What is paravirtualization?

Paravirtualization is a type of hardware virtualization that enables the guest operating system (OS) in a virtual machine (VM) to access the hypervisor directly, rather than indirectly through a complex abstraction layer, as is the case with conventional full virtualization.

Full virtualization logically isolates the individual VMs and emulates all the hardware resources, relying on binary translations to carry out operations. Paravirtualization takes a more streamlined approach that enables the guest OSes to share resources more efficiently and interact with the hypervisor in a way that improves performance.

With paravirtualization, the VMs access system resources directly through interfaces similar to the underlying hardware. This architecture helps to deliver better performance than full virtualization because the guest OS and hypervisor work together more efficiently. To achieve these benefits, however, the guest OS must be modified to support paravirtualization. Some Linux distributions include this support.

Paravirtualization can be useful in a variety of technical fields, including disaster recovery, capacity management, development and testing, and data backup and replication. It can also be beneficial when running workloads on infrastructure that doesn't support hardware-assisted virtualization. If full virtualization is used to run these workloads, it incurs the extra overhead that comes with using binary translations to carry out operations.

One of the most popular products that implements paravirtualization is Xen, a free and open source hypervisor. The Xen platform uses an altered Linux kernel to virtualize the memory and processor resources and provides custom guest OS drivers to virtualize the input/output operations.

What are full virtualization and paravirtualization?

Paravirtualization attempts to resolve issues found in full virtualization. Full virtualization abstracts the underlying hardware resources to provide a completely isolated VM environment that operates much like a physical machine. The guest OS is not aware that it is installed in a virtual environment and runs as it would on bare metal. It does not need to be modified to operate in this environment, nor do the applications. In the past, some applications might not run properly in a virtualized environment, but this has become the exception.

Hypervisors that support full virtualization -- especially those released early on -- commonly rely on binary translations to facilitate communications between the guest OS and the hypervisor's VM monitor (VMM), which enables a computer to support multiple execution environments. The terms hypervisor and VMM are often used interchangeably.

The binary translations trap high-privilege instructions from the guest OS, making it possible for the VMM to emulate those operations. Trapping enables the guest OS to pass calls onto the hypervisor and subsequently perform privileged operations. After receiving these instructions, the VMM communicates with the host computer to access system resources and carry out the requested operations.

Binary translations are complex and expensive to perform, adding to the overhead that comes with full virtualization. However, most of today's hypervisors also support hardware-assisted virtualization, which takes advantage of processor chips that have incorporated instruction set extensions to facilitate virtualization. The two most notable examples of these extensions are Intel Virtualization Technology and AMD Virtualization.

Hardware-assisted virtualization eliminates the need for binary translations and the increased overhead that comes with it. The hypervisor can make calls to the underlying hardware on behalf of the guest OS without the added layers of complexity, resulting in better performance and improved resource utilization. Hypervisors that use hardware-assisted virtualization can still deliver fully isolated VMs.

A hypervisor that delivers full virtualization, whether or not it uses hardware-assisted virtualization, does not require any changes to the guest OS, which is not always the case for paravirtualization. If a Linux distribution includes paravirt operations extensions in its kernel, it supports paravirtualization. Otherwise, it needs to be modified. In fact, any OS that does not support paravirtualization must be modified, which leaves out proprietary OSes, such as Windows.

In some cases, a paravirtualization platform might offer paravirtualization-aware drivers for a specific OS to get around the OS' proprietary and locked-down nature. For example, the Xen Project provides a set of these drivers for the Windows OS.

diagram highlighting the differences between full virtualization vs. paravirtualization
Full virtualization is a complete abstraction of resources from the underlying hardware, whereas paravirtualization requires the OS to communicate with the hypervisor.

Comparisons between paravirtualization and full virtualization often focus on full hypervisors that do not support hardware-assisted virtualization. As noted above, this type of virtualization relies on binary translations to capture and translate sensitive OS calls. Paravirtualization eliminates the need for the VM to trap privileged instructions, which is time-consuming and can impact performance.

By granting the guest OS access to the underlying hardware, paravirtualization enables direct communication between the guest OS and the hypervisor, thus improving performance and efficiency within the system. The guest OS is fully aware that it is operating in a virtual environment; it has been modified specifically for that environment.

If a guest OS has not been modified or built for paravirtualization, it is not able to run on the VMM. The modifications enable the guest OS to communicate directly with the hypervisor. Not only does this improve performance, but it also makes it possible to carry out operations that can be problematic in full virtual environments.

With paravirtualization, the modified OS uses hypercalls to communicate with the hypervisor, rather than relying on binary translations. A hypercall is a system call from the guest OS to the hypervisor, requesting some type of service. The hypervisor responds to the hypercall by performing the requested task on behalf of the guest OS. The hypervisor also provides hypercall interfaces for executing other types of kernel operations, such as interrupt handling, timekeeping and memory management.

Advantages of paravirtualization

Paravirtualization offers various performance advantages, as well as improved scaling, compared to full virtualization. These advantages are especially apparent when comparing paravirtualization to full virtualization that doesn't rely on hardware-assisted virtualization. Even if it does, however, paravirtualization can still offer several important advantages:

  • Improved performance. Direct communication between the guest kernel and the hypervisor can boost efficiency and overall performance.
  • Manageable virtual server traffic. The thin software layer created in paravirtualization controls virtual server traffic by enabling a single VM to access the physical hardware device, while preventing access for the other VMs.
  • Lower virtualization overhead. Paravirtualization does not attempt to fully rebuild the hardware, resulting in lower overhead for projects.
  • Lower hardware limitations. Paravirtualization does not include device drivers because it utilizes the drivers already present in the guest OS. Therefore, organizations can take full advantage of the hardware in the server instead of being limited to hardware with available drivers, as is the case in full virtualization.

Disadvantages of paravirtualization

The main limitation of paravirtualization is that the guest OS might need to be modified to run on top of the VMM. Paravirtualization also comes with several other challenges:

  • Lack of flexibility. The guest OS and hypervisor are tightly coupled in a paravirtualization environment. If the hypervisor or OS needs to be updated, the VM might no longer be able to operate.
  • Limited support. Because paravirtualization requires the guest OS to be modified, OS and portability options are limited.
  • Added complexity. Significant support and maintenance issues can arise because the production environment might require complex guest kernel modifications.
  • Increased security risks. The VMs in a paravirtualization environment are not as isolated from each other as they are in a fully virtualized environment, which could increase security risks.

Full virtualization and paravirtualization both enable hardware resource abstraction, but the two technologies differ when it comes to isolation levels. Further explore the key differences between full virtualization vs. paravirtualization.

This was last updated in March 2024

Continue Reading About paravirtualization

Dig Deeper on Containers and virtualization

Software Quality
App Architecture
Cloud Computing
Data Center