Note: also see https://www.slideshare.net/xen_com_mgr/ossna18-xen-beginners-training-exercise-script
The Xen Project supports some of the biggest clouds in production today and is moving into new industries, like security and automotive. Usually, you will use Xen indirectly as part of a commercial product, a distro, a hosting or cloud service and only indirectly use Xen. By following this session you will learn how Xen and virtualization work under the hood exploring high-level topics like architecture concepts related to virtualization to more technical attributes of the hypervisor like memory management (ballooning), virtual CPUs, scheduling, pinning, saving/restoring and migrating VMs.
Adding support for you new shiny board in Xen on ARM is a simple task once you get a kernel running on bare metal.
This session will cover the different steps to port Xen on ARM from the firmware to the shell prompt in DOM0.
We will give you tips on the common pitfalls when you have your hypervisor, or your DOM0 kernel crashing. We will also provide suggestion on how to debug when the console is not working.
What do “Crazy in Love” by Beyonce and the “Xen Project” have in common? They are both 15-year-old hits. Flash forward to today. The Xen Project is used by more than 10 million users, powers some of the largest clouds on the planet, and is starting to build momentum in embedded and safety-conscious market segments. The Xen Project played a key role in developing technologies outside of the hypervisor, like hardware virtualization, and open source security disclosure standards that impact entire industries.
The Xen Project’s success and longevity can be attributed to its flexible architecture, but more importantly to enabling community members to contribute ideas and code, even if they are not core to the project's main use-case. We will share how the project has supported new technologies and ideas (sometimes in the form of failures and sometimes wins) and will derive best practices that may help other projects .
Xen Project is a static partitioning hypervisor for embedded deployments (industrial, medical, etc.) Xen enforces strong isolation between domains so that one cannot affect the execution of another. Features such as cache coloring reduce interference and improve interrupt latency and determinism. A real-time workload can run alongside a more complex guest. But can it be used in safety-critical environments? The Xen hypervisor has a microkernel design: services and tools are non-essential and run in unprivileged VMs, while the core is less than 50K LOC. This architecture lends itself well to safety-critical applications as only the core is critical and needs to go through the certification process. This presentation will describe the activities of the Xen FuSa SIG (Special Interest Group) to make Xen easier to safety-certify. It will go through the aspects of Xen that pertain safety and it will explain how to set up a mixed-criticality system with Xen. The talk will discuss the challenges of making an Open Source project safety-certifiable and the progress that the Xen community made so far in the areas of documentation and requirements, MISRA-C code compliance, and interference reduction.
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxThe Linux Foundation
This talk will introduce Dom0-less: a new way of using Xen to build mixed-criticality solutions. Dom0-less is a Xen feature that adds a novel approach to static partitioning based on virtualization. It allows multiple domains to start at boot time directly from the Xen hypervisor, decreasing boot times dramatically. Xen userspace tools, such as xl and libvirt, become optional.
Dom0-less extends the existing device tree based Xen boot protocol to cover information required by additional domains. Binaries, such as kernels and ramdisks, are loaded by the bootloader (u-boot) and advertised to Xen via new device tree bindings.
The audience will learn how to use Dom0-less to partition the system. Uboot and device tree configuration details will be explained to enable the audience to get the most out of this feature. The talk will include a status update and details on future plans.
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...The Linux Foundation
Safety certification is one of the essential requirements for software to be used in highly regulated industries. Besides technical and compliance issues (such as ISO 26262 vs IEC 611508) transitioning an existing project to become more easily safety certifiable requires significant changes to development practices within an open source project.
In this session, we will lay out some challenges of making safety certification achievable in open source and the Xen Project. We will outline the process the Xen Project has followed thus far and highlight lessons learned along the way. The talk will primarily focus on necessary process, tooling changes and community challenges that can prevent progress. We will be offering an in-depth review of how Xen Project is approaching this challenging goal and try to derive lessons for other projects and contributors.
Hypervisors were once seen as purely cloud and server technologies, but have slowly seeped into the embedded space providing extra layers of security. This discussion will showcase how companies from security vendors to automotive are using open source hypervisors (particularly Xen Project) to secure embedded systems, what challenges they face and how they have overcome it. We will also explore what this might mean to IoT at large and how to get started in securing your embedded system with a hypervisor-first approach.
Hypervisors were once seen as purely cloud and server technologies, but have slowly seeped into the embedded space providing extra layers of security. This discussion will showcase how companies from security vendors to automotive are using open source hypervisors (particularly Xen Project) to secure embedded systems, what challenges they face and how they have overcome it. We will also explore what this might mean to IoT at large and how to get started in securing your embedded system with a hypervisor-first approach.
The topic will cover content such as: * Why virtualisation in embedded * Hypervisor architectures on ARM and a quick roundup of examples * Relevant security technologies * Specific requirements for embedded systems * Example usage of FOSS based hypervisors in embedded * Challenges such as safety certification and how this may be approached
Static partitioning is becoming increasingly common in embedded. A static hypervisor, such as Xen dom0less, is employed to split the hardware resources into multiple domains and run a different OS in each domain. For instance, Linux and Zephyr. Only the simplest static partitioning configurations don't involve any data exchanges between the domains. Often, communication and data exchanges between two or more environments are required to complete the data processing pipeline that implements the target application. However, the VM-to-VM communication mechanisms available in static partitioning configurations are typically more limited compared to general-purpose hypervisors. For example, PV drivers are not available to Xen dom0less domains. This presentation will discuss the need for communication in static partitioning setups and it will present the technical challenges involved in getting traditional communication methods to work, including Xen PV drivers and VirtIO. The talk will also provide simpler alternatives based on shared memory and interrupt notifications to set up domain-to-domain data streams: simpler techniques that are easily exploitable both by Linux and by tiny baremetal applications as well.
Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...Stefano Stabellini
Static partitioning enables multiple domains to run alongside each other with no interference. They could be running Linux, an RTOS, or another OS, and all of them have direct access to different portions of the SoC. In the last five years, the Xen community introduced several new features to make Xen-based static partitioning possible. Dom0less to start multiple static domains in parallel at boot, and Cache Coloring to minimize cache interference effects are among them. Static inter-domain communications mechanisms were introduced this year, while "ImageBuilder" has been making system-wide configurations easier. An easy-to-use complete solution is within our grasp. This talk will show the progress made on Xen static partitioning. The audience will learn to configure a realistic reference design with multiple partitions: a LinuxRT partition, a Zephyr partition, and a larger Linux partition. The presentation will show how to set up communication channels and direct hardware access for the domains. It will explain how to measure interrupt latency and use cache coloring to zero cache interference effects. The talk will include a live demo of the reference design.
Adding support for you new shiny board in Xen on ARM is a simple task once you get a kernel running on bare metal.
This session will cover the different steps to port Xen on ARM from the firmware to the shell prompt in DOM0.
We will give you tips on the common pitfalls when you have your hypervisor, or your DOM0 kernel crashing. We will also provide suggestion on how to debug when the console is not working.
What do “Crazy in Love” by Beyonce and the “Xen Project” have in common? They are both 15-year-old hits. Flash forward to today. The Xen Project is used by more than 10 million users, powers some of the largest clouds on the planet, and is starting to build momentum in embedded and safety-conscious market segments. The Xen Project played a key role in developing technologies outside of the hypervisor, like hardware virtualization, and open source security disclosure standards that impact entire industries.
The Xen Project’s success and longevity can be attributed to its flexible architecture, but more importantly to enabling community members to contribute ideas and code, even if they are not core to the project's main use-case. We will share how the project has supported new technologies and ideas (sometimes in the form of failures and sometimes wins) and will derive best practices that may help other projects .
Xen Project is a static partitioning hypervisor for embedded deployments (industrial, medical, etc.) Xen enforces strong isolation between domains so that one cannot affect the execution of another. Features such as cache coloring reduce interference and improve interrupt latency and determinism. A real-time workload can run alongside a more complex guest. But can it be used in safety-critical environments? The Xen hypervisor has a microkernel design: services and tools are non-essential and run in unprivileged VMs, while the core is less than 50K LOC. This architecture lends itself well to safety-critical applications as only the core is critical and needs to go through the certification process. This presentation will describe the activities of the Xen FuSa SIG (Special Interest Group) to make Xen easier to safety-certify. It will go through the aspects of Xen that pertain safety and it will explain how to set up a mixed-criticality system with Xen. The talk will discuss the challenges of making an Open Source project safety-certifiable and the progress that the Xen community made so far in the areas of documentation and requirements, MISRA-C code compliance, and interference reduction.
