不久微软也公布了相关内容 ,其中关于默认值的部分值得关注:Recommended Defaults for Enabling/Disabling Virtualization Extensions. The default setting of this switch requires some thought. Consider the costs of disabling Intel Virtualization Technology/AMD Virtualization through a system firmware setting: If these facilities are disabled by default in system firmware, users would have to explicitly enable that support on each platform instance for legitimate uses, which would represent a significant challenge for enterprises that have thousands of machines and plan on using the hardware extensions. The cost of enabling virtualization hardware support through a manual system firmware setting would result in an increase in deployment time and cost. This cost can be mitigated through the use of various in-band and out-of-band mechanisms for remote management. Given the current usage model for the virtualization extensions, we believe that the following default settings are the right ones for system firmware: For systems that are destined for a server role , enable the virtualization extensions. The threat of running malicious code as an administrator on servers is reduced through Windows Server policies and organizational best practices. For systems that are destined for a client role, disable the virtualization extensions. For systems that might be deployed in either a server or client role , it would be prudent to disable the extensions by default. As always, the exception to any guideline is when a customer specifically indicates to a manufacturer that they do not want to follow that guideline.
导读:本文摘自于王柏生、谢广军撰写的《深度探索Linux系统虚拟化:原理与实现》一书,重点讨论了虚拟CPU在Guest模式下运行时,由于运行敏感指令而触发虚拟机退出的典型情况。作者:王柏生、谢广军来源:华章科技虚拟机进入Guest模式后,并不会永远处于Guest模式。
