The Linux Foundation, profile picture
Uploaded byThe Linux Foundation
3,729 views

Bare-Metal Hypervisor as a Platform for Innovation

This document summarizes Russell Pavlicek's presentation on the bare-metal hypervisor as a platform for innovation. Some key innovations enabled by the bare-metal hypervisor discussed include Xen Automotive for developing embedded automotive systems, real-time virtualization support, an ARM-based hypervisor for new applications on ARM architecture, and unikernel systems that create highly secure and efficient cloud applications. A bare-metal hypervisor provides advantages like density, scalability, security and custom scheduling that facilitate these innovations.

Embed presentation

Downloaded 86 times
Linuxfest Northwest 2015 The Bare-Metal Hypervisor as a Platform for Innovation By Russell Pavlicek Xen Project Evangelist Russell.Pavlicek@XenProject.org @RCPavlicek
About the Old, Fat Geek Up Front • Linux user since 1995; became a Linux advocate immediately • Delivered many early talks on Open Source Advocacy • Former Open Source columnist for Infoworld, Processor magazines • Former weekly panelist on “The Linux Show” • Wrote one of the first books on Open Source: Embracing Insanity: Open Source Software Development • 30 years in the industry; 20+ years in software services consulting • Currently Evangelist for the Xen Project (employed by Citrix) • Over 75 FOSS talks delivered; over 150 FOSS pieces published
About Innovation... • A favorite buzzword for marketing purposes • Many things in our industry labeled “Innovation” are nothing more than hackneyed placid tripe • Innovation calls for thinking of the world in a different way and seeing it come to life • Simply changing the shade of lipstick on a pig does not qualify
About Innovation... • Real innovation can borrow from the known to create the unknown • Many innovations are reassemblies of known objects in a new way – Example: many cloud concepts resemble similar concepts in mainframes, but they've been reapplied to a multi-server environment – But the net result needs to be something significantly different than what existed before
Some of the More Interesting Advances • Xen Automotive: the effort to craft an embedded automotive infotainment system • Realtime virtualization: work to facilitate applications which need realtime processing • ARM-based hypervisor: enabling a new breed of applications, from servers to cell phones, on the ARM architecture • Mirage OS and other unikernel systems: creating highly-dense farms of ultra-small and secure cloud appliances
But First... What exactly is a “Bare-Metal Hypervisor”?
Hypervisor Architectures Type 1: Bare metal Hypervisor A pure Hypervisor that runs directly on the hardware and hosts Guest OS’s. Provides partition isolation + reliability, higher security Provides partition isolation + reliability, higher security Host HWHost HW Memory CPUsI/O HypervisorHypervisor SchedulerScheduler MMUMMUDevice Drivers/ModelsDevice Drivers/Models VMn VMn VM1 VM1 VM0 VM0 Guest OS and Apps Guest OS and Apps
Hypervisor Architectures Type 1: Bare metal Hypervisor A pure Hypervisor that runs directly on the hardware and hosts Guest OS’s. Type 2: OS ‘Hosted’ A Hypervisor that runs within a Host OS and hosts Guest OS’s inside of it, using the host OS services to provide the virtual environment. Provides partition isolation + reliability, higher security Provides partition isolation + reliability, higher security Low cost, no additional drivers Ease of use & installation Low cost, no additional drivers Ease of use & installation Host HWHost HW Memory CPUsI/O Host HWHost HW Memory CPUsI/O HypervisorHypervisor SchedulerScheduler MMUMMUDevice Drivers/ModelsDevice Drivers/Models VMn VMn VM1 VM1 VM0 VM0 Guest OS and Apps Guest OS and Apps Host OSHost OS Device DriversDevice Drivers Ring-0 VM Monitor “Kernel “ Ring-0 VM Monitor “Kernel “ VMn VMn VM1 VM1 VM0 VM0 Guest OS and Apps Guest OS and Apps User Apps User Apps User-level VMMUser-level VMM Device ModelsDevice Models
Xen Project: Type 1 with a Twist Type 1: Bare metal Hypervisor Host HWHost HW Memory CPUsI/O HypervisorHypervisor SchedulerScheduler MMUMMUDevice Drivers/ModelsDevice Drivers/Models VMn VMn VM1 VM1 VM0 VM0 Guest OS and Apps Guest OS and Apps
Xen Project: Type 1 with a Twist Type 1: Bare metal Hypervisor Host HWHost HW Memory CPUsI/O HypervisorHypervisor SchedulerScheduler MMUMMUDevice Drivers/ModelsDevice Drivers/Models VMn VMn VM1 VM1 VM0 VM0 Guest OS and Apps Guest OS and Apps Host HWHost HW Memory CPUsI/O HypervisorHypervisor VMn VMn VM1 VM1 VM0 VM0 Guest OS and Apps Guest OS and Apps Xen Project Architecture SchedulerScheduler MMUMMU
Xen Project: Type 1 with a Twist Type 1: Bare metal Hypervisor Host HWHost HW Memory CPUsI/O HypervisorHypervisor SchedulerScheduler MMUMMUDevice Drivers/ModelsDevice Drivers/Models VMn VMn VM1 VM1 VM0 VM0 Guest OS and Apps Guest OS and Apps Host HWHost HW Memory CPUsI/O HypervisorHypervisor VMn VMn VM1 VM1 VM0 VM0 Guest OS and Apps Guest OS and Apps Xen Project Architecture SchedulerScheduler MMUMMU Control domain (dom0) Control domain (dom0) DriversDrivers Device ModelsDevice Models Linux & BSDLinux & BSD
Some Bare-Metal Advantages • What are the advantages of a Bare-Metal Hypervisor? – Density: It's thin • Excellent for supporting very small workloads – Scalability: It can support huge numbers of VMs • Terrific for highly dense workloads – Security: No host OS • It has no host OS layer to attack – Scheduling: Can use dedicated scheduler • Needed for specialized workload profiles where a host OS scheduler just won't do – Paravirtualization: Simplified interface • Easier to code to when no OS is present • And now some of the innovations they enable...
