Presentation given at the 2017 LinuxCon China
Unikernel is a novel software technology that links an application with OS in the form of a library and packages them into a specialized image that facilitates direct deployment on a hypervisor. Comparing to the traditional VM or the recent containers, Unikernels are smaller, more secure and efficient, making them ideal for cloud environments. There are already lots of open source projects like OSv, Rumprun and so on. But why these existing unikernels have yet to gain large popularity broadly? We think Unikernels are facing three major challenges: 1. Compatibility with existing applications; 2. Lack of production support (e.g. monitoring, debugging, logging); 3. Lack of compelling use case. In this presentation, we will review our investigations and exploration of if-how we can convert Linux as Unikernel to eliminate these significant shortcomings, plus some explorations of coordinating and cooperating with hypervisor.
Unikernel User Summit 2015: Getting started in unikernels using the rump kernelThe Linux Foundation
Justin Cormack's presentation at the Unikernel User Summit at Texas Linux Fest 2015. He discusses the basic principles and techniques for using Rump Kernels to power POSIXy workloads in a small, fast, and secure package.
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)The Linux Foundation
The confluence of a number of relatively recent trends including the development of virtualization technologies, the deployment of micro datacenters at PoPs, and the availability of microservers, opens up the possibility of evolving the cloud, and the network it is connected to, towards a superfluid cloud: a model where parties other than infrastructure owners can quickly deploy and migrate virtualized services throughout the network (in the core, at aggregation points and at the edge), enabling a number of novel use cases including virtualized CPEs and on-the-fly services, among others. Towards this goal, we identify a number of required mechanisms and present early evaluation results of their implementation.
On an inexpensive commodity server, we are able to concurrently run up to 10,000 specialized virtual machines (based on unikernels), instantiate a VM in as little as 10 milliseconds, and migrate it in under 100 milliseconds.
An overview of the libvirt+xen OpenStack CI, explaining the various components, how they fit together and the specific customisations needed to test libvirt+xen under OpenStack.
Unikernels are constructed by combining application code with only the operating system components necessary for that code to run. The result is a highly specialized, single-purpose application which can be deployed directly to the cloud or onto IoT-like devices. Unikernels reduce software complexity by only including code that is required, resulting in portable applications with much smaller footprints and fast boot times.
By combining the familiar tooling and portability of Docker with the efficiency and specialization of next-generation unikernel technology, organizations have a flexible platform to build, ship and run distributed applications without being restricted to a particular infrastructure. Because workloads that reach the data center today are on a spectrum from physical machine to container to hypervisor, only the Docker platform can further widen the scope and provide more flexibility for orchestrating hybrid applications.
Watch the video from Docker Online Meetup #31: https://blog.docker.com/2016/01/docker-online-meetup-unikernels/
XPDS13: VIRTUAL DISK INTEGRITY IN REAL TIME JP BLAKE, ASSURED INFORMATION SE...The Linux Foundation
This paper introduces the Virtual Disk Integrity in Real Time (vDIRT) monitor, a mechanism to measure virtual hard disks in real time from the Dom0 trusted computing base. vDIRT is an improvement over traditional methods for auditing file integrity which rely on a service in a potentially compromised host. It also overcomes the limitations of existing methods for assuring disk integrity that are coarse grained and do not scale to large disks. vDIRT is a capability to measure disk reads and writes in real time, allowing for fine grained tracking of sectors within files, as well as the overall disk. The vDIRT implementation and its impact on performance is discussed to show that disk operation monitoring from Dom0 is practical.
Presentation given at the 2017 LinuxCon China
Unikernel is a novel software technology that links an application with OS in the form of a library and packages them into a specialized image that facilitates direct deployment on a hypervisor. Comparing to the traditional VM or the recent containers, Unikernels are smaller, more secure and efficient, making them ideal for cloud environments. There are already lots of open source projects like OSv, Rumprun and so on. But why these existing unikernels have yet to gain large popularity broadly? We think Unikernels are facing three major challenges: 1. Compatibility with existing applications; 2. Lack of production support (e.g. monitoring, debugging, logging); 3. Lack of compelling use case. In this presentation, we will review our investigations and exploration of if-how we can convert Linux as Unikernel to eliminate these significant shortcomings, plus some explorations of coordinating and cooperating with hypervisor.
Unikernel User Summit 2015: Getting started in unikernels using the rump kernelThe Linux Foundation
Justin Cormack's presentation at the Unikernel User Summit at Texas Linux Fest 2015. He discusses the basic principles and techniques for using Rump Kernels to power POSIXy workloads in a small, fast, and secure package.
CIF16: Building the Superfluid Cloud with Unikernels (Simon Kuenzer, NEC Europe)The Linux Foundation
The confluence of a number of relatively recent trends including the development of virtualization technologies, the deployment of micro datacenters at PoPs, and the availability of microservers, opens up the possibility of evolving the cloud, and the network it is connected to, towards a superfluid cloud: a model where parties other than infrastructure owners can quickly deploy and migrate virtualized services throughout the network (in the core, at aggregation points and at the edge), enabling a number of novel use cases including virtualized CPEs and on-the-fly services, among others. Towards this goal, we identify a number of required mechanisms and present early evaluation results of their implementation.
On an inexpensive commodity server, we are able to concurrently run up to 10,000 specialized virtual machines (based on unikernels), instantiate a VM in as little as 10 milliseconds, and migrate it in under 100 milliseconds.
An overview of the libvirt+xen OpenStack CI, explaining the various components, how they fit together and the specific customisations needed to test libvirt+xen under OpenStack.
Unikernels are constructed by combining application code with only the operating system components necessary for that code to run. The result is a highly specialized, single-purpose application which can be deployed directly to the cloud or onto IoT-like devices. Unikernels reduce software complexity by only including code that is required, resulting in portable applications with much smaller footprints and fast boot times.
By combining the familiar tooling and portability of Docker with the efficiency and specialization of next-generation unikernel technology, organizations have a flexible platform to build, ship and run distributed applications without being restricted to a particular infrastructure. Because workloads that reach the data center today are on a spectrum from physical machine to container to hypervisor, only the Docker platform can further widen the scope and provide more flexibility for orchestrating hybrid applications.
Watch the video from Docker Online Meetup #31: https://blog.docker.com/2016/01/docker-online-meetup-unikernels/
XPDS13: VIRTUAL DISK INTEGRITY IN REAL TIME JP BLAKE, ASSURED INFORMATION SE...The Linux Foundation
This paper introduces the Virtual Disk Integrity in Real Time (vDIRT) monitor, a mechanism to measure virtual hard disks in real time from the Dom0 trusted computing base. vDIRT is an improvement over traditional methods for auditing file integrity which rely on a service in a potentially compromised host. It also overcomes the limitations of existing methods for assuring disk integrity that are coarse grained and do not scale to large disks. vDIRT is a capability to measure disk reads and writes in real time, allowing for fine grained tracking of sectors within files, as well as the overall disk. The vDIRT implementation and its impact on performance is discussed to show that disk operation monitoring from Dom0 is practical.
This talk details XenTT, an open-source framework for deterministic replay and systems analysis in development at the University of Utah. The framework consists of two main parts: a set of Xen extensions that implement efficient, deterministic replay, and a powerful analysis engine that extracts information from systems during replay executions.
