Client-side virtualization provides a way to run many different operating systems on the same desktop. In this video, you’ll learn about the resource requirements and network configurations for client-side virtualization.
With virtualization, you might have one physical computer, but you’re running many different operating systems at the same time on that same computer. Each one of those virtualized operating systems has its own set of resources. So each VM is going to have its own CPU, its own memory, its own storage and all of those systems work independently of each other.
With host-based virtualization, you’re running one operating system as your normal desktop and then running other operating systems on top of that desktop. In an enterprise, it’s common to have one single large computer that’s running many different virtual machines inside of it.
Interestingly enough, this is not a new technology in computing. This is a type of technology that we’ve had since the 1960s, where we provided virtualization on IBM mainframes.
Here’s an example of a host-based virtual system. This is a Mac OS desktop and there is a Mac OS browser that’s running in one window. We have Linux Ubuntu running in another window, and a third operating system, Microsoft Windows, running in yet another window, all on this virtualized system.
The software that manages all of these virtual systems that are running and keeps all of these resources separate is the hypervisor. You might hear this also referred to as the Virtual Machine Manager. If you’re planning to do any virtualization on your desktop, you’ll probably want to get a hypervisor that’s able to take advantage of virtualization in the CPU.
Some hypervisors will allow you to virtualize systems even if you don’t have this hardware in your CPU. But if your CPU supports it, you’ll have better performance on a CPU that supports this virtualization.
The hypervisor is really in charge of everything associated with that virtual machine. The CPU, your networking, your storage, the security, and any other aspect of that virtual machine is going to be managed by the hypervisor.
If you’re planning to do virtualization on your desktop, the types of CPUs you should look for are virtualization technologies, or VT CPUs from Intel, or you want an AMD CPU that supports AMD-V.
If you’re running many different operating systems on the same computer, then you’ll need to make sure you have enough memory to support all of those operating systems running simultaneously. Running two separate operating systems on the same piece of hardware requires that you have enough memory to be able to run those two systems independently.
These different operating systems also require plenty of storage, so you want to make sure you have plenty of drive space to be able to store all of these separate systems. And of course, that virtual machine will need some type of network connection and it’s common to configure connections as a standalone virtual machine. Maybe your performing network address translation to your existing network, or maybe it’s bridged and looks like any other system that might be on your local network.
More advanced virtualization systems even allow you to create virtual switches and have separate VLANs configured for the different virtual machines running on your desktop. If you’re virtualizing an operating system, that means you’re running that operating system on the same platform that that operating system was originally designed for.
This means if you’re running Mac OS on an Intel platform, you would be virtualizing Windows, which is also designed to go on an Intel platform. If you’re running an emulator, that means that you’re running software that was designed for a completely different hardware platform. One device is effectively pretending to be another. You’re still using the original code from that existing system, but you’re running software that emulates that code on a brand new piece of hardware.
As you might imagine, this translation process that occurs with emulation is generally slower than if you were running on the native hardware itself. And although this isn’t easy to do, the simulation does allow you to run software on your system that normally you would not be able to.
We mentioned earlier that the hypervisor is that central management point for all of your virtual machines. This makes it a very attractive target for someone who might want to take advantage of a security flaw. If you can control the hypervisor, you can effectively control all of the virtual machines, as well.
One type of security vulnerability associated with hypervisors is virtual machine escaping. Malware would be loaded on one virtual machine. It will recognize that it was on a virtual machine and take advantage of a vulnerability in the hypervisor, effectively hopping through the hypervisor to get to one of the other virtual machines.
This can be especially dangerous in shared environments where there are different customers using the same hypervisor. You would effectively be able to start your own server and then escape your server to gain access to someone else’s data.
Fortunately, this type of vulnerability is extremely rare and in cases where there have been vulnerabilities associated with this, the manufacturers of the hypervisor have provided patches very quickly to resolve these types of problems.
Of course, we also have to think about security on the virtual machine itself. Each one of these virtual machines is a self-contained operating system and we need to provide the same controls and security to that device as we do a physical operating system. This means that we would install security controls that we would put on any other system, such as anti-malware or host-based firewall.
You also have to watch for attackers that are trying to install their own virtual machine on your desktop. And you have to be very careful about the virtual machines that you might download and run from the internet. Should always make sure you’re running trusted virtual machines on your system.
There are many different ways to configure the networking settings for the virtual machines that are running on your desktop. One type of network configuration is a shared network address. This means that the virtual machine that is talking out to the network is using the same IP address as your physical host. It uses network address translation to be able to translate between an internal address and the external address that is shared by your physical computer.
If you want each virtual machine to have its own IP address that is on your local network, then you may want to configure bridged network addressing. This means that every virtual machine can use DHCP to be able to obtain an IP address from your local DHCP server, or you can configure manual IP addressing on each individual virtual machine.
And if you don’t want any of your virtual machines to communicate on your local network and beyond, you can configure the VM to use private addressing and then it will only be able to communicate to other virtual machines that are on that private network.