#1: Xen Automotive • A subproject of the Xen Project • Proposed by community member GlobalLogic • Support for infotainment systems (for now...) • Spares multiple discreet systems needing sourcing, installation, and testing • ARM-based
Automotive Challenges • Soft-Real-time support • Hard-Real-time support • GPU virtualization • Other co-processor (DSP, IPU, etc.) • Certification • Driver support for Android, e.g. Backend ION memory allocator and Linux User Space Device Drivers for Graphics, Sound, USB, Giros, GPS, etc. • Driver support for operating systems such as QNX and other guest operating systems that are relevant for these use-cases
A Focused Hypervisor • Automotive requires extreme focus • Simply repurposing a server-based hypervisor won't cut it • A Bare-Metal hypervisor can add and modify pieces as needed – There is no legacy Host Operating System to be accommodated – Bare-Metal can do what the situation requires
#2: Realtime Virtualization • Support for Xen Automotive and beyond • RT-Xen • Streaming video, etc. cannot wait for next time slice • Leverages a custom scheduler
Custom Schedulers • Type 2 (Hosted) Hypervisors use the scheduler of the host (e.g., Linux) – That scheduler is designed for the host operating system, not for special needs • Type 1 (Bare Metal) Hypervisors use schedulers designed for the needs of the hypervisor itself – It is possible to change the scheduler to meet the needs of the hypervisor – That's the way to handle Realtime Scheduling
A Scheduler for Every Need • Current schedulers in Xen Project: – Credit • General Purpose • Default scheduler in 4.5 – Credit2 • Optimized for low latency & high VM density • Currently Experimental • Expected to become supported and default in future
A Scheduler for Every Need • Current schedulers in Xen Project (continued): – RTDS • Soft & Firm Realtime scheduler • Multicore • Currently Experimental • Embedded, Automotive, Graphics, Gaming in the Cloud – ARINC 653 • Hard Realtime • Single Core • Currently Experimental • Avionics, Drones, Medical
A Scheduler for Every Need • Past schedulers in Xen Project: – Borrowed Virtual Time – Atropos – Round Robin – SEDF • For more information: – http://wiki.xenproject.org/wiki/Xen_Project_Schedulers
#3: ARM-based Hypervisor • ARM expanding from handhelds to servers • Virtualization extensions added to ARM V7 • Architecture is hand-in-glove fit for Bare- Metal hypervisor • No mode changes means greater speed and security
ARM SOCARM SOC Xen + ARM = a perfect Match ARM Architecture Features for VirtualizationARM Architecture Features for Virtualization Hypervisor mode : EL2 Kernel mode : EL1 User mode : EL0 GIC v2 GIC v2GTGT 2 stage MMU 2 stage MMU I/O Device Tree describes … Hypercall Interface HVCHypercall Interface HVC
ARM SOCARM SOC ARM Architecture Features for VirtualizationARM Architecture Features for Virtualization EL2 EL1 EL0 GIC v2 GIC v2GTGT 2 stage MMU 2 stage MMU I/O Device Tree describes … HVCHVC Xen + ARM = a perfect Match Xen HypervisorXen Hypervisor
ARM SOCARM SOC ARM Architecture Features for VirtualizationARM Architecture Features for Virtualization EL2 EL1 EL0 GIC v2 GIC v2GTGT 2 stage MMU 2 stage MMU I/O Device Tree describes … HVCHVC Xen + ARM = a perfect Match Xen HypervisorXen Hypervisor Any Xen Guest VM (including Dom0)Any Xen Guest VM (including Dom0) KernelKernel User SpaceUser Space HVCHVC
ARM SOCARM SOC ARM Architecture Features for VirtualizationARM Architecture Features for Virtualization EL2 EL1 EL0 GIC v2 GIC v2GTGT 2 stage MMU 2 stage MMU I/O Device Tree describes … HVCHVC Xen + ARM = a perfect Match Xen HypervisorXen Hypervisor Dom0 only Dom0 only Any Xen Guest VM (including Dom0)Any Xen Guest VM (including Dom0) KernelKernel User SpaceUser Space I/O PV back PV front I/O HVCHVC
Where Will an ARM Hypervisor Play? • You name it... – Cell phones • Multiple personalities are possible – Embedded systems • Automotive is just the beginning – Internet of Things (IoT) • Lots of little things means lots of responses needed – Servers • Lower power footprint • Real green technology
#4: The Unikernel • Super-small VMs • Quick booting • Enhanced security • Easy deployment • Enables transient services – Services that appear when needed and disappear when done
The Cloud We Know • Field of innovation is in the orchestration – The Cloud Engine is paramount (OpenStack, CloudStack, etc.) – Workloads adapted to the cloud strongly resemble their non- cloud predecessors • Some basic adaptations to facilitate life in the cloud, but basically the same stuff that was used before the cloud • Applications with full stacks (operating system, utilities, languages, and apps) which could basically run on hardware, but are run on VMs instead. • VMs are beefy; large memory footprint, slow to start up • It all works, but its not overly efficient • 10s of VMs per physical host
The Next Generation Cloud • Turning the scrutiny to the workloads – Should be easier to deploy and manage – Smaller footprint, removing unnecessary duplication – Faster startup – Transient microservices – Higher levels of security – 1000s of VMs per host
The New Stuff: Docker & Containers • Makes deployment easier • Smaller footprint by leveraging kernel of host • Less memory needed to replicate shared kernel space • Less disk needed to replicate shared executables • Really fast startup times • Higher number of VMs per host
