4.2 Summarize aspects of clientside virtualization Flashcards
What does virutalization do?
Use software to separate environments from each other & the hardware
Software environments like the OS, drivers, & applications
How do computes run multiple OSs simultaneously?
Through virtualiztation, using a hypervisor
What is a hypervisor?
Software that allows multiple OSs to run simultaneously on a computer
These OSs would be called guest OSs or virtual machines
How does a hypervisor prevent conflicts between guest OSs/VMs?
By emulating resources & managing hardware access
Emulating resources like CPU, memory, & storage
What do VMs/guest OSs require for emulated hardware components?
Drivers
What limitation might a hypervisor have?
The types of guest OSs it can support
2 ways to implement a hypervisor?
- Guest OS (Type 2)
- Bare Metal (Type 1)
How is a Guest OS (Type 2) hypervisor implemented?
Examples of Type 2 hypervisors include, VMware Workstation, Oracle VirtualBox, & Parallels Workstation
Installed onto a host OS
What resources are needed for a Type 2 hypervisor?
- Host OS
- Hypervisor
- Guest OS(s)
How is a Bare Metal (Type 1) hypervisor implemented?
Examples of Type 1 hypervisors include VMware ESXi, Microsoft Hyper-V, & Critix XenServer
Installed directly on the computer without a host OS
What resources are needed for a Type 1 hypervisor?
- Hypervisor
- Guest OS(s)
What does client-side virtualization refer to?
Virtualization solutions that run on regular desktops/workstations
Its often used for sandbox, legacy software support, cross-platform virtualization, & training
What are 4 uses of client-side virtualization?
- Sandbox
- Test development
- Legacy software/OS
- Cross-platform virtualization
What is a sandbox used for in client-side virtualizatin?
To create an isolated environment to analyze malware
i.e. viruses, worms, & trojans.
As the malware is contained within the guest OS, it can’t infect the researchers computer or network
How does client-side virtualization support legacy software?
By running old OS & software on a VM when the host is upgraded
What is cross-platform virtualization used for?
Testing software under different OSs &/or resource constraints
What is does server-side virtualization refer to?
Running a server role as a VM
Main benefit of server-side virtualization for servers & apps?
Improves hardware utilization by consolidating servers
This means that multiple virtual servers can run on a single physical server, allowing for more efficient use of hardware resources and reducing the need for multiple physical servers.
How many virtual servers can usually be run on a server without losing performance?
8-9 additional virtual servers
This is because the typical resource utilization of a hardware servier is about 10%, implying that a server computercould be packed with 8-9 server software instances while retaining the same performance
What does application virtualization allow clients to do?
Access/stream apps from a server
This ensures the app is always updated
Examples of application virtualization solutions include Citrix XenApp, Microsoft App-V, & VMware ThinApp
Main benefit of application virtualization for programmers & admins?
It ensures the app is always updated with the latest code
Are hypervisors used in container virtualization?
No
Where are resources isolated in container virtualization?
At the OS level
Rather than at the hypervisor level (since hypervisors aren’t used)
What resources is allocated to each container in container virtualization?
CPU & memory resources
All processes run through the native OS kernel
Can containers run guest OSs of different types?
(in container virtualization)
No
i.e. you can’t run Windows or Ubuntu in a RedHat Linux container)
Can containers run different OS distributions?
(in container virtualization)
Yes
This means that containers can use different versions of the same OS
What can containers run besides different OS distributions?
(in container virtualization)
Separate application processes with their required variables & libraries
For example, you could have one container running a web server application and another container running a database application, each with their own specific settings and dependencies. It’s like packaging an app along with everything it needs to run independently within its own container. This isolation ensures that the application runs consistently across different environments without affecting other applications running on the same system
What is a well-known container virtuliazation product?
Docker
What is conternization used for in mobile devices?
To implement corporate workspaces
How do containers differ from VMs?
