Full instance of an OS. Microsoft's Hyper-V and, arguably, VMware ESX use the first approach, which essentially involves a "full" instance of an operating system to handle management tasks. With Hyper-V, that partition exists as an instance of Windows Server 2008. With ESX, that management partition exists as a modified form of Red Hat Linux.
These partitions benefit from functionality within an OS itself. With ESX, you can manage a server with many of the common commands used to manage a Red Hat Linux distribution. You can manage Hyper-V with Windows Server as well.
These partitions also provide extensibility for add-on technologies. If your corporate security rules require anti-malware systems to be installed on every server, for example, you'll need that server's partition as a location where that software can be installed. The same holds true for third-party virtualization products that require on-board agents. Without an operating system, there's no place to store an agent.
Minimal OS partitions. A good example of this second kind of partition is VMware's ESXi, although Microsoft's Hyper-V Server -- which runs on top of Windows Server Core -- also falls into this group. With this kind of architecture, the partition is an extremely limited and proprietary interface. If you've ever powered on a server running ESXi, you're familiar with its exceptionally lightweight interface. Using ESXi's management partition, you can change passwords and networking settings, but not really much else. With Hyper-V Server, you can install some software, but the OS innards simply aren't there for many software packages to correctly deploy.
The second method gives the appearance of simplicity; it is easy to manage a hypervisor when there is only a handful of settings to configure. But minimal OS partitions add risk to virtualization environments as well, such as the inability to install and run other products that could make administration easier or more effective.
The industry features several disagreements regarding the trustworthiness of these two models. ESXi's nearly zero-management partition indeed eliminates the potential for many kinds of external attacks. If there is no traditional OS on a virtual host, there are no vectors for attack. At the same time, with no traditional OS, the hypervisor's vendor maintains a complete stranglehold on external product's interaction with that hypervisor.
On the other hand, the full-OS route has its share of attack vectors. While ESX's management partition is technically a modified version of Red Hat Enterprise Linux Version 3, Secunia.org reports that between 2004 and 2009, 1,286 vulnerabilities have been found in the operating system, or an average of 214 per year. While only on the market since mid-2008, Microsoft Windows Server 2008 has been on the market for part of 2008 and 2009, but some 69 vulnerabilities have been found, or approximately 34 per year.
In effect, any additional functionality in a system adds exposure to attack. This is why virtualization vendors such as VMware and Microsoft have both created comprehensive patching products for updating their operating systems and related services.
In the debate over which management partition is more useful or less prone to attack, you can argue that they're all about the same. Each requires some element of functionality, enabled through its management partition, and that partition is one area of risk in each. It's up to the administrator to decide how best to manage that risk.
 |
|
|
|
|
|
This was first published in August 2009