A microVM is a stripped-down virtual machine designed to boot fast and use minimal resources while retaining the security boundary of full hardware virtualization.
How it works
Every app and service you deploy runs inside its own microVM rather than as a process alongside your neighbors.- A microVM per workload. Each App is its own CloudHypervisor microVM. Workloads do not share an operating system instance with one another.
- Hardware virtualization. Isolation is enforced at the hardware-virtualization layer, not just by the operating system. Each microVM boots its own guest kernel and sees only its own virtual resources.
- Isolation guarantee. Because the boundary is a virtual machine rather than a shared kernel, a workload cannot reach into another tenant’s memory, filesystem, or processes.
Why it matters
Traditional containers share the host’s kernel, so the strength of the isolation depends on that shared surface. A microVM gives each workload a dedicated guest kernel behind a hardware-virtualization boundary, which is a stronger separation for running untrusted or multi-tenant code. For you, that means:- Multi-tenant safety. Your workloads stay isolated from every other tenant on the same physical hardware.
- A smaller blast radius. A compromise inside one microVM is contained to that microVM.
- Defense in depth. Hardware isolation complements Miget’s platform protections, including DDoS protection.
Next steps
Datacenters
See the bare-metal infrastructure your microVMs run on.
Fair Scheduler
Learn how compute is allocated fairly across workloads.
Resource Plans
Understand Resources, namespaces, and quotas.
DDoS Protection
Review the network protections layered on top of isolation.

