This document summarizes Russell Pavlicek's presentation on the bare-metal hypervisor as a platform for innovation. Some key innovations enabled by the bare-metal hypervisor discussed include Xen Automotive for developing embedded automotive systems, real-time virtualization support, an ARM-based hypervisor for new applications on ARM architecture, and unikernel systems that create highly secure and efficient cloud applications. A bare-metal hypervisor provides advantages like density, scalability, security and custom scheduling that facilitate these innovations.
Asymmetric multi-processing (AMP) systems fulfill the need for high performance and real-time by combining the responsiveness of a MCU with the processing power of an application processor which runs a full OS.
This talk will present a technical overview on asymmetric multiprocessing platforms focussing on motivations, use cases and how to handle interprocess communication between MCU and MPU in practice.
Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...Stefano Stabellini
Static partitioning enables multiple domains to run alongside each other with no interference. They could be running Linux, an RTOS, or another OS, and all of them have direct access to different portions of the SoC. In the last five years, the Xen community introduced several new features to make Xen-based static partitioning possible. Dom0less to start multiple static domains in parallel at boot, and Cache Coloring to minimize cache interference effects are among them. Static inter-domain communications mechanisms were introduced this year, while "ImageBuilder" has been making system-wide configurations easier. An easy-to-use complete solution is within our grasp. This talk will show the progress made on Xen static partitioning. The audience will learn to configure a realistic reference design with multiple partitions: a LinuxRT partition, a Zephyr partition, and a larger Linux partition. The presentation will show how to set up communication channels and direct hardware access for the domains. It will explain how to measure interrupt latency and use cache coloring to zero cache interference effects. The talk will include a live demo of the reference design.
Xen on ARM for embedded and IoT: from secure containers to dom0less systemsStefano Stabellini
Hypervisors are becoming increasingly widespread in embedded environments. Their use-case is different from server virtualization, and so are their requirements. The ability to run containerized applications is often a requirement. Xen on ARM is embracing the new challenges with innovative solutions.
This talk will discuss cutting-edge Xen on ARM features for embedded deployments, including dom0less, where multiple domains are started directly by Xen at boot. The presentation will explain the reasons why Xen is an excellent runtime environment for containerized apps and will introduce a new proposal for a Xen Project sub-project to create the ideal platform for secure containers in embedded.
System Device Tree and Lopper: Concrete Examples - ELC NA 2022Stefano Stabellini
System Device Tree is an extension to Device Tree to describe all the hardware on an SoC, including heterogeneous CPU clusters and secure resources not typically visible to an Operating System like Linux. This full view allows the System Device Tree to be the "One true source" of the entire hardware description and helps to prevent the common (and hard-to-debug) problem of conflicting resources and system consistency. Lopper is an Open Source framework to parse and manipulate System Device Tree. With Lopper, it is possible to generate multiple traditional Device Trees from a single larger System Device Tree. This presentation will provide an overview of System Device Tree and will discuss the latest updates of the specification and tooling. The talk will illustrate multiple use-cases for System Device Tree with concrete examples, such as Linux running on the more powerful CPU cluster and Zephyr running on a smaller Cortex-R cluster. It will also show how to use Lopper to generate multiple traditional Device Trees targeting different OSes, not just Linux but also Zephyr/other RTOSes. Finally, an end-to-end demo based on Yocto to build a complete heterogeneous system with multiple OSes and RTOSes running on different clusters on a single reference board will be shown.
Asymmetric multi-processing (AMP) systems fulfill the need for high performance and real-time by combining the responsiveness of a MCU with the processing power of an application processor which runs a full OS.
This talk will present a technical overview on asymmetric multiprocessing platforms focussing on motivations, use cases and how to handle interprocess communication between MCU and MPU in practice.
Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...Stefano Stabellini
Static partitioning enables multiple domains to run alongside each other with no interference. They could be running Linux, an RTOS, or another OS, and all of them have direct access to different portions of the SoC. In the last five years, the Xen community introduced several new features to make Xen-based static partitioning possible. Dom0less to start multiple static domains in parallel at boot, and Cache Coloring to minimize cache interference effects are among them. Static inter-domain communications mechanisms were introduced this year, while "ImageBuilder" has been making system-wide configurations easier. An easy-to-use complete solution is within our grasp. This talk will show the progress made on Xen static partitioning. The audience will learn to configure a realistic reference design with multiple partitions: a LinuxRT partition, a Zephyr partition, and a larger Linux partition. The presentation will show how to set up communication channels and direct hardware access for the domains. It will explain how to measure interrupt latency and use cache coloring to zero cache interference effects. The talk will include a live demo of the reference design.
Xen on ARM for embedded and IoT: from secure containers to dom0less systemsStefano Stabellini
Hypervisors are becoming increasingly widespread in embedded environments. Their use-case is different from server virtualization, and so are their requirements. The ability to run containerized applications is often a requirement. Xen on ARM is embracing the new challenges with innovative solutions.
This talk will discuss cutting-edge Xen on ARM features for embedded deployments, including dom0less, where multiple domains are started directly by Xen at boot. The presentation will explain the reasons why Xen is an excellent runtime environment for containerized apps and will introduce a new proposal for a Xen Project sub-project to create the ideal platform for secure containers in embedded.
System Device Tree and Lopper: Concrete Examples - ELC NA 2022Stefano Stabellini
System Device Tree is an extension to Device Tree to describe all the hardware on an SoC, including heterogeneous CPU clusters and secure resources not typically visible to an Operating System like Linux. This full view allows the System Device Tree to be the "One true source" of the entire hardware description and helps to prevent the common (and hard-to-debug) problem of conflicting resources and system consistency. Lopper is an Open Source framework to parse and manipulate System Device Tree. With Lopper, it is possible to generate multiple traditional Device Trees from a single larger System Device Tree. This presentation will provide an overview of System Device Tree and will discuss the latest updates of the specification and tooling. The talk will illustrate multiple use-cases for System Device Tree with concrete examples, such as Linux running on the more powerful CPU cluster and Zephyr running on a smaller Cortex-R cluster. It will also show how to use Lopper to generate multiple traditional Device Trees targeting different OSes, not just Linux but also Zephyr/other RTOSes. Finally, an end-to-end demo based on Yocto to build a complete heterogeneous system with multiple OSes and RTOSes running on different clusters on a single reference board will be shown.