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxThe Linux Foundation
This talk will introduce Dom0-less: a new way of using Xen to build mixed-criticality solutions. Dom0-less is a Xen feature that adds a novel approach to static partitioning based on virtualization. It allows multiple domains to start at boot time directly from the Xen hypervisor, decreasing boot times dramatically. Xen userspace tools, such as xl and libvirt, become optional.
Dom0-less extends the existing device tree based Xen boot protocol to cover information required by additional domains. Binaries, such as kernels and ramdisks, are loaded by the bootloader (u-boot) and advertised to Xen via new device tree bindings.
The audience will learn how to use Dom0-less to partition the system. Uboot and device tree configuration details will be explained to enable the audience to get the most out of this feature. The talk will include a status update and details on future plans.
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...The Linux Foundation
Safety certification is one of the essential requirements for software to be used in highly regulated industries. Besides technical and compliance issues (such as ISO 26262 vs IEC 611508) transitioning an existing project to become more easily safety certifiable requires significant changes to development practices within an open source project.
In this session, we will lay out some challenges of making safety certification achievable in open source and the Xen Project. We will outline the process the Xen Project has followed thus far and highlight lessons learned along the way. The talk will primarily focus on necessary process, tooling changes and community challenges that can prevent progress. We will be offering an in-depth review of how Xen Project is approaching this challenging goal and try to derive lessons for other projects and contributors.
Hypervisors were once seen as purely cloud and server technologies, but have slowly seeped into the embedded space providing extra layers of security. This discussion will showcase how companies from security vendors to automotive are using open source hypervisors (particularly Xen Project) to secure embedded systems, what challenges they face and how they have overcome it. We will also explore what this might mean to IoT at large and how to get started in securing your embedded system with a hypervisor-first approach.
Hypervisors were once seen as purely cloud and server technologies, but have slowly seeped into the embedded space providing extra layers of security. This discussion will showcase how companies from security vendors to automotive are using open source hypervisors (particularly Xen Project) to secure embedded systems, what challenges they face and how they have overcome it. We will also explore what this might mean to IoT at large and how to get started in securing your embedded system with a hypervisor-first approach.
The topic will cover content such as: * Why virtualisation in embedded * Hypervisor architectures on ARM and a quick roundup of examples * Relevant security technologies * Specific requirements for embedded systems * Example usage of FOSS based hypervisors in embedded * Challenges such as safety certification and how this may be approached
Static partitioning is becoming increasingly common in embedded. A static hypervisor, such as Xen dom0less, is employed to split the hardware resources into multiple domains and run a different OS in each domain. For instance, Linux and Zephyr. Only the simplest static partitioning configurations don't involve any data exchanges between the domains. Often, communication and data exchanges between two or more environments are required to complete the data processing pipeline that implements the target application. However, the VM-to-VM communication mechanisms available in static partitioning configurations are typically more limited compared to general-purpose hypervisors. For example, PV drivers are not available to Xen dom0less domains. This presentation will discuss the need for communication in static partitioning setups and it will present the technical challenges involved in getting traditional communication methods to work, including Xen PV drivers and VirtIO. The talk will also provide simpler alternatives based on shared memory and interrupt notifications to set up domain-to-domain data streams: simpler techniques that are easily exploitable both by Linux and by tiny baremetal applications as well.
Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...Stefano Stabellini
Static partitioning enables multiple domains to run alongside each other with no interference. They could be running Linux, an RTOS, or another OS, and all of them have direct access to different portions of the SoC. In the last five years, the Xen community introduced several new features to make Xen-based static partitioning possible. Dom0less to start multiple static domains in parallel at boot, and Cache Coloring to minimize cache interference effects are among them. Static inter-domain communications mechanisms were introduced this year, while "ImageBuilder" has been making system-wide configurations easier. An easy-to-use complete solution is within our grasp. This talk will show the progress made on Xen static partitioning. The audience will learn to configure a realistic reference design with multiple partitions: a LinuxRT partition, a Zephyr partition, and a larger Linux partition. The presentation will show how to set up communication channels and direct hardware access for the domains. It will explain how to measure interrupt latency and use cache coloring to zero cache interference effects. The talk will include a live demo of the reference design.
System Device Tree and Lopper: Concrete Examples - ELC NA 2022Stefano Stabellini
System Device Tree is an extension to Device Tree to describe all the hardware on an SoC, including heterogeneous CPU clusters and secure resources not typically visible to an Operating System like Linux. This full view allows the System Device Tree to be the "One true source" of the entire hardware description and helps to prevent the common (and hard-to-debug) problem of conflicting resources and system consistency. Lopper is an Open Source framework to parse and manipulate System Device Tree. With Lopper, it is possible to generate multiple traditional Device Trees from a single larger System Device Tree. This presentation will provide an overview of System Device Tree and will discuss the latest updates of the specification and tooling. The talk will illustrate multiple use-cases for System Device Tree with concrete examples, such as Linux running on the more powerful CPU cluster and Zephyr running on a smaller Cortex-R cluster. It will also show how to use Lopper to generate multiple traditional Device Trees targeting different OSes, not just Linux but also Zephyr/other RTOSes. Finally, an end-to-end demo based on Yocto to build a complete heterogeneous system with multiple OSes and RTOSes running on different clusters on a single reference board will be shown.
The presentation will cover Xen Automotive. We will elaborate technical solutions for the identified gaps:
1. ARM architecture - support HW virtualization extensions for embedded systems
2. Stability requirements
3. RT Scheduler
4. Rich virtualized peripheral support (WiFi, Gfx, MM, USB, etc.)
5. Performance benchmarking
6. Security
Hypervisors are becoming more and more widespread in embedded environments, from automotive to medical and avionics. Their use case is different from traditional server and desktop virtualization, and so are their requirements. This talk will explain why hypervisors are used in embedded, and the unique challenges posed by these environments to virtualization technologies.
Xen, a popular open source hypervisor, was born to virtualize x86 Linux systems for the data center. It is now the leading open source hypervisor for ARM embedded platforms. The presentation will show how the ARM port of Xen differs from its x86 counterpart. It will go through the fundamental design decisions that made Xen a good choice for ARM embedded virtualization. The talk will explain the implementation of key features such as device assignment and interrupt virtualization.
Xen on ARM for embedded and IoT: from secure containers to dom0less systemsStefano Stabellini
Hypervisors are becoming increasingly widespread in embedded environments. Their use-case is different from server virtualization, and so are their requirements. The ability to run containerized applications is often a requirement. Xen on ARM is embracing the new challenges with innovative solutions.
This talk will discuss cutting-edge Xen on ARM features for embedded deployments, including dom0less, where multiple domains are started directly by Xen at boot. The presentation will explain the reasons why Xen is an excellent runtime environment for containerized apps and will introduce a new proposal for a Xen Project sub-project to create the ideal platform for secure containers in embedded.
XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...The Linux Foundation
Xen role, details of implementation and problems in a sample solution based on OSS (Android, Linux and Xen) that addresses Automotive requirements such as ultra-fast RVC boot time, quick IVI system boot time, cloud connectivity and multimedia capabilities, reliability and security through hardware virtualization. Secure CAN/LIN/MOST bus integration handled by Linux on Dom0 while Android runs customizable QML-based HMI in a sandbox of DomU. These case studies will include but not be limited to: computing power requirements, memory requirements, virtualization, stability, boot-time sequence and optimization, video clips showing results of the work done. Case study is built on TexasInstruments OMAP5 SoC.
Virtualization with KVM (Kernel-based Virtual Machine)Novell
As a technical preview, SUSE Linux Enterprise Server 11 contains KVM, which is the next-generation virtualization software delivered with the Linux kernel. In this technical session we will demonstrate how to set up SUSE Linux Enterprise Server 11 for KVM, install some virtual machines and deal with different storage and networking setups.
To demonstrate live migration we will also show a distributed replicated block device (DRBD) setup and a setup based on iSCSI and OCFS2, which are included in SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise 11 High Availability Extension.
Xen is a mature enterprise-grade virtual machine with many advanced security features which are unique to Xen. For this reason it's the hypervisor of choice for the NSA, the DoD, and the new QubesOS Secure Desktop project. However, while much of the security of Xen is inherent in its design, many of the advanced security features, such as stub domains, driver domains, XSM, and so on are not enabled by default. This session will describe all of the advanced security features of Xen, and the best way to configure them for the Cloud environment.
