Virtualization
Virtualization is the ability to run multiple virtual computers (VMs) on a single physical machine, where each VM behaves like a real, independent computer.
But in reality, all of these are shared and controlled by a central layer called a hypervisor.
Hypervisor Types
Type 1 (Bare-Metal)
installed directly on the physical hardware (bare metal) rather than within an operating system.
Examples: Microsoft Hyper-V, KVM, Nutanix AHV, Citrix Hypervisor.
Type 2 (Hosted)
run as an application on top of an existing host operating system.
Examples: Oracle VM VirtualBox, VMware Workstation Pro, Parallels Desktop.
Emulation vs Virtualization
Virtualization uses real CPU features to run guest OS efficiently.
Emulation simulates hardware entirely in software.
CPU Privilege Rings
CPUs use privilege levels to protect the system. These are called CPU privilege rings:
Ring 0 (Kernel Mode)
The highest privilege level. The operating system kernel, device drivers, and core services operate here. Ring 0 has direct access to hardware, memory, and privileged CPU instructions
Ring 3 (User Mode)
The lowest privilege level, where user applications (browsers, games, shells) run. Code here is restricted and cannot directly access hardware or memory designated for the kernel.
Rings 1 and 2 (rarely used)
Historically intended for operating system services and device drivers, these are largely unused in modern operating systems like Windows and Linux, which favor a two-level model.
The guest OS kernel inside a virtual machine typically believes it is running at the highest privilege level (Ring 0) and has full control over hardware.
From its perspective, nothing is virtual. In reality the real hardware is controlled by a host system, the guest OS cannot actually touch hardware directly. Virtualization exists because we can’t let multiple OSes all run in Ring 0 directly.
So something must sit between the guest OS and the hardware. That something is the hypervisor.
Both Intel and AMD (and later ARM) solved the same core problem in their own ways:
Intel VT-x (Virtualization Technology)
VT-x is Intel’s hardware feature that allows one physical CPU to safely run multiple operating systems.
It does this by introducing a special virtualization system with two CPU modes:
1. VMX Root Mode
This is where the hypervisor runs.
2. VMX Non-Root Mode
This is where the guest operating system runs (the VM itself).
The guest OS thinks it is running normally. It may believe it is in Ring 0 but it is actually restricted.
AMD Virtualization (AMD-V)
AMD created a very similar system called AMD-V. Also adds hardware virtualization support. Functionally almost identical.
ARM EL2
ARM CPUs don’t use rings. Instead they use Exception Levels (EL0–EL3):
| Level | Role |
|---|---|
| EL0 | user apps |
| EL1 | OS kernel |
| EL2 | hypervisor |
| EL3 | secure firmware |
KVM (Kernel-based Virtual Machine)
KVM is a feature inside the Linux kernel that turns Linux into a hypervisor.
It provides hardware virtualization using VT-x (Intel) or AMD-V
But KVM by itself does NOT provide a full virtual machine environment.
QEMU (Quick Emulator)
a free and open-source machine emulator and virtualizer. As a Virtual Machine Monitor (VMM) it supports a number of hypervisors, including the Linux-based Kernel-based Virtual Machine (KVM), Xen, MacOS’s HVF, Window’s Hyper-V and a number of others.
It can work in two ways:
1. Full emulation
QEMU simulates everything in software
can even run different CPU architectures (ARM on x86)
slower
2. Virtualization mode (with KVM)
QEMU handles devices + VM structure
KVM handles fast CPU execution using hardware (VT-x / AMD-V)
much faster