SlideShare a Scribd company logo
Xen Project 15 Years
Down the Line:
Thinking Outside of the Conceived
Tech Comfort Zone
Lars Kurth
Community Manger, Xen Project
Chairman, Xen Project Advisory Board
Director, Open Source, Citrix
Contributors
Andrew Cooper: Committer, Xen Project ◉ Christopher Clark: Contributor, Xen Project
Mihai Donțu: Chief Linux Officer, Bitdefender ◉ George Dunlap: Committer, Xen Project
lars_kurth
Happy Birthday!
What is Xen and Xen Project?
Versatile Virtualization Platform
Designed to be a component in a SW stack
Ease of use for end-users was never a design goal
Xen Hypervisor = “Engine”
Taken by integrators to build a product, service, …
Analogy: integrators build a “car” with Xen as “engine”
Xen Project
Development community with several sub projects
that develop technologies related to Xen
– Hypervisor
– PV Drivers
– Unikernel related projects: MirageOS, Unikraft
Rewind to the Beginning
Original Use Cases
Server Consolidation
Co-located hosting facilities,
Distributed web services
Cloud Computing
Secure Computing Platforms and
Application Mobility
High availability, Fault tolerance,
Checkpointing
Original Design Goals
Modular architecture
Via disaggregation
Flexible architecture
Via use of system services
High degree of customisability
Initial goal: server and possibility of
desktop products
OpenXT, SecureView
(desktop, laptops, tablets)
Defense Applications
Unikernels
Cyberchaff (HalVM)
Defense Applications
Xenon Hypervisor family, Magrana Server, …
Cloud Computing Amazon Web Services, Tencent, Alibaba Cloud, Oracle Cloud,
IBM SoftLayer, Rackspace, …
Server Virtualization
Linux Distros, Citrix Hypervisor, Huawei UVP, Oracle VM, XCP-ng
ARLX/Virtuosity OA, Bromium
uXen, Crucible Hypervisor
Embedded Defense /
Security Applications
Embedded/
Automotive Virtuosity, XILINX Xen Zynq, Perseus,
GlobalLogic Nautilus, EPAM Fusion
General purpose desktop and mobile Virtualization
XenClient, NxTop, Neosphere, Samsung, Qubes OS
VMI Bitdefender,
AIS, Zentific
So, how did we get to such a
diverse product eco-system?
Strong Security
mindset by main
Xen Developers
From the Beginning
Disaggregation was part of the original Xen conception
Influenced by microkernel thinking
VMn
Guest OS
Applications
VM0 (or Dom0)
Dom0 Kernel
Native Driver
System Services
XS TSDE
Scheduler MMU Timers Interrupts
From the Beginning
Disaggregation was part of the original Xen conception
Influenced by microkernel thinking
VMn
Guest OS
Applications
VM0 (or Dom0)
Dom0 Kernel
System Services
XS TS
Scheduler MMU Timers Interrupts
Driver Domain
Guest OS
Native Driver
Service Domain
Guest OS
System Services
DE
Disaggregate
Disaggregate
From the Beginning
Disaggregation was part of the original Xen conception
Influenced by microkernel thinking
The PV protocols were specifically designed for untrusted
backends and untrusted native device drivers
Particularly the grant tables
Security technologies were always in maintainers minds
They were up-streamed without resistance
Sometimes with a lot of support from maintainers
Today: Used by …
OpenXT, SecureView
(desktop, laptops, tablets)
Defense Applications
Unikernels
Defense Applications
Xenon Hypervisor family, Magrana Server, …
Cloud Computing
Server Virtualization
ARLX/Virtuosity OA,
Crucible Hypervisor
Embedded Defense /
Security Applications
Automotive Virtuosity,
GlobalLogic Nautilus, EPAM Fusion
General purpose desktop and mobile Virtualization
Qubes OS
VMI
Tension: Core vs. non-Core Usage
Many security technologies were not made easy to use
Disaggregation is a good example
Product schedule pressure, led to
– Core team members choosing the quick to implement / more performant
approach ➜ New features went into Dom0 first
– Maintainers reviewing non-Core contributions: takes effort to understand
and guide contributors to the best approach ➜ This did often not happen
E.g. Xen has no build capability for disaggregated domains
Led to duplication amongst vendors
Increased the barrier to adoption for newcomers
Strong Security Mindset
Enabled non-Core Security
Contributions
From Military Clouds to
Desktop/Tablet Use Cases on x86
