Fidelis Cybersecurity
Fidelis Blog


The Difference Between Virtualization and Cloud Computing

I’ve spoken with a number of individuals that are a bit confused on the definitions of “virtualization” and “cloud computing”. They are not sure if the terms mean the same thing or how they may be linked. With this in mind, I thought I would take a step back and discuss the differences, as well as the intersection points, between the two technologies.


Virtualization, at its core, is the ability to emulate hardware via software. If we walk through the system initialization processes, some form of operating system still needs to be booted from the hardware. This may be a full blow OS such as Linux or Windows, or it may be a stripped down OS specifically designed to provide virtualization, such as VMware’s ESXi (which is a stripped down Linux operating system). In either case an operating system is first booted and then an emulation software stack is loaded which is referred to as a “hypervisor”.

The hypervisor is the component which is responsible for emulating specific hardware configurations to guest operating systems. When a guest is loaded into a virtual machine (VM), the hardware that gets detected is the simulated hardware via the hypervisor, not the actual hardware itself. The guest OS is abstracted from the true hardware, adding a component of versatility. The hypervisor is capable of creating multiple simulated environments, or multiple VMs, which permits us to run multiple operating systems that may have slightly different hardware requirements. Figure 1 shows a basic diagram of this layout.

Cloud Computing

Cloud computing, as defined by NIST 800-145, is:

“a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”

Note the reference to “shared pool of resources”. In fact resource pooling is one of the specific characteristics NIST uses to define a cloud. The resource pooling section states:

“The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand.”

In other words, a cloud maximizes the efficiency of a resource by spreading it out over multiple consumers. For example let’s say that you and five of your neighbors determine you only actually need a car for two hours a day. If you each buy your own car, you will have purchased six cars total and each will spend an overwhelming majority of its time sitting in the driveway idle. If you all chip in on a single car however, you each spend 1/6th as much, and if schedules align you each still have a vehicle available for the required two hours per day. This is essentially how resource pooling works in cloud computing, except the shared resources are CPU’s, hard drives, network access, etc. rather than automobiles.

The intersection of virtualization and cloud

So how does virtualization and cloud fit together? Virtualization simplifies the process of sharing computer resources. Cloud computing needs to be able to share resources in order to improve efficiency and reduce costs. This makes the two technologies a natural fit to work together. Virtualization increases the efficiency of hardware utilization, while cloud adds a layer of management so that VMs care be created, scaled and torn down as required. This is why a majority of today’s cloud solutions are built on virtualization technology.

Notice the key word “majority”, as virtualization is not a requirement of cloud computing. Look back at the NIST description of resource pooling. While it specifies that resources will be shared, it does not specify how. So it is possible, and perfectly legal per the NIST specification, to build a cloud environment without using virtualization.

A good analogy is home building. Most houses are built on top of basements. They are great for storage as well as expanded living space. Basements are certainly not a requirement of house building however as many homes are built on slabs or even stilts. So while it can be argued that using a basement results in a better house, it is not a prerequisite to building a home. Think of cloud (house building) and virtualization (basement) in the same light and you’ll get the idea.

Stay up to date on all things security

Subscribe to the Threat Geek Blog