8.02 Summarize aspects of client-side virtualization

Introduction 

Imagine your computer is like a house, and each room is dedicated to one task—like cooking, working, or relaxing. Normally, you can only use one room at a time, but what if you could magically turn each room into a complete, separate house with everything you need? That’s what virtualization does!

In this lesson, we’ll explore how virtualization allows one computer to act like many, creating separate environments for different operating systems and applications.

This technology is not just cool—it’s a practical way to solve real-world IT needs, from testing new software to helping businesses run more efficiently. By mastering these skills, you'll be able to help others create flexible, secure, and powerful computing environments. 

What are Hypervisors? 

A hypervisor is software that lets multiple operating systems (OSs) run at the same time on a single computer. Normally, one computer runs only one OS at a time. With a hypervisor, you can install and run multiple virtual machines (VMs), each with its own OS, on the same computer without interference. 

How Virtualization Works 

  • Single OS Setup: In a regular setup, a computer runs one OS, and all programs share the same OS environment. 

  • Virtualization: Thanks to advances in CPU and memory technology, most modern computers can now handle multiple OSs at once. This is called virtualization. With it, different OSs (called guest OSs) run simultaneously on one computer. 

Hypervisors and Resource Management 

The hypervisor creates a virtual environment where each OS thinks it has exclusive access to system resources like: 

  • CPU 

  • Memory 

  • Storage devices 

  • Peripherals (e.g., keyboard, mouse) 

The hypervisor emulates these resources and ensures each OS gets what it needs without conflicting with the others. The OSs also need specific drivers for the emulated hardware. 

The Host Machine is the physical computer where the hypervisor is installed.  The Guest Machines are the ‘virtual machines’ (VMs) created by the hypervisor.  The hypervisor manages and allocates the physical resources (like CPU, memory and storage) to each virtual machine (VM) as needed or assigned. 

Analogy: Think of a Library.  The host machine is the library itself—the physical building where the books are stored.  The hypervisor is the librarian that organizes and manages the books, making sure each one is in the right place and accessible when needed to be checked out.  The books can be likened to VMs.  Each book represents a different virtual machine.  Different books can be read by different people at the same time without any confusion. 

Just like the librarian ensures that each book is properly cared for, even sanitized and then placed appropriately so it can be accessed again; the hypervisor ensures that each VM runs smoothly and separately on the host machine.  This way, multiple books (VMs) can be read (run) simultaneously in the same library (host machine).  

Types of Hypervisors 

There are two main types of hypervisors, depending on how they are installed: 

1. Type 2 Hypervisor (Guest OS or Host-based) 

  • Description: A Type 2 hypervisor is installed like a regular program on an existing OS (called the host OS). 

  • Examples: VMware Workstation™, Oracle VirtualBox®, Parallels Workstation®. 

  • Requirements

    • The host OS and the hypervisor must be compatible. 

    • The computer must have enough resources to run the host OS, hypervisor, and guest OSs. 

Summary of Hypervisor Types 

  • Type 2 Hypervisor: Installed on top of a host OS, requires the computer to support both the host OS and the guest OSs. 

  • Type 1 Hypervisor: Directly installed on the computer hardware, managing resources without a host OS, and usually used in large-scale server environments. 

2. Type 1 Hypervisor (Bare Metal) 

  • Description: A Type 1 hypervisor is installed directly on the computer hardware, without the need for a host OS. This allows the hypervisor to manage hardware resources directly. 

  • Examples: VMware ESXi®, Microsoft Hyper-V®, Citrix XenServer®. 

  • Requirements

    • The hardware must meet the base system needs of the hypervisor. 

    • Additional resources are required for the number and types of guest OSs you plan to run. 

Uses for Virtualization 

Virtualization is widely used for various purposes, whether for individual desktops, development environments, servers, or applications. Below are the different ways virtualization is deployed:

Client-Side Virtualization 

Client-side virtualization is when virtualization solutions are designed to run on regular desktops or workstations. Each user interacts directly with the virtualization platform. This type of virtualization is often used for testing, development, and training. Here are its key uses: 

  • Sandboxing: Virtual machines (VMs) can create isolated environments to test or analyze potentially harmful software like viruses or malware. Since the guest OS runs separately from the main system, the malware stays contained and does not infect the researcher’s computer or network. 

  • Support for Legacy Software and OSs: If a company upgrades its computers but still needs older applications that only work on previous operating systems, virtualization can help. By installing the older OS as a VM, users can access the old software without changing the main OS. 

  • Cross-Platform Virtualization: Developers can test software across multiple operating systems or resource limitations. For example, they can test how software performs on different OSs like Windows and Linux. 

