Demand-Based Coordinated Scheduling for SMP VMsHwanju Kim
Hwanju Kim, Sangwook Kim, Jinkyu Jeong, Joonwon Lee, and Seungryoul Maeng, “Demand-Based Coordinated Scheduling for SMP VMs”, International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), Houston, Texas, USA, Mar. 2013.
Mastering kvm virtualization- A complete guide of KVM virtualizationHumble Chirammal
Mastering KVM virtualization is a complete guide to understand KVM virtualization. Mastering KVM Virtualization is a culmination of all the knowledge we gained by
troubleshooting, configuring and fixing bug on KVM virtualization. We
authored this book for system administrators, DevOps practitioners and developers who have
a good hands-on knowledge of Linux and would like to sharpen their skills of open
source virtualization. The chapters in this book are written with a focus on practical
examples that should help you deploy a robust virtualization environment, suiting
your organization's needs. Our expectation is that, once you have finished the book,
you should have a good understanding of KVM virtualization, its tools to build
and manage diverse virtualization environments.
Demand-Based Coordinated Scheduling for SMP VMsHwanju Kim
Hwanju Kim, Sangwook Kim, Jinkyu Jeong, Joonwon Lee, and Seungryoul Maeng, “Demand-Based Coordinated Scheduling for SMP VMs”, International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), Houston, Texas, USA, Mar. 2013.
Mastering kvm virtualization- A complete guide of KVM virtualizationHumble Chirammal
Mastering KVM virtualization is a complete guide to understand KVM virtualization. Mastering KVM Virtualization is a culmination of all the knowledge we gained by
troubleshooting, configuring and fixing bug on KVM virtualization. We
authored this book for system administrators, DevOps practitioners and developers who have
a good hands-on knowledge of Linux and would like to sharpen their skills of open
source virtualization. The chapters in this book are written with a focus on practical
examples that should help you deploy a robust virtualization environment, suiting
your organization's needs. Our expectation is that, once you have finished the book,
you should have a good understanding of KVM virtualization, its tools to build
and manage diverse virtualization environments.
This talk will discuss the challenges of client virtualization and introduce at a technical level XenClient XT, a security-oriented client virtualization product by Citrix. By describing XenClient XT architecture and features, it will be shown how the unique Xen's design and its support for modern x86 platform hardware can increase security and isolation among VMs.
Disaggregation of services provided by the platform will be a key of this talk. It will also be shown how third party software components can provide services to VMs in a secure and controlled way.
Virtualization with KVM (Kernel-based Virtual Machine)Novell
As a technical preview, SUSE Linux Enterprise Server 11 contains KVM, which is the next-generation virtualization software delivered with the Linux kernel. In this technical session we will demonstrate how to set up SUSE Linux Enterprise Server 11 for KVM, install some virtual machines and deal with different storage and networking setups.
To demonstrate live migration we will also show a distributed replicated block device (DRBD) setup and a setup based on iSCSI and OCFS2, which are included in SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise 11 High Availability Extension.
Scheduler Support for Video-oriented Multimedia on Client-side VirtualizationHwanju Kim
Hwanju Kim, Jinkyu Jeong, Jaeho Hwang, Joonwon Lee, and Seungryoul Maeng, “Scheduler Support for Video-oriented Multimedia on Client-side Virtualization”, ACM Multimedia Systems (MMSys), Chapel Hill, North Carolina, USA, Feb. 2012.
Power management has become increasingly important in large-scale datacenters to address costs and limitations in cooling or power delivery, and it is much critical in mobile client where battery lifecycle is considered as one of the critical characteristics of the platform of choice. Good power management helps to achieve great energy efficiency. Virtualization imposes additional challenge to power management. It involves multiple software layers: VMM, OS, APP. For example, a good OS software stack may result in bad power consumption, if the hypervisor is not the timer unalignment, etc.
In this session, we will introduce what we did to improve power efficiency to achieve better power efficiency in both server and client virtualization environment.
In server side, we will introduce additional optimization technologies (e.g., eliminate unnecessary activities, align periodic timers to create long-idle period), to improve package C6 residency to be within 5% overhead with native. In client side, we will share our client power optimization technologies (e.g. graphics, ATA and wireless), which successfully reduce XenClient idle power overhead to be within 5%.
