Hypervisor Types - Learning Module

Loading content...

0/227

Type 2 Hypervisors (Hosted)

Virtualization on Your Desktop

While Type 1 hypervisors dominate data centers and cloud infrastructure, Type 2 hypervisors bring virtualization to a different domain: the developer's workstation, the security researcher's lab, and the IT professional's testing environment. These hosted hypervisors run as applications within a conventional operating system, trading some performance and isolation for convenience and accessibility.

Type 2 hypervisors democratized virtualization, making it accessible to anyone with a laptop. Understanding their architecture is essential for appreciating when hosted virtualization is appropriate—and when the constraints of a host OS become limiting.

What You Will Learn

By the end of this page, you will understand how Type 2 hypervisors operate atop a host operating system, their architectural components, performance characteristics, and optimal use cases. You'll gain the knowledge to evaluate when hosted virtualization is appropriate and understand the fundamental trade-offs compared to bare-metal solutions.

Defining Type 2 Hypervisors

A Type 2 hypervisor, also known as a hosted hypervisor, is virtualization software that runs as an application on top of an existing operating system. Unlike Type 1 hypervisors that directly interface with hardware, Type 2 hypervisors rely on the host OS for hardware access, device drivers, and resource management.

The fundamental definition:

A Type 2 hypervisor is a software layer that:

Runs as a user-space process on a host operating system
Uses the host OS kernel for hardware access and resource management
Creates virtual machines that appear as child processes to the host
Leverages host OS device drivers for I/O operations
May still use hardware virtualization extensions (VT-x/AMD-V) for efficient guest execution

The Hardware Extension Nuance

Modern Type 2 hypervisors still use hardware virtualization extensions (Intel VT-x, AMD-V) for CPU virtualization—just like Type 1 hypervisors. The distinction isn't about hardware support, but about where the hypervisor sits in the software stack: atop an OS (Type 2) or directly on hardware (Type 1). This is why Type 2 hypervisor performance has improved dramatically with hardware-assisted virtualization.

Common Type 2 hypervisors:

The Type 2 hypervisor market includes widely-known products:

VMware Workstation/Fusion — Professional-grade desktop virtualization (Workstation for Windows/Linux, Fusion for macOS)
Oracle VirtualBox — Open-source, cross-platform, feature-rich
Parallels Desktop — macOS-focused, optimized for running Windows on Apple hardware
QEMU (standalone) — Open-source machine emulator, often used with hardware acceleration

These products serve millions of developers, testers, and IT professionals who need to run multiple operating systems on a single workstation without dedicated server hardware.

Architectural Overview

The architecture of Type 2 hypervisors differs fundamentally from Type 1: an entire operating system sits between the hypervisor and the hardware. This creates a layered architecture with distinct performance and security implications.

The Type 2 software stack:

