The Kernel-based Virtual Machine (KVM) could be a full native virtualization solution for Linux on x86 hardware containing virtualization extensions (Intel VT or AMD-V). Limited support for paravirtualization is additionally available for Linux and Windows guests within the kind of a paravirtual network driver.
KVM is currently designed to interface with the kernel via a loadable kernel module. software system versions supported include a large style of guest operating systems like Linux, BSD, Solaris, Windows, Haiku, ReactOS, and AROS Research package. A patched version of KVM (qemu) is in a position to run on Mac OS X.
In the KVM architecture, the virtual machine is implemented as regular Linux process, scheduled by the quality Linux scheduler. In fact, each virtual CPU appears as an everyday Linux process. this permits KVM to learn from all the features of the Linux kernel.
Device emulation is handle by a modified version of qemu that has an emulated BIOS, PCI bus, USB bus, and a typical set of devices like IDE and SCSI disk controllers, network cards, etc.
Security
Since a virtual machine is implemented as a Linux process, it leverages the quality Linux security model to supply isolation and resource controls. The Linux kernel uses SELinux (Security-Enhanced Linux) to feature mandatory access controls, multi-level and multi-category security, and to handle policy enforcement. SELinux provides strict resource isolation and confinement for processes running within the Linux kernel.
The SVirt project — a community effort attempting to integrate Mandatory Access Control (MAC) security and Linux-based virtualization (KVM) — builds on SELinux to supply an infrastructure to permit an administrator to define policies for virtual machine isolation. Out of the box, SVirt ensures that a virtual machines resources can not be accessed by the other process (or virtual machine); this will be extended by the sysadmin to define fine-grained permissions; for instance, to group virtual machines together to share resources.
Memory
KVM supports the most recent memory virtualization features from CPU vendors with support for Intel’s Extended Page Table (EPT) and AMD’s Rapid Virtualization Indexing (RVI) to deliver reduced CPU utilization and better throughput.
Memory page sharing is supported through a kernel feature called Kernel Same-page Merging (KSM). KSM scans the memory of every virtual machine and where virtual machines have identical memory pages, KSM merges these into one page that it shares between the virtual machines, storing only one copy. If a guest attempts to vary this shared page, it’ll tend its own private copy.
Storage
KVM is ready to use any storage supported by Linux to store virtual machine images, including local disks with IDE, SCSI and SATA, Network Attached Storage (NAS) including NFS and SAMBA/CIFS, or SAN with support for iSCSI and Fibre Channel. Multipath I/O is also wont to improve storage throughput and to produce redundancy.
Again, because KVM is an element of the Linux kernel, it can leverage a proven and reliable storage infrastructure with support from all leading storage vendors; its storage stack contains a proven record in production deployments.
KVM also supports virtual machine images on shared file systems like the world filing system (GFS2) to permit virtual machine images to be shared between multiple hosts or shared using logical volumes. Disk images support thin provisioning allowing improved storage utilization by only allocating storage when it’s required by the virtual machine instead of allocating the whole storage upfront. The native disk format for KVM is QCOW2 which has support for snapshots allowing multiple levels of snapshots, compression, and encryption.
Choosing KVM
- Although KVM is a relative newcomer to hypervisors, this lightweight module that comes with the mainline Linux kernel offers the simplicity of its implementation plus continued support of Linux heavyweights.
- KVM is flexible; since the guest operating systems are communicating to a hypervisor that is integrated into the Linux kernel, they can address hardware directly in all cases without the need to modify the virtualized operating system. This makes KVM a faster solution for virtual machines.
- Patches to the KVM are compatible with the Linux kernel. KVM is implemented in the Linux kernel itself; consequently, that makes it easier to control virtualization processes.
Deploying KVM is rather complex, full of individual configuration considerations, so for more information, please see Related topics.