Xen Summit: 2007, New York, USA
Xen Summit: 2007, New York, USA
US DoD employees presented approaches to
Apply EAL5 Common Criteria Security Clearance for Xen
Xen Security Modules (XSM)
EAL5 CC related research led to the Xenon Separation VMM family
Today: widely used by DoD departments
XSM was subsequently upstreamed
Defense Applications
Xenon Hypervisor family, Magrana Server, …
Server Virtualization
Linux Distros, Citrix Hypervisor, Huawei UVP, Oracle VM, XCP-ng
2012: The Xenon Separation VMM
Secure virtualization infrastructure for military clouds (pdf)
“ We reduce the size of the code base by dropping support
for selected features that are not needed to run commodity
operating systems, e.g. Windows 7 or Linux. Because the
internal design and construction of the base Xen VMM is
highly modular, removing some of the features does not
disable any of the remaining features.
The total effort required was about 3 engineers over a
period of 2 years, and includes the effort of keeping up with
the Xen community. ”
x86: Desktop / Tablet Use Cases
2009: Virtual Computer releases NxTop 1.0
NxTop is the first of 3 Xen based client solutions
Citrix and Neocleus release their first solutions in 2010
2012: Snowden-approved Qubes OS 1.0 releases
Today, Qubes OS 4.0 is the first technology to use PVHv2 in production
2013: Citrix and DoD collaborate to create SecureView
In 2015, XenClient is discontinued and released as OpenXT
SecureView continues to be developed on top of OpenXT
OpenXT, SecureView
(desktop, laptops, tablets)
Defense Applications
General purpose desktop Virtualization
XenClient, NxTop, Neosphere, Qubes OS
Reflection
Early & continued engagement of Security Researchers
Security feature contributions before being productized
Xen became an attractive platform for security research
Enabler:
The Xen community accepted contributions
Modular Architecture
Enabled specialised and certifiable products for defence use
But: Innovations were not attempted to be up-streamed
Reflection
Attempts to commercialize Xen on Desktop
Enabled a new products leveraging Xen’s security features
They also relied on removing upstream Xen code (on x86)
BUT:
None of these Xen capabilities were used in Server/Cloud
Related Story: GPU Passthrough & Virtualization
Were developed for Desktop Use Cases on Xen
TODAY:
GPU Virtualization is widely used in Server/Cloud
Virtual Machine Introspection:
from Research to Commercial
Server Products
Georgia Tech: 2007, Atlanta, USA
Georgia Tech: 2007, Atlanta, USA
2007: Virtual Machine Introspection for Xen hatched at
Georgia Tech
– 2003: Initial Research by Tal Garfinkel & Mendel Rosenblum
– Bryan Payne created a project called XenAccess
Later expanded scope to other hypervisors as LibVMI
2009: XenAccess and mem-events APIs were added
Used for security research and specialist security apps
Enabler:
The project accepted these changes with active help
from maintainers
Commercial interest in VMI
2013 to 2015: Intel launched its Haswell & Broadwell CPUs
Specifically VMFUNC, EPTP and #VE capabilities
New HW capabilities of Haswell & Broadwell generated
commercial interest in VMI by multiple vendors
2014 to 2015: The XenAccess and mem-events APIs were
re-architected into the VMI subsystem
In parallel: related companion technologies such as alt2pm
are being developed
Productization
2015 to 2016: Citrix and Bitdefender collaborated to bring
VMI to market through XenServer 7.0 and Bidefender HVI
Today: Similar products are available from AIS and Zentific
Today: ongoing contributions by security vendors to alt2pm
indicate future productization
Reflection
Few security features made it into Server/Cloud
For example: VMI & Live Patching
WHY?
HW capabilities were not enough
It was too early or the market wasn’t ready
Example: Dynamic Root of Trust related technologies
Complex and Use Case dependent
Example: Xen Security Modules - requires Specialist expertise;
configuration is Use Case dependent
From Desktop / Mobile
Use Cases to
Embedded / Automotive
2008, Seoul, Korea
Samsung releases Secure Xen on Arm port
This Xen port used paravirtualization and was kept as a Xen
