While looking around the web for anything new with virtualization, I kept seeing more and more posts and articles about the new type of virtual hypervisor. Type 0, now this sounds interesting and I found these definitions for each type of hypervisor.
Type 2
Type-2 hypervisors are computer emulation applications that run on general purpose operating systems. A Type-2 hypervisor allows users to run multiple operating systems (OSs) simultaneously on a single platform. For example, a Windows 7™ user can install a hypervisor application like VMware Workstation™, to run a Windows XP™ guest OS on top of their Windows 7 host OS. As an application the Type-2 hypervisor is subject to performance, security, and reliability penalties. The hosted hypervisor incurs performance hits because it competes with other user applications like web browsers and e-mail clients for system resources. Type-2 hypervisors are weak in reliability and security because they inherit the vulnerabilities of the user controlled host operating system.
Type 1
Type-1 hypervisors are computer emulation software tightly integrated with embedded OSs that run transparent to the end-user. Type-1 hypervisors gain a significant performance improvement over Type-2 hypervisors because they are “Self-Hosted” with embedded OSs that are optimized for virtualization. Type-1 hypervisors significantly reduce the attack-surface over Type-2 hypervisors by limiting access to the hypervisor to only system administrators, preventing end-users and user applications from tampering with the hypervisor. Additionally Type-1 hypervisor vendors control all the software that comprise the hypervisor package including the virtualization functions and OS functions, like devices drivers and I/O stacks. Control over the software package prevents malicious software from being introduced into the hypervisor foundation. The limited access and strong control over the embedded OS greatly increase the reliability of Type-1 hypervisors.
Type 0
Type 0is based on an architecture that allows for higher levels of performance, reliability, and security over Type-1 hypervisors. Type Zero hypervisor is built with the minimum software components required to fully virtualize guest OSs and control information flow between guest OSs. The Type 0architecture removes the need for an embedded host OS to support virtualization, allowing the hypervisor to run in an “Un-Hosted” environment. This drastically differs from Type-1 monolithic architectures where the hypervisor is integrated into a host OS, or Type-1 microkernel architectures where the hypervisor is controlled and assisted by a root or parent operating system.”
vSphere
I agree with the definition of type 2 and not so much for the rest and I will tell you why.
“Type-1 hypervisors significantly reduce the attack-surface over Type-2 hypervisors by limiting access to the hypervisor to only system administrators, preventing end-users and user applications from tampering with the hypervisor.”
Last I checked there is nodirect access to the hypervisor, there are APIs for management calls that can be made to the hypervisor but there is no direct access to the hypervisors for users or administrators. Most people maybe confusing a management layer with direct access to a hypervisor. There is no direct access to a hypervisor via any modern management construct, however there was in the past such as VMware ESX 1.5 and 2.x versions (which are no longer in use).
“The limited access and strong control over the embedded OS greatly increase the reliability of Type-1 hypervisors.”
VMware vSphere is what I would consider a Type 1 Hypervisor, however there is no embedded OS in VMware ESXi. If you are connecting to VMware ESXi, you are connecting to an independent agent that is running directory on the VMkernel. This may give the appearance of connecting to the hypervisor itself but that is truly not the case.
” The Type Zero architecture removes the need for an embedded host OS to support virtualization, allowing the hypervisor to run in an “Un-Hosted” environment. This drastically differs from Type-1 monolithic architectures where the hypervisor is integrated into a host OS, or Type-1 microkernel architectures where the hypervisor is controlled and assisted by a root or parent operating system.”
This next statement is so far off the mark I have to wonder, who really comes up with some of this stuff? As was mentioned in VMware ESXi there is no host OS but there is a microkernel running below all management constructs, so I must ask how is this a monolithic architecture? All API calls are done via the independent agents that run on top of the VMkernel or the hypervisor.
Perhaps vSphere is really a Type 0 hypervisor?
Xen, Hyper-V
Now looking at a couple of other types of hypervisors like Xen and Hyper-V there is a primary partition or primary domain. This embedded OS does all the relays for device drivers and I/O stacks with the only real flaw is if something happens to the primary partition, the entire system can crash.
Other Thoughts
So here are my thoughts on the types of hypervisors available today. I do not think there any more discussion or debate on Type 2 hypervisors, so we will leave that alone. I mentioned earlier that I consider VMware ESXi to be the true Type 1 hypervisor, based on the way vSphere loads and runs its vmkernel, virtual machines, and management constructs. Xen, KVM, and Hyper-V, I would consider a Type 1.5 based on the fact that all IO still travels through the parent domain or partition in order to reach external devices. There are two distinct architectures when creating hypervisors, the VMware architecture where the management construct is not involved in any form of IO transport or the Hyper-V/Xen Architecture where there is a parent partition or domain that manages IO.
There are merits to each architecture, so we want to make a distinction of the difference between the different hypervisors and to declare there is no real Type 0 hypervisor available today as there needs to be much more happening within the hardware to make this occur, how do devices interact with each VM? In a Type 0, we would think it would be handled by the hardware and not much more than a shim of a hypervisor.
It seems Marketing is working to define a new technology that is really not that new. If you still do not believe me you can go check for yourself on Wikipedia.
Hi Steve,
> Type-2 hypervisors are computer emulation applications that run on general purpose operating systems.
Why do you agree with this definition? A type-2 hypervisor is does *not* emulate a computer. An emulator allows you to run, for examle, ARM code on an x86 CPU. A type-2 hypervisor doesn’t.
> The Type 0architecture removes the need for an embedded host OS to support virtualization, allowing the
> hypervisor to run in an “Un-Hosted” environment.
So the “type-0” hypervisor effectively *is* the operating system. But that’s already the case for type-1 hypervisors, so where’s the difference?
> This drastically differs from Type-1 monolithic architectures […] where the hypervisor is integrated into a
> host OS
A type-1 hypervisor isn’t embedded into an OS, it *is* the OS.
> or Type-1 microkernel architectures where the hypervisor is controlled and assisted by a root or parent
> operating system
A hypervisor that’s controlled by a root or parent OS (whatever that means) is not type-1. Again: A type-1 hypervisor is the OS.
> VMware vSphere is what I would consider a Type 1 Hypervisor, however there is no embedded
> OS in VMware ESXi.
ESXi is the OS.
I don’t know about type-0 hypervisors, never came across the term. The definition I know: type-2 runs on top of an OS, type-1 runs directly on the hardware.
According to this definition Xen, KVM, and Hyper-V are type-1 hypervisors.
> It seems Marketing is working to define a new technology that is really not that new.
Agree.
/Mario
I’m not sure that there’s any need to deviate from the definitions that Goldberg described in his 1973 paper Architectural Principles for Virtual Computer System > http://www.dtic.mil/cgi-bin/GetTRDoc?AD=AD772809&Location=U2&doc=GetTRDoc.pdf (Page 22 for the directly relevant stuff).
Stick with that and there’s no need for anything other than type I and type II.
About the only fresh term that I’d consider introducing into the conversation would be separation kernel, but even that might reasonably be described as a particularly small and secure type I hypervisor, a “microvisor” perhaps.
Simon
I’d agree with Simon. There are two types of hypervisor – type I & type II.
I–The VMM runs on bare machine
II–The VMM runs on an extended host under the host operatinq system.
I’ve come across a couple of “type 0” hypervisor either in claims of the hypervisor component running on-chip.. (as you mention) and more often from zInstall in trying to differentiate their Zirtu client hypervisor product from the likes of existing players like Citrix’s XenClient (Type I), MokaFive’s (Type I & Type II) or Virtual Bridges LEAF (Type I), Microsoft’s Virtual PC (Type II).
Like Simon, I think arguing the semantics of whether there is a ‘type 0’ gains little from discussing whether there a type 1.5 exists outside of opinion.
The arena that a “if you are going to run a hypervisor, which should it be?” conversation is (I think) not a server virtualisation question – it is going to be focused on desktop application delivery as organisations look to move from “legacy” environments (increasingly we’re told this is XP) to and beyond Windows 7. Come 2014 there will be a lot of business critical applications running on an OS that may or may not be supported on new hardware. How are businesses going to maintain that application environment? Virtualisation is likely the better answer than “hope for the best”
That said, will Intel & AMD strive to put the “virtualisation” layer in hardware? In a software defined data centre is the hypervisor layer such a commodity, that it can be seen to be irrelevant?
Type 1 or type 0? Lets argue symantical context? Even PXE, or EFI, for that matter is a variant of an OS focused on a specific target or task, in that sense, yes, vSphere ESXi would be I would say a solid candidate for type 0 classification as given above. But does it matter? Microsoft swears Hyper-V is a type 1 hybrid of not really a type 1 because of the stack/load sequence? Which I disagree, any hypervisor that provides relatively generic console, that is based on or leverages much of what a typical generic purpose OS provides, is by classification a type 2, KVM on RHEL, Hyper-V on Windows (well Windows core, debate would at least be quasi acceptable). RHEV and maybe to an extent Xen, are type 2 if not quasi type 1 like, given the JeOS (Just Enough OS) approach. But from a enterprise security perspective, only ESXi is closest to what I would call a true type 1 hypervisor. That being said, if you look behind the green curtain, what do you see, some the original Linux hertiage of ESX still exists in ESXi, say the driver design model? Some of the process architecture, etc. So then we are back to the symantics again, no?
Hello,
Definitions are always about semantics I believe. What it boils down to is: a type 1 hypervisor is the OS, where a type 2 runs ON an OS, and a a type 0 would run in hardware.
Best regards,
Edward Haletky