Xen Project is a static partitioning hypervisor for embedded deployments (industrial, medical, etc.) Xen enforces strong isolation between domains so that one cannot affect the execution of another. Features such as cache coloring reduce interference and improve interrupt latency and determinism. A real-time workload can run alongside a more complex guest. But can it be used in safety-critical environments? The Xen hypervisor has a microkernel design: services and tools are non-essential and run in unprivileged VMs, while the core is less than 50K LOC. This architecture lends itself well to safety-critical applications as only the core is critical and needs to go through the certification process. This presentation will describe the activities of the Xen FuSa SIG (Special Interest Group) to make Xen easier to safety-certify. It will go through the aspects of Xen that pertain safety and it will explain how to set up a mixed-criticality system with Xen. The talk will discuss the challenges of making an Open Source project safety-certifiable and the progress that the Xen community made so far in the areas of documentation and requirements, MISRA-C code compliance, and interference reduction.
Velocity 2017 Performance analysis superpowers with Linux eBPFBrendan Gregg
Talk by for Velocity 2017 by Brendan Gregg: Performance analysis superpowers with Linux eBPF.
"Advanced performance observability and debugging have arrived built into the Linux 4.x series, thanks to enhancements to Berkeley Packet Filter (BPF, or eBPF) and the repurposing of its sandboxed virtual machine to provide programmatic capabilities to system tracing. Netflix has been investigating its use for new observability tools, monitoring, security uses, and more. This talk will investigate this new technology, which sooner or later will be available to everyone who uses Linux. The talk will dive deep on these new tracing, observability, and debugging capabilities. Whether you’re doing analysis over an ssh session, or via a monitoring GUI, BPF can be used to provide an efficient, custom, and deep level of detail into system and application performance.
This talk will also demonstrate the new open source tools that have been developed, which make use of kernel- and user-level dynamic tracing (kprobes and uprobes), and kernel- and user-level static tracing (tracepoints). These tools provide new insights for file system and storage performance, CPU scheduler performance, TCP performance, and a whole lot more. This is a major turning point for Linux systems engineering, as custom advanced performance instrumentation can be used safely in production environments, powering a new generation of tools and visualizations."
This slide provides a basic understanding of hypervisor support in ARM v8 and above processors. And these slides (intent to) give some guidelines to automotive engineers to compare and choose right solution!
Virtualization with KVM (Kernel-based Virtual Machine)Novell
As a technical preview, SUSE Linux Enterprise Server 11 contains KVM, which is the next-generation virtualization software delivered with the Linux kernel. In this technical session we will demonstrate how to set up SUSE Linux Enterprise Server 11 for KVM, install some virtual machines and deal with different storage and networking setups.
To demonstrate live migration we will also show a distributed replicated block device (DRBD) setup and a setup based on iSCSI and OCFS2, which are included in SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise 11 High Availability Extension.
This presentation talks about Real Time Operating Systems (RTOS). Starting with fundamental concepts of OS, this presentation deep dives into Embedded, Real Time and related aspects of an OS. Appropriate examples are referred with Linux as a case-study. Ideal for a beginner to build understanding about RTOS.
LCU13: Deep Dive into ARM Trusted Firmware
Resource: LCU13
Name: Deep Dive into ARM Trusted Firmware
Date: 31-10-2013
Speaker: Dan Handley / Charles Garcia-Tobin
Video: https://www.facebook.com/atscaleevents/videos/1693888610884236/ . Talk by Brendan Gregg from Facebook's Performance @Scale: "Linux performance analysis has been the domain of ancient tools and metrics, but that's now changing in the Linux 4.x series. A new tracer is available in the mainline kernel, built from dynamic tracing (kprobes, uprobes) and enhanced BPF (Berkeley Packet Filter), aka, eBPF. It allows us to measure latency distributions for file system I/O and run queue latency, print details of storage device I/O and TCP retransmits, investigate blocked stack traces and memory leaks, and a whole lot more. These lead to performance wins large and small, especially when instrumenting areas that previously had zero visibility. This talk will summarize this new technology and some long-standing issues that it can solve, and how we intend to use it at Netflix."
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxThe Linux Foundation
This talk will introduce Dom0-less: a new way of using Xen to build mixed-criticality solutions. Dom0-less is a Xen feature that adds a novel approach to static partitioning based on virtualization. It allows multiple domains to start at boot time directly from the Xen hypervisor, decreasing boot times dramatically. Xen userspace tools, such as xl and libvirt, become optional.
Dom0-less extends the existing device tree based Xen boot protocol to cover information required by additional domains. Binaries, such as kernels and ramdisks, are loaded by the bootloader (u-boot) and advertised to Xen via new device tree bindings.
The audience will learn how to use Dom0-less to partition the system. Uboot and device tree configuration details will be explained to enable the audience to get the most out of this feature. The talk will include a status update and details on future plans.
Numerous technologies exist for profiling and tracing live Linux systems - from the traditional and straight forward gProf and strace to the more elaborate SystemTap, oProfile and the Linux Trace Toolkit. Very recently some new technologies, perf events and ftrace, have appeared that can already largely take the place of these traditional tools and have gained mainline acceptance in the Linux community - meaning that they will become more and more relevant in the future and are already being used to shed light on real world performance issues.
This presentation provides an overview of a number of the more noteworthy instrumentation tools available for Linux and the technologies that they build upon. Some examples of using perf events to analyse a running system to help track down real world performance problems are demonstrated.
For the full video of this presentation, please visit:
https://www.edge-ai-vision.com/2020/12/making-edge-ai-inference-programming-easier-and-flexible-a-presentation-from-texas-instruments/
For more information about edge AI and computer vision, please visit:
https://www.edge-ai-vision.com
Manisha Agrawal, Product Marketing Engineer at Texas Instruments, presents the “Making Edge AI Inference Programming Easier and Flexible” tutorial at the September 2020 Embedded Vision Summit.
Deploying an AI model at the edge doesn’t have to be challenging—but it often is. Embedded processing vendors have unique sets of software tools for deploying models. It takes time and investment to learn to use proprietary tools and to optimize the edge implementation to achieve your desired performance. While embedded vendors are providing proprietary tools for model deployment, the open source community is also advancing to standardize the model deployment process and make it hardware agnostic.
Texas Instruments has adopted open source software frameworks to make model deployment easier and more flexible. In this talk, you will learn about the struggles developers face when deploying models for inference on embedded processors and how TI addresses these critical software development challenges. You will also discover how TI enables faster time-to-market using a flexible open source development approach without the need to compromise performance, accuracy or power requirements.
This presentation covers the general concepts about real-time systems, how Linux kernel works for preemption, the latency in Linux, rt-preempt, and Xenomai, the real-time extension as the dual kernel approach.