fork hosted by the Xen Project as requested by Samsung
2008 to 2014: Samsung regularly shows Xen demos
Dual mobile operating systems running on Samsung
devices and later Nexus 10
Demos and presentations covered
– Innovations in real-time capabilities based on Xen
– GPU sharing technologies based on Xen
2008, Seoul, Korea
This showed what is possible
Inspiring others to investigate and
research along similar lines
2012, Cambridge, UK
2012, Cambridge, UK
Xen on Arm reboot
Patches for upstream Xen on Arm support are posted
Armv7 and v8 are fully supported upstream by March 2014
The primary motivation for this work was to target Arm
based servers
Developers learned from the earlier Arm port:
– Clean and simple architecture
– Perfect match between Xen and Arm ISA
– Much smaller code size compared to Xen on x86
Upstream support and simplicity
of Arm port enabled embedded
Use Cases on Arm
The missing Evolutionary Link
From x86 to Arm
2010: Dornerworks contributes the ARINC653 Scheduler
Launches ARLX (initially for x86) taking a similar approach
to Xenon
2014: Dornerworks pioneers safety certification for Xen
OpenXT, SecureView
(desktop, laptops, tablets)
Defense Applications
General purpose desktop Virtualization
XenClient, NxTop, Neosphere, Qubes OS
ARLX/Virtuosity OA,
Crucible Hypervisor
Embedded Defense /
Security Applications
A new Evolutionary Wave
2014: Xen moves into embedded and automotive
The Xen Project launched an automotive initiative
Xen based distros and products are being developed
2015: First automotive Xen based platform
GlobalLogic introduces the Nautilus platform at CES 2015
2015: First embedded Arm-only Xen Distro
Xen Zynq Distribution for XILINX
The last few years: R&D
Similar order of magnitude to earlier waves
Sedimentation: from Software
to Hardware
Sedimentation:
Functionality implemented in Software being fully or partly
implemented in Hardware
Example: PV Interrupt and Timers ➜ using IO APIC and
Posted Interrupts
Silicon vendors have always worked closely with Xen
Xen’s had a significant impact on virtualization
related technology in Hardware
I wanted to tell this story, but:
It’s very difficult to explain
And much of the work was performed under NDAs
What have we learned?
What can you learn from Xen?
Culture enables Innovation
Accept changes for non-Core Use Cases
In our case this was not planned: we inherited the culture
But: do not sacrifice due diligence and future-proofing
Help people trying to adopt Xen for non-Core Use Cases
We were bad at this until about 3 years ago
Work with new ideas, forks and distributions
Developer Events: allow air-time for new ideas
Forks are not always bad: Samsung fork hosted by us
OpenXT (distro): close collaboration is key
Process enables Innovation
Feature/Configuration Classification
Experimental ➜ Tech Preview ➜ Supported
Marked non-Core functionality as Experimental or Preview
Maintainership
Contributors need to step up for larger non-Core Features
Proves longer term commitment by the contributor
Deprecation of Features
Intent to deprecate is announced on list: identify objections
Remove non-core Features, if stale or not used
Tension need to be Managed
Vendors have different Priorities
These can lead to conflicts
Non-Core vs. Core arguments can be ugly
Active community management is required
New Processes can lead to Tensions
Security Vulnerability Management led to problems
Who deals with a Vulnerability in non-Core code?
We didn’t understand this ➜ created tension and rejection
of non-Core features until we modified the process
Process enables Innovation
Security Support
The security team does not handle non-Core Vulnerabilities
– Supported Feature without Security Support
– Delegated Security Support (e.g. ARINC653 scheduler)
KCONFIG based Configuration Management
Larger non-core features are build or run-time disabled
Subprojects as incubators for New Ideas
Can be used to foster innovation on the periphery
Examples: MirageOS, Automotive Project, Unikraft
lars.kurth@xenproject.org
Picture by Lars Kurth
References
https://wiki.xenproject.org/wiki/15_Anniversary_References

