Chapter 1: Overview

[Note] Note: This document is also available in other formats

A PDF version of this document along with all current and older documentation in PDF format can be found at

It is also available as a single HTML page.

cOS Core with KVM

By using the open source Kernel-based Virtual Machine (KVM) software, it is possible to have a single computer running multiple, virtual Clavister NetWall Firewalls with each virtual firewall running a separate copy of the cOS Core software. This technique is referred to as virtualization and each virtual firewall can be said to be running in its own virtual machine.

Supported Hardware Platform Architectures

The supported hardware platforms for cOS Core running under KVM are:

For x86 platforms, the 32 bit version should be used only if resource usage must be kept to a minimum. Otherwise, the 64 bit version is recommended, particularly where maximum performance is required. Some cOS Core features may also not be available in the 32 bit version.

The choice of virtual machine image is discussed further in an article in the Clavister Knowledge Base at the following link:

Support for Apple M1 Platforms

It should be noted that ARM support includes the ability to run the cOS Core KVM distribution for ARM under QEMU on the Apple M1 platform. Specifics for Apple setup are not included in this publication but are discussed in an article in the Clavister Knowledge Base at the following link:

KVM Runs Under Linux With QEMU

KVM itself is not a hypervisor but provides an infrastructure for creating virtual machines. It is the Quick EMUlator (QEMU) that provides the hypervisor functions under the Linux operation system and this is also required when using KVM to create cOS Core virtual machines. The combination is known as QEMU-KVM and is distributed as a single package so that the two can be installed together.

[Important] Important: A virtual host should run only cOS Core as a guest

To provide maximum security, the virtual host should be running cOS Core as the only guest. This defends against security attacks against vulnerable hardware, where local data in a processor might be read by other software sharing the same processor. The attacks known as "Spectre" and "Meltdown" are examples of this.

Downloading Files

The cOS Core installation files for cOS Core can be downloaded from the MyClavister section of the Clavister website at KVM files and further information can be found at

Referencing KVM Documentation

This guide describes the steps involved when installing cOS Core with KVM on the supported platforms as well as covering many of the issues that may be encountered with cOS Core running in a KVM virtual environment.

The guide tries to deal specifically with the subject of cOS Core running under KVM and, unless relevant, does not detail the installation of KVM itself or issues which are related only to KVM. Pure KVM subjects are best explained by other, KVM specific, documentation.

x86 Server Hardware Requirements

A server using the Intel x86 architecture must satisfy the following criteria for running cOS Core under KVM:

x86 Hardware Driver Requirements

The following additional hardware driver requirements for x86 servers should be noted:

Supported ARM Architecture

cOS Core is capable of running under KVM on the ARMv8-A architecture. The following ARMv8-A cloud deployments are supported:

Supported Linux Distributions

KVM with QEMU will run under the Linux operating system and will require one of the following Linux distributions:

Other Linux distributions might be used successfully but have not been tested by Clavister with cOS Core. The installation of Linux will not be discussed further in this guide. It is assumed the administrator is familiar with basic Linux networking.

Supported KVM Distributions

cOS Core can run under the latest distribution of KVM. These distributions also include QEMU. The QEMU release (or later) that must be used for cOS Core to function properly:

Other distributions might be used successfully but have not been tested by Clavister. The installation of QEMU with KVM will not be discussed further in this guide and the administrator should refer to the software's own documentation. The QEMU/KVM binaries for a particular Linux distribution can normally be installed from the repositories of the distribution.

Note that the SeaBIOS version used with KVM for guest x86 operating systems should be version 1.7.4 or later.

Additional Linux Software

The following should also be installed on the base Linux system along with KVM:

Software Tools for Management

The following are the software requirements for management:

The installation of these software tools will not be discussed further in this guide. The administrator should refer to the tool's own documentation for guidance.

cOS Core Management

Not only can cOS Core run in its own virtual machine under KVM, the external management computer that is used to administer cOS Core can also run under the same KVM installation. Alternatively, it can be on a separate, external computer. To perform management tasks across a network, the management computer may access cOS Core through its Web Interface or via an SSH console. The proprietary tool InCenter may also be used for remote management from a Windows based client.