Resource Virtualization

The pattern: every consumer (process, container, VM) believes it has the whole resource (CPU, memory, filesystem, network) while the actual hardware is shared underneath. The kernel (or hypervisor) maintains the illusion via address translation, scheduling, and namespacing. Lose the illusion and every program has to coordinate with every other program — the OS exists so that doesn’t happen.

The trade-off: isolation strength vs. efficiency. Process-level virtualization is cheap but weakly isolated (a kernel bug crosses every boundary at once). VM-level is strong but expensive (separate kernel per tenant, hypervisor overhead). Containers split the difference (shared kernel, isolated namespaces + cgroups). Each implementation makes a specific bet about which guarantees matter and what cost is acceptable.

[Deepen this entry when first hit in Year 1 Phase 1. This is one of the most foundational patterns in computing — every higher-level system depends on it.]

Related patterns

• privilege-separation — the boundary the illusion is enforced across.
• mediation — the kernel is the mediator that makes virtualization work.
• layering-and-abstraction — virtualization is the canonical layer hiding hardware from userspace.
• multi-tenancy — the same isolation/efficiency trade-off, one layer up at platform scope.
• fault-isolation — what isolation buys you when something goes wrong.
• First touched: Year 1 Phase 1: OS Foundations.
• Reinforced in: Year 1 Phase 6: Containers (namespaces + cgroups + UnionFS from scratch).
• Project where it lives: basecamp (every workload runs inside container-virtualized resources).