More Related Content

What's hot

E tech vmware presentation
E tech vmware presentationE tech vmware presentation
E tech vmware presentation
jpenney
 
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19:  The Road to Safety Certification: Overcoming Community Challeng...OSSJP/ALS19:  The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
The Linux Foundation
 
Virtualization 101
Virtualization 101Virtualization 101
Virtualization 101
Gaurav Marwaha
 
Ubuntu tutorial slides
Ubuntu tutorial slidesUbuntu tutorial slides
Ubuntu tutorial slides
Trung Nguyen
 
Disk Performance Comparison Xen v.s. KVM
Disk Performance Comparison Xen v.s. KVMDisk Performance Comparison Xen v.s. KVM
Disk Performance Comparison Xen v.s. KVM
nknytk
 
Kvm virtualization platform
Kvm virtualization platformKvm virtualization platform
Kvm virtualization platform
Ahmad Hafeezi
 
Using and Customizing the Android Framework / part 4 of Embedded Android Work...
Using and Customizing the Android Framework / part 4 of Embedded Android Work...Using and Customizing the Android Framework / part 4 of Embedded Android Work...
Using and Customizing the Android Framework / part 4 of Embedded Android Work...
Opersys inc.
 
Xen in Safety-Critical Systems - Critical Summit 2022
Xen in Safety-Critical Systems - Critical Summit 2022Xen in Safety-Critical Systems - Critical Summit 2022
Xen in Safety-Critical Systems - Critical Summit 2022
Stefano Stabellini
 
Server virtualization by VMWare
Server virtualization by VMWareServer virtualization by VMWare
Server virtualization by VMWare
sgurnam73
 
Xen Debugging
Xen DebuggingXen Debugging
Xen Debugging
The Linux Foundation
 
Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...
Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...
Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...
Stefano Stabellini
 
Xen Hypervisor
Xen HypervisorXen Hypervisor
Xen Hypervisor
Susheel Thakur
 
ALSF13: Xen on ARM - Virtualization for the Automotive Industry - Stefano Sta...
ALSF13: Xen on ARM - Virtualization for the Automotive Industry - Stefano Sta...ALSF13: Xen on ARM - Virtualization for the Automotive Industry - Stefano Sta...
ALSF13: Xen on ARM - Virtualization for the Automotive Industry - Stefano Sta...
The Linux Foundation
 
High availability virtualization with proxmox
High availability virtualization with proxmoxHigh availability virtualization with proxmox
High availability virtualization with proxmox
Oriol Izquierdo Vibalda
 
Virtual Infrastructure Overview
Virtual Infrastructure OverviewVirtual Infrastructure Overview
Virtual Infrastructure Overview
valerian_ceaus
 
How to Choose a Software Update Mechanism for Embedded Linux Devices
How to Choose a Software Update Mechanism for Embedded Linux DevicesHow to Choose a Software Update Mechanism for Embedded Linux Devices
How to Choose a Software Update Mechanism for Embedded Linux Devices
Leon Anavi
 
Virtualization VMWare technology
Virtualization VMWare technologyVirtualization VMWare technology
Virtualization VMWare technology
sanjoysanyal
 
BKK16-315 Graphics Stack Update
BKK16-315 Graphics Stack UpdateBKK16-315 Graphics Stack Update
BKK16-315 Graphics Stack Update
Linaro
 
XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARM
XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARMXPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARM
XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARM
The Linux Foundation
 
Reconnaissance of Virtio: What’s new and how it’s all connected?
Reconnaissance of Virtio: What’s new and how it’s all connected?Reconnaissance of Virtio: What’s new and how it’s all connected?
Reconnaissance of Virtio: What’s new and how it’s all connected?
Samsung Open Source Group
 

What's hot (20)

E tech vmware presentation
E tech vmware presentationE tech vmware presentation
E tech vmware presentation
 
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19:  The Road to Safety Certification: Overcoming Community Challeng...OSSJP/ALS19:  The Road to Safety Certification: Overcoming Community Challeng...
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...
 
