Virtualization is achieved through the software known as virtual machine monitor or the hypervisor . the software is used in two ways thus forming two different structure of virtualization,namely Bare Metal Virtualization and Hosted Virtualization.

Bare-metal virtualization hypervisors: (TYPE I HYPERVISOR)

• Is deployed as a bare-metal installation (the first thing to be installed on a server as the operating system will be the hypervisor).

• The hypervisor will communicate directly with the underlying physical server hardware, manages all hardware resources and support execution of VMs.

• Hardware support is typically more limited, because the hypervisor usually has limited device drivers built into it.

• Well suited for enterprise data centers, because it usually comes with advanced features for resource management, high availability and security.

• Bare-metal virtualization hypervisors examples: VMware ESX and ESXi, Microsoft Hyper-V, Citrix Systems XenServer.

Hosted virtualization hypervisors: (TYPE II HYPERVISOR)

• The software is not installed onto the bare-metal, but instead is loaded on top of an already live operating system, so it requires you to first install an OS(Host OS).

• The Host OS integrates a hypervisor that is responsible for providing the virtual machines(VMs) with their virtual platform interface and for managing all context switching scheduling, etc.

• The hypervisor will invoke drivers or other component of the Host OS as needed.

• On the Host OS you may run Guest VMs, but you can also run native applications

• This approach provides better hardware compatibility than bare-metal virtualization, because the OS is responsible for the hardware drivers instead of the hypervisor.

• A hosted virtualization hypervisor does not have direct access to hardware and must go through the OS, which increases resource overhead and can degrade virtual machine (VM) performance.

• The latency is minimal and with today’s modern software enhancements, the hypervisor can still perform optimally.

• Common for desktops, because they allow you to run multiple OSes. These virtualization hypervisor types are also popular for developers, to maintain application compatibility on modern OSes.

• Because there are typically many services and applications running on the host OS, the hypervisor often steals resources from the VMs running on it

• The most popular hosted virtualization hypervisors are: VMware Workstation, Server, Player and Fusion; Oracle VM VirtualBox; Microsoft Virtual PC; Parallels Desktop.

• The below figure shows stucture of TYPE I and TYPE II virtualization.

Xen is an open source hypervisor program developed.

It is a microkernel hypervisor, which separates the policy from the mechanism

The Xen hypervisor implements all the mechanisms, leaving the policy to be handled by Domain 0, as shown in figure does not include any device drivers natively. It just provides a mechanism by which a guest have direct access to the physical devices. As a result, the size of the Xen hypervisor is small.

Xen provides a virtual environment located between the hardware and the OS. The core components of a Xen system are the hypervisor, kernel, and applications. The organization of the three components is important.

Like other virtualization systems, many guest run on top of the hypervisor. The guest OS, which has control ability, is called Domain 0, and the others are called Domain U. Domain 0 is a privileged guest OS of Xen.

It is first loaded when Xen boots without any file system drivers being available. Domain 0 is designed to access hardware directly and manage devices. Therefore, one of the responsibilities of Domain 0 is to allocate and map hardware resources for the guest domains (the Domain U domains).

For example, Xen is based on Linux and its security level is C2. Its management VM is named Domain 0, which has the privilege to manage other VMs implemented on the same host.

If Domain0 is compromised, the hacker can control the entire system. So, in the VM system, security policies are needed to improve the security of Domain 0.

Domain 0, behaving as a VMM, allows users to create, copy, save, read, modify, share, migrate, and roll back VMs as easily as manipulating a file, which flexibly provides tremendous benefits for users.

It also brings a series of security problems during the software life cycle and data lifetime. Traditionally, a machine’s lifetime can be envisioned as a straight line where the current state of the machine is a point that progresses monotonically as the software executes.

During this time, configuration changes are made, software is installed, and patches are applied. In such an environment, the VM state is in to a tree: At any point, execution can go into N different branches where multiple instances of a VM can exist at any point in this tree at any given time.

VMs are allowed to roll back to previous states in their execution or rerun from the same point many times.