Linuxcon EU : Virtualization in the Cloud featuring Xen and XCPThe Linux Foundation
The Xen Hypervisor was built for the Cloud from the outset: when Xen was designed, we anticipated a world, which today is known as cloud computing. Today, Xen powers the largest clouds in production. This talk explores success criteria, architecture, trade-offs and challenges for cloudy hypervisors.
It is intended for users and developers and starts with a brief introduction to Xen and XCP, their architecture, shine some light on common challenges for KVM and Xen, such as the NUMA performance tax and securing the cloud. It will introduce the concept of domain disaggregation as an approach to increase security, robustness and scalability: all important factors for building clouds at scale. The talk will conclude with an update on Xen support in Linux, Xen for ARM servers and other exciting developments in the Xen community and their implications for building open source clouds.
As the current stubdomain based on minios is difficult to maintain, we have worked on a stubdomain based on Linux. This helps to use QEMU upsteam in the stubdom with little change.
So first I will present how a Linux based stubdomain is built and lauched, and the difficulties around it. Then, to see if this is a viable option, I will show disk and network benchmarks to compare it with a traditional QEMU in dom0 configuration.
To finish, I will present the current limitations of this type of stubdomains.
Current experience shows that a lot of developers working on Xen/Linux kernel use mainly only small set of debugging tools. Often they are sufficient for generic work. However, when unusual problem arises which could not be easily debugged using known tools sometimes they are trying to reinvent the wheel. Goal of this session is to present wide range of debugging tools starting from simplest one to most feature reach solutions in context of Xen/Linux kernel debugging. It will describe pros and cons of printk (serial, debug console, etc.), gdb, gdbsx, kgdb, QEMU, kdump and others. Additionally, there will be some information about possible new solutions and current kexec/kdump developments for Xen.
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...The Linux Foundation
Released as Open Source Software (OSS) in June 2014, OpenXT is a collection of hardened Linux VMs configured to provide a user facing Xen platform for client devices. This default configuration was mostly static, applying some disaggregation techniques to segregate system components based on a general threat analysis. The goals embodied in
this code base up to its release produced a one-size-fits-most configuration with extensibility in specific areas to encapsulate 3rd party value-add.
With a community now forming around OpenXT we must come to terms with the limitations of the this approach. In this talk Philip will define what OpenXT is and in this definition, show that OpenXT can meet the varied needs of the security and virtualization community through the
construction of a toolkit for the configurable disaggregation of a Xen platform.
The Lies We Tell Our Code (#seascale 2015 04-22)Casey Bisson
We tell our code lies from development to deploy. The most common of these lies start with the simple act of launching a virtual machine. These lies are critical to our applications. Some of them protect applications from themselves and each other, some even improve performance. Some, however, decrease performance, and others create barriers to simply getting things done.
We lie about the systems, networks, storage, RAM, CPU and other resources our applications use, but how we tell those lies is critical to how the applications that depend on them perform. Joyent's Casey Bisson will explore the lies we tell our code and demonstrate examples of how they sometimes help and hurt us.
Slides as presented at http://www.meetup.com/Seattle-Scalability-Meetup/events/219709036/. Video from that meetup is on YouTube, https://www.youtube.com/watch?v=LtPS2z_c2v4.
This talk will discuss the challenges of client virtualization and introduce at a technical level XenClient XT, a security-oriented client virtualization product by Citrix. By describing XenClient XT architecture and features, it will be shown how the unique Xen's design and its support for modern x86 platform hardware can increase security and isolation among VMs.
Disaggregation of services provided by the platform will be a key of this talk. It will also be shown how third party software components can provide services to VMs in a secure and controlled way.
Virtualization with KVM (Kernel-based Virtual Machine)Novell
As a technical preview, SUSE Linux Enterprise Server 11 contains KVM, which is the next-generation virtualization software delivered with the Linux kernel. In this technical session we will demonstrate how to set up SUSE Linux Enterprise Server 11 for KVM, install some virtual machines and deal with different storage and networking setups.
To demonstrate live migration we will also show a distributed replicated block device (DRBD) setup and a setup based on iSCSI and OCFS2, which are included in SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise 11 High Availability Extension.
