Server virtualization is now ubiquitous across most organizations — a critical part of their enterprise IT infrastructure for data centers and cloud services. Virtual servers reduce the physical space required for physical servers and power usage — and offer better utilization of hardware resources. The core software used for server virtualization, the hypervisor, directly provides CPU and memory virtualization, NIST said in a release June 7.
“The hypervisor platform is a collection of software modules that provide virtualization of hardware resources, such as CPU, memory, network, and storage, and enables computing stacks, (operating systems and application programs) called virtual machines (VMs) to run on a single physical host,” NIST explained.
The hypervisor platform may also have the functionality to define a network within a single physical host to enable communication among the VMs resident on that host, as well as with physical and virtual machines outside the host. The hypervisor facilitates access to physical resources, provides run time isolation among resident VMs, and enables a virtual network that provides a communication flow among the VMs and between the VMs and external network.
To ensure security, NIST published a revision of Special Publication (SP) 800-125A, now titled Security Recommendations for Server-based Hypervisor Platforms, which was originally published earlier this year. SP 800-125A Revision 1 adds security recommendations for technologies, such as device passthrough and self-virtualizing devices, that are used for deploying virtualized servers for high performance applications. The recommendations in the revision relate to safeguarding the secure execution of baseline functions of the hypervisor and ensuring they are agnostic to the hypervisor architecture. These recommendations are exclusively to be used for a hypervisor deployed for server virtualization and not for other use cases such as embedded systems and desktops, NIST said.