The idea behind virtualization is to abstract underlying hardware resources from the software that uses those resources....
A hypervisor is a software tool installed on the host system to provide this layer of abstraction. Once a hypervisor is installed, OSes and applications interact with the virtualized resources abstracted by the hypervisor -- not the physical resources of the actual host computer.
There are different types of virtualization based on the level of isolation provided, known as full virtualization vs. paravirtualization.
What is full virtualization?
Virtualization is often approached as full virtualization. That is, the hypervisor provides complete abstraction, and the guest OSes don't know -- or care -- about the presence of a hypervisor. The OS doesn't communicate with the hypervisor. Each VM and its guest OS work as though they run alone on independent computers, and the OSes require no special modifications or adaptations.
But early hypervisors had a performance problem. Hypervisors rely on hardware emulation, such as a VM manager, to translate back and forth between physical and virtual resources, such as CPUs and memory spaces. This constant translation imposes a performance penalty on the host computer. In the early days of full virtualization, this performance penalty limited the practical number of VMs that a system could host and also frequently limited the types of applications that could run in a VM successfully.
Benefits of full virtualization
Full virtualization doesn't require hardware or OS assistance to virtualize system operations, which enables IT administrators to run an entirely virtualized and unchanged OS. This is because the hypervisor translates OS instructions quickly and reserves these virtualized instructions for later use. The hypervisor also enables the OS to emulate new hardware, which can improve reliability, security and productivity within a system.
Full virtualization enables admins to run applications on a completely isolated guest OS, which provides support for multiple OSes simultaneously, and efficiently combine older systems with newer ones with the help of well-organized hardware. It also reduces operating costs -- such as repairs and unwanted hardware -- associated with older systems.
Disadvantages of full virtualization
Despite virtualization's continued success, there are some drawbacks to the technology. For example, full virtualization can lead to slower runtimes compared to unvirtualized systems. This is because the underlying hypervisor requires data processing, and admins must reserve a portion of the computing power and resources of their physical servers for the hypervisor.
In addition, full virtualization relies on software to emulate hardware, which can lead to potential device-driver compatibility issues. If admins don't have a supporting device driver within the hypervisor for their hardware resources, it can cause problems when implementing new hardware developments.
What is paravirtualization?
Para means alongside or partial, and paravirtualization gained attention as one potential answer to full virtualization's performance issues. Paravirtualization seeks to bolster virtualization performance by enabling an OS to actually recognize the presence of a hypervisor. It enables the OS to communicate directly with that hypervisor to share activity that would otherwise be complex and time-consuming for the hypervisor's VM manager to handle. Commands sent from the OS to the hypervisor are dubbed hypercalls.
For paravirtualization to work, admins must modify or adapt the guest VM OSes to implement an API capable of exchanging hypercalls with the paravirtualization hypervisor. Typically, a paravirtualized hypervisor, like Xen, requires OS support and drivers built into the Linux kernel and other OSes.
Nonmodified, proprietary OSes, such as Microsoft Windows, won't run in a paravirtualized environment, although paravirtualization-aware device drivers might be available to enable a nonmodified OS to run on a Xen hypervisor. Admins must modify the OS to communicate with the hypervisor, but the applications themselves don't require any modifications.
Benefits of paravirtualization
Because paravirtualization relies on direct communication between the guest kernel and the underlying hypervisor within a given system, it can provide improved performance levels and system utilization. Paravirtualization also provides easier backups, faster migrations, improved server consolidation and reduced power consumption.
Admins that adopt paravirtualization essentially create a thin software layer, which can control virtual server traffic through a single OS that gains access to the system's physical hardware device, all while preventing access for other guest OSes. In addition, the software used for paravirtualization doesn't attempt to fully rebuild the hardware, which can significantly reduce virtualization overhead.
Disadvantages of paravirtualization
Despite paravirtualization's benefits, it does carry some criticisms. Because admins must modify the OS, it limits the appeal to major vendors such as Microsoft and, therefore, limits the number of OS options available for an enterprise.
Paravirtualization also requires a hypervisor and modified OS capable of communicating with each other through APIs. This direct communication creates a tight dependency between the OS and hypervisor, potentially resulting in version compatibility problems where a hypervisor or OS update might break the virtualization. The intentional communication could also pose possible security vulnerabilities to the system.
Another disadvantage of paravirtualization is the inability to predict performance gains. Many of paravirtualization's benefits vary depending on the workload. Essentially, the number of paravirtualization APIs and the amount of compute those APIs receive from the system determines the scale of benefits admins' workloads receive.
Full virtualization vs. paravirtualization: The verdict
The real game-changer for full virtualization was the creation of hardware virtualization extensions for modern processors, such as the Intel Virtualization Technology and Advanced Micro Devices virtualization processor command set extensions. Hardware extensions help the hypervisor tackle complex tasks at the processor level rather than through software emulation, which vastly accelerates the hypervisor and mitigates almost the entire performance penalty in full virtualization.
Combined with the benefits of full virtualization isolation and the ability to use any OS without modification, paravirtualization hasn't gained much traction in enterprise data centers. This helped full virtualization become the de facto standard for much of the industry, as opposed to paravirtualization, which is generally relegated to experimental and niche use cases.
Learn more about the Xen hypervisor
Use SUSE Linux Enterprise Server as a platform for Xen
Boost Linux VM performance on VMware
Dig Deeper on Server virtualization hypervisors and management
Related Q&A from Stephen J. Bigelow
Microsoft Hyper-V on Windows comes with advanced protection schemes, including several virtualization-based security features the company introduced ... Continue Reading
The BitLocker encryption technology continues to evolve from its roots as a Windows Vista feature to protect resources both in the local data center ... Continue Reading
Some enterprises avoid the public cloud due to its multi-tenant nature and data security concerns. Learn what data separation is and how it can keep ... Continue Reading