Deterministic replay promises to change how people analyze and debug software systems. As software stacks grow in complexity, traditional ways of understanding failures, explaining anomalous executions, and analyzing performance are reaching their limits in the face of emergent behavior, unrepeatability, cross-component execution, software aging, and adversarial changes to code. Replay-based, whole-system analyses offer precise solutions to these problems.
XenTT extends Xen with the ability to replay and analyze the execution of VM guests. A number of careful design choices ensure that our implementation, which supports single-CPU, paravirtual, Linux guests, is efficient, maintainable, and extensible. XenTT's run-time checks and offline log-comparison tools enabled us to efficiently scale the recording layer by detecting and debugging errors in the determinism of replay.
Our analysis engine seeks to overcome the semantic gap between an analysis algorithm and the low-level state of a guest. Using debug information to reconstruct functions and data structures within the guest, the engine provides a convenient API for implementing systems analyses. The engine implements a powerful debug-symbol and VM introspection library, which enables an analysis to access the state of the guest through familiar terms. To further simplify the development of new analyses, the engine provides primitives that support common exploration patterns, e.g., breakpoints, watchpoints, and control-flow integrity checking. To enable performance analyses of recorded executions, XenTT provides a performance modeling interface, which faithfully replays performance parameters of the original run.
Beyond describing the design and implementation of XenTT, this talk will present examples of how we have used deterministic replay to implement security and performance analyses.
XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGICThe Linux Foundation
Data Breaches are all over the news these days, and no organization is safe. Nobody, from the largest governments to the biggest banks to the most advanced security companies is able to adequately protect themselves. The difficulty is that there are infinite number of ways to exfiltrate data from an organization ranging from stolen/lost hardware to steganography to malicious insiders to 0Day exploits installing malware to side channels. The industry is trying to solve this problem using detection, heuristics, pattern matching and behavioral analysis. A new approach is clearly needed to fight the Data Breach problem and keep data inside an organization.
Come find out how to use Hypervisors to repurpose hardware to protect sensitive data under the assumption of compromised networks, devices and users (Malicious Insiders). In addition, find out how to do so without using any type of detection, heuristics, pattern matching or behavioral analysis, but rather a strictly algorithmic approach rooted in hardware. Finally, learn about how this technology can be used in a generic manner to protect data of DataBases, Server Software, unmodified legacy applications, and unmodified consumer applications such as word processing and spreadsheet software.
CIF16: Knock, Knock: Unikernels Calling! (Richard Mortier, Cambridge University)The Linux Foundation
The lightweight and secure nature of Unikernels means that a prime use-case is to customise network behaviour. At the same time, the high-level languages that many are written in means that this sort of low-level coding is opened up to those who might not traditionally consider themselves "systems developers".
MirageOS is a particular unikernel platform built in the OCaml functional programming language. Able to seamlessly target a range of environments, from a local (POSIX) development environment to Xen virtual machines running on the cloud, it is a prime example of the ways that unikernels open up low-level development.
I will briefly introduce MirageOS before walking through an example developing and then running on Xen a simple network proxy using MirageOS. This proxy will implement a basic form of port-knocking, requiring a sequence of TCP connections (SYNs) to be made to the proxy to indicate a target, before permitting an outgoing connection to that target to be made.
Thanks to Thomas Gazagnaire for the material used in the walkthrough!
Presentation given at the 2017 LinuxCon China
With the booming of Container technology, it brings obvious advantages for cloud: simple and faster deployment, portability and lightweight cost. But the networking challenges are significant. Users need to restructure their network and support container deployment with current cloud framework, like container and VMs.
In this presentation, we will introduce new container networking solution, which provides one management framework to work with different network componenets through Open/friendly modelling mechnism. iCAN can simplify network deployment and management with most orchestration systems and a variety of data plane components, and design extendsible architect to define and validate Service Level Agreement(SLA) for cloud native applications, which is important factor for enterprise to deliver successful and stable service via containers.
LCNA14: Why Use Xen for Large Scale Enterprise Deployments? - Konrad Rzeszute...The Linux Foundation
For many years, the Xen community has been delivering a solid virtualization platform for the enterprise. In support of the Xen community innovation effort, Oracle has been translating our enterprise experience with mission-critical workloads and large-scale infrastructure deployments into upstream contributions for the Linux and Xen efforts. In this session, you'll hear from a key Oracle expert, and community member, about Oracle contributions that focus on large-scale Xen deployments, networking, PV drivers, new PVH architecture, performance enhancements, dynamic memory usage with ‘tmem', and much more. This is your chance to get an under the hood view and see why the Xen architecture is the ideal choice for the enterprise.
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...The Linux Foundation
An important facilitator of Unikernel development, Xen Project continues to develop new and interesting technologies to support the needs of the next generation datacenter. Potentially game-changing technologies like Unikernels will never reach their full potential unless the hypervisor they rely on can handle a large number of potentially tiny VMs effectively and efficiently.
In this talk, Xen Project Advisory Board Chairman Lars Kurth will discuss some of the major advances in the hypervisor produced in last year's releases (4.5 and 4.6). He will also discuss some of the work in development which could appear in upcoming releases.
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...The Linux Foundation
Released as Open Source Software (OSS) in June 2014, OpenXT is a collection of hardened Linux VMs configured to provide a user facing Xen platform for client devices. This default configuration was mostly static, applying some disaggregation techniques to segregate system components based on a general threat analysis. The goals embodied in
this code base up to its release produced a one-size-fits-most configuration with extensibility in specific areas to encapsulate 3rd party value-add.
With a community now forming around OpenXT we must come to terms with the limitations of the this approach. In this talk Philip will define what OpenXT is and in this definition, show that OpenXT can meet the varied needs of the security and virtualization community through the
construction of a toolkit for the configurable disaggregation of a Xen platform.
CIF16: Unikernels, Meet Docker! Containing Unikernels (Richard Mortier, Anil ...The Linux Foundation
Unikernels are a burgeoning technology, ripe for deployment in a range of situations, from cloud-hosted microservices to Internet-of-Things platforms. By compiling and linking only the required code, they offer a range of benefits over traditional OS-hosted deployments, notably efficiency and, through smaller attack surfaces, security. While increasing in maturity, to date they have remained something of a technologists' choice: technically compelling but requiring considerable effort to build, deploy and use.
To address this, some in the community have spent time trying to integrate unikernel management with the popular Docker container management stack. By enabling unikernels to be managed using the standard Docker command line tools, we bring all the ease-of-use and common understandings of that toolchain to bear on this exciting technology.
After giving some context to the challenges faced, we will demonstrate building and running a simple LAMP-like stack using Docker to build and manage Rumprun and MirageOS Unikernels.
Thanks to Amir Chaudhry, Justin Cormack, Martin Lucina, Mindy Preston and Jeremy Yallop for assistance in building this demo!
OSv Unikernel — Optimizing Guest OS to Run Stateless and Serverless Apps in t...ScyllaDB
Unikernels have been demonstrated to deliver excellent performance in terms of throughput and latency, while providing high isolation. However they have also been shown to underperform in some types of workloads when compared to a generic OS like Linux. In this presentation, we demonstrate that certain types of workloads - web servers, microservices, and other stateless and/or serverless apps - can greatly benefit from OSv optimized networking stack and other features. We describe number of experiments where OSv outperforms Linux guest: most notably we note 1.6 throughput (req/s) and 0.6 latency improvement (at p99 percentile) when running nginx and 1.7 throughput (req/s) and 0.6 latency improvement (at p99 percentile) when running simple microservice implemented in Golang.