Testing real-time Linux. What to test and how Chirag Jog
This paper describes testing of the real-time (CONFIG_PREEMPT_RT) Linux kernel. It explains how testing the real-time kernel is different from testing the mainline Linux kernel and provides some tips and guidelines about writing test cases for the real-time kernel. It illustrates real-time tests in the Linux Test Project (LTP) suite using examples. It also briefly covers real-time tests that are not part of LTP.
Xen Project is a static partitioning hypervisor for embedded deployments (industrial, medical, etc.) Xen enforces strong isolation between domains so that one cannot affect the execution of another. Features such as cache coloring reduce interference and improve interrupt latency and determinism. A real-time workload can run alongside a more complex guest. But can it be used in safety-critical environments? The Xen hypervisor has a microkernel design: services and tools are non-essential and run in unprivileged VMs, while the core is less than 50K LOC. This architecture lends itself well to safety-critical applications as only the core is critical and needs to go through the certification process. This presentation will describe the activities of the Xen FuSa SIG (Special Interest Group) to make Xen easier to safety-certify. It will go through the aspects of Xen that pertain safety and it will explain how to set up a mixed-criticality system with Xen. The talk will discuss the challenges of making an Open Source project safety-certifiable and the progress that the Xen community made so far in the areas of documentation and requirements, MISRA-C code compliance, and interference reduction.
Velocity 2017 Performance analysis superpowers with Linux eBPFBrendan Gregg
Talk by for Velocity 2017 by Brendan Gregg: Performance analysis superpowers with Linux eBPF.
"Advanced performance observability and debugging have arrived built into the Linux 4.x series, thanks to enhancements to Berkeley Packet Filter (BPF, or eBPF) and the repurposing of its sandboxed virtual machine to provide programmatic capabilities to system tracing. Netflix has been investigating its use for new observability tools, monitoring, security uses, and more. This talk will investigate this new technology, which sooner or later will be available to everyone who uses Linux. The talk will dive deep on these new tracing, observability, and debugging capabilities. Whether you’re doing analysis over an ssh session, or via a monitoring GUI, BPF can be used to provide an efficient, custom, and deep level of detail into system and application performance.
This talk will also demonstrate the new open source tools that have been developed, which make use of kernel- and user-level dynamic tracing (kprobes and uprobes), and kernel- and user-level static tracing (tracepoints). These tools provide new insights for file system and storage performance, CPU scheduler performance, TCP performance, and a whole lot more. This is a major turning point for Linux systems engineering, as custom advanced performance instrumentation can be used safely in production environments, powering a new generation of tools and visualizations."
This slide provides a basic understanding of hypervisor support in ARM v8 and above processors. And these slides (intent to) give some guidelines to automotive engineers to compare and choose right solution!
Virtualization with KVM (Kernel-based Virtual Machine)Novell
As a technical preview, SUSE Linux Enterprise Server 11 contains KVM, which is the next-generation virtualization software delivered with the Linux kernel. In this technical session we will demonstrate how to set up SUSE Linux Enterprise Server 11 for KVM, install some virtual machines and deal with different storage and networking setups.
To demonstrate live migration we will also show a distributed replicated block device (DRBD) setup and a setup based on iSCSI and OCFS2, which are included in SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise 11 High Availability Extension.
This presentation talks about Real Time Operating Systems (RTOS). Starting with fundamental concepts of OS, this presentation deep dives into Embedded, Real Time and related aspects of an OS. Appropriate examples are referred with Linux as a case-study. Ideal for a beginner to build understanding about RTOS.
LCU13: Deep Dive into ARM Trusted Firmware
Resource: LCU13
Name: Deep Dive into ARM Trusted Firmware
Date: 31-10-2013
Speaker: Dan Handley / Charles Garcia-Tobin
Video: https://www.facebook.com/atscaleevents/videos/1693888610884236/ . Talk by Brendan Gregg from Facebook's Performance @Scale: "Linux performance analysis has been the domain of ancient tools and metrics, but that's now changing in the Linux 4.x series. A new tracer is available in the mainline kernel, built from dynamic tracing (kprobes, uprobes) and enhanced BPF (Berkeley Packet Filter), aka, eBPF. It allows us to measure latency distributions for file system I/O and run queue latency, print details of storage device I/O and TCP retransmits, investigate blocked stack traces and memory leaks, and a whole lot more. These lead to performance wins large and small, especially when instrumenting areas that previously had zero visibility. This talk will summarize this new technology and some long-standing issues that it can solve, and how we intend to use it at Netflix."
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxThe Linux Foundation
This talk will introduce Dom0-less: a new way of using Xen to build mixed-criticality solutions. Dom0-less is a Xen feature that adds a novel approach to static partitioning based on virtualization. It allows multiple domains to start at boot time directly from the Xen hypervisor, decreasing boot times dramatically. Xen userspace tools, such as xl and libvirt, become optional.
Dom0-less extends the existing device tree based Xen boot protocol to cover information required by additional domains. Binaries, such as kernels and ramdisks, are loaded by the bootloader (u-boot) and advertised to Xen via new device tree bindings.
The audience will learn how to use Dom0-less to partition the system. Uboot and device tree configuration details will be explained to enable the audience to get the most out of this feature. The talk will include a status update and details on future plans.
Numerous technologies exist for profiling and tracing live Linux systems - from the traditional and straight forward gProf and strace to the more elaborate SystemTap, oProfile and the Linux Trace Toolkit. Very recently some new technologies, perf events and ftrace, have appeared that can already largely take the place of these traditional tools and have gained mainline acceptance in the Linux community - meaning that they will become more and more relevant in the future and are already being used to shed light on real world performance issues.
This presentation provides an overview of a number of the more noteworthy instrumentation tools available for Linux and the technologies that they build upon. Some examples of using perf events to analyse a running system to help track down real world performance problems are demonstrated.
For the full video of this presentation, please visit:
https://www.edge-ai-vision.com/2020/12/making-edge-ai-inference-programming-easier-and-flexible-a-presentation-from-texas-instruments/
For more information about edge AI and computer vision, please visit:
https://www.edge-ai-vision.com
Manisha Agrawal, Product Marketing Engineer at Texas Instruments, presents the “Making Edge AI Inference Programming Easier and Flexible” tutorial at the September 2020 Embedded Vision Summit.
Deploying an AI model at the edge doesn’t have to be challenging—but it often is. Embedded processing vendors have unique sets of software tools for deploying models. It takes time and investment to learn to use proprietary tools and to optimize the edge implementation to achieve your desired performance. While embedded vendors are providing proprietary tools for model deployment, the open source community is also advancing to standardize the model deployment process and make it hardware agnostic.
Texas Instruments has adopted open source software frameworks to make model deployment easier and more flexible. In this talk, you will learn about the struggles developers face when deploying models for inference on embedded processors and how TI addresses these critical software development challenges. You will also discover how TI enables faster time-to-market using a flexible open source development approach without the need to compromise performance, accuracy or power requirements.
