top of page
BackGround_DarkMap.jpg

RUN SAP BETTER

Hypervisor

Hypervisor Overview

 

A hypervisor, also known as a virtual machine monitor (VMM) or virtualizer, is a type of computer software, firmware or hardware that creates and runs virtual machines. 

  • Host Machine: A computer on which a hypervisor runs one or more virtual machines 

  • Guest machine: Each virtual machine

 

The hypervisor presents the guest operating systems with a virtual operating platform and manages the execution of the guest operating systems. Unlike an emulator, the guest executes most instructions on the native hardware. Multiple instances of a variety of operating systems may share the virtualized hardware resources: for example, Linux, Windows, and macOS instances can all run on a single physical machine. 


This contrasts with operating-system–level virtualization, where all instances (usually called containers) must share a single kernel, though the guest operating systems can differ in user space, such as different Linux distributions with the same kernel.

The term hypervisor is a variant of supervisor, a traditional term for the kernel of an operating system: the hypervisor is the supervisor of the supervisors.

Most used Hypervisors:

  • Hyper-V

  • Virtual Box

  • VMWare

  • KVM (Kernel-based Virtual Machine)

  • Proxmox VE (Virtual Environment) 

Type 1 Hypervisor

A type 1 hypervisor, or a bare metal hypervisor, interacts directly with the underlying machine hardware. A bare metal hypervisor is installed directly on the host machine’s physical hardware, not through an operating system. In some cases, a type 1 hypervisor is embedded in the machine’s firmware.

The type 1 hypervisor negotiates directly with server hardware to allocate dedicated resources to VMs. It can also flexibly share resources, depending on various VM requests.

Type 2 Hypervisor

A type 2 hypervisor, or hosted hypervisor, interacts with the underlying host machine hardware through the host machine’s operating system. You install it on the machine, where it runs as an application.

The type 2 hypervisor negotiates with the operating system to obtain underlying system resources. However, the host operating system prioritizes its own functions and applications over the virtual workloads.

Type 1 vs Type 2
 

  • Also known as:

    • Type 1: Bare metal hypervisor 

    • Type 2: Hosted hypervisor

  • Runs on:

    • Type 1: Underlying physical host machine hardware

    • Type 2: Underlying operating system (host OS)

  • Best suited for:

    • Type 1: Large, resource-intensive, or fixed-use workloads

    • Type 2: Desktop and development environments

  • Can it negotiate dedicated resources?:

    • Type 1: Yes

    • Type 2: No

  • Knowledge required:

    • Type 1: System administrator-level knowledge

    • Type 2: Basic user knowledge

  • Examples:

    • Type 1: VMware ESXi, KVM, Microsoft Hyper-V

    • Type 2: VMware Workstation, Oracle VM VirtualBox, Microsoft Virtual PC

KVM (Kernel-based Virtual Machine)

 

It's an open source virtualization technology that changes the Linux kernel into a hypervisor that can be used for virtualization and is an alternative to proprietary virtualization technologies, such as those offered by VMware.

VMWare

  • VMWare ESXi bare-metal hypervisor that installs directly onto a physical server. With direct access to and control of underlying resources, VMware ESXi partitions hardware to consolidate applications and cut costs.

  • VMWare Fusion is a virtual user session software built to run Windows applications on Macintosh.

WSL2 (Windows Subsystem for Linux) | Linux Distros

 

Installing Linux Distros on WSL2 (Windows Subsystem for Linux)

  • Method 1: Microsoft store

  • Method 2: WSL Command line interface

  • Method 3: Winget

Method 2: WSL Command line interface

It is possible to install the same Distros available on the Windows Store directly from the command line in the:

 

  • PowerShell terminal (It can be tricky)

  • Command Prompt "CMD"

  • Windows Terminal (It's recommended, but you need to download it)

Commands

  • To see all commands: wsl --help

  • To see all available distros: wsl --list --online

    • Or simply the command: wsl -l -o

  • ​To see all your currently installed distros and which version of WSL they are using: wsl -l -v

  • To install the Distro: wsl --install -d <DistroName>

    • Example 1: wsl --install -d Debian

    • Example 2: wsl --install -d kali-linux

    • Example 3: wsl --install -d Ubuntu-24.04

    • Example 4: wsl --install -d SUSE-Linux-Enterprise-15-SP5

Configuration

 

Once it has finished its initial setup, you will be prompted to create a username and password. They don’t need to match your Windows user credentials.

