DeHackEdBill Ate Tux's Rocket
Xen is a type 1 hypervisor.
Xen itself has almost no hardware drivers. It's barely able to control the PCI bus and really only does CPU and memory management. It boots up your "host" OS (I'll assume it's Linux, but it must be a dom0 capable OS) as a fully fledged virtual guest but with default full access to the PCI bus and permission to give commands to Xen.
Thus your Host OS is really Xen and your first guest is what you're accustomed to thinking of as the host. It also means the host is subject to its own policy decisions, such as number of allowed CPUs, memory limitations and scheduling priorities. How's that for isolation?