This presentation covers the general concepts about real-time systems, how Linux kernel works for preemption, the latency in Linux, rt-preempt, and Xenomai, the real-time extension as the dual kernel approach.
Testing real-time Linux. What to test and how Chirag Jog
This paper describes testing of the real-time (CONFIG_PREEMPT_RT) Linux kernel. It explains how testing the real-time kernel is different from testing the mainline Linux kernel and provides some tips and guidelines about writing test cases for the real-time kernel. It illustrates real-time tests in the Linux Test Project (LTP) suite using examples. It also briefly covers real-time tests that are not part of LTP.
The Xen Hypervisor was built for the Cloud from the outset: when Xen was designed, we anticipated a world, which today is known as cloud computing. Today, 10 years after the project started, Xen powers the largest clouds in production.
This talk explores success criteria, architecture, trade-offs and challenges for cloudy hypervisors. It is intended for users and developers and starts with a brief introduction to Xen and XCP, their architecture, common challenges for KVM and Xen and securing the cloud. It will introduce concepts such as the virtualization spectrum, the concept of domain disaggregation and the Xen Security Modules as techniques to increase security, robustness and scalability. All important factors for building clouds at scale.
The talk will conclude with exciting developments in the Xen community, such as Xen support for ARM servers, Mirage appliances that can be run on any Xen based cloud, etc. and explore their implications for building open source clouds.
Kernel Recipes 2014 - Xen as a foundation for cloud infrastructureAnne Nicolas
It is no accident that Xen software powers some of the largest Clouds in existence. From its outset, the Xen Project was intended to enable what we now call Cloud Computing.
This session will explore how the Xen Architecture addresses the needs of the Cloud in ways which facilitate security, throughput, and agility. It will also cover some of the hot new developments of the Xen Project.
Julien Grall, Citrix
These slides accompanied a live install of Triton Elastic Container Infrastructure as described in the following blog post:
https://www.joyent.com/blog/spin-up-a-docker-dev-test-environment-in-60-minutes-or-less
Presentation abstract:
Hardware hypervisors were a first generation approach to the challenges of resource and security isolation, but they’re unnecessarily shackling operations and developers with limitations that are no longer relevant to containerized deployments.
We need bare metal performance, but how can we get the security isolation and elasticity that we need without VMs? Container -- truly secure, bare metal containers -- offer an alternative that improve performance while reducing costs (and CO2 emissions too!).
What are they, how do they work, and how does containerization affect my apps??
These slides were presented at:
http://www.meetup.com/austin-devops/events/223284754/
http://www.meetup.com/PhillyDevOps/events/223197735/
http://www.meetup.com/DevOpsandAutomationNJ/events/223432942/
LF Collaboration Summit: Xen Project 4 4 Features and FuturesThe Linux Foundation
Xen Project 4.4 Release Information.
Delivered by Russell Pavlicek at Linux Foundation Collaborative Summit on March 27, 2014.
Updated for LinuxCon/CloudOpen North America in August 2014.
Using SoC Vendor HALs in the Zephyr Project - SFO17-112Linaro
Session ID: SFO17-112
Session Name: Using SoC Vendor HALs in the Zephyr Project - SFO17-112
Speaker: Maureen Helm
Track: LITE
★ Session Summary ★
The Zephyr OS is a small, scalable RTOS that supports a wide variety of SoCs, many of which have existing HALs provided by the SoC vendors, especially in the ARM Cortex-M world. These HALs provide peripheral register definitions and in many cases, include bare metal peripheral drivers. Rather than reinventing the wheel, the Zephyr Project decided to proactively reuse these vendor HALs whenever possible. This session will cover how and why the Zephyr Project uses SoC vendor HALs, what are the common problems, and how to address them.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/sfo17/sfo17-112/
Presentation:
Video: https://www.youtube.com/watch?v=hHcnw4xu_Mo
---------------------------------------------------
★ Event Details ★
Linaro Connect San Francisco 2017 (SFO17)
25-29 September 2017
Hyatt Regency San Francisco Airport
---------------------------------------------------
Keyword:
'http://www.linaro.org'
'http://connect.linaro.org'
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://twitter.com/linaroorg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/102696
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVMvwchu
With co-presenter Maninder Singh, delivered a presentation about hypervisors and virtualization technology for an independent topic study project for the Operating System Design (EECS 4221) course at York University, Canada in October 2014.
Virtualization, briefly, is the separation of resources or requests for a service from the underlying physical delivery of that service. It is a concept in which access to a single underlying piece of hardware is coordinated so that multiple guest operating systems can share a single piece of hardware, with no guest operating system being aware that it is actually sharing anything at all.
Hypervisors are becoming more and more widespread in embedded environments, from automotive to medical and avionics. Their use case is different from traditional server and desktop virtualization, and so are their requirements. This talk will explain why hypervisors are used in embedded, and the unique challenges posed by these environments to virtualization technologies.
Xen, a popular open source hypervisor, was born to virtualize x86 Linux systems for the data center. It is now the leading open source hypervisor for ARM embedded platforms. The presentation will show how the ARM port of Xen differs from its x86 counterpart. It will go through the fundamental design decisions that made Xen a good choice for ARM embedded virtualization. The talk will explain the implementation of key features such as device assignment and interrupt virtualization.
Static partitioning is used to split an embedded system into multiple domains, each of them having access only to a portion of the hardware on the SoC. It is key to enable mixed-criticality scenarios, where a critical application, often based on a small RTOS, runs alongside a larger non-critical app, typically based on Linux. The two domains cannot interfere with each other.
This talk will explain how to use Xen for static partitioning. It will introduce dom0-less, a new Xen feature written for the purpose. Dom0-less allows multiple VMs to start at boot time directly from the Xen hypervisor, decreasing boot times drastically. It makes it very easy to partition the system without virtualization overhead. Dom0 becomes unnecessary.
This presentation will go into details on how to setup a Xen dom0-less system. It will show configuration examples and explain device assignment. The talk will discuss its implications for latency-sensitive and safety-critical environments.
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...The Linux Foundation
TrenchBoot is a cross-community OSS integration project for hardware-rooted, late launch integrity of open and proprietary systems. It provides a general purpose, open-source DRTM kernel for measured system launch and attestation of device integrity to trust-centric access infrastructure. TrenchBoot closes the UEFI Measurement Gap and reduces the need to trust system firmware. This talk will introduce TrenchBoot architecture and a recent collaboration with Oracle to launch the Linux kernel directly with Intel TXT or AMD SVM Secure Launch. It will propose mechanisms for integrating the Xen hypervisor into a TrenchBoot system launch. DRTM-enabled capabilities for client, server and embedded platforms will be presented for consideration by the Xen community.
