What are Hypervisors?
2 Types of Hypervisors
- Type-1: native or bare metal hypervisor.
- hypervisor runs directly on the host's hardware. I.e. they are the first thing that boots on the hardware, before an OS is up and running.
- e.g. XEN, Hyper-V (Windows; used by WSL), VMware ESXi (renamed from ESX; i for integrated)
- Type-2: hosted hypervisor.
- hypervisor runs on a conventional operating system, a guest operating system runs as a process on the host.
- e.g. VMware Workstation, VirtualBox, QEMU.
KVM can be considered as both Type-1 and Type-2.
The most popular Hypervisors
- KVM: part of Linux and uses the regular Linux scheduler and memory management. This means that KVM is much smaller and simpler to use; it also provides some features not available in Xen. For example, KVM can swap guests to disk in order to free RAM.
- It consists of a loadable kernel module,
kvm.ko, that provides the core virtualization infrastructure and a processor specific module,kvm-intel.koorkvm-amd.ko. - QEMU is the default VMM (Virtual Machine Manager) of KVM, but can be replaced. QEMU is a generic and open source machine emulator and virtualizer. The Android emulator is built on QEMU.
- KVM: kernel side; QEMU: userspace. QEMU can use KVM and host CPU to accelerate:
$ qemu-system-x86_64 accel=kvm ... - Read more KVM
- It consists of a loadable kernel module,
- Xen: an external hypervisor; it assumes control of the machine and divides resources among guests.
- Xen is even "leaner" than ESXi. It is a tiny layer of code (a microkernel) that does almost nothing but manage CPU and memory.
- The Boot Process: Hardware → Xen → Dom0 (the "Management" VM) → Your other VMs.
- The Linux Connection: Because Xen is so small, it can't talk to your mouse, keyboard, or hard drive on its own. It immediately launches a privileged VM called Dom0 (usually a specialized version of Linux or BSD) to act as its "hands" to manage the hardware.
- Firecracker: an open-source Virtual Machine Monitor (VMM) developed by Amazon Web Services (AWS) that uses Linux's KVM to create and manage lightweight, secure, and fast microVMs. It blends the security of traditional virtual machines with the speed of containers, booting in under 100 milliseconds with a minimal memory footprint (< 5 MiB). It is heavily used in serverless computing, notably AWS Lambda and Fargate.
- Read more Firecracker
- VirtualBox: by Oracle
- a Type 2 Hypervisor.
- open source and free; No hardware virtualisation required.
- VMware ESXi
- ESXi is a proprietary, purpose-built kernel. It isn't Linux, though it uses a similar-looking command line for management.
- The Boot Process: Hardware → ESXi → Virtual Machines.
- Self-Sustained: It contains its own drivers and management tools. When you turn on the server, the ESXi "OS" loads directly into RAM and starts running your VMs.
- Hyper-V by Microsoft
- PowerVM by IBM
- Red Hat Virtualization
- oVirt: created by RedHat
- designed to be a cost-effective alternative to commercial virtualization programs like Microsoft Hyper-V or VMware vSphere.
- Red Hat uses it as the upstream version of its commercial virtualization product, Red Hat Virtualization
- Cloud Hypervisor (CHV): a special-purposed VMM, only concerns the use case of cloud workloads.
- owned by The Linux Foundation.
- "Cloud Hypervisor is an open source Virtual Machine Monitor (VMM) implemented in Rust that focuses on running modern, cloud workloads, with minimal hardware emulation."
- Website: https://www.cloudhypervisor.org
- Source code: https://github.com/cloud-hypervisor/cloud-hypervisor
- NOT aim to be a all-functioning emulator: originally developed by Intel, the motivation was to push for more dependencies on VT-x, i.e. to be more tightly coupled to Intel hardware, so that it would be more difficult for customers to move away from Intel. Not very mature.
Which hypervisors are being used?
- AWS:
- Xen: Historically, AWS built its entire EC2 cloud on Xen.
- Nitro Hypervisor: AWS is transitioning newer instances to its KVM-based "Nitro" platform.
- Google:
- GCE: KVM
- Cloud Run:
- Gen 1: gVisor
- Gen 2: KVM-based.
- Azure: Windows Hyper-V
- VMware: ESXi
- Oracle VM: Xen
- Redhat: Red Hat Virtualization (RHV), based on KVM.
Standardization on KVM: Most new cloud projects and standard Linux distributions (like Ubuntu and Red Hat) have standardized on KVM because of its tighter integration with the Linux kernel.
