To Be or Not to Be (Inside the Hypervisor)

To keep thy drivers inside or outside the hypervisor: that is the question. Whether 'tis nobler in the mind for the VM to rely on drivers embedded in the hypervisor, or to rely on the host OS for such things?

My highjacking and mangling of one of Shakespeare’s finest works aside, the question is a valid one. Both VMware and Microsoft tout their own approaches to hypervisor design, with the former arguing that device drivers in the OS are the way to go, while the latter espouses keeping those drivers contained in the hypervisor. Both camps have arguments in their favor, but is there a superior strategy?

Microsoft Senior Program Manager Jeff Woolsey explains that Hyper-V relies on Windows Server 2008 for its device drivers. “Our approach makes the hypervisor as small as possible,” says Woolsey. “Having a small hypervisor—and a defense-in-depth strategy that ensures that the VM state machine is put in the most private part of the server—helps make our approach more secure. You wouldn’t want the most important parts of your virtual environment on the front line from a security standpoint, and our architecture avoids that.”

Windows IT Pro Technical Director Michael Otey sees advantages to both approaches. “The Hyper-V hypervisor doesn't contain any drivers—all the drivers reside in the parent partition,” he says. “VMware’s approach keeps all the drivers in the hypervisor, and all the drivers are specifically designed for virtualization and multiguest scenarios and are tested and certified in VMware’s labs. Microsoft’s approach leverages the much larger number of Windows drivers, but VMware argues that those drivers aren’t as optimized for virtualization as theirs are.”

Otey also explains that although the Hyper-V hypervisor is smaller than the ESX server, the only way admins can currently install Hyper-V is to also install Server 2008. Even when limited to just a Server Core installation, Microsoft’s total installation footprint is roughly 2GB. By way of comparison, Otey says that VMware’s ESXi hypervisor is only 32MB. “Even using ESX Server 3.5, the installation for VMware is much faster. Again, the two companies are taking different approaches: Microsoft’s position is that their solution is more secure because the hypervisor is smaller, whereas VMware points to Hyper-V’s reliance on the much larger Server 2008 install as a liability.”

If you’re using VMware ESX Server (or Hyper-V) in an enterprise environment, I’d like to hear your thoughts on the hypervisor driver discussion. Click here to comment on this article, or send me an email at jjames[at]windowsitpro.com.

Virtualization News

By Jeff James

Symantec Unveils Veritas Virtual Infrastructure

Providing storage for virtual-server environments is the focus of Veritas Virtual Infrastructure, which was announced yesterday (June 10) at the Symantec Vision 08 conference in Las Vegas. Veritas Virtual Infrastructure combines Citrix XenServer virtualization technology from Citrix Systems with Symantec's Veritas Storage Foundation. This approach allows IT pros to manage their virtual infrastructure storage with the same tools and philosophy they use to manage physical storage devices. Veritas Virtual Infrastructure provides block storage capability (including mirroring across mixed device arrays) and lets admins control block storage from a guest virtual server. It also simplifies provisioning of additional storage by providing one solution to manage both virtual servers and storage. Veritas Virtual Infrastructure should be available in the fall of 2008. For more information about Veritas Virtual Infrastructure, go to www.symantec.com.

VMware Announces ThinApp 4

Acquired by VMware in January, Thinstall produced an eponymously named application virtualization product that lets users run multiple versions of the same application on one PC. Now VMware has renamed the product to VMware ThinApp and released a new version: VMware ThinApp 4.0. Available now, ThinApp 4.0 requires no preinstalled software on either physical or virtual machines, nor does it require agents or management tools to be installed before use. According to VMware, ThinApp packages applications in familiar file compression formats such as .exe or .msi, making it easy for the virtualized applications to be deployed into an existing environment. For more information about VMware ThinApp 4.0, go to www.vmware.com. 

McAfee VirusScan Enterprise for Offline Virtual Images Announced

With the rapid growth of VMs in most enterprises, VM security is becoming an increasingly important topic to IT pros. McAfee hopes to address some of those concerns with McAfee VirusScan Enterprise for Offline Virtual Images, a new product that focuses specifically on VM security. According to McAfee, the product secures offline, inactive virtual images that are out of date or unpatched. A beta version of McAfee VirusScan Enterprise for Offline Virtual Images will be available in July, with an expected final release date in the second half of 2008. For details about McAfee’s VM security products, visit www.mcafee.com.

Virtualization Tips & Tricks:

Hyper-V Synthetic Devices

by Michael Otey

Microsoft’s Hyper-V virtualization uses an all-new hypervisor-based architecture. One of the features of  this new architecture is the way it handles devices in the VMs. Hyper-V supports two types of devices in its VMs: synthetic and emulated. Synthetic devices essentially package device requests made by VM devices and forwards them over the new VMBus, an in-memory pipeline, which in turn forwards the device requests to the physical device. You can think of the synthetic-devices concept as a packaging and forwarding mechanism between the guest VM and the physical host. Synthetic devices are supported by Windows Server 2008, Windows Server 2003, Xen-enabled Linux, and Windows Vista.

In contrast, emulated devices use host software to emulate the device, and thus use additional host processing power. Hyper-V’s vmwp.exe program performs the software device emulation. Hyper-V will use one instance of vmwp.exe per legacy VM.

To view the rest of this article, here.