Xen Cloud Platform (XCP) provides a complete virtualization stack for server virtualization and cloud computing. It is based on the open source Xen hypervisor and extends it with features for cloud management and orchestration through the open source XenAPI toolstack. XCP delivers Xen, XenAPI, and all related components as a pre-packaged virtual appliance that can be easily deployed. This summary focuses on the history and architecture of Xen in cloud computing and how XCP builds upon Xen to deliver an enterprise-ready virtualization platform.
http://cloudstack.org/about-cloudstack/cloudstack-events/viewevent/29-build-an-open-source-cloud-day-boston.html
XCP combines the Xen hypervisor with enhanced security, storage, and network virtualization technologies to offer a rich set of virtualinfrastructure cloud services. These XCP cloud services can be leveraged by cloud providers to enable isolation and multi-tenancy capabilities in their environments. XCP also provides the user requirements of security, availability, performance, and isolation for private and public cloud deployments.
XCP: The Art of Open Virtualization for the Enterprise and the CloudThe Linux Foundation
XCP is a free and open source self-contained virtualization solution for servers, built on top of the Xen hypervisor. It is easily installable in a few minutes from a single image file, yet powerful and scalable enough to be useful to power users, enterprise environments and cloud deployments. Created from the open-source components of XenServer, it supports the virtualization of a range of operating systems, including Linux, Solaris, BSDs and Windows. This talk will introduce XCP and explain its relationship with Xen and Linux. We will quickly demonstrate how to use XCP via the command-line and using opensource graphical interfaces, and describe some interesting features that set XCP apart from other virtualization platforms.
http://cloudstack.org/about-cloudstack/cloudstack-events/viewevent/29-build-an-open-source-cloud-day-boston.html
XCP combines the Xen hypervisor with enhanced security, storage, and network virtualization technologies to offer a rich set of virtualinfrastructure cloud services. These XCP cloud services can be leveraged by cloud providers to enable isolation and multi-tenancy capabilities in their environments. XCP also provides the user requirements of security, availability, performance, and isolation for private and public cloud deployments.
XCP: The Art of Open Virtualization for the Enterprise and the CloudThe Linux Foundation
XCP is a free and open source self-contained virtualization solution for servers, built on top of the Xen hypervisor. It is easily installable in a few minutes from a single image file, yet powerful and scalable enough to be useful to power users, enterprise environments and cloud deployments. Created from the open-source components of XenServer, it supports the virtualization of a range of operating systems, including Linux, Solaris, BSDs and Windows. This talk will introduce XCP and explain its relationship with Xen and Linux. We will quickly demonstrate how to use XCP via the command-line and using opensource graphical interfaces, and describe some interesting features that set XCP apart from other virtualization platforms.
Linuxcon EU : Virtualization in the Cloud featuring Xen and XCPThe Linux Foundation
The Xen Hypervisor was built for the Cloud from the outset: when Xen was designed, we anticipated a world, which today is known as cloud computing. Today, Xen powers the largest clouds in production. This talk explores success criteria, architecture, trade-offs and challenges for cloudy hypervisors.
It is intended for users and developers and starts with a brief introduction to Xen and XCP, their architecture, shine some light on common challenges for KVM and Xen, such as the NUMA performance tax and securing the cloud. It will introduce the concept of domain disaggregation as an approach to increase security, robustness and scalability: all important factors for building clouds at scale. The talk will conclude with an update on Xen support in Linux, Xen for ARM servers and other exciting developments in the Xen community and their implications for building open source clouds.
Securing Your Cloud With the Xen Hypervisor by Russell Pavlicekbuildacloud
The Xen Project produces a mature, enterprise-grade virtualization technology designed for the Cloud featuring many advanced and unique security features. For this reason, it's a hypervisor of choice for government agencies like NSA and the DoD, as well as for new security-minded projects the QubesOS Secure Desktop. However, while much of the security of Xen is inherent in its design, many of the advanced security features, such as stub domains, driver domains, and Xen Security Modules (XSM), are not enabled by default. This session will describe many of the advanced security features of Xen, as well as explaining why Xen is an excellent choice for secure Clouds
Rackspace has years of experience with running Xen at scale, starting with Xen and migrating to XenServer. We will share why we use Xen/XenServer along with some of the issues that we've experienced. We will touch on our experience with migrating from Xen to XenServer and the challenges there. We will share information about Rackspace Cloud Servers architecture, and touch briefly on OpenStack when doing so. We will explain how we use Xen to quickly deploy new Openstack services with what we call Nova on Nova. And finally, we will discuss what additional features and improvements are needed and why.
The Xen Hypervisor was built for the Cloud from the outset: when Xen was designed, we anticipated a world, which today is known as cloud computing. Today, Xen powers the largest clouds in production.
This talk explores success criteria, architecture, trade-offs and challenges for cloudy hypervisors. It is intended for users and developers and starts with a brief introduction to Xen and XCP, their architecture and on common challenges for KVM and Xen.
I will introduce the concept of domain disaggregation as an approach to increase security, robustness and scalability: all important factors for building clouds at scale and show how advanced security features suchas Xen Security Modules and SELinux can help secure your cloud further.
The talk will conclude with exciting developments in the Xen community, such as Xen for ARM servers, a new virtualization mode for Xen, running applications without OS in a Xen guest and point out their implications for building open source clouds.
Xen is a mature enterprise-grade virtual machine with many advanced security features which are unique to Xen. For this reason it's the hypervisor of choice for the NSA, the DoD, and the new QubesOS Secure Desktop project. However, while much of the security of Xen is inherent in its design, many of the advanced security features, such as stub domains, driver domains, XSM, and so on are not enabled by default. This session will describe all of the advanced security features of Xen, and the best way to configure them for the Cloud environment.
Oscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCPThe Linux Foundation
Do you dream of being able to spin up ten or twenty (or a thousand) virtual machines in an instant? Discover and repair resource bottlenecks without moving a finger? Dodge the loss of an entire storage array with no-one noticing? Span across data centers with a fleet of virtual machines? This is no sales pitch; during this tutorial, we’ll demonstrate how to leverage truly FOSS tools to build a powerful, scalable cloud that easily competes with those proprietary solutions!
This deep-dive into Xen, Xen Cloud Platform, and other FOSS cloud tools and concepts is intended both for those ready to wholeheartedly embrace virtualization and for those already seasoned in general virtualization practices. You’ll leave with a collection of pre-made tools that you can use right out of the box or modify to your liking. You’ll also leave with immediately useful knowledge on best practices and common pitfalls, presented by actual FOSS practitioners like you.
We begin this tutorial by discussing Xen, Xen Cloud Platform (XCP), and XCP cloud concepts (pools, hosts, storage, networks, etc.). We then explore in detail the API that makes Xen so useful for building a cloud, explore provisioning of hosts and guests using PXE, and discuss templating and installing guest virtual machines. Critical to understanding potential bottlenecks, identifying tuning opportunities and planning for the future, we will discuss performance monitoring and methodologies. Next, we teach you how to make the most of your new FOSS cloud capabilities and discuss in detail high availability infrastructure for storage and networking, advanced networking capabilities like bonding/VLANs, and the cloud orchestration tools that save you time and money. All of this with a focus on XCP in enterprise environments. Tools discussed include DRBD, Pacemaker, Open vSwitch, Cloudstack, Openstack, and more.
We conclude by shedding light on exciting developments: Xen 4.2 has recently been released, with just over a year of development time and nearly 3,000 changesets. We will discuss many of the new features introduced in 4.2, as well as what changes we have in store for the 4.3 release as well as other exciting developments.
CloudStack, the world's leading open-source cloud infrastructure platform, was recently donated to the Apache Foundation, and is now an incubated Apache project. Ewan Mellor, Director of Engineering in the Citrix Cloud Platforms Group will describe the CloudStack project and explain why Xen is the pre-eminent hypervisor in public clouds today. He will describe the changes coming in CloudStack in the next 12 months, and how they are going to change the way that Xen is consumed in public and private clouds next year.
