Back to Articles

14/10/2022 15:32

Virtualized Env

red digital art by gabriel
Article Cover image

Virtualise and Containerize your system.

This articles aims to give you an idea about Virtualised Environments. As to what kind of benefits you gain from them, and why they are totally awesome!

What is a VM / VE

A virtualised environment is a virtual machine running on a host system. The host system is what you refer to when you talk about the machine that runs the VM on which in turn this VM than is called a guest machine.

Sandbox Environment

As the heading suggests we’ll abstract a system away from our main system to have sort of a sandbox system this layer adds security to our system, maintainability as well as versatility. Many devices nowadays implement a sandbox like environment for instance the iPhone with its APP Sandbox.

Corporate Perspective

There are plenty of use cases for VM setups lets talk about some of the corporate ones. Streamline work environments which means having a set environment that every employee can work on. This reduces potential work that needs to be done from operation side since all they need to do is create another instance of a VM for the employee, probably some sort of credentials attach to it and handing out a machine. This machine in turn then is used for instance to connect to some sort of remote session software. This setup improves serviceability and maintainability of work environments since updating software is easier done then on a bare metal machine of a employee. All the employee has to ensure is to keep his remote session software, probably a vpn and the OS system up to date. If there are any issues in the system since those machines run on premise we can connect to them anytime and fix any issues popping up like creating a fresh new VM instance if one for what ever reason broke. If we didn’t have this we would have additional overhead which includes a bigger chain of dependencies to get a potential issue solved. Depending on the companies needs and product there are more use cases for instance the Game Streaming industry. This whole system comes with additional cost in upkeep of hardware or rented systems.

Consumer Perspective

This section gives an overview of the benefits from a consumer perspective.

Pros

So what are the pros? If you have the use case of needing to split machines for instance splitting a personal machine from a gaming or work machine in this case you could have a : Work, gaming, and personal VM. Why would you want this? Probably the biggest reason is security especially if you need to run untrusted executables. Most malware payloads don’t even execute on a virtual machine, and if they do it’s rare for a malware to be able to breakout of the guest machine, and invade the host machine. Than there is also a performance factor with KVM we are able to reach almost bare metal speed which means you’re able to run GPU/CPU intensive tasks on your guest machine like games for instance. Some OS systems get really slow over time in which case you also have the easy way of just deleting your VM, and reuse a backup version of a freshly setup OS system. Same also goes for if you brick your OS though that is usually a rare occurrence to be fair. With a system that can be deleted at any time without the fear of loosing important data you also have a layer of security when it comes to tracking and if you want to stay under the radar so to say.

Cons

  • Drive Space pre allocated space speeds up the system though uses all of the hard drive space even if not allocated on VM side.
  • Potential Strong CPU depending on use case.
  • IOMMU Groups. If you need to passthrough devices to your guest machine for instance your GPU you’d need to split the IOMMU groups via either patching the Linux kernel with a ACS patch or buying a motherboard that is known to have good iommu groups.
  • initial setup.

My Setup

I’m running on my bare metal system arch linux headless meaning no graphical environment. In which I can use the virsh cli command to boot up the VM I need: Personal, Gaming, and Work. I have backups for each of them in a fresh state ready to use. Delicate data is not connected to the internet but on a local network storage which holds for example my credentials for almost anything. I use my integrated Intel GPU to run my host system, and passthrough my dedicated GPU to all three guest machines. I connect to the VM through a mirroring of the VM’s graphical output which is handled by a software called looking glass. All this allows me to easily delete vm containers, and reuse backups without the fear of loosing important data.

Other Setups

There are also ways to sandbox your applications rather the whole OS with a VM. In which some people use tools like snap images, flatpack or docker.

Epilogue

If you care about security, have to deal with untrusted code, you want the be flexible, and split area of concerns like: work, gaming, and personal, you want to be able to get back to a fresh OS state with a backup VM than I’d say any of those reasons are enough to tryout a setup like this. If you want to know more about VM related articles let me know I have a bunch of more knowledge on that topic than this.

Sources

The masccoot of the website mr raccoon!