Safety-Certifying Open Source Software: The Case of the Xen HypervisorStefano Stabellini
Safety is important to software everywhere human lives are at risk. In these environments often safety-certifications are required to ensure that the quality of the software is high enough to minimize the risk of harm to humans. Safety-certifications such as ISO 26262 come with a series of requirements and processes that sometimes clash with well-established Open Source software development practices. How do we reconcile safety-certifications with Open Source? This presentation will provide an answer to that question. Taking Xen as an example of an Open Source project with a rich 15+ years history, this presentation will explain the best way to match Open Source activities with safety-certification requirements. It will discuss the role of the upstream community and downstream vendors in achieving compliance with ISO 26262 and IEC 61508. It will go through the changes to Xen Project processes already underway and the ones planned for the future to align the Xen hypervisor with safety-certifications. The talk will cover MISRA, traceability, testing, etc., and the latest updates from the Xen FuSa working group.
The Xen Project supports some of the biggest clouds in production today and is moving into new industries, like security and automotive. Usually, you will use Xen indirectly as part of a commercial product, a distro, a hosting or cloud service and only indirectly use Xen. By following this session you will learn how Xen and virtualization work under the hood exploring high-level topics like architecture concepts related to virtualization to more technical attributes of the hypervisor like memory management (ballooning), virtual CPUs, scheduling, pinning, saving/restoring and migrating VMs.
Overview of the architecture of the Linux kernel, based on "Anatomy of the Linux Kernel" by M. Tim Jones (IBM Developerworks), http://www.ibm.com/developerworks/linux/library/l-linux-kernel/
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVMvwchu
With co-presenter Maninder Singh, delivered a presentation about hypervisors and virtualization technology for an independent topic study project for the Operating System Design (EECS 4221) course at York University, Canada in October 2014.
Virtualization, briefly, is the separation of resources or requests for a service from the underlying physical delivery of that service. It is a concept in which access to a single underlying piece of hardware is coordinated so that multiple guest operating systems can share a single piece of hardware, with no guest operating system being aware that it is actually sharing anything at all.
Debian or Yocto Project? Which is the best for your Embedded Linux project?Chris Simmonds
As you contemplate how to put together the system software for your next Embedded Linux project you will probably be pondering which is the best path to take? Use a Linux distro such as Debian, (or another of your choosing), or create a custom operating system using Yocto Project (or Open Embedded or Buildroot). At first sight, Debian looks easy, especially if you are using a Raspberry Pi, a BeagleBone, or another board with a pre-installed Debian-derived system. So, why go to all the trouble of replacing it with Yocto?
In this talk I will show you the strengths and weaknesses of each approach, using real-world use cases as examples. Spoiler alert: my conclusion is that ... it all depends what you want to do. Debian is great for fast implementation and proof-of-concept, but for long term maintainability and control of the platform, you need Yocto
System Device Tree and Lopper: Concrete Examples - ELC NA 2022Stefano Stabellini
System Device Tree is an extension to Device Tree to describe all the hardware on an SoC, including heterogeneous CPU clusters and secure resources not typically visible to an Operating System like Linux. This full view allows the System Device Tree to be the "One true source" of the entire hardware description and helps to prevent the common (and hard-to-debug) problem of conflicting resources and system consistency. Lopper is an Open Source framework to parse and manipulate System Device Tree. With Lopper, it is possible to generate multiple traditional Device Trees from a single larger System Device Tree. This presentation will provide an overview of System Device Tree and will discuss the latest updates of the specification and tooling. The talk will illustrate multiple use-cases for System Device Tree with concrete examples, such as Linux running on the more powerful CPU cluster and Zephyr running on a smaller Cortex-R cluster. It will also show how to use Lopper to generate multiple traditional Device Trees targeting different OSes, not just Linux but also Zephyr/other RTOSes. Finally, an end-to-end demo based on Yocto to build a complete heterogeneous system with multiple OSes and RTOSes running on different clusters on a single reference board will be shown.
The presentation will cover Xen Automotive. We will elaborate technical solutions for the identified gaps:
1. ARM architecture - support HW virtualization extensions for embedded systems
2. Stability requirements
3. RT Scheduler
4. Rich virtualized peripheral support (WiFi, Gfx, MM, USB, etc.)
5. Performance benchmarking
6. Security
Hypervisors are becoming more and more widespread in embedded environments, from automotive to medical and avionics. Their use case is different from traditional server and desktop virtualization, and so are their requirements. This talk will explain why hypervisors are used in embedded, and the unique challenges posed by these environments to virtualization technologies.
Xen, a popular open source hypervisor, was born to virtualize x86 Linux systems for the data center. It is now the leading open source hypervisor for ARM embedded platforms. The presentation will show how the ARM port of Xen differs from its x86 counterpart. It will go through the fundamental design decisions that made Xen a good choice for ARM embedded virtualization. The talk will explain the implementation of key features such as device assignment and interrupt virtualization.
Xen on ARM for embedded and IoT: from secure containers to dom0less systemsStefano Stabellini
Hypervisors are becoming increasingly widespread in embedded environments. Their use-case is different from server virtualization, and so are their requirements. The ability to run containerized applications is often a requirement. Xen on ARM is embracing the new challenges with innovative solutions.
This talk will discuss cutting-edge Xen on ARM features for embedded deployments, including dom0less, where multiple domains are started directly by Xen at boot. The presentation will explain the reasons why Xen is an excellent runtime environment for containerized apps and will introduce a new proposal for a Xen Project sub-project to create the ideal platform for secure containers in embedded.
XPDS13: Xen in OSS based In–Vehicle Infotainment Systems - Artem Mygaiev, Glo...The Linux Foundation
Xen role, details of implementation and problems in a sample solution based on OSS (Android, Linux and Xen) that addresses Automotive requirements such as ultra-fast RVC boot time, quick IVI system boot time, cloud connectivity and multimedia capabilities, reliability and security through hardware virtualization. Secure CAN/LIN/MOST bus integration handled by Linux on Dom0 while Android runs customizable QML-based HMI in a sandbox of DomU. These case studies will include but not be limited to: computing power requirements, memory requirements, virtualization, stability, boot-time sequence and optimization, video clips showing results of the work done. Case study is built on TexasInstruments OMAP5 SoC.
Virtualization with KVM (Kernel-based Virtual Machine)Novell
As a technical preview, SUSE Linux Enterprise Server 11 contains KVM, which is the next-generation virtualization software delivered with the Linux kernel. In this technical session we will demonstrate how to set up SUSE Linux Enterprise Server 11 for KVM, install some virtual machines and deal with different storage and networking setups.
To demonstrate live migration we will also show a distributed replicated block device (DRBD) setup and a setup based on iSCSI and OCFS2, which are included in SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise 11 High Availability Extension.
Xen is a mature enterprise-grade virtual machine with many advanced security features which are unique to Xen. For this reason it's the hypervisor of choice for the NSA, the DoD, and the new QubesOS Secure Desktop project. However, while much of the security of Xen is inherent in its design, many of the advanced security features, such as stub domains, driver domains, XSM, and so on are not enabled by default. This session will describe all of the advanced security features of Xen, and the best way to configure them for the Cloud environment.
Safety-Certifying Open Source Software: The Case of the Xen HypervisorStefano Stabellini
Safety is important to software everywhere human lives are at risk. In these environments often safety-certifications are required to ensure that the quality of the software is high enough to minimize the risk of harm to humans. Safety-certifications such as ISO 26262 come with a series of requirements and processes that sometimes clash with well-established Open Source software development practices. How do we reconcile safety-certifications with Open Source? This presentation will provide an answer to that question. Taking Xen as an example of an Open Source project with a rich 15+ years history, this presentation will explain the best way to match Open Source activities with safety-certification requirements. It will discuss the role of the upstream community and downstream vendors in achieving compliance with ISO 26262 and IEC 61508. It will go through the changes to Xen Project processes already underway and the ones planned for the future to align the Xen hypervisor with safety-certifications. The talk will cover MISRA, traceability, testing, etc., and the latest updates from the Xen FuSa working group.
The Xen Project supports some of the biggest clouds in production today and is moving into new industries, like security and automotive. Usually, you will use Xen indirectly as part of a commercial product, a distro, a hosting or cloud service and only indirectly use Xen. By following this session you will learn how Xen and virtualization work under the hood exploring high-level topics like architecture concepts related to virtualization to more technical attributes of the hypervisor like memory management (ballooning), virtual CPUs, scheduling, pinning, saving/restoring and migrating VMs.