Virtualization 101
Virtualization 101Virtualization 101
Virtualization 101
 
Ubuntu tutorial slides
Ubuntu tutorial slidesUbuntu tutorial slides
Ubuntu tutorial slides
 
Disk Performance Comparison Xen v.s. KVM
Disk Performance Comparison Xen v.s. KVMDisk Performance Comparison Xen v.s. KVM
Disk Performance Comparison Xen v.s. KVM
 
Kvm virtualization platform
Kvm virtualization platformKvm virtualization platform
Kvm virtualization platform
 
Using and Customizing the Android Framework / part 4 of Embedded Android Work...
Using and Customizing the Android Framework / part 4 of Embedded Android Work...Using and Customizing the Android Framework / part 4 of Embedded Android Work...
Using and Customizing the Android Framework / part 4 of Embedded Android Work...
 
Xen in Safety-Critical Systems - Critical Summit 2022
Xen in Safety-Critical Systems - Critical Summit 2022Xen in Safety-Critical Systems - Critical Summit 2022
Xen in Safety-Critical Systems - Critical Summit 2022
 
Server virtualization by VMWare
Server virtualization by VMWareServer virtualization by VMWare
Server virtualization by VMWare
 
Xen Debugging
Xen DebuggingXen Debugging
Xen Debugging
 
Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...
Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...
Static Partitioning with Xen, LinuxRT, and Zephyr: A Concrete End-to-end Exam...
 
Xen Hypervisor
Xen HypervisorXen Hypervisor
Xen Hypervisor
 
ALSF13: Xen on ARM - Virtualization for the Automotive Industry - Stefano Sta...
ALSF13: Xen on ARM - Virtualization for the Automotive Industry - Stefano Sta...ALSF13: Xen on ARM - Virtualization for the Automotive Industry - Stefano Sta...
ALSF13: Xen on ARM - Virtualization for the Automotive Industry - Stefano Sta...
 
High availability virtualization with proxmox
High availability virtualization with proxmoxHigh availability virtualization with proxmox
High availability virtualization with proxmox
 
Virtual Infrastructure Overview
Virtual Infrastructure OverviewVirtual Infrastructure Overview
Virtual Infrastructure Overview
 
How to Choose a Software Update Mechanism for Embedded Linux Devices
How to Choose a Software Update Mechanism for Embedded Linux DevicesHow to Choose a Software Update Mechanism for Embedded Linux Devices
How to Choose a Software Update Mechanism for Embedded Linux Devices
 
Virtualization VMWare technology
Virtualization VMWare technologyVirtualization VMWare technology
Virtualization VMWare technology
 
BKK16-315 Graphics Stack Update
BKK16-315 Graphics Stack UpdateBKK16-315 Graphics Stack Update
BKK16-315 Graphics Stack Update
 
XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARM
XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARMXPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARM
XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARM
 
Reconnaissance of Virtio: What’s new and how it’s all connected?
Reconnaissance of Virtio: What’s new and how it’s all connected?Reconnaissance of Virtio: What’s new and how it’s all connected?
Reconnaissance of Virtio: What’s new and how it’s all connected?
 

Similar to Xen Project 15 Years down the Line

Scale17x: Thinking outside of the conceived tech comfort zone
Scale17x: Thinking outside of the conceived tech comfort zoneScale17x: Thinking outside of the conceived tech comfort zone
Scale17x: Thinking outside of the conceived tech comfort zone
The Linux Foundation
 
Arm tech con 2014 slides - sallam-public
Arm tech con 2014   slides - sallam-publicArm tech con 2014   slides - sallam-public
Arm tech con 2014 slides - sallam-public
Ahmed Sallam
 
Rootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17:  An introduction to Xen Project VirtualisationRootlinux17:  An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project Virtualisation
The Linux Foundation
 
LCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, Citrix
LCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, CitrixLCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, Citrix
LCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, Citrix
The Linux Foundation
 
