XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, Citrix

•

0 likes•986 views

The Xen Hypervisor is 15 years old, but like Linux, it is still undergoing significant upgrades and improvements. This talk will cover recent and upcoming developments in Xen on the x86 architecture, including the newly-released 'PVH' guest virtualization mode, the future of PV mode, qemu deprivileging, and more. We will cover why these new features are important for a wide range of environments, from cloud to embedded.

Technology

Xen on x86, 15 years later
Recent development, future direction

PVH Guests
KConﬁg
PVShim
PVCalls VM Introspection /
Memaccess
PVH dom0
QEMU Deprivileging
Panopticon
Sub-page protection
NVDIMM
Posted Interrupts
Large guests (288 vcpus)
PV IOMMU ACPI Memory Hotplug
Hypervisor
Multiplexing

Talk approach
• Highlight some key features

• Recently ﬁnished

• In progress

• Cool Idea: Should be possible, nobody committed to working on it yet

• Highlight how these work together to create interesting theme

• PVH (with PVH dom0)

• KConﬁg

• … to disable PV

• PVshim

• Windows in PVH

PVH: Finally here
• Full PVH DomU support in Xen 4.10, Linux 4.15

• First backwards-compatibility hack

• Experimental PVH Dom0 support in Xen 4.11

PVH: What is it?
• Next-generation paravirtualization mode

• Takes advantage of hardware virtualization support

• No need for emulated BIOS or emulated devices

• Lower performance overhead than PV

• Lower memory overhead than HVM

• More secure than either PV or HVM mode

KConﬁg
• KConﬁg for Xen allows…

• Users to produce smaller / more secure binaries

• Makes it easier to merge experimental functionality

• KConﬁg option to disable PV entirely

• PVH

• KConﬁg

• … to disable PV

• PVshim

• Windows in PVH

PVShim
• Some older kernels can only run in PV
mode

• Expect to run in ring 1, ask a hypervisor
to perform privileged actions

• “Shim”: A build of Xen designed to allow an
unmodiﬁed PV guest to run in PVH mode

• type=‘pvh’ / pvshim=1
Xen
PVH Guest
“Shim” Hypervisor (ring 0)
PV-only kernel (ring 1)

• PVH

• KConﬁg

• … to disable PV

• PVshim

• Windows in PVH
No-PV 
Hypervisors

Windows in PVH
• Windows EFI should be able to do

• OVMF (Virtual EFI implementation) already has

• PVH support

• Xen PV disk, network support

• Only need PV Framebuﬀer support…?

• PVH

• KConﬁg

• … to disable PV

• PVshim

• Windows in PVH
One guest type 
to rule them all

• KConﬁg: No HVM

• PV 9pfs

• PVCalls

• rkt Stage 1

• Hypervisor Multiplexing

Containers: Passing through “host” OS resources
Container Container Container Container
Host Filesystem
Linux Container HostHost Port Host Port

Containers: Passing through “host” OS resources
• Allows ﬁle-based diﬀerence tracking rather
than block-based

• Allows easier inspection of container state
from host OS

• Allows setting up multiple isolated services
without needing to mess around with
multiple IP addresses
Container Container Container Container
Host Filesystem
LinuxHost Host

PV 9pfs
• Allows dom0 to expose ﬁles directly to
guests
Xen
Dom0
9pfs
Backend
Host
Filesystem
9pfs
Front
9pfs
Front

PV Calls
• Pass through speciﬁc system calls

• socket()
• listen()
• accept()
• read()
• write()
Xen
Dom0
PVCalls
Backend
Host
Port
PVCalls
Front
PVCalls
Front
Host
Port

rkt Stage 1
• rkt: “Container abstraction” part of CoreOS

• Running rkt containers (part of CoreOS) under Xen

• KConﬁg: No HVM

• PV 9pfs

• PVCalls

• rkt Stage 1

• Hypervisor Multiplexing
Xen as full
Container
Host

Hypervisor multiplexing
• Xen can run in an HVM guest /without
nested HVM support/

• PV protocols use xenbus + hypercalls

• At the moment, Linux code assumes
only one xenbus / hypervisor

• Host PV drivers

• OR Guest PV drivers

• Multiplexing: Allow both
L1 Xen
Back FrontFront
L0 Xen
Back
L1 Dom0
L0 Dom0HVM Guest