Docker Downsides • Improvements, yes; but not without issues – Can't run any payload that can't use host kernel – Potential limits to scaleability • Linux not really optimized for 1000s of processes – Security • Security is a HUGE issue in clouds • Still working on real security; someday... • At LinuxCon North America 2014, Docker CEO doesn't even identify security as one of the top priorities • Google & others run Docker in VMs when they need security
The Unikernel: A Real Cloud Concept • Very small • Very efficient • Very quick to boot • And very, VERY secure! • It's a Green (energy) technology which saves you green (cash); extremely important to foster adoption • Many unikernels already exist, including Mini-OS and Mirage OS, a Xen Project Incubator Project
What is a Unikernel? From Mirage OS
Unikernel Approach: Mirage OS
Unikernel Approach: Mirage OS
Unikernel Approach: Mirage OS
Unikernel Concepts • Use just enough to do the job – No need for multiple users; one VM per user – No need for a general purpose operating system – No need for utilities – No need for a full set of operating system functions • Lean and mean – Minimal waste – Tiny size
Unikernel Concepts • Similar to an embedded application development environment – Limited debugging available for deployed production system – Instead, system failures are reproduced and analyzed on a full operating system stack and then encapsulated into a new image to deploy – Tradeoff is required for ultralight images
What Do the Results Look Like? • Mirage OS examples: – DNS Server: 449 KB – Web Server: 674 KB – OpenFlow Learning Switch: 393 KB • LING metrics: – Boot time to shell in under 100ms – Erlangonxen.org memory usage: 8.7 MB • ClickOS: – Network devices processing >5 million pkt/sec – 6 MB memory with 30 ms boot time
What About Security? • Type-Safe Solution Stack – Can be certified – Certification is crucial for certain highly critical tasks, like airplane fly-by-wire control systems • Image footprints are unique to the image – Intruders cannot rely on always finding certain libraries – No utilities to exploit, no shell to manipulate
What's Out There Right Now? • Mirage OS, from the Xen Project Incubator • HaLVM, from Galois • LING, from Erlang-on-Xen • ClickOS, from NEC Europe Labs • OSv, from Cloudius Systems • Rumprun, from the Rump Kernel Project • And that's just the beginning...
How Does Xen Project Enable Unikernels? • No Host OS means it's lean and mean – A tiny VM can sit on a thin hypervisor layer on the hardware – Attack surface is small – Scale out support • Can currently support about 600 concurrent VMs per host without losing performance • Current target: 2000-3000 concurrent VMs per host – Enhanced scheduler (Credit2) – ARM as an option
Innovation: Is This All? • By no means! • The list of other subprojects & capabilities continues to grow: – Virtualized GPUs – Enhanced NUMA – COLO: Coarse-grained lockstepping of VMs – Native VMware VMDK support – And so on... • http://xenproject.org/users/innovations.html
In Review... • Some advantages of a Bare-Metal Hypervisor – Density: It's thin • Excellent for supporting very small workloads – Scalability: It can support huge numbers of VMs • Terrific for highly dense workloads – Security: No host OS • It has no host OS layer to attack – Scheduling: Can use dedicated scheduler • Needed for specialized workload profiles where a host OS scheduler just won't do – Paravirtualization: Simplified interface • Easier to code to when no OS is present
The Xen Project Difference • Tomorrow's workloads are not yesterday's workloads – If your hypervisor is just focused on yesterday's payloads, it is suffering from planned obsolescence – Select a hypervisor which is innovating – and Open Source • Xen Project is busy enabling the next generation in virtualization
Questions? Russell.Pavlicek@XenProject.org Twitter: @RCPavlicek This presentation will be available in the Presentations Section of XenProject.org
Basic Xen Project Concepts 47 Control domain (dom0) Control domain (dom0) Host HWHost HW VMn VMn VM1 VM1 VM0 VM0 Guest OS and Apps Guest OS and Apps Memory CPUsI/O Console Interface to the outside world • Control Domain aka Dom0 • Dom0 kernel with drivers Xen Management Toolstack • Guest Domains • Your apps • Driver/Stub/Service Domain(s) A “driver, device model or control service in a box” De-privileged and isolated Lifetime: start, stop, kill Dom0 KernelDom0 Kernel HypervisorHypervisorSchedulerScheduler MMUMMU XSMXSM Trusted Computing Base
Basic Xen Project Concepts: Toolstack+ 48 Control domain (dom0) Control domain (dom0) Host HWHost HW VMn VMn VM1 VM1 VM0 VM0 Guest OS and Apps Guest OS and Apps Console Memory CPUsI/O Dom0 KernelDom0 Kernel ToolstackToolstack HypervisorHypervisorSchedulerScheduler MMUMMU XSMXSM Console • Interface to the outside world • Control Domain aka Dom0 • Dom0 kernel with drivers • Xen Management Toolstack • Guest Domains • Your apps • Driver/Stub/Service Domain(s) A “driver, device model or control service in a box” De-privileged and isolated Lifetime: start, stop, kill Trusted Computing Base
Basic Xen Project Concepts: Disaggregation 49 Control domain (dom0) Control domain (dom0) Host HWHost HW VMn VMn VM1 VM1 VM0 VM0 Guest OS and Apps Guest OS and Apps Console Memory CPUsI/O One or more driver, stub or service domains One or more driver, stub or service domains Dom0 KernelDom0 Kernel ToolstackToolstack HypervisorHypervisorSchedulerScheduler MMUMMU XSMXSM Console • Interface to the outside world • Control Domain aka Dom0 • Dom0 kernel with drivers • Xen Management Toolstack • Guest Domains • Your apps • Driver/Stub/Service Domain(s) • A “driver, device model or control service in a box” • De-privileged and isolated • Lifetime: start, stop, kill Trusted Computing Base