Crash Course in Open Source Cloud Computing
Crash Course in Open Source Cloud ComputingCrash Course in Open Source Cloud Computing
Crash Course in Open Source Cloud Computing
Mark Hinkle
 
Sphinx: An Industrial Strength Tool Platform Fostering Model-driven Developme...
Sphinx: An Industrial Strength Tool Platform Fostering Model-driven Developme...Sphinx: An Industrial Strength Tool Platform Fostering Model-driven Developme...
Sphinx: An Industrial Strength Tool Platform Fostering Model-driven Developme...
Stephan Eberle
 
Xenorgs open stack_related_initiatives
Xenorgs open stack_related_initiativesXenorgs open stack_related_initiatives
Xenorgs open stack_related_initiatives
Todd Deshane
 
A Xen Case Study
A Xen Case StudyA Xen Case Study
A Xen Case Study
Kris Buytaert
 
Kernel Recipes 2014 - Xen as a foundation for cloud infrastructure
Kernel Recipes 2014 - Xen as a foundation for cloud infrastructureKernel Recipes 2014 - Xen as a foundation for cloud infrastructure
Kernel Recipes 2014 - Xen as a foundation for cloud infrastructure
Anne Nicolas
 
Securing Your Cloud with Xen (CloudOpen NA 2013)
Securing Your Cloud with Xen (CloudOpen NA 2013)Securing Your Cloud with Xen (CloudOpen NA 2013)
Securing Your Cloud with Xen (CloudOpen NA 2013)
Russell Pavlicek
 
2018 Genivi Xen Overview Nov Update
2018 Genivi Xen Overview Nov Update2018 Genivi Xen Overview Nov Update
2018 Genivi Xen Overview Nov Update
The Linux Foundation
 
“Khronos Group Standards: Powering the Future of Embedded Vision,” a Presenta...
“Khronos Group Standards: Powering the Future of Embedded Vision,” a Presenta...“Khronos Group Standards: Powering the Future of Embedded Vision,” a Presenta...
“Khronos Group Standards: Powering the Future of Embedded Vision,” a Presenta...
Edge AI and Vision Alliance
 
LFCOLLAB15: Xen 4.5 and Beyond
LFCOLLAB15: Xen 4.5 and BeyondLFCOLLAB15: Xen 4.5 and Beyond
LFCOLLAB15: Xen 4.5 and Beyond
The Linux Foundation
 
XDF18: Heterogeneous Real-Time SoC Software Architecture - Stefano Stabellini...
XDF18: Heterogeneous Real-Time SoC Software Architecture - Stefano Stabellini...XDF18: Heterogeneous Real-Time SoC Software Architecture - Stefano Stabellini...
XDF18: Heterogeneous Real-Time SoC Software Architecture - Stefano Stabellini...
The Linux Foundation
 
W PROSTOCIE SIŁA - wirtualizacja sposobem na uproszczenie infrastruktury IT
W PROSTOCIE SIŁA - wirtualizacja sposobem na uproszczenie infrastruktury ITW PROSTOCIE SIŁA - wirtualizacja sposobem na uproszczenie infrastruktury IT
W PROSTOCIE SIŁA - wirtualizacja sposobem na uproszczenie infrastruktury IT
Peter Ocasek
 
#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...
#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...
#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...
Paris Open Source Summit
 
"Update on Khronos Standards for Vision and Machine Learning," a Presentation...
"Update on Khronos Standards for Vision and Machine Learning," a Presentation..."Update on Khronos Standards for Vision and Machine Learning," a Presentation...
"Update on Khronos Standards for Vision and Machine Learning," a Presentation...
Edge AI and Vision Alliance
 
HiPEAC 2022_Marcelo Pasin presentation
HiPEAC 2022_Marcelo Pasin presentationHiPEAC 2022_Marcelo Pasin presentation
HiPEAC 2022_Marcelo Pasin presentation
VEDLIoT Project
 
Xen Project Hypervisor for the Cloud
Xen Project Hypervisor for the CloudXen Project Hypervisor for the Cloud
Xen Project Hypervisor for the Cloud
The Linux Foundation
 