Scheduler Support for Video-oriented Multimedia on Client-side VirtualizationHwanju Kim
Hwanju Kim, Jinkyu Jeong, Jaeho Hwang, Joonwon Lee, and Seungryoul Maeng, “Scheduler Support for Video-oriented Multimedia on Client-side Virtualization”, ACM Multimedia Systems (MMSys), Chapel Hill, North Carolina, USA, Feb. 2012.
Power management has become increasingly important in large-scale datacenters to address costs and limitations in cooling or power delivery, and it is much critical in mobile client where battery lifecycle is considered as one of the critical characteristics of the platform of choice. Good power management helps to achieve great energy efficiency. Virtualization imposes additional challenge to power management. It involves multiple software layers: VMM, OS, APP. For example, a good OS software stack may result in bad power consumption, if the hypervisor is not the timer unalignment, etc.
In this session, we will introduce what we did to improve power efficiency to achieve better power efficiency in both server and client virtualization environment.
In server side, we will introduce additional optimization technologies (e.g., eliminate unnecessary activities, align periodic timers to create long-idle period), to improve package C6 residency to be within 5% overhead with native. In client side, we will share our client power optimization technologies (e.g. graphics, ATA and wireless), which successfully reduce XenClient idle power overhead to be within 5%.
Linuxcon EU : Virtualization in the Cloud featuring Xen and XCPThe Linux Foundation
The Xen Hypervisor was built for the Cloud from the outset: when Xen was designed, we anticipated a world, which today is known as cloud computing. Today, Xen powers the largest clouds in production. This talk explores success criteria, architecture, trade-offs and challenges for cloudy hypervisors.
It is intended for users and developers and starts with a brief introduction to Xen and XCP, their architecture, shine some light on common challenges for KVM and Xen, such as the NUMA performance tax and securing the cloud. It will introduce the concept of domain disaggregation as an approach to increase security, robustness and scalability: all important factors for building clouds at scale. The talk will conclude with an update on Xen support in Linux, Xen for ARM servers and other exciting developments in the Xen community and their implications for building open source clouds.
As the current stubdomain based on minios is difficult to maintain, we have worked on a stubdomain based on Linux. This helps to use QEMU upsteam in the stubdom with little change.
So first I will present how a Linux based stubdomain is built and lauched, and the difficulties around it. Then, to see if this is a viable option, I will show disk and network benchmarks to compare it with a traditional QEMU in dom0 configuration.
To finish, I will present the current limitations of this type of stubdomains.
Current experience shows that a lot of developers working on Xen/Linux kernel use mainly only small set of debugging tools. Often they are sufficient for generic work. However, when unusual problem arises which could not be easily debugged using known tools sometimes they are trying to reinvent the wheel. Goal of this session is to present wide range of debugging tools starting from simplest one to most feature reach solutions in context of Xen/Linux kernel debugging. It will describe pros and cons of printk (serial, debug console, etc.), gdb, gdbsx, kgdb, QEMU, kdump and others. Additionally, there will be some information about possible new solutions and current kexec/kdump developments for Xen.
XPDS14: OpenXT - Security and the Properties of a Xen Virtualisation Platform...The Linux Foundation
Released as Open Source Software (OSS) in June 2014, OpenXT is a collection of hardened Linux VMs configured to provide a user facing Xen platform for client devices. This default configuration was mostly static, applying some disaggregation techniques to segregate system components based on a general threat analysis. The goals embodied in
this code base up to its release produced a one-size-fits-most configuration with extensibility in specific areas to encapsulate 3rd party value-add.
With a community now forming around OpenXT we must come to terms with the limitations of the this approach. In this talk Philip will define what OpenXT is and in this definition, show that OpenXT can meet the varied needs of the security and virtualization community through the
construction of a toolkit for the configurable disaggregation of a Xen platform.
The Lies We Tell Our Code (#seascale 2015 04-22)Casey Bisson
We tell our code lies from development to deploy. The most common of these lies start with the simple act of launching a virtual machine. These lies are critical to our applications. Some of them protect applications from themselves and each other, some even improve performance. Some, however, decrease performance, and others create barriers to simply getting things done.