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...The Linux Foundation
Artem will briefly cover what has been done since the first talk on Xen in Automotive domain back in 2013, what is going on now and what is still missing for broad adaptation of Xen in vehicles. The following topics will be covered:
Embedded/automotive features of Xen
Collaboration with AGL and GENIVI organizations for standardization
Efforts on Functional Safety compliance
Artem will also go over typical automotive use scenarios for Xen which may not be the same as generic computing use of hypervisor.
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...The Linux Foundation
In this keynote talk, we will give an overview of the state of the Xen Project, trends that impact the project, see whether challenges that surfaced last year have been addressed and how we did it, and highlight new challenges and solutions for the coming year.
In recent years unikernels have shown immense performance potential (e.g., boot times of only a few ms, image sizes of only hundreds of KBs).The fundamental drawback of unikernels is that they require that applications be manually ported to the underlying minimalistic OS, needing both expert work and often considerable amount of time.
The Unikraft project provides a unikernel code base and build system that significantly simplifies the building of unikernels. In addition to support for a number CPU architectures, languages and frameworks, Unikraft provides debugging and tracing features that are generally sorely missing from unikernel projects. In this talk we will talk about these features, show a set of preliminary performance numbers, and provide a roadmap for the project's future.
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...The Linux Foundation
The idea of making Xen secret-free has been floating since Spectre and Meltdown came into light. In this talk we will discuss what is being done and what needs to be done next.
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...The Linux Foundation
As the number of contributions grow, reviewer bandwidth becomes a bottleneck; and maintainers are always asking for more help. However, ultimately maintainers must at least Ack every patch that goes in; so if you're not a maintainer, how can you contribute? Why should anyone care about your opinion?
This talk will try to lay out some advice and guidelines for non-maintainers, for how they can do code review in a way which will effectively reduce the load on maintainers when they do come to review a patch.
This talk is a follow-up to our Summit 2017 presentation in which we covered our plans for Intel VMFUNC and #VE, as well as related use-cases. This year, we will provide a report on what we have accomplished in Xen 4.12, and what remains to be addressed. We will also give a brief status update of VMI on AMD hardware. The session will end with some real-world numbers of the Hypervisor Introspection solution running on Citrix Hypervisor 8.0 with #VE enabled.
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...The Linux Foundation
Safety certification is one of the essential requirements for software to be used in highly regulated industries. Besides technical and compliance issues (such as ISO 26262 vs IEC 611508) transitioning an existing project to become more easily safety certifiable requires significant changes to development practices within an open source project.
In this session, we will lay out some challenges of making safety certification achievable in open source and the Xen Project. We will outline the process the Xen Project has followed thus far and highlight lessons learned along the way. The talk will primarily focus on necessary process, tooling changes and community challenges that can prevent progress. We will be offering an in-depth review of how Xen Project is approaching this challenging goal and try to derive lessons for other projects and contributors.
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...The Linux Foundation
Safety certification is one of the essential requirements for software to be used in highly regulated industries. The Xen Project, a secure and stable hypervisor that is used in many different markets, has been exploring the feasibility of building safety certified products on top of Xen for a year, looking at key aspects of its code base and development practices.
In this session, we will lay out the motivation and challenges of making safety certification achievable in open source and the Xen Project. We will outline the process the project has followed thus far and highlight lessons learned along the way. The talk will cover technical enablers, necessary process and tooling changes and community challenges offering an in-depth review of how Xen Project is approaching this exciting and and challenging goal.
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixThe Linux Foundation
2018 saw fundamental shifts in security boundaries which were previously taken for granted. A lot of work has been done in the past 2 years, and largely in secret under embargo, but there is plenty more work to be done to strengthen the existing mitigations and to try to recover some performance without reopening security holes.
This talk will look at speculative execution sidechannels, the work which has already been done to mitigate the security holes, and future work which hopes to bring some improvements.
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdThe Linux Foundation
The Arm architecture provides a set of guidelines that any software should abide by when accessing the memory with MMU off and update page-tables. Failing to do so may result in getting TLB conflicts or breaking coherency.
In a previous talk ("Keeping coherency on Arm"), we focused on updating safely the stage-2 (aka P2M) page-tables. This talk will focus on the boot code and Xen memory management.
During this session, we will introduce some of the guidelines and when they should be used. We will also discuss how Xen boot sequence needs to be reworked to avoid breaking the guidelines.
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...The Linux Foundation
For many years the QEMU codebase has contained PV backends for Xen guests, giving them paravirtual access to storage, network, keyboard, mouse, etc. however these backends have not been configurable as QEMU devices as their implementation did not fully adhere to the QEMU Object Model (QOM).
Particularly the PV storage backend not using proper QOM devices, or qdevs, meant that the QEMU block layer needed to maintain legacy code that was cluttering up the source. This was causing push-back from the maintainers who did not want to accept any patches relating to that Xen backend until it was 'qdevified'.
In this talk, I'll explain the modifications I made to QEMU to achieve 'qdevification' of the PV storage backend, how compatibility with the libxl toolstack was maintained, and what the next steps in both QEMU and libxl development should be.
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DThe Linux Foundation
PCI is a local computer bus for attaching hardware devices in a computer, and is the main peripheral bus on modern x86 systems. As such, having a proper way to emulate it is crucial for Xen to be able to expose both fully emulated devices or passthrough devices to guests.
This talk will focus on the current status of PCI emulation in Xen, how and where it is used, what are its main limitations and future plans to improve it in order to be more robust and modular.
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsThe Linux Foundation
Volodymyr will speak about TEE mediators. This is a new feature in Xen which allows multiple virtual machines to interact with Trusted Execution Environment available on platform. He developed mediator for one of TEEs, namely OP-TEE.
He will give background information on why TEE is needed at all and share some implementation details.
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...The Linux Foundation
Xen is a very powerful hypervisor with a talented and diverse developers community. Despite the fact it's almost everywhere (from the Cloud to the embedded world), it can be difficult to set up and manage as a system administrator. General purpose distros have Xen packages, but that's just a start in your Xen journey: you need some tooling and knowledge to have a working and scalable platform.
XCP-ng was built to overcome those issues: by bringing Xen to the masses with a fully turnkey distro with Xen as its core. It's the logical sequel to the XCP project, with a community focus from the start. We'll see how it happened, what we did, and what's next. Finally, we'll see the impact of XCP-ng on the Xen Project.