More Related Content

PPT
Linux file system
byBurhan Abbasi
 
PDF
Android Things : Building Embedded Devices
byEmertxe Information Technologies Pvt Ltd
 
PDF
Embedded Android : System Development - Part I
byEmertxe Information Technologies Pvt Ltd
 
PPTX
Introduction to linux ppt
byOmi Vichare
 
PDF
Linux Internals - Part I
byEmertxe Information Technologies Pvt Ltd
 
PDF
Linux Kernel Overview
byAnil Kumar Pugalia
 
PDF
Embedded Android : System Development - Part IV
byEmertxe Information Technologies Pvt Ltd
 
PDF
Android's Multimedia Framework
byOpersys inc.
 
Linux file system
byBurhan Abbasi
 
Android Things : Building Embedded Devices
byEmertxe Information Technologies Pvt Ltd
 
Embedded Android : System Development - Part I
byEmertxe Information Technologies Pvt Ltd
 
Introduction to linux ppt
byOmi Vichare
 
Linux Internals - Part I
byEmertxe Information Technologies Pvt Ltd
 
Linux Kernel Overview
byAnil Kumar Pugalia
 
Embedded Android : System Development - Part IV
byEmertxe Information Technologies Pvt Ltd
 
Android's Multimedia Framework
byOpersys inc.
 

What's hot

PDF
An Introduction to the Android Framework -- a core architecture view from app...
byWilliam Liang
 
PDF
Process management
byAkshay Ithape
 
PPTX
Linux
byInternational Islamic University
 
PDF
08 android multimedia_framework_overview
byArjun Reddy
 
PDF
ELC21: VM-to-VM Communication Mechanisms for Embedded
byStefano Stabellini
 
PPT
Linux command ppt
bykalyanineve
 
PPTX
Introduction to Git and GitHub Part 1
byOmar Fathy
 
PPTX
Access control list acl - permissions in linux
bySreenatha Reddy K R
 
PDF
Xen Debugging
byThe Linux Foundation
 
ODP
Introduction to Version Control
byJeremy Coates
 
PPTX
Virtualization Explained | What Is Virtualization Technology? | Virtualizatio...
bySimplilearn
 
PDF
Linux Systems: Getting started with setting up an Embedded platform
byEmertxe Information Technologies Pvt Ltd
 
PPTX
Binder: Android IPC
byShaul Rosenzwieg
 
PPTX
U-boot and Android Verified Boot 2.0
byGlobalLogic Ukraine
 
PDF
Lesson 2 Understanding Linux File System
bySadia Bashir
 
PDF
TFLite NNAPI and GPU Delegates
byKoan-Sin Tan
 
PPTX
Virtual Machine
byMehul Boghra
 
PPTX
UNIX Operating System
byFatima Qayyum
 
PPT
Linux
byKevin James
 
PPT
Linux file system
byMidaga Mengistu
 
An Introduction to the Android Framework -- a core architecture view from app...
byWilliam Liang
 
Process management
byAkshay Ithape
 
Linux
byInternational Islamic University
 
08 android multimedia_framework_overview
byArjun Reddy
 
ELC21: VM-to-VM Communication Mechanisms for Embedded
byStefano Stabellini
 
Linux command ppt
bykalyanineve
 
Introduction to Git and GitHub Part 1
byOmar Fathy
 
Access control list acl - permissions in linux
bySreenatha Reddy K R
 
Xen Debugging
byThe Linux Foundation
 
Introduction to Version Control
byJeremy Coates
 
Virtualization Explained | What Is Virtualization Technology? | Virtualizatio...
bySimplilearn
 
Linux Systems: Getting started with setting up an Embedded platform
byEmertxe Information Technologies Pvt Ltd
 
Binder: Android IPC
byShaul Rosenzwieg
 
U-boot and Android Verified Boot 2.0
byGlobalLogic Ukraine
 
Lesson 2 Understanding Linux File System
bySadia Bashir
 
TFLite NNAPI and GPU Delegates
byKoan-Sin Tan
 
Virtual Machine
byMehul Boghra
 
UNIX Operating System
byFatima Qayyum
 
Linux
byKevin James
 
Linux file system
byMidaga Mengistu
 

Similar to Bare-Metal Hypervisor as a Platform for Innovation

PDF
IITCC15: The Bare-Metal Hypervisor as a Platform for Innovation
byThe Linux Foundation
 
PPTX
cloud concepts and technologies
byKalai Selvi
 
PDF
LF Collaboration Summit: Xen Project 4 4 Features and Futures
byThe Linux Foundation
 
PDF
Rootlinux17: Hypervisors on ARM - Overview and Design Choices by Julien Grall...
byThe Linux Foundation
 
PDF
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVM
byvwchu
 
PDF
Xen: Hypervisor for the Cloud - CCC13
byThe Linux Foundation
 
PDF
Xen 10th anniversary Status Report (at SELF 2013)
byRussell Pavlicek
 
PDF
Cloud Computing Hypervisors and Comparison Xen KVM
bycloudresearcher
 
PPTX
KIIT_Cloud_scaling and Virtualization.pptx
bybhaskarkumar0125
 
PPT
Introduction to Virtualization .ppt
byKENNEDYDONATO1
 
PDF
Xen: Hypervisor for the Cloud from Frontier Meetup Mountain View CA 2013-10-14
byThe Linux Foundation
 