In a traditional Xen configuration domain 0 is used for a large number of different functions including running the toolstack(s), backends for network and disk I/O, running the QEMU device model instances, driving the physical devices in the system, handling guest console/framebuffer I/O and miscellaneous monitoring and management functions. Having all these functions in one domain produces a complex environment which is susceptible to shared fate on the failure of any one function, has complex interactions between functions (including resource contention) which makes it difficult to predict performance, and has limited flexibility (such as requiring the same kernel for all device drivers).
""Domain 0 disaggregation"" has been discussed for some time as a way to break out domain 0's functions into separate domains. Doing this enables each domain to be tailored to its function such as using a different kernel or operating system to drive different physical devices. Splitting functions into separate domains removes some of the unintentional interactions such as in-domain resource contention and reduces the system impact of the failure of a single function such as a device driver crash.
Although domain 0 disaggregation is not new it is seldom used in practise and much of its use is focussed on providing enhanced security. Citrix XenServer will be moving towards a disaggregated domain 0 in order to provide better security, scalability, performance, reliability, supportability and flexibility. This talk will describe XenServer's “Windsor” architecture and explain how it will provide the above benefits to customers and users. We will present an overview of the architecture and some early experimental measurements showing the benefits.
With the introduction of virtualization extensions on ARM processors, the Xen community has taken steps to add ARM support for ARM CPUs to the Xen Hypervisor. This port is executed as part of of the Hypervisor project, with no separate codebase.
Xen engineers will describe the key challenges they have overcome, current technical status and discuss about the next steps.
Linaro Connect Asia 13 : Citrix - Xen on ARM plenary sessionThe Linux Foundation
The Xen on ARM effort has had a short, but impressive, history. In late 2011, Citrix seeded a Xen.org community project to port Xen to ARMv7 with virtualization extensions targeting the Cortex A15 as the reference platform. In 2012, the project scope was expanded to include the ARMv8 architecture. Linux 3.7 was the first kernel release to run on Xen on ARM as Dom0 and DomU. Very soon now (Q2 2013), Xen 4.3 will fully support several different ARM platforms, including Samsung Chromebooks, Versatile Express Cortex A15 and Arndale development boards.
In this talk, we will outline how virtualization enabled server consolidation and cloud computing, as well as innovative and secure solutions for both desktops and mobile devices. We will explain why Citrix saw the need for the project, and why it is highly relevant in today’s cloud-centric virtualization landscape. We will discuss the opportunities this has brought to the Xen ecosystem, and then peek into the future possibilities which Xen on ARM will enable. While Xen is best known as technology powering some of the biggest clouds in the industry, but could also be powering virtual machines on devices that fit in your pocket.
The talk will also include a brief overview of the Xen on ARM architecture, including the key design principles employed. The techniques pioneered during the ARM port will allow the Xen community to remove many legacy components from the Xen code base, streamlining both the ARM and x86 implementations. We will share some data on the challenges in porting Xen to new ARM boards. Due to full reliance on Device Tree and to the minimal hardware requirements of the hypervisor, ports to new boards require surprisingly little effort.
Finally, the talk will conclude by outlining the immediate roadmap for Xen on ARM.
In this session we examined the Xen PV performance on the latest platforms in a few cases that covers CPU/memory intensive, disk intensive and network intensive workloads. We compared Xen PV guest vs. HVM/PVOPS to see whether PV guest still have advantage over HVM on a system with state-of-the-art VT features. KVM was also compared as a reference. We also compared PV driver performance against bare-metal and pass-through/SR-IOV. The identified issues were discussed and we presented our proposal on fixing those issues.
Linuxcon EU : Virtualization in the Cloud featuring Xen and XCPThe Linux Foundation
The Xen Hypervisor was built for the Cloud from the outset: when Xen was designed, we anticipated a world, which today is known as cloud computing. Today, Xen powers the largest clouds in production. This talk explores success criteria, architecture, trade-offs and challenges for cloudy hypervisors.
It is intended for users and developers and starts with a brief introduction to Xen and XCP, their architecture, shine some light on common challenges for KVM and Xen, such as the NUMA performance tax and securing the cloud. It will introduce the concept of domain disaggregation as an approach to increase security, robustness and scalability: all important factors for building clouds at scale. The talk will conclude with an update on Xen support in Linux, Xen for ARM servers and other exciting developments in the Xen community and their implications for building open source clouds.
Securing Your Cloud With the Xen Hypervisor by Russell Pavlicekbuildacloud
The Xen Project produces a mature, enterprise-grade virtualization technology designed for the Cloud featuring many advanced and unique security features. For this reason, it's a hypervisor of choice for government agencies like NSA and the DoD, as well as for new security-minded projects the QubesOS Secure Desktop. However, while much of the security of Xen is inherent in its design, many of the advanced security features, such as stub domains, driver domains, and Xen Security Modules (XSM), are not enabled by default. This session will describe many of the advanced security features of Xen, as well as explaining why Xen is an excellent choice for secure Clouds
Rackspace has years of experience with running Xen at scale, starting with Xen and migrating to XenServer. We will share why we use Xen/XenServer along with some of the issues that we've experienced. We will touch on our experience with migrating from Xen to XenServer and the challenges there. We will share information about Rackspace Cloud Servers architecture, and touch briefly on OpenStack when doing so. We will explain how we use Xen to quickly deploy new Openstack services with what we call Nova on Nova. And finally, we will discuss what additional features and improvements are needed and why.
The Xen Hypervisor was built for the Cloud from the outset: when Xen was designed, we anticipated a world, which today is known as cloud computing. Today, Xen powers the largest clouds in production.
This talk explores success criteria, architecture, trade-offs and challenges for cloudy hypervisors. It is intended for users and developers and starts with a brief introduction to Xen and XCP, their architecture and on common challenges for KVM and Xen.
I will introduce the concept of domain disaggregation as an approach to increase security, robustness and scalability: all important factors for building clouds at scale and show how advanced security features suchas Xen Security Modules and SELinux can help secure your cloud further.
The talk will conclude with exciting developments in the Xen community, such as Xen for ARM servers, a new virtualization mode for Xen, running applications without OS in a Xen guest and point out their implications for building open source clouds.
Xen is a mature enterprise-grade virtual machine with many advanced security features which are unique to Xen. For this reason it's the hypervisor of choice for the NSA, the DoD, and the new QubesOS Secure Desktop project. However, while much of the security of Xen is inherent in its design, many of the advanced security features, such as stub domains, driver domains, XSM, and so on are not enabled by default. This session will describe all of the advanced security features of Xen, and the best way to configure them for the Cloud environment.
Oscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCPThe Linux Foundation
Do you dream of being able to spin up ten or twenty (or a thousand) virtual machines in an instant? Discover and repair resource bottlenecks without moving a finger? Dodge the loss of an entire storage array with no-one noticing? Span across data centers with a fleet of virtual machines? This is no sales pitch; during this tutorial, we’ll demonstrate how to leverage truly FOSS tools to build a powerful, scalable cloud that easily competes with those proprietary solutions!
This deep-dive into Xen, Xen Cloud Platform, and other FOSS cloud tools and concepts is intended both for those ready to wholeheartedly embrace virtualization and for those already seasoned in general virtualization practices. You’ll leave with a collection of pre-made tools that you can use right out of the box or modify to your liking. You’ll also leave with immediately useful knowledge on best practices and common pitfalls, presented by actual FOSS practitioners like you.
