Microsoft Hyper-v and Vmware Vsphere footprints

  • Article

The everlasting debate between Microsoft Hyper-v and VMware Vsphere . People always talk about FOOTPRINT and its performance impact, especially VMware they really like to talk about Microsoft having a large DISK footprint; please don’t get tricked into that. Let’s first talk about what is a footprint, and how can a footprint affect performance and security?

First, let’s define a software footprint, A software footprint is a measure of a software size to try to realize and quantify its impact on a system relative to performance and security. So you get new software, you install it; this software has a certain impact on your disk, memory, performance and security.

so why do people calculate a footprint? To measure the impact on performance and security, the larger the footprint, the worse the impact on performance because this means that more code has to be processed. Running 10 lines of code is usually faster that running 100 lines, provided that they of course are doing the same function. Finding vulnerabilities are usually far easier in larger code, where you have more opportunity of human error (not writing a secure code = vulnerabilities ), so in general large footprint is considered a bad thing.

 

VMware claims that Hyper-v has a large disk footprint; they claim that it’s over 2 GB for “hyper-v server” and over 10GB for “windows server 2008 with hyper-v role installed”.

The next is a screen shot from vmware website

Is that correct ? NO.

Why? That is not a hyper-v footprint at all, this is a windows DISK footprint, this includes drivers, PowerShell and management binaries …etc. For example, Windows Server 2008 R2 includes 2350 printer drivers in the box. Those drivers are included in the box so users have Windows Hardware Quality Labs certified drivers and don’t need to go looking around to find the appropriate drivers. This is what customers want, back in the days of windows 2003/XP when you needed to install a windows component or a driver you were probably prompted to insert the windows CD , now for convenience all the binaries are include on the DISK along with the windows installation. These binaries are on the disk, they are not loaded into memory, and they do not affect the performance of the system at all. It’s like having an mp3 song on your disk, when you need to hear it, you play it then it gets loaded into memory, otherwise it’s only there taking around 5mbs of your disk storage. Does disk footprint affect the performance of the virtualization solution? NO, because what counts is what's loaded to memory not disk.

 

Microsoft Hypervisor code is about 600 KB in size , while VMware Hypervisor code is 32 MBs .

Does that mean that VMware’s Hypervisor has a larger footprint that Microsoft’s?? YES, if you are talking about hypervisor layer footprint.

 WHY is that? Because VMware and Microsoft are using different virtualization technologies; VMware is monolithic and Microsoft is micro-kernalized hypervisor (I am not going through this debate but micro-kernalized technology is far superior). The difference in virtualization architecture affects where the virtualization stack components are loaded (management, Drivers,… etc.) which affect the size of the hypervisor layer.

Does this affect either the performance or security of the virtualization solution? Yes , in fact due to VMware fairly large hypervisor code there are some public known vulnerabilities For example, April 2009 CVE-2009-1244: A critical vulnerability in the virtual machine display function allows a guest operating system users to execute arbitrary code on the host OS. For more details about hypervisor updates which caused repeated downtime for VMware customers check out Hypervisor Footprint Debate Part 1: Microsoft Hyper-V Server 2008 & VMware ESXi 3.5.In fact hypervisor attacks are the worst types of security flaws that can happen to your virtualization system, imagine a virtual machine executing some sort of code on the host machine injecting a Trojan horse into other virtual machines on that host. I wouldn’t really trust that especially in public cloud scenarios.So in a nutshell, a large hypervisor code (ESX) allows for more vulnerabilties in a very senstive layer( the hypervisor) which should be treated as you'd treat a king in war.

 

To make a fair comparison from a footprint point of view, Memory footprint is what should be looked at when considering impact on performance, this is the virtualization stack code being loaded and executed in memory, and this of course varies hugely from system to system depending on what is loaded and what is not. During my tests Microsoft's Hyper-v memory footprint is around 350 Mbs for hyper-v server 2008 R2. According to vnotion blog , VMware ESXi 4 , 164009 has 718 MBs memory footprint (I couldn’t find any other reference to VMware ESXI memory footprint) , but again both numbers came from different environments and it would be unfair to use them to do memory footprint comparison . in a nutshell this should all go in Microsoft’s favor of being more architecturally secure and better in performance due to adopting the para-virtualization having a very thin hypervisor footprint .