PDF
Linaro connect : Introduction to Xen on ARM
byThe Linux Foundation
 
PDF
Virtualization_EETimes_SalesConf2011
byijlalshah
 
PDF
Fosdem 18: Securing embedded Systems using Virtualization
byThe Linux Foundation
 
PPTX
668242206-unit1-Virtualization dadod de A
byJoaquimBarros18
 
PPTX
Open source hypervisors in cloud
byChetna Purohit
 
PPTX
Xen Project Update LinuxCon Brazil
byThe Linux Foundation
 
PPTX
Cloud Computing storage saas iaas paas.pptx
byviratkohli82222
 
PDF
01_Virtualization_fro univsersity_students.pdf
bydaemontargaryan224
 
PPTX
Hypervisor
bykalpita surve
 
IITCC15: The Bare-Metal Hypervisor as a Platform for Innovation
byThe Linux Foundation
 
cloud concepts and technologies
byKalai Selvi
 
LF Collaboration Summit: Xen Project 4 4 Features and Futures
byThe Linux Foundation
 
Rootlinux17: Hypervisors on ARM - Overview and Design Choices by Julien Grall...
byThe Linux Foundation
 
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVM
byvwchu
 
Xen: Hypervisor for the Cloud - CCC13
byThe Linux Foundation
 
Xen 10th anniversary Status Report (at SELF 2013)
byRussell Pavlicek
 
Cloud Computing Hypervisors and Comparison Xen KVM
bycloudresearcher
 
KIIT_Cloud_scaling and Virtualization.pptx
bybhaskarkumar0125
 
Introduction to Virtualization .ppt
byKENNEDYDONATO1
 
Xen: Hypervisor for the Cloud from Frontier Meetup Mountain View CA 2013-10-14
byThe Linux Foundation
 
Linaro connect : Introduction to Xen on ARM
byThe Linux Foundation
 
Virtualization_EETimes_SalesConf2011
byijlalshah
 
Fosdem 18: Securing embedded Systems using Virtualization
byThe Linux Foundation
 
668242206-unit1-Virtualization dadod de A
byJoaquimBarros18
 
Open source hypervisors in cloud
byChetna Purohit
 
Xen Project Update LinuxCon Brazil
byThe Linux Foundation
 
Cloud Computing storage saas iaas paas.pptx
byviratkohli82222
 
01_Virtualization_fro univsersity_students.pdf
bydaemontargaryan224
 
Hypervisor
bykalpita surve
 

More from The Linux Foundation

PDF
ELC2019: Static Partitioning Made Simple
byThe Linux Foundation
 
PDF
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
byThe Linux Foundation
 
PDF
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
byThe Linux Foundation
 
PDF
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
byThe Linux Foundation
 
PDF
XPDDS19 Keynote: Unikraft Weather Report
byThe Linux Foundation
 
PDF
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
byThe Linux Foundation
 
PDF
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
byThe Linux Foundation
 
PDF
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
byThe Linux Foundation
 
PDF
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
byThe Linux Foundation
 
PPTX
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
byThe Linux Foundation
 
PPTX
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
byThe Linux Foundation
 
PDF
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
byThe Linux Foundation
 
PDF
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
byThe Linux Foundation
 
PDF
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
byThe Linux Foundation
 
PDF
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
byThe Linux Foundation
 
PDF
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
byThe Linux Foundation
 
PDF
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
byThe Linux Foundation
 
PDF
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
byThe Linux Foundation
 
PDF
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
byThe Linux Foundation
 
PDF
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
byThe Linux Foundation
 
ELC2019: Static Partitioning Made Simple
byThe Linux Foundation
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
byThe Linux Foundation
 
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
byThe Linux Foundation
 
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
byThe Linux Foundation
 
XPDDS19 Keynote: Unikraft Weather Report
byThe Linux Foundation
 
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
byThe Linux Foundation
 
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
byThe Linux Foundation
 
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
byThe Linux Foundation
 
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
byThe Linux Foundation
 
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
byThe Linux Foundation
 
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
byThe Linux Foundation
 
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
byThe Linux Foundation
 
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
byThe Linux Foundation
 
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
byThe Linux Foundation
 
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
byThe Linux Foundation
 
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
byThe Linux Foundation
 
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
byThe Linux Foundation
 
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
byThe Linux Foundation
 
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
byThe Linux Foundation
 
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
byThe Linux Foundation
 

Recently uploaded

PPTX
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
 
PDF
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
PDF
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
PPTX
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
PPTX
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
PDF
apidays New York 2025 | AI in Application Security
byapidays
 
PDF
apidays Paris 2025 | Zero Trust By Design
byapidays
 
PDF
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 
PDF
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
PDF
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PPTX
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
PDF
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
PPTX
Workflow and decision Automation with Flowable
bychakib ch
 
PDF
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
PDF
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
PDF
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
PDF
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
PDF
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
Microsoft Azure News - February 2026 - BAUG
byDaniel Toomey
 
From Hallucinations to High-Confidence AI with Data Enrichment.pdf
byPrecisely
 
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
apidays New York 2025 | AI in Application Security
byapidays
 
apidays Paris 2025 | Zero Trust By Design
byapidays
 
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
Workflow and decision Automation with Flowable
bychakib ch
 