We also show that OSv' small kernel, low boot time and memory consumption allow for very high density when running server-less workloads. The experiment described in this presentation shows we can boot 1,800 OSv microVMs per second on AWS c5n.metal machine with 72 CPUs (25 boots/sec on single CPU) with guest boot time recorded as low as 8.98ms at p50 and 31.49ms at p99 percentile respectively.
Lastly we also demonstrate how to automate the build process of the OSv kernel tailored exactly to the specific app and/or VMM so that only the code and symbols needed are part of the kernel and nothing more. OSv is an open source project and can be found at https://github.com/cloudius-systems/osv.
Opensource approach to design and deployment of Microservices based VNFMichelle Holley
Microservice is gaining increased adoption in the Telco NFV world. It is key to understand the design and deployment methodologies involved in developing Microservice based VNF. This talk provides an opensource practitioner approach to building and deploying a Microservice based VNF and includes the following: - Design patterns, workflow models - Design models for VNF placement, capacity management, scale-in/out and resiliency - Deployment considerations that includes handing of scale and fault tolerant VNF using well known Opensource tools.
About the presenter: Prem Sankar works for Ericsson Opensource Ecosystem team and part of the Opendaylight and OPNFV team in Ericsson. Prem evangelizes SDN and Cloud and has given many sessions and conducted workshops around SDN and ODL. Prem is PTL of ODL COE project and currently driving the Kuberenetes and ODL Integration in Opendaylight community. Prem is a frequent speaker at opensource summits and has presented in Opendaylight, OPNFV and Open networking summits.
You Call that Micro, Mr. Docker? How OSv and Unikernels Help Micro-services S...rhatr
OSv is the new open source unikernel technology that combines the power of virtualization and micro-services architecture. This combination allows unmodified applications to be packaged just like Docker containers while at the same time outperform bare-metal deployments. Yes. You've heard it right: for the first time ever we can stop asking the question of how much performance would I lose if I virtualize. OSv lets you ask a different question: how much would my application gain in performance if I virtualize it. This talk will start by looking into the architecture of OSv and the kind of optimizations it makes possible for native, unmodified applications. We will then focus on JVM-specific optimizations and specifically on speedups available to micro-service oriented applications when they are being deployed on OSv.
This talk details XenTT, an open-source framework for deterministic replay and systems analysis in development at the University of Utah. The framework consists of two main parts: a set of Xen extensions that implement efficient, deterministic replay, and a powerful analysis engine that extracts information from systems during replay executions.
Deterministic replay promises to change how people analyze and debug software systems. As software stacks grow in complexity, traditional ways of understanding failures, explaining anomalous executions, and analyzing performance are reaching their limits in the face of emergent behavior, unrepeatability, cross-component execution, software aging, and adversarial changes to code. Replay-based, whole-system analyses offer precise solutions to these problems.
XenTT extends Xen with the ability to replay and analyze the execution of VM guests. A number of careful design choices ensure that our implementation, which supports single-CPU, paravirtual, Linux guests, is efficient, maintainable, and extensible. XenTT's run-time checks and offline log-comparison tools enabled us to efficiently scale the recording layer by detecting and debugging errors in the determinism of replay.
Our analysis engine seeks to overcome the semantic gap between an analysis algorithm and the low-level state of a guest. Using debug information to reconstruct functions and data structures within the guest, the engine provides a convenient API for implementing systems analyses. The engine implements a powerful debug-symbol and VM introspection library, which enables an analysis to access the state of the guest through familiar terms. To further simplify the development of new analyses, the engine provides primitives that support common exploration patterns, e.g., breakpoints, watchpoints, and control-flow integrity checking. To enable performance analyses of recorded executions, XenTT provides a performance modeling interface, which faithfully replays performance parameters of the original run.
Beyond describing the design and implementation of XenTT, this talk will present examples of how we have used deterministic replay to implement security and performance analyses.
XPDS16: Hypervisor Enforced Data Loss Prevention - Neil Sikka, A1LOGICThe Linux Foundation
Data Breaches are all over the news these days, and no organization is safe. Nobody, from the largest governments to the biggest banks to the most advanced security companies is able to adequately protect themselves. The difficulty is that there are infinite number of ways to exfiltrate data from an organization ranging from stolen/lost hardware to steganography to malicious insiders to 0Day exploits installing malware to side channels. The industry is trying to solve this problem using detection, heuristics, pattern matching and behavioral analysis. A new approach is clearly needed to fight the Data Breach problem and keep data inside an organization.
Come find out how to use Hypervisors to repurpose hardware to protect sensitive data under the assumption of compromised networks, devices and users (Malicious Insiders). In addition, find out how to do so without using any type of detection, heuristics, pattern matching or behavioral analysis, but rather a strictly algorithmic approach rooted in hardware. Finally, learn about how this technology can be used in a generic manner to protect data of DataBases, Server Software, unmodified legacy applications, and unmodified consumer applications such as word processing and spreadsheet software.
CIF16: Knock, Knock: Unikernels Calling! (Richard Mortier, Cambridge University)The Linux Foundation
The lightweight and secure nature of Unikernels means that a prime use-case is to customise network behaviour. At the same time, the high-level languages that many are written in means that this sort of low-level coding is opened up to those who might not traditionally consider themselves "systems developers".
MirageOS is a particular unikernel platform built in the OCaml functional programming language. Able to seamlessly target a range of environments, from a local (POSIX) development environment to Xen virtual machines running on the cloud, it is a prime example of the ways that unikernels open up low-level development.
I will briefly introduce MirageOS before walking through an example developing and then running on Xen a simple network proxy using MirageOS. This proxy will implement a basic form of port-knocking, requiring a sequence of TCP connections (SYNs) to be made to the proxy to indicate a target, before permitting an outgoing connection to that target to be made.
Thanks to Thomas Gazagnaire for the material used in the walkthrough!
Presentation given at the 2017 LinuxCon China
With the booming of Container technology, it brings obvious advantages for cloud: simple and faster deployment, portability and lightweight cost. But the networking challenges are significant. Users need to restructure their network and support container deployment with current cloud framework, like container and VMs.
In this presentation, we will introduce new container networking solution, which provides one management framework to work with different network componenets through Open/friendly modelling mechnism. iCAN can simplify network deployment and management with most orchestration systems and a variety of data plane components, and design extendsible architect to define and validate Service Level Agreement(SLA) for cloud native applications, which is important factor for enterprise to deliver successful and stable service via containers.
LCNA14: Why Use Xen for Large Scale Enterprise Deployments? - Konrad Rzeszute...The Linux Foundation
For many years, the Xen community has been delivering a solid virtualization platform for the enterprise. In support of the Xen community innovation effort, Oracle has been translating our enterprise experience with mission-critical workloads and large-scale infrastructure deployments into upstream contributions for the Linux and Xen efforts. In this session, you'll hear from a key Oracle expert, and community member, about Oracle contributions that focus on large-scale Xen deployments, networking, PV drivers, new PVH architecture, performance enhancements, dynamic memory usage with ‘tmem', and much more. This is your chance to get an under the hood view and see why the Xen architecture is the ideal choice for the enterprise.
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...The Linux Foundation
An important facilitator of Unikernel development, Xen Project continues to develop new and interesting technologies to support the needs of the next generation datacenter. Potentially game-changing technologies like Unikernels will never reach their full potential unless the hypervisor they rely on can handle a large number of potentially tiny VMs effectively and efficiently.