Xen.org Overview 2009
Xen.org Overview 2009Xen.org Overview 2009
Xen.org Overview 2009
The Linux Foundation
 

Similar to Xen Project 15 Years down the Line (20)

Scale17x: Thinking outside of the conceived tech comfort zone
Scale17x: Thinking outside of the conceived tech comfort zoneScale17x: Thinking outside of the conceived tech comfort zone
Scale17x: Thinking outside of the conceived tech comfort zone
 
Arm tech con 2014 slides - sallam-public
Arm tech con 2014   slides - sallam-publicArm tech con 2014   slides - sallam-public
Arm tech con 2014 slides - sallam-public
 
Rootlinux17: An introduction to Xen Project Virtualisation
Rootlinux17:  An introduction to Xen Project VirtualisationRootlinux17:  An introduction to Xen Project Virtualisation
Rootlinux17: An introduction to Xen Project Virtualisation
 
LCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, Citrix
LCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, CitrixLCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, Citrix
LCC17 - Securing Embedded Systems with the Hypervisor - Lars Kurth, Citrix
 
Crash Course in Open Source Cloud Computing
Crash Course in Open Source Cloud ComputingCrash Course in Open Source Cloud Computing
Crash Course in Open Source Cloud Computing
 
Sphinx: An Industrial Strength Tool Platform Fostering Model-driven Developme...
Sphinx: An Industrial Strength Tool Platform Fostering Model-driven Developme...Sphinx: An Industrial Strength Tool Platform Fostering Model-driven Developme...
Sphinx: An Industrial Strength Tool Platform Fostering Model-driven Developme...
 
Xenorgs open stack_related_initiatives
Xenorgs open stack_related_initiativesXenorgs open stack_related_initiatives
Xenorgs open stack_related_initiatives
 
A Xen Case Study
A Xen Case StudyA Xen Case Study
A Xen Case Study
 
Kernel Recipes 2014 - Xen as a foundation for cloud infrastructure
Kernel Recipes 2014 - Xen as a foundation for cloud infrastructureKernel Recipes 2014 - Xen as a foundation for cloud infrastructure
Kernel Recipes 2014 - Xen as a foundation for cloud infrastructure
 
Securing Your Cloud with Xen (CloudOpen NA 2013)
Securing Your Cloud with Xen (CloudOpen NA 2013)Securing Your Cloud with Xen (CloudOpen NA 2013)
Securing Your Cloud with Xen (CloudOpen NA 2013)
 
2018 Genivi Xen Overview Nov Update
2018 Genivi Xen Overview Nov Update2018 Genivi Xen Overview Nov Update
2018 Genivi Xen Overview Nov Update
 
“Khronos Group Standards: Powering the Future of Embedded Vision,” a Presenta...
“Khronos Group Standards: Powering the Future of Embedded Vision,” a Presenta...“Khronos Group Standards: Powering the Future of Embedded Vision,” a Presenta...
“Khronos Group Standards: Powering the Future of Embedded Vision,” a Presenta...
 
LFCOLLAB15: Xen 4.5 and Beyond
LFCOLLAB15: Xen 4.5 and BeyondLFCOLLAB15: Xen 4.5 and Beyond
LFCOLLAB15: Xen 4.5 and Beyond
 
XDF18: Heterogeneous Real-Time SoC Software Architecture - Stefano Stabellini...
XDF18: Heterogeneous Real-Time SoC Software Architecture - Stefano Stabellini...XDF18: Heterogeneous Real-Time SoC Software Architecture - Stefano Stabellini...
XDF18: Heterogeneous Real-Time SoC Software Architecture - Stefano Stabellini...
 
W PROSTOCIE SIŁA - wirtualizacja sposobem na uproszczenie infrastruktury IT
W PROSTOCIE SIŁA - wirtualizacja sposobem na uproszczenie infrastruktury ITW PROSTOCIE SIŁA - wirtualizacja sposobem na uproszczenie infrastruktury IT
W PROSTOCIE SIŁA - wirtualizacja sposobem na uproszczenie infrastruktury IT
 
#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...
#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...
#OSSPARIS19: Construire des applications IoT "secure-by-design" - Thomas Gaza...
 
