Xen is a virtual machine monitor that allows multiple operating systems to run concurrently on a single physical machine. It uses paravirtualization rather than full virtualization to improve performance. Xen provides performance isolation between guest operating systems and can host different operating systems with only small modifications required. Evaluation shows Xen achieves near native performance for guest operating systems and provides strong performance isolation even under malicious workloads. Future work aims to improve memory performance and support additional guest operating systems like Windows.

1. 1
Xen and the Art of Virtualization
Abdul Majeed, Ph.D.
Department of Information and Electronics Engineering,
Korea Aerospace University, South Korea.
Big Data Computing & Applications
12/27/2018

2. 2
Presentation Contents
Motivation
Abstract
Introduction
Detailed Design of Xen
Evaluation
Related Work
Discussions
Conclusion
Future Work
XEN: Approach & Overview
12/27/2018 2

3. 3
Motivation
Conventional Way Xen Virtualization
Why is xen so popular?
Increased server utilization
Reduced IT TCO(Total cost of ownership)
Improved IT agility
12/27/2018 3

4. 4
Abstract
 Many systems have been designed which use virtualization to subdivide the resources of computer.
Problems
 Some systems require specialized hardware.
 Some systems cannot support different operating systems (Linux, BSD, windows).
 Some systems require 100% binary compatibility but hurt performance.
 Some systems sacrifice security or functionality for speed.
 Some systems are vulnerable to denial of service(DOS) attacks.
This paper presents Xen, an x86 virtual machine monitor(VMM) called as hyperviswer which allows
multiple operating systems to share hardware in a safe and resource managed fashion without
sacrificing either security or functionality.
 Idealized virtual machine abstraction to which different operating systems can be easily ported.
 Targeted hosting up to 100 virtual machines.
12/27/2018 4

5. 5
• Modern computers are sufficiently powerful.
• Modern Computers use virtualization to give illusion of many smaller virtual machines.
• This has lead to an innovation in VM technology.
• In virtualization a single machine is partitioned to support the concurrent execution of multiple
operating systems.
• Virtualization introduces various challenges
o Virtual machines isolation (e.g., operating of one machine should not affect any other
machine).
o Variety of operating systems (e.g., Linux, Unix, Windows etc.).
o Performance overhead (It should be minimum).
Introduction
12/27/2018 5

6. 6
Introduction
Several Problems
 Administration will become very
time consuming task.
 Performance isolation
 Scheduling priority
 Memory demand
 Network traffic
 Disk accesses
Simplest way to build system
12/27/2018 6

7. 7
• Xen a virtual machine monitor enable server consolidation, co-located hosting, distributed web
services, secure application platforms and application mobility.
• Xen can host different operating systems with small modifications.
• Xen enable users to dynamically start an operating system and execute whatever they want.
• Xen provides performance isolation and manage hardware resources efficiently between different
guest operating systems.
• Xen uses paravirtualization rather than full virtualization.
• Xen efficiently handle the trade-off of performance and functionality.
Introduction
12/27/2018 7

8. 8
XEN APPROACH & OVERVIEW
1
12/27/2018 8

9. 9
Xen approach & Overview
Example: VMware Example: Xen, Denali etc.
12/27/2018 9

10. 10
• In full virtualization, the virtual machine hardware used is functionally identical to the underlying
machine.
• Full virtualization is beneficial but it has certain drawbacks,
-> Support of full virtualization is not part of x86 architecture.
-> Executing certain instructions with privileges fails badly.
-> Efficient virtualization of x86 MMU is also difficult.
• Xen resolves the above mentioned limitation of the full virtualization by introducing
paravirtualization, which improves performance.
• Although it requires some modification in the guest operating system but the changes are not
been made in the guest applications.
Xen approach & Overview
12/27/2018 10

11. 11
Xen discussion based on mainly following design principles.
 Performance isolation between guests (resource control for some guarantee of QoS).
 Minimal performance overheads.
 Support for different Operating Systems.
 Maintain Guest OS ABI (thus allowing existing applications to run unmodified).
 Need to support full multi-application operating systems.
Xen approach & Overview
Xen’s set of Design Principles/Goals
12/27/2018 11