In this talk, Xen Project Advisory Board Chairman Lars Kurth will discuss some of the major advances in the hypervisor produced in last year's releases (4.5 and 4.6). He will also discuss some of the work in development which could appear in upcoming releases.
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...The Linux Foundation
Released as Open Source Software (OSS) in June 2014, OpenXT is a collection of hardened Linux VMs configured to provide a user facing Xen platform for client devices. This default configuration was mostly static, applying some disaggregation techniques to segregate system components based on a general threat analysis. The goals embodied in
this code base up to its release produced a one-size-fits-most configuration with extensibility in specific areas to encapsulate 3rd party value-add.
With a community now forming around OpenXT we must come to terms with the limitations of the this approach. In this talk Philip will define what OpenXT is and in this definition, show that OpenXT can meet the varied needs of the security and virtualization community through the
construction of a toolkit for the configurable disaggregation of a Xen platform.
CIF16: Unikernels, Meet Docker! Containing Unikernels (Richard Mortier, Anil ...The Linux Foundation
Unikernels are a burgeoning technology, ripe for deployment in a range of situations, from cloud-hosted microservices to Internet-of-Things platforms. By compiling and linking only the required code, they offer a range of benefits over traditional OS-hosted deployments, notably efficiency and, through smaller attack surfaces, security. While increasing in maturity, to date they have remained something of a technologists' choice: technically compelling but requiring considerable effort to build, deploy and use.
To address this, some in the community have spent time trying to integrate unikernel management with the popular Docker container management stack. By enabling unikernels to be managed using the standard Docker command line tools, we bring all the ease-of-use and common understandings of that toolchain to bear on this exciting technology.
After giving some context to the challenges faced, we will demonstrate building and running a simple LAMP-like stack using Docker to build and manage Rumprun and MirageOS Unikernels.
Thanks to Amir Chaudhry, Justin Cormack, Martin Lucina, Mindy Preston and Jeremy Yallop for assistance in building this demo!
OSv Unikernel — Optimizing Guest OS to Run Stateless and Serverless Apps in t...ScyllaDB
Unikernels have been demonstrated to deliver excellent performance in terms of throughput and latency, while providing high isolation. However they have also been shown to underperform in some types of workloads when compared to a generic OS like Linux. In this presentation, we demonstrate that certain types of workloads - web servers, microservices, and other stateless and/or serverless apps - can greatly benefit from OSv optimized networking stack and other features. We describe number of experiments where OSv outperforms Linux guest: most notably we note 1.6 throughput (req/s) and 0.6 latency improvement (at p99 percentile) when running nginx and 1.7 throughput (req/s) and 0.6 latency improvement (at p99 percentile) when running simple microservice implemented in Golang.
We also show that OSv' small kernel, low boot time and memory consumption allow for very high density when running server-less workloads. The experiment described in this presentation shows we can boot 1,800 OSv microVMs per second on AWS c5n.metal machine with 72 CPUs (25 boots/sec on single CPU) with guest boot time recorded as low as 8.98ms at p50 and 31.49ms at p99 percentile respectively.
Lastly we also demonstrate how to automate the build process of the OSv kernel tailored exactly to the specific app and/or VMM so that only the code and symbols needed are part of the kernel and nothing more. OSv is an open source project and can be found at https://github.com/cloudius-systems/osv.
Opensource approach to design and deployment of Microservices based VNFMichelle Holley
Microservice is gaining increased adoption in the Telco NFV world. It is key to understand the design and deployment methodologies involved in developing Microservice based VNF. This talk provides an opensource practitioner approach to building and deploying a Microservice based VNF and includes the following: - Design patterns, workflow models - Design models for VNF placement, capacity management, scale-in/out and resiliency - Deployment considerations that includes handing of scale and fault tolerant VNF using well known Opensource tools.
About the presenter: Prem Sankar works for Ericsson Opensource Ecosystem team and part of the Opendaylight and OPNFV team in Ericsson. Prem evangelizes SDN and Cloud and has given many sessions and conducted workshops around SDN and ODL. Prem is PTL of ODL COE project and currently driving the Kuberenetes and ODL Integration in Opendaylight community. Prem is a frequent speaker at opensource summits and has presented in Opendaylight, OPNFV and Open networking summits.
You Call that Micro, Mr. Docker? How OSv and Unikernels Help Micro-services S...rhatr
OSv is the new open source unikernel technology that combines the power of virtualization and micro-services architecture. This combination allows unmodified applications to be packaged just like Docker containers while at the same time outperform bare-metal deployments. Yes. You've heard it right: for the first time ever we can stop asking the question of how much performance would I lose if I virtualize. OSv lets you ask a different question: how much would my application gain in performance if I virtualize it. This talk will start by looking into the architecture of OSv and the kind of optimizations it makes possible for native, unmodified applications. We will then focus on JVM-specific optimizations and specifically on speedups available to micro-service oriented applications when they are being deployed on OSv.
The Xen Hypervisor was built for the Cloud from the outset: when Xen was designed, we anticipated a world, which today is known as cloud computing. Today, 10 years after the project started, Xen powers the largest clouds in production.
This talk explores success criteria, architecture, trade-offs and challenges for cloudy hypervisors. It is intended for users and developers and starts with a brief introduction to Xen and XCP, their architecture, common challenges for KVM and Xen and securing the cloud. It will introduce concepts such as the virtualization spectrum, the concept of domain disaggregation and the Xen Security Modules as techniques to increase security, robustness and scalability. All important factors for building clouds at scale.
The talk will conclude with exciting developments in the Xen community, such as Xen support for ARM servers, Mirage appliances that can be run on any Xen based cloud, etc. and explore their implications for building open source clouds.
These slides accompanied a live install of Triton Elastic Container Infrastructure as described in the following blog post:
https://www.joyent.com/blog/spin-up-a-docker-dev-test-environment-in-60-minutes-or-less
Presentation abstract:
Hardware hypervisors were a first generation approach to the challenges of resource and security isolation, but they’re unnecessarily shackling operations and developers with limitations that are no longer relevant to containerized deployments.
We need bare metal performance, but how can we get the security isolation and elasticity that we need without VMs? Container -- truly secure, bare metal containers -- offer an alternative that improve performance while reducing costs (and CO2 emissions too!).
What are they, how do they work, and how does containerization affect my apps??
These slides were presented at:
http://www.meetup.com/austin-devops/events/223284754/
http://www.meetup.com/PhillyDevOps/events/223197735/
http://www.meetup.com/DevOpsandAutomationNJ/events/223432942/
Kernel Recipes 2014 - Xen as a foundation for cloud infrastructureAnne Nicolas
It is no accident that Xen software powers some of the largest Clouds in existence. From its outset, the Xen Project was intended to enable what we now call Cloud Computing.
This session will explore how the Xen Architecture addresses the needs of the Cloud in ways which facilitate security, throughput, and agility. It will also cover some of the hot new developments of the Xen Project.
Julien Grall, Citrix
LF Collaboration Summit: Xen Project 4 4 Features and FuturesThe Linux Foundation
Xen Project 4.4 Release Information.
Delivered by Russell Pavlicek at Linux Foundation Collaborative Summit on March 27, 2014.
Updated for LinuxCon/CloudOpen North America in August 2014.