Type 2 Hypervisor Stack
┌─────────────────────────────────────────────────────────────────┐
│                      Guest Virtual Machines                       │
│  ┌─────────────┐  ┌─────────────┐  ┌─────────────┐               │
│  │   Guest 1   │  │   Guest 2   │  │   Guest 3   │   ...         │
│  │  (Linux)    │  │  (Windows)  │  │  (FreeBSD)  │               │
│  │             │  │             │  │             │               │
│  │ User Apps   │  │ User Apps   │  │ User Apps   │               │
│  │ OS Kernel   │  │ OS Kernel   │  │ OS Kernel   │               │
│  └─────────────┘  └─────────────┘  └─────────────┘               │
├─────────────────────────────────────────────────────────────────┤
│                    TYPE 2 HYPERVISOR                             │
│                  (Runs as Host Application)                      │
│  ┌───────────────────────────────────────────────────────────┐  │
│  │  Hypervisor Application (VMware Workstation, VirtualBox)  │  │
│  │  ├── Virtual Machine Monitor                              │  │
│  │  ├── Guest Memory Manager (via host mmap/VirtualAlloc)    │  │
│  │  └── Virtual Device Emulators                             │  │
│  └───────────────────────────────────────────────────────────┘  │
│  ┌───────────────────────────────────────────────────────────┐  │
│  │  Kernel Module (Optional but common)                       │  │
│  │  ├── Hooks into host kernel for efficient VM execution     │  │
│  │  └── Manages VT-x/AMD-V interactions                       │  │
│  └───────────────────────────────────────────────────────────┘  │
├─────────────────────────────────────────────────────────────────┤
│                      HOST OPERATING SYSTEM                       │
│  ┌───────────────────────────────────────────────────────────┐  │
│  │  Host Applications (Browser, IDE, etc.)                   │  │
│  └───────────────────────────────────────────────────────────┘  │
│  ┌───────────────────────────────────────────────────────────┐  │
│  │  Host OS Kernel (Windows, Linux, macOS)                    │  │
│  │  ├── Process Scheduler (schedules hypervisor + other apps)│  │
│  │  ├── Memory Manager (allocates memory to hypervisor)      │  │
│  │  └── Device Drivers (hypervisor uses for I/O)             │  │
│  └───────────────────────────────────────────────────────────┘  │
├─────────────────────────────────────────────────────────────────┤
│                      PHYSICAL HARDWARE                           │
│  ┌──────────┐  ┌──────────┐  ┌──────────┐  ┌──────────┐         │
│  │   CPU    │  │  Memory  │  │ Storage  │  │ Network  │         │
│  │  Cores   │  │  (RAM)   │  │  (Disk)  │  │   NICs   │         │
│  └──────────┘  └──────────┘  └──────────┘  └──────────┘         │
└─────────────────────────────────────────────────────────────────┘

Key architectural components:

Type 2 Hypervisor Components

•Hypervisor Application — The main user-space process that provides the VM management interface, virtual device emulation, and coordination. This is what you see as 'VMware Workstation' or 'VirtualBox' in your task manager.
•Kernel Extension/Module — Most Type 2 hypervisors install a kernel module (vmmon, vboxdrv) to efficiently interact with hardware virtualization extensions. Without this, they'd need to rely on slower user-space emulation.
•Virtual Device Emulators — Software implementations of virtual hardware (network cards, disk controllers, graphics adapters) that translate guest I/O to host system calls.
•Host OS Drivers — The hypervisor relies on host OS device drivers for actual hardware access. A VM's network packet ultimately goes through the host's network stack.
•Memory Manager Integration — Guest memory is backed by host memory allocations (mmap on Linux, VirtualAlloc on Windows).

The Kernel Module Importance

The kernel module is crucial for Type 2 hypervisor performance. It allows the hypervisor to use hardware virtualization extensions (VT-x/AMD-V) efficiently, bypassing much of the host OS overhead for CPU virtualization. Without the module, VirtualBox falls back to 'software virtualization,' which is dramatically slower.

CPU Virtualization in Type 2 Hypervisors

CPU virtualization in Type 2 hypervisors leverages the same hardware extensions (VT-x, AMD-V) as Type 1 hypervisors, but with an important difference: the hypervisor must coordinate with the host OS for CPU scheduling and must handle the complexities of running guests within a user-space process.

The execution model:

When a Type 2 hypervisor VM runs, CPU execution alternates between:

Host context — The host OS schedules the hypervisor process like any other application
Guest context — The hypervisor's kernel module uses VMLAUNCH/VMRESUME to enter guest mode
VM exit handling — Exits may be handled by the kernel module (fast path) or passed to user-space (slow path)

