This shared driver base leads to the main concern, which is security and stability. With
a shared driver for all of the virtual machines, if a malware driver was placed in the
hypervisor, all of the partitions would be vulnerable to attack and snooping.
Furthermore, if a driver is updated in the hypervisor that has an issue, it will cause
problems for all of the virtual machines.
Consider the Windows ecosystem, with its huge number of hardware partners and
thousands of storage controllers and network adapters that organizations may wish to
use. Trying to create hypervisor drivers for all of the hardware would not be practical,
and drastically reducing the supported hardware when using Hyper-V would also not
be popular. Thus Microsoft chose the microkernelized hypervisor model, and this is
why there is a Windows Server management/parent partition. With the
microkernelized hypervisor model used by Hyper-V, all of the Windows drivers
created by vendors for their hardware can still be used and run in the management
partition, removing the need for Hyper-V-specific drivers and not reducing the range
of hardware usable with Hyper-V. This also keeps drivers out of the hypervisor,
removing the security and stability concerns that relate to a monolithic hypervisor.
In fact, the hypervisor really just governs the allocation of CPU cycles and RAM and
no other types of devices, such as storage and network. The parent partition hosts a
virtualization stack that includes management components running in normal user
mode. The Virtual Machine Management Service (VMMS) manages the state of virtual
machines and launches the virtual machine worker processes (VMWPs). There’s one
for each child partition running, and it controls the state changes of the child
partition, enables certain types of emulated hardware, and enables management
activities such as stopping and starting.
Figure 2.2 shows Task Manager running on a Hyper-V server with a single vmms.exe
instance, and many vmwp.exe instances that correspond to each VM. In the
background is a PowerShell command, which helps identify the worker process for a
specific virtual machine. You need the parent partition along with the hypervisor to do
anything useful such as creating child partitions. While you can install the hypervisor
on its own, it won’t do much without a Windows Server parent partition.