now, one of the things I've alluded to is the need for security over the virtualized environment that the topic we're gonna cover in much more depth in section two, Domaine two. Or but I want to stress to you that with virtual ization, this is really, as we've said, the heart and soul of cloud computing
This idea of being able to support multiple tenants on the single server.
Well, the way that happens is through the creation of virtual machines. And what we want to make sure of is that we don't have issues with escaping one virtual machine and accessing another, or the fact that a compromise of the entire system would lead to a compromise potentially of all the virtual machines on that system.
So in the later chapters, we're gonna discuss really on the how we're just kind of giving an introduction here.
So when we talk about all of the security of the virtual ization environment, relying on the security of the hyper visor, also the host operating system to define the hyper visor, you know, this is really kind of that interface between the operating system and the hardware. So
when we talk about this heart hyper visor.
This is what allows multiple different operating systems to access a single hardware host and have access to the resource is. And the key to making this work is Theo illusion of each individual host existing independently
on the system that true isolation or at least the appearance of that isolation.
Now, there are two main types of hyper visors. We have a type one and type two, and it really is about the direct interface or what the hyper of advisor interfaces with
type one Ah, hyper visor. Sometimes referred to as a bare metal metal hyper visor, it has the direct access
to the hardware. Ah, VM Where s C I s sa e the E s x I Citrix, Zen server and various other forms used type one heart the hyper visors, that bare metal
that direct access wears tight to kind of acts like a shim
in between the OS that's the host and the actual heart. Or so um,
type, too. If you've worked with Veum, Wear Workstation or Microsoft has virtual PC desktop service is those are more type to so obviously the type one's gonna have much better utilization allocation of resource is it has that direct access
type one hyper visors not only going to give us better performance, but they're gonna reduce the attack surface as well, because it has the direct connect.
It has the direct control that accesses again the hardware. So the hyper visor vendors
limit what software is gonna be used there in the creation of the controls that access the hardware. Ultimately, they're a much tighter fit on top of the hardware, if you will. And that limits the amount of software that can come between
tight, too. Hyper visors have greater vulnerability because they're running on the operating system itself. They're dependent upon the operating system. So any vulnerabilities of the O s would then affect the hyper visor as well. So type one and type to type one hyper visors
more expensive may have a little bit of a greater structure required. More configuration
tend to be more securing a better performance