The Hypervisor becomes important about the compute resources of a host is the ability to manage and allocate these resources effectively, either on a per-guest operating-system (OS) basis or on a per-host basis within a resource cluster.
The use of reservations, limits, and shares offers the contextual ability for an administrator to allocate the compute resources of a host.
A reservation creates a guaranteed minimum resource allocation that the host must meet with physical compute resources to allow for a guest to power on and operate.
This reservation is traditionally available for either central processing unit (CPU) or random access memory (RAM), or both, as needed. A limit creates a maximum ceiling for resource allocation.
This ceiling may be fixed, or it may be expandable, allowing for the acquisition of more compute resources through a borrowing scheme from the root resource provider (the host).
The concept of shares is used to arbitrate the issues associated with compute resource contention situations. Resource contention implies the existence of too many requests for resources based on the actual available resources currently in the system.
If resource contention takes place, share values are used to prioritize compute resource access for all guests assigned a certain number of shares.
The shares are weighed and used as a percentage against all outstanding shares assigned and in use by all powered-on guests to calculate the resources each guest is given access to
.The higher the share value assigned to the guest, the larger the percentage of the remaining resources they are given access to during the contention period.
Virtualization is the foundational technology that underlies and makes cloud computing possible.
Virtualization is based on the use of powerful host computers to provide a shared resource pool that can be managed to maximize the number of guest operating systems (OSs) running on each host.
Following are the key drivers and business cases for using virtualization:
- Sharing underlying resources to enable more efficient and agile use of hardware
- Easier management through reduced personnel resourcing and maintenance
Scalability is nothing but With virtualization, there is the ability to run multiple guest OSs (virtual machines, or VMs) and their associated applications on a single host.
The guest is an isolated software instance that is capable of running side by side with other guests on the host, taking advantage of the resource abstraction capabilities provided by the hypervisor to dynamically utilize resources from the host as needed
A hypervisor can be a piece of software, firmware, or hardware that gives the impression to the guest OSs that they are operating directly on the physical hardware of the host.
It allows multiple guest OSs to share a single host and its hardware.
The hypervisor manages requests by VMs to access the physical hardware resources of the host, abstracting it, and allowing the VM to behave as if it were an independent machine
The Type 1 hypervisor has the following characteristics:
- Is commonly known as a bare metal, embedded, or native hypervisor
- Works directly on the hardware of the host and can monitor OSs that run above the hypervisor
- Is small because its main task is sharing and managing hardware resources between different guest OSs
The Type 2 hypervisor has these characteristics
- Is installed on top of the host’s OS and supports other guest OSs running above it as VMs
- Is completely dependent on the host OS for its operations Using this architecture has risks and challenges:
- Security flaws in the hypervisor can lead to malicious software targeting individual VMs running on it or other components in the infrastructure.
- A flawed hypervisor can facilitate inter-VM attacks (also known as VM hopping) when isolation between VMs or trust levels has not been configured appropriately; that is, one tenant’s VM can peek into the data of another tenant’s VM on the same underlying host.
- Network traffic between VMs is not necessarily visible to physical network security controls, which means additional security controls may be necessary.
- Resource availability for VMs can be flawed. Individual VMs can be starved of resources. Conversely, some servers are managed on the assumption that there are tasks that can run in idle time, such as virus scanning.
- In a virtualized environment, one virtual server’s idle time is another server’s production time, so those assumptions need to be revisited.
- VMs and their disk images are simply files residing somewhere.
- This means that, for example, a stopped VM is potentially accessible on a file system by third parties if no controls are applied. Inspection of this file can circumvent any controls that the guest OS applies.RAM