VMware and Jeff Woolsey of Microsoft are going at it again. Jeff posted on the virtualisation blog analysing some claims by VMware about comparative sizes of products, amounts of patches and sizes of patches. Jeff does some detailed comparisons rather than making claims.
Some interested stuff in there. VMware has had some pretty bad security issues. As Jeff said, code breakout from a VM into the Hypervisor is BAD! Hyper-V does some cool architecture stuff to protect the host and VM’s against this even if it did happen (nothing yet!).
- Data Execution Prevention (DEP) must be turned on in the hardware. Without it, you cannot run Hyper-V. That means nothing that is executable can slip into the Hypervisor running at ring –1 on the processor.
- Each VM has a 1-to-1 connection to the host via the VM Bus running in the Hypervisor. That VMBus is protected by DEP. No VM’s can share a VMBus.
Technorati Tags: Hyper-V
del.icio.us Tags: Hyper-V