Discussion in 'Virtualization' started by Satoshi19, Jan 1, 2018.
Hi, what's the best VM in terms of both Performance & security?
Hyper-V is definitely faster than the others I've tried in the past, but its integration as a whole into the OS makes it optimal to use for me.
If security is something you require, it also allows for virtual TPM, secure boot, host guardian certificates, shielding, encrypting, etc.
The Best VM? Hyper-V!
Spoiler: My long answer
Perfomance (source 1):
Security (source 2):
The final result:
I get it via CPU+NET+(158*-CVE):
36227+1666-(158*5)=37103 for Hyper-V.
49220+1887-(158*162)=25511 for ESXI.
40894+1855-(158*124)=23157 for XEN.
25803+1490-(158*31)=22395 for KVM.
The Source 1: "A comparative study of Various Hypervisors Performance," 2016, IJSER.
The Source 2: "A Systematic Review of Vulnerabilities in Hypervisors and Their Detection," 2017, Alan Litchfield & Abid Shahzad.
Yes I know the numbers and I personally disagree with them for my personally reasons. Microsoft, seriously? You kidding me. No way Microsoft is secure! Open Source for me is more secure than Proprietary and I think with Microsoft this is unclear how many security holes they really have. Hi Wannacry! I can't forget this Samba apocalypse. ESXI with the shockingly high number of CVE only confirm what I thinking about it. KVM is not so great in terms of performance but this have less CVE than XEN or ESXI. The best in that numbers is clearly Hyper-V but in bad hands any hypervisor can be unsecure.
So what did you mean on this security thing? Any kind of hypervisor can include a security hole. A software like that is too complicated and this is why nothing is totally secure. Some people have installed an antivirus and thinks they secure now. But why? An antivirus can't detect all malware, this great if you track down even 50% of them. So I think only Isolation or Sandbox is what can help in that case. If you have a really powerful PC, use the Qubes OS distro, the developers made it as secure as possible but without updates even this is not so great to use like any other things.
If you need something Open Source and simple to use but with a not so great level of performance (Type-2), get Oracle VirtualBox, if you need a virtual card, use VMware Workstation Pro or Player but I just warning you, this is not Open Source. I have an idea how to get something like the card in VirtualBox via Google's SwiftShader but I don't test it yet but in a theory it can work thanks to the power of CPU. However, on the host my 4 cores with 3 Ghz is not enough for Unreal Tournament 3 even with the lowest settings. Can AMD Threadreaper help or even a more powerful CPU, eh?
Speaking of videocards do you know what is PCI Passthrough for? This thing can get you a real hardware like your audiocard or videocard into your VM. Sounds great, eh? However that step get out some layers of security and in the case of videocards you sacrifice something like 5% of their power in games. If you like playing CSGO, it is no go for VAC, Steam for an unclear reason bans you if they detect a virtual machine only with this game, so you can play Left 4 Dead 2 or whatever. If you have nVidia, I really don't recommend use VMware ESXI or XenServer because an famous error call "43".
I currently using KVM (an Type-1 hypervisor), to avoid this nVidia's error 43. The Proxmox distro is not a bad start for example. But you need to know this is not an ideal way: you need VT-d/AMD-Vi and UEFI. I trying install with Windows 7 but no luck because UEFI support is not full here. So go Windows 8.1 or Window 10. The distro has own Wiki with good instructions how set up it. If you can't understood it, maybe work with virtual machines is too soon. Yes it is recommended to know some GNU/Linux staff because Proxmox is Debian-based. You can make the same with OpenSUSE or Ubuntu.
The main question with performance and security is "for what?" If you need a gamer set up like Linus Sebastian did with "8 (or is it 10?) Gamers, 1 CPU - Taking it to the Next Level!" use KVM. If you don't have nVidia and familiar with words like CentOS, Fedora or Red Hat, use Xen. As I know Xen have the ability to passthrough your hardware sooner than KVM developers have get it. VMware ESXI is a proprietary software and it doesn't work with some hardware because network drivers and the installer just doesn't work by default if no NIC drivers. What about Hyper-V, eh? Well Hyper-V can do passtrough, too.
I afraid of Microsoft, sorry guys. I can't be like before after all of that Wannacry, Meltdown, Spectre. As I know KVM is only way to use Windows XP and be more or less secure with this outdated OS. If you have your host patched, it protect the host against an infected guest, if you have your guest patched, it protect the guest core against this kind of attacks. One of the first who get the updates is ChromeOS and Android, Red Hat and CentOS, SUSE and OpenSUSE, next Debian and Ubuntu plus DragonFly BSD. The linux kernel get patches very soon thanks to Google. Microsoft? Too slow.
IMO Intel/Microsoft/nVidia is no way in performance and security. Yes I use an Intel CPU plus Microsoft Windows and a nVidia GPU for games but I have so many problems with them. Now I know even AMD CPUs have some security problems, too. So I don't wanna buy any CPU before a new secure version. Microsoft is fine for games but any non-Desktop OS is some kind of UNIX: your router or TV for example, servers is mostly non-Windows, too. nVidia is great and I think this new realtime ray tracing looks amazing but because the error 43 in that case of virtual machines I prefer AMD now.
Let me explain. Yes it is easy to use "x-vga=on" and "cpu: host,hidden=on" but the downside of that is performance. This tricks target to fix the problem but they take a price. I don't have choice here so I using it anyway. In fact in long term race nVidia can track down us and forced to buy this Quadro cards who I never can buy because I don't work with what this Quadro for. For games as I know they isn't great in terms of performance. Virtual machines is not the same like real, some things work different. I have no idea why nVidia can't be like AMD and allow desktop user do that stuff.
P.S. Thanks if you complete read my message! Sorry for my bad English. The language isn't native for me and more than 20 years I have speaking another one. I know my text probably include many grammar errors and I apologize for that.