Overview of the architecture of the Linux kernel, based on "Anatomy of the Linux Kernel" by M. Tim Jones (IBM Developerworks), http://www.ibm.com/developerworks/linux/library/l-linux-kernel/
Hypervisors and Virtualization - VMware, Hyper-V, XenServer, and KVMvwchu
With co-presenter Maninder Singh, delivered a presentation about hypervisors and virtualization technology for an independent topic study project for the Operating System Design (EECS 4221) course at York University, Canada in October 2014.
Virtualization, briefly, is the separation of resources or requests for a service from the underlying physical delivery of that service. It is a concept in which access to a single underlying piece of hardware is coordinated so that multiple guest operating systems can share a single piece of hardware, with no guest operating system being aware that it is actually sharing anything at all.
Debian or Yocto Project? Which is the best for your Embedded Linux project?Chris Simmonds
As you contemplate how to put together the system software for your next Embedded Linux project you will probably be pondering which is the best path to take? Use a Linux distro such as Debian, (or another of your choosing), or create a custom operating system using Yocto Project (or Open Embedded or Buildroot). At first sight, Debian looks easy, especially if you are using a Raspberry Pi, a BeagleBone, or another board with a pre-installed Debian-derived system. So, why go to all the trouble of replacing it with Yocto?
In this talk I will show you the strengths and weaknesses of each approach, using real-world use cases as examples. Spoiler alert: my conclusion is that ... it all depends what you want to do. Debian is great for fast implementation and proof-of-concept, but for long term maintainability and control of the platform, you need Yocto
The 4.5 release no a minor "point" update: it is one of the most feature-rich releases in the project's history. It contains several important additions. Most notably, new Xen PVH virtualization mode now supports running as dom0, enhanced support for Remus, significant ARM architecture updates, security improvements, real-time scheduling, support for Intel Cache Monitoring Technology (CMT), as well as improvements for automotive and embedded use-cases. Other enhancements include additional support for FreeBSD, systemd support, additional libvirt support, the release of Mirage OS 2.0, and more.
Besides giving an overview of Xen 4.5, we will explain the project's roadmap process and share what's ahead for 2015: such as improved OpenStack integration and hotpatching (applying security fixes without the need to reboot).
CIF16/Scale14x: The latest from the Xen Project (Lars Kurth, Chairman of Xen ...The Linux Foundation
An important facilitator of Unikernel development, Xen Project continues to develop new and interesting technologies to support the needs of the next generation datacenter. Potentially game-changing technologies like Unikernels will never reach their full potential unless the hypervisor they rely on can handle a large number of potentially tiny VMs effectively and efficiently.
In this talk, Xen Project Advisory Board Chairman Lars Kurth will discuss some of the major advances in the hypervisor produced in last year's releases (4.5 and 4.6). He will also discuss some of the work in development which could appear in upcoming releases.
The Xen Hypervisor was built for the Cloud from the outset: when Xen was designed, we anticipated a world, which today is known as cloud computing. Today, 10 years after the project started, Xen powers the largest clouds in production.
This talk explores success criteria, architecture, trade-offs and challenges for cloudy hypervisors. It is intended for users and developers and starts with a brief introduction to Xen and XCP, their architecture, common challenges for KVM and Xen and securing the cloud. It will introduce concepts such as the virtualization spectrum, the concept of domain disaggregation and the Xen Security Modules as techniques to increase security, robustness and scalability. All important factors for building clouds at scale.
The talk will conclude with exciting developments in the Xen community, such as Xen support for ARM servers, Mirage appliances that can be run on any Xen based cloud, etc. and explore their implications for building open source clouds.
The virtualization can be described in a generic way as a separation of the service request from the underlying physical delivery of that service. In computer virtualization, an additional layer called hypervisor is typically added between the hardware and the operating system. The hypervisor layer is responsible for both sharing of hardware resource and the enforcement of mandatory access control rules based on the available hardware resources.
There are three types of virtualization: full virtualization, para-virtualization and operating system level (OS-level) virtualization.
XPDDS19: The Xen-Blanket for 2019 - Christopher Clark and Kelli Little, Star ...The Linux Foundation
The Open Source Xen-Blanket software was developed by researchers at IBM and Cornell University, as extensions to the Xen hypervisor and its PV drivers, to enable seamless use of Xen PV drivers in guest VMs of nested Xen deployments. It was presented at the EuroSys 2012 conference, with a paper that has been widely cited since, and deployed in Cornell's SuperCloud.
Xen-Blanket has never been presented to the Xen Community and the software left unmaintained. However, recent work by Star Lab has modernized its implementation, aiming to encourage its adoption and incorporation into the Xen Project software.
This session will introduce the Xen-Blanket, describing its motivation and features; present the structure of the implementation in the hypervisor and device drivers; outline an example architecture for its deployment; and summarize its current state and plans within the Xen Project.
For people who want to start out with #opensource , #openstack, #cloud , #bigdata Linux is the foundational skill. Consider this a beginner guide to linux , understand why it is important , what is the landscape and how easy it is to learn it.
The learning cheat sheet can be utilized from http://linoxide.com/guide/linux-command-shelf.html
PDF version attached as well .
This talk will discuss the challenges of client virtualization and introduce at a technical level XenClient XT, a security-oriented client virtualization product by Citrix. By describing XenClient XT architecture and features, it will be shown how the unique Xen's design and its support for modern x86 platform hardware can increase security and isolation among VMs.
Disaggregation of services provided by the platform will be a key of this talk. It will also be shown how third party software components can provide services to VMs in a secure and controlled way.
Static partitioning is used to split an embedded system into multiple domains, each of them having access only to a portion of the hardware on the SoC. It is key to enable mixed-criticality scenarios, where a critical application, often based on a small RTOS, runs alongside a larger non-critical app, typically based on Linux. The two domains cannot interfere with each other.
This talk will explain how to use Xen for static partitioning. It will introduce dom0-less, a new Xen feature written for the purpose. Dom0-less allows multiple VMs to start at boot time directly from the Xen hypervisor, decreasing boot times drastically. It makes it very easy to partition the system without virtualization overhead. Dom0 becomes unnecessary.
This presentation will go into details on how to setup a Xen dom0-less system. It will show configuration examples and explain device assignment. The talk will discuss its implications for latency-sensitive and safety-critical environments.
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...The Linux Foundation
TrenchBoot is a cross-community OSS integration project for hardware-rooted, late launch integrity of open and proprietary systems. It provides a general purpose, open-source DRTM kernel for measured system launch and attestation of device integrity to trust-centric access infrastructure. TrenchBoot closes the UEFI Measurement Gap and reduces the need to trust system firmware. This talk will introduce TrenchBoot architecture and a recent collaboration with Oracle to launch the Linux kernel directly with Intel TXT or AMD SVM Secure Launch. It will propose mechanisms for integrating the Xen hypervisor into a TrenchBoot system launch. DRTM-enabled capabilities for client, server and embedded platforms will be presented for consideration by the Xen community.
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...The Linux Foundation
Artem will briefly cover what has been done since the first talk on Xen in Automotive domain back in 2013, what is going on now and what is still missing for broad adaptation of Xen in vehicles. The following topics will be covered:
Embedded/automotive features of Xen
Collaboration with AGL and GENIVI organizations for standardization
Efforts on Functional Safety compliance
Artem will also go over typical automotive use scenarios for Xen which may not be the same as generic computing use of hypervisor.
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...The Linux Foundation
In this keynote talk, we will give an overview of the state of the Xen Project, trends that impact the project, see whether challenges that surfaced last year have been addressed and how we did it, and highlight new challenges and solutions for the coming year.
In recent years unikernels have shown immense performance potential (e.g., boot times of only a few ms, image sizes of only hundreds of KBs).The fundamental drawback of unikernels is that they require that applications be manually ported to the underlying minimalistic OS, needing both expert work and often considerable amount of time.
The Unikraft project provides a unikernel code base and build system that significantly simplifies the building of unikernels. In addition to support for a number CPU architectures, languages and frameworks, Unikraft provides debugging and tracing features that are generally sorely missing from unikernel projects. In this talk we will talk about these features, show a set of preliminary performance numbers, and provide a roadmap for the project's future.
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...The Linux Foundation
The idea of making Xen secret-free has been floating since Spectre and Meltdown came into light. In this talk we will discuss what is being done and what needs to be done next.