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 

Bare-Metal Hypervisor as a Platform for Innovation

  • 1.
    Linuxfest Northwest 2015 TheBare-Metal Hypervisor as a Platform for Innovation By Russell Pavlicek Xen Project Evangelist Russell.Pavlicek@XenProject.org @RCPavlicek
  • 2.
    About the Old,Fat Geek Up Front • Linux user since 1995; became a Linux advocate immediately • Delivered many early talks on Open Source Advocacy • Former Open Source columnist for Infoworld, Processor magazines • Former weekly panelist on “The Linux Show” • Wrote one of the first books on Open Source: Embracing Insanity: Open Source Software Development • 30 years in the industry; 20+ years in software services consulting • Currently Evangelist for the Xen Project (employed by Citrix) • Over 75 FOSS talks delivered; over 150 FOSS pieces published
  • 3.
    About Innovation... • Afavorite buzzword for marketing purposes • Many things in our industry labeled “Innovation” are nothing more than hackneyed placid tripe • Innovation calls for thinking of the world in a different way and seeing it come to life • Simply changing the shade of lipstick on a pig does not qualify
  • 4.
    About Innovation... • Realinnovation can borrow from the known to create the unknown • Many innovations are reassemblies of known objects in a new way – Example: many cloud concepts resemble similar concepts in mainframes, but they've been reapplied to a multi-server environment – But the net result needs to be something significantly different than what existed before
  • 5.
    Some of theMore Interesting Advances • Xen Automotive: the effort to craft an embedded automotive infotainment system • Realtime virtualization: work to facilitate applications which need realtime processing • ARM-based hypervisor: enabling a new breed of applications, from servers to cell phones, on the ARM architecture • Mirage OS and other unikernel systems: creating highly-dense farms of ultra-small and secure cloud appliances
  • 6.
    But First... What exactlyis a “Bare-Metal Hypervisor”?
  • 7.
    Hypervisor Architectures Type 1:Bare metal Hypervisor A pure Hypervisor that runs directly on the hardware and hosts Guest OS’s. Provides partition isolation + reliability, higher security Provides partition isolation + reliability, higher security Host HWHost HW Memory CPUsI/O HypervisorHypervisor SchedulerScheduler MMUMMUDevice Drivers/ModelsDevice Drivers/Models VMn VMn VM1 VM1 VM0 VM0 Guest OS and Apps Guest OS and Apps
  • 8.
    Hypervisor Architectures Type 1:Bare metal Hypervisor A pure Hypervisor that runs directly on the hardware and hosts Guest OS’s. Type 2: OS ‘Hosted’ A Hypervisor that runs within a Host OS and hosts Guest OS’s inside of it, using the host OS services to provide the virtual environment. Provides partition isolation + reliability, higher security Provides partition isolation + reliability, higher security Low cost, no additional drivers Ease of use & installation Low cost, no additional drivers Ease of use & installation Host HWHost HW Memory CPUsI/O Host HWHost HW Memory CPUsI/O HypervisorHypervisor SchedulerScheduler MMUMMUDevice Drivers/ModelsDevice Drivers/Models VMn VMn VM1 VM1 VM0 VM0 Guest OS and Apps Guest OS and Apps Host OSHost OS Device DriversDevice Drivers Ring-0 VM Monitor “Kernel “ Ring-0 VM Monitor “Kernel “ VMn VMn VM1 VM1 VM0 VM0 Guest OS and Apps Guest OS and Apps User Apps User Apps User-level VMMUser-level VMM Device ModelsDevice Models
  • 9.
    Xen Project: Type1 with a Twist Type 1: Bare metal Hypervisor Host HWHost HW Memory CPUsI/O HypervisorHypervisor SchedulerScheduler MMUMMUDevice Drivers/ModelsDevice Drivers/Models VMn VMn VM1 VM1 VM0 VM0 Guest OS and Apps Guest OS and Apps
  • 10.
    Xen Project: Type1 with a Twist Type 1: Bare metal Hypervisor Host HWHost HW Memory CPUsI/O HypervisorHypervisor SchedulerScheduler MMUMMUDevice Drivers/ModelsDevice Drivers/Models VMn VMn VM1 VM1 VM0 VM0 Guest OS and Apps Guest OS and Apps Host HWHost HW Memory CPUsI/O HypervisorHypervisor VMn VMn VM1 VM1 VM0 VM0 Guest OS and Apps Guest OS and Apps Xen Project Architecture SchedulerScheduler MMUMMU
  • 11.
    Xen Project: Type1 with a Twist Type 1: Bare metal Hypervisor Host HWHost HW Memory CPUsI/O HypervisorHypervisor SchedulerScheduler MMUMMUDevice Drivers/ModelsDevice Drivers/Models VMn VMn VM1 VM1 VM0 VM0 Guest OS and Apps Guest OS and Apps Host HWHost HW Memory CPUsI/O HypervisorHypervisor VMn VMn VM1 VM1 VM0 VM0 Guest OS and Apps Guest OS and Apps Xen Project Architecture SchedulerScheduler MMUMMU Control domain (dom0) Control domain (dom0) DriversDrivers Device ModelsDevice Models Linux & BSDLinux & BSD
  • 12.
    Some Bare-Metal Advantages •What are the advantages of a Bare-Metal Hypervisor? – Density: It's thin • Excellent for supporting very small workloads – Scalability: It can support huge numbers of VMs • Terrific for highly dense workloads – Security: No host OS • It has no host OS layer to attack – Scheduling: Can use dedicated scheduler • Needed for specialized workload profiles where a host OS scheduler just won't do – Paravirtualization: Simplified interface • Easier to code to when no OS is present • And now some of the innovations they enable...
  • 13.
    #1: Xen Automotive •A subproject of the Xen Project • Proposed by community member GlobalLogic • Support for infotainment systems (for now...) • Spares multiple discreet systems needing sourcing, installation, and testing • ARM-based
  • 14.
