I wonder how Azure architecture works (Azure uses nested virtualization to provide service?)

Copper Contributor

https://docs.microsoft.com/en-us/azure/security/fundamentals/isolation-choices#next-steps

 

Azure’s compute platform is based on machine virtualization—meaning that all customer code executes in a Hyper-V virtual machine. On each Azure node (or network endpoint), there is a Hypervisor that runs directly over the hardware and divides a node into a variable number of Guest Virtual Machines (VMs).

Each node also has one special Root VM, which runs the Host OS. A critical boundary is the isolation of the root VM from the guest VMs and the guest VMs from one another, managed by the hypervisor and the root OS. The hypervisor/root OS pairing leverages Microsoft's decades of operating system security experience, and more recent learning from Microsoft's Hyper-V, to provide strong isolation of guest VMs.

 

According to the explanation above, I drew a simple structure that I understand from it.

q1.png

 

Then where is a hypervisor for a root vm???

Does Azure uses nested hypervisor?

 

q2.png

Like this picture?

 

0 Replies