4.2 Summarize aspects of clientside virtualization

Question 1

What does virutalization do?

Answer 1

Use software to separate environments from each other & the hardware

Software environments like the OS, drivers, & applications

Question 2

How do computes run multiple OSs simultaneously?

Answer 2

Through virtualiztation, using a hypervisor

Question 3

What is a hypervisor?

Answer 3

Software that allows multiple OSs to run simultaneously on a computer

These OSs would be called guest OSs or virtual machines

Question 4

How does a hypervisor prevent conflicts between guest OSs/VMs?

Answer 4

By emulating resources & managing hardware access

Emulating resources like CPU, memory, & storage

Question 5

What do VMs/guest OSs require for emulated hardware components?

Answer 5

Drivers

Question 6

What limitation might a hypervisor have?

Answer 6

The types of guest OSs it can support

Question 7

2 ways to implement a hypervisor?

Answer 7

• Guest OS (Type 2)
• Bare Metal (Type 1)

Question 8

How is a Guest OS (Type 2) hypervisor implemented?

Examples of Type 2 hypervisors include, VMware Workstation, Oracle VirtualBox, & Parallels Workstation

Answer 8

Installed onto a host OS

Question 9

What resources are needed for a Type 2 hypervisor?

Answer 9

• Host OS
• Hypervisor
• Guest OS(s)

Question 10

How is a Bare Metal (Type 1) hypervisor implemented?

Examples of Type 1 hypervisors include VMware ESXi, Microsoft Hyper-V, & Critix XenServer

Answer 10

Installed directly on the computer without a host OS

Question 11

What resources are needed for a Type 1 hypervisor?

Answer 11

• Hypervisor
• Guest OS(s)

Question 12

What does client-side virtualization refer to?

Answer 12

Virtualization solutions that run on regular desktops/workstations

Its often used for sandbox, legacy software support, cross-platform virtualization, & training

Question 13

What are 4 uses of client-side virtualization?

Answer 13

• Sandbox
• Test development
• Legacy software/OS
• Cross-platform virtualization

Question 14

What is a sandbox used for in client-side virtualizatin?

Answer 14

To create an isolated environment to analyze malware

i.e. viruses, worms, & trojans.

As the malware is contained within the guest OS, it can’t infect the researchers computer or network

Question 15

How does client-side virtualization support legacy software?

Answer 15

By running old OS & software on a VM when the host is upgraded

Question 16

What is cross-platform virtualization used for?

Answer 16

Testing software under different OSs &/or resource constraints

Question 17

What is does server-side virtualization refer to?

Answer 17

Running a server role as a VM

Question 18

Main benefit of server-side virtualization for servers & apps?

Answer 18

Improves hardware utilization by consolidating servers

This means that multiple virtual servers can run on a single physical server, allowing for more efficient use of hardware resources and reducing the need for multiple physical servers.

Question 19

How many virtual servers can usually be run on a server without losing performance?

Answer 19

8-9 additional virtual servers

This is because the typical resource utilization of a hardware servier is about 10%, implying that a server computercould be packed with 8-9 server software instances while retaining the same performance

Question 20

What does application virtualization allow clients to do?

Answer 20

Access/stream apps from a server

This ensures the app is always updated

Examples of application virtualization solutions include Citrix XenApp, Microsoft App-V, & VMware ThinApp

Question 21

Main benefit of application virtualization for programmers & admins?

Answer 21

It ensures the app is always updated with the latest code

Question 22

Are hypervisors used in container virtualization?

Answer 22

No

Question 23

Where are resources isolated in container virtualization?

Answer 23

At the OS level

Rather than at the hypervisor level (since hypervisors aren’t used)

Question 24

What resources is allocated to each container in container virtualization?

Answer 24

CPU & memory resources

All processes run through the native OS kernel

Question 25

Can containers run guest OSs of different types? | (in container virtualization)

Answer 25

No ## Footnote i.e. you can't run Windows or Ubuntu in a RedHat Linux container)

Question 26

Can containers run different OS distributions? | (in container virtualization)

Answer 26

Yes ## Footnote This means that containers can use different versions of the same OS

Question 27

What can containers run besides different OS distributions? | (in container virtualization)

Answer 27

Separate application processes with their required variables & libraries ## Footnote For example, you could have one container running a web server application and another container running a database application, each with their own specific settings and dependencies. It's like packaging an app along with everything it needs to run independently within its own container. This isolation ensures that the application runs consistently across different environments without affecting other applications running on the same system

Question 28

What is a well-known container virtuliazation product?

Answer 28

Docker

Question 29

What is conternization used for in mobile devices?

Answer 29

To implement corporate workspaces

Question 30

How do containers differ from VMs?