    Automotive Challenges • Soft-Real-timesupport • Hard-Real-time support • GPU virtualization • Other co-processor (DSP, IPU, etc.) • Certification • Driver support for Android, e.g. Backend ION memory allocator and Linux User Space Device Drivers for Graphics, Sound, USB, Giros, GPS, etc. • Driver support for operating systems such as QNX and other guest operating systems that are relevant for these use-cases
  • 15.
    A Focused Hypervisor •Automotive requires extreme focus • Simply repurposing a server-based hypervisor won't cut it • A Bare-Metal hypervisor can add and modify pieces as needed – There is no legacy Host Operating System to be accommodated – Bare-Metal can do what the situation requires
  • 16.
    #2: Realtime Virtualization •Support for Xen Automotive and beyond • RT-Xen • Streaming video, etc. cannot wait for next time slice • Leverages a custom scheduler
  • 17.
    Custom Schedulers • Type2 (Hosted) Hypervisors use the scheduler of the host (e.g., Linux) – That scheduler is designed for the host operating system, not for special needs • Type 1 (Bare Metal) Hypervisors use schedulers designed for the needs of the hypervisor itself – It is possible to change the scheduler to meet the needs of the hypervisor – That's the way to handle Realtime Scheduling
  • 18.
    A Scheduler forEvery Need • Current schedulers in Xen Project: – Credit • General Purpose • Default scheduler in 4.5 – Credit2 • Optimized for low latency & high VM density • Currently Experimental • Expected to become supported and default in future
  • 19.
    A Scheduler forEvery Need • Current schedulers in Xen Project (continued): – RTDS • Soft & Firm Realtime scheduler • Multicore • Currently Experimental • Embedded, Automotive, Graphics, Gaming in the Cloud – ARINC 653 • Hard Realtime • Single Core • Currently Experimental • Avionics, Drones, Medical
  • 20.
    A Scheduler forEvery Need • Past schedulers in Xen Project: – Borrowed Virtual Time – Atropos – Round Robin – SEDF • For more information: – http://wiki.xenproject.org/wiki/Xen_Project_Schedulers
  • 21.
    #3: ARM-based Hypervisor •ARM expanding from handhelds to servers • Virtualization extensions added to ARM V7 • Architecture is hand-in-glove fit for Bare- Metal hypervisor • No mode changes means greater speed and security
  • 22.
    ARM SOCARM SOC Xen+ ARM = a perfect Match ARM Architecture Features for VirtualizationARM Architecture Features for Virtualization Hypervisor mode : EL2 Kernel mode : EL1 User mode : EL0 GIC v2 GIC v2GTGT 2 stage MMU 2 stage MMU I/O Device Tree describes … Hypercall Interface HVCHypercall Interface HVC
  • 23.
    ARM SOCARM SOCARM Architecture Features for VirtualizationARM Architecture Features for Virtualization EL2 EL1 EL0 GIC v2 GIC v2GTGT 2 stage MMU 2 stage MMU I/O Device Tree describes … HVCHVC Xen + ARM = a perfect Match Xen HypervisorXen Hypervisor
  • 24.
    ARM SOCARM SOCARM Architecture Features for VirtualizationARM Architecture Features for Virtualization EL2 EL1 EL0 GIC v2 GIC v2GTGT 2 stage MMU 2 stage MMU I/O Device Tree describes … HVCHVC Xen + ARM = a perfect Match Xen HypervisorXen Hypervisor Any Xen Guest VM (including Dom0)Any Xen Guest VM (including Dom0) KernelKernel User SpaceUser Space HVCHVC
  • 25.
    ARM SOCARM SOCARM Architecture Features for VirtualizationARM Architecture Features for Virtualization EL2 EL1 EL0 GIC v2 GIC v2GTGT 2 stage MMU 2 stage MMU I/O Device Tree describes … HVCHVC Xen + ARM = a perfect Match Xen HypervisorXen Hypervisor Dom0 only Dom0 only Any Xen Guest VM (including Dom0)Any Xen Guest VM (including Dom0) KernelKernel User SpaceUser Space I/O PV back PV front I/O HVCHVC
  • 26.
    Where Will anARM Hypervisor Play? • You name it... – Cell phones • Multiple personalities are possible – Embedded systems • Automotive is just the beginning – Internet of Things (IoT) • Lots of little things means lots of responses needed – Servers • Lower power footprint • Real green technology
  • 27.
    #4: The Unikernel •Super-small VMs • Quick booting • Enhanced security • Easy deployment • Enables transient services – Services that appear when needed and disappear when done
  • 28.
    The Cloud WeKnow • Field of innovation is in the orchestration – The Cloud Engine is paramount (OpenStack, CloudStack, etc.) – Workloads adapted to the cloud strongly resemble their non- cloud predecessors • Some basic adaptations to facilitate life in the cloud, but basically the same stuff that was used before the cloud • Applications with full stacks (operating system, utilities, languages, and apps) which could basically run on hardware, but are run on VMs instead. • VMs are beefy; large memory footprint, slow to start up • It all works, but its not overly efficient • 10s of VMs per physical host
  • 29.
    The Next GenerationCloud • Turning the scrutiny to the workloads – Should be easier to deploy and manage – Smaller footprint, removing unnecessary duplication – Faster startup – Transient microservices – Higher levels of security – 1000s of VMs per host
  • 30.
    The New Stuff:Docker & Containers • Makes deployment easier • Smaller footprint by leveraging kernel of host • Less memory needed to replicate shared kernel space • Less disk needed to replicate shared executables • Really fast startup times • Higher number of VMs per host
  • 31.
    Docker Downsides • Improvements,yes; but not without issues – Can't run any payload that can't use host kernel – Potential limits to scaleability • Linux not really optimized for 1000s of processes – Security • Security is a HUGE issue in clouds • Still working on real security; someday... • At LinuxCon North America 2014, Docker CEO doesn't even identify security as one of the top priorities • Google & others run Docker in VMs when they need security