Using SoC Vendor HALs in the Zephyr Project - SFO17-112Linaro
Session ID: SFO17-112
Session Name: Using SoC Vendor HALs in the Zephyr Project - SFO17-112
Speaker: Maureen Helm
Track: LITE
★ Session Summary ★
The Zephyr OS is a small, scalable RTOS that supports a wide variety of SoCs, many of which have existing HALs provided by the SoC vendors, especially in the ARM Cortex-M world. These HALs provide peripheral register definitions and in many cases, include bare metal peripheral drivers. Rather than reinventing the wheel, the Zephyr Project decided to proactively reuse these vendor HALs whenever possible. This session will cover how and why the Zephyr Project uses SoC vendor HALs, what are the common problems, and how to address them.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/sfo17/sfo17-112/
Presentation:
Video: https://www.youtube.com/watch?v=hHcnw4xu_Mo
---------------------------------------------------
★ Event Details ★
Linaro Connect San Francisco 2017 (SFO17)
25-29 September 2017
Hyatt Regency San Francisco Airport
---------------------------------------------------
Keyword:
'http://www.linaro.org'
'http://connect.linaro.org'
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://twitter.com/linaroorg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/102696
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVMvwchu
With co-presenter Maninder Singh, delivered a presentation about hypervisors and virtualization technology for an independent topic study project for the Operating System Design (EECS 4221) course at York University, Canada in October 2014.
Virtualization, briefly, is the separation of resources or requests for a service from the underlying physical delivery of that service. It is a concept in which access to a single underlying piece of hardware is coordinated so that multiple guest operating systems can share a single piece of hardware, with no guest operating system being aware that it is actually sharing anything at all.
Hypervisors are becoming more and more widespread in embedded environments, from automotive to medical and avionics. Their use case is different from traditional server and desktop virtualization, and so are their requirements. This talk will explain why hypervisors are used in embedded, and the unique challenges posed by these environments to virtualization technologies.
Xen, a popular open source hypervisor, was born to virtualize x86 Linux systems for the data center. It is now the leading open source hypervisor for ARM embedded platforms. The presentation will show how the ARM port of Xen differs from its x86 counterpart. It will go through the fundamental design decisions that made Xen a good choice for ARM embedded virtualization. The talk will explain the implementation of key features such as device assignment and interrupt virtualization.
Static partitioning is used to split an embedded system into multiple domains, each of them having access only to a portion of the hardware on the SoC. It is key to enable mixed-criticality scenarios, where a critical application, often based on a small RTOS, runs alongside a larger non-critical app, typically based on Linux. The two domains cannot interfere with each other.
This talk will explain how to use Xen for static partitioning. It will introduce dom0-less, a new Xen feature written for the purpose. Dom0-less allows multiple VMs to start at boot time directly from the Xen hypervisor, decreasing boot times drastically. It makes it very easy to partition the system without virtualization overhead. Dom0 becomes unnecessary.
This presentation will go into details on how to setup a Xen dom0-less system. It will show configuration examples and explain device assignment. The talk will discuss its implications for latency-sensitive and safety-critical environments.
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...The Linux Foundation
TrenchBoot is a cross-community OSS integration project for hardware-rooted, late launch integrity of open and proprietary systems. It provides a general purpose, open-source DRTM kernel for measured system launch and attestation of device integrity to trust-centric access infrastructure. TrenchBoot closes the UEFI Measurement Gap and reduces the need to trust system firmware. This talk will introduce TrenchBoot architecture and a recent collaboration with Oracle to launch the Linux kernel directly with Intel TXT or AMD SVM Secure Launch. It will propose mechanisms for integrating the Xen hypervisor into a TrenchBoot system launch. DRTM-enabled capabilities for client, server and embedded platforms will be presented for consideration by the Xen community.
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...The Linux Foundation
Artem will briefly cover what has been done since the first talk on Xen in Automotive domain back in 2013, what is going on now and what is still missing for broad adaptation of Xen in vehicles. The following topics will be covered:
Embedded/automotive features of Xen
Collaboration with AGL and GENIVI organizations for standardization
Efforts on Functional Safety compliance
Artem will also go over typical automotive use scenarios for Xen which may not be the same as generic computing use of hypervisor.
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...The Linux Foundation
In this keynote talk, we will give an overview of the state of the Xen Project, trends that impact the project, see whether challenges that surfaced last year have been addressed and how we did it, and highlight new challenges and solutions for the coming year.
In recent years unikernels have shown immense performance potential (e.g., boot times of only a few ms, image sizes of only hundreds of KBs).The fundamental drawback of unikernels is that they require that applications be manually ported to the underlying minimalistic OS, needing both expert work and often considerable amount of time.
The Unikraft project provides a unikernel code base and build system that significantly simplifies the building of unikernels. In addition to support for a number CPU architectures, languages and frameworks, Unikraft provides debugging and tracing features that are generally sorely missing from unikernel projects. In this talk we will talk about these features, show a set of preliminary performance numbers, and provide a roadmap for the project's future.
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...The Linux Foundation
The idea of making Xen secret-free has been floating since Spectre and Meltdown came into light. In this talk we will discuss what is being done and what needs to be done next.
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxThe Linux Foundation
This talk will introduce Dom0-less: a new way of using Xen to build mixed-criticality solutions. Dom0-less is a Xen feature that adds a novel approach to static partitioning based on virtualization. It allows multiple domains to start at boot time directly from the Xen hypervisor, decreasing boot times dramatically. Xen userspace tools, such as xl and libvirt, become optional.
Dom0-less extends the existing device tree based Xen boot protocol to cover information required by additional domains. Binaries, such as kernels and ramdisks, are loaded by the bootloader (u-boot) and advertised to Xen via new device tree bindings.
The audience will learn how to use Dom0-less to partition the system. Uboot and device tree configuration details will be explained to enable the audience to get the most out of this feature. The talk will include a status update and details on future plans.
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...The Linux Foundation
As the number of contributions grow, reviewer bandwidth becomes a bottleneck; and maintainers are always asking for more help. However, ultimately maintainers must at least Ack every patch that goes in; so if you're not a maintainer, how can you contribute? Why should anyone care about your opinion?
This talk will try to lay out some advice and guidelines for non-maintainers, for how they can do code review in a way which will effectively reduce the load on maintainers when they do come to review a patch.
This talk is a follow-up to our Summit 2017 presentation in which we covered our plans for Intel VMFUNC and #VE, as well as related use-cases. This year, we will provide a report on what we have accomplished in Xen 4.12, and what remains to be addressed. We will also give a brief status update of VMI on AMD hardware. The session will end with some real-world numbers of the Hypervisor Introspection solution running on Citrix Hypervisor 8.0 with #VE enabled.
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...The Linux Foundation
Safety certification is one of the essential requirements for software to be used in highly regulated industries. Besides technical and compliance issues (such as ISO 26262 vs IEC 611508) transitioning an existing project to become more easily safety certifiable requires significant changes to development practices within an open source project.
In this session, we will lay out some challenges of making safety certification achievable in open source and the Xen Project. We will outline the process the Xen Project has followed thus far and highlight lessons learned along the way. The talk will primarily focus on necessary process, tooling changes and community challenges that can prevent progress. We will be offering an in-depth review of how Xen Project is approaching this challenging goal and try to derive lessons for other projects and contributors.
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...The Linux Foundation
Safety certification is one of the essential requirements for software to be used in highly regulated industries. The Xen Project, a secure and stable hypervisor that is used in many different markets, has been exploring the feasibility of building safety certified products on top of Xen for a year, looking at key aspects of its code base and development practices.
