For the past few months we have been working hard to provide a fast, reliable and secure KVM backend for VirtualBox. VirtualBox is a multi-platform Virtual Machine Monitor (VMM) with a great feature set, support for a wide variety of guest operating systems, and a consistent user interface across different host operating systems.
Cyberus Technology’s KVM backend allows VirtualBox to run virtual machines utilizing the Linux KVM hypervisor instead of the custom kernel module used by standard VirtualBox. Using KVM comes with a number of benefits.
Our customers use virtualization to isolate different security domains from each other. They rely on further hardening of the host system for additional security. This kind of hardening is needed to get certification from government bodies and as a result a hard requirements for our customers.
In client scenarios, Windows is often the guest system of choice. A lot of the security features that get built into Windows rely on virtualization. In cases where Windows is already virtualized, additional support from the Hypervisor is needed to enable those features. KVM provides a lot of the needed support to improve Windows’ security in virtualized environments.
In addition, modern hardware comes with many features that enhance virtualization performance, such as interrupt virtualization. All of the use cases above are currently difficult to support with the stock VirtualBox kernel module. However, the open-source KVM module, which is included in the Linux kernel by default, supports these use cases easily.
Furthermore, it is now possible to use VirtualBox and QEMU in parallel and we can even throw Cloud Hypervisor in the mix, just for the fun of it! This opens up some interesting use cases, as each of these frontends comes with a different set of priorities, benefits, and drawbacks. Isolating security critical services in a Cloud Hypervisor VM while the user-visible Windows guest runs in a VirtualBox VM could provide an improved security / user-experience trade-off.
As a result of our work, our customers can enjoy faster virtual machines, better security, and broader support for hardware and guest use cases.
Since we care about open-source, we are also releasing our changes under an open-source license on GitHub. From there, you can build VirtualBox with Cyberus Technology’s KVM backend and benefit from the improvements yourself.
Our roadmap for 2024 is packed with more interesting features and we will follow up with more technical companion posts as we release updates throughout the year. Stay tuned for technical deep-dives on development, graphics virtualization support, nesting, all the way to how we test and benchmark it all.
If you would like to use VirtualBox with KVM or if you have a need for custom virtualization solutions, we are happy to provide guidance and engineering services. Please reach out to us via our support form or via e-mail at email@example.com.