Virtualizing the OS & offering lightweight application isolation
VMs virtualize the hardware, creating a full virtual copy of a physical machine with its own OS. This allows running multiple VMs on a single physical machine, each with its own OS & apps. VMs are isolated from each other & provide strong security bounderies.
Containers virtualize the OS, allowing multiple containers to run on a single OS instance. Containers share the host OS kernel but are isolated from each other at the application level. They’re lightweight, start quickly, & consume fewer resources compared to VMs
What is Intel’s technology for virtualization called?
VT-x (Virtualization Technology)
What is AMDs technology for virtualization called?
AMD-V
Why is Second Level Address Translations (SLAT) important?
It improves virtual memory performance with multiple VMs
What is Intel’s implementation of SLAT called?
SLAT = Second level Address Translations
EPT (Extended Page Table)
What is AMD’s implementation of SLAT called?
SLAT = Second level Address Translations
RVI (Rapid Virtualization Indexing)
What must be enabled in the CPU for optimal virtualization performance?
Virtualization support (Intel VT-x or AMD-V) & SLAT
SLAT = Second level Address Translations
What to check when choosing a computer for virtualization?
ensure CPU supports Intel VT-x or AMD-V & SLAT
Also ensure that they’re enabled
How do multiple CPU resources benefit virtualization?
Whether it be through multiple physical processors, multi-core, or Hyperthreading
They greatly improve performance
Especiall when running more than 1 guest OS concurrently
In virtualization, what’s required for each guest OS’s memory?
Sufficient memory beyond what the host OS/hypervisor requires
i.e. if Windows 10 needs atleast 2GB of memory, the virtualization workstation must have atleast 4GB RAM to run the host OS & 1 Windows 10 guest OS. Running multiple guest OSs will quickly increase memory demands. For development & testing, you might get by with less memory since performance is less critical
How is a VM’s “hard disk” stored on the host?
As an image file
in an enterprise environment, disk images can be stored in a SAN
what format do most hypervisors use for VM disk images?
A dynamically expanding image format
It grows as files are added to the guest OS
Why is more disk space needed for VM snapshots?
To save & roll back the VM to a previous state
What kind of network can hypervisors create?
Virtual network where VMs communicate with each other & the host
This type of network can also connect VMs on different hosts
In enterprise environments, you can configure virtual switches & routers for more complext networking
What’s a common solution for patching VMs in most environments?
Patching & testing a new template image, then deploying it
A template image is a pre-configured virtual machine image used as a baseline for creating new instances in a virtualized environment. It includes the necessary operating system, software, configurations, and settings for a specific use case. Updating a master VM template with patches and security updates, testing it, and deploying new instances is a common solution for patching VMs in many environments.
What are virtualization-specific security solutions?
Security apps that run through the host or hypervisor
VMware NSX is an example of a virtualization-specific security solution. VMware NSX is a network virtualization and security platform that offers micro-segmentation to secure traffic between virtual machines. It enables organizations to create application-based security policies and isolate workloads to prevent threat lateral movement.
Why wont host antivirus software detect viruses in a guest OS?
It doesnt scan the virtual disks of the guest OS
If the virtual disks of a guest OS are scanned, it can cause serious performance problems
What is the major security concern with VM template images?
The creation of unathorized VMs, known as rogue VMs
Management procedures for developing and deploying VM images need to be strict and monitored. When being developed, VMs should conform to an application-specific template with minimum configuration needed
What is VM sprawl?
The uncontrolled deployment of more & more VMs
How can rogue VMs be detected?
via system management software
Why should VM images be developed & stored securely?
To avoid malware insertion
Why is the host a security vulnerabilty in a virtual platform?
It acts as a single point of failure
i.e. if the host fails or loses power, all guest OSs & their services will go offline
What must be monitored for security vulnerabilities besides the guest OS and host machine?
Hypervisor
What is virtual machine escaping?
Malware on a guest OS jumping to another guest or the host
The hypervisor can be protected from security vulnerabilities by keeping it up to date with patches for critical vulnerabilities
