The virtualization of operating systems is relatively common these days, and in this video you’ll learn about some of the requirements and techniques for running virtual operating systems on your desktop.
<< Previous Video: Windows Security SettingsNext: Physical Security Techniques >>
Virtualization technology means that we could be running multiple operating systems all on one physical computer. So I could be running Mac OS X, Windows 7. I can run Linux, and they can be all running simultaneously with their full operating systems. Even though it’s on one physical device, I’m partitioning out certain amount of memory, disk space, CPU resources to use in those individual operating systems. They’re all independent, just as if I had physical devices all sitting next to me, but instead they’re all sitting on the desktop of my computer.
There’s different kinds of operating system virtualization. One that is running on my device, on my host, is my host-based virtualization. Which means I’m running my normal operating system, and I’m simply adding other OSes that are going to run on top of my operating system. In larger environments, you’ll see standalone servers that are virtual systems. They don’t have a core operating system. Everything is running right on that enterprise level server, with a lot of memory, a lot of CPU, a lot of disk resources all running on that same device.
Virtualization itself is not something new. It’s been around since 1967. We used to virtualize the IBM mainframes. And it’s a type of technology that we’ve used and enhanced for other operating systems through the years.
Here’s an example of a virtualized operating system running on my client computer. This is a picture on my desktop. And you can see that I’m running some native the OS X applications. But I’ve also got Virtual Box running, which means I’m running Microsoft Windows inside of one of them. And I have another server down here running Linux Ubuntu. This allows me to run many different operating systems on my computer, and I can load them up and change different configurations and run different applications as if I had that native operating system running on my computer.
We’re able to do this virtualization through software called the hypervisor. You might also hear this referred to as the virtual machine manager. I’m running Virtual Box. This is my Virtual Box configuration on the screen. And it sits in the middle. It is the middle man that is able to take the physical computer that I have and allow it to use resources in each of these individual virtual machines.
Some hypervisors require that the physical CPU inside of your physical computer have virtualization technology built into it. You can check your CPU. Intel calls this VT technology, for virtualization technology. If you’re writing an AMD chip, AMD calls this AMD-V. The hypervisor then provides all of that management you need for those physical resources. It takes care of CPU, memory, disk space, network access, and everything else that bridges the gap between the physical world and the virtual one.
If we were putting together a machine to run this virtual environment, we’d want a physical machine with those CPUs I mentioned from Intel or AMD. We also have to think a lot about how much memory we’ll need for our host operating system. We of course the memory to run the operating system that we’re going to be using. But then we’ll also need additional memory for every other operating system that we plan to run at the same time.
For running Microsoft Windows, we might need 2 to 4 gig of memory. If we’re also going to run Linux at the same time, it might also require an extra couple gig of memory. So we have to add all of those up and make sure that we have all of the physical RAM inside of our computer installed and ready to go.
If you think about different operating systems running on different computers, they all are using hard drive space. You might have Windows using 20 gig on one computer. You might have Linux using 10 to 15 gig on another. If you’re bringing those all onto one physical device, then you’re going to need that much additional physical disk space for each one of those operating systems. So not only are we using a lot of RAM, we’re also going to be using a lot of disk space. So make sure that you have plenty of storage available to use for all of these different operating systems.
Since all of these virtual machines need some way to talk to the outside world, we have to configure network configurations for them as well. You can configure usually a virtual switch inside of your hypervisor where you can set up a network connection that is standalone. Maybe you’ve got the network connection where just the virtual machines talk to each other. Or maybe it’s an NATed or bridged out to the physical network, so that you can then perhaps even access the internet from each one of those virtual machines.
With virtualization, we have a new found concern with security. That’s because, since you have all of those operating systems running on one computer, that hosts now has to be very secure. Because if somebody gains access to the host, they effectively would gain access to at least parts of all those different operating systems. And if you have a failure of the hardware of that host, then of course all of those other operating systems are not going to work either.
We’re also going to be using a lot of resources on that host computer. We’ll certainly be doing a lot of disk accesses. Your CPU will constantly be running. We’re going to be using a lot of memory. And because of that, the mean time between failures is probably going to decrease. You’re going to have the potential to have a lot more outages because you’re using so much of those resources, and you’re using them all the time.
As I mentioned earlier, the hypervisor is the middle man between the physical world and the virtual one. And the bad guys know if they really want to gain access to the virtual world, than they need to find ways to get through that hypervisor. The VM escaping is a new type of security concern. Because if you can gain access to those virtual machines and then even gain access from one virtual machine to the other through the hypervisor, that’s a significant security hole. The bad guys are trying to create malware and find ways to get around and move around that operating system or multiple operating systems much easier than what they can do today. If they can take advantage of the hypervisor, that gives them a very, very useful channel.
If you think about it, a lot of the servers that we have on the internet are really just virtual machines themselves. So it makes sense that the hypervisor is such a critical point. If the bad guy can simply sit on one virtual machine and then somehow find ways to gain access or information from another virtual machine just by taking advantage of the hypervisor, that’s a significant security concern.
Of course, we still have to think about all of the security that’s running on each of those individual virtual machines. Their individual operating systems have the same security concerns we have in the physical world as well. You have to think about your Windows operating system. Is it running antivirus? Is it running anti-spyware? Does it have the firewall enabled? Those things still apply in the virtual world just as they apply in the physical world.
You also have to watch out for virtual machines which you might download from the internet. A self-contained VM may actually be something that allows bad guys to connect and then gain access to your computer. You don’t want to add a virtual machine your system that you don’t completely trust. These third party virtual machines have to be trusted, so make sure that if you’re downloading and installing a VM, that you know exactly what’s going to happen when you load that and launch it into your virtual system.