Xen.org: The past, the present and exciting Future

  • 3,706 views
Uploaded on

In this talk, John will explore the technology and architecture introduced in the ARM Cortex-A15 processor in support of virtualization. This is the first of multiple processors from ARM that will …

In this talk, John will explore the technology and architecture introduced in the ARM Cortex-A15 processor in support of virtualization. This is the first of multiple processors from ARM that will support true virtualization, and the ability to host existing operating systems binaries without modification. The hardware extensions were defined following careful analysis to address the key virtualization performance limitations of today's solutions while bringing new technologies to the device to better support a virtualized system.

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
3,706
On Slideshare
0
From Embeds
0
Number of Embeds
5

Actions

Shares
Downloads
42
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • 6 students; pleased with support from community; remaining engagedKorea: Daniel Castro - pv drivers for seabiosDanielKiber debugVitio to xen
  • Jan, Keir, Ian Campbell, Tim Deegan
  • Based on a detailed study
  • IOMMU

Transcript

  • 1. Xen: the Past, Present andExciting FutureIan PrattChairman of Xen.org,SVP and Founder of BromiumSponsored by: &
  • 2. Outline• Community Update• Xen 4 Review• Xen and the next wave of virtualization 2
  • 3. COMMUNITY UPDATE 3
  • 4. 2011 Highlights• Inclusion of Xen into Linux 3 (and distros)• New Initiatives: – Project Kronos – Xen.org Governance – Renewed focus on Xen for ARM• Successful Community Initiatives – Documentation Day – Google Summer of Code – Hackathons: Cambridge (Citrix) and Munich (Fujitsu)• Lars Kurth: (not so) new Community Manager 4
  • 5. Contribution Statistics By Change Sets Contributors to Xen.org 5000.0 200 4500.0 180 4000.0 160 3500.0 140 3000.0 120 XenARM** 2500.0 100 PVOPS Individuals 2000.0 80 XCP Orgs 1500.0 Xen HV 60 1000.0 40 500.0 20 0.0 0 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011**) End of Sept 2011**) Activity on Development branch (not yet in xen-unstable) 5
  • 6. 2010 & 2011 Contributors (by KLOC) 2010** 2% 2011** *** 1% 3% 4% 5% 4% 6% 5% Citrix HV 28% Citrix XCP Citrix XCP Citrix HV 5% 39% Oracle Samsung* 11% Intel Novell 6% Novell Oracle Fujitsu AMD 7% AMD Individual Individual 13% Intel Misc 18% Misc 8% University 20% 15%*) Activity on Development branch (not yet in xen-unstable)**) Includes PVOPS***) Until Sept 2011 6
  • 7. 500 1000 1500 2000 2500 0 Oct-03 Dec-03 Feb-04 Apr-04 Jun-04 Aug-04 Oct-04 Dec-04 Feb-05 Apr-05 Jun-05 Conversations, excluding patches Aug-05 Oct-05 Dec-05 Feb-06 Apr-06 Jun-06 Aug-06 Oct-06 Dec-06 Feb-07 Apr-07 Jun-07 xen-devel Aug-07 Oct-07 Dec-07 xen-api Feb-08 Developer mailing list traffic Apr-08 Jun-08 Aug-08 Oct-08 Dec-08 Feb-09 Apr-09 Jun-09 Aug-09 Oct-09 Dec-09 Feb-10 Apr-10 Jun-10 Aug-10 Oct-10 Dec-10 Feb-11 Apr-11 Jun-117
  • 8. Formalized Governance• How to contribute (had this for a long time, but was poorly documented)• Election of Maintainers, Committers & Project Leads – Committer Election in September – Jan Beulich (Novell) : Committer on Xen HV project • 2009 : 107 patches changing 11746 lines of code • 2010 : 147 patches changing 7613 lines of code • 2011 : 130 patches changing 27377 lines of code (as of Sept)• Project Lifecycle – Xen HV & XCP migrated to new lifecycle 8
  • 9. Xen.org Web site Activity Linux 3 Website Traffic/Day: Notable traffic increase since September (almost double) Coincides with changes to content and new content! Linux 3 Blog Traffic/Month: Xen 4.1 Xen 4.0 100% average increase of traffic compared to one year ago Part of Sept Prediction at tip of arrow 9
  • 10. Product and project news roundup• Xen support in Linux 3 – More in Linux 3.1 (and subsequent releases)• Xen support (DomU and Dom0) back in Linux distros – Debian – Ubuntu 11.10 – Fedora 16• Recent product releases that distribute Xen – Oracle VM 3.0 – XenServer 6.0 – XenClient 2.0 – Beta’s of QubesOS and RC’s of openSuse 12.1 10
