
Virtual Machine Monitors (VMMs) are growing. It’s a logical enough progression in line with the wider world of cloud computing, but any search for virtual machine monitoring on its own is likely to throw up background pages on hypervisors in general, or platform infrastructure analysis tools designed to help monitor performance issues and possibly also billing requirements.
In the more purist sense of the VMM universe, we find OpenVMM. This is a modular, cross-platform Virtual Machine Monitor (VMM) written in Rust that has this month been released to open source by Microsoft.
Described as a type 2 hypervisor (sometimes known a hosted hypervisor), OpenVMM exists to run on top of an operating system and not on bare metal, right next to hardware.
What Is a Type 2 Hypervisor?
It’s worth noting the definitions in this space laid down by AWS, which reminds us that, “A type 1 hypervisor, or a bare metal hypervisor, interacts directly with the underlying machine hardware. A bare metal hypervisor is installed directly on the host machine’s physical hardware, not through an operating system. In some cases, a type 1 hypervisor is embedded in the machine’s firmware. A type 2 hypervisor, or hosted hypervisor, interacts with the underlying host machine hardware through the host machine’s operating system. [Users] install it on the machine, where it runs as an application.”
A type 2 hypervisor like OpenVMM “negotiates” with the operating system to obtain underlying system resources, but the host operating system still prioritizes its own functions and applications over the virtual workloads.
Why Is Rust Used Here?
As technology author Joe Stocker wrote on Twitter/X this October 2024, “Microsoft just open sourced OpenVMM. It features a ‘paravisor’ and is written in Rust, which is more secure than C or C++ because its ownership model and borrow checker enforce strict compile-time memory safety and concurrency guarantees, preventing common vulnerabilities like null pointer dereferencing, buffer overflows and data races.
As noted then, although it can function as a traditional VMM, OpenVMM’s development is currently focused on its role in the OpenHCL paravisor.
As clarified by BlackBerry (yes, really), a paravisor and the practice of paravirtualization, “Is a form of virtualization where software instructions from the guest operating system running inside a virtual machine can use “hypercalls” that communicate directly with the hypervisor. This provides an interface very similar to software running natively on the host hardware. The main benefits of paravirtualization are where instructions are not compatible with full virtualization or where more immediate access to underlying hardware is required for performance reasons. For timing-critical functions, paravirtualization can provide the speed of native code alongside some of the benefits of virtualization, such as sharing hardware between multiple operating systems.”
Virtual Firmware, Kind Of
The OpenVMM developer guide says that unlike in traditional virtualization, where a VMM runs in a privileged host/root partition and provides virtualization services to an unprivileged guest partition, the paravisor model enables a VMM to provide virtualization services from within the guest partition itself. It can be considered a form of “virtual firmware,” running at a higher privilege level than the primary guest OS.
OpenVMM can also run as a general-purpose VMM on a Windows, Linux or macOS host. As of the end of 2024 and the initial open sourcing of this technology, this is still described as a development vehicle technology and most of the same code runs in OpenVMM on a host and OpenVMM in a paravisor.
OpenVMM supports a number of host operating systems, architectures and virtualization backends. The project is open source, MIT Licensed and developed publicly at Microsoft/openvmm on GitHub.