Why you want a bare metal hypervisor and how to choose

There are two kinds of virtual machine managers, but for servers, data centers, and clouds there's only one that matters: Bare metal hypervisors


Show More

Once upon a time, there was nothing but native, or bare metal, hypervisors (a.k.a. virtual machine managers). In the 1980s, I cut my teeth on IBM System/370 mainframes running VM/CMS, but bare metal's history goes all the way back to the 1960s. With bare metal hypervisors, the hypervisor runs directly on the hardware. There is no intervening operating system.

The formal definition of bare metal hypervisor, or, as it was called in its day, Type 1 hypervisor, goes back to Gerald Popek and Robert Goldberg's seminal paper, Formal requirements for virtualizable third generation architectures. They also defined bare metal's great competitor, the Type 2, or hosted hypervisor.

Today, bare metal virtual machines are still very much with us. VM/CMS evolved into IBM's z/VM. And there are many other bare metal systems. Chances are you and your crew are using one even now.

Citrix's open-source XenServer powers Amazon Web Services (AWS). Oracle VM for SPARC and x86 are both based on Xen. There's VMware's ESX and ESXi, Microsoft Hyper-V, and HP's Integrity VM.

While the implementations are quite different, the name of the game is to provide a minimal operating system that provides just what's needed to run virtual machines. No more, no less.

A hosted hypervisor, on the other hand, requires an operating system to run, putting another later between your virtual machine (VM) and your hardware.

There are many popular hosted hypervisors. For example, I use Oracle VirtualBox constantly for testing operating systems. Other popular hosted hypervisors are Parallels and VMware Workstation.

In addition, there are operating system-based hypervisors, such as Linux's KVM and BSD's bhyve, that blur the lines between bare metal and hosted systems. With these the operating system can be stripped of unneeded modules to act as a bare-metal hypervisor. For example, Red Hat Enterprise Virtualization (RHEV) relies on KVM and is considered by many to be a bare metal hypervisor.

By this point, you may have noticed something about the hosted hypervisors: All of them are desktop based. There are exceptions, but in 2015 they really don't matter.

You see, the real name of the hypervisor game is how much speed you can get from your virtual machines. If you have an extra layer, like an operating system, between your VM and the hardware, that opens the door to performance, latency, security, scalability, and VM isolation problems.

There are corner cases of course. For example, you can still get a hot argument going in some circles if you suggest that KVM isn't really a bare metal hypervisor.

For your servers, whether it's just one Xeon box in the server closet, a thousand servers in your data center, or ten-thousand in your private cloud, what you really want is a bare metal hypervisor.

How to choose

For the mainstream operating systems there are four main choices: KVM, ESX/ESXi, Hyper-V, and Xen, in one form or another. You can argue until you're blue in the face about which one is "better," but generally speaking they all do an excellent job. More to the point of justifying the purchase to your CFO, each has its own role to play.

Which role depends largely on your other choices in platforms and operating systems.

From my perspective, here's where each is best suited for deployment.


While KVM as a bare metal hypervisor is best known for its use in RHEV, you can create a bare metal KVM hypervisor from any Linux distribution. Debian and Ubuntu, for example, are commonly used as the foundation for KVM hypervisors.

Like any bare metal hypervisor, KVM requires specific hardware to run. In KVM's case, that's the x86 architecture with chips that support either Intel VT or AMD-V. In addition, IBM recently ported KVM to its Power architecture.

The million-dollar question is whether KVM is faster than Xen. The answer, according to recent benchmarks, is that the two Linux hypervisors are pretty much dead even. From what I've seen, the real difference between deployments is how either one is tuned. Out of the box, there’s little to choose from between them.

That said, if you need support, RHEV is probably your best choice.


Like KVM, VMware ESX/ESXi was fist designed for Intel architectures and there it remains to this day.

The most common question I hear about ESX and ESXi is "What's the difference between the two models?" That's easy.

VMware ESX relies on Linux for a local service console and a shell. ESXi doesn't have this service console or a Linux shell, and relies on remote management tools. In theory, this makes ESXi more secure since it has less of an attack surface.

VMware also has the advantage of having long been the dominant hypervisor. This means that many enterprise business-critical applications such as Oracle Database, Microsoft SQL Server, and Microsoft Exchange have been optimized for it.

This hypervisor also supports multiple operating systems, including Windows, Linux, Solaris, and even a graybeard such as NetWare.

The downside is that VMware can be expensive. On the other hand, if you want a battle-tested virtualization solution it's hard to argue against VMware.


This one is easy in some ways. Do you use Windows on your desktops? Windows Server on your servers? Active Directory to manage your systems? Then just add Hyper-V to your licensing list and be done with it.

What's that? You want to run Linux or BSD Unix? No problem. Microsoft in 2015 is not Steve Ballmer's Microsoft. You can run CentOS, Debian, FreeBSD, Oracle, Red Hat Enterprise Linux, and Ubuntu VMs on Hyper-V.

Microsoft will argue that Hyper-V is more secure than VMware because its a "micro-kernelized" hypervisor. By this they mean that it has no device drivers at the hypervisor layer. Instead, these drivers are within each VM's partition. This means that even if a VM is hacked, the attacker still can't drill through the device drivers to get at the system's hardware or the hypervisor to infect other VMs.

While that argument is debatable, what is true, from what I've seen, is that Hyper-V, unlike so many of Microsoft's operating systems and applications, is quite secure.

So, if your business is already Windows-centric, Hyper-V gives you every reason to stay that way.


Xen can say they don't use device drivers at all. Indeed, they'll claim that Hyper-V simply followed their footsteps. Be that as it may, Xen is a very thin hypervisor. It takes up minimal RAM and, like VMware, it can run pretty much any operating system… and does.

The open-source Xen also has a great deal of support and a proven track record. Xen is baked into not only Oracle's virtualization programs but those from Linode and Rackspace as well. And, don’t forget that the largest public cloud by far, AWS, runs on Xen.

So, if you want rock-solid reliability, your choice of operating systems for your VMs, and, thanks to its minimal size, lots of room for scalability and VM density, Xen is an excellent choice.

The last word…

At this point, any of the bare-metal hypervisors will work well for your servers or cloud. Which you choose will be determined by your other IT requirements.

This story, "Why you want a bare metal hypervisor and how to choose" was originally published by ITworld.

Copyright © 2015 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022