  • 11. Where do we need to improve? Focus for 2012 • New website • Better media presence • More focus on users (individual & commercial) • More and better documentation • New benchmarks, feature comparisons, etc. • Formalize volunteer activities such as “documentation day” 11
  • 12. 2011 & 2012 Event Calendar• LinuxCon Brazil, Sao Paulo, Nov 17-18• USENIX Lisa, Boston, Dec 4-9• Planning to co-locate XenSummit NA with LinuxCon (LinuxCon NA, San Diego, Aug 27-28) – Not yet finalized, but should be soon• OSCON, Portland, July 16-20 12
  • 13. Community Summary• The Xen Developer community is healthy for a 10 year old project• The inclusion of Xen support into Linux 3.x has made a big impact – Getting questions by many new users – Building new and productive relationships with many people in the Linux and BSD communities• Up to now Xen.org was almost exclusively looking after developers – Successful open source communities bring their users and developers together – Xen.org needs to focus on • Reconnecting to its users • On making it easy to get started with Xen and engage new users – Many opportunities in Cloud Projects • On better communicating the Xen advantages• Everybody can help with this! 13
  • 14. XEN 4.1 REVIEW 14
  • 15. Xen 4.1 Release – 21 March 2011• Very large system support – 4 TB; >255 CPUs – Reliability, Availability, Scalability enhancements• CPU Pools for system partitioning• Page sharing enhancements• Hypervisor emergency paging / compression• New “xl” lightweight control stack• Memory Introspection API• Enhanced SR-IOV support• Software-implemented Hardware Fault Tolerance 15
  • 16. Hardware Fault Tolerance Restart-HA monitors hosts and VMs to keep apps running Hardware Fault Tolerance with deterministic replay or checkpointingXen’s Software-Implemented Hardware Fault Tolerance enables true High Availability for unmodified applications and operating systems
  • 17. Hardware Fault Tolerance• University of British Columbia’s “Remus” project is now in Xen 4• Smart checkpointing approach yields excellent performance – VM executes in parallel with checkpoint transmission, with all externally visible state changes suppressed until checkpoint receipt acknowledged – Checkpoints delta compressed• Checkpointing possible across wide-area, even for multi-vCPU guests 17
  • 18. Enhanced SR-IOV• SR-IOV: Single Root IO Virtualization – Virtualization friendly IO devices• High performance, high efficiency, low latency• Enables even the most demanding applications to now be virtualized• Compatible with live relocation via hotplug of acceleration driver “plugin” module – Retain primary benefit of physical hardware abstraction 18
  • 19. SR-IOV NIC Dell 10G Switch Dell R710 Server Dell R710 Server XenServer and Intel 10G SR-IOV NIC XenServer and Intel 10G SR-IOV NIC NFS Common Storage w/OpenFiler Dell R710 Server XenServer and Intel 10G SR-IOV NIC• 80 Gb/s bi-directional aggregate throughput between 4 VM pairs• Low latency, High CPU efficiency• Live relocation between hosts - Even hosts with different NICs
  • 20. Network Performance 35 30 usercopy 25 kernCPU (%) 20 201% Type-0 xen1 15 123% 103% grantcopy 10 100% kern0 5 0 xen0 s/w only basic smart SR-IOV native NIC NIC• New Smart NICs reduce CPU overhead substantially• Care must be taken with SR-IOV NICs to ensure benefitsof VM portability and live relocation are not lost• Need for an industry standard for “driver plugins”
  • 21. THE NEXT VIRTUALIZATION WAVE 21
  • 22. Security will drive the Next Wave of Virtualization• Security is key requirement for Cloud• Security is the primary goal of virtualization on the Client – Desktop, Laptops, Smart Phones, etc• Maintaining isolation between VMs is critical – Spatial and Temporal isolation – Run multiple VMs with policy controlled information flow • E.g. Personal VM; Corporate VM; VM for web browsing; VM for banking• Enables “out-of-band” management and policy enforcement – Malware detection, remote access, image update, backup, VPN, etc. 22
