Scales on a table. Vintage sepia photo

When virtualizing your servers, the choice usually comes down to this: “Should I go with Hyper-V or VMware?” With more than half of all server workloads being virtualized, your choice of Hypervisor is very important.

Unfortunately, popularity is no indicator. Both Hyper-V and VMware are well renowned and highly functional products. And both of them have very passionate followings—the clash between both camps is known as the ‘Virtualization Wars’ (Ask online which is better and watch the sparks fly!)

To inform your decision, we’ve written a no-nonsense list of what Hyper-V and VMware both offer now in 2016. The question is, which of these software mammoths are right for you?

Hyper-V vs. VMware: Apples and Apples

Several years ago, there were stark differences between VMware and Hyper-V. But the gap is almost paper thin at this point. Even Microsoft admit that the difference between Windows Server 2016’s Hyper-V and vSphere 6 Enterprise Plus is very little. Both will give you a good solution for your Windows or Linux Servers, no matter what you choose.

Unfortunately, VMware have been incredibly sneaky and released a document giving a mostly false comparison between VMware and Hyper-V. Not only do they not compare their latest 6.0 release against Hyper-V 2012 R2 (Not 2016, Microsoft’s latest version), they make several assertions that Hyper-V lacks functions that Microsoft state it does.

Some of the things VMware say Hyper-V lacks that it in fact has:

• The ability to hot add memory. In fact, Windows Server 2016 has the ability to hot remove virtual memory – a function vSphere does not have yet.

• Live Migration of a VM between data centers.

• Simultaneous live migration. In fact, Hyper-V’s live migration limit is unlimited while vSphere’s is capped at 8.

• Cluster rolling upgrades.

• Automated deployment to bare metal.

• Workload Balancing and Time-based Power Optimization.

• With Nano Server in 2016, the ability to create a zero footprint Hypervisor without the Windows OS.

• The ability to stop host-drift by keeping VMs set to specific configurations.

This means buyers should be especially wary on what marketing material they read and that it is comparing current generations against each other.

The one thing that becomes clear once you do compare them, though, is that they offer near-identical functionality. Many experts believe both companies have their eyes on the next battleground: Cloud Management.

So are there any key differences? Absolutely. Both still have some things on offer that the other does not.

Microsoft’s New Edge? All About Shielded VMs

All about Shielded VMs in Windows Server 2016

It’s generally acknowledged that Microsoft came late to the virtualization market. With a head start, VMware offered more features than Microsoft in earlier versions of Windows Server. But with the release of Windows Server 2016, Microsoft seem to have not just caught up; they may have taken the lead. The biggest feature offered in Windows Server 2016 is Shielded VMs, something Microsoft are incredibly proud of.

A Shielded VM is basically using virtualization technology to provide better security for your servers. The technology involves using Bitlocker to encrypt your disks and monitor the health of your VMs so they’re protected against compromised admins and malware. This is a big deal, since everyone knows the human element is usually the biggest risk to your server security.

With VMware and previous versions of Hyper-V, a disgruntled admin could copy any VM running off the host right onto a USB (For instance, your active directory controller). They could then take it home, mount it, and then hack it with any of the freely available active directory hacking kits. Not only would they have all your credentials, nobody would know it had happened—the VM would still be running and there’d be no evidence of theft.

Shielded VMs protect against this sort of occurrence. The VM is encrypted and only runs on a guarded fabric. A guarded fabric is a set of Hyper-V hosts that you know and the system knows is healthy. If the Shielded VM is determined to be running on this fabric at boot time, only then is it given the right keys to run.

image5

This is currently a feature not offered by VMware. Currently it’s not penned in for vSphere 6.5,but we’ll see if that changes in the near future.

Transparent Page Sharing

One feature that VMware has that Microsoft doesn’t is Transparent Page Sharing. When you’re running multiple guests, usually with the same OS, there’s bound to be duplicate data between them. Transparent Page Sharing basically dedupes the memory consumed between them, freeing up space.

However, a lot of security experts believe that Transparent Page Sharing presents a security risk, and in fact, it’s turned off in vSphere by default. It also doesn’t provide a gigantic boost if you’ve got large pages tabled unless your hosts are under extreme memory stress, in which case you’ve probably got a bigger problem.

More Supported OS Systems… including Windows ’95?

VMware’s promotional material proclaims it supports over 80 OS’s. However, a bit of deeper digging shows that some of these are way past their End-of-Life, including Windows 1995. In terms of features, who honestly wants to run a VM of Windows 1995?

This on-paper support is a lot more realistic once you seperate ‘Full Support’ and ‘Partial Support’ – the latter meaning you can run it through the Hypervisor (though who knows why you would). Both offer full support for all modern Windows and Linux OS, plus many others. Again, it’s apples and apples on this issue.

Security Is The 2016 Focus; Microsoft

Other features of Windows Server 2016 really show that security is where Microsoft really aims to stand out from VMware. And what is the weakest link in any security setup? People.

Windows Server 2016 provides tools to migitate the risk users pose with Just Enough Administration and Just In Time Administration. In the past, you would give other admins large sweeping permissions to get a job done. With Just Enough Administration, you only give them very specific permissions so they can’t step over their authority. Meanwhile, Just In Time allows you to set a time limit on those permissions, so these admins don’t get to keep those privileges permanently (or until you manually withdraw them).

Another (!) security feature they’ve added is Credential Guard and Remote Credential Guard. It protects your credentials from being stolen by putting them in isolated and virtualized pockets that are not accessible by the rest of the OS. The only way they can be accessed is by privileged system software, lessening the risks of Pass-the-Hash attacks.

The Consensus? This Generation goes to Microsoft

imagine-cup-uaeauswollogongmicrosoft

Both hypervisors are going to give you a great solution. But comparing the two side-by-side, Windows Server 2016 is a better buy. It insulates you against internal employee risks and external ones. Given that 2016 is the worst year for ransomware on record, that sort of extra protection is worth it’s weight in gold (or bitcoins). The ability to hot remove VM memory is a massive draw card in our opinion. And now that there’s Nano Server in 2016, Microsoft is finally offering a pure hypervisor without the need for a Windows OS.

Other Hypervisors (Citrix, Red Hat, etc) – Should You Consider Them?

If you’re wondering why we didn’t add Citrix, Red Hat, and other Hypervisor software to our comparison, it’s pretty simple. While these products do offer a nearly on-par experience, the difference between these products and Hyper-V / vSphere is simple: they don’t have the same  ecosystem around them.On its own, an OS on it’s own is just an OS. They only really shine when third-party software providers support them. For example, finding great backup and recovery software for your particular hypervisor.

Looking for some great third-party backup and recovery software for your Windows Server? BackupAssist offers reliable and affordable protection for physical and Hyper-V servers.

Posted by Adam Ipsen

Leave a Reply