Hyper-V Architecture - Parent Partition

The installation of Windows is now running on top of the Windows hypervisor. One of the side effects of running on top of the hypervisor is that the installation is technically a VM. We’ll refer to this as the parent partition. The parent partition has two special features:

• It contains all the hardware device drivers, as well as supporting files, for the other VMs.

• It has direct access to all the hardware in the system. In conjunction with the virtualization service providers, the parent partition executes I/O requests on behalf of the VM—sending disk traffic out over a fibre channel controller, for example.

The following best practices provide a secure and stable parent partition, which is critical to the VMs running on the host:

• Don’t run any other applications or services in the parent partition. This may seem like basic knowledge for system administrators, but it’s especially crucial when you’re running multiple VMs. In addition to possibly decreasing stability, running multiple roles, features, or applications in the parent partition limits the amount of resources that can otherwise be allocated to VMs.

• Use Windows Server 2008 in the Core role as the parent partition.


Windows Hypervisor
The Windows hypervisor is the basis for Hyper-V. At its heart, the hypervisor has only a few simple tasks: creating and tearing down partitions. (A partition is also known as the basis for a VM) and ensuring strong separation between the partitions. It doesn’t sound like much, but the hypervisor is one of the most critical portions of Hyper-V. That’s why development of the hypervisor followed the Microsoft Security Design Lifecycle process so closely—if the hypervisor is compromised, the entire system can be taken over, because the hypervisor runs in the most privileged mode offered by the x86 architecture. One of Microsoft’s design goals was to make the Microsoft hypervisor as small as possible. Doing so offered two advantages:

• The Trusted Computing Base (TCB) is smaller. The TCB is the sum of all the parts of the system that are critical to security. Ensuring that the hypervisor is small reduces its potential attack vectors.

• The hypervisor imparts less overhead on the system. Because all VMs (as well as the parent partition) are running on top of the hypervisor, performance becomes a concern. The goal is to minimize the hypervisor’s overhead.


Kernel-Mode Drivers
A Windows kernel-mode driver is one of two types of drivers in Windows. Kernel-mode drivers execute in Ring 0. Because this type of driver is executing in kernel mode, it’s crucial that these drivers be as secure as possible: An insecure driver, or a crash in the driver, can compromise the entire system.
Hyper-V adds two kernel-mode drivers:

VMBus. VMBus is a high-speed in-memory bus that was developed for Hyper-V. VMBus acts as the bus for all I/O traffic that takes place between the VMs and the parent partition. VMBus works closely with the virtualization service provider and virtualization service client.

Virtualization Service Provider (VSP). The Virtualization Service Provider (VSP) enables VMs to securely share the underlying physical hardware by initiating I/O on behalf of all VMs running on the system. It works in conjunction with the hardware vendor drivers in the parent partition—which means that no special “virtualization” drivers are necessary. If a driver is certified for Windows Server 2008, it should work as expected with Hyper-V. Each class of device has a VSP present—for example, a default installation of Hyper-V has a networking VSP as well as a storage VSP. The VSPs communicate with the matching Virtualization Service Client (VSC) that runs in the VM over VMBus. We’ll cover the VSC when we look at the different types of VMs.


User-Mode Applications
User-mode applications are, strangely enough, applications that run in user mode. They execute in Ring 3, which is where all unprivileged instructions are run. Many of the applications that run in Windows are user-mode applications—for example, the copy of Notepad that you use to look at a text file is executing in user mode.
Hyper-V has a number of different user-mode applications:

Virtual Machine Management Service (VMMS). The VMMS acts as the single point of
interaction for all incoming management requests. It interacts with a number of processes,
two of which we’ll refer to here.

WMI providers. Hyper-V has a rich set of WMI interfaces. They provide a way to manage the state and health of the VMs as well as get settings information and some performance information. All the WMI interfaces are fully documented on http://msdn.microsoft.com.

Worker processes. When a VM is started up, a worker process is created. The worker process represents the actions that are taking place in the virtual processor, as well as all emulated devices and the virtual motherboard. Each VM that is running on a host has a worker process.

Now that we’ve shown you what’s happening in the parent partition, let’s look at the VMs. After you create a VM and power it on, you can install a wide variety of x86/x64-based operating systems. Even though these are VMs, they can run the same operating systems without modification as a physical computer. But operating systems that are supported by Microsoft include new synthetic drivers, which work in conjunction with the matching VSP running in the parent partition.


Source of Information : Sybex Windows Server 2008 Hyper-V Insiders Guide to Microsofts Hypervisor