Type 2 Execution Flow
┌─────────────────────────────────────────────────────────────────┐
│                 TYPE 2 EXECUTION FLOW                            │
├─────────────────────────────────────────────────────────────────┤
│                                                                  │
│  Host OS schedules hypervisor process                            │
│         │                                                        │
│         ▼                                                        │
│  ┌──────────────────────────────────────┐                       │
│  │  Hypervisor User-Space Process       │                       │
│  │  ├── Decides which vCPU to run       │                       │
│  │  └── Issues ioctl() to kernel module │                       │
│  └──────────────────────────────────────┘                       │
│         │                                                        │
│         ▼                                                        │
│  ┌──────────────────────────────────────┐                       │
│  │  Kernel Module (e.g., vmmon, vboxdrv)│                       │
│  │  ├── Prepares VMCS/VMCB             │                       │
│  │  ├── Executes VMLAUNCH/VMRESUME     │                       │
│  │  └── Enters VMX non-root mode       │                       │
│  └──────────────────────────────────────┘                       │
│         │                                                        │
│         ▼                                                        │
│  ┌──────────────────────────────────────┐                       │
│  │  Guest VM Execution (VMX non-root)   │◀──────────────┐       │
│  │  • Guest code runs at near-native    │               │       │
│  │  • Sensitive ops trigger VM exit     │               │       │
│  └──────────────────────────────────────┘               │       │
│         │                                               │       │
│         ▼                                               │       │
│  ┌──────────────────────────────────────┐               │       │
│  │  VM Exit Occurs                       │               │       │
│  │  ├── Simple exit? Handle in kernel    │───────────────┘       │
│  │  │   (return to guest immediately)   │                       │
│  │  └── Complex exit? Return to user    │                       │
│  │      space hypervisor for handling   │                       │
│  └──────────────────────────────────────┘                       │
│         │                                                        │
│         ▼                                                        │
│  (Cycle repeats; host OS may preempt hypervisor)                │
│                                                                  │
└─────────────────────────────────────────────────────────────────┘

Host preemption challenges:

Unlike Type 1 hypervisors that have complete control over CPU scheduling, Type 2 hypervisors compete with other host applications for CPU time. This creates unique challenges:

Unpredictable latency — The host OS may preempt the hypervisor for other processes at any time
Timer coalescing — Host power management may batch timers, affecting guest timing accuracy
vCPU starvation — Heavy host workloads can starve guest VMs of CPU time
Co-scheduling difficulties — Multi-vCPU guests may have vCPUs on different host threads, complicating synchronization

These challenges make Type 2 hypervisors less suitable for latency-sensitive or real-time workloads.

The Double Scheduling Problem

In Type 2 virtualization, two schedulers compete: the host OS schedules the hypervisor process, and within that process, the hypervisor schedules vCPUs. Neither scheduler is aware of the other's decisions. If the host preempts the hypervisor while a guest holds a spinlock, other guest vCPUs may spin uselessly, wasting CPU time—a problem that's harder to solve without hypervisor control over scheduling.

Memory Management

Memory management in Type 2 hypervisors involves coordinating with the host OS memory manager. Guest physical memory is backed by host virtual memory, adding complexity to the address translation hierarchy.

The four-level address hierarchy:

In a Type 2 environment, addresses go through four levels:

Guest Virtual Address (GVA) — What guest applications see
Guest Physical Address (GPA) — What the guest OS believes is physical memory
Host Virtual Address (HVA) — Where guest memory exists in the hypervisor's address space
Host Physical Address (HPA) — Actual hardware memory

Type 2 Memory Translation
┌────────────────────────────────────────────────────────────────┐
│               TYPE 2 MEMORY TRANSLATION HIERARCHY               │
├────────────────────────────────────────────────────────────────┤
│                                                                  │
│  Guest Application                                               │
│        │                                                         │
│        ▼                                                         │
│  Guest Virtual Address (GVA)                                     │
│        │                                                         │
│        ▼  (Guest page tables)                                   │
│  Guest Physical Address (GPA)                                    │
│        │                                                         │
│        │  ┌─────────────────────────────────────────────┐       │
│        └─▶│  Hardware EPT/NPT (if available)            │       │
│           │  OR                                          │       │
│           │  Software translation via hypervisor        │       │
│           └─────────────────────────────────────────────┘       │
│        │                                                         │
│        ▼                                                         │
│  Host Virtual Address (HVA)                                      │
│  (Memory mapped into hypervisor process via mmap/VirtualAlloc)  │
│        │                                                         │
│        ▼  (Host page tables)                                    │
│  Host Physical Address (HPA)                                     │
│        │                                                         │
│        ▼                                                         │
│  Physical Memory (RAM)                                           │
│                                                                  │
├────────────────────────────────────────────────────────────────┤
│  NOTE: With EPT/NPT, hardware accelerates GVA→GPA→HPA           │
│        The HVA→HPA translation happens when setting up EPT      │
│        Host OS may swap HVA to disk, adding another layer       │
└────────────────────────────────────────────────────────────────┘