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...The Linux Foundation
As the number of contributions grow, reviewer bandwidth becomes a bottleneck; and maintainers are always asking for more help. However, ultimately maintainers must at least Ack every patch that goes in; so if you're not a maintainer, how can you contribute? Why should anyone care about your opinion?
This talk will try to lay out some advice and guidelines for non-maintainers, for how they can do code review in a way which will effectively reduce the load on maintainers when they do come to review a patch.
This talk is a follow-up to our Summit 2017 presentation in which we covered our plans for Intel VMFUNC and #VE, as well as related use-cases. This year, we will provide a report on what we have accomplished in Xen 4.12, and what remains to be addressed. We will also give a brief status update of VMI on AMD hardware. The session will end with some real-world numbers of the Hypervisor Introspection solution running on Citrix Hypervisor 8.0 with #VE enabled.
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...The Linux Foundation
Safety certification is one of the essential requirements for software to be used in highly regulated industries. The Xen Project, a secure and stable hypervisor that is used in many different markets, has been exploring the feasibility of building safety certified products on top of Xen for a year, looking at key aspects of its code base and development practices.
In this session, we will lay out the motivation and challenges of making safety certification achievable in open source and the Xen Project. We will outline the process the project has followed thus far and highlight lessons learned along the way. The talk will cover technical enablers, necessary process and tooling changes and community challenges offering an in-depth review of how Xen Project is approaching this exciting and and challenging goal.
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixThe Linux Foundation
2018 saw fundamental shifts in security boundaries which were previously taken for granted. A lot of work has been done in the past 2 years, and largely in secret under embargo, but there is plenty more work to be done to strengthen the existing mitigations and to try to recover some performance without reopening security holes.
This talk will look at speculative execution sidechannels, the work which has already been done to mitigate the security holes, and future work which hopes to bring some improvements.
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdThe Linux Foundation
The Arm architecture provides a set of guidelines that any software should abide by when accessing the memory with MMU off and update page-tables. Failing to do so may result in getting TLB conflicts or breaking coherency.
In a previous talk ("Keeping coherency on Arm"), we focused on updating safely the stage-2 (aka P2M) page-tables. This talk will focus on the boot code and Xen memory management.
During this session, we will introduce some of the guidelines and when they should be used. We will also discuss how Xen boot sequence needs to be reworked to avoid breaking the guidelines.
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...The Linux Foundation
For many years the QEMU codebase has contained PV backends for Xen guests, giving them paravirtual access to storage, network, keyboard, mouse, etc. however these backends have not been configurable as QEMU devices as their implementation did not fully adhere to the QEMU Object Model (QOM).
Particularly the PV storage backend not using proper QOM devices, or qdevs, meant that the QEMU block layer needed to maintain legacy code that was cluttering up the source. This was causing push-back from the maintainers who did not want to accept any patches relating to that Xen backend until it was 'qdevified'.
In this talk, I'll explain the modifications I made to QEMU to achieve 'qdevification' of the PV storage backend, how compatibility with the libxl toolstack was maintained, and what the next steps in both QEMU and libxl development should be.
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DThe Linux Foundation
PCI is a local computer bus for attaching hardware devices in a computer, and is the main peripheral bus on modern x86 systems. As such, having a proper way to emulate it is crucial for Xen to be able to expose both fully emulated devices or passthrough devices to guests.
This talk will focus on the current status of PCI emulation in Xen, how and where it is used, what are its main limitations and future plans to improve it in order to be more robust and modular.
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsThe Linux Foundation
Volodymyr will speak about TEE mediators. This is a new feature in Xen which allows multiple virtual machines to interact with Trusted Execution Environment available on platform. He developed mediator for one of TEEs, namely OP-TEE.
He will give background information on why TEE is needed at all and share some implementation details.
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...The Linux Foundation
Xen is a very powerful hypervisor with a talented and diverse developers community. Despite the fact it's almost everywhere (from the Cloud to the embedded world), it can be difficult to set up and manage as a system administrator. General purpose distros have Xen packages, but that's just a start in your Xen journey: you need some tooling and knowledge to have a working and scalable platform.
XCP-ng was built to overcome those issues: by bringing Xen to the masses with a fully turnkey distro with Xen as its core. It's the logical sequel to the XCP project, with a community focus from the start. We'll see how it happened, what we did, and what's next. Finally, we'll see the impact of XCP-ng on the Xen Project.
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...The Linux Foundation
Doug has long advocated for more CI/CD (Continuous Integration / Continuous Delivery) processes to be adopted by the Xen Project from the use of Travis CI and now GitLab CI. This talk aims to propose ideas for building upon the existing process and transforming the development process to provide users a higher quality with each release by the Xen Project.
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...The Linux Foundation
High level toolstacks for server and cloud virtualization are very mature with large communities using and supporting them. Client virtualization is a much more niche community with unique requirements when compared to those found in the server space. In this talk, we’ll introduce a client virtualization toolstack for Xen (redctl) that we are using in Redfield, a new open-source client virtualization distribution that builds upon the work done by the greater virtualization and Linux communities. We will present a case for maturing libxl’s Go bindings and discuss what advantages Go has to offer for high level toolstacks, including in the server space.
Today Xen is scheduling guest virtual cpus on all available physical cpus independently from each other. Recent security issues on modern processors (e.g. L1TF) require to turn off hyperthreading for best security in order to avoid leaking information from one hyperthread to the other. One way to avoid having to turn off hyperthreading is to only ever schedule virtual cpus of the same guest on one physical core at the same time. This is called core scheduling.
This presentation shows results from the effort to implement core scheduling in the Xen hypervisor. The basic modifications in Xen are presented and performance numbers with core scheduling active are shown.
XPDDS19: Implementing AMD MxGPU - Jonathan Farrell, Assured Information SecurityThe Linux Foundation
The use of Virtual GPUs (vGPUs) has widely grown in server farms to give Virtual Machines (VMs) dedicated graphics. Software rendering with virtual CPUs can only take us so far and even with Intel-GVT, which uses integrated graphics, there isn't enough power to do the fun stuff. In this presentation, Jon Farrell will be talking about the process of implementing AMD MxGPU on Xen, challenges that he encountered while doing it, and discussing performance metrics of bare metal and vGPU VM on popular benchmarks like 3D Mark* and The Witcher 3. To wrap up his presentation, Jon will share his thoughts about future research and where this technology can take us.
XPDDS19: Support of PV Devices in Nested Xen - Jürgen Groß, SUSEThe Linux Foundation
Current support of nested virtualization with Xen is limited to fully emulated devices for the L1 hypervisor (L0 hypervisor being the one running on the physical machine). For being able to let L2 dom0 make use of L1 PV devices several new interfaces are needed.
In this design session I'll present my ideas how to add support of PV devices for L2 dom0. There are several possibilities how to do the work which I'd like to discuss.
Navigating the Metaverse: A Journey into Virtual Evolution"Donna Lenk
Join us for an exploration of the Metaverse's evolution, where innovation meets imagination. Discover new dimensions of virtual events, engage with thought-provoking discussions, and witness the transformative power of digital realms."
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Anthony Dahanne
Les Buildpacks existent depuis plus de 10 ans ! D’abord, ils étaient utilisés pour détecter et construire une application avant de la déployer sur certains PaaS. Ensuite, nous avons pu créer des images Docker (OCI) avec leur dernière génération, les Cloud Native Buildpacks (CNCF en incubation). Sont-ils une bonne alternative au Dockerfile ? Que sont les buildpacks Paketo ? Quelles communautés les soutiennent et comment ?
Venez le découvrir lors de cette session ignite
May Marketo Masterclass, London MUG May 22 2024.pdfAdele Miller
Can't make Adobe Summit in Vegas? No sweat because the EMEA Marketo Engage Champions are coming to London to share their Summit sessions, insights and more!
This is a MUG with a twist you don't want to miss.
Enterprise Resource Planning System includes various modules that reduce any business's workload. Additionally, it organizes the workflows, which drives towards enhancing productivity. Here are a detailed explanation of the ERP modules. Going through the points will help you understand how the software is changing the work dynamics.
To know more details here: https://blogs.nyggs.com/nyggs/enterprise-resource-planning-erp-system-modules/
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteGoogle
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-pilot-review/
AI Pilot Review: Key Features
✅Deploy AI expert bots in Any Niche With Just A Click
✅With one keyword, generate complete funnels, websites, landing pages, and more.
✅More than 85 AI features are included in the AI pilot.
✅No setup or configuration; use your voice (like Siri) to do whatever you want.