• KConﬁg: No HVM

• PV 9pfs

• PVCalls

• rkt Stage 1

• Hypervisor Multiplexing
Xen as
Cloud-ready
Container
Host

QEMU Deprivileging
• Restricting hypercalls to a single guest

• Restricting what QEMU can do within dom0

Panopticon / No Secrets
• Spectre-style information leaks

• You can only leak what you can see

• Xen has all of physical memory mapped

• But this is not really necessary

• Assume that all guests can read hypervisor memory at all times

Note: also see https://www.slideshare.net/xen_com_mgr/ossna18-xen-beginners-training-exercise-script The Xen Project supports some of the biggest clouds in production today and is moving into new industries, like security and automotive. Usually, you will use Xen indirectly as part of a commercial product, a distro, a hosting or cloud service and only indirectly use Xen. By following this session you will learn how Xen and virtualization work under the hood exploring high-level topics like architecture concepts related to virtualization to more technical attributes of the hypervisor like memory management (ballooning), virtual CPUs, scheduling, pinning, saving/restoring and migrating VMs.

OSSNA18: Xen Beginners Training (exercise script)

The Linux Foundation

The Xen Project supports some of the biggest clouds in production today and is moving into new industries, like security and automotive. Usually, you will use Xen indirectly as part of a commercial product, a distro, a hosting or cloud service and only indirectly use Xen. By following this session you will learn how Xen and virtualization work under the hood exploring high-level topics like architecture concepts related to virtualization to more technical attributes of the hypervisor like memory management (ballooning), virtual CPUs, scheduling, pinning, saving/restoring and migrating VMs.

OSSEU18: NVDIMM and Virtualization - George Dunlap, Citrix

The Linux Foundation

NVDIMM is a standard for allowing non-volatile memory to be exposed to as normal RAM, which can be directly mapped to guests. This simple concept has the potential to dramatically change the way software is written; but also has a number of surprising problems to solve. Furthermore, this area is plagued with incomplete specifications and confusing terminology. This talk will attempt to give an overview of NVDIMMs from an operating system perspective: What the terminology means, how they are discovered and partitioned, issues relating to filesystems, a brief description of the functionality available in Linux, and so on. It will then describe the various issues and design choices a Xen system has to make in order to allow Xen systems to use NVDIMMs effectively.

Securing Your Cloud With the Xen Hypervisor by Russell Pavlicek

buildacloud

The Xen Project produces a mature, enterprise-grade virtualization technology designed for the Cloud featuring many advanced and unique security features. For this reason, it's a hypervisor of choice for government agencies like NSA and the DoD, as well as for new security-minded projects the QubesOS Secure Desktop. However, while much of the security of Xen is inherent in its design, many of the advanced security features, such as stub domains, driver domains, and Xen Security Modules (XSM), are not enabled by default. This session will describe many of the advanced security features of Xen, as well as explaining why Xen is an excellent choice for secure Clouds

XPDDS18: Windows PV Drivers Project: Status and Updates - Paul Durrant, Citri...

The Linux Foundation

2018 Genivi Xen Overview Nov Update

The Linux Foundation

Securing Your Cloud with Xen (CloudOpen NA 2013)

Russell Pavlicek

Xen iowangyuanzhf

The Xen Hypervisor was built for the Cloud from the outset: when Xen was designed, we anticipated a world, which today is known as cloud computing. Today, Xen powers the largest clouds in production. This talk explores success criteria, architecture, trade-offs and challenges for cloudy hypervisors. It is intended for users and developers and starts with a brief introduction to Xen and XCP, their architecture, shine some light on common challenges for KVM and Xen, such as the NUMA performance tax and securing the cloud. It will introduce the concept of domain disaggregation as an approach to increase security, robustness and scalability: all important factors for building clouds at scale. The talk will conclude with an update on Xen support in Linux, Xen for ARM servers and other exciting developments in the Xen community and their implications for building open source clouds.

Xen Project 15 Years down the Line

The Linux Foundation

What do “Crazy in Love” by Beyonce and the “Xen Project” have in common? They are both 15-year-old hits. Flash forward to today. The Xen Project is used by more than 10 million users, powers some of the largest clouds on the planet, and is starting to build momentum in embedded and safety-conscious market segments. The Xen Project played a key role in developing technologies outside of the hypervisor, like hardware virtualization, and open source security disclosure standards that impact entire industries. The Xen Project’s success and longevity can be attributed to its flexible architecture, but more importantly to enabling community members to contribute ideas and code, even if they are not core to the project's main use-case. We will share how the project has supported new technologies and ideas (sometimes in the form of failures and sometimes wins) and will derive best practices that may help other projects .

