iCompaas Support

Profile Applicability: 

Level 2

Description:

The paravirtual (PV) virtualization type is an older virtualization technology that lacks modern performance and security enhancements. PV instances are limited in features compared to hardware virtual machine (HVM) instances. Amazon recommends using HVM virtualization, as it supports advanced features such as enhanced networking, GPU instances, and optimizations for modern workloads.

Rationale:

• Enhanced Security: HVM instances take advantage of advanced hardware features like CPU virtualization extensions and secure boot.

• Improved Performance: Supports optimized networking, storage, and processing capabilities.

• Future Compatibility: Ensures compatibility with newer AWS features and services.

Impact

Pros:

• Provides better performance and scalability for workloads.

• Supports advanced networking and GPU capabilities.

• Reduces security risks associated with older virtualization types.

Cons:

• Migrating from PV to HVM may require reconfiguration or workload changes.

• May involve downtime during the migration process.

Default Value:

New EC2 instances use HVM virtualization by default. PV virtualization is only available for legacy instances.

Pre-Requisite

IAM Permissions:

• ec2:DescribeInstances

• AWS CLI installed and configured.

Remediation:

Test Plan:

 Using AWS Console:

1. Sign in to the AWS Management Console.

2. Navigate to the EC2 Dashboard.

3. Select the Instances tab.

4. Check the virtualization type for each instance under the Virtualization column.

5. Identify any instances using paravirtual virtualization.

Using AWS CLI:

Check Virtualization Type for Instances:

aws ec2 describe-instances --query "Reservations[].Instances[].{InstanceId:InstanceId,VirtualizationType:VirtualizationType}"

Implementation Steps:

1. Identify all PV instances.

2. Launch replacement instances using HVM virtualization.

3. Migrate workloads from PV instances to the new HVM instances.

4. Decommission the PV instances to complete the migration.

Backout Plan:

Using AWS Management Console:

1. Sign in to the AWS Management Console.

2. Navigate to EC2 > Instances.

3. Identify instances using the Paravirtual (PV) virtualization type:

   • Check the instance details under the Virtualization field.

4. Stop the affected instances.

5. Launch new instances using Hardware Virtual Machine (HVM) AMIs, which are compatible with modern EC2 instance types.

6. Migrate applications and data from the PV instances to the new HVM instances.

7. Terminate the old PV instances once migration is complete.

Using AWS CLI:

List instances and check their virtualization type:

aws ec2 describe-instances --query "Reservations[*].Instances[*].[InstanceId, VirtualizationType]"

Stop instances using PV virtualization:

aws ec2 stop-instances --instance-ids <instance-id>

Launch new instances with HVM AMIs:

aws ec2 run-instances --image-id <hvm-ami-id> --instance-type <instance-type> --key-name <key-name> --security-group-ids <sg-id> --subnet-id <subnet-id>

1. Migrate data and applications to the new instances.

2. Terminate the old PV instances:
   aws ec2 terminate-instances --instance-ids <instance-id>

References:

• Amazon EC2 Documentation – Virtualization Types

• AWS Migration Guide

CIS Controls: