Changes

The x86 family of CPUs provide a range of ''protection levels'' also known as ''rings'' in which code can execute. Ring 0 has the highest level privilege and it is in this ring in which that the kernel of the operating system kernel runs. Code executing in ring 0 is said to running in ''system space'', ''kernel mode'' or ''supervisor mode''. All other code such as applications running on the operating system typically run operate in less privileged rings, typically ring 3.

Under hypervisor virtualization a program known as a hypervisor runs directly on the hardware of the host system in ring 0. The task of this hypervisor is to handle resource and memory allocation for the virtual machines in addition to administration and monitoring interfaces.

Clearly, with the hypervisor occupying ring 0 of the CPU, the kernels for any guest operating systems running on the system must run in unprivileged CPU rings. Unfortunately, most operating system kernels are written to run in ring 0 for the simple reason that they need to perform tasks that are only available in that ring such as the ability to execute privileged CPU instructions and directly manipulate memory. A number of different solutions to this problem has have been devised in recent years, each of which is described below:

Under paravirtualization the kernel of the guest kernels are operating system is modified specifically to run on the hypervisor. This typically involves replacing any privileged operations that will only run in ring 0 of the CPU with calls to the hypervisor (known as ''hypercalls''). The hypervisor in turn performs the task on behalf of the guest kernel. This typically limits support to open source operating systems such as Linux which may be freely altered and proprietary operating systems where the owners have agreed to make the necessary modifications to target a specific hypervisor. These issues not withstanding, the ability of the guest kernel to communicate directly with the hypervisor results in greater performance levels than other virtualization approaches.

Full virtualization provides support for unmodified guest operating systems. The term ''unmodified'' refers to operating system kernels which have not be been altered to run on a hypervisor and therefore still execute privileged operations as though running in ring 0 of the CPU. In this scenario, the hypervisor provides CPU emulation to handle and modify privileged and protected CPU operations made by unmodified guest operating system kernels. Unfortunately this emulation process requires both time and system resources to operate resulting in inferior performance levels when compared to those provided by paravirtualization.

As outlined in the above illustration, in addition to the virtual machines, an administrative operating system and/or management console also runs on top of the hypervisor allowing the virtual machines to be managedby a system administrator. Hypervisor based virtualization solutions include Xen, VMware ESX Server and Microsoft's Hyper-V technology.