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...The Linux Foundation
Doug has long advocated for more CI/CD (Continuous Integration / Continuous Delivery) processes to be adopted by the Xen Project from the use of Travis CI and now GitLab CI. This talk aims to propose ideas for building upon the existing process and transforming the development process to provide users a higher quality with each release by the Xen Project.
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...The Linux Foundation
High level toolstacks for server and cloud virtualization are very mature with large communities using and supporting them. Client virtualization is a much more niche community with unique requirements when compared to those found in the server space. In this talk, we’ll introduce a client virtualization toolstack for Xen (redctl) that we are using in Redfield, a new open-source client virtualization distribution that builds upon the work done by the greater virtualization and Linux communities. We will present a case for maturing libxl’s Go bindings and discuss what advantages Go has to offer for high level toolstacks, including in the server space.
Today Xen is scheduling guest virtual cpus on all available physical cpus independently from each other. Recent security issues on modern processors (e.g. L1TF) require to turn off hyperthreading for best security in order to avoid leaking information from one hyperthread to the other. One way to avoid having to turn off hyperthreading is to only ever schedule virtual cpus of the same guest on one physical core at the same time. This is called core scheduling.
This presentation shows results from the effort to implement core scheduling in the Xen hypervisor. The basic modifications in Xen are presented and performance numbers with core scheduling active are shown.
XPDDS19: Implementing AMD MxGPU - Jonathan Farrell, Assured Information SecurityThe Linux Foundation
The use of Virtual GPUs (vGPUs) has widely grown in server farms to give Virtual Machines (VMs) dedicated graphics. Software rendering with virtual CPUs can only take us so far and even with Intel-GVT, which uses integrated graphics, there isn't enough power to do the fun stuff. In this presentation, Jon Farrell will be talking about the process of implementing AMD MxGPU on Xen, challenges that he encountered while doing it, and discussing performance metrics of bare metal and vGPU VM on popular benchmarks like 3D Mark* and The Witcher 3. To wrap up his presentation, Jon will share his thoughts about future research and where this technology can take us.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
Bare-Metal Hypervisor as a Platform for Innovation
1. Linuxfest Northwest 2015
The Bare-Metal Hypervisor as a Platform for
Innovation
By Russell Pavlicek
Xen Project Evangelist
Russell.Pavlicek@XenProject.org
@RCPavlicek
2. About the Old, Fat Geek Up Front
• Linux user since 1995; became a Linux advocate immediately
• Delivered many early talks on Open Source Advocacy
• Former Open Source columnist for Infoworld, Processor magazines
• Former weekly panelist on “The Linux Show”
• Wrote one of the first books on Open Source: Embracing Insanity:
Open Source Software Development
• 30 years in the industry; 20+ years in software services consulting
• Currently Evangelist for the Xen Project (employed by Citrix)
• Over 75 FOSS talks delivered; over 150 FOSS pieces published
3. About Innovation...
• A favorite buzzword for marketing purposes
• Many things in our industry labeled
“Innovation” are nothing more than hackneyed
placid tripe
• Innovation calls for thinking of the world in a
different way and seeing it come to life
• Simply changing the shade of lipstick on a pig
does not qualify
4. About Innovation...
• Real innovation can borrow from the known to
create the unknown
• Many innovations are reassemblies of known
objects in a new way
– Example: many cloud concepts resemble similar
concepts in mainframes, but they've been
reapplied to a multi-server environment
– But the net result needs to be something
significantly different than what existed before
5. Some of the More Interesting Advances
• Xen Automotive: the effort to craft an embedded
automotive infotainment system
• Realtime virtualization: work to facilitate applications
which need realtime processing
• ARM-based hypervisor: enabling a new breed of
applications, from servers to cell phones, on the ARM
architecture
• Mirage OS and other unikernel systems: creating
highly-dense farms of ultra-small and secure cloud
appliances
7. Hypervisor Architectures
Type 1: Bare metal Hypervisor
A pure Hypervisor that runs directly on the
hardware and hosts Guest OS’s.
Provides partition isolation +
reliability,
higher security
Provides partition isolation +
reliability,
higher security
Host HWHost HW
Memory CPUsI/O
HypervisorHypervisor SchedulerScheduler
MMUMMUDevice Drivers/ModelsDevice Drivers/Models
VMn
VMn
VM1
VM1
VM0
VM0
Guest OS
and Apps
Guest OS
and Apps
8. Hypervisor Architectures
Type 1: Bare metal Hypervisor
A pure Hypervisor that runs directly on the
hardware and hosts Guest OS’s.
Type 2: OS ‘Hosted’
A Hypervisor that runs within a Host OS and
hosts Guest OS’s inside of it, using the host
OS services to provide the virtual environment.
Provides partition isolation +
reliability,
higher security
Provides partition isolation +
reliability,
higher security
Low cost, no additional drivers
Ease of use & installation
Low cost, no additional drivers
Ease of use & installation
Host HWHost HW
Memory CPUsI/O
Host HWHost HW
Memory CPUsI/O
HypervisorHypervisor
SchedulerScheduler
MMUMMUDevice Drivers/ModelsDevice Drivers/Models
VMn
VMn
VM1
VM1
VM0
VM0
Guest OS
and Apps
Guest OS
and Apps
Host OSHost OS
Device DriversDevice Drivers
Ring-0 VM Monitor
“Kernel “
Ring-0 VM Monitor
“Kernel “
VMn
VMn
VM1
VM1
VM0
VM0
Guest OS
and Apps
Guest OS
and Apps
User
Apps
User
Apps
User-level VMMUser-level VMM
Device ModelsDevice Models
9. Xen Project: Type 1 with a Twist
Type 1: Bare metal Hypervisor
Host HWHost HW
Memory CPUsI/O
HypervisorHypervisor SchedulerScheduler
MMUMMUDevice Drivers/ModelsDevice Drivers/Models
VMn
VMn
VM1
VM1
VM0
VM0
Guest OS
and Apps
Guest OS
and Apps
10. Xen Project: Type 1 with a Twist
Type 1: Bare metal Hypervisor
Host HWHost HW
Memory CPUsI/O
HypervisorHypervisor SchedulerScheduler
MMUMMUDevice Drivers/ModelsDevice Drivers/Models
VMn
VMn
VM1
VM1
VM0
VM0
Guest OS
and Apps
Guest OS
and Apps
Host HWHost HW
Memory CPUsI/O
HypervisorHypervisor
VMn
VMn
VM1
VM1
VM0
VM0
Guest OS
and Apps
Guest OS
and Apps
Xen Project Architecture
SchedulerScheduler MMUMMU
11. Xen Project: Type 1 with a Twist
Type 1: Bare metal Hypervisor
Host HWHost HW
Memory CPUsI/O
HypervisorHypervisor SchedulerScheduler
MMUMMUDevice Drivers/ModelsDevice Drivers/Models
VMn
VMn
VM1
VM1
VM0
VM0
Guest OS
and Apps
Guest OS
and Apps
Host HWHost HW
Memory CPUsI/O
HypervisorHypervisor
VMn
VMn
VM1
VM1
VM0
VM0
Guest OS
and Apps
Guest OS
and Apps
Xen Project Architecture
SchedulerScheduler MMUMMU
Control domain
(dom0)
Control domain
(dom0)
DriversDrivers
Device ModelsDevice Models
Linux & BSDLinux & BSD
12. Some Bare-Metal Advantages
• What are the advantages of a Bare-Metal Hypervisor?