We begin this tutorial by discussing Xen, Xen Cloud Platform (XCP), and XCP cloud concepts (pools, hosts, storage, networks, etc.). We then explore in detail the API that makes Xen so useful for building a cloud, explore provisioning of hosts and guests using PXE, and discuss templating and installing guest virtual machines. Critical to understanding potential bottlenecks, identifying tuning opportunities and planning for the future, we will discuss performance monitoring and methodologies. Next, we teach you how to make the most of your new FOSS cloud capabilities and discuss in detail high availability infrastructure for storage and networking, advanced networking capabilities like bonding/VLANs, and the cloud orchestration tools that save you time and money. All of this with a focus on XCP in enterprise environments. Tools discussed include DRBD, Pacemaker, Open vSwitch, Cloudstack, Openstack, and more.
We conclude by shedding light on exciting developments: Xen 4.2 has recently been released, with just over a year of development time and nearly 3,000 changesets. We will discuss many of the new features introduced in 4.2, as well as what changes we have in store for the 4.3 release as well as other exciting developments.
CloudStack, the world's leading open-source cloud infrastructure platform, was recently donated to the Apache Foundation, and is now an incubated Apache project. Ewan Mellor, Director of Engineering in the Citrix Cloud Platforms Group will describe the CloudStack project and explain why Xen is the pre-eminent hypervisor in public clouds today. He will describe the changes coming in CloudStack in the next 12 months, and how they are going to change the way that Xen is consumed in public and private clouds next year.
In a traditional Xen configuration domain 0 is used for a large number of different functions including running the toolstack(s), backends for network and disk I/O, running the QEMU device model instances, driving the physical devices in the system, handling guest console/framebuffer I/O and miscellaneous monitoring and management functions. Having all these functions in one domain produces a complex environment which is susceptible to shared fate on the failure of any one function, has complex interactions between functions (including resource contention) which makes it difficult to predict performance, and has limited flexibility (such as requiring the same kernel for all device drivers).
""Domain 0 disaggregation"" has been discussed for some time as a way to break out domain 0's functions into separate domains. Doing this enables each domain to be tailored to its function such as using a different kernel or operating system to drive different physical devices. Splitting functions into separate domains removes some of the unintentional interactions such as in-domain resource contention and reduces the system impact of the failure of a single function such as a device driver crash.
Although domain 0 disaggregation is not new it is seldom used in practise and much of its use is focussed on providing enhanced security. Citrix XenServer will be moving towards a disaggregated domain 0 in order to provide better security, scalability, performance, reliability, supportability and flexibility. This talk will describe XenServer's “Windsor” architecture and explain how it will provide the above benefits to customers and users. We will present an overview of the architecture and some early experimental measurements showing the benefits.
With the introduction of virtualization extensions on ARM processors, the Xen community has taken steps to add ARM support for ARM CPUs to the Xen Hypervisor. This port is executed as part of of the Hypervisor project, with no separate codebase.
Xen engineers will describe the key challenges they have overcome, current technical status and discuss about the next steps.
Linaro Connect Asia 13 : Citrix - Xen on ARM plenary sessionThe Linux Foundation
The Xen on ARM effort has had a short, but impressive, history. In late 2011, Citrix seeded a Xen.org community project to port Xen to ARMv7 with virtualization extensions targeting the Cortex A15 as the reference platform. In 2012, the project scope was expanded to include the ARMv8 architecture. Linux 3.7 was the first kernel release to run on Xen on ARM as Dom0 and DomU. Very soon now (Q2 2013), Xen 4.3 will fully support several different ARM platforms, including Samsung Chromebooks, Versatile Express Cortex A15 and Arndale development boards.
In this talk, we will outline how virtualization enabled server consolidation and cloud computing, as well as innovative and secure solutions for both desktops and mobile devices. We will explain why Citrix saw the need for the project, and why it is highly relevant in today’s cloud-centric virtualization landscape. We will discuss the opportunities this has brought to the Xen ecosystem, and then peek into the future possibilities which Xen on ARM will enable. While Xen is best known as technology powering some of the biggest clouds in the industry, but could also be powering virtual machines on devices that fit in your pocket.
The talk will also include a brief overview of the Xen on ARM architecture, including the key design principles employed. The techniques pioneered during the ARM port will allow the Xen community to remove many legacy components from the Xen code base, streamlining both the ARM and x86 implementations. We will share some data on the challenges in porting Xen to new ARM boards. Due to full reliance on Device Tree and to the minimal hardware requirements of the hypervisor, ports to new boards require surprisingly little effort.
Finally, the talk will conclude by outlining the immediate roadmap for Xen on ARM.
In this session we examined the Xen PV performance on the latest platforms in a few cases that covers CPU/memory intensive, disk intensive and network intensive workloads. We compared Xen PV guest vs. HVM/PVOPS to see whether PV guest still have advantage over HVM on a system with state-of-the-art VT features. KVM was also compared as a reference. We also compared PV driver performance against bare-metal and pass-through/SR-IOV. The identified issues were discussed and we presented our proposal on fixing those issues.
"Xen Cloud Platform”, Mike McClurg, Senior Engineer, Xen.org Engineering
The Xen Cloud Platform is an open-source, enterprise-ready server virtualization platform. It is based on the Xen hypervisor, and represents the common code base for Citrix's XenServer product line. This presentation gives an introduction to XCP, and how it relates to both the Xen hypervisor and to Citrix's XenServer. It covers XCP's XenAPI and how it can be used by two of the most popular cloud orchestration frameworks, CloudStack and OpenStack. Finally, it discusses the XCP "roadmap," and the plans for the future of XCP.
Scale11x : Virtualization with Xen and XCPLars Kurth
The Xen Hypervisor was built for the Cloud from the outset: when Xen was designed, we anticipated a world, which today is known as cloud computing. Today, Xen powers the largest clouds in production.
This talk explores success criteria, architecture, trade-offs and challenges for cloudy hypervisors. It is intended for users and developers and starts with a brief introduction to Xen and XCP, their architecture and on common challenges for KVM and Xen.
I will introduce the concept of domain disaggregation as an approach to increase security, robustness and scalability: all important factors for building clouds at scale and show how advanced security features suchas Xen Security Modules and SELinux can help secure your cloud further.
The talk will conclude with exciting developments in the Xen community, such as Xen for ARM servers, a new virtualization mode for Xen, running applications without OS in a Xen guest and point out their implications for building open source clouds.
Kernel Recipes 2014 - Xen as a foundation for cloud infrastructureAnne Nicolas
It is no accident that Xen software powers some of the largest Clouds in existence. From its outset, the Xen Project was intended to enable what we now call Cloud Computing.
This session will explore how the Xen Architecture addresses the needs of the Cloud in ways which facilitate security, throughput, and agility. It will also cover some of the hot new developments of the Xen Project.
Julien Grall, Citrix
The Xen Hypervisor was built for the Cloud from the outset: when Xen was designed, we anticipated a world, which today is known as cloud computing. Today, 10 years after the project started, Xen powers the largest clouds in production.
This talk explores success criteria, architecture, trade-offs and challenges for cloudy hypervisors. It is intended for users and developers and starts with a brief introduction to Xen and XCP, their architecture, common challenges for KVM and Xen and securing the cloud. It will introduce concepts such as the virtualization spectrum, the concept of domain disaggregation and the Xen Security Modules as techniques to increase security, robustness and scalability. All important factors for building clouds at scale.
The talk will conclude with exciting developments in the Xen community, such as Xen support for ARM servers, Mirage appliances that can be run on any Xen based cloud, etc. and explore their implications for building open source clouds.
Dealing with Hardware Heterogeneity Using EmbeddedXEN, a Virtualization Frame...The Linux Foundation
EmbeddedXEN is a particularly efficient virtualization framework tailored to ARM-based core embedded systems.
While security and OS isolation are key features of conventional virtualizuation frameworks, the main concerns for EmbeddedXEN are device heterogeneity and realtime aspects, which are particularly important in the embedded world.