Rootlinux17: An introduction to Xen Project Virtualisation

The Linux Foundation

This talk provides an overview of the Xen Project eco-system and its main use-cases in a number of important market segments: it covers server virtualization, cloud computing and embedded, automotive and related. Lars Kurth highlights why the Xen Project is relevant in these market segments: he provides an overview of the Xen Project's architecture, relevant existing functionality and ongoing and planned developments. To complement the picture, he covers open-source projects that are related to Xen and are of interest for these use-cases. Excellent Software security is key to all of these use-cases. Thus, Lars specifically covers the Xen Project's security features, track record and touches on the project's security practices. He concludes with a few resources that help you get started with the Xen Project and highlight Internship Programs which the project supports. The talk was delivered at Root Linux Conference 2017. Learn more: http://linux.globallogic.com/materials. The video is available at https://www.youtube.com/watch?v=sjQnAIJji4k

LCA13: Xen on ARM

Linaro

Xen 10th anniversary Status Report (at SELF 2013)

Russell Pavlicek

S4 xen hypervisor_20080622Todd Deshane

CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...

The Linux Foundation

An important facilitator of Unikernel development, Xen Project continues to develop new and interesting technologies to support the needs of the next generation datacenter. Potentially game-changing technologies like Unikernels will never reach their full potential unless the hypervisor they rely on can handle a large number of potentially tiny VMs effectively and efficiently. In this talk, Xen Project Advisory Board Chairman Lars Kurth will discuss some of the major advances in the hypervisor produced in last year's releases (4.5 and 4.6). He will also discuss some of the work in development which could appear in upcoming releases.

Ian Pratt Nsdi Keynote Apr2008

The Linux Foundation

XPDS14: Xen and the Art of Certification - Nathan Studer & Robert VonVossen, ...

The Linux Foundation

With the rapid growth in computing power of embedded platforms, system designers are turning to hypervisors to consolidate functionality in order to reduce the Size, Weight, Power, and Cost of embedded systems. With the recent addition of ARM support to the Xen hypervisor, Xen provides an attractive Open Source option for such systems. However, some of the industries most interested in this technology, such as automotive, medical, and avionics, have strict safety certification requirements. Nathan Studer will give a brief overview on DornerWorks efforts certifying Xen, describe the hurdles and advantages that Xen and its development model lend to the certification effort, and layout a proposed path for certifying Xen.

LFCOLLAB15: Xen 4.5 and Beyond

The Linux Foundation

The 4.5 release no a minor "point" update: it is one of the most feature-rich releases in the project's history. It contains several important additions. Most notably, new Xen PVH virtualization mode now supports running as dom0, enhanced support for Remus, significant ARM architecture updates, security improvements, real-time scheduling, support for Intel Cache Monitoring Technology (CMT), as well as improvements for automotive and embedded use-cases. Other enhancements include additional support for FreeBSD, systemd support, additional libvirt support, the release of Mirage OS 2.0, and more. Besides giving an overview of Xen 4.5, we will explain the project's roadmap process and share what's ahead for 2015: such as improved OpenStack integration and hotpatching (applying security fixes without the need to reboot).

Scale14x: Are today's foss security practices robust enough in the cloud era ...

The Linux Foundation

Recent vulnerabilities like Heartbleed and Shellshock have brought the security practices and track record of open-source projects into the spotlight. A project’s response to security issues has a major impact on how much risk end users are exposed to and how the project is perceived in the technology industry. We will compare the security practices of key projects such as Linux, Docker, Xen Project, OpenStack and others. We will explore the trade-offs of different security practices, such as community trust, competing stakeholder interests, fairness and media coverage of vulnerabilities. Finally, we will explore the evolution of the Xen Project’s security process over the past 3 years as a case study. We will illustrate the trade-offs, pain points and unexpected issues we have experienced, to help other projects understand the pit-falls in designing robust security processes and help users of open source projects understand how open source projects manage security vulnerabilities.