Memory allocation strategies:

Type 2 hypervisors use several approaches to allocate and manage guest memory:

Memory Allocation Techniques

•mmap/VirtualAlloc — Guest 'physical' memory is allocated as large virtual memory regions in the hypervisor process. The host OS backs this with physical pages on demand.
•Locked/wired memory — For performance-sensitive scenarios, the hypervisor can lock guest memory in physical RAM (mlockall), preventing host swapping.
•Large pages — Using 2MB or 1GB huge pages reduces TLB pressure and translation overhead.
•Lazy allocation — Memory is allocated on first access rather than upfront, allowing the host to manage resources more flexibly.

The host swapping problem:

A critical difference from Type 1 hypervisors: the host OS can swap guest memory to disk. From the guest's perspective, memory access that should take 100 nanoseconds suddenly takes 10 milliseconds—an unpredictable 100,000x slowdown. This makes Type 2 hypervisors challenging for workloads requiring consistent memory access latency.

Mitigation strategies include:

Allocating enough host RAM to avoid swapping
Locking hypervisor memory to prevent swapping
Reserving memory for the hypervisor process
Monitoring host memory pressure

Memory Overcommit Risks

While Type 1 hypervisors carefully manage memory overcommitment with techniques like ballooning and compression, Type 2 hypervisors are subject to the host OS's memory management policies. Running multiple VMs that together exceed host RAM often leads to severe performance degradation as the host aggressively swaps.

I/O Virtualization

I/O virtualization in Type 2 hypervisors fundamentally differs from Type 1: all I/O ultimately goes through the host operating system. This adds latency but simplifies driver development and provides access to the host's rich device driver ecosystem.

The I/O path:

When a guest VM performs I/O, the typical path is:

Guest driver issues I/O request to virtual device
Virtual device (emulated in hypervisor) translates to host API calls
Host OS processes the request through its I/O stack
Physical device performs the operation
Results propagate back through the stack

Type 2 I/O Path
┌────────────────────────────────────────────────────────────────┐
│                    TYPE 2 I/O PATH (Network Example)            │
├────────────────────────────────────────────────────────────────┤
│                                                                  │
│  Guest VM                                                        │
│  ├── Application sends network packet                           │
│  ├── Guest OS network stack (TCP/IP)                            │
│  └── Guest uses virtual NIC driver (e1000, virtio-net)         │
│         │                                                        │
│         ▼                                                        │
│  ┌──────────────────────────────────────┐                       │
│  │  Virtual Device Emulator              │                       │
│  │  (Hypervisor User Space)              │                       │
│  │  ├── Receives packet from guest       │                       │
│  │  ├── Translates to host socket/tap    │                       │
│  │  └── Issues host system call          │                       │
│  └──────────────────────────────────────┘                       │
│         │                                                        │
│         ▼                                                        │
│  ┌──────────────────────────────────────┐                       │
│  │  Host OS Network Stack                │                       │
│  │  ├── NAT / Bridged networking         │                       │
│  │  ├── Host TCP/IP processing           │                       │
│  │  └── Host NIC driver                  │                       │
│  └──────────────────────────────────────┘                       │
│         │                                                        │
│         ▼                                                        │
│  ┌──────────────────────────────────────┐                       │
│  │  Physical Network Interface           │                       │
│  │  (Packet transmitted on wire)         │                       │
│  └──────────────────────────────────────┘                       │
│                                                                  │
│  CONTRAST WITH TYPE 1:                                          │
│  Type 1 hypervisor bypasses host OS entirely—                   │
│  virtual NIC → hypervisor I/O layer → physical NIC              │
│                                                                  │
└────────────────────────────────────────────────────────────────┘

Networking modes:

Type 2 hypervisors offer multiple networking configurations:

Type 2 Hypervisor Networking Modes
Mode	Description	Guest-to-Host	Guest-to-External	Use Case
NAT	Guest traffic routed through host's IP with address translation	Yes	Yes (outbound)	Simple internet access, no incoming
Bridged	Guest appears as separate host on physical network	Yes	Yes (full)	When guest needs real network presence
Host-Only	Private network between host and guests only	Yes	No	Isolated development/testing
Internal	Private network between guests only (no host)	No	No	Multi-VM isolated environments

