Hypervisor (VMM)

What Is a Hypervisor (VMM)?  

A hypervisor is another term for a virtual monitoring machine (VMM), a device that is able to manage multiple virtual machines from a single physical location. Think of it as a single pane of glass where information from various virtual sources can be found —like CPU, memory, storage, etc. — that originate in multiple virtual machines. The VMM is often referred to as a host, while the virtual machines are referred to as guests.  

What Purpose Does a Hypervisor Serve ? 

Hypervisors are utilized for expanding and scaling virtual machine use. Basically, a hypervisor extracts a computer’s software from its hardware. Hypervisors can give a machine the resources it needs — for example the VMM can manage the schedule of CPU use for given machines. This allows multiple operating systems to run simultaneously.    

Types of Hypervisors  

Hypervisors fall into two categories, type 1 and type 2. These two types are also called bare-metal and hosted hypervisors, respectively. 

Type 1: This type runs directly on a host’s hardware, replacing a traditional operating system. This is the common type employed in enterprise data centers or server-based environments, and are more secure due to the limited attack surface, versus using a traditional operating system. 

Type 2: This type is more conventional and runs as a layer on top of the operating system as a software layer. This is utilized primarily by individual users. For example, developers may run Type 2 Hypervisor software on their Apple product, enabling them to manage virtual machines consisting of various OS’ simultaneously. 

In addition, the shift to the cloud for many organizations has created a rise in cloud hypervisors, which helps organizations migrate virtual machines to the cloud.  

What Are the Benefits of Hypervisors?  

Hypervisors are quite useful for large organizations for several reasons:  

1. Hypervisors can allow business to scale quickly by creating new virtual machines 
2. Cost-effective, as running virtual machines is cheaper than physical machines  
3. Hypervisor has built-in security features, including the ability to document a specific state and then revert to that state  
4. The ability to help organizations migrate machines to the cloud  

Understanding Hypervisor Security  

Hypervisors isolate virtual machines from each other, reducing the attack surface and limiting potential cyber risk. In addition, hypervisors contain multiple management features that have positive impacts on security, such as the ability to take snapshots, the ability to quickly destroy vulnerable systems, the ability to isolate networking components, the ability to re-deploy unhealthy systems, and more. 

However, the virtual machines themselves are connected through the hypervisor, allowing a hacker to make lateral movements if they can access the host. For this reason, security around hypervisors should not be overlooked.   

Hypervisor Security Best Practices  

• Make sure the attack surface is minimized and that hypervisors are only connected to necessary operating virtual machines  
• Use separate physical devices to run hypervisors if there is a risk a hacker could breach VM containment and access neighboring VMs 
• Make sure hypervisors are included in overall vulnerability management and that software is patched on a regular basis  
• Leverage other credential security measures, such as multi-factor authentication (MFA), and apply it to this part of the environment  
• Make sure the hypervisor is included in the organization’s overall cybersecurity architecture and that all security protocols are applied to it as well