✅You Can Use AI Pilot To Create your version of AI Pilot And Charge People For It…
✅ZERO Manual Work With AI Pilot. Never write, Design, Or Code Again.
✅ZERO Limits On Features Or Usages
✅Use Our AI-powered Traffic To Get Hundreds Of Customers
✅No Complicated Setup: Get Up And Running In 2 Minutes
✅99.99% Up-Time Guaranteed
✅30 Days Money-Back Guarantee
✅ZERO Upfront Cost
See My Other Reviews Article:
(1) TubeTrivia AI Review: https://sumonreview.com/tubetrivia-ai-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Experience our free, in-depth three-part Tendenci Platform Corporate Membership Management workshop series! In Session 1 on May 14th, 2024, we began with an Introduction and Setup, mastering the configuration of your Corporate Membership Module settings to establish membership types, applications, and more. Then, on May 16th, 2024, in Session 2, we focused on binding individual members to a Corporate Membership and Corporate Reps, teaching you how to add individual members and assign Corporate Representatives to manage dues, renewals, and associated members. Finally, on May 28th, 2024, in Session 3, we covered questions and concerns, addressing any queries or issues you may have.
For more Tendenci AMS events, check out www.tendenci.com/events
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamtakuyayamamoto1800
In this slide, we show the simulation example and the way to compile this solver.
In this solver, the Helmholtz equation can be solved by helmholtzFoam. Also, the Helmholtz equation with uniformly dispersed bubbles can be simulated by helmholtzBubbleFoam.
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTier1 app
Even though at surface level ‘java.lang.OutOfMemoryError’ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.
In software engineering, the right architecture is essential for robust, scalable platforms. Wix has undergone a pivotal shift from event sourcing to a CRUD-based model for its microservices. This talk will chart the course of this pivotal journey.
Event sourcing, which records state changes as immutable events, provided robust auditing and "time travel" debugging for Wix Stores' microservices. Despite its benefits, the complexity it introduced in state management slowed development. Wix responded by adopting a simpler, unified CRUD model. This talk will explore the challenges of event sourcing and the advantages of Wix's new "CRUD on steroids" approach, which streamlines API integration and domain event management while preserving data integrity and system resilience.
Participants will gain valuable insights into Wix's strategies for ensuring atomicity in database updates and event production, as well as caching, materialization, and performance optimization techniques within a distributed system.
Join us to discover how Wix has mastered the art of balancing simplicity and extensibility, and learn how the re-adoption of the modest CRUD has turbocharged their development velocity, resilience, and scalability in a high-growth environment.
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxrickgrimesss22
Discover the essential features to incorporate in your Winzo clone app to boost business growth, enhance user engagement, and drive revenue. Learn how to create a compelling gaming experience that stands out in the competitive market.
Into the Box Keynote Day 2: Unveiling amazing updates and announcements for modern CFML developers! Get ready for exciting releases and updates on Ortus tools and products. Stay tuned for cutting-edge innovations designed to boost your productivity.
A Comprehensive Look at Generative AI in Retail App Testing.pdfkalichargn70th171
Traditional software testing methods are being challenged in retail, where customer expectations and technological advancements continually shape the landscape. Enter generative AI—a transformative subset of artificial intelligence technologies poised to revolutionize software testing.
Accelerate Enterprise Software Engineering with PlatformlessWSO2
Key takeaways:
Challenges of building platforms and the benefits of platformless.
Key principles of platformless, including API-first, cloud-native middleware, platform engineering, and developer experience.
How Choreo enables the platformless experience.
How key concepts like application architecture, domain-driven design, zero trust, and cell-based architecture are inherently a part of Choreo.
Demo of an end-to-end app built and deployed on Choreo.
Accelerate Enterprise Software Engineering with Platformless
OSSNA18: Xen Beginners Training
1.
2. Lars Kurth
Community Manger, Xen Project
Chairman, Xen Project Advisory Board
Director, Open Source, Citrix
George Dunlap
Committer, Xen Project
Senior Software Engineer, Citrix
Contributors
Andrew Cooper. Committer, Xen Project ◉ Roger Pau Monné, Maintainer, Xen Project ◉
Wei Liu, Committer, Xen Project
lars_kurth gwd
3. Virtualization Concepts
Overview of Xen’s Basic concepts and use-cases
– With exercises built in
How to get help from the community
A peek view into Xen’s more advanced features
Important Note: Usually, you will use Xen indirectly as part of a
commercial product or part of a bigger SW stack, or have scripts to
automate much of what is covered in this session. However, by following
this session you will learn how Xen and virtualization works under the
hood.
4. Versatile Virtualization Platform
Designed to be a component in a SW stack
Ease of use for end-users not a design goal
Xen Hypervisor = “Engine”
Taken by integrators to build a product, service, …
Analogy: Xen integrators build a “Car”
Examples at the end
Xen Project
Development community with several sub projects
that develop technologies related to Xen
– Hypervisor
– PV Drivers
– Unikernel related projects: MirageOS, Unikraft
5.
6. Host
Operating System, e.g.
*BSD, Linux, Windows, …
Kernel
Processes, Threads, Interrupts, …
Native Drivers
BIOS
Applications
CPU & Memory Devices
Hypervisor
separates a computer’s operating system and applications from the
underlying physical hardware ➜ Virtual Machine
Creates an illusion that the Virtual Machine owns a set of CPUs and
Memory memory within the host
This is done via CPU virtualization, where the Hypervisor
• Temporally manages CPU resources via a scheduler and takes control of
interrupts and timers
• Spatially manages memory resources and ensures that a VM can only
access the memory it is supposed to
I/O Virtualization
Multiplexes I/O devices across different virtual machines such that they can
be shared across different VMs.
• There are a number of different ways of how to do this
Assign devices to specific Virtual Machines ➜ Passthrough
7. Host
Type 1 HV
VM1 VM2 VM3
ESX Server
VM0
Host
Type 1 HV
VM1 VM2
Xen
Hyper-V
Host
OS
KVM
VirtualBox
VM1 VM2 VM3
Kernel
Type 2 HV
9. VM0 (or Dom0)
Dom0 Kernel
Native Driver
System Services
HostCPUsMemoryI/O
VM2 (DomU2)
PV mode
Guest OS
Applications
Scheduler MMU Timers Interrupts
Dom0
Privileged VM that interacts
with the hypervisor providing
system services such as
XS=XenStore/XenBus
(Settings), TS=Toolstack
(UI), DE=Device Emulation
(QEMU) in a standard
setup.
It also is the source of physical
and virtual drivers (backends) and
thus native hardware support
for a Xen system.
VM1 (DomU1)
HVM mode
Guest OS
Applications
XS TSDE
10. VM0 (or Dom0)
Toolstack
- xl command
- Domain config
files
System Services
Dom0 Kernel
xl toolstack
◦ CLI
◦ Domain Config
xl is the built-in toolstack for Xen
– Virsh / virt-manager can also be used
– XAPI is the toolstack for XenServer and XCP-ng
xl can be used
https://xenbits.xen.org/docs/unstable/man/xl.1.html
– normally run as root in Dom0
– to create, pause, and shutdown domains
– to list current domains, enable or pin VCPUs, and attach
or detach virtual block devices
Domain configuration files (/etc/xen/<domain>.cfg)
https://xenbits.xen.org/docs/unstable/man/xl.cfg.5.html
– describe per domain/VM configuration in Dom0 filesystem
11. VM0 (or Dom0)
Dom0 Kernel
Native Driver
System Services
HostCPUsMemoryI/O
VM2 (DomU2)
Any mode with
PV Drivers present
Guest OS
Linux, *BSD: drivers
are shipped with OS
Applications
Scheduler MMU Timers Interrupts
VM1 (DomU1)
HVM mode only
no PV Drivers
Guest OS
Applications
*Back Driver *Front Driver
Native Driver
Device Emulation
(QEMU)
VM3 (DomU3)
HVM with Windows
PV Drivers
Windows
Drivers for many devices
(but not all) are available at
https://xenproject.org/
downloads/windows-
pv-drivers.html
Applications
*Front Driver
12. PV Drivers
Originally developed for disk and network I/O
But there are a host of PV drivers for DRM, Touchscreen, Audio, … for
non-server use of Xen
Device Emulation …
is normally only used during system bootstrap or installation
and for low-bandwidth devices
A few PV backends (e.g. support for QCOW2 images) can also run in
userspace within QEMU
13. Xen
Dom0
Dom0 Kernel
native network driver
Host
NIC
DomUX
Any mode with
PV Drivers present
Guest OS Kernel
netback driver netfront driver
ethN
vifX.DX ethDX
With xl, the host networking configuration is
not configured by the toolstack
The host administrator needs to setup an
appropriate network configuration in
Dom0 using native Linux/BSD tools using a
number of different networking stylesAdmin
vifX+1.DX+1
●●●
14. Xen follows FHS: www.pathname.com/fhs/pub/fhs-2.3.html
/etc/xen : scripts, config file examples, your config files
/var/log/xen : log files
/usr/lib64/xen/bin : xen binaries
/usr/lib64/xen/boot : xen firmware and boot related binaries
/boot : boot and install images
15. Section 1 of session guide
Duration VB Install : <2 minutes
Duration rest of Install : <6 minutes
17. VirtualBox VM
Your Laptop
Your OS
Kernel
VirtualBox
VirtualBox VM
Xen 4.8 from CentOS 7
Dom0
CentOS 7
DomUX
PV Guests only
Applications
CentOS 7
18. Xen takes over the entire host
Not really what you want after a training session
People have different environments
This makes it hard to run an effective training session
Can show almost everything
Xen PV guests can run fairly fast within any other Hypervisor
To use HVM or PVH you will need a dedicated host
Why Xen 4.8 from CentOS 7?