  • 32.
    The Unikernel: AReal Cloud Concept • Very small • Very efficient • Very quick to boot • And very, VERY secure! • It's a Green (energy) technology which saves you green (cash); extremely important to foster adoption • Many unikernels already exist, including Mini-OS and Mirage OS, a Xen Project Incubator Project
  • 33.
    What is aUnikernel? From Mirage OS
  • 34.
  • 35.
  • 36.
  • 37.
    Unikernel Concepts • Usejust enough to do the job – No need for multiple users; one VM per user – No need for a general purpose operating system – No need for utilities – No need for a full set of operating system functions • Lean and mean – Minimal waste – Tiny size
  • 38.
    Unikernel Concepts • Similarto an embedded application development environment – Limited debugging available for deployed production system – Instead, system failures are reproduced and analyzed on a full operating system stack and then encapsulated into a new image to deploy – Tradeoff is required for ultralight images
  • 39.
    What Do theResults Look Like? • Mirage OS examples: – DNS Server: 449 KB – Web Server: 674 KB – OpenFlow Learning Switch: 393 KB • LING metrics: – Boot time to shell in under 100ms – Erlangonxen.org memory usage: 8.7 MB • ClickOS: – Network devices processing >5 million pkt/sec – 6 MB memory with 30 ms boot time
  • 40.
    What About Security? •Type-Safe Solution Stack – Can be certified – Certification is crucial for certain highly critical tasks, like airplane fly-by-wire control systems • Image footprints are unique to the image – Intruders cannot rely on always finding certain libraries – No utilities to exploit, no shell to manipulate
  • 41.
    What's Out ThereRight Now? • Mirage OS, from the Xen Project Incubator • HaLVM, from Galois • LING, from Erlang-on-Xen • ClickOS, from NEC Europe Labs • OSv, from Cloudius Systems • Rumprun, from the Rump Kernel Project • And that's just the beginning...
  • 42.
    How Does XenProject Enable Unikernels? • No Host OS means it's lean and mean – A tiny VM can sit on a thin hypervisor layer on the hardware – Attack surface is small – Scale out support • Can currently support about 600 concurrent VMs per host without losing performance • Current target: 2000-3000 concurrent VMs per host – Enhanced scheduler (Credit2) – ARM as an option
  • 43.
    Innovation: Is ThisAll? • By no means! • The list of other subprojects & capabilities continues to grow: – Virtualized GPUs – Enhanced NUMA – COLO: Coarse-grained lockstepping of VMs – Native VMware VMDK support – And so on... • http://xenproject.org/users/innovations.html
  • 44.
    In Review... • Someadvantages of a Bare-Metal Hypervisor – Density: It's thin • Excellent for supporting very small workloads – Scalability: It can support huge numbers of VMs • Terrific for highly dense workloads – Security: No host OS • It has no host OS layer to attack – Scheduling: Can use dedicated scheduler • Needed for specialized workload profiles where a host OS scheduler just won't do – Paravirtualization: Simplified interface • Easier to code to when no OS is present
  • 45.
    The Xen ProjectDifference • Tomorrow's workloads are not yesterday's workloads – If your hypervisor is just focused on yesterday's payloads, it is suffering from planned obsolescence – Select a hypervisor which is innovating – and Open Source • Xen Project is busy enabling the next generation in virtualization
  • 46.
    Questions? Russell.Pavlicek@XenProject.org Twitter: @RCPavlicek This presentationwill be available in the Presentations Section of XenProject.org
  • 47.
    Basic Xen ProjectConcepts 47 Control domain (dom0) Control domain (dom0) Host HWHost HW VMn VMn VM1 VM1 VM0 VM0 Guest OS and Apps Guest OS and Apps Memory CPUsI/O Console Interface to the outside world • Control Domain aka Dom0 • Dom0 kernel with drivers Xen Management Toolstack • Guest Domains • Your apps • Driver/Stub/Service Domain(s) A “driver, device model or control service in a box” De-privileged and isolated Lifetime: start, stop, kill Dom0 KernelDom0 Kernel HypervisorHypervisorSchedulerScheduler MMUMMU XSMXSM Trusted Computing Base
  • 48.
    Basic Xen ProjectConcepts: Toolstack+ 48 Control domain (dom0) Control domain (dom0) Host HWHost HW VMn VMn VM1 VM1 VM0 VM0 Guest OS and Apps Guest OS and Apps Console Memory CPUsI/O Dom0 KernelDom0 Kernel ToolstackToolstack HypervisorHypervisorSchedulerScheduler MMUMMU XSMXSM Console • Interface to the outside world • Control Domain aka Dom0 • Dom0 kernel with drivers • Xen Management Toolstack • Guest Domains • Your apps • Driver/Stub/Service Domain(s) A “driver, device model or control service in a box” De-privileged and isolated Lifetime: start, stop, kill Trusted Computing Base
  • 49.
    Basic Xen ProjectConcepts: Disaggregation 49 Control domain (dom0) Control domain (dom0) Host HWHost HW VMn VMn VM1 VM1 VM0 VM0 Guest OS and Apps Guest OS and Apps Console Memory CPUsI/O One or more driver, stub or service domains One or more driver, stub or service domains Dom0 KernelDom0 Kernel ToolstackToolstack HypervisorHypervisorSchedulerScheduler MMUMMU XSMXSM Console • Interface to the outside world • Control Domain aka Dom0 • Dom0 kernel with drivers • Xen Management Toolstack • Guest Domains • Your apps • Driver/Stub/Service Domain(s) • A “driver, device model or control service in a box” • De-privileged and isolated • Lifetime: start, stop, kill Trusted Computing Base