Answer 30

Virtualizing the OS & offering lightweight application isolation ## Footnote VMs virtualize the hardware, creating a full virtual copy of a physical machine with its own OS. This allows running multiple VMs on a single physical machine, each with its own OS & apps. VMs are isolated from each other & provide strong security bounderies. Containers virtualize the OS, allowing multiple containers to run on a single OS instance. Containers share the host OS kernel but are isolated from each other at the application level. They're lightweight, start quickly, & consume fewer resources compared to VMs

Question 31

What is Intel's technology for virtualization called?

Answer 31

VT-x (Virtualization Technology)

Question 32

What is AMDs technology for virtualization called?

Answer 32

AMD-V

Question 33

Why is Second Level Address Translations (SLAT) important?

Answer 33

It improves virtual memory performance with multiple VMs

Question 34

What is Intel's implementation of SLAT called? | SLAT = Second level Address Translations

Answer 34

EPT (Extended Page Table)

Question 35

What is AMD's implementation of SLAT called? | SLAT = Second level Address Translations

Answer 35

RVI (Rapid Virtualization Indexing)

Question 36

What must be enabled in the CPU for optimal virtualization performance?

Answer 36

Virtualization support (Intel VT-x or AMD-V) & SLAT | SLAT = Second level Address Translations

Question 37

What to check when choosing a computer for virtualization?

Answer 37

ensure CPU supports Intel VT-x or AMD-V & SLAT | Also ensure that they're enabled

Question 38

How do multiple CPU resources benefit virtualization? ## Footnote Whether it be through multiple physical processors, multi-core, or Hyperthreading

Answer 38

They greatly improve performance | Especiall when running more than 1 guest OS concurrently

Question 39

In virtualization, what's required for each guest OS's memory?

Answer 39

Sufficient memory beyond what the host OS/hypervisor requires ## Footnote i.e. if Windows 10 needs atleast 2GB of memory, the virtualization workstation must have atleast 4GB RAM to run the host OS & 1 Windows 10 guest OS. Running multiple guest OSs will quickly increase memory demands. For development & testing, you might get by with less memory since performance is less critical

Question 40

How is a VM's "hard disk" stored on the host?

Answer 40

As an image file ## Footnote in an enterprise environment, disk images can be stored in a SAN

Question 41

what format do most hypervisors use for VM disk images?

Answer 41

A dynamically expanding image format | It grows as files are added to the guest OS

Question 42

Why is more disk space needed for VM snapshots?

Answer 42

To save & roll back the VM to a previous state

Question 43

What kind of network can hypervisors create?

Answer 43

Virtual network where VMs communicate with each other & the host | This type of network can also connect VMs on different hosts ## Footnote In enterprise environments, you can configure virtual switches & routers for more complext networking

Question 44

What's a common solution for patching VMs in most environments?

Answer 44

Patching & testing a new template image, then deploying it ## Footnote A template image is a pre-configured virtual machine image used as a baseline for creating new instances in a virtualized environment. It includes the necessary operating system, software, configurations, and settings for a specific use case. Updating a master VM template with patches and security updates, testing it, and deploying new instances is a common solution for patching VMs in many environments.

Question 45

What are virtualization-specific security solutions?

Answer 45

Security apps that run through the host or hypervisor ## Footnote VMware NSX is an example of a virtualization-specific security solution. VMware NSX is a network virtualization and security platform that offers micro-segmentation to secure traffic between virtual machines. It enables organizations to create application-based security policies and isolate workloads to prevent threat lateral movement.

Question 46

Why wont host antivirus software detect viruses in a guest OS?

Answer 46

It doesnt scan the virtual disks of the guest OS ## Footnote If the virtual disks of a guest OS are scanned, it can cause serious performance problems

Question 47

What is the major security concern with VM template images?

Answer 47

The creation of unathorized VMs, known as rogue VMs ## Footnote Management procedures for developing and deploying VM images need to be strict and monitored. When being developed, VMs should conform to an application-specific template with minimum configuration needed

Question 48

What is VM sprawl?

Answer 48

The uncontrolled deployment of more & more VMs

Question 49

How can rogue VMs be detected?

Answer 49

via system management software

Question 50

Why should VM images be developed & stored securely?

Answer 50

To avoid malware insertion

Question 51

Why is the host a security vulnerabilty in a virtual platform?

Answer 51

It acts as a single point of failure ## Footnote i.e. if the host fails or loses power, all guest OSs & their services will go offline

Question 52

What must be monitored for security vulnerabilities besides the guest OS and host machine?

Answer 52

Hypervisor

Question 53

What is virtual machine escaping?

Answer 53

Malware on a guest OS jumping to another guest or the host ## Footnote The hypervisor can be protected from security vulnerabilities by keeping it up to date with patches for critical vulnerabilities