The Cloud Hypervisor project, an open-source virtual machine monitor (VMM) written in Rust and focused on modern cloud workloads, has announced the release of version 48.0, packed with technical innovations and with a focus on security, performance, and efficiency.
Supported by the Linux Foundation and organizations such as Alibaba, AMD, Intel, Microsoft, ARM, ByteDance, Tencent Cloud, and Cyberus Technology, this hypervisor has established itself as a robust alternative for running Linux and Windows virtual machines, featuring a minimalist design that avoids many of the security issues associated with traditional hardware emulation.
What is Cloud Hypervisor
Cloud Hypervisor is defined as a lightweight hypervisor designed for cloud computing, with an emphasis on:
- Security: built in Rust with minimal emulated devices, reducing the attack surface.
- Speed: direct user-space boot in under 100 ms thanks to direct kernel boot.
- Compatibility: supports modern Linux and Windows guests, as well as integration with projects like Kata Containers for running containers with greater isolation.
- Efficiency: minimal memory usage, ideal for dense deployments.
- Portability: available on x86-64 and aarch64 architectures, with extended support for riscv64 in this release.
- Operation: programmatic control via a powerful REST API for automating VM lifecycle management.
- Flexibility: supports paravirtualized devices and passthrough of physical hardware, as well as advanced features like live migration to move VMs between hosts without downtime.
Highlights of version 48.0
The latest release of Cloud Hypervisor introduces enhancements that strengthen both performance and compatibility and scalability capabilities:
- Experimental support for fw_cfg devices: enables passing configurations and files (kernel, parameters, memory maps, ACPI tables) from host to guest.
- Experimental support for ivshmem: enables shared memory between VMs, useful in high-performance scenarios and inter-VM coordination.
- RISC-V firmware boot support: beyond direct kernel boot, it is now possible to boot with firmware on riscv64 hosts.
- Increased vCPU limit on x86-64/KVM: the maximum jumps from 254 to 8,192 vCPUs, a crucial upgrade for compute-intensive workloads.
- Performance improvements for virtio-blk with small blocks: optimized for block sizes of 16 KB or less, through asynchronous batch requests.
- Faster VM pause times: particularly noticeable in environments with many vCPUs.
- Extended documentation for Windows guests: now includes instructions for running Windows 11 as well as Windows Server.
- Removal of SGX support: as announced in previous releases, support for Intel SGX has been deprecated and removed.
- AI-generated code policy: contributions based on generative language models will be rejected.
- Relevant bug fixes: including improvements to seccomp filters for glibc 2.42 and various stability patches.
The role of Rust and minimalist philosophy
The choice of Rust as the implementation language is not incidental. Rust is renowned for its ability to prevent common memory errors in C/C++, which have historically led to numerous vulnerabilities in hypervisors and virtualization systems.
The philosophy behind Cloud Hypervisor is clear: less is more. By reducing the number of emulated devices and focusing on essential components for the cloud, the project reduces the attack surface and improves predictability of performance, both critical factors in multi-tenant environments.
An open and growing community
Cloud Hypervisor is developed under an open model within the Linux Foundation, with a collaborating ecosystem encompassing both large tech companies and independent developers. Contributors to version 48.0 include engineers from Google, Microsoft, Cyberus Technology, Crusoe AI, and Tencent, reflecting the project’s diversity and scope.
The team maintains open communication channels via Slack and mailing lists, along with a GitHub repository where anyone can view the roadmap, submit patches, or report issues.
Comparison with other hypervisors
The virtualization ecosystem offers multiple options, each with its own focus:
- KVM/QEMU: highly flexible and compatible, but with greater complexity and overhead due to full hardware emulation.
- Xen: veteran and widely adopted in the cloud, though more maintenance-intensive and less modern in its codebase.
- Firecracker: also minimalist and developed by AWS in Rust, mainly aimed at microVMs for serverless containers.
- Cloud Hypervisor: seeks a balance between performance, security, and compatibility with modern workloads, targeting both general-purpose VMs and secure container environments.
Conclusion
With version 48.0, Cloud Hypervisor reaffirms its commitment to security, efficiency, and scalability in cloud environments. The expanded support for riscv64, the increase of the vCPU limit, and performance optimizations solidify its position as a key tool for companies and cloud providers seeking modern, lightweight, and reliable virtualization.
In a moment when the line between virtual machines and containers blurs, proposals like Cloud Hypervisor pave the way toward an infrastructure where security and efficiency are integral from the start, not optional.
Frequently Asked Questions
What is Cloud Hypervisor?
An open-source hypervisor written in Rust, designed for modern cloud workloads, with minimal hardware emulation to enhance security and efficiency.
What’s new in version 48.0?
Includes support for ivshmem, firmware boot on riscv64, a new limit of 8,192 vCPUs on x86-64/KVM, improvements in virtio-blk, and Windows 11 documentation, among others.
How does it differ from QEMU or Xen?
Cloud Hypervisor emphasizes a minimalist and secure design by reducing hardware emulation and focusing on efficient cloud workload execution, whereas QEMU and Xen offer broader compatibility with more complexity.
Who drives Cloud Hypervisor?
The project is governed by the Linux Foundation and is supported by companies such as Intel, Microsoft, AMD, ARM, Alibaba, ByteDance, Tencent, and others.