  • 23. Xen Introspection API• Allows a suitably privileged VM to monitor and control the execution of another VM – Interpose on disk and network IO path – Mark VM memory as immutable, no-execute etc – Inspect/modify CPU and memory state• Enables robust anti-malware, anti-root kit – Cannot be disabled/bypassed by guest VMVirtualized can be more secure than physical! 24
  • 24. Secure Isolation• Use good software engineering practice – Thin hypervisor: minimize code running with privilege – Disaggregate and de-privilege functionality into dedicated Service VMs – Narrow interfaces between components – Hypervisors are simpler than OSes, simpler than OS kernels – Use modern high-level languages where possible• New hardware technologies help – VT-x, VT-d, EPT: reduce software complexity, enhanced protection – TPM/TXT: Enable Dynamic Root of Trust 25
  • 25. XenClient XT / Qubes OS• First products configured to take advantage of the security benefits of Xen’s architecture• Isolated Driver Domains• Virtual hardware Emulation Domains• Service VMs (global and per-guest)• Xen Security Modules / SElinux• Measured Launch (TXT) 26
  • 26. Typical Xen Configuration VM0 VM1 VM2 VM3 Device Manager & Applications Applications Applications Control s/w GuestOS GuestOS GuestOS GuestOS Back-End Native Device Front-End Front-End Driver Device Drivers Device Drivers Device Emulation Control IF Safe HW IF Event Channel Virtual CPU Virtual MMU Xen Virtual Machine Monitor Hardware (SMP, MMU, physical memory, Ethernet, SCSI/IDE)
  • 27. Xen Driver Domains VM0 VM1 VM2 VM3 Device Manager & Applications Applications Control s/w GuestOS GuestOS GuestOS GuestOS Back-End Back-End Native Native Device Device Front-End Driver Driver Device Drivers Device Emulation VM3a Control IF IOMMU Event Channel Virtual CPU Virtual MMU Xen Virtual Machine Monitor Hardware (SMP, MMU, physical memory, Ethernet, SCSI/IDE)
  • 28. Advanced XenClient Architecture Per host/device Per guest Service VMs Service VMs VPN Isolation VPN Isolation Management User VM User VM Emulate Emulation Device Isolation Network Domain Domain Control Device Policy Granularity Policy Granularity Xen Xen Security Modules VT-d TXT Intel vPro Hardware VT-x AES-NI 29
  • 29. Disaggregation• Unique benefit of the Xen architecture:• Security – Minimum privilege; Narrow interfaces• Performance – Lightweight e.g. minios directly on hypervisor – Exploit locality – service VMs see a subset of the machine, run close to resources with which they interact• Reliability – Able to be safely restarted 30
  • 30. Isolated Driver VMs for High Availability• Detect failure e.g. 350 – Illegal access 300 – Timeout 250 200• Kill domain, restart 150 – E.g. Just 275ms outage from 100 failed Ethernet driver 50• New work uses restarts to 0 0 5 10 15 20 25 30 35 40 enhance security time (s)
  • 31. Proposal• We should strive to get all Xen products and deployments to take full advantage of the Xen architecture• We need to make this much easier!• Proposal: define and maintain a reference architecture and implementation that embodies best practice recommendations 32
  • 32. Reference Architecture• Define using new technologies – Latest stable Xen – Linux 3.x pvops • Optimization effort required – Libxl control stack • For easy consumption by other vendor tool stacks 33
  • 33. Target Features• Network restart-able driver domains – Integrated OpenFlow vswitch• Storage restart-able driver domains – Also allows easier deployment of new storage options e.g. vastsky, ZFS• Qemu emulation domains• Xen Security Modules• Measured Launch via TXT• Roadmap for enhanced security and performance features – E.g. the SR-IOV network plugin / vswitch architecture 34
  • 34. Implementation• Need an initial reference implementation – Easily consumable by users• XCP could fulfil this role – Showcase latest Xen technologies – Optimized for OpenStack• Aim to be as kernel/toolstack etc agnostic to allow easy adoption by all vendors 35
  • 35. Summary• Xen project continues to thrive! – Great success in Cloud and Client• Key architectural security, reliability and performance benefits that are unique to Xen – We need to do a better job of getting the message out! – We need to do a better job of actually taking advantage of the benefits in all Xen products 36