Now you have an Ubuntu terminal running

And finally, you can install the latest updates with the following commands, entering your password when prompted.

sudo apt update
sudo apt full-upgrade -y

Windows Terminal | Installation

Windows Clients (Windows 10, Windows 11)

 

Microsoft Store Link: https://aka.ms/terminal

Windows Server (Windows Server 2022)

Since windows server doesn't have support for Microsoft Store anymore, you need to use PowerShell (Download from Microsoft GitHub).

Methods:

  • GitHub

  • Winget

  • Chocolatey

  • Scoop

GitHub Method

  • Prerequisites: Installing "C++ Runtime framework packages for Desktop Bridge". Microsoft provides C++ Runtime framework packages to allow applications to reference the C++ runtime from desktop applications distributed through the Windows Store.

    • Command to Download: Invoke-WebRequest -Uri https://aka.ms/Microsoft.VCLibs.x64.14.00.Desktop.appx -outfile Microsoft.VCLibs.x64.14.00.Desktop.appx

      • Version: x64

      • Parameter Uri: Location of the package

      • Parameter Outfile: To create the file 

      • Outcome: You can see the file created, if you check the directory. (example: If you execute the command in the C:\Users\Administrator, the file will be there)

    • Command to Execute the installation: Add-AppxPackage Microsoft.VCLibs.x64.14.00.Desktop.appx

Hyper-V| Virtual Machine with Nested Virtualization

Nested Virtualization is a feature that allows you to run Hyper-V inside of a Hyper-V virtual machine (VM).

Prerequisites:

  • Intel processor with VT-x and EPT technology

    • The Hyper-V host must be either Windows Server 2016 or later, or Windows 10 or later

    • VM configuration version 8.0 or higher

  • AMD EPYC / Ryzen processor or later

    • The Hyper-V host must be either Windows Server 2022 or later, or Windows 11 or later

    • VM configuration version 9.3 or higher

Enable Nested Virtualization

  • Create a virtual machine

  • While the virtual machine is in the OFF state

  • Open Powershell

  • Command: Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true

  • Start the virtual machine

Disable Nested Virtualization

  • While the virtual machine is in the OFF state

  • Open Powershell

  • Command: Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $false

Networking options

There are two options for networking with nested virtual machines:

  • MAC address spoofing

  • NAT networking

MAC address spoofing
In order for network packets to be routed through two virtual switches, MAC address spoofing must be enabled on the first (L1) level of virtual switch. To enable MAC address spoofing, run the following PowerShell command.

  • Open Powershell

  • Command: Get-VMNetworkAdapter -VMName <VMName> | Set-VMNetworkAdapter -MacAddressSpoofing On

NAT Networking | Network Address Translation (NAT)
The second option relies on network address translation (NAT). This approach is best suited for cases where MAC address spoofing isn't possible, like in a public cloud environment.

First, a virtual NAT switch must be created in the host virtual machine (the "middle" VM). The following example creates a new internal switch named VmNAT and creates a NAT object for all IP addresses in the 192.168.100.0/24 subnet.

