Understanding Virtualization: From Early Hypervisors to Modern Cloud Solutions

In the cloud era, computing resources have become as essential as water and electricity on the Internet. Services such as virtual hosts, web servers, databases, and object storage are all provided through various cloud platforms, and the key enabler behind this boom is virtualization technology . Without virtualization, cloud computing would not exist.

The article examines what virtualization is, its historical development, and the different techniques and architectures that have emerged.

Historical Background

Virtualization is defined by Wikipedia as a resource‑management technology that abstracts physical resources (CPU, memory, disk, network adapters, etc.) and presents them as one or more virtual computer environments that can be partitioned and combined.

A computer can be viewed in three layers: the physical hardware layer, the operating‑system layer, and the application layer.

In 1974, Gerald Popek and Robert Goldberg published a seminal paper that established three fundamental requirements for virtualization: Equivalence: Programs should produce the same results when run on the physical machine or inside a virtual machine (ignoring execution‑time differences). Safety: Virtual machines must be isolated from each other and from the host. Performance: In most cases the guest’s instructions should execute directly on the physical CPU, with only a small subset requiring intervention by the VMM.

Two classic approaches to partitioning physical resources emerged: Type‑I and Type‑II virtualization.

Type I hypervisors run directly on the hardware and create multiple isolated operating‑system environments.

Type II hypervisors run on top of a host operating system and then create isolated environments.

VMware ESXi is an example of a Type I hypervisor, while VMware Workstation is a Type II hypervisor.

Full Virtualization: VMware Binary Translation

Modern CPUs use a privilege‑level model called Ring 0‑Ring 3. The operating‑system kernel runs in Ring 0, while user applications run in Ring 3. Certain privileged instructions can only be executed in Ring 0; if a guest OS attempts them in Ring 3, the CPU raises an exception.

Full virtualization relies on the Trap & Emulate technique: the guest runs in Ring 3, and when it executes a privileged instruction, the VMM intercepts the exception and emulates the operation, creating a virtual environment.

On x86, some non‑privileged instructions are still sensitive and cannot trigger an exception, breaking the isolation model.

VMware solved this with a binary‑translation technique: the VMM translates guest instructions into safe host instructions, similar to how a Java VM translates bytecode, allowing most instructions to run directly while translating the sensitive ones.

Paravirtualization: Xen Kernel Modifications

Paravirtualization replaces sensitive instructions with explicit calls to the hypervisor, known as HyperCall. The Xen project, started in 2003, is a prominent example of this approach.

Because it requires modifying the guest OS kernel, paravirtualization works well for open‑source systems like Linux but is impractical for closed‑source operating systems such as Windows.

Hardware‑Assisted Virtualization (VT‑x / AMD‑V)

CPU manufacturers added hardware support for virtualization, introducing two new execution modes: VMX root operation (for the VMM) and VMX non‑root operation (for the guest OS). This allows the VMM to configure which instructions and events to trap, greatly improving performance.

Intel’s VT‑x and AMD’s AMD‑V technologies enable VMMs to run with near‑native speed while maintaining isolation.

KVM‑QEMU

KVM (Kernel‑based Virtual Machine) is integrated into the Linux kernel, turning the kernel itself into a hypervisor. QEMU provides device emulation and, when combined with KVM, delivers a high‑performance virtualization stack.

Container Technology – LXC & Docker

Containers virtualize at the operating‑system level rather than the hardware level. LXC uses Linux cgroups and namespaces to isolate processes, filesystems, and networks, creating lightweight, isolated environments.

Docker builds on LXC (and later its own libcontainer) to package applications and their dependencies into portable containers.

Containers are more lightweight than full VMs because they share the host kernel, but they provide weaker isolation, making them more vulnerable to kernel exploits.

Ultra‑Light Virtualization – Firecracker

Firecracker, introduced by Amazon, combines strong isolation of VMs with the lightweight nature of containers by running microVMs—minimal virtual machines that use KVM for isolation while stripping away unnecessary OS components.

Other projects such as Google’s gVisor and Intel’s NEMU are exploring similar microVM concepts.

Summary

The article introduced the basic concepts and requirements of virtualization, traced its evolution from early software‑only solutions (VMware Workstation, Xen) to hardware‑assisted implementations (VT‑x, AMD‑V), and highlighted the rise of container technologies and ultra‑light microVMs as the latest trends in cloud computing.