In this session, we will lay out the motivation and challenges of making safety certification achievable in open source and the Xen Project. We will outline the process the project has followed thus far and highlight lessons learned along the way. The talk will cover technical enablers, necessary process and tooling changes and community challenges offering an in-depth review of how Xen Project is approaching this exciting and and challenging goal.
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixThe Linux Foundation
2018 saw fundamental shifts in security boundaries which were previously taken for granted. A lot of work has been done in the past 2 years, and largely in secret under embargo, but there is plenty more work to be done to strengthen the existing mitigations and to try to recover some performance without reopening security holes.
This talk will look at speculative execution sidechannels, the work which has already been done to mitigate the security holes, and future work which hopes to bring some improvements.
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdThe Linux Foundation
The Arm architecture provides a set of guidelines that any software should abide by when accessing the memory with MMU off and update page-tables. Failing to do so may result in getting TLB conflicts or breaking coherency.
In a previous talk ("Keeping coherency on Arm"), we focused on updating safely the stage-2 (aka P2M) page-tables. This talk will focus on the boot code and Xen memory management.
During this session, we will introduce some of the guidelines and when they should be used. We will also discuss how Xen boot sequence needs to be reworked to avoid breaking the guidelines.
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...The Linux Foundation
For many years the QEMU codebase has contained PV backends for Xen guests, giving them paravirtual access to storage, network, keyboard, mouse, etc. however these backends have not been configurable as QEMU devices as their implementation did not fully adhere to the QEMU Object Model (QOM).
Particularly the PV storage backend not using proper QOM devices, or qdevs, meant that the QEMU block layer needed to maintain legacy code that was cluttering up the source. This was causing push-back from the maintainers who did not want to accept any patches relating to that Xen backend until it was 'qdevified'.
In this talk, I'll explain the modifications I made to QEMU to achieve 'qdevification' of the PV storage backend, how compatibility with the libxl toolstack was maintained, and what the next steps in both QEMU and libxl development should be.
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DThe Linux Foundation
PCI is a local computer bus for attaching hardware devices in a computer, and is the main peripheral bus on modern x86 systems. As such, having a proper way to emulate it is crucial for Xen to be able to expose both fully emulated devices or passthrough devices to guests.
This talk will focus on the current status of PCI emulation in Xen, how and where it is used, what are its main limitations and future plans to improve it in order to be more robust and modular.
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsThe Linux Foundation
Volodymyr will speak about TEE mediators. This is a new feature in Xen which allows multiple virtual machines to interact with Trusted Execution Environment available on platform. He developed mediator for one of TEEs, namely OP-TEE.
He will give background information on why TEE is needed at all and share some implementation details.
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...The Linux Foundation
Xen is a very powerful hypervisor with a talented and diverse developers community. Despite the fact it's almost everywhere (from the Cloud to the embedded world), it can be difficult to set up and manage as a system administrator. General purpose distros have Xen packages, but that's just a start in your Xen journey: you need some tooling and knowledge to have a working and scalable platform.
XCP-ng was built to overcome those issues: by bringing Xen to the masses with a fully turnkey distro with Xen as its core. It's the logical sequel to the XCP project, with a community focus from the start. We'll see how it happened, what we did, and what's next. Finally, we'll see the impact of XCP-ng on the Xen Project.
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...The Linux Foundation
Doug has long advocated for more CI/CD (Continuous Integration / Continuous Delivery) processes to be adopted by the Xen Project from the use of Travis CI and now GitLab CI. This talk aims to propose ideas for building upon the existing process and transforming the development process to provide users a higher quality with each release by the Xen Project.
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...The Linux Foundation
High level toolstacks for server and cloud virtualization are very mature with large communities using and supporting them. Client virtualization is a much more niche community with unique requirements when compared to those found in the server space. In this talk, we’ll introduce a client virtualization toolstack for Xen (redctl) that we are using in Redfield, a new open-source client virtualization distribution that builds upon the work done by the greater virtualization and Linux communities. We will present a case for maturing libxl’s Go bindings and discuss what advantages Go has to offer for high level toolstacks, including in the server space.
Today Xen is scheduling guest virtual cpus on all available physical cpus independently from each other. Recent security issues on modern processors (e.g. L1TF) require to turn off hyperthreading for best security in order to avoid leaking information from one hyperthread to the other. One way to avoid having to turn off hyperthreading is to only ever schedule virtual cpus of the same guest on one physical core at the same time. This is called core scheduling.
This presentation shows results from the effort to implement core scheduling in the Xen hypervisor. The basic modifications in Xen are presented and performance numbers with core scheduling active are shown.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Designing Great Products: The Power of Design and Leadership by Chief Designe...
IITCC15: The Bare-Metal Hypervisor as a Platform for Innovation
1. Innovation In The Cloud Conference
The Bare-Metal Hypervisor as a Platform for
Innovation
By Russell Pavlicek
Xen Project Evangelist
Russell.Pavlicek@XenProject.org
@RCPavlicek
2. About the Old, Fat Geek Up Front
• Linux user since 1995; became a Linux advocate immediately
• Delivered many early talks on Open Source Advocacy
• Former Open Source columnist for Infoworld, Processor magazines
• Former weekly panelist on “The Linux Show”
• Wrote one of the first books on Open Source: Embracing Insanity:
Open Source Software Development
• 30 years in the industry; 20+ years in software services consulting
• Currently Evangelist for the Xen Project (employed by Citrix)
• Over 75 FOSS talks delivered; over 150 FOSS pieces published
3. About Innovation...
• A favorite buzzword for marketing purposes
• Many things in our industry labeled
“Innovation” are nothing more than hackneyed
placid tripe
• Innovation calls for thinking of the world in a
different way and seeing it come to life
• Simply changing the shade of lipstick on a pig
does not qualify
4. About Innovation...
• Real innovation can borrow from the known to
create the unknown
• Many innovations are reassemblies of known
objects in a new way
– Example: many cloud concepts resemble similar
concepts in mainframes, but they've been
reapplied to a multi-server environment
– But the net result needs to be something
significantly different than what existed before
5. Some of the More Interesting Advances
• Xen Automotive: the effort to craft an embedded
automotive infotainment system
• Realtime virtualization: work to facilitate applications
which need realtime processing
• ARM-based hypervisor: enabling a new breed of
applications, from servers to cell phones, on the ARM
architecture
• MirageOS and other unikernel systems: creating
highly-dense farms of ultra-small and secure cloud
appliances
7. Hypervisor Architectures
Type 1: Bare metal Hypervisor
A pure Hypervisor that runs directly on the
hardware and hosts Guest OS’s.
Provides partition isolation +
reliability,
higher security
Provides partition isolation +
reliability,
higher security
Host HWHost HW
Memory CPUsI/O
HypervisorHypervisor SchedulerScheduler
MMUMMUDevice Drivers/ModelsDevice Drivers/Models
VMn
VMn
VM1
VM1
VM0
VM0
Guest OS
and Apps
Guest OS
and Apps
8. Hypervisor Architectures
Type 1: Bare metal Hypervisor
A pure Hypervisor that runs directly on the
hardware and hosts Guest OS’s.
Type 2: OS ‘Hosted’
A Hypervisor that runs within a Host OS and
hosts Guest OS’s inside of it, using the host
OS services to provide the virtual environment.
