Virtualization: hypervisors and VMs

Virtualization matters because a virtual machine is not just 'another OS instance,' but a tool for isolation, multi-tenancy, and operational risk management.

In practice, the chapter helps you choose an isolation level and understand the price of the hypervisor: its effect on density, security, noisy-neighbor risk, and latency-sensitive workloads.

In interviews and design discussions, it gives you a clear frame for comparing VMs, dedicated servers, and containers through consequences rather than slogans.

Practical value of this chapter

Isolation boundaries

Helps select isolation level with clear impact on security and workload density.

Performance overhead

Encourages explicit accounting for virtualization cost in latency-sensitive systems.

Platform manageability

Shows where VM-based environments remain preferable for control and compatibility.

Interview comparison

Provides clear decision criteria when comparing VMs and containers.

Source

Virtualization

Definition of virtualization, types and key approaches.

Перейти на сайт

Virtualization matters not only because it packs workloads more densely onto hardware, but because it defines the real isolation layer, operational risk boundary, and the price of abstraction in modern infrastructure.

For virtual machines, the central actor is the hypervisor, which splits one physical host into several isolated environments, each with its own guest operating system. That matters for isolation, multi-tenancy, and for controlling how neighboring workloads turn into noisy-neighbor risk.

Inside VM-based platforms, it helps to distinguish full virtualization, paravirtualization, and hardware-assisted virtualization. Each model has a different cost in isolation overhead, performance, and the amount of latency it introduces into the path.

Even in cloud-native environments and alongside containerization, this layer does not disappear: container platforms often run on top of VMs, and each guest system still preserves the familiar boundary between user space and kernel space.

What kinds of virtualization exist

Hardware virtualization

Virtual machines with separate guest operating systems running above a hypervisor.

Virtualization at the OS level

Containers share one kernel but isolate processes, file systems, and network context.

Network virtualization

Virtual networks, switches, and balancers layered on top of the physical network.

Storage virtualization

Logical volumes, storage pools, and abstraction of physical disks for different workloads.

How virtual-machine virtualization works

Full virtualization

The guest OS runs unmodified while the hypervisor reproduces the hardware-facing interface.

Paravirtualization

The guest OS or its drivers are hypervisor-aware and use shorter, optimized access paths.

Hardware-accelerated

Uses processor extensions such as VT-x or AMD-V to reduce virtualization overhead.

Type 1 hypervisor

Runs directly on the physical server and manages virtual machines itself.

Type 2 hypervisor

Runs on top of a host operating system and uses its drivers and services.

In cloud environments, Type 1 hypervisors are more common, while Type 2 hypervisors are more typical on workstations.

Comparing VM virtualization approaches

Full virtualization

Guest OS: Guest operating system runs without changes.
Performance: Higher CPU and I/O overhead due to emulation paths.
Compatibility: High compatibility, including many legacy systems.
Typical usage: Labs, compatibility-heavy environments, and uncommon guest OSes.

Paravirtualization

Guest OS: Guest system or drivers are hypervisor-aware.
Performance: Faster than pure emulation due to optimized call paths.
Compatibility: Requires paravirtualized interfaces/drivers.
Typical usage: Network and disk acceleration inside VM environments.

Hardware-accelerated

Guest OS: Guest operating system usually runs unmodified.
Performance: Best production balance between isolation and speed.
Compatibility: Broad support when VT-x/AMD-V is available.
Typical usage: Cloud platforms and most VM clusters carrying real workloads.

A common production pattern is hardware-accelerated VMs paired with accelerated network and disk drivers.

Real-world examples

Full virtualization

QEMU in TCG mode (emulation without VT-x/AMD-V).
Compatibility-oriented setups in VMware Workstation and VirtualBox for older guest systems.

Chosen when compatibility matters more than maximum throughput or host density.

Paravirtualization

Xen PV (paravirtualized guests).
KVM/QEMU + virtio for paravirtualized network and block devices.
VMware VMXNET3 and PVSCSI as paravirtualized I/O drivers.

In practice, it often becomes a hybrid I/O layer on top of hardware-accelerated VMs.

Hardware-accelerated

KVM (Linux), VMware ESXi, Microsoft Hyper-V, Xen HVM.
Google Compute Engine, AWS Nitro, and Azure VM as cloud implementation examples.

Default path for production thanks to its strong balance between isolation and performance.

Multiple VMs on one host

This view makes it easier to see how one hypervisor splits CPU, memory, network, and storage across several virtual machines and where the cost of isolation shows up.

Host machine (physical server)

Physical hardware

CPURAMDiskNIC

Hypervisor layer

The hypervisor virtualizes CPU, memory, networking, and storage to create isolated virtual machines.

Virtual machines inside the host

VM 1

Guest OS
Nginx
App A

VM 2

Guest OS
API
Worker

VM 3

Guest OS
DB
Cache

Shared resources

All VMs share one host's resources while staying isolated at the guest-OS and hypervisor layers.

How a request reaches Nginx inside a VM

Even a simple HTTP request crosses several layers here: the host network card, the hypervisor's virtual switch, the guest operating system, and only then the service inside the VM.

Request path to Nginx inside the VM

Request path: internet → host → hypervisor → VM → service

External

Layer 1

ClientInternet

Host

Layer 2

NICHost network

Hypervisor

Layer 3

vSwitchvNIC mapping

Layer 4

Guest OSTCP/IP

Service

Layer 5

NginxApp

Request path

Active step

Click "Start" to walk through the request path.

Why this matters for systems design

Virtual machines provide strong isolation and a convenient way to move workloads between hosts.
Observed performance depends not only on CPU but also on network, disk, and the hypervisor's resource decisions.
Extra network and storage layers can add latency and affect how comfortably a system meets its SLA.
In many platforms, the VM still remains the real deployment unit even when containers sit on top.
Understanding virtualization helps you reason about cost, density, and noisy-neighbor risk.

Related chapters

Why foundational knowledge matters - sets the context for how hardware and OS limits shape virtualization choices.
Operating system: overview - covers the user-space/kernel-space boundary that matters when reasoning about hypervisors.
Linux: server platform - explains the host OS baseline used by most virtual-machine and cloud infrastructures.
Modern Operating Systems (short summary) - deepens scheduling, memory, and I/O concepts that shape VM efficiency.
Containerization - helps compare VM and container isolation to choose the right deployment model.
Why know Cloud Native and 12 factors - connects virtualization with cloud-native operating models and day-to-day delivery practices.
Kubernetes Fundamentals (v1.36): Architecture, Objects, and Core Practices - shows how container orchestration is typically run on top of VM infrastructure.
RAM and storage - adds memory and storage-latency constraints that strongly affect VM workloads.