12. 12
Xen approach & Overview
Sr.# Denali Project Xen (Hypervisor)
1.
Denali is designed to support
thousands of virtual machines.
Xen is intended to scale to approximately 100
virtual machines.
2. Denali does not target existing ABIs. Xen target existing ABIs.
3.
Denali Does not support application
multiplexing, nor multiple address
spaces.
In xen single virtual machine host a real
operating system and its multiplexed with
thousands of user level processes.
4.
VMM perform all paging to and from
the disk.
Each guest operating perform its own paging.
5.
Denali virtualizes the namespace of
all virtual machines that may result in
malicious resource access.
Secure access control within the hypervisor is
sufficient to ensure protection across all
machines.
Comparison & Contrast between Xen and Denali
12/27/2018 12

13. 13
Xen approach & Overview
The Virtual Machine Interface
12/27/2018 13

14. 14
The Cost of Porting an OS to Xen
Xen approach & Overview
12/27/2018 14

15. 15
Xen approach & Overview
Xen System Structure
12/27/2018 15

16. 16
• Xen design and implementation goal was to separate policy from mechanism.
• Even though the hypervisor is involved in how CPU shared among domain, filtering network
packets, enforcing access control mechanism, or how CPU will be shared, what type of packets
will be transmitted.
• Xen provides basic control operations only.
• Domain0 is responsible for hosting the application level management software.
• Control interface support creation and deletion of network interfaces.
• Most importunately Domain0 facilitate the management of entire server.
Xen approach & Overview
Control and Management
12/27/2018 16

17. 17
XEN DETAILED DESIGN
2
12/27/2018 17

18. 18
Xen Detailed Design
Control Transfer: Hyper calls and events
Domains
Synchronous-calls
Xen
Hyper call()
Events()
Asynchronous-Events
The use of a hyper call is to request a set of
page table updates, in which Xen validates
and applies a list of updates, returning
control to the calling domain when this is
completed.
This is analogous to the use of system calls
in conventional operating system.
Communication from Xen to a domain is
provided through an asynchronous event
mechanism.
For instance, events are used to indicate that
new data has been received over the network,
or that a virtual disk request has completed.
Major Functionalities Major Functionalities
12/27/2018 18

19. 19
Xen Detailed Design
Data transfer: I/O Rings
 No direct protection between guest
operating system and I/O devices.
 Data transfer mechanism is crucial for
little overheads.
 Two main factors,
• Resource management
• Event notifications
12/27/2018 19

20. 20
Xen Detailed Design
Subsystem virtualization
CPU Scheduling Time & Timers
Virtual Address Translation
- Domain scheduling based on
Borrowed Virtual Time (BVT)
scheduling algorithm.
-Work-conserving
-Low-latency wake-up
- Per-domain scheduling
parameters can be adjusted
by management software
running in Domain0.
- Xen provides guest OSes
with notions of real time.
- Expressed in nanoseconds
-Maintained till end.
- Each guest OS can
program a pair of alarm
timers, one for real time and
the other for virtual time.
-Xen attempts to virtualize
memory access with as little
overhead as possible.
-The type system is also used to
track which frames have already
been validated for use in page
tables.
-To ensure safety, requests are
validated by xen before being
applied.
CPU Scheduling Time & Timers Virtual Address Translation
12/27/2018 20

21. 21
Xen Detailed Design
- Statically partitioned between
domains.
- A maximum allowable
reservation may also be
specified.
- Guest operating systems can
claim additional
memory pages from Xen.
- Guest can release unused
memory to xen.
- Xen provides the
abstraction of a virtual
firewall-router.
- Domain0 is responsible for
inserting and removing rules
about network.
- Rules will be installed to
prevent IP source address
spoofing.
- Xen ensure safety during
data transmission.
- Only Domain0 has direct
unchecked access to
physical disks.
- All other domains access
persistent storage through
the abstraction of virtual
block devices.
- Xen has more complete
knowledge of the actual
disks.
- Future work will investigate
providing more predictable
isolation and differentiated
service.
Physical Memory Network Disks
Subsystem virtualization
12/27/2018 21