We lie about the systems, networks, storage, RAM, CPU and other resources our applications use, but how we tell those lies is critical to how the applications that depend on them perform. Joyent's Casey Bisson will explore the lies we tell our code and demonstrate examples of how they sometimes help and hurt us.
Slides as presented at http://www.meetup.com/Seattle-Scalability-Meetup/events/219709036/. Video from that meetup is on YouTube, https://www.youtube.com/watch?v=LtPS2z_c2v4.
Bridging the Semantic Gap in Virtualized EnvironmentAndy Lee
In virtualization, it is difficult to interpreting the low level state of a VM into high level semantic state of guest OS.
This will be a obstacle for system administrator to real-time observe, inspect and detect the runtime execution of a VM.
The talk is about operating system virtualization technology known as OpenVZ. This is an effective way of partitioning a Linux machine into multiple isolated Linux containers. All containers are running on top of one single Linux kernel, which results in excellent density, performance and manageability. The talk gives an overall description of OpenVZ building blocks, such as namespaces, cgroups and various resource controllers. A few features, notably live migration and virtual swap, are described in greater details. Results of some performance measurements against VMware, Xen and KVM are given. Finally, we will provide a status update on merging bits and pieces of OpenVZ kernel to upstream Linux kernel, and share our plans for the future.
You Call that Micro, Mr. Docker? How OSv and Unikernels Help Micro-services S...rhatr
OSv is the new open source unikernel technology that combines the power of virtualization and micro-services architecture. This combination allows unmodified applications to be packaged just like Docker containers while at the same time outperform bare-metal deployments. Yes. You've heard it right: for the first time ever we can stop asking the question of how much performance would I lose if I virtualize. OSv lets you ask a different question: how much would my application gain in performance if I virtualize it. This talk will start by looking into the architecture of OSv and the kind of optimizations it makes possible for native, unmodified applications. We will then focus on JVM-specific optimizations and specifically on speedups available to micro-service oriented applications when they are being deployed on OSv.
The lies we tell our code, LinuxCon/CloudOpen 2015-08-18Casey Bisson
As presented at LinuxCon/CloudOpen 2015: http://sched.co/3Y3v
We tell our code lies from development to deploy. The most common of these lies start with the simple act of launching a virtual machine. These lies are critical to our applications. Some of them protect applications from themselves and each other, some even improve performance. Some, however, decrease performance, and others create barriers to simply getting things done.
We lie about the systems, networks, storage, RAM, CPU and other resources our applications use, but how we tell those lies is critical to how the applications that depend on them perform. Joyent's Casey Bisson will explore the lies we tell our code and demonstrate examples of how they sometimes help and hurt us.
Building a secure image pipeline with Ansible. Generating secure OS images for OpenShift Virtualization. Creating a immutable image pipeline with Ansible, OpenSCAP, Packer, Molecule and Vagrant. Packaging OS images for consumption to OpenShift Virtualization.
OpenNebulaConf 2016 - Hypervisors and Containers Hands-on Workshop by Jaime M...OpenNebula Project
In this 90-minute hands-on workshop, some of the key contributors to OpenNebula will walk attendees through the configuration and integration aspects of the computing subsystem in OpenNebula. The session will also include lightning talks by community members describing aspects related to Hypervisors and Containers with OpenNebula:
Deployment scenarios
Integration
Tuning & debugging
Best practices
Virtual machines in the cloud typically run existing general-purpose operating systems such as Linux. We notice that the cloud’s hypervisor already provides some features, such as isolation and hardware abstraction, which are duplicated by traditional operating systems, and that this duplication comes at a cost. We present the design and implementation of OSv, a new guest operating system designed specifically for running a single application on a virtual machine in the cloud. It addresses the duplication issues by using a low-overhead library-OS-like design. It runs existing applications written for Linux, as well as new applications written for OSv. We demonstrate that OSv is able to efficiently run a variety of existing applications. We demonstrate its sub-second boot time, small OS image and how it makes more memory available to the application. For unmodified network-intensive applications, we demonstrate up to 25% increase in throughput and 47% decrease in latency. By using non-POSIX network APIs, we can further improve performance and demonstrate a 290% increase in Memcached throughput.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
2. WTF is SmartOS?
• illumos-derived OS that is the foundation of both
Joyentʼs public cloud and SmartDataCenter product
• As an illumos derivative, has several key features:
• ZFS: Enterprise-class copy-on-write filesystem featuring
constant time snapshots, writable clones, built-in
compression, checksumming, volume management, etc.