– Density: It's thin
• Excellent for supporting very small workloads
– Scalability: It can support huge numbers of VMs
• Terrific for highly dense workloads
– Security: No host OS
• It has no host OS layer to attack
– Scheduling: Can use dedicated scheduler
• Needed for specialized workload profiles where a host OS scheduler just won't
do
– Paravirtualization: Simplified interface
• Easier to code to when no OS is present
• And now some of the innovations they enable...
13. #1: Xen Automotive
• A subproject of the Xen Project
• Proposed by community member GlobalLogic
• Support for infotainment systems (for now...)
• Spares multiple discreet systems needing
sourcing, installation, and testing
• ARM-based
14. Automotive Challenges
• Soft-Real-time support
• Hard-Real-time support
• GPU virtualization
• Other co-processor (DSP, IPU, etc.)
• Certification
• Driver support for Android, e.g. Backend ION memory
allocator and Linux User Space Device Drivers for
Graphics, Sound, USB, Giros, GPS, etc.
• Driver support for operating systems such as QNX and
other guest operating systems that are relevant for these
use-cases
15. A Focused Hypervisor
• Automotive requires extreme focus
• Simply repurposing a server-based hypervisor
won't cut it
• A Bare-Metal hypervisor can add and modify
pieces as needed
– There is no legacy Host Operating System to be
accommodated
– Bare-Metal can do what the situation requires
16. #2: Realtime Virtualization
• Support for Xen Automotive and beyond
• RT-Xen
• Streaming video, etc. cannot wait for next
time slice
• Leverages a custom scheduler
17. Custom Schedulers
• Type 2 (Hosted) Hypervisors use the scheduler of
the host (e.g., Linux)
– That scheduler is designed for the host operating
system, not for special needs
• Type 1 (Bare Metal) Hypervisors use schedulers
designed for the needs of the hypervisor itself
– It is possible to change the scheduler to meet the
needs of the hypervisor
– That's the way to handle Realtime Scheduling
18. A Scheduler for Every Need
• Current schedulers in Xen Project:
– Credit
• General Purpose
• Default scheduler in 4.5
– Credit2
• Optimized for low latency & high VM density
• Currently Experimental
• Expected to become supported and default in future
19. A Scheduler for Every Need
• Current schedulers in Xen Project (continued):
– RTDS
• Soft & Firm Realtime scheduler
• Multicore
• Currently Experimental
• Embedded, Automotive, Graphics, Gaming in the Cloud
– ARINC 653
• Hard Realtime
• Single Core
• Currently Experimental
• Avionics, Drones, Medical
20. A Scheduler for Every Need
• Past schedulers in Xen Project:
– Borrowed Virtual Time
– Atropos
– Round Robin
– SEDF
• For more information:
– http://wiki.xenproject.org/wiki/Xen_Project_Schedulers
21. #3: ARM-based Hypervisor
• ARM expanding from handhelds to
servers
• Virtualization extensions added to ARM V7
• Architecture is hand-in-glove fit for Bare-
Metal hypervisor
• No mode changes means greater speed
and security
22. ARM SOCARM SOC
Xen + ARM = a perfect Match
ARM Architecture Features for VirtualizationARM Architecture Features for Virtualization
Hypervisor mode : EL2
Kernel mode : EL1
User mode : EL0
GIC
v2
GIC
v2GTGT
2
stage
MMU
2
stage
MMU
I/O
Device Tree describes …
Hypercall Interface HVCHypercall Interface HVC
23. ARM SOCARM SOC ARM Architecture Features for VirtualizationARM Architecture Features for Virtualization
EL2
EL1
EL0
GIC
v2
GIC
v2GTGT
2
stage
MMU
2
stage
MMU
I/O
Device Tree describes …
HVCHVC
Xen + ARM = a perfect Match
Xen HypervisorXen Hypervisor
24. ARM SOCARM SOC ARM Architecture Features for VirtualizationARM Architecture Features for Virtualization
EL2
EL1
EL0
GIC
v2
GIC
v2GTGT
2
stage
MMU
2
stage
MMU
I/O
Device Tree describes …
HVCHVC
Xen + ARM = a perfect Match
Xen HypervisorXen Hypervisor
Any Xen Guest VM (including Dom0)Any Xen Guest VM (including Dom0)
KernelKernel
User SpaceUser Space
HVCHVC
25. ARM SOCARM SOC ARM Architecture Features for VirtualizationARM Architecture Features for Virtualization
EL2
EL1
EL0
GIC
v2
GIC
v2GTGT
2
stage
MMU
2
stage
MMU
I/O
Device Tree describes …
HVCHVC
Xen + ARM = a perfect Match
Xen HypervisorXen Hypervisor
Dom0
only
Dom0
only
Any Xen Guest VM (including Dom0)Any Xen Guest VM (including Dom0)
KernelKernel
User SpaceUser Space
I/O
PV
back
PV
front
I/O
HVCHVC
26. Where Will an ARM Hypervisor Play?
• You name it...
– Cell phones
• Multiple personalities are possible
– Embedded systems
• Automotive is just the beginning
– Internet of Things (IoT)
• Lots of little things means lots of responses needed
– Servers
• Lower power footprint
• Real green technology
27. #4: The Unikernel
• Super-small VMs
• Quick booting
• Enhanced security
• Easy deployment
• Enables transient services
– Services that appear when needed and
disappear when done
28. The Cloud We Know
• Field of innovation is in the orchestration
– The Cloud Engine is paramount (OpenStack, CloudStack, etc.)
– Workloads adapted to the cloud strongly resemble their non-
cloud predecessors
• Some basic adaptations to facilitate life in the cloud, but basically the
same stuff that was used before the cloud
• Applications with full stacks (operating system, utilities, languages, and
apps) which could basically run on hardware, but are run on VMs
instead.