22. 22
EVALUATION
3
12/27/2018 22

23. 23
Xen evaluation based on following five criteria
Evaluation
Xen’s Evaluation
Relative Performance
Operating system Benchmark
Concurrent virtual Machines
Performance isolation
Scalability
1
2
3
4
5
12/27/2018 23

24. 24
Evaluation
3.1 Relative Performance
12/27/2018 24

25. 25
Evaluation
3.2 Operating System
Benchmark
12/27/2018 25

26. 26
Evaluation
3.3 Concurrent virtual Machines
12/27/2018 26

27. 27
• At the current time no implementation based on Linux 2.4 available.
• Xen performance isolation works as expected even in the presence of malicious workload.
• We ran four domains configured with equal resources.
 Domain 1: PostgreSQL/OSDB-IR & SPEC WEB99.
 Domain 2: PostgreSQL/OSDB-IR & SPEC WEB99.
 Domain 3: A disk bandwidth hog (sustained dd ) with a file system intensive workload.
 Domain 4: ‘fork bomb’ at the same time as a virtual memory intensive application.
• Xen achieves 4% and 2% below the results reported across all domains.
• VMware Workstation achieves similar levels of isolation, but at reduced levels of absolute performance.
Evaluation
3.4 Performance isolation
12/27/2018 27

28. 28
Evaluation
3.5 Scalability
12/27/2018 28

29. 29
RELATED WORK
4
12/27/2018 29

30. 30
• Virtualization has been applied to operating systems both research and commercially for nearly 30 years.
• BM VM/370 first made use of virtualization to allow binary support for legacy code.
• VMware and Connectix both virtualize commodity PC hardware, allowing multiple operating systems to run on a
single host. Both use full virtualization.
• Two competitors IBM Para virtualized version of Linux and Denali are capable of hosting vast number of
virtualized operating system instances.
• Two other efforts to use low level virtualization for building a distributed infrastructure are ‘vMatrixs’ and IBM
‘Managed Hosting’.
• Resource-managed JVM can host untrusted applications, these necessary applications must be compiled to java
bytecode and follow the system security model.
• Language level virtual machines approaches are needed and xen readily support language level virtual machines.
Related Work
12/27/2018 30

31. 31
DISCUSSIONS & CONCLUSION
5
12/27/2018 31

32. 32
• We have presented the Xen hypervisor which partitions the resources of a computer between
different domains each running guest operating systems.
• The Para-virtualizing design of Xen places a particular emphasis on performance and resource
management.
• We have also described and evaluated XenoLinux, a fully-featured port of a Linux 2.4 kernel
that runs over Xen.
Discussions
Summary of the paper (three key-points of the paper)
12/27/2018 32

33. 33
• Xen provides an excellent platform for deploying a wide variety of network-centric services,
 Local mirroring of dynamic web contents
 Media stream transcoding and distribution
 Multiplayer game
 Virtual reality servers
 Smart proxies
• Allowing 100 operating system to run on a single server reduced the cost by two orders of magnitude.
• Each operating system can be easily ported in Xen with in smaller timescale.
• High performance, Strong isolation and Effective scaling
• The performance of XenoLinux(a guest operating system) over Xen is practically equivalent to the
performance of the baseline Linux system.
• Our ongoing work to port the BSD and Windows XP kernels to operate over Xen is confirming the
generality of the interface that Xen exposes.
Conclusion
12/27/2018 33

34. 34
• Up to now, We believe that Xen and XenoLinux are sufficiently complete to
be useful to a wider audience.
• Further improvements which are part of our research will be added to it.
I. Controlled data sharing to our design without sacrificing isolation.
II. To provide better physical memory performance, we plan to implement a last-chance page
cache (LPC).
III. Internet-scale computing infrastructure beyond individual machines.
IV. Auditing and forensic logging for better administration and management.
V. We are continuing our work on XenoXP .
Future Work
12/27/2018 34

35. 3512/27/2018 35
Email Address: abdulmajid09398@kau.kr & abdulmajid09398@gmail.com
Any Query Regarding Contents