• DTrace: Facility for dynamic, ad hoc instrumentation of
production systems that supports in situ data aggregation,
user-level instrumentation, etc. — and is absolutely safe
• OS-based virtualization (Zones): Entirely secure virtual OS
instances offering hardware performance, high multi-tenancy
• Network virtualization (Crossbow): Virtual NIC Infrastructure
for easy bandwidth management and resource control
3. KVM on SmartOS?
• Despite its rich feature-set, SmartOS was missing an
essential component: hardware virtualization
• Thanks to Intel and AMD, hardware virtualization can
now be remarkably high performing...
• We firmly believe that the best hypervisor is the
operating system — anyone attempting to implement a
“thin” hypervisor will end up retracing OS history
• KVM shares this vision — indeed, pioneered it!
• Moreover, KVM is best-of-breed: highly competitive
performance and a community with critical mass
• Imperative was clear: needed to port KVM to SmartOS!
4. Constraining the port
• For business and resourcing reasons, elected to focus
exclusively on Intel VT-x with EPT...
• ...but to not make decisions that would make later AMD
SVM work impossible
• Only ever interested in x86-64 host support
• Only ever interested in x86 and x86-64 guests
• Willing to diverge as needed to support illumos
constructs or coding practices…
• ...but wanted to maintain compatibility with QEMU/KVM
interface as much as possible
5. Starting the port
• KVM was (rightfully) not designed to be portable in any
real sense — it is specific to Linux and Linux facilities
• Became clear that emulating Linux functionality would
be insufficient — there is simply too much divergence
• Given the stability of KVM in Linux 2.6.34, we felt
confident that we could diverge from the Linux
implementation — while still being able to consume and
contribute patches as needed
• Also clear that just getting something to compile would
be a significant (and largely serial) undertaking
• Joyent engineer Max Bruning started on this in late fall...
6. Getting to successful compilation
• To expedite compilation, unported blocks of code would
be “XXXʼd out” by being enclosed in #ifdef XXX
• To help understand when/where we hit XXXʼd code
paths, we put a special DTrace probe with __FILE__
and __LINE__ as arguments in the #else case
• We could then use simple DTrace enablings to
understand what of these cases we were hitting to
prioritize work:
kvm-xxx
{
@[stringof(arg0), probefunc, arg1] = count();
}
tick-10sec
{
printf("%-12s %-40s %-8s %8sn",
"FILE", "FUNCTION", "LINE", "COUNT");
printa("%20s %8d %@8dn", @);
}
7. Accelerating the port
• By late March, Max could launch a virtual machine that
could run in perpetuity without panicking…
• ...but also was not making any progress booting
• At this point, the work was more readily parallelized:
Joyentʼs Robert Mustacchi and I joined Max in April
• Added tooling to understand guest behavior, e.g.:
• MDB support to map guest PFNs to QEMU VAs
• MDB support for 16-bit disassembly (!)
• DTrace probes on VM entry/exit and the ability to pull VM
state in DTrace with a new vmregs[] variable
8. Making progress...
• To make forward progress, we would debug the issue
blocking us (inducing either guest or host panic)…
• ...which was usually due to a piece that hadnʼt yet been
ported or re-implemented
• We would implement that piece (usually eliminating an
XXXʼd block in the process), and debug the next issue
• The number of XXXʼs over time tell the tale...
11. Notable bugs
• In the course of this port, we did not discover any bug
that one would call a bug in KVM — itʼs very solid!
• Our bugs were (essentially) all self-inflicted, e.g.:
• We erroneously configured QEMU such that both QEMU and
KVM thought they were responsible for the 8254/8259!
• We use a per-CPU GSBASE where Linux does not — Linux
KVM doesnʼt have any reason to reload the hostʼs GSBASE
on CPU migration, but not doing so induces host GSBASE
corruption: two physical CPUs have the same CPU pointer
(one believes itʼs the other), resulting in total mayhem
• We reimplemented the FPU save code in terms of our native
equivalent — and introduced a nasty corruption bug in the
process by plowing TS in CR0!