EmbeddedXEN mainly relies on the original XEN architecture but with major differences in the way guest OS are handled: the hypervisor has been simplified, and only two guest OS (dom0 and domU) can run simultaneously; while dom0 is used to manage the native OS with drivers (original and backend splitted drivers), a paravirtualized OS (domU) can be cross-compiled on a different ARM device, and user applications can run seamlessly on the (virtualized) host device. Another important difference is that no user space tools are required to manage the VMs; the framework produces a compact single binary image containing both dom0 and domU guests, which can be easily deployed. The Xenbus architecture has been adapted to that context.
EmbeddedXEN therefore allows the porting of an OS and its applications from an ARM embedded device to last generation ARM hardware, such as HTC Smartphone for example.
C/D/H virtualization experts, Eric Inch and Jason Shroll, provide a side-by-side comparison of the two main enterprise desktop virtualization solutions.
VMware, the leader in server virtualization with vSphere, provides a compelling virtual desktop suite and excellent end user experience with VMware View. Citrix, the long-time leader in presentation services, expands its offering for virtual desktops with XenDesktop, and a collection of other technologies, to provide an enterprise solution for any company.
How do these solutions stack up?
View C/D/H's Desktop Virtualization Smackdown slide deck and find out this, and more!!
Static partitioning is used to split an embedded system into multiple domains, each of them having access only to a portion of the hardware on the SoC. It is key to enable mixed-criticality scenarios, where a critical application, often based on a small RTOS, runs alongside a larger non-critical app, typically based on Linux. The two domains cannot interfere with each other.
This talk will explain how to use Xen for static partitioning. It will introduce dom0-less, a new Xen feature written for the purpose. Dom0-less allows multiple VMs to start at boot time directly from the Xen hypervisor, decreasing boot times drastically. It makes it very easy to partition the system without virtualization overhead. Dom0 becomes unnecessary.
This presentation will go into details on how to setup a Xen dom0-less system. It will show configuration examples and explain device assignment. The talk will discuss its implications for latency-sensitive and safety-critical environments.
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...The Linux Foundation
TrenchBoot is a cross-community OSS integration project for hardware-rooted, late launch integrity of open and proprietary systems. It provides a general purpose, open-source DRTM kernel for measured system launch and attestation of device integrity to trust-centric access infrastructure. TrenchBoot closes the UEFI Measurement Gap and reduces the need to trust system firmware. This talk will introduce TrenchBoot architecture and a recent collaboration with Oracle to launch the Linux kernel directly with Intel TXT or AMD SVM Secure Launch. It will propose mechanisms for integrating the Xen hypervisor into a TrenchBoot system launch. DRTM-enabled capabilities for client, server and embedded platforms will be presented for consideration by the Xen community.
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...The Linux Foundation
Artem will briefly cover what has been done since the first talk on Xen in Automotive domain back in 2013, what is going on now and what is still missing for broad adaptation of Xen in vehicles. The following topics will be covered:
Embedded/automotive features of Xen
Collaboration with AGL and GENIVI organizations for standardization
Efforts on Functional Safety compliance
Artem will also go over typical automotive use scenarios for Xen which may not be the same as generic computing use of hypervisor.
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...The Linux Foundation
In this keynote talk, we will give an overview of the state of the Xen Project, trends that impact the project, see whether challenges that surfaced last year have been addressed and how we did it, and highlight new challenges and solutions for the coming year.
In recent years unikernels have shown immense performance potential (e.g., boot times of only a few ms, image sizes of only hundreds of KBs).The fundamental drawback of unikernels is that they require that applications be manually ported to the underlying minimalistic OS, needing both expert work and often considerable amount of time.
The Unikraft project provides a unikernel code base and build system that significantly simplifies the building of unikernels. In addition to support for a number CPU architectures, languages and frameworks, Unikraft provides debugging and tracing features that are generally sorely missing from unikernel projects. In this talk we will talk about these features, show a set of preliminary performance numbers, and provide a roadmap for the project's future.
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...The Linux Foundation
The idea of making Xen secret-free has been floating since Spectre and Meltdown came into light. In this talk we will discuss what is being done and what needs to be done next.
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxThe Linux Foundation
This talk will introduce Dom0-less: a new way of using Xen to build mixed-criticality solutions. Dom0-less is a Xen feature that adds a novel approach to static partitioning based on virtualization. It allows multiple domains to start at boot time directly from the Xen hypervisor, decreasing boot times dramatically. Xen userspace tools, such as xl and libvirt, become optional.
Dom0-less extends the existing device tree based Xen boot protocol to cover information required by additional domains. Binaries, such as kernels and ramdisks, are loaded by the bootloader (u-boot) and advertised to Xen via new device tree bindings.
The audience will learn how to use Dom0-less to partition the system. Uboot and device tree configuration details will be explained to enable the audience to get the most out of this feature. The talk will include a status update and details on future plans.
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...The Linux Foundation
As the number of contributions grow, reviewer bandwidth becomes a bottleneck; and maintainers are always asking for more help. However, ultimately maintainers must at least Ack every patch that goes in; so if you're not a maintainer, how can you contribute? Why should anyone care about your opinion?
This talk will try to lay out some advice and guidelines for non-maintainers, for how they can do code review in a way which will effectively reduce the load on maintainers when they do come to review a patch.
This talk is a follow-up to our Summit 2017 presentation in which we covered our plans for Intel VMFUNC and #VE, as well as related use-cases. This year, we will provide a report on what we have accomplished in Xen 4.12, and what remains to be addressed. We will also give a brief status update of VMI on AMD hardware. The session will end with some real-world numbers of the Hypervisor Introspection solution running on Citrix Hypervisor 8.0 with #VE enabled.
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...The Linux Foundation
Safety certification is one of the essential requirements for software to be used in highly regulated industries. Besides technical and compliance issues (such as ISO 26262 vs IEC 611508) transitioning an existing project to become more easily safety certifiable requires significant changes to development practices within an open source project.
In this session, we will lay out some challenges of making safety certification achievable in open source and the Xen Project. We will outline the process the Xen Project has followed thus far and highlight lessons learned along the way. The talk will primarily focus on necessary process, tooling changes and community challenges that can prevent progress. We will be offering an in-depth review of how Xen Project is approaching this challenging goal and try to derive lessons for other projects and contributors.
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...The Linux Foundation
Safety certification is one of the essential requirements for software to be used in highly regulated industries. The Xen Project, a secure and stable hypervisor that is used in many different markets, has been exploring the feasibility of building safety certified products on top of Xen for a year, looking at key aspects of its code base and development practices.
In this session, we will lay out the motivation and challenges of making safety certification achievable in open source and the Xen Project. We will outline the process the project has followed thus far and highlight lessons learned along the way. The talk will cover technical enablers, necessary process and tooling changes and community challenges offering an in-depth review of how Xen Project is approaching this exciting and and challenging goal.
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixThe Linux Foundation
2018 saw fundamental shifts in security boundaries which were previously taken for granted. A lot of work has been done in the past 2 years, and largely in secret under embargo, but there is plenty more work to be done to strengthen the existing mitigations and to try to recover some performance without reopening security holes.
This talk will look at speculative execution sidechannels, the work which has already been done to mitigate the security holes, and future work which hopes to bring some improvements.
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdThe Linux Foundation
The Arm architecture provides a set of guidelines that any software should abide by when accessing the memory with MMU off and update page-tables. Failing to do so may result in getting TLB conflicts or breaking coherency.
In a previous talk ("Keeping coherency on Arm"), we focused on updating safely the stage-2 (aka P2M) page-tables. This talk will focus on the boot code and Xen memory management.
During this session, we will introduce some of the guidelines and when they should be used. We will also discuss how Xen boot sequence needs to be reworked to avoid breaking the guidelines.
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...The Linux Foundation
For many years the QEMU codebase has contained PV backends for Xen guests, giving them paravirtual access to storage, network, keyboard, mouse, etc. however these backends have not been configurable as QEMU devices as their implementation did not fully adhere to the QEMU Object Model (QOM).