LF Collaboration Summit: Xen Project 4 4 Features and Futures

The Linux Foundation

Bare-Metal Hypervisor as a Platform for Innovation

The Linux Foundation

XPDS13: HVM Dom0 - Any unmodified OS as Dom0 - Will Auld, Intel

The Linux Foundation

It should be great if we can use an unmodified guest for dom0 or the driver domain. We found a way to achieve that. Since Xen's inception, the first guest on Xen is always a para-virtualized domain, and it can be modified Linux, NetBSD, and Solaris etc. In this way, dom0 can achieve near-native performance, so it is commonly used in the server market. However, modifications to guest kernels also implies limitations. For example, it can't support Windows OS as the dom0 or the driver domain. With the rapid evolution of hardware-assisted virtualization (e.g. VMX, VT-d technologies), HVM domains also can achieve comparable performance with para-virtualization. And, it's high time for Xen to such an unmodified guest as the dom0. In the presentation, we discuss its architectural changes and its benefits compared with the traditional PV or HVM dom0, and we also introduce what we have done.

LCEU13: Securing your cloud with Xen's advanced security features - George Du...

The Linux Foundation

Xen is a mature enterprise-grade virtual machine with many advanced security features which are unique to Xen. For this reason it's the hypervisor of choice for the NSA, the DoD, and the new QubesOS Secure Desktop project. While much of the security of Xen is inherent in its design, many of the advanced security features, such as stub domains, driver domains, XSM, and so on are not enabled by default. This session will describe all of the advanced security features of Xen, and the best way to configure them for the Cloud environment. When the audience leaves, they should have a general framework to evaluate the security of their system, know the key security features of Xen, and have a basic framework of knowledge to help them make sense of the documentation. This talk will *not* go into mind-numbing detail about specific commands to type or configuration options.

Xen time machineThe Linux Foundation

Xen, XenServer, and XAPI: What’s the Difference?-XPUS13 Bulpin,Pavlicek

The Linux Foundation

Many people have difficulty understanding the difference between the Xen Hypervisor, XenServer, and XAPI. In this session, James Bulpin, Director of Technology for XenServer, and Russell Pavlicek, Evangelist for the Xen Project, will attempt to clarify what each project is, what it does, and how it compares with the others. We will cover some of the basic features and functions, the tasks for which each is suitable, and where the projects overlap. Attendees will come away with a better sense of where these three projects fit in the world of Xen virtualization.

Cloud Computing Hypervisors and Comparison Xen KVM cloudresearcher

Aplura virtualization slidesThe Linux Foundation

Scale 12x Securing Your Cloud with The Xen Hypervisor

The Linux Foundation

XPDDS17: Recent and Ongoing Xen Related Work in the Linux Kernel - Jürgen Gr...

The Linux Foundation

LinuxCon Japan 13 : 10 years of Xen and BeyondThe Linux Foundation

What's hot

Linuxcon EU : Virtualization in the Cloud featuring Xen and XCP

The Linux Foundation

Xen Project 15 Years down the Line

The Linux Foundation

Rootlinux17: An introduction to Xen Project Virtualisation

The Linux Foundation

LCA13: Xen on ARM

Linaro

Xen 10th anniversary Status Report (at SELF 2013)

Russell Pavlicek

S4 xen hypervisor_20080622Todd Deshane

CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...

The Linux Foundation

Ian Pratt Nsdi Keynote Apr2008

The Linux Foundation

XPDS14: Xen and the Art of Certification - Nathan Studer & Robert VonVossen, ...

The Linux Foundation

LFCOLLAB15: Xen 4.5 and Beyond

The Linux Foundation

Scale14x: Are today's foss security practices robust enough in the cloud era ...

The Linux Foundation

LF Collaboration Summit: Xen Project 4 4 Features and Futures

The Linux Foundation

Bare-Metal Hypervisor as a Platform for Innovation

The Linux Foundation

XPDS13: HVM Dom0 - Any unmodified OS as Dom0 - Will Auld, Intel

The Linux Foundation

LCEU13: Securing your cloud with Xen's advanced security features - George Du...

The Linux Foundation

Xen time machineThe Linux Foundation

Xen, XenServer, and XAPI: What’s the Difference?-XPUS13 Bulpin,Pavlicek

The Linux Foundation

Cloud Computing Hypervisors and Comparison Xen KVM cloudresearcher

Aplura virtualization slidesThe Linux Foundation

Scale 12x Securing Your Cloud with The Xen Hypervisor

The Linux Foundation

What's hot (20)

Linuxcon EU : Virtualization in the Cloud featuring Xen and XCP

Xen Project 15 Years down the Line

Rootlinux17: An introduction to Xen Project Virtualisation

LCA13: Xen on ARM

Xen 10th anniversary Status Report (at SELF 2013)

S4 xen hypervisor_20080622

CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...