12. Port performance
• Not surprisingly, our port performs at baremetal speeds
for entirely CPU-bound workloads:
• But it took us a surprising amount of time to get to this
result: due to dynamic overclocking, SmartOS KVM was
initially operating 5% faster than baremetal!
13. Port performance
• Our port of KVM seems to at least be in the hunt on
other workloads, e.g.:
14. Port status
• Port is publicly available:
• Github repo for KVM itself:
https://github.com/joyent/illumos-kvm
• Github repo for our branch of QEMU 0.14.1:
https://github.com/joyent/illumos-kvm-cmd
• illumos-kvm-cmd repo contains minor QEMU 0.14.1
patches to support our port, all of which we intend to
upstream
• Within its scope, this port is at or near production quality
• Worthwhile to discuss the limitations of our port, the
divergences of our port from Linux KVM, and the
enhancements to KVM that our port allows...
15. Limitation: guest memory is locked down
• As a cloud provider, we have something of an opinion
on this: overselling memory is only for idle workloads
• In our experience, the dissatisfaction from QoS
variability induced by memory oversell is not paid for by
the marginal revenue of that oversell
• We currently lock down guest memory; failure to lock
down memory will result in failure to start
• For those high multi-tenancy environments, we believe
that hardware is the wrong level at which to virtualize...
16. Limitation: no memory deduplication
• We donʼt currently have an analog to the kernel same-
page mapping (KSM) found in Linux
• This is technically possible, but we donʼt see an acute
need (for the same reason we lock down guest memory)
• We are interested to hear experiences with this:
• What kind of memory savings does one see?
• Is one kind of guest (Windows?) more likely to see savings?
• What kind of performance overhead from page scanning?
17. Limitation: no nested virtualization
• We donʼt currently support nested virtualization — and
weʼre not sure that weʼre ever going to implement it
• While for our own development purposes, we would like
to see VMware Fusion support nested virtualization, we
donʼt see an acute need to support it ourselves
• Would be curious to hear about experiences with nested
virtualization; is it being used in production, or is it
primarily for development?
18. Divergence: User/kernel interface
• To minimize patches floated on QEMU, wanted to
minimize any changes to the user/kernel interface
• ...but we have no anon_inode_getfd() analog
• This is required to implement the model of a 1-to-1
mapping between a file descriptor and a VCPU
• Added a new KVM_CLONE ioctl that makes the driver
state in the operated-upon instance point to another
• To create a VCPU, QEMU (re)opens /dev/kvm, and
calls KVM_CLONE on the new instance, specifying the
extant instance
19. Divergence: Context ops
• illumos has the ability to install context ops that are
executed before and after a thread is scheduled on CPU
• Context ops were originally implemented to support
CPU performance counter virtualization
• Context ops are installed with installctx()
• This facility proved essential — we use it to perform the
equivalent of kvm_sched_in()/kvm_sched_out()
20. Divergence: Timers
• illumos has arbitrary resolution interval timer support via
the cyclic subsystem
• Cyclics can be bound to a CPU or processor set and
can be configured to fire at different interrupt levels
• While originally designed to be a high resolution interval
timer facility (the system clock is implemented in terms
of it), cyclics may also be used as a dynamically
reprogrammable one-shots
• All KVM timers are implemented as cyclics
• We do not migrate cyclics when a VCPU migrates from
one CPU to another, choosing instead to poke the target
CPU from the cyclic handler
21. Enhancement: ZFS
• Strictly speaking, we have done nothing specifically for
ZFS: running KVM on a ZFS volume (a zvol) Just Works
• But the presence of ZFS allows for KVM enhancements:
• Constant time cloning allows for nearly instant provisioning
of new KVM guests (assuming that the reference image is
already present)
• The ZFSʼs unified adaptive replacement cache (ARC) allows
for guest I/O to be efficiently cached in the host — resulting
in potentially massive improvements in random I/O
(depending, of course, on locality)
• We believe that ZFS remote replication can provide an