  • Training Environments: Virtual labs allow students or employees to practice using real operating systems and software without affecting the main system. At the end of training, the VM can be reset, so each new user starts with the same environment. 

Server-Side Virtualization 

Server-side virtualization is used for running server roles as virtual machines. The primary benefit is improved hardware utilization through server consolidation. Normally, physical servers are underused, with only about 10% of their resources being active. By running multiple virtual servers on one physical machine, companies can optimize resources. 

Example: A physical server could host 8 or 9 virtual servers, using the hardware more efficiently without impacting performance. 

Application Virtualization 

Application virtualization allows users to access or run applications hosted on a server, either by streaming the app or running it locally. This ensures that all users have the latest version of the software, reducing the need for updates on individual machines. 

Common Solutions

  • Citrix XenApp is a popular application virtualization solution. 

  • Microsoft App-V and VMware ThinApp are also widely used for application streaming and local processing. 

Container Virtualization 

Container virtualization is different from traditional hypervisor-based virtualization. Instead of running separate guest OSs, containerization isolates resources at the OS level, creating containers for different user instances. 

  • Key Features

    • Each container is allocated specific CPU and memory resources. 

    • Containers can run different distributions of the same OS but cannot run completely different OSs (e.g., you can’t run Windows in a RedHat Linux container). 

    • Containers are often used to run separate application processes, with all the required variables and libraries stored within the container. 

  • Example: Docker is one of the most popular container virtualization platforms, often used to create isolated environments for applications. 

  • Use Case: Containerization is widely used to set up corporate workspaces on mobile devices, allowing businesses to control the environment and apps used on employee phones. 

Summary of Virtualization Types 

  • Client-Side Virtualization: Ideal for testing, sandboxing, legacy software support, and training. 

  • Server-Side Virtualization: Optimizes hardware use by running multiple virtual servers on one physical machine. 

  • Application Virtualization: Ensures that all users access the most up-to-date applications hosted on servers. 

  • Container Virtualization: Provides isolated environments at the OS level, useful for running different app processes or OS distributions within a single system. 

 

Virtualization Resource Requirements 

When setting up a client-side virtualization workstation, it’s important to consider the specific resource requirements for both the hypervisor and the guest OSs you plan to install. Each aspect of the system—CPU, memory, storage, and networking—needs to meet the demands of virtualization. 

CPU and Virtualization Extensions 

CPU vendors like Intel and AMD have designed special instruction sets to improve virtualization performance: 

  • Intel VT-x: Intel’s virtualization technology. 

  • AMD-V: AMD’s virtualization technology. 

In addition, virtualization performance is enhanced by Second Level Address Translations (SLAT), which improves the handling of virtual memory. SLAT is implemented as: 

  • Extended Page Table (EPT) for Intel CPUs. 

  • Rapid Virtualization Indexing (RVI) for AMD CPUs. 

Analogy: In our library (host computer) the librarian (hypervisor) helped us find and maintain books (VMs).  Normally, the librarian must look through a big list (page table) to find where each book (VM) is ‘located’, which can take a lot of time.  

Now, let’s add a card catalog (SLAT) to the library.  The card catalog keeps track of where the most popular books are located, so the librarian can find them much faster without searching through the entire list every time. 

In technical terms: 

  • Without SLAT: the hypervisor must manage memory addresses manually, which can slow things down. 

  • With SLAT: the processor helps by keeping a quick reference of memory addresses, making the process much faster and more efficient. 

 

SLAT helps improve performance by reducing the overhead of memory management. 

Important Notes

  • Many virtualization platforms require CPU virtualization support to be enabled. While it’s not always mandatory, the performance will suffer without hardware-assisted virtualization. 

  • Not all CPUs, especially budget models, include these features, and they may also be disabled in system firmware. Ensure the system's Intel VT-x or AMD-V and SLAT are enabled before starting virtualization. 

  • Multiple CPU resources (like multi-core processors or HyperThreading) will improve performance, especially when running multiple virtual machines (VMs) simultaneously. 

64-bit vs. 32-bit Compatibility

  • A 64-bit hypervisor can support both 32-bit and 64-bit guest OSs

  • A 32-bit hypervisor will not support 64-bit guest OSs

System Memory (RAM) 

Each guest OS requires memory in addition to what the host OS and hypervisor need. For example: 

  • Windows 10 requires a minimum of 2 GB of RAM

  • To run Windows 10 as a guest OS, the system must have at least 4 GB RAM (2 GB for the host, 2 GB for the guest).

If you are running multiple guest OSs, you’ll need to allocate additional memory for each one. Performance may vary depending on the use case: 

  • For development or testing, performance may not be critical, allowing for lower memory specifications. 