Has a lot of functionality up to Xen 4.10 backported
For other distros, you will need the equivalent of Xen 4.10
19. Install and configure Virtual Box
See section 1.1 of the session guide
Hopefully you have already done this
Import CentOS 7 Virtual Box Image
See section 1.2 of the session guide
Install Xen in Virtual Box VM
See section 1.3 of the session guide
20.
21. Xen
Dom0
Dom0 Kernel
native network driver
Host
NIC
DomUX
Any mode with
PV Drivers present
Guest OS Kernel
netback driver netfront driver
ethN
vifX.DX ethDX
With xl, the host networking configuration is
not configured by the toolstack
The host administrator needs to setup an
appropriate network configuration in
Dom0 using native Linux/BSD tools using
one of the following networking styles:
– Bridging (most common)
– Open vSwitch
– Routing
– NAT
Documentation @ wiki.xenproject.org/wiki/
– Network_Configuration_Examples_(Xen_4.1%2B)
Dom0: Examples for enabling different networking
styles in various distros
– Xen_Networking
Xen configuration examples for different
networking styles
vif=[ …]
Admin
vifX+1.DX+1
●●●
22. Xen
Dom0
Dom0 Kernel
native network driver
Host
NIC
DomU4
Any mode with
PV Drivers present
Guest OS Kernel
netback driver netfront driver
eth0
vif4.0 eth0
Step 1: install bridging software packages, if
not present ✓
Step 2: set up a network bridge (xenbr0) in
Dom0 ✓
Step 3: connect DomU’s to network bridge
DomU4
vif = ['mac=…, bridge=xenbr0’ ]
DomU5
vif = ['mac=… ’] # xenbr0 is the default
…
Note on MAC addresses:
MAC addresses will be assigned
automatically by xl, unless specified
➜ may change on host reboot
vif5.0
●●●
xenbr0
23. Template designed by PresentationGO.com
HVM
Requires Intel VT-x or
AMD SVM
2005/6
HVM
Optimizations
Changes to HVM: instead of Device
Emulation, use HW acceleration when
available (e.g. Local APIC and Posted
Interrupts).
On PV capable hosts and guests use PV
extension where faster, including on
Windows (marketing term: PVHVM)
2010
to 16
PV
Requires no HW support
But requires PV support in
guest operating systems.
From 2011 (Linux 3.0) linux
supports Xen PV out of the box.
2003
PVH
(lightweight HVM)
Re-architecting of HVM to avoid use of QEMU.
Goals: Windows guests without QEMU, reduce
code size, increase security, enable PVH
Dom0.
Requires PVH support in guest OSes.
Backwards compatibility mode for PV ➜
capability to build an HVM only version of Xen
2017
to now
y
2013
Xen/Arm
Added Arm32 and later 64 support
Re-think the historical split between
PV / HVM modes
➜ one virtualization mode on Arm
24. Virtualization technique called ring de-privileging developed in the late 90s.
Designed by:
– XenoServer research project at Cambridge University
– Intel
– Microsoft labs
x86 instructions behave differently in kernel or user mode: options for
virtualization were full software emulation or binary translation.
– Design a new interface for virtualization
– Allow guests to collaborate in virtualization
– Provide new interfaces for virtualized guests that allow to reduce the overhead of
virtualization
The result of this work is what we know today as paravirtualization, with Linux,
*BSD and Windows implementing some or all PV interfaces.
25. With the introduction of hardware virtualization extensions Xen is able to
run unmodified guests
– This requires emulated devices, which are handled by Qemu
– Makes use of nested page tables when available
– Allows to use PV interfaces if guest has support for them
Over time, HVM guests have been changed to automatically…
– use additional Hardware Acceleration support, such as Local APIC and Posted
Interrupts, if available
– make use of guest PV interfaces where they are faster (this capability has been
dubbed PVHVM or PV-on-HVM for marketing reasons)
26. Combine the best of PV and HVM mode
– Next-generation paravirtualization mode
– Takes advantage of hardware virtualization support
– No need for emulated BIOS or emulated devices
– Lower performance overhead than PV
– Lower memory overhead than HVM
– More secure than either PV or HVM mode
More Information:
– https://www.slideshare.net/xen_com_mgr/lcc18-xen-project-after-15-years-
whats-next-george-dunlap-citrix
– https://www.youtube.com/watch?v=10KsJ1UxUMY
27. PV mode: type=“pv”
Primarily of use for legacy HW and legacy guest images
And in special scenarios, e.g. special guest types, special workloads (e.g. Unikernels),
running Xen within another hypervisor without using nested virtualization, as container
host, guest limits (more PV guests than HVM guests), …
HVM mode: type=“hvm”
Typically the best performing option on for Linux, Windows, *BSDs
Adapts to hardware and software environment for performance
Guests look exactly like a “PC or Server”
PVH mode: type=”pvh”
Lightweight version of HVM ➜ promise of better performance and security
Needs Linux ≥ 4.15 and FreeBSD ≥ 12 (later in 2018)
Guest looks like a simpler abstraction of a “PC or Server”
Relatively new (Xen 4.10)
28. disk = [ 'format=…, Disk format, e.g. raw, qcow, qcow2, vhd, qed
vdev=…, Virtual device name as seen by the guest
See xen-vbd-interface(7) man page
access=…, Read write access: r, w
devtype=cdrom, If you want to use an ISO
target=…, ’] Block device or image file path (must be last)
DomUx
disk = [ … ]
Local Host
Use LVM to carve up your
physical disk into multiple
block devices
Store guest disk images as
files on a local filesystem
Remote Storage
For example RBD, NBD, NFS,
DRDB or iSCSI
Before installing a Dom0, consider where you are intending to store the guest
OS disk images ➜ you have to manage the disk space available and partition
the disk accordingly using LVM volumes
For the exercises we will store these in the root filesystem of the Dom0 guest
OS
A remote storage set-up is the normal set-up when Xen is used at scale,
either on premise or in a cloud computing set-up.
29. Dom0
Dom0 OS
DomUX
Guest OS
Applications
Xen Host Remote Host
Text Console (all guest types)
xl console or xl create -c …
See wiki.xenproject.org/wiki/Xen_FAQ_Console
ssh
All guest types
VNC Viewer
All guest types, but PV/PVH and HVM use
different config and implementation mechanisms
30. VM control
xl create [configfile] [OPTIONS] | shutdown [OPTIONS] -a|domain-id
destroy [OPTIONS] domain-id
xl pause domain-id | unpause domain-id
Information
xl info [OPTIONS]
xl list [OPTIONS] [domain-id ...]
xl top
xl uptime
Debug
xl dmesg [OPTIONS]
xl -v … logs from /var/log/xen/xl-${DOMNAME}.log, /var/log/xen/qemu-dm-
${DOMNAME}.log, …
31. Section 2 of session guide
Duration: <10 minutes
32.
33. 0 1 2 3
0 1 2 3
4 5 6 7
CPUs/Host
vCPUs/Xen
Created on demand based on user supplied information
Dom0
vcpus=2 0 1
DomU1
vcpus=1 2
DomU2
vcpus=5 3 7●●●
Scheduler
Schedules
vCPUs on
physical CPUs
What a Guest sees
35. For each VM, set maxmem in the domain config file
VM0
(or Dom0)
“Unallocated”
memory managed by Xen
A balloon driver in each VM (including
Dom0) is used to give back memory to
Xen to be used by other VMs.