efficient foundation for WAN-based cloning and migration
22. Enhancement: OS Virtualization
• illumos has deep support for OS virtualization
• While our implementation does not require it, we run
KVM guests in a local zone, with the QEMU process as
the only process
• This was originally for reasons of accounting (we use
the zone as the basis for QoS, resource management,
I/O throttling, billing, instrumentation, etc.)…
• ...but given the recent KVM vulnerabilities, it has
become a matter of security
• OS virtualization neatly containerizes QEMU and
drastically reduces attack surface for QEMU exploits
23. Enhancement: Network virtualization
• illumos has deep support for network virtualization
• We create a virtual NIC (VNIC) per KVM guest
• We wrote simple glue to connect this to virtio — and
have been able to push 1 Gb line to/from a KVM guest
• VNICs give us several important enhancements, all with
minimal management overhead:
• Anti-spoofing confines guests to a specified IP (or IPs)
• Flow management allows guests to be capped at specified
levels of bandwidth — essential in overcommitted networks
• Resource management allows for observability into per-
VNIC (and thus, per-guest) throughput from the host
24. Enhancement: Kernel statistics
• illumos has the kstat facility for kernel statistics
• We reimplemented kvm_vcpu_stat as a kstat
• We added a kvmstat tool to illumos that consumes these
kstats, displaying them per-second and per-VCPU
• For example, one second of kvmstat output with two
VMs running — one idle 2 VCPU Linux guest, with one
booting 4 VCPU SmartOS guest:
pid vcpu | exits : haltx irqx irqwx iox mmiox | irqs emul eptv
4668 0 | 23 : 6 0 0 1 0 | 6 16 0
4668 1 | 25 : 6 1 0 1 0 | 6 16 0
5026 0 | 17833 : 223 2946 707 106 0 | 3379 13315 0
5026 1 | 18687 : 244 2761 512 0 0 | 3085 14803 0
5026 2 | 15696 : 194 3452 542 0 0 | 3568 11230 0
5026 3 | 16822 : 244 2817 487 0 0 | 3100 12963 0
25. Enhancement: DTrace
• As of QEMU 0.14, QEMU has DTrace probes — we lit
those up on illumos
• Added a bevy of SDT probes to KVM itself, including all
of the call-sites of the trace_*() routines
• Added vmregs[] variable that queries current VMCS,
allowing for guest behavior to be examined
• Can all be enabled dynamically and safely, and
aggregated on an arbitrary basis (e.g., per-VCPU, per-
VM, per-CPU, etc.)
• Pairs well with kvmstat to understand workload
characteristics in production deployments
27. Enhancement: DTrace, cont.
• Orthogonal to this work, we have developed a real-time
analytics framework that instruments the cloud using
DTrace and visualizes the result
• We have extended this facility to the new DTrace probes
in our KVM port
• We have only been experimenting with this very
recently, but the results have been fascinating!
• For example...
28. Enhancement: Visualizing DTrace on KVM
• Observing ext3 write offsets in a logical volume on a
workload that creates and removes a 3 GB file:
29. Enhancement: Visualizing DTrace on KVM
• Decomposing by guest CR3 and millisecond offset
within-the-second, sampled at 99 hertz with two
compute-bound processes:
30. Enhancement: Visualizing DTrace on KVM
• Same view, but now sampled at 999 hertz — and with
one of the compute-bound processes reniced:
33. Engaging the community
• We are very excited to engage the KVM community;
potential areas of collaboration:
• Working on KVM performance. With DTrace, we have much
better visibility into guest behavior; it seems possible (if not
likely!) that resulting improvements to KVM will carry from
one host system to the other
• Collaborating on testing. We would love to participate in
automated KVM testing infrastructure; we dream of a farm of
oddball ISOs and the infrastructure to boot and execute
them!
• Collaborating on benchmarking. We have not examined
SPECvirt_sc2010 in detail, but would like to work with the
community to develop standard benchmarks
34. Thank you!
• Josh Wilsdon and Rob Gulewich of Joyent for their
instrumental assistance in this effort
• Brendan Gregg of Joyent for examining the performance
of KVM — and for his tenacity in discovering the effects
of dynamic overclocking!
• Fabrice Bellard for lighting the path with QEMU
• Intel for a rippinʼ fast CPU (+ EPT!) in Nehalem
• Avi Kivity and team for putting it all together with KVM!
• The illumos community for their enthusiastic support