• VMs are beefy; large memory footprint, slow to start up
• It all works, but its not overly efficient
• 10s of VMs per physical host
29. The Next Generation Cloud
• Turning the scrutiny to the workloads
– Should be easier to deploy and manage
– Smaller footprint, removing unnecessary
duplication
– Faster startup
– Transient microservices
– Higher levels of security
– 1000s of VMs per host
30. The New Stuff: Docker & Containers
• Makes deployment easier
• Smaller footprint by leveraging kernel of host
• Less memory needed to replicate shared kernel
space
• Less disk needed to replicate shared
executables
• Really fast startup times
• Higher number of VMs per host
31. Docker Downsides
• Improvements, yes; but not without issues
– Can't run any payload that can't use host kernel
– Potential limits to scaleability
• Linux not really optimized for 1000s of processes
– Security
• Security is a HUGE issue in clouds
• Still working on real security; someday...
• At LinuxCon North America 2014, Docker CEO doesn't even
identify security as one of the top priorities
• Google & others run Docker in VMs when they need security
32. The Unikernel: A Real Cloud Concept
• Very small
• Very efficient
• Very quick to boot
• And very, VERY secure!
• It's a Green (energy) technology which saves you
green (cash); extremely important to foster adoption
• Many unikernels already exist, including Mini-OS and
Mirage OS, a Xen Project Incubator Project
37. Unikernel Concepts
• Use just enough to do the job
– No need for multiple users; one VM per user
– No need for a general purpose operating system
– No need for utilities
– No need for a full set of operating system functions
• Lean and mean
– Minimal waste
– Tiny size
38. Unikernel Concepts
• Similar to an embedded application
development environment
– Limited debugging available for deployed
production system
– Instead, system failures are reproduced and
analyzed on a full operating system stack and then
encapsulated into a new image to deploy
– Tradeoff is required for ultralight images
39. What Do the Results Look Like?
• Mirage OS examples:
– DNS Server: 449 KB
– Web Server: 674 KB
– OpenFlow Learning Switch: 393 KB
• LING metrics:
– Boot time to shell in under 100ms
– Erlangonxen.org memory usage: 8.7 MB
• ClickOS:
– Network devices processing >5 million pkt/sec
– 6 MB memory with 30 ms boot time
40. What About Security?
• Type-Safe Solution Stack
– Can be certified
– Certification is crucial for certain highly critical
tasks, like airplane fly-by-wire control systems
• Image footprints are unique to the image
– Intruders cannot rely on always finding certain
libraries
– No utilities to exploit, no shell to manipulate
41. What's Out There Right Now?
• Mirage OS, from the Xen Project Incubator
• HaLVM, from Galois
• LING, from Erlang-on-Xen
• ClickOS, from NEC Europe Labs
• OSv, from Cloudius Systems
• Rumprun, from the Rump Kernel Project
• And that's just the beginning...
42. How Does Xen Project Enable Unikernels?
• No Host OS means it's lean and mean
– A tiny VM can sit on a thin hypervisor layer on the
hardware
– Attack surface is small
– Scale out support
• Can currently support about 600 concurrent VMs per host
without losing performance
• Current target: 2000-3000 concurrent VMs per host
– Enhanced scheduler (Credit2)
– ARM as an option
43. Innovation: Is This All?
• By no means!
• The list of other subprojects & capabilities
continues to grow:
– Virtualized GPUs
– Enhanced NUMA
– COLO: Coarse-grained lockstepping of VMs
– Native VMware VMDK support
– And so on...
• http://xenproject.org/users/innovations.html
44. In Review...
• Some advantages of a Bare-Metal Hypervisor
– Density: It's thin
• Excellent for supporting very small workloads
– Scalability: It can support huge numbers of VMs
• Terrific for highly dense workloads
– Security: No host OS
• It has no host OS layer to attack
– Scheduling: Can use dedicated scheduler
• Needed for specialized workload profiles where a host OS scheduler
just won't do
– Paravirtualization: Simplified interface
• Easier to code to when no OS is present
45. The Xen Project Difference
• Tomorrow's workloads are not yesterday's
workloads
– If your hypervisor is just focused on yesterday's
payloads, it is suffering from planned obsolescence
– Select a hypervisor which is innovating – and Open
Source
• Xen Project is busy enabling the next
generation in virtualization
47. Basic Xen Project Concepts
47
Control domain
(dom0)
Control domain
(dom0)
Host HWHost HW
VMn
VMn
VM1
VM1
VM0
VM0
Guest OS
and Apps
Guest OS
and Apps
Memory CPUsI/O
Console
Interface to the outside
world
•
Control Domain aka
Dom0
• Dom0 kernel with drivers
Xen Management Toolstack
•
Guest Domains
• Your apps
•
Driver/Stub/Service
Domain(s)
A “driver, device model or
control service in a box”
De-privileged and isolated
Lifetime: start, stop, kill
Dom0 KernelDom0 Kernel
HypervisorHypervisorSchedulerScheduler MMUMMU XSMXSM
Trusted Computing Base
48. Basic Xen Project Concepts: Toolstack+
48
Control domain
(dom0)
Control domain
(dom0)
Host HWHost HW
VMn
VMn
VM1
VM1
VM0
VM0
Guest OS
and Apps
Guest OS
and Apps
Console
Memory CPUsI/O
Dom0 KernelDom0 Kernel
ToolstackToolstack
HypervisorHypervisorSchedulerScheduler MMUMMU XSMXSM
Console
• Interface to the outside
world
•
Control Domain aka
Dom0
• Dom0 kernel with drivers
• Xen Management Toolstack
•
Guest Domains
• Your apps
•
Driver/Stub/Service
Domain(s)
A “driver, device model or
control service in a box”
De-privileged and isolated
Lifetime: start, stop, kill
Trusted Computing Base
49. Basic Xen Project Concepts: Disaggregation
49
Control domain
(dom0)
Control domain
(dom0)
Host HWHost HW
VMn
VMn
VM1
VM1
VM0
VM0
Guest OS
and Apps
Guest OS
and Apps
Console
Memory CPUsI/O
One or more
driver, stub or
service domains
One or more
driver, stub or
service domains
Dom0 KernelDom0 Kernel
ToolstackToolstack
HypervisorHypervisorSchedulerScheduler MMUMMU XSMXSM
Console
• Interface to the outside
world
•
Control Domain aka
Dom0
• Dom0 kernel with drivers
• Xen Management Toolstack
•
Guest Domains
• Your apps
•
Driver/Stub/Service
Domain(s)
• A “driver, device model or
control service in a box”
• De-privileged and isolated
• Lifetime: start, stop, kill
Trusted Computing Base