Particularly the PV storage backend not using proper QOM devices, or qdevs, meant that the QEMU block layer needed to maintain legacy code that was cluttering up the source. This was causing push-back from the maintainers who did not want to accept any patches relating to that Xen backend until it was 'qdevified'.
In this talk, I'll explain the modifications I made to QEMU to achieve 'qdevification' of the PV storage backend, how compatibility with the libxl toolstack was maintained, and what the next steps in both QEMU and libxl development should be.
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DThe Linux Foundation
PCI is a local computer bus for attaching hardware devices in a computer, and is the main peripheral bus on modern x86 systems. As such, having a proper way to emulate it is crucial for Xen to be able to expose both fully emulated devices or passthrough devices to guests.
This talk will focus on the current status of PCI emulation in Xen, how and where it is used, what are its main limitations and future plans to improve it in order to be more robust and modular.
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsThe Linux Foundation
Volodymyr will speak about TEE mediators. This is a new feature in Xen which allows multiple virtual machines to interact with Trusted Execution Environment available on platform. He developed mediator for one of TEEs, namely OP-TEE.
He will give background information on why TEE is needed at all and share some implementation details.
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...The Linux Foundation
Xen is a very powerful hypervisor with a talented and diverse developers community. Despite the fact it's almost everywhere (from the Cloud to the embedded world), it can be difficult to set up and manage as a system administrator. General purpose distros have Xen packages, but that's just a start in your Xen journey: you need some tooling and knowledge to have a working and scalable platform.
XCP-ng was built to overcome those issues: by bringing Xen to the masses with a fully turnkey distro with Xen as its core. It's the logical sequel to the XCP project, with a community focus from the start. We'll see how it happened, what we did, and what's next. Finally, we'll see the impact of XCP-ng on the Xen Project.
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...The Linux Foundation
Doug has long advocated for more CI/CD (Continuous Integration / Continuous Delivery) processes to be adopted by the Xen Project from the use of Travis CI and now GitLab CI. This talk aims to propose ideas for building upon the existing process and transforming the development process to provide users a higher quality with each release by the Xen Project.
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...The Linux Foundation
High level toolstacks for server and cloud virtualization are very mature with large communities using and supporting them. Client virtualization is a much more niche community with unique requirements when compared to those found in the server space. In this talk, we’ll introduce a client virtualization toolstack for Xen (redctl) that we are using in Redfield, a new open-source client virtualization distribution that builds upon the work done by the greater virtualization and Linux communities. We will present a case for maturing libxl’s Go bindings and discuss what advantages Go has to offer for high level toolstacks, including in the server space.
Today Xen is scheduling guest virtual cpus on all available physical cpus independently from each other. Recent security issues on modern processors (e.g. L1TF) require to turn off hyperthreading for best security in order to avoid leaking information from one hyperthread to the other. One way to avoid having to turn off hyperthreading is to only ever schedule virtual cpus of the same guest on one physical core at the same time. This is called core scheduling.
This presentation shows results from the effort to implement core scheduling in the Xen hypervisor. The basic modifications in Xen are presented and performance numbers with core scheduling active are shown.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Xen cloud platform v1.1 (given at Build a Cloud Day in Antwerp)
1. Xen Cloud Platform
Lars Kurth
Xen Community Manager
lars.kurth@xen.org
@lars_kurth
@xen_com_mgr
2. A Brief History of Xen in the Cloud
Late 90s
XenoServer Project
(Cambridge Univ.)
Global Public Computing
The XenoServer project is building a public “This dissertation proposes a new distributed computing
infrastructure for wide-area distributed paradigm, termed global public computing, which allows
computing. We envisage a world in which any user to run any code anywhere. Such platforms price
XenoServer execution platforms will be computing resources, and ultimately charge users for
scattered across the globe and available for resources consumed.“
any member of the public to submit code
for execution. Evangelos Kotsovinos, PhD dissertation, 2004
3. A Brief History of Xen in the Cloud
Late 90s Nov ‘02 Oct ‘03 ‘06 ‘08 ‘09 ‘11
XenoServer Project Amazon EC2 XCP 1.x
(Cambridge Univ.) and Slicehost Xen in Linux
launched Kronos
Xen Xen Presented Rackspace Cloud Mgmt
Repository at SOSP Cloud
Published
XCP
Announced
5. Xen.org
• Guardian of Xen Hypervisor and related OSS Projects
• Xen project Governance similar to Linux Kernel
• Projects
– Xen Hypervisor (led by Citrix)
– Xen Cloud Platform aka XCP (led by Citrix)
– Xen ARM (led by Samsung)
– PVOPS : Xen components and support in Linux Kernel (led by Oracle)
6.
7. Community & Ecosystem Map
xen.org/community/projects
Research
A
Xen
D
Hosting
Projects
Vendors
D
# XCP
XCP
Products s Projects
Xen Consulting
Products People
Consulting
Firms
9. Basic Xen Concepts
Control Domain aka Dom0
XL, XM (deprecated) • Dom0 kernel with drivers
• Xen Management Toolstack
VMn • Trusted Computing Base
VM1
Guest Domains
Control domain One or more VM0
(dom0) driver, stub or • Your apps
Dom0 Kernel
service domains Guest OS
and Apps
• E.g. your cloud management stack
Driver/Stub/Service Domain(s)
Scheduler, MMU Xen Hypervisor
• A “driver, device model or control
Host HW service in a box”
I/O Memory CPUs
• De-privileged and isolated
• Lifetime: start, stop, kill
10
10. PV Domains & Driver Domains
Control domain Guest VMn Driver Domain
Linux PV guests have limitations:
(dom0) e.g. • limited set of virtual hardware
Apps • Disk
• Network Advantages
PV Back Ends PV Front Ends PV Back End • Fast
• Works on any system
HW Drivers HW Driver
(even without virt extensions)
Guest OS Dom0 Kernel*
Driver Domains
Xen Hypervisor • Security
• Isolation
I/O Memory CPUs
Host HW • Reliability and Robustness
*) Can be MiniOS
11
11. HVM & Stub Domains
Dom0 Guest VMn Stubdomn Guest VMn
Disadvantages
• Slower than PV due to Emulation
(mainly I/O devices)
IO Emulation IO Emulation
Device Model Device Model Advantages
• Install the same way as native Linux
IO Event
Stub Domains
IO Event VMEXIT Mini OS VMEXIT
• Security
Xen Hypervisor • Isolation
• Reliability and Robustness
Host HW
12
12. PV on HVM
• A mixture of PV and HVM
• Linux enables as many PV interfaces HVM PV on PV
as possible HVM
Boot Sequence Emulated Emulated PV
• This has advantages
Memory HW HW PV
– install the same way as native
Interrupts, Emulated PV* PV
– PC-like hardware Timers &
– access to fast PV devices Spinlocks
– exploit nested paging Disk & Network Emulated PV PV
– Good performance trade-offs Privileged HW HW PV
Operations
• Drivers in Linux 3.x
*) Emulated for Windows
13. Xen and the Linux Kernel
Xen was initially a University research project
Invasive changes to the kernel to run Linux as a PV guest
Even more changes to run Linux as dom0
14. Xen and the Linux Kernel
Xen support in the Linux kernel not upstream
Great maintenance effort on distributions
Risk of distributions dropping Xen support
Xen harder to use
15. Current State
PVOPS Project
Xen Domain 0 in Linux 3.0+
(it is functional but not yet fully optimized)
On-going work to round out the feature set in Linux 3.2 +
17. XCP
Complete vertical stack for
server virtualization
Distributed as a closed appliance
(ISO) with CentOS 5.5 Dom0,
misc DomU’s, network & storage
support and Xen API
Open source distribution of Citrix
XenServer
18. XCP Overview
• Open source version of Citrix XenServer
wiki.xen.org/wiki/XCP/XenServer_Feature_Matrix
• Enterprise-ready server virtualization and cloud platform
Extends Xen beyond one physical machine and other functionality
Lots of other additional functionality compared to Xen
• Built-in support and templates for Windows and Linux guests
• Datacenter and cloud-ready management API
XenAPI (XAPI) is fully open source
CloudStack and OpenStack integration
• Open vSwitch support built-in
19. Project “Kronos”: XAPI on Linux
• Make the XAPI toolstack independent of CentOS 5.5
• Extend the delivery model
– Deliver Xen, XAPI and everything in between (storage manager, network
support, OCaml libs, etc.) via your favorite Linux distro
“apt-get install xcp-xapi” or “yum install xcp-xapi”
• Debian
• Next: Ubuntu 12.04 LTS
• Later: other major Linux distro (Fedora, CentOS, etc.)