Storage virtualization:

Storage I/O follows a similar pattern:

Virtual disk files — Guest disks are stored as files on the host filesystem (VMDK, VDI, QCOW2, VHD). The host filesystem provides caching, journaling, and features the guest benefits from.
Sparse allocation — Disk files grow as the guest writes data, rather than pre-allocating full size.
Snapshots — Copy-on-write snapshots leverage the host filesystem's capabilities.
Raw device access — For higher performance, guests can access raw host disk partitions (with significant usability tradeoffs).

The Double-Caching Problem

With virtual disk files, data may be cached twice: once in the guest OS page cache, and again in the host OS page cache. This wastes memory and can create consistency issues. Type 2 hypervisors offer options to disable host caching (O_DIRECT equivalent), trading memory efficiency for potential performance loss.

Integration Features

One of the key differentiators of Type 2 hypervisors is their focus on host-guest integration. Unlike Type 1 hypervisors where guests run in data-center isolation, Type 2 guests often need to interact seamlessly with the host desktop environment.

Common integration features:

Host-Guest Integration

•Shared folders — Designated host directories appear as network shares or mounted drives in the guest, enabling file exchange without network configuration.
•Clipboard sharing — Copy-paste between host and guest applications works seamlessly, including text, images, and rich content.
•Drag-and-drop — Files can be dragged between host and guest windows.
•Seamless/Unity mode — Guest application windows appear alongside host windows, hiding the VM desktop entirely.
•Dynamic display resizing — Guest display resolution adjusts when the VM window is resized.
•Time synchronization — Guest clock synchronizes with host to prevent drift.
•Device passthrough — USB devices can be attached to guests dynamically.

Guest additions/tools:

These integration features require software installed inside the guest, known variously as:

VMware Tools (VMware)
VirtualBox Guest Additions (VirtualBox)
Parallels Tools (Parallels Desktop)
SPICE guest agent (QEMU/KVM environments)

These tools consist of:

Kernel drivers — Paravirtualized display, network, and storage drivers optimized for the hypervisor
User-space agents — Background services implementing clipboard, file sharing, and other integration
System services — Time sync, memory management hints, shutdown/restart coordination

Guest Tools Components
Component	Purpose	Performance Impact
Video driver	Enables dynamic resolution, 3D acceleration, smooth rendering	Major improvement
Network driver	Paravirtualized networking for higher throughput, lower latency	Significant improvement
Storage driver	Optimized disk I/O, TRIM support for virtual disks	Significant improvement
Memory balloon	Reports memory pressure to hypervisor, enables dynamic memory	Enables overcommit
Agent service	Clipboard, drag-drop, seamless mode, time sync	User experience

Always Install Guest Tools

Guest tools dramatically improve Type 2 hypervisor performance and usability. Without them, guests use slow emulated devices, display resolution is fixed, and integration features are unavailable. Installing guest tools should be one of the first post-installation steps for any VM.

Performance Characteristics

Understanding Type 2 hypervisor performance requires acknowledging the inherent overhead of the host OS layer. While modern Type 2 hypervisors with hardware virtualization achieve impressive performance, they cannot match Type 1 in demanding scenarios.

Performance overhead sources:

Overhead Sources

•Host scheduling latency — The hypervisor competes with other host applications for CPU time, introducing variable delays.
•Context switch overhead — Transitions between host user space, host kernel, and guest mode involve multiple context switches.
•I/O stack traversal — All I/O goes through the host OS's network and storage stacks, adding latency.
•Memory pressure from host — The host OS and other applications consume RAM, potentially causing guest memory to be swapped.
•Interrupt routing overhead — Device interrupts go to the host first, then are injected into guests as virtual interrupts.