  • Open Powershell

  • Command: New-VMSwitch -Name VmNAT -SwitchType Internal

  • Command: New-NetNat –Name LocalNAT –InternalIPInterfaceAddressPrefix “192.168.100.0/24”

Next, assign an IP address to the net adapter:

  • Command: Get-NetAdapter "vEthernet (VmNat)" | New-NetIPAddress -IPAddress 192.168.100.1 -AddressFamily IPv4 -PrefixLength 24

Each nested virtual machine must have an IP address and gateway assigned to it. The gateway IP must point to the NAT adapter from the previous step. You may also want to assign a DNS server:

  • Command: Get-NetAdapter "vEthernet (VmNat)" | New-NetIPAddress -IPAddress 192.168.100.2 -DefaultGateway 192.168.100.1 -AddressFamily IPv4 -PrefixLength 24

  • Command: Netsh interface ip add dnsserver “vEthernet (VmNat)” address=<my DNS server>

Pi Hole (DNS Sinkhole) | on Windows Docker Container

 

Installing Pi Hole on Docker Container.

PowerShell Command:

docker run -d --name pihole -p 53:53/tcp -p 53:53/udp -p 80:80 -p 443:443 -e TZ="Europe/London" -v "$(pwd)/etc-pihole/:/etc/pihole/" -v "$(pwd)/etc-dnsmasq.d/:/etc/dnsmasq.d/" --restart=unless-stopped pihole/pihole:latest

  • docker run -d (Run Docker)

  • --name pihole (Container Name)

  • -p 53:53/tcp (Ports to expose. The 53 and 80 are the bare minimum ports required for Pi-holes HTTP and DNS services)

  • -p 53:53/udp

  • -p 80:80

  • -p 443:443

  • -e TZ="Europe/London" (Timezone)

  • -v "$(pwd)/etc-pihole/:/etc/pihole/" (Volume  and $(pwd) for your Pi-hole configs help persist changes across docker image updates)

  • -v "$(pwd)/etc-dnsmasq.d/:/etc/dnsmasq.d/" (Volume  and $(pwd) for your Pi-hole configs help persist changes across docker image updates)

  • --restart=unless-stopped (Automatically (re)start your Pi-hole on boot or in the event of a crash)

  • pihole/pihole:latest (Image of the Pi Hole and the tag latest  to always get the latest release)

Automatic Ad List Updates: Since the 3.0+ release, "cron" is baked into the container and will grab the newest versions of your lists and flush your logs. Set your TZ environment variable to make sure the midnight log rotation syncs up with your timezone's midnight.

Accessing the Pi Hole

URL: http://pi.hole/admin

If the URL doesn't work you can check the "IPCONFIG" Command Prompt, the IPv4 of your LAN (main server)

Example: 10.0.0.10/admin

Initial Password

Since we didn't use the variable to set the password, Pi Hole generates a random one.

 

Check the password:

  • Open your Docker Container

  • Containers

  • Click on Pi Hole Container

  • Logs tab

  • Search for assigned random password

    • Line example: [i] Assigning random password: 5Tg45Gd9

Changing the Password:

  • You don't need the initial password to change it

  • Just need to type the command: docker exec -it <pihole_container_name> pihole -a -p (in our case the name is pihole)

  • And a prompt will request the new password

Command:

docker exec -it pihole pihole -a -p

Using the Pi Hole

You can use the same IP address that you are using to access the Pi Hole Web GUI to put as a DNS in your laptop, mobile or pfSense.

AdGuard Home (DNS Sinkhole) | On Linux and Docker

What is AdGuard Home?

It is a DNS Resolver and DNS Sinkhole. In other words, AdGuard Home is a application for blocking ads & tracking.

It will replace the IP of your DNS server, querying major DNS providers such as Google (8.8.8.8), Cloudflare (1.1.1.1), with the correct IP address for your devices (DNS Resolver). But with one difference, it will block ads and tracking IPs by changing it to (0.0.0.0), a non-existent IP address (DNS Sinkhole).

Benefits

  • Privacy (Tracking Blocking)

  • Reduction of Ads

  • Increasing network speed (IP 0.0.0.0 won't download anything)

Installing on Docker

Warning: According with AdGuard documentation, the application has no drivers to work on Windows Docker, it must be installed on Docker on Linux-based system.