– Volunteers are welcome!
20. Xen vs. XCP vs. XAPI on Linux
Xen XCP (up to 1.1) XAPI on Linux
Hypervisor: latest lagging Linux distro
Dom0 OS: CentOS, Debian, Fedora, CentOS 5.5 Debian, Ubuntu, …
NetBSD, OpenSuse, RHEL 5.x, Solaris 11, …
Dom 0: 32 and 64 bits 32 bits 32 and 64 bits
Linux 3 PVOPS Dom0: Yes No Yes
Toolstack: XM (deprecated), XL or Libvirt XAPI + XE (lots of additional Same as XCP
functionality to Xen)
Storage, Network, Drivers: build and get Integrated with Open vSwitch, Get them yourself
yourself multiple storage types & drivers
Configurations: Everything constrained by XAPI Same as XCP
Usage Model: Do it yourself Shrink wrapped and tested Do it yourself
Distribution: Source or via LinuxUnix ISO Via host Linux distribution
distributions
21
21. XCP/XAPI Vision & Next Steps
XCP & XAPI for Linux are the configuration of choice for clouds
– Optimized for cloud use-cases
– Optimized for usage patterns in cloud projects
– XAPI toolstack is more easily consumable
We are doing this by …
– XenServer is built from XCP (almost there)
– Track unstable Xen hypervisor and Linux kernels aggressively (almost there)
– Deliver into Linux distributions : more flexibility (almost there)
– Exploit advanced Xen security features
– Fully open development model (build & test capability)
22. XCP 1.5 (soon)
• Architectural Improvements: Xen 4.1, GPT, smaller Dom0
• GPU pass through: for VMs serving high end graphics
• Performance and Scalability:
– 1 TB mem/host
– 16 VCPUs/VM, 128 GB/VM
• Networking: Open vSwitch (default), Active-Backup NIC Bonding
• Virtual Appliance: multi-VM and boot sequenced, OVF support
• More guest OS templates
24. XAPI: What is it?
• XAPI is the backbone of XCP
– Provides the glue between all components
– Is the backend for all management applications
• Call it XAPI or XenAPI
• It's a XML-RPC style API, served via HTTPS
– Provided by a service on every XCP dom0 host
– Designed to by highly programmable
– API bindings for many languages: .NET, Java, C, Powershell, Python
• XAPI is Extensible via plugins
– E.g. used by OpenStack
25. XAPI from 30000 Feet
xen.org/files/XenCloud/ocamldoc/apidoc
Storage
SM
Network
BBD_
host_cpu SR metrics
PDB VDI
user session host task
VBD
pool
crash
Host_ event
dump
metrics PIF VM
network VIF VM_
metrics
PIF_ VM_guest_
metrics metrics
console
task
26. XAPI Functionality Overview
• VM lifecycle: live snapshots, checkpoint, migration
• Resource pools: live migration, auto configuration, disaster recovery
• Flexible storage and networking
• Event tracking: progress, notification
• Upgrade and patching capabilities
• Real-time performance monitoring and alerting
• Full list: wiki.xen.org/wiki/XCP/XenServer_Feature_Matrix
27. Open vSwitch
• Software switch, similar to:
– VMware vNetwork Distributed Switch
– Cisco Nexus 1000V
• Distribution agnostic. Plugs right into Linux kernel.
• Reuses existing Linux kernel networking subsystems.
• Backwards-compatible with traditional userspace tools.
• Free and Open Source http://openvswitch.org/
28. Why use Open vSwitch with Cloud?
• Automated control: OpenFlow
• Multi-tenancy
• Monitoring and QoS
29. XAPI Management Options
• XAPI frontend command line tool: XE (tab-completable)
• Desktop GUIs
o Citrix XenCenter (Windows-only)
o OpenXenManager (open source cross-platform XenCenter clone)
• Web interfaces
o Xen VNC Proxy (XVP)
lightweight VM console only
user access control to VMs (multi-tenancy)
o XenWebManager (web-based clone of OpenXenManager
• XCP Ecosystem:
o xen.org/community/vendors/XCPProjectsPage.html
o xen.org/community/vendors/XCPProductsPage.html
33. Cloud VM vs. Cloud Package(s) in Dom0
Cloud VM (DomU) Cloud Package(s) in Dom0
Pros Pros
• Isolation of cloud VM • Simple install
• Security properties • Flexibility
• Pre-package + appliance • Simpler overall
Cons Cons
• Slightly more complex • Less isolation
• Less flexible • Cloud node is a potential entry
point to compromise Dom0
36. Security and the Next Wave of Virtualization
• Security is key requirement for Cloud
• Security is the primary goal of virtualization on the Client
– Desktop, Laptops, Tablets & Smart Phones
• Maintaining isolation between VMs is critical
– Spatial and Temporal isolation
– Run multiple VMs with policy controlled information flow
• E.g. Personal VM; Corporate VM; VM for web browsing; VM for banking
37. Architecture Considerations
Type 1: Bare metal Hypervisor Type 2: OS ‘Hosted’
A pure Hypervisor that runs directly on the A Hypervisor that runs within a Host OS and hosts
hardware and hosts Guest OS’s. Guest OS’s inside of it, using the host OS services
to provide the virtual environment.
VMn User-level VMM VMn
VM1 User
VM1
Apps
VM0 Device Models
VM0
Guest OS Guest OS
and Apps and Apps
Host OS
Scheduler Hypervisor
Ring-0 VM Monitor
Device Drivers/Models Device Drivers “Kernel “
MMU
Host HW Host HW
I/O Memory CPUs I/O Memory CPUs
Provides partition isolation + reliability, Low cost, no additional drivers
higher security Ease of use & installation
38. Xen: Type 1 with a Twist
Control domain
Thin hypervisor
(dom0) • Functionality moved to Dom0
Device Models VMn
Using Linux PVOPS
VM1 • Take full advantage of PV
Drivers
VM0 • PV on HVM
Guest OS • No additional device drivers (Linux
Linux, BSD, etc. and Apps
3.x dom0)
Hypervisor
Scheduler MMU XSM
In other words
Host HW • low cost (drivers)
I/O Memory CPUs
• Ease of use & Installation
• Isolation & Security
42
39. Xen Security & Robustness Advantages
• Even without Advanced Security Features
– Well-defined trusted computing base
(much smaller than on type-2 hypervisor)
– No extra services in hypervisor layer
• More Robustness: Mature, Tried & Tested, Architecture
• Xen Security Modules (or XSM)
– Developed and contributed to Xen by NSA
– Generalized Security Framework for Xen
– The Xen equivalent of SELinux
43
40. Advanced Security: Disaggregation
• Split Control Domain into Driver, Stub and Service Domains
– Each contains a specific set of control logic
– See: ”Breaking up is hard to do” @ Xen Papers
• Unique benefit of the Xen architecture
– Security: Minimum privilege; Narrow interfaces
– Performance: lightweight, e.g. Mini OS directly on hypervisor
– Robustness: ability to safely restart parts of the system
– Scalability: more distributed system (less reliable on Dom0)
41. Example: Network Driver Domain for HA
• Detect failure e.g.