  • For multiple concurrent VMs, memory demands increase quickly, so having enough RAM is essential. 

Mass Storage 

Each guest OS requires disk space. VMs store their hard drives as image files on the host system. 

  • Dynamically Expanding Image Format: Many hypervisors use this type of storage, which only takes up space as the guest OS adds files. 

  • A typical Windows installation might require around 20 GB of storage. 

  • Additional space is needed for snapshots, which allow you to save the VM’s state and roll back changes if necessary. 

In enterprise environments, local disk storage limits can be bypassed by using a Storage Area Network (SAN) for storing VM disk images, which offers higher speeds and greater capacity. 

Networking 

Hypervisors allow you to create a virtual network environment where VMs can communicate with each other and the host: 

  • VMs on the same host can share a network with the host itself. 

  • Advanced enterprise virtual platforms allow you to configure virtual switches and routers for more complex networking setups. 

These virtual networking features enable efficient communication between VMs and across different hosts within the network. 

Summary of Resource Requirements 

  • CPU: Ensure the processor supports Intel VT-x or AMD-V and SLAT for optimal virtualization performance. 

  • Memory: Allocate sufficient RAM for both the host OS and guest OSs, adjusting for multiple VMs. 

  • Storage: Ensure ample disk space for VM image files, especially if using snapshots

  • Networking: Set up virtual networking to allow communication between VMs and the host system. 

Virtualization Security Requirements 

When deploying a virtualization solution, security is a key concern, as both the guest OSs and the host system can be vulnerable to various threats. Below are the main security requirements and challenges. 

Guest OS Security 

Each guest OS in a virtualized environment must be protected just like any physical OS. This means: 

  • Patching: Regular updates and patches are necessary to protect against malware and other vulnerabilities. However, patching each VM individually can strain system performance. To address this, many environments use a template image that is patched, tested, and then deployed across the production environment. 

  • Security Software: Running antivirus and intrusion prevention software on each guest OS can slow down performance. Specialized virtualization-specific security solutions are available that run these applications through the host or hypervisor to reduce the performance impact. 

  • Antivirus Limitations: Standard antivirus software installed on the host will not detect viruses affecting the guest OS. Scanning guest OS virtual disks from the host can severely impact performance. 

  • Rogue VMs and VM Sprawl: Unauthorized VMs, or rogue VMs, are a serious security risk. The uncontrolled deployment of many VMs, known as VM sprawl, can make it difficult to maintain security. System management software can help detect unauthorized VM builds, but strict management procedures are needed to monitor and control the deployment of machine images.

  • Image Security: Machine images used to create VMs must be stored in secure environments. If these images are tampered with, malicious code, such as backdoors or logic bombs, could be inserted by rogue developers or contractors. VMs should only include the necessary services to minimize vulnerabilities. 

Host Security 

The host machine is a critical point in a virtualized environment because it supports multiple guest OSs. If the host system fails, such as losing power, all guest VMs running on it will go offline. Ensuring the host’s security and availability is essential to prevent a widespread outage. 

Hypervisor Security 

In addition to securing the guest OSs and the host, the hypervisor itself must be protected from vulnerabilities: 

  • VM Escaping: One of the biggest risks is VM escaping, where malware on one guest OS can "escape" and infect another guest or the host system. Keeping the hypervisor software updated with security patches is vital to prevent these types of exploits. 

  • Patch Management: Like any other software, the hypervisor must be regularly patched to address security vulnerabilities. Delays in applying critical patches could leave the entire virtual environment at risk. 

Summary of Security Requirements 

  • Guest OS Security: Regular patching, virtualization-specific security solutions, and strict controls on VM deployment are necessary to prevent unauthorized VMs and malware. 

  • Host Security: The host machine must be secure, as it represents a single point of failure for multiple VMs. 

  • Hypervisor Security: Keeping the hypervisor updated and monitoring for vulnerabilities like VM escaping are essential to protecting the virtual environment. 

By addressing these security concerns, organizations can deploy virtual environments with confidence, ensuring both performance and safety for their applications and data. 

Summary 

Virtualization offers a powerful way to run multiple operating systems and applications on a single machine, providing flexibility, efficiency, and cost savings. As you explore the various aspects of client-side virtualization, from hypervisors to resource requirements, remember that virtualization helps in testing, development, and even legacy software support.

By mastering these concepts, you'll be equipped to create secure, efficient environments that meet real-world needs. Whether you're troubleshooting, setting up virtual labs, or optimizing server usage, virtualization can enhance your ability to solve problems and help others implement practical solutions effectively. Keep learning, and you'll continue to unlock its full potential!