Pull the Docker Image

docker pull adguard/adguardhome

Create and Run the Container

docker run --name adguardhome --restart unless-stopped -v /my/own/workdir:/opt/adguardhome/work -v /my/own/confdir:/opt/adguardhome/conf -p 53:53/tcp -p 53:53/udp -p 67:67/udp -p 68:68/udp -p 80:80/tcp -p 443:443/tcp -p 443:443/udp -p 3000:3000/tcp -p 853:853/tcp -p 784:784/udp -p 853:853/udp -p 8853:8853/udp -p 5443:5443/tcp -p 5443:5443/udp -d adguard/adguardhome

  • docker run --name adguardhome

  • --restart unless-stopped

  • -v /my/own/workdir:/opt/adguardhome/work

  • -v /my/own/confdir:/opt/adguardhome/conf

  • -p 53:53/tcp -p 53:53/udp

  • -p 67:67/udp -p 68:68/udp

  • -p 80:80/tcp -p 443:443/tcp -p 443:443/udp -p 3000:3000/tcp

  • -p 853:853/tcp

  • -p 784:784/udp -p 853:853/udp -p 8853:8853/udp

  • -p 5443:5443/tcp -p 5443:5443/udp

  • -d adguard/adguardhome

Installing on Linux-based Systems (Ubuntu, Raspberry Pi OS)

1 Option using "curl"

  • 1. Update the system repositories

    • Command Syntax: sudo apt update

  • 2. If you don't have "curl", install it. (check in the next step if you have "curl")

    • Command Syntax: sudo apt install curl

  • 3. (Optional) Check "curl" version

    • Command Syntax: curl --version

  • 4. Install AdGuard

  • 5. Accessing AdGuard

    • Finishing the installation you will see the IP address to access the Web GUI. (It will be the IP address with port 3000)

    • Example: http://127.0.0.1:3000

2 Option using "snapd"

  • 1. Update the system repositories

    • Command Syntax: sudo apt update

  • 2. If you don't have "snapd", install it. (check in the next step if you have "snapd")

    • Command Syntax: sudo apt install snapd

  • 3. (Optional) Check "curl" version

    • Command Syntax: snap --version

  • 4. Install AdGuard

    • Command Syntax: sudo snap install adguard-home

  • 5. Accessing AdGuard

    • Finishing the installation you will see the IP address to access the Web GUI. (It will be the IP address with port 3000)

    • Example: http://127.0.0.1:3000

Docker vs Docker Compose

The key difference between docker run versus docker-compose is that docker run is entirely command line based, while docker-compose reads configuration data from a YAML file.

Both docker run and docker compose can be used to run a Docker container. That is how these two Docker constructs are similar. But that’s where the similarities end.

The only requirement for Docker Compose is docker, as docker compose is another Docker client that allows you to define everything in a yaml file.

  • Compose v1 was originally written in Python, so you can install it in a Python virtual environment. Usually you can see tutorials written for compose v1 using the syntax "docker compose" instead of "docker-compose"

  • Compose v2 was written in Go and it is a plugin for Docker. You can use the syntax "docker compose", but you could easily add an alias to that command as "docker-compose" which was how the command of Compose v1 was named

The second major difference is that docker run can only start one container at a time, while docker-compose will configure and run multiple.

Imagine you wanted to use an Nginx container to test your website on your desktop computer. There are two available approaches:

  1. Start the Nginx container on the command line with docker run

  2. Start the Nginx with the docker-compose up and a preconfigured YAML file

Example 1

Docker Run Syntax

docker run -d --rm --name=my-website --cpus=1.5 --memory=2048m -p 80:80 -v $PWD/website:/usr/share/nginx/html/ nginx:latest

Docker-Compose Syntax

The docker-compose command codes all runtime configuration data in an aptly named YAML file called docker-compose.yaml.