350
– Illegal access
300
– Timeout 250
• Kill domain, restart 200
150
– E.g. Just 275ms outage from
100
failed Ethernet driver
50
• Auto-restarts to 0
0 5 10 15 20 25 30 35 40
enhance security time (s)
42. Qubes OS / XenClient XT
• First products configured to take advantage of the security
benefits of Xen’s architecture
• Isolated Driver Domains
• Virtual hardware Emulation Domains
• Service VMs (global and per-guest)
• Xen Security Modules
43. Advanced XenClient Architecture
Per host/device Per guest
Service VMs Service VMs
VPN Isolation
Control Domain
Management
VPN Isolation
User VM User VM
Emulate
Emulation
Device
Network
Isolation
Domain
Device
Policy Granularity Policy Granularity
Xen Hypervisor
Xen Security Modules
VT-d TXT
Intel vPro Hardware
VT-x AES-NI
44. BUT…
• Today, XCP and commercial Xen based Server products
– Do not make use of XSM
– Do not make use of Advanced Security Features (Disaggregation)
• Most of these features are poorly documented on xen wiki
• In XCP, work has started to add these features
– Various articles of how this may be done on the xen wiki
– Hopefully more information soon
• Commitment on improving docs for Security, Reliability & Tuning
46. • Designed for the Cloud : many advantages for cloud use!
– Resilience, Robustness & Scalability
– Security: Small surface of attack, Isolation & Advanced Security Features
• Widely used by Cloud Providers
• XCP & XAPI
– Ready for use with cloud orchestration stacks
– XCP and XAPI on Linux: flexibility and choice
– Lots of additional improvements for cloud coming in 2012
• Flexibility and choice of Usage Models
– Also one of the challenges for Xen
• Catching up on “Ease of deployment and getting started”
• Open Source with a large community and eco-system
48. Xen Resources
• IRC: ##xen @ FREENODE
• Mailing List: xen-users & xen-api
• Wiki: wiki.xen.org
– Beginners & User Categories
• Excellent XCP Tutorials
– A day worth of material @ xen.org/community/xenday11
49. How to Contribute
• Same process as for Linux Kernel
– Same license: GPLv2
– Same roles: Developers, Maintainers, Committers
– Contributions by patches + sign-off
(Developer Certificate of Origin)
– Details @ xen.org/projects/governance.html
50. Shameless Marketing
Vendors in the Xen community are hiring!
Vendors in the Xen community are hiring!
Vendors in the Xen community are hiring!
xen.org/community/jobs.html
Hold this thought! We will come back to this later….!
Key notes:Just a subset of vendors, projects, etc. that build, use or provide services on top of Xen
PVOPS is the Kernel Infrastructure to run a PV Hypervisor on top of Linux
Dom 0:In a typical Xen set-up Dom0 contains a smorgasboard of functionality:System bootDevice emulation & multiplexingAdministrative toolstackDrivers (e.g. Storage & Network)Etc.LARGE TCB – BUT, Smaller as in a Type 2 hypervisorDriver/Stub/Service Domains: also known as Disaggregation
Device Model emulated in QEMUModels for newer devices are much faster, but for now PV is even faster
Automatic PerformancePV on HVM guests are very close to PV guests in benchmarks that favour PV MMUsPV on HVM guests are far ahead of PV guests in benchmarks that favour nested paging
Where are we?1) Linux 3 contains everything needed to run Xen on a Vanilla Kernel, both as Dom0 and DomU2) That’s of course a little bit of an old hat now3) But it is worth mentioning that it only took 5 years to upstream that PVOPS into the kernel
* Host Architectural Improvements. XCP 1.5 now runs on the Xen 4.1 hypervisor, provides GPT (new partition table type) support and a smaller, more scalable Dom0. * GPU Pass-Through. Enables a physical GPU to be assigned to a VM providing high-end graphics. * Increased Performance and Scale. Supported limits have been increased to 1 TB memory for XCP hosts, and up to16 virtual processors and 128 GB virtual memory for VMs. Improved XCP Tools with smaller footprint. * Networking Improvements. Open vSwitch is now the default networking stack in XCP 1.5 and now provides formal support for Active-Backup NIC bonding. * Enhanced Guest OS Support. Support for Ubuntu 10.04 (32/64-bit).Updated support for Debian Squeeze 6.0 64-bit, Oracle Enterprise Linux6.0 (32/64-bit) and SLES 10 SP4 (32/64-bit). Experimental VM templates for CentOS 6.0 (32/64-bit), Ubuntu 10.10 (32/64-bit) and Solaris 10. * Virtual Appliance Support (vApp). Ability to create multi-VM and boot sequenced virtual appliances (vApps) that integrate with Integrated Site Recovery and High Availability. vApps can be easily imported and exported using the Open Virtualization Format (OVF) standard.
Note: not exactly 1:1 with XEComparisons to other APIs in the virtualization space (source: Steven Maresca)Generally speaking XAPI is well-designed and well-executedXAPI makes it pleasantly easy to achieve quick productivityXAPI is set up to work with frameworkssuch as CloudStack and OpenStack. Some SOAPy lovers of big XML envelopes and WSDLs scoff at XML-RPC, but it certainly gets the job done with few complaintsExample codehttp://bazaar.launchpad.net/~nova-core/nova/github/files/head:/plugins/xenserver/xenapi/etc/xapi.d/plugins/ https://github.com/xen-org/xen-api/blob/master/scripts/examples/python/XenAPIPlugin.py
All elements on the diagram just shown are called classes:diagram omits another twenty or more minor classes.Visit the SDK documentation for documentation of all classes,Classes are the objects XCP knows about and exposes through API bindingsEach class has attributes called fields and functions called messages. We'll stick with 'attributes' and 'functions.'Classes on diagram:VM: A virtual machineHost: A physical XCP host systemPBD: physical block device through which an SR is accessedSR: Storage repositoryVDI: Virtual disk imageVDB: Virtual block deviceNetwork: A virtual networkVIF: A virtual network interfacePIF: A physical network interface
VM lifecycle (start, stop, resume) ... automation is the key pointLive snapshots: Takes a snapshot of a live VM (e.g. for disaster recovery or migration)Resource pools (multiple physical machines): XS & XCP onlylive migration: VM is backed up while running, onto shared storage (e.g. NFS) in a pool and when completed restarted elsewhere in that pool. disaster recovery: you can find lots of information on how this works at http://support.citrix.com/servlet/KbServlet/download/17141-102-19301/XenServer_Pool_Replication_-_Disaster_Recovery.pdf (the key point is that I can back up the metadata for the entire VM)Flexible storage: XAPI does hide details for storage and networkingI.e. I apply generic commands (NFS, NETAPP, iSCSI ... once its created they all appear the same) from XAPI. I only need to know the storage type when I create storage and network objects (OOL)Upgrading a host to a later version of XCP (all my configs and VMs stay the same) …and patching (broken now - bug, can apply security patches to XCP/XS or Dom0 but not DomU)
Automated Control/OpenFlow: e.g. Firewall rules, Access Control Rules (does help with things like Multi Tenancy – program visibility of a switch), Ford Locking (security mechanism – a VM can only use a particular MAC address, if you tamper with it can’t connect to the switch).Multi-tenancy: separate virtual networks for different cloud customersMonitoring: of course for charging per useQoS: rate limiting (customer pays for a specific amount of bandwidth)
Earlier this year, we released Xen 4.1I just put up the feature list, but I wont go through it in detail. I did want to point out that the focus of this release was onSupport for large systems and easier management of large systems with CPU poolksAs well as on securityAnd that is starting a trend to optimize the hypervisor for cloud use cases
Detailed ListGeneralDocumentation improvements (e.g. man pages)Lots of bug fixing of course.[edit]Toolsxl is now default toolstack and xend is formally deprecatedlots of xl improvements.we should highlight xend deprecation (not effectively maintained since 2008)Remus compression (compression of memory image improves performance)Prefer oxenstored when available (improves scalability!)Support for upstream qemu; nearing feature parity (non default still, but we want people to be testing it)Added libvchan to xen mainline(cross domain comms)[edit]XenImprovements to paging and sharing, enabling higher VM density for VDI use-casesEFI (extensible Firmware Interface) support for HV (i.e. if I have a machine that has EFI, I can use Xen on it)Support up to 256 Host CPUs for 64 bit h/v (from 128)Support dom0 kernels compressed with xzPer-device interrupt remapping (increases scalability)Support for pvhvm guest direct pirq injection (Performance improvement for PCI passthrough for Linux Guests)Intel SMEP (Supervisor Mode Execution Protection) supportMem event stuff? (Allows to externally observe what guests are up to and can be used for external virus checking - not sure what the right terminology is)Multiple PCI segment supportAdded xsave support(floating point)Lots of XSM / Flask fixes (security)AMD SVM "DecodeAssist" support (AMD CPU feature that avoids emulation and increases performance)[edit]Removed FunctionalityACM (alternative XSM to Flask) was removed (unmaintained)Removed vnet (unmaintained)[edit]Xen Development SupportCan build with clangAdded "make deb" targetLots of xentrace improvementsupdate ocaml bindings and make them usable by xapi (which previously had it's own fork of the same codebase)