Ian Pratt Nsdi Keynote Apr2008

XPDS14: Xen and the Art of Certification - Nathan Studer & Robert VonVossen, ...

LFCOLLAB15: Xen 4.5 and Beyond

Scale14x: Are today's foss security practices robust enough in the cloud era ...

LF Collaboration Summit: Xen Project 4 4 Features and Futures

Bare-Metal Hypervisor as a Platform for Innovation

XPDS13: HVM Dom0 - Any unmodified OS as Dom0 - Will Auld, Intel

LCEU13: Securing your cloud with Xen's advanced security features - George Du...

Xen time machine

Xen, XenServer, and XAPI: What’s the Difference?-XPUS13 Bulpin,Pavlicek

Cloud Computing Hypervisors and Comparison Xen KVM

Aplura virtualization slides

Scale 12x Securing Your Cloud with The Xen Hypervisor

Similar to XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, Citrix

XPDDS17: Recent and Ongoing Xen Related Work in the Linux Kernel - Jürgen Gr...

The Linux Foundation

LinuxCon Japan 13 : 10 years of Xen and BeyondThe Linux Foundation

Xen Cloud Platform Update

The Linux Foundation

XCP: The Art of Open Virtualization for the Enterprise and the Cloud

The Linux Foundation

XCP is a free and open source self-contained virtualization solution for servers, built on top of the Xen hypervisor. It is easily installable in a few minutes from a single image file, yet powerful and scalable enough to be useful to power users, enterprise environments and cloud deployments. Created from the open-source components of XenServer, it supports the virtualization of a range of operating systems, including Linux, Solaris, BSDs and Windows. This talk will introduce XCP and explain its relationship with Xen and Linux. We will quickly demonstrate how to use XCP via the command-line and using opensource graphical interfaces, and describe some interesting features that set XCP apart from other virtualization platforms.

RHEL5 XEN HandOnTraining_v0.4.pdf

Paul Yang

RMLL / LSM 2009Franck_Villaume

Rmll Virtualization As Is Tool 20090707 V1.0guest72e8c1

Cloud.pptm

Mayank Chaudhari

LinuxTag13: 10 years of Xen and beyond

The Linux Foundation

The Xen Hypervisor was built for the Cloud from the outset: when Xen was designed, we anticipated a world, which today is known as cloud computing. Today, 10 years after the project started, Xen powers the largest clouds in production. This talk explores success criteria, architecture, trade-offs and challenges for cloudy hypervisors. It is intended for users and developers and starts with a brief introduction to Xen and XCP, their architecture, common challenges for KVM and Xen and securing the cloud. It will introduce concepts such as the virtualization spectrum, the concept of domain disaggregation and the Xen Security Modules as techniques to increase security, robustness and scalability. All important factors for building clouds at scale. The talk will conclude with exciting developments in the Xen community, such as Xen support for ARM servers, Mirage appliances that can be run on any Xen based cloud, etc. and explore their implications for building open source clouds.

Using and Understanding Xen4Centos

The Linux Foundation

Xen Hypervisor Update 2011The Linux Foundation

20 christian ferber xen_server_6_workshopDigicomp Academy AG

XPDS14: Xen 4.5 Roadmap - Konrad Wilk, Oracle

The Linux Foundation

Konrad Wilk is a Software Development Manager at Oracle. His groupâ€™s mission is to make Linux and Xen Project virtualization better and faster. As part of this work, Konrad has been the maintainer of the Xen Project subsystem in Linux, Xen Project maintainer and now also Release Manager for the 4.5 release of the Xen Project Hypervisor. Konrad has been active in the Linux and Xen Project communities for more than 6 years and was instrumental in adding Xen Project support to the Linux Kernel.

