Virtualization Study Guide

📖 Core Concepts Virtualization – technology that splits a single physical computer into multiple isolated “virtual” machines (VMs) or containers. Host – the real, physical machine that supplies CPU, memory, storage, and networking to the virtual environment. Guest – a virtual machine or container that runs its own OS / applications on the host’s resources. Hypervisor (VM monitor) – software/firmware that creates, runs, and manages VMs; it sits between the host hardware and the guests. Hardware‑Assisted Full Virtualization – uses CPU extensions (e.g., Intel VT‑x, AMD‑V) so the hypervisor can run an unmodified guest OS with minimal overhead. Paravirtualization – the guest OS is modified to call the hypervisor directly, gaining speed at the cost of portability. Hybrid Virtualization – combines full virtualization (for compatibility) with paravirtualized drivers (for performance). Desktop Virtualization – separates the user’s desktop environment from the physical device (VDI, session virtualization, thin clients). Containerization (OS‑level virtualization) – runs multiple isolated user‑space instances on a single shared kernel, giving VM‑like isolation with lower overhead. --- 📌 Must Remember Full vs. Para vs. Hybrid – Full = no guest changes; Para = guest must be ported; Hybrid = full + para drivers. Hardware extensions (VT‑x/AMD‑V) are required for hardware‑assisted full virtualization. Licensing – every guest OS still needs its own legal license, even if run on a single host. Isolation – VMs isolate at the hardware level; containers isolate at the OS‑level (share kernel). VDI delivers a complete OS over the network; session virtualization shares one OS instance among many users. --- 🔄 Key Processes Booting a VM (full virtualization) Hypervisor loads VM configuration → allocates CPU, memory, I/O → uses hardware extensions to trap privileged instructions → guest OS boots as if on real hardware. Paravirtualized I/O Guest OS issues a hypercall (instead of a privileged instruction) → hypervisor handles the request directly → reduces trap‑and‑emulate overhead. Hybrid VM setup Deploy VM with full virtualization for core OS → install paravirtualized drivers (e.g., virtio network, disk) → hypervisor uses these drivers for high‑speed I/O. Container launch Host kernel creates a new namespace and cgroup → isolates file system, network, PID space → container starts with its own rootfs but shares the kernel. VDI session start User authenticates → VDI broker assigns a VM or remote desktop session → desktop streams display and input over the network to the client device. --- 🔍 Key Comparisons Full Virtualization vs. Paravirtualization Guest OS: unmodified vs. modified → Performance: lower (more traps) vs. higher (direct hypercalls) → Compatibility: universal vs. limited to ports. VM vs. Container Kernel: separate per VM vs. shared → Overhead: high (full OS) vs. low (just user‑space) → Isolation: stronger (hardware) vs. weaker (kernel‑level). VDI vs. Session Virtualization Desktop: full OS per user vs. single OS shared → Resource use: higher vs. lower → User experience: more isolated, customizable vs. uniform. --- ⚠️ Common Misunderstandings “Containers are VMs.” – Containers share the host kernel; they are not full hardware emulations. “Paravirtualization works with any OS.” – Only OSes that have been ported to the paravirtual API can run as para guests. “Virtualization eliminates licensing costs.” – Each guest OS still requires a valid license; virtualization only changes deployment. “Hardware‑assisted means no hypervisor overhead.” – The hypervisor still schedules VMs and handles I/O; extensions only reduce the cost of privileged instruction trapping. --- 🧠 Mental Models / Intuition “Invisible Boxes” – Picture the host as a house; each VM is a locked room with its own furniture (OS, apps). Containers are open‑plan rooms sharing the same foundation (kernel). “Driver Bridge” – In hybrid virtualization, think of the para drivers as a high‑speed bridge that bypasses the congested road (full‑virt traps). “Desktop as a Cloud Service” – VDI is like streaming a movie: the heavy processing stays in the data center, your device only displays the picture and sends back clicks. --- 🚩 Exceptions & Edge Cases CPU extensions not present → Only software‑based full virtualization (slower) or paravirtualization is possible. Legacy OS without para support → Must use full virtualization; hybrid benefits unavailable. Container on Windows host → Only Windows Server containers or Linux containers via WSL2; not all Linux features are available. Licensing “Bring‑Your‑Own‑License” (BYOL) – Some vendors allow a single license to cover multiple VMs on the same host; always verify vendor policy. --- 📍 When to Use Which Full Virtualization – Need to run unmodified OSes (e.g., Windows Server, legacy Linux) or mixed‑OS environments. Paravirtualization – Targeting a single OS that offers a para API (e.g., Xen PV guests) and performance is critical. Hybrid – Deploying a standard OS but want high‑throughput I/O (e.g., databases) – use virtio or similar para drivers. Containers – Micro‑service workloads, rapid scaling, or when you need minimal resource overhead and the same kernel works for all services. VDI – Centralized management, need full desktop experience on thin clients, compliance requirements. Session Virtualization – Large numbers of users with identical workloads, limited per‑user customization. --- 👀 Patterns to Recognize “Trap‑and‑emulate” → Appears in questions about performance penalties of full virtualization. “Hypercall + para driver” → Signals a hybrid or paravirtualized solution. “Shared kernel” → Indicates container‑based isolation. “License per guest” → Red flag for cost‑analysis questions. “Thin client + network” → Points to VDI or session virtualization scenario. --- 🗂️ Exam Traps Distractor: “Containers provide the same isolation as VMs.” – Wrong: containers share the kernel, so isolation is weaker. Distractor: “Paravirtualization requires no changes to the guest OS.” – Wrong: guest must be explicitly ported. Distractor: “Hardware‑assisted virtualization eliminates the need for a hypervisor.” – Wrong: the hypervisor still orchestrates VMs; extensions just reduce overhead. Distractor: “One OS license covers unlimited VMs on the same host.” – Wrong unless the vendor explicitly permits BYOL; most licenses are per‑instance. Distractor: “VDI always uses less bandwidth than session virtualization.” – Not universally true; VDI streams a full desktop image, which can be heavier than shared session data. ---