Just one example of a survey, many morehttp://www.colt.net/cio-research/z2-cloud-2.htmlAccording to many surveys, security is actually the main reason which makes or breaks cloud adoptionBetter security means more adoptionConcerns about security means slowed adoption
So for a hypervisor, as Xen which is powering 80% of the public cloud – rackspace, AWS and many other VPS providers use Xen and with cloud computing becoming mainstream, furthering security is really importantOne of the key things there is isolation between VMs, but also simplicity as I pointed out earlierBut there are also a number of advanced features in Xen, which are not that widely know. So I wanted to give you a short overview of two of them
At this point I want to make a quick detour into the different hypervisor architectures from a viewpoint of security.Let’s look at type 1 hypervisor:Basically a very simple architecture, where the Hypervisor replaces the kernelThe architecture is significantly simpler that a Type 2 hypervisor, because it does not need to provide rich “process” semantics, like “user”, filesystems, etc.BUT: the trade-off is that all the device drivers need to be rewritten for each hardware platformType 2 is hosted- The hypervisor is just a driver that typically works with user-level monitor.HW access is intercepted by the ring 0- VM monitor passed to the User level Virtual Monitor, which passes requests to the kernelRe-use of device drivers is traded off against security and a large trusted computing base (green)
Dom 0:In a typical Xen set-up Dom0 contains a smorgasboard of functionality:System bootDevice emulation & multiplexingAdministrative toolstackDrivers (e.g. Storage & Network)Etc.LARGE TCB – BUT, Smaller as in a Type 2 hypervisor
Ask some questions
Example: XOARSelf-destructing VMs (destroyed after initialization): PCIBack = virtualize access to PCI Bus configRestartable VMs (periodic restarts): NetBack (Physical network driver exposed to guest) = restarted on timerBuilder (instantiate other VMs) = Restarted on each request
This is not pie in the sky: these features are actually in use already for desktop virtualization.I wanted to point out Qubes OS which is an OSS project in its second betaAnd a commercial Citrix product which makes use of these featuresIn the last 6 months there has been lots of talk in the community, how these features can be adopted for Server virtualization and I expect that we see adoption of these in XCP and commercial Xen products.But of course this is not easy: there are challenges around Configuartion and Usability
What about domain 0 itself?Once we've disaggregated domain 0, what will be left? The answer is: very little! We'll still have the logic for booting the host, for starting and stopping VMs, and for deciding which VM should control which piece of hardware... but that's about it. At this point domain 0 could be considered as a small "embedded" system, like a home NAT box or router.
PVOPS is the Kernel Infrastructure to run a PV Hypervisor on top of Linux
Let’s have a quick look at what’s new in the kernel 3.1Mainly usability improvementsThe most significant addition is the PCI back module which enables the kernel to pass PCI/PCIe devices to Xen guests3.2: see http://www.gossamer-threads.com/lists/xen/users/229720Quite a lot of features are planned to go into Linux 3.2 and beyond. I will just explain a few. For the rest, do talk to me afterwards3.2 Feature Discard: Tells the HW that disk sectors are unusedThis is good for Solid State DrivesBut it is also good for filers doing thin provisioning3.3 PV Spinlocks: Better performance under contention ACPI S3: Which gives us Suspend to RAM, which is good for Xen on Laptop Use casesThe key is that all this is about optimization and rounding out of features------------------3.2: hwclock -s: Makes time (i.e. wallclock, RTC time) handling work as expected for the dom0 administrator. "feature-barrier": Required for correctness by certain guests (SLES10, I think). AIUI various filesystem implementations rely on barriers to Yup (and Oracle's guests applicance thingies) actually do something for correctness. Without this there coudl be corruption (I wouldn't necessarily stand on stage and say that out loud though) Some form of it can appear if you unplug the machine right as it is writting data out. But I am not entirely sure how to reproduce that 100%.. But yes - barries and flushes provide a mechanism to do 'write meta data NOW', and then the normal data can be written. So that in case of power failure you can go back to the meta data and figure stuff out. So yes. corruption averted! "feature-discard": Used to indicate to h/w that disk sectors are unused. This is good for SSDs and also for filers which do thin provisioning since it improves wear-levelling and allows the space to be recovered respectively. <nods> Not sure what there is to say about the others.
http://www.gossamer-threads.com/lists/xen/users/2297063.3: PV spinlocks: PV spinlocks improve performance under contention by allowing lock takers to sleep/yield instead of spinning wasting scheduling quanta. The current PV spinlock replaces the entire spinlock algorithm/datastructure. The new work simply adds a PV slow path but keeps the core "ticket lock" algorithm. This is beneficial in terms of sharing more code (and hence perf analysis etc) with native. The benefit is that during high contention (so more guests using VCPUs that there are physical CPUS - think four guests, each using 2 VCPU, and the box only has four physical) we can schedule the guests appropiately instead of spinning uselessly wasting CPU resources. ACPI S3: Suspend to RAM. Useful for Xen on laptop type scenarios. Yeah, that one is taking longer than I thought. Got some feedback and will post a new set shortly. 3D graphics: THe RAM used by graphics cards has various constraints on the RAM which they use which we need to work with in order to make those cards work correctly It pretty much is in. Another graphics guy picked up the patches, reworked them even further and they are definitly in for 3.3. ACPU cpufreq: Power management, useful in servers etc. I suspect this also improves performance in some cases by allowing access to faster states. Still a bit behind sadly. The patches are "nicer" but still not sure how to make them even more nicer for Len. Will have to post them at some point. Maybe I shoudl do it on Dec 24th
So what does all that mean?Firstly, you can just Download the latest Linux distro, get the Xen package and you can get startedOf course that requires distros which have the Linux 3 kernel in itDebian Squeeze, Fedora 16, Ubuntu 10.10
Why should you help?There are lots of HW variants and our developers cant possibly test all of themSo if you do wangt to help ...If you see any issues: and that may mean bugs, unexpected behavior, unexpected performance: let is know such that we can fix it.
The key point here isXen ARM has a long historyUses paravirtualizationAnd supports a wide range of ARM processor featuresAs Kiko pointed out, there are quite few challenges in the ARM space such as complexity and Linux ports and that also affects XenSo for example to build Xen ARM, it was necessary to modify the ARM Linux kernel and we are facing questions such as a) do we try and upstream, or do we go for a clean start with newer ARM architectures
This slide is all about pointing out that there is pull for the ARM architectureCALXEDA| HP
Goals:Mobile, Client and Server for ARM Realtime capabilityMake sure that we have an architecturally clean start moving forward
Hold this thought! We will come back to this later….!
Performance : similar to other hypervisorsMaturity: Tried & Tested, Most Problems that are Problems are well knownOpen source: Good body of Knowledge, Tools