Windows Server 2012 with Hyper-V and Xen: Too Much Code

A smaller virtualization footprint reduces the attack surface for external threats and can drastically lower the number of patches required— giving you a more reliable product and a more stable datacenter.

As part of VMware’s ongoing focus to advance virtualization reliability, VMware created VMware® ESXi™, the industry’s smallest hypervisor and first complete x86/x64 virtualization architecture with no dependence on a general-purpose operating system. No other virtualization platform can match the compact size of VMware ESXi with its small disk footprint. Removing the patches that would normally need to be applied reduces the security risks associated with a general purpose server operating system. Windows Server 2012 with Hyper-V, Xen, and KVM all have architectures that depend on a general purpose server operating system, linking the reliability of their hypervisors to that of the respective general purpose server operating system.

Microsoft attempted to follow VMware’s lead to reduce the attack surface of its virtualization platform by offering Windows Server Core (a subset of Windows Server 2012) as an alternative parent partition to a full Windows Server 2012 install. However, the disk footprint of Server Core in its virtualization role is still approximately 5 gigabytes (GB). Until Microsoft changes its virtualization architecture to remove its dependency on Windows, it will remain large and vulnerable to Windows patches, updates, and security breaches. All of the proprietary Xen-based and KVM offerings, such as those from Citrix, Oracle, Red Hat, and Novell face similar issues by relying upon general purpose Linux as a core part of their virtualization architectures.