Provides partition isolation +
reliability,
higher security
Provides partition isolation +
reliability,
higher security
Low cost, no additional drivers
Ease of use & installation
Low cost, no additional drivers
Ease of use & installation
Host HWHost HW
Memory CPUsI/O
Host HWHost HW
Memory CPUsI/O
HypervisorHypervisor
SchedulerScheduler
MMUMMUDevice Drivers/ModelsDevice Drivers/Models
VMn
VMn
VM1
VM1
VM0
VM0
Guest OS
and Apps
Guest OS
and Apps
Host OSHost OS
Device DriversDevice Drivers
Ring-0 VM Monitor
“Kernel “
Ring-0 VM Monitor
“Kernel “
VMn
VMn
VM1
VM1
VM0
VM0
Guest OS
and Apps
Guest OS
and Apps
User
Apps
User
Apps
User-level VMMUser-level VMM
Device ModelsDevice Models
9. Xen Project: Type 1 with a Twist
Type 1: Bare metal Hypervisor
Host HWHost HW
Memory CPUsI/O
HypervisorHypervisor SchedulerScheduler
MMUMMUDevice Drivers/ModelsDevice Drivers/Models
VMn
VMn
VM1
VM1
VM0
VM0
Guest OS
and Apps
Guest OS
and Apps
10. Xen Project: Type 1 with a Twist
Type 1: Bare metal Hypervisor
Host HWHost HW
Memory CPUsI/O
HypervisorHypervisor SchedulerScheduler
MMUMMUDevice Drivers/ModelsDevice Drivers/Models
VMn
VMn
VM1
VM1
VM0
VM0
Guest OS
and Apps
Guest OS
and Apps
Host HWHost HW
Memory CPUsI/O
HypervisorHypervisor
VMn
VMn
VM1
VM1
VM0
VM0
Guest OS
and Apps
Guest OS
and Apps
Xen Project Architecture
SchedulerScheduler MMUMMU
11. Xen Project: Type 1 with a Twist
Type 1: Bare metal Hypervisor
Host HWHost HW
Memory CPUsI/O
HypervisorHypervisor SchedulerScheduler
MMUMMUDevice Drivers/ModelsDevice Drivers/Models
VMn
VMn
VM1
VM1
VM0
VM0
Guest OS
and Apps
Guest OS
and Apps
Host HWHost HW
Memory CPUsI/O
HypervisorHypervisor
VMn
VMn
VM1
VM1
VM0
VM0
Guest OS
and Apps
Guest OS
and Apps
Xen Project Architecture
SchedulerScheduler MMUMMU
Control domain
(dom0)
Control domain
(dom0)
DriversDrivers
Device ModelsDevice Models
Linux & BSDLinux & BSD
12. Some Bare-Metal Advantages
• What are the advantages of a Bare-Metal Hypervisor?
– Density: It's thin
• Excellent for supporting very small workloads
– Scalability: It can support huge numbers of VMs
• Terrific for highly dense workloads
– Security: No host OS
• It has no host OS layer to attack
– Scheduling: Can use dedicated scheduler
• Needed for specialized workload profiles where a host OS scheduler just won't
do
– Paravirtualization: Simplified interface
• Easier to code to when no OS is present
• And now some of the innovations they enable...
13. #1: Xen Automotive
• A subproject of the Xen Project
• Proposed by community member GlobalLogic
• Support for infotainment systems (for now...)
• Eliminates multiple discreet systems needing
sourcing, installation, and testing
• ARM-based
14. Automotive Challenges
• Soft-Real-time support
• Hard-Real-time support
• GPU virtualization
• Other co-processor (DSP, IPU, etc.)
• Certification
• Driver support for Android, e.g. Backend ION memory
allocator and Linux User Space Device Drivers for
Graphics, Sound, USB, Giros, GPS, etc.
• Driver support for operating systems such as QNX and
other guest operating systems that are relevant for these
use-cases
15. A Focused Hypervisor
• Automotive requires extreme focus
• Simply repurposing a server-based hypervisor
won't cut it
• A Bare-Metal hypervisor can add and modify
pieces as needed
– There is no legacy Host Operating System to be
accommodated
– Bare-Metal can do what the situation requires
16. #2: Realtime Virtualization
• Support for Xen Automotive and beyond
• RT-Xen
• Streaming video, etc. cannot wait for next
time slice
• Leverages a custom scheduler
17. Custom Schedulers
• Type 2 (Hosted) Hypervisors use the scheduler of
the host (e.g., Linux)
– That scheduler is designed for the host operating
system, not for special needs
• Type 1 (Bare Metal) Hypervisors use schedulers
designed for the needs of the hypervisor itself
– It is possible to change the scheduler to meet the
needs of the hypervisor
– That's the way to handle Realtime Scheduling
18. A Scheduler for Every Need
• Current schedulers in Xen Project:
– Credit
• General Purpose
• Default scheduler in 4.5
– Credit2
• Optimized for low latency & high VM density
• Currently Experimental
• Expected to become supported and default in future
19. A Scheduler for Every Need
• Current schedulers in Xen Project (continued):
– RTDS
• Soft & Firm Realtime scheduler
• Multicore
• Currently Experimental
• Embedded, Automotive, Graphics, Gaming in the Cloud
– ARINC 653
• Hard Realtime
• Single Core
• Currently Experimental
• Avionics, Drones, Medical
20. A Scheduler for Every Need
• Past schedulers in Xen Project:
– Borrowed Virtual Time
– Atropos
– Round Robin
– SEDF (removed in Xen Project 4.6)
• For more information:
– http://wiki.xenproject.org/wiki/Xen_Project_Schedulers
21. #3: ARM-based Hypervisor
• ARM expanding from handhelds to
servers
• Virtualization extensions added to ARM V7
• Architecture is hand-in-glove fit for Bare-
Metal hypervisor
• No mode changes means greater speed
and security
22. ARM SOCARM SOC
Xen + ARM = a perfect Match
ARM Architecture Features for VirtualizationARM Architecture Features for Virtualization
Hypervisor mode : EL2
Kernel mode : EL1
User mode : EL0
GIC
v2
GIC
v2GTGT
2
stage
MMU
2
stage
MMU
I/O
Device Tree describes …
Hypercall Interface HVCHypercall Interface HVC
23. ARM SOCARM SOC ARM Architecture Features for VirtualizationARM Architecture Features for Virtualization
EL2
EL1
EL0
GIC
v2
GIC
v2GTGT
2
stage
MMU
2
stage
MMU
I/O
Device Tree describes …
HVCHVC
Xen + ARM = a perfect Match
Xen HypervisorXen Hypervisor
24. ARM SOCARM SOC ARM Architecture Features for VirtualizationARM Architecture Features for Virtualization
EL2
EL1
EL0
GIC
v2
GIC
v2GTGT
2
stage
MMU
2
stage
MMU
I/O
Device Tree describes …
HVCHVC
Xen + ARM = a perfect Match
Xen HypervisorXen Hypervisor
Any Xen Guest VM (including Dom0)Any Xen Guest VM (including Dom0)
KernelKernel
User SpaceUser Space
HVCHVC
25. ARM SOCARM SOC ARM Architecture Features for VirtualizationARM Architecture Features for Virtualization
EL2
EL1
EL0
GIC
v2
GIC
v2GTGT
2
stage
MMU
2
stage
MMU
I/O
Device Tree describes …
HVCHVC
Xen + ARM = a perfect Match
Xen HypervisorXen Hypervisor
Dom0
only
Dom0
only
Any Xen Guest VM (including Dom0)Any Xen Guest VM (including Dom0)
KernelKernel
User SpaceUser Space
I/O
PV
back
PV
front
I/O
HVCHVC
26. Where Will an ARM Hypervisor Play?
• You name it...
