core component running as a software layer on the host OS.
• The Virtual Machine Manager (VMM) configures virtual machines.
• Host OS manages hardware resources and provides a platform for the hypervisor.
• A hosted hypervisor relies on its OS for resource allocation.
• Hosted hypervisors are integrated with their OS by using device drivers to communicate with hardware.
• VirtualBox is Oracle's open-source, for desktop virtualization.
• VMware Workstation is a popular hosted hypervisor designed for running multiple operating systems.
• Parallels Desktop is a Mac OS hypervisor, able to run Windows alongside Mac OS.

Security Challenges for Hypervisors

• Securing hypervisors is essential that should prevent potential vulnerabilities and ensure the integrity of systems.
• Hypervisors are software and may have vulnerabilities for attackers to exploit to gain unauthorized access.
• VM escape attacks consist of an attacker leaving the machine to gain access to others.
• Misconfiguration in VMs may lead to isolation issues where one VM accesses anothers.
• Compromised virtual machine images can introduce security risks.
• Lack of environmental scanning can make it difficult to detect and respond to security incidents.
• No security patches for hypervisor software can lead to more possible security breaches.

Improving Hypervisor Security

• Regularly apply security patches and updates to address known vulnerabilities.
• Review and configure hypervisor settings securely and disable ones not needed.
• Implement access controls to limit access of the hypervisor and its associated interfaces.
• Secure the management protocol with strong passwords and encryption.
• Install network segmentation with intrusion detection and firewall prevention.
• Use digital signatures for firmware to assure it is properly untampered with hardware updates.
• Have backup configuration that has recovery procedures for the hypervisor, VMs and critical settings.