Xen vs. KVM: What are the differences?

Terminology and definitions

Before digging into Xen and KVM specifically, it's important to understand a few key terms to avoid confusion:

• Type 1 hypervisor. A Type 1 hypervisor runs directly on the physical hardware of a host machine without the need for an underlying OS.
• Type 2 hypervisor. A Type 2 hypervisor typically runs on top of an OS with indirect access to the underlying hardware.
• Paravirtualization. Paravirtualization is a software interface presented to a VM that mimics the underlying hardware/software interface.
• Full virtualization. Full virtualization uses binary translation and direct execution of user requests.
• Hardware virtualization. In the x86 world, both AMD and Intel provide virtualization features in their CPU products that provide virtualization-specific instructions.

What is Xen?

Researchers at the University of Cambridge created the Xen Type 1 hypervisor in the late 1990s, and The Linux Foundation took over the project in 2013.

All Xen-based systems implement a Type 1 hypervisor, which enables IT administrators to run multiple OSes on the same hardware and provides a small management layer to help admins manage shared resources. Xen uses paravirtualization for most Linux-based guest OSes, while incorporating hardware-assisted virtualization for Windows guest OSes.

Citrix and Oracle use Xen for their virtualization products. Citrix co-opted the Xen name but rebranded XenServer as Citrix Hypervisor to differentiate it from the open source offering. Support for virtual desktops remains a high priority for Citrix, and XenServer has been optimized for that type of workload.

Citrix was absorbed by Cloud Software Group in 2022. Since that time, XenServer has emerged as a new entity with its own website and marketing strategy. Based on Xen, Citrix Hypervisor comes at no additional cost to existing Citrix Virtual Apps and Desktops customers.

The most recent Xen-based project has the name XCP-ng (Xen Cloud Platform - next generation) with version 8.3 Beta 2 released Feb. 15, 2024. XCP-ng started as a fork of XenServer and is a Xen Project incubation project hosted by The Linux Foundation. It provides a number of GUI-based management tools that aren't in the basic Xen distribution.

Xen pros

• A true Type 1 hypervisor that provides lower overhead due to having direct access to the hardware.

Xen cons

• No ability to share resources of an underlying OS.
• No support for sVirt.

What is KVM?

Adopted into Linux in 2007, KVM is a hypervisor that virtualizes OSes on x86 server hardware. Because it's in the Linux kernel but runs guest OS software, there is debate about its classification as a Type 1 or Type 2 hypervisor. It's possible to run KVM as a Type 1 hypervisor using a custom installation process.

Choosing to run KVM on top of a Linux OS brings additional benefits, such as resource swapping among guests, shared common libraries and optimized system performance. It also adds security features you don't get from using a Type 1 hypervisor, such as sVirt.

OpenStack and oVirt currently use KVM as the default hypervisor. KVM lets admins run the following guest OSes: Berkeley Software Distribution, Solaris, Windows, ReactOS and macOS with QEMU. Most mainstream Linux distributions offer KVM support, including openSUSE, RHEL and Ubuntu.

Primary KVM vendor support is through Red Hat, plus the Linux kernel development team. Both admins and vendors consider this support an advantage, and Amazon has actively moved toward a more hybrid approach to include KVM integration.

Red Hat purchased Qumranet in 2008 and is the intellectual property owner of everything KVM. Like the business model Red Hat uses for other open source products, such as RHEL, Red Hat makes its money on service and updates. In 2019, Red Hat was acquired by IBM.

KVM pros

• Integrated into the Linux kernel and, as such, receives regular security and performance updates, plus bug fixes through the normal Linux upgrade channels.

KVM cons

• Requires Linux OS running on host hardware for Type 2 functionality.

Vendor usage

Citrix has been tied to Microsoft as a remote desktop platform since its inception. XenServer continues in that vein, running Windows desktops on a centrally managed server. This provides any number of advantages from a security perspective, including controlling the vulnerability footprint through managed images.

KVM has a solid stance in the world of cloud providers, not the least of which is Amazon. It's also the mainstay of Red Hat virtualization and an entire family of offerings. It's the primary virtualization platform for OpenShift. In the OpenShift context, there's a close tie between containers and VMs. This provides a path for those looking to move to containerized platforms without getting rid of their current infrastructure.

Differences between KVM and Xen hypervisors

The Xen hypervisor uses a microkernel design that runs on bare-metal hardware and can run on systems without virtualization extensions. This doesn't apply to most modern servers but is an issue for older hardware.

Xen version 4.18, released in November 2023, delivered security, performance and architecture features focused on AI and machine learning applications. This version brings support for the latest Arm and Intel CPU hardware, including Sapphire Rapids and Granite Rapids for x86 workloads.

An advantage of KVM is that it functions at the Linux OS kernel; this means that KVM receives bug fixes and security updates as Linux publishes new releases. From a security standpoint, KVM also benefits from sVirt and mandatory access control security measures, which prevent manual labeling attacks.

KVM Nitro is Amazon's most advanced Elastic Compute Cloud capability that carves out isolated compute environments within the same instance. It uses a custom minimal hypervisor based on KVM. Nitro also uses custom-designed hardware cards with application-specific integrated circuits to implement network and storage I/O. These features help provide security isolation between the different subsystems and serve as the primary way to protect sensitive data at the VM level.

Choosing between the two

The organization's primary infrastructure is the main factor in deciding between KVM and Xen hypervisors. Other deciding factors include UX, staff knowledge and code requirements.

Admins should have a good understanding of current dependencies with specific vendors and a clear vision of where their IT projects are heading.

As of February 2024, Broadcom discontinued VMware ESXi Free, which could lead SMBs and home lab users to switch to KVM-based Nutanix Community Edition.

Oracle and Citrix have a large customer base and push Xen as their primary hypervisor. Red Hat, SUSE and Canonical support KVM as a virtualization option for their Linux versions.

For cloud, admins face a similar decision: Citrix and Oracle have a Xen-based offering, as opposed to Google on KVM. Amazon offers both Xen and KVM, so an admin's infrastructure requirements are the final factor. For example, admins that choose Amazon as their cloud provider for a new project might be more inclined toward KVM. IT teams that use Citrix or Oracle and move their system to the cloud will favor Xen.

It's also important to evaluate the growing popularity of hybrid and on-premises cloud offerings. If admins investigate these options, they must understand and consider their existing virtualization software and how well it integrates with any prospective cloud provider.

Amazon supports both Xen and KVM, but the vendor still maintains a working relationship with Citrix.

Admins should fully understand all UX options before they make a final decision. Major cloud vendors provide both web-based and programmatic interfaces to enable flexibility for IT teams and admins.

Automation is the main way to manage any large-scale virtualization project, which requires someone to write code. Available and capable staff are the primary factor in understanding and planning for any code-writing requirements.

Paul Ferrill has been writing in the computer trade press for over 25 years.