A docker-compose.yaml file equivalent to the docker run command above would look like this:

---

version: '3.9'

services:   

    nginx-service:     

         container_name: my-website     

         image: nginx:latest     

         cpus: 1.5     

         mem_limit: 2048m     

         ports:       

              - "80:80"     

         volumes:

             $PWD/website:/usr/share/nginx/html

---

Once the docker-compose.yaml file is configured, the described Docker container can be started simply by running the docker-compose up command in the same folder as the file:

 

docker-compose up -d --rm

Proxmox | Commands

Command
Description
Type
Example
Comments
pveam available
Show available templates
Installation
pveam available
Categories: System, Turnkey linux and mail. System creates templates for Ubuntu, Debian and other.
pveam download <storage_node> <template>
Download Templates
Installation
pveam download local ubuntu-20.04-standard_20.04-1_amd64.tar.gz
Out-of-the-box storage is "local". And the template is the name in "pveam available" command
pveam update
Update Proxmox
Installation
pveam update
Update the appliances and templates available
lxc-info -n <container_id>
Show IP Address of specific Container
Network
lxc-info -n 100
lxc-ls -f
Show IP Address(es) of Containers
Network
lxc-ls -f

Docker | Commands

Command
Description
Type
Example
Comments
docker create <image-name>
Create a docker container
Container Management
docker inspect <container-id-or-name>
Inspect a running container
Container Management
docker kill <container-id-or-name>
Kill a container
Container Management
docker logs -f <container-id-or-name>
Follow the logs of a container
Container Management
docker pause <container-id-or-name>
Pause a container
Container Management
docker ps
List running containers
Container Management
docker ps -a
List all containers
Container Management
sudo docker ps -a
docker rename <container-id-or-name> <new-name>
Rename a container
Container Management
docker restart <container-id-or-name>
Restart a container
Container Management
docker rm --force <container_id_or_name>
Stop and Remove Docker Container
Container Management
sudo docker rm --force ubuntu
docker rm <container-id-or-name>
Remove a stopped container
Container Management
sudo docker rm ubuntu
docker run --restart unless-stopped <image-name>
Run a container and automatically (re)start on boot or in the event of a crash
Container Management
sudo docker run --restart unless-stopped adguard/adguardhome
docker run -d <image-name>
Run a container in the background
Container Management
sudo docker run -d adguard/adguardhome
docker run -it <image-name>
Run a container in interactive mode
Container Management
docker run -p <host-port>:<container-port> <image-name>
Run a container with a port mapping
Container Management
sudo docker run -p 53:53/tcp adguard/adguardhome
docker run <image-name>
Run a container from an image
Container Management
docker start <container-id-or-name>
Start an existing container
Container Management
docker stop <container-id-or-name>
Stop a container
Container Management
docker unpause <container-id-or-name>
Unpause a container
Container Management
docker wait <container-id-or-name>
Wait until running container stops
Container Management
docker build -t <image-name>
Build an image
Image Management
docker commit <container-name-or-id> <image-name>
Create a docker image from a running container
Image Management
docker image prune
Remove all unused images
Image Management
docker images
List local images
Image Management
docker rmi <image-name>
Delete a local image
Image Management
docker run hello-world
Verify Docker Installation
Installation
sudo docker run hello-world
Verify if docker is successfully installed
docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' <container_name>
Docker Container IP Address
Network Management
sudo docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' ubuntu
docker network connect <docker-network-name> <container-id-or-name>
Connect a container with a docker network
Network Management
docker network create --subnet <subnet> --gateway <gateway> <docker-network-name>
Create a docker network
Network Management
docker network disconnect <docker-network-name> <container-id-or-name>
Disconnect a container with a docker network
Network Management
docker network inspect <docker-network-name>
Inspect a docker network
Network Management
docker network ls
List all docker networks
Network Management
docker network rm <docker-network-name>
Remove a docker network
Network Management

NMAP

Installing NMAP

Command: apt install nmap -y

Running NMAP

  • Run TCP Scan: nmap -sT <Public IP Address>

  • Run Script to find Vulnerabilities: nmap --script vuln <Public IP Address>

References: Microsoft (www.microsoft.com); GitHub (github.com); Proxmox (www.proxmox.com)

bottom of page