– Cell phones
• Multiple personalities are possible
– Embedded systems
• Automotive is just the beginning; Trains are already here!
– Internet of Things (IoT)
• Lots of little things means lots of responses needed
– Servers
• Lower power footprint
• Real green technology
27. #4: The Unikernel
• Super-small VMs
• Quick booting
• Enhanced security
• Easy deployment
• Enables transient services
– Services that appear when needed and
disappear when done
28. The Cloud We Know
• Field of innovation is in the orchestration
– The Cloud Engine is paramount (OpenStack, CloudStack, etc.)
– Workloads adapted to the cloud strongly resemble their non-
cloud predecessors
• Some basic adaptations to facilitate life in the cloud, but basically the
same stuff that was used before the cloud
• Applications with full stacks (operating system, utilities, languages, and
apps) which could basically run on hardware, but are run on VMs
instead.
• VMs are beefy; large memory footprint, slow to start up
• It all works, but its not overly efficient
• 10s of VMs per physical host
29. The Next Generation Cloud
• Turning the scrutiny to the workloads
– Should be easier to deploy and manage
– Smaller footprint, removing unnecessary
duplication
– Faster startup
– Transient microservices
– Higher levels of security
– 1000s of VMs per host
30. The New Stuff: Docker & Containers
• Makes deployment easier
• Smaller footprint by leveraging kernel of host
• Less memory needed to replicate shared kernel
space
• Less disk needed to replicate shared
executables
• Really fast startup times
• Higher number of VMs per host
31. Docker Downsides
• Improvements, yes; but not without issues
– Can't run any payload that can't use host kernel
– Potential limits to scaleability
• Linux not really optimized for 1000s of processes
– Security
• Security is a HUGE issue in clouds
• Still working on security mechanisms
• Google & others run containers in VMs when they need
security
32. The Unikernel: A Real Cloud Concept
• Very small
• Very efficient
• Very quick to boot
• And very, VERY secure!
• It's a Green (energy) technology which saves you
green (cash); extremely important to foster adoption
• Many unikernels already exist, including Mini-OS and
MirageOS, a Xen Project Incubator Project
37. Unikernel Concepts
• Use just enough to do the job
– No need for multiple users; one VM per user
– No need for a general purpose operating system
– No need for utilities
– No need for a full set of operating system functions
• Lean and mean
– Minimal waste
– Tiny size
38. Unikernel Concepts
• Similar to an embedded application
development environment
– Limited debugging available for deployed
production system
– Instead, system failures are reproduced and
analyzed on a full operating system stack and then
encapsulated into a new image to deploy
– Tradeoff is required for ultralight images
39. What Do the Results Look Like?
• MirageOS examples:
– DNS Server: 449 KB
– Web Server: 674 KB
– OpenFlow Learning Switch: 393 KB
• LING metrics:
– Boot time to shell in under 100ms
– Erlangonxen.org memory usage: 8.7 MB
• ClickOS:
– Network devices processing >5 million pkt/sec
– 6 MB memory with 30 ms boot time
40. What About Security?
• Type-Safe Solution Stack
– Can be certified
– Certification is crucial for certain highly critical
tasks, like airplane fly-by-wire control systems
• Image footprints are unique to the image
– Intruders cannot rely on always finding certain
libraries
– No utilities to exploit, no shell to manipulate
41. What's Out There Right Now?
• MirageOS, from the Xen Project Incubator
• HaLVM, from Galois
• LING, from Erlang-on-Xen
• ClickOS, from NEC Europe Labs
• OSv, from Cloudius Systems
• Rumprun, from the Rump Kernel Project
• And that's just the beginning...
42. How Does Xen Project Enable Unikernels?
• No Host OS means it's lean and mean
– A tiny VM can sit on a thin hypervisor layer on the
hardware
– Attack surface is small
– Scale out support
• Can currently support about 600 concurrent VMs per host
without losing performance
• Current target: 2000-3000 concurrent VMs per host
– Enhanced scheduler (Credit2)
– ARM as an option
43. Innovation: Is This All?
• By no means!
• The list of other subprojects & capabilities
continues to grow:
– Virtualized GPUs
– Enhanced NUMA
– COLO: Coarse-grained lockstepping of VMs
– Native VMware VMDK support
– And so on...
• http://xenproject.org/users/innovations.html
44. In Review...
• Some advantages of a Bare-Metal Hypervisor
– Density: It's thin
• Excellent for supporting very small workloads
– Scalability: It can support huge numbers of VMs
• Terrific for highly dense workloads
– Security: No host OS
• It has no host OS layer to attack
– Scheduling: Can use dedicated scheduler
• Needed for specialized workload profiles where a host OS scheduler
just won't do
– Paravirtualization: Simplified interface
• Easier to code to when no OS is present
45. The Xen Project Difference
• Tomorrow's workloads are not yesterday's
workloads
– If your hypervisor is just focused on yesterday's
payloads, it is suffering from planned obsolescence
– Select a hypervisor which is innovating – and Open
Source
• Xen Project is busy enabling the next
generation in virtualization
47. Basic Xen Project Concepts
47
Control domain
(dom0)
Control domain
(dom0)
Host HWHost HW
VMn
VMn
VM1
VM1
VM0
VM0
Guest OS
and Apps
Guest OS
and Apps
Memory CPUsI/O
Console
Interface to the outside
world
•
Control Domain aka
Dom0
• Dom0 kernel with drivers
Xen Management Toolstack
•
Guest Domains
• Your apps
•
Driver/Stub/Service
Domain(s)
A “driver, device model or
control service in a box”
De-privileged and isolated
Lifetime: start, stop, kill
Dom0 KernelDom0 Kernel
HypervisorHypervisorSchedulerScheduler MMUMMU XSMXSM
Trusted Computing Base
48. Basic Xen Project Concepts: Toolstack+
48
Control domain
(dom0)
Control domain
(dom0)
Host HWHost HW
VMn
VMn
VM1
VM1
VM0
VM0
Guest OS
and Apps
Guest OS
and Apps
Console
Memory CPUsI/O
Dom0 KernelDom0 Kernel
ToolstackToolstack
HypervisorHypervisorSchedulerScheduler MMUMMU XSMXSM
Console
• Interface to the outside
world
•
Control Domain aka
Dom0
• Dom0 kernel with drivers
• Xen Management Toolstack
•
Guest Domains
• Your apps
•
Driver/Stub/Service
Domain(s)
A “driver, device model or
control service in a box”
De-privileged and isolated
Lifetime: start, stop, kill
Trusted Computing Base
49. Basic Xen Project Concepts: Disaggregation
49
Control domain
(dom0)
Control domain
(dom0)
Host HWHost HW
VMn
VMn
VM1
VM1
VM0
VM0
Guest OS
and Apps
Guest OS
and Apps
Console
Memory CPUsI/O
One or more
driver, stub or
service domains
One or more
driver, stub or
service domains
Dom0 KernelDom0 Kernel
ToolstackToolstack
HypervisorHypervisorSchedulerScheduler MMUMMU XSMXSM
Console
• Interface to the outside
world
•
Control Domain aka
Dom0
• Dom0 kernel with drivers
• Xen Management Toolstack
•
Guest Domains
• Your apps
•
Driver/Stub/Service
Domain(s)
• A “driver, device model or
control service in a box”
• De-privileged and isolated
• Lifetime: start, stop, kill
Trusted Computing Base