17-virtualization.pptx

KowsalyaJayakumar2

Linaro connect : Introduction to Xen on ARM

The Linux Foundation

Xen Project Update LinuxCon BrazilThe Linux Foundation

Oscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCP

The Linux Foundation

Do you dream of being able to spin up ten or twenty (or a thousand) virtual machines in an instant? Discover and repair resource bottlenecks without moving a finger? Dodge the loss of an entire storage array with no-one noticing? Span across data centers with a fleet of virtual machines? This is no sales pitch; during this tutorial, we’ll demonstrate how to leverage truly FOSS tools to build a powerful, scalable cloud that easily competes with those proprietary solutions! This deep-dive into Xen, Xen Cloud Platform, and other FOSS cloud tools and concepts is intended both for those ready to wholeheartedly embrace virtualization and for those already seasoned in general virtualization practices. You’ll leave with a collection of pre-made tools that you can use right out of the box or modify to your liking. You’ll also leave with immediately useful knowledge on best practices and common pitfalls, presented by actual FOSS practitioners like you. We begin this tutorial by discussing Xen, Xen Cloud Platform (XCP), and XCP cloud concepts (pools, hosts, storage, networks, etc.). We then explore in detail the API that makes Xen so useful for building a cloud, explore provisioning of hosts and guests using PXE, and discuss templating and installing guest virtual machines. Critical to understanding potential bottlenecks, identifying tuning opportunities and planning for the future, we will discuss performance monitoring and methodologies. Next, we teach you how to make the most of your new FOSS cloud capabilities and discuss in detail high availability infrastructure for storage and networking, advanced networking capabilities like bonding/VLANs, and the cloud orchestration tools that save you time and money. All of this with a focus on XCP in enterprise environments. Tools discussed include DRBD, Pacemaker, Open vSwitch, Cloudstack, Openstack, and more. We conclude by shedding light on exciting developments: Xen 4.2 has recently been released, with just over a year of development time and nearly 3,000 changesets. We will discuss many of the new features introduced in 4.2, as well as what changes we have in store for the 4.3 release as well as other exciting developments.

CentOS at Facebook

Phil Dibowitz

XenServer Design Workshop

Tim Mackey

The XenServer virtualization platform is used by well over 100,000 organizations to fulfill their IT objectives. Common scenarios include traditional server virtualization such as that found with VMware vSphere, delivery of large scale cloud services via Apache CloudStack or OpenStack, and as a platform for high performance desktop virtualization through XenDesktop. These use cases all have requirements of scale and manageability which imply solid deployments. The content in this deck was presented in workshop form at FOSSETCON in 2015. Much of the information contained will work for any XenServer version, but XenServer 6.5 was covered. The audience was assumed to have some familiarity with virtualization concepts, but no assumptions about XenServer was made. Core concepts covered included; storage design, network design and operations, scalability and failure domains, as well as core features such as virtualized graphics.

vBACD July 2012 - Xen Cloud Platform

CloudStack - Open Source Cloud Computing Project

"Xen Cloud Platform”, Mike McClurg, Senior Engineer, Xen.org Engineering The Xen Cloud Platform is an open-source, enterprise-ready server virtualization platform. It is based on the Xen hypervisor, and represents the common code base for Citrix's XenServer product line. This presentation gives an introduction to XCP, and how it relates to both the Xen hypervisor and to Citrix's XenServer. It covers XCP's XenAPI and how it can be used by two of the most popular cloud orchestration frameworks, CloudStack and OpenStack. Finally, it discusses the XCP "roadmap," and the plans for the future of XCP.

Similar to XPDDS18: LCC18: Xen Project: After 15 years, What's Next? - George Dunlap, Citrix (20)

XPDDS17: Recent and Ongoing Xen Related Work in the Linux Kernel - Jürgen Gr...

LinuxCon Japan 13 : 10 years of Xen and Beyond

Xen Cloud Platform Update

XCP: The Art of Open Virtualization for the Enterprise and the Cloud

RHEL5 XEN HandOnTraining_v0.4.pdf

RMLL / LSM 2009

Rmll Virtualization As Is Tool 20090707 V1.0

Cloud.pptm

LinuxTag13: 10 years of Xen and beyond

Using and Understanding Xen4Centos

Xen Hypervisor Update 2011

20 christian ferber xen_server_6_workshop

XPDS14: Xen 4.5 Roadmap - Konrad Wilk, Oracle

17-virtualization.pptx

Linaro connect : Introduction to Xen on ARM

Xen Project Update LinuxCon Brazil

Oscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCP

CentOS at Facebook

XenServer Design Workshop

vBACD July 2012 - Xen Cloud Platform

More from The Linux Foundation

ELC2019: Static Partitioning Made Simple

The Linux Foundation

Static partitioning is used to split an embedded system into multiple domains, each of them having access only to a portion of the hardware on the SoC. It is key to enable mixed-criticality scenarios, where a critical application, often based on a small RTOS, runs alongside a larger non-critical app, typically based on Linux. The two domains cannot interfere with each other. This talk will explain how to use Xen for static partitioning. It will introduce dom0-less, a new Xen feature written for the purpose. Dom0-less allows multiple VMs to start at boot time directly from the Xen hypervisor, decreasing boot times drastically. It makes it very easy to partition the system without virtualization overhead. Dom0 becomes unnecessary. This presentation will go into details on how to setup a Xen dom0-less system. It will show configuration examples and explain device assignment. The talk will discuss its implications for latency-sensitive and safety-critical environments.

XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...

The Linux Foundation

TrenchBoot is a cross-community OSS integration project for hardware-rooted, late launch integrity of open and proprietary systems. It provides a general purpose, open-source DRTM kernel for measured system launch and attestation of device integrity to trust-centric access infrastructure. TrenchBoot closes the UEFI Measurement Gap and reduces the need to trust system firmware. This talk will introduce TrenchBoot architecture and a recent collaboration with Oracle to launch the Linux kernel directly with Intel TXT or AMD SVM Secure Launch. It will propose mechanisms for integrating the Xen hypervisor into a TrenchBoot system launch. DRTM-enabled capabilities for client, server and embedded platforms will be presented for consideration by the Xen community.

XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...

The Linux Foundation

Artem will briefly cover what has been done since the first talk on Xen in Automotive domain back in 2013, what is going on now and what is still missing for broad adaptation of Xen in vehicles. The following topics will be covered: Embedded/automotive features of Xen Collaboration with AGL and GENIVI organizations for standardization Efforts on Functional Safety compliance Artem will also go over typical automotive use scenarios for Xen which may not be the same as generic computing use of hypervisor.

XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...

The Linux Foundation

XPDDS19 Keynote: Unikraft Weather Report

The Linux Foundation

In recent years unikernels have shown immense performance potential (e.g., boot times of only a few ms, image sizes of only hundreds of KBs).The fundamental drawback of unikernels is that they require that applications be manually ported to the underlying minimalistic OS, needing both expert work and often considerable amount of time. The Unikraft project provides a unikernel code base and build system that significantly simplifies the building of unikernels. In addition to support for a number CPU architectures, languages and frameworks, Unikraft provides debugging and tracing features that are generally sorely missing from unikernel projects. In this talk we will talk about these features, show a set of preliminary performance numbers, and provide a roadmap for the project's future.

XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...

The Linux Foundation

XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx

The Linux Foundation

This talk will introduce Dom0-less: a new way of using Xen to build mixed-criticality solutions. Dom0-less is a Xen feature that adds a novel approach to static partitioning based on virtualization. It allows multiple domains to start at boot time directly from the Xen hypervisor, decreasing boot times dramatically. Xen userspace tools, such as xl and libvirt, become optional. Dom0-less extends the existing device tree based Xen boot protocol to cover information required by additional domains. Binaries, such as kernels and ramdisks, are loaded by the bootloader (u-boot) and advertised to Xen via new device tree bindings. The audience will learn how to use Dom0-less to partition the system. Uboot and device tree configuration details will be explained to enable the audience to get the most out of this feature. The talk will include a status update and details on future plans.

XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...

The Linux Foundation

As the number of contributions grow, reviewer bandwidth becomes a bottleneck; and maintainers are always asking for more help. However, ultimately maintainers must at least Ack every patch that goes in; so if you're not a maintainer, how can you contribute? Why should anyone care about your opinion? This talk will try to lay out some advice and guidelines for non-maintainers, for how they can do code review in a way which will effectively reduce the load on maintainers when they do come to review a patch.

XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender

The Linux Foundation

This talk is a follow-up to our Summit 2017 presentation in which we covered our plans for Intel VMFUNC and #VE, as well as related use-cases. This year, we will provide a report on what we have accomplished in Xen 4.12, and what remains to be addressed. We will also give a brief status update of VMI on AMD hardware. The session will end with some real-world numbers of the Hypervisor Introspection solution running on Citrix Hypervisor 8.0 with #VE enabled.

OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...

The Linux Foundation

Safety certification is one of the essential requirements for software to be used in highly regulated industries. Besides technical and compliance issues (such as ISO 26262 vs IEC 611508) transitioning an existing project to become more easily safety certifiable requires significant changes to development practices within an open source project. In this session, we will lay out some challenges of making safety certification achievable in open source and the Xen Project. We will outline the process the Xen Project has followed thus far and highlight lessons learned along the way. The talk will primarily focus on necessary process, tooling changes and community challenges that can prevent progress. We will be offering an in-depth review of how Xen Project is approaching this challenging goal and try to derive lessons for other projects and contributors.

OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...

The Linux Foundation

Safety certification is one of the essential requirements for software to be used in highly regulated industries. The Xen Project, a secure and stable hypervisor that is used in many different markets, has been exploring the feasibility of building safety certified products on top of Xen for a year, looking at key aspects of its code base and development practices. In this session, we will lay out the motivation and challenges of making safety certification achievable in open source and the Xen Project. We will outline the process the project has followed thus far and highlight lessons learned along the way. The talk will cover technical enablers, necessary process and tooling changes and community challenges offering an in-depth review of how Xen Project is approaching this exciting and and challenging goal.

XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix

The Linux Foundation

2018 saw fundamental shifts in security boundaries which were previously taken for granted. A lot of work has been done in the past 2 years, and largely in secret under embargo, but there is plenty more work to be done to strengthen the existing mitigations and to try to recover some performance without reopening security holes. This talk will look at speculative execution sidechannels, the work which has already been done to mitigate the security holes, and future work which hopes to bring some improvements.

XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd

The Linux Foundation

The Arm architecture provides a set of guidelines that any software should abide by when accessing the memory with MMU off and update page-tables. Failing to do so may result in getting TLB conflicts or breaking coherency. In a previous talk ("Keeping coherency on Arm"), we focused on updating safely the stage-2 (aka P2M) page-tables. This talk will focus on the boot code and Xen memory management. During this session, we will introduce some of the guidelines and when they should be used. We will also discuss how Xen boot sequence needs to be reworked to avoid breaking the guidelines.

XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...

The Linux Foundation

For many years the QEMU codebase has contained PV backends for Xen guests, giving them paravirtual access to storage, network, keyboard, mouse, etc. however these backends have not been configurable as QEMU devices as their implementation did not fully adhere to the QEMU Object Model (QOM). Particularly the PV storage backend not using proper QOM devices, or qdevs, meant that the QEMU block layer needed to maintain legacy code that was cluttering up the source. This was causing push-back from the maintainers who did not want to accept any patches relating to that Xen backend until it was 'qdevified'. In this talk, I'll explain the modifications I made to QEMU to achieve 'qdevification' of the PV storage backend, how compatibility with the libxl toolstack was maintained, and what the next steps in both QEMU and libxl development should be.

XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D

The Linux Foundation

PCI is a local computer bus for attaching hardware devices in a computer, and is the main peripheral bus on modern x86 systems. As such, having a proper way to emulate it is crucial for Xen to be able to expose both fully emulated devices or passthrough devices to guests. This talk will focus on the current status of PCI emulation in Xen, how and where it is used, what are its main limitations and future plans to improve it in order to be more robust and modular.

XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems

The Linux Foundation

XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...

The Linux Foundation

Xen is a very powerful hypervisor with a talented and diverse developers community. Despite the fact it's almost everywhere (from the Cloud to the embedded world), it can be difficult to set up and manage as a system administrator. General purpose distros have Xen packages, but that's just a start in your Xen journey: you need some tooling and knowledge to have a working and scalable platform. XCP-ng was built to overcome those issues: by bringing Xen to the masses with a fully turnkey distro with Xen as its core. It's the logical sequel to the XCP project, with a community focus from the start. We'll see how it happened, what we did, and what's next. Finally, we'll see the impact of XCP-ng on the Xen Project.

XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...

The Linux Foundation

XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...

The Linux Foundation

High level toolstacks for server and cloud virtualization are very mature with large communities using and supporting them. Client virtualization is a much more niche community with unique requirements when compared to those found in the server space. In this talk, we’ll introduce a client virtualization toolstack for Xen (redctl) that we are using in Redfield, a new open-source client virtualization distribution that builds upon the work done by the greater virtualization and Linux communities. We will present a case for maturing libxl’s Go bindings and discuss what advantages Go has to offer for high level toolstacks, including in the server space.

XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE

The Linux Foundation

Today Xen is scheduling guest virtual cpus on all available physical cpus independently from each other. Recent security issues on modern processors (e.g. L1TF) require to turn off hyperthreading for best security in order to avoid leaking information from one hyperthread to the other. One way to avoid having to turn off hyperthreading is to only ever schedule virtual cpus of the same guest on one physical core at the same time. This is called core scheduling. This presentation shows results from the effort to implement core scheduling in the Xen hypervisor. The basic modifications in Xen are presented and performance numbers with core scheduling active are shown.

More from The Linux Foundation (20)