System virtual machines (sometimes called hardware virtual machines) allow the sharing of the underlying physical machine resources between different virtual machines, each running its own operating system. The software layer providing the virtualization is called a virtual machine monitor or hypervisor. A hypervisor can run on bare hardware (Type 1 or native VM) or on top of an operating system (Type 2 or hosted VM).
The main advantages of system VMs are:
- multiple OS environments can co-exist on the same computer, in strong isolation from each other
- the virtual machine can provide an architecture (ISA) that is somewhat different from that of the real machine
- application provisioning, maintenance, high availability and disaster recovery
Multiple VMs each running their own operating system (called guest operating system) are frequently used in server consolidation, where different services that used to run on individual machines in order to avoid interference are instead run in separate VMs on the same physical machine. This use is frequently called quality-of-service isolation (QoS isolation).
The desire to run multiple operating systems was the original motivation for virtual machines, as it allowed time-sharing a single computer between several single-tasking OSes. This technique requires a process to share the CPU resources between guest operating systems and memory virtualization to share the memory on the host.
The guest OSes do not have to be all the same, making it possible to run different OSes on the same computer (e.g.,microsoft windows and Linux, or older versions of an OS in order to support software that has not yet been ported to the latest version). The use of virtual machines to support different guest OSes is becoming popular in embedded system; a typical use is to support a real time operating system at the same time as a high-level OS such as Linux or Windows.
Another use is to sandbox an OS that is not trusted, possibly because it is a system under development. Virtual machines have other advantages for OS development, including better debugging access and faster reboots.
Alternate techniques such as solaris zone provides a level of isolation within a single operating system. This does not have isolation as complete as a VM. A kernel exploit in a system with multiple zones will affect all zones. Achieving the same goal in a virtual machine implementation would require exploiting a weakness in the hypervisor. A hypervisor typically has a smaller "attack surface" than a complete operating system, making this more challenging. Further, a kernel exploit in a VM guest would not affect other VMs on the host, just as a successful intrusion into one zone would not necessarily affect other zones. Zones are not virtual machines, but an example of "operating system virtualization". This includes other "virtual environments" (also called "virtual servers") such as virtuozzo, Free Bsd Jails, Linux V-server , Chroot Jails and Open Jails. These provide some form of encapsulation of processes within an operating system. These technologies have the advantages of being more resource-efficient than full virtualization and having better observability into multiple guests simultaneously; the disadvantage is that, generally, they can only run a single operating system and a single version/patch level of that operating system - so, for example, they cannot be used to run two applications, one of which only supports a newer OS version and the other only supporting an older OS version on the same hardware. However, Sun Microsystems has enhanced Solaris Zones to allow some zones to behave like Solaris 8 or Solaris 9 systems by adding a system call translator.