The Rise of Embedded & Automotive: Xen is seeing a surge in Automotive and Safety-Critical Systems. Carmakers use it to isolate entertainment systems from critical driving functions on a single chip.
KVM vs Xen
KVM (Kernel-based Virtual Machine) and Xen are the two most prominent open-source hypervisors in the Linux ecosystem. While they both allow you to run multiple virtual machines (VMs), they take very different architectural approaches.
Architecture
The fundamental difference lies in where the hypervisor sits and how it interacts with the hardware.
-
KVM (Type-1/Type-2 Hybrid):
KVM is a module built directly into the Linux kernel. When you install KVM, it turns the Linux kernel itself into a "Type-1" hypervisor.
- Every VM is simply a standard Linux process.
- It uses standard Linux scheduling, memory management, and device drivers.
-
Xen (Type-1 Microkernel):
Xen is a bare-metal microkernel that loads before any operating system.
- Once Xen loads, it starts a privileged VM called "Domain 0" (Dom0).
- Dom0 is usually a Linux OS that has direct access to the hardware and manages the "Guest" VMs (called DomU).
- Xen itself is very small; it delegates most management tasks to Dom0.
Performance and Efficiency
- KVM: Generally considered to have higher performance for modern hardware. Since it is part of the Linux kernel, it benefits from every optimization made to Linux. It uses Full Virtualization (with hardware extensions like Intel VT-x) and VirtIO drivers for high-speed I/O.
- Xen: Historically famous for Paravirtualization (PV). In PV mode, the guest OS is "aware" it is virtualized and talks directly to the hypervisor, which was much faster before hardware-assisted virtualization became standard. However, this required modifying the guest OS kernel. Today, Xen also supports Full Virtualization (HVM).
Management and Ease of Use
- KVM: Much easier for Linux administrators to learn. Since a VM is just a process, you can use standard tools like
top,kill, andniceto manage them. It is the "native" way to do virtualization on Red Hat, Ubuntu, and Debian. - Xen: More complex to set up and manage due to the Dom0/DomU structure. You have to manage the Xen hypervisor and the management OS (Dom0) separately.
Hardware Support
- KVM: If Linux supports a piece of hardware, KVM supports it. This gives KVM a massive lead in hardware compatibility (new CPUs, specialized NICs, etc.).
- Xen: Relies on the Dom0 kernel for hardware support. While usually broad, it can occasionally lag behind KVM because the Xen hypervisor itself must also be compatible with the underlying platform.
Ecosystem and Industry Adoption
- KVM: The current industry standard. It powers Google Cloud Platform and AWS (which famously migrated from Xen to the KVM-based "Nitro" system). It is the backbone of OpenStack and Proxmox.
- Xen: The "old guard" of cloud virtualization. It powered AWS for over a decade and remains the engine behind Citrix Hypervisor (formerly XenServer) and the security-focused Qubes OS.
Comparison Summary
| Feature | KVM | Xen |
|---|---|---|
| Type | Hybrid (Integrated into Linux) | Type-1 (Bare-metal Microkernel) |
| Primary Driver | Red Hat, Google, Intel | Citrix, Linux Foundation, Oracle |
| Complexity | Low (if you know Linux) | High (distinct architecture) |
| Hardware Support | Excellent (Native Linux) | Good (via Dom0) |
| Guest Isolation | High (Process-based) | Very High (Microkernel-based) |
| Live Migration | Built-in and mature | Built-in and mature |
| Best For | Enterprise clouds, Proxmox, standard Linux servers | Highly secure environments, Citrix shops, legacy PV support |
Which one should you choose?
- Choose KVM if you are running a modern Linux environment, want the best performance on modern hardware, or are looking for the most "marketable" skill in the current job market. It is the default choice for almost all new deployments.
- Choose Xen if you have a specific requirement for high-security isolation (like Qubes OS), are using Citrix management tools, or need to run older "Paravirtualized" guests that cannot use hardware acceleration.
What does it mean by "running below Linux"?
KVM is on top of Linux, Xen is below Linux.
When people say hypervisors like Xen and ESXi are "below" Linux, they mean it in terms of privilege:
- In a standard PC: The OS (Linux/Windows) has "Ring 0" privilege (total control of the CPU).
- In Xen/ESXi: The Hypervisor takes "Ring -1" (an even higher level of control). The Linux VM running on top thinks it has total control, but the hypervisor is actually intercepting its commands and deciding what it’s allowed to do.
The catch: While Xen itself isn't Linux, you almost always need a Linux-based Dom0 to actually interact with a Xen server. ESXi, being proprietary, is a "black box" that handles everything internally.