Security for virtualization is important because if somebody
gains access to the host, they effectively would gain access to
at least parts of all those different operating systems. And if
you have a failure of the hardware of that host, then of course
all of those other operating systems are not going to work either.
Main security threat in virtualization is to the hypervisor.
The VM escaping is a new type of security concern. Because if you
can gain access to those virtual machines and then even gain access
from one virtual machine to the other through the hypervisor, that's
a significant security hole. The bad guys are trying to create malware
and find ways to get around and move around that operating system
or multiple operating systems much easier than what they can do
today. If they can take advantage of the hypervisor, that gives
them a very, very useful channel. Both physical and digital security
methods are used to ensure security in virtualization
While it is possible to do desktop virtualization on a computer
without an internet connection there are several reasons for which
having internet connection is an advantage. First hypervisors can
be obtained from internet, and updates to hypervisors, host operating
system, guest operating system are easily available on internet.
Furthermore, if you create a virtual machine to test an operating
system or other software for use in a normal environment, then you
certainly should include testing how it works on a network. Therefore,
the hypervisors we use simulate a network card within each virtual
machine, as well as a network on the host, so that multiple virtual
machines can communicate with each other and the underlying host.
Then, through a virtual connection to the host computer's physical
network adapter, each VM has access to an external network, and
through that to the Internet, if available. Of course, you can turn
off these and other features for a VM, if you desire.
To do desktop or server virtualization, you first need a hypervisor.
A hypervisor, also called a virtual machine monitor (VMM), is the
software that creates a virtual machine, providing access to the
necessary hardware on the host machine in isolation from other virtual
machines and the host operating system, if present. This allows
multiple operating systems to run simultaneously on a single physical
computer, such as a network server or desktop computer. A hypervisor
must create a virtual CPU compatible with that of the underlying
machine-mainly either an Intel or an AMD CPU. This means that the
installed OS must be capable of installing directly on the underlying
computer. Also, today's hypervisors require, or at least work best
on, computers with Hardware-Assisted Virtualization (HAV) features,
either Intel Virtualization Technology for x86 (Intel VT-x) or AMD
Virtualization (AMD-V). HAV supports and improves the performance
of virtual machines on the host. Both Intel and AMD CPUs have supported
HAV since 2006.