VM0
(or Dom0)
VM1
(DomU1)
VM2
(DomU2)
VM3
(DomU3)
Comes with drivers in Linux, *BSD. Windows drivers at
xenproject.org/downloads/windows-pv-drivers.html
36. Important Notes:
From within the guest, the balloon is reported as used memory
If you have a guest that started at 2GiB and you ballooned down to 1GiB, it will
look like there's a memory hog driver that's grabbing 1GiB of RAM.
OS’es have to use memory to track memory even if it's ballooned out
Setting maxmem=16GiB memory=1GiB you'll have a lot less free memory than
maxmem=2GiB memory=1GiB
Config file xl … domain-id mem
maxmem=MBYTES
memory=MBYTES mem-set … sets the balloon size
37. Section 3 of session guide
Duration: <15 minutes
38. Save/Restore are building blocks that enable
moving VMs from one host to another without
downtime
Maintenance, Replacing Hosts, Building Block
for High Availability/Disaster Recovery, …
40. xl save [OPTIONS] domain-id checkpointfile [configfile]
Xen
DomU’s CPU &
memory state
DomU
Guest OS
Applications
DomU.cfg
xl save
Dom0 Filesystem
$location/DomU-snapshot/
checkpointfile +
configfile
41. xl restore [OPTIONS] [configfile] checkpointfile
Xen
DomU’s CPU &
memory state
DomU
Guest OS
Applications
DomU.cfg
Dom0 Filesystem
$location/DomU-snapshot/
xl restore
checkpointfile +
configfile
43. xl migrate [OPTIONS] domain-id host
Migrate a VM from one host to another (uses save/restore as building
blocks).
For this to work, you need
– Shared network storage between the two hosts
– Identical host network setups, ssh keys for the root users, …
– Compatible host models
A VM can only be migrated safely from one host to another if both hosts offer the set of CPU
features which the VM expects. If this is not the case, CPU features may appear or disappear as
the VM is migrated, causing it to crash.
– Compatible Xen versions
A VM build on an older Xen version can be migrated to a newer Xen version, but not vice versa
Restricted by the Xen compatibility policy
44.
45. Linux
Firmware
Bootloader: GRUB2
Kernel (with initial RAM disk: initrd)
●●●
For reference:
Linux: more information see https://opensource.com/article/17/2/linux-boot-and-startup
Other operating systems follow a similar pattern
They diverge after the Bootloader step
Filesystem
Installable Media
E.g. OS ISO Image
/boot
Install
46. HVM DomU
Dom0 Filesystem DomU Filesystem
/usr/lib64/xen/bin/firmware
Firmware
hvmloader
hvmloader is copied into guest memory by Xen
(under the control of the Toolstack). Hvmloader
sets up all necessary information for the Device
Emulator which emulates a HW environment
that appears exactly like a physical machine.
The correct firmware is automatically loaded as a
binary blob and copied into guest memory based
on config settings, but can be overridden via the
firmware config file option.
Toolstack
Bootloader: GRUB2
Kernel (with initial RAM disk: initrd)
●●●
/boot
47. Dom0 Filesystem
Any DomU
kernel=“PATHNAME”
ramdisk= “”PATHNAME”
Kernel image: ~/images/../vmlinuz
Initrd image: ~/images/../initrd.gz
Kernel (with initial RAM disk: initrd)
●●●
Toolstack
Works for all guest types
Non standard way of installing/booting
Need to be a host admins to configure
(need access to Dom0).
Useful for netboot, see
wiki.xenproject.org/wiki/Xenpvnetboot
48. Dom0 Filesystem
PV DomU
firmware="pvgrub32|pvgrub64"
Kernel image: ~/images/../vmlinuz
Initrd image: ~/images/../initrd.gz
Works for PV guest types
Non standard way of installing/booting,
with a standard bootloader UI.
Allows host admins to configure what
guests and kernel versions a guest admin
can install.
Also used for PXE booting
Requires a PV capable GRUB2 (you may
need to build from source or install an
appropriate distro package)
Also see
wiki.xenproject.org/wiki/PvGrub2
/usr/lib64/xen/bin/pvgrub
GRUB2 (with built-in PV support)
Kernel (with initial RAM disk: initrd)
●●●
Toolstack
49. PV DomU
bootloader=“pygrub”
Kernel (with initial RAM disk: initrd)
●●●
Executes pygrub (same UI as GRUB)
Dom0 Filesystem DomU Filesystem
/boot/usr/lib64/xen/bin/pygrub
Toolstack
The closest to a standard OS install
workflow (although different behind the
scenes)
See
wiki.xenproject.org/wiki/PyGrub
50. In most real-life scenarios you will use HVM guests
Guest install workflow as on a native system
That does not scale across a large number of hosts
In Xen based products install complexity is usually hidden
Via templates, pre-baked guest images and other means
Exercises: will use PV with PyGrub
Using a prepared VirtualBox image that contains Dom0 and Guest OS
Avoid downloads of guest distros
51. # Guest name and type, Memory Size and VCPUs
name = “myguestname”
type = “TYPE”
memory = MMM
vcpus = VVV
# Boot related information, unless type='hvm’ … one of the following
# Netboot/Direct Kernel Boot/PV GRUB
kernel = "/…/vmlinuz”
ramdisk = "/…/initrd.gz”
extra = …
# To use PVGrub (if installed)
firmware="pvgrub32|pvgrub64
# Boot from disk
bootloader=“pygrub”
# Disk specifications
disk = [' ']
# Network specifications
vif = [' ']
52. Section 5 of session guide
Duration: <10 minutes
53. Dom0 Filesystem
Kernel image: ~/images/../vmlinuz
Initrd image: ~/images/../initrd.gz
DomU Filesystem
/boot
Step 1: Get vmlinuz & initrd.gz
In this case from Debian
Step 2: Create DomU filesystem
Step 2: Set up config for Direct
Kernel Boot ◉ Start guest
Step 3: Perform Install
Fix any loose ends that
the installer didn’t handle
Step 4: Change config to use
pygrub ◉ Shut down
and restart guest
54.
55. Channels
IRC@freenode: #xen … xenproject.org/help/irc.html
Lists: xen-users@lists.xenproject.org … lists.xenproject.org
FAQs: wiki.xenproject.org/wiki/Category:FAQ
Preparing information
Xen: Log files (/etc/log/xen), xl dmesg output, xl info output
Dom0: OS Info, System Configs (networking, …), dmesg output
DomU: OS Info, xl configuration files
Netiquette
wiki.xenproject.org/wiki/Xen_Users_Netiquette
wiki.xenproject.org/wiki/Reporting_Bugs_against_Xen_Project
56.
57. Live Patching, Virtual Machine Introspection and
Vulnerability Management
A Primer and Practical Guide – Lars Kurth
Presentation: goo.gl/MLMu5b
Demo Videos: goo.gl/wuQLPh & goo.gl/dEGfDS
Virtual Machine Introspection
@ 31c3 - Tamas K Lengyel, Thomas Kittel
Presentation: goo.gl/khq92r
Video: www.youtube.com/watch?v=MhEIyzfLa6U
58. Xen on x86, 15 years later
Recent development, future direction - George Dunlap
Presentation: goo.gl/8Djm7w
Video: www.youtube.com/watch?v=10KsJ1UxUMY
Speculation and response
Spectre, Meltdown, XPTI, and Panopticon - George Dunlap
Presentation: goo.gl/xnoj8J
Video: www.youtube.com/watch?v=36jta61XTw8
59. Securing embedded Systems using Virtualization
@ FOSDEM18 - Lars Kurth
Presentation: goo.gl/dEGfDS
Video: goo.gl/V6DA6P
Xen and the Art of Embedded Systems Virtualization
@ ELC18 - Stefano Stabellini
Presentation: goo.gl/WdbtzN
Video: www.youtube.com/watch?v=GYb-Qn3KAUM
60. Unleashing the Power of Unikernels with Unikraft
@ XPDDS18 – Florian Schmidt
Presentation: goo.gl/ky7Jr9
Video: www.youtube.com/watch?v=OYgTWhYjD0o
Unikraft: An easy way of crafting Unikernels on Arm
@ XPDDS18 – Kaly Xin
Presentation: goo.gl/162aAq
Video: www.youtube.com/watch?v=_ocRiTtYdfQ