Typical Performance Comparison (Type 2 vs Native)
Workload Type	Performance vs Native	Notes
CPU-bound compute	85-95%	With VT-x/AMD-V; most guest code runs at native speed
Memory-intensive	80-90%	EPT overhead; potential host memory pressure
Disk I/O (sequential)	60-80%	Virtual disk files add filesystem overhead
Disk I/O (random)	40-70%	Higher overhead for small random I/O
Network throughput	60-80%	NAT adds overhead; bridged is better
Graphics (2D)	70-90%	With guest tools; varies by hypervisor
Graphics (3D)	30-70%	Highly variable; GPU passthrough helps

Optimization strategies:

To maximize Type 2 hypervisor performance:

Allocate fixed resources — Pre-allocate VM memory rather than dynamic allocation
Install guest tools — Enable paravirtualized drivers and optimizations
Use SSD storage — Virtual disk I/O benefits significantly from SSD backing
Avoid host overload — Don't run resource-intensive host applications during VM workloads
Enable VT-x/EPT — Ensure hardware virtualization is enabled in BIOS and hypervisor
Use appropriate networking — Bridged for performance, NAT for simplicity
Allocate sufficient vCPUs — But not more than physical cores for consistent performance

The 'Other VM' Problem

When running multiple VMs on a Type 2 hypervisor, they compete not just for CPU but for the hypervisor's internal resources. I/O operations from one VM can stall another's. This contention is harder to diagnose and manage than in Type 1 environments with sophisticated resource management.

Use Cases and Limitations

Type 2 hypervisors excel in specific scenarios while being inappropriate for others. Understanding this distinction is crucial for making informed virtualization decisions.

Ideal use cases:

Excellent For

•Developer workstations needing multiple OSes
•Software testing across platforms
•Security research and malware analysis
•Training and educational environments
•Running legacy applications
•Quick prototyping and experimentation
•Demo environments for presentations
•Personal use (running Windows on Mac)

Not Suitable For

•Production server workloads
•High-density VM consolidation
•Latency-sensitive applications
•High-throughput I/O workloads
•Real-time or deterministic systems
•Multi-tenant environments
•Enterprise data center operations
•Workloads requiring guaranteed resources

The development workflow advantage:

Type 2 hypervisors shine in development workflows. A developer can:

Run Windows, Linux, and macOS VMs simultaneously on a single workstation
Test applications across different OS versions without dedicated hardware
Create snapshots before risky changes, restoring instantly if needed
Share VM configurations with team members for consistent environments
Isolate development environments to prevent dependency conflicts
Run full-stack applications including databases and services locally

This flexibility explains why Type 2 hypervisors remain popular despite Type 1's performance advantages.

The Docker Alternative

For many development scenarios, containers (Docker) have displaced Type 2 VMs. Containers offer faster startup, lower overhead, and better host integration for Linux-based workloads. However, when you need to run a different kernel (Windows on Linux, or vice versa), full-system hardware testing, or complete OS isolation, Type 2 VMs remain indispensable.

Summary: Type 2 Hypervisor Fundamentals

We've explored the architecture and operation of Type 2 hosted hypervisors—the accessible virtualization solution that runs on commodity operating systems. Let's consolidate the key concepts:

Key Takeaways

•Type 2 hypervisors run as host applications — They depend on the host OS for hardware access, scheduling, and resource management.
•Kernel modules enable efficient virtualization — While the hypervisor is user-space, kernel modules allow direct use of hardware virtualization extensions.
•The host OS adds overhead — Additional layers for CPU scheduling, memory management, and I/O introduce latency and reduce performance.
•Integration features differentiate Type 2 — Clipboard sharing, shared folders, and seamless mode make Type 2 ideal for desktop use cases.
•Performance is workload-dependent — CPU-bound work performs well; I/O-intensive workloads suffer more overhead.
•Use cases align with development and testing — Type 2 excels for developers needing multiple OSes but isn't suitable for production servers.

Looking ahead:

The next page directly compares Type 1 and Type 2 hypervisors, providing a comprehensive analysis of their differences across architecture, performance, security, and management. This comparison will solidify your understanding of when to choose each approach.

Page Complete

You now understand Type 2 hosted hypervisors—their architecture, how they interact with the host OS, their integration features, and their appropriate use cases. This knowledge is essential for the comprehensive comparison with Type 1 hypervisors that follows.