vSphere ESX Architecture
In the original VMware®
ESX® architecture, the virtualization kernel (referred to as the VMkernel) was
augmented with a management partition known as the console operating system
(COS or service console). The primary purpose of the COS was to provide a
management interface into the host. Various VMware management agents were
deployed in the COS, along with other infrastructure service agents (e.g. name
service, time service, logging, etc). In this architecture, many customers
deployed other agents from third parties to provide particular functionality,
such as hardware monitoring and system management. Furthermore, individual
admin users logged into the COS to run configuration and diagnostic commands
and scripts.
New vSphere ESXi Architecture
In the new VMware
vSphere® ESXi™ architecture, the COS has been removed and all of the VMware
agents run directly on the VMkernel. Infrastructure services are provided
natively through modules included with the VMkernel. Other authorized
third-party modules, such as hardware drivers and hardware monitoring
components, can run in VMkernel as well. Only modules that have been digitally
signed by VMware are allowed on the system, creating a tightly locked-down
architecture. Preventing arbitrary code from running on the VMware vSphere®
host greatly improves the security of the system.
No comments:
Post a Comment