"Update on Khronos Standards for Vision and Machine Learning," a Presentation...
"Update on Khronos Standards for Vision and Machine Learning," a Presentation..."Update on Khronos Standards for Vision and Machine Learning," a Presentation...
"Update on Khronos Standards for Vision and Machine Learning," a Presentation...
 
HiPEAC 2022_Marcelo Pasin presentation
HiPEAC 2022_Marcelo Pasin presentationHiPEAC 2022_Marcelo Pasin presentation
HiPEAC 2022_Marcelo Pasin presentation
 
Xen Project Hypervisor for the Cloud
Xen Project Hypervisor for the CloudXen Project Hypervisor for the Cloud
Xen Project Hypervisor for the Cloud
 
Xen.org Overview 2009
Xen.org Overview 2009Xen.org Overview 2009
Xen.org Overview 2009
 

More from The Linux Foundation

ELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made Simple
The Linux Foundation
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
The Linux Foundation
 
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
The Linux Foundation
 
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
The Linux Foundation
 
XPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote:  Unikraft Weather ReportXPDDS19 Keynote:  Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather Report
The Linux Foundation
 
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
The Linux Foundation
 
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxXPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
The Linux Foundation
 
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
The Linux Foundation
 
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderXPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
The Linux Foundation
 
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
 OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making... OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
The Linux Foundation
 
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixXPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
The Linux Foundation
 
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdXPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
The Linux Foundation
 
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
The Linux Foundation
 
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DXPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
The Linux Foundation
 
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsXPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
The Linux Foundation
 
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
The Linux Foundation
 
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
The Linux Foundation
 
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
The Linux Foundation
 
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEXPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
The Linux Foundation
 
XPDDS19: Implementing AMD MxGPU - Jonathan Farrell, Assured Information Security
XPDDS19: Implementing AMD MxGPU - Jonathan Farrell, Assured Information SecurityXPDDS19: Implementing AMD MxGPU - Jonathan Farrell, Assured Information Security
XPDDS19: Implementing AMD MxGPU - Jonathan Farrell, Assured Information Security
The Linux Foundation
 

More from The Linux Foundation (20)

ELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made SimpleELC2019: Static Partitioning Made Simple
ELC2019: Static Partitioning Made Simple
 
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...
 
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...
 
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...
 
XPDDS19 Keynote: Unikraft Weather Report
XPDDS19 Keynote:  Unikraft Weather ReportXPDDS19 Keynote:  Unikraft Weather Report
XPDDS19 Keynote: Unikraft Weather Report
 
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...
 
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxXPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, Xilinx
 
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...
 
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, BitdefenderXPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
XPDDS19: Memories of a VM Funk - Mihai Donțu, Bitdefender
 
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
 OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making... OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...
 
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixXPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, Citrix
 
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdXPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltd
 
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...
 
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DXPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&D
 
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsXPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM Systems
 
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...
 
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...
 
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...
 
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSEXPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
XPDDS19: Core Scheduling in Xen - Jürgen Groß, SUSE
 
XPDDS19: Implementing AMD MxGPU - Jonathan Farrell, Assured Information Security
XPDDS19: Implementing AMD MxGPU - Jonathan Farrell, Assured Information SecurityXPDDS19: Implementing AMD MxGPU - Jonathan Farrell, Assured Information Security
XPDDS19: Implementing AMD MxGPU - Jonathan Farrell, Assured Information Security
 

Recently uploaded

Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the  Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the  Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
Zilliz
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 

Recently uploaded (20)

Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the  Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the  Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 

Xen Project 15 Years down the Line

  • 1. Xen Project 15 Years Down the Line: Thinking Outside of the Conceived Tech Comfort Zone
  • 2. Lars Kurth Community Manger, Xen Project Chairman, Xen Project Advisory Board Director, Open Source, Citrix Contributors Andrew Cooper: Committer, Xen Project ◉ Christopher Clark: Contributor, Xen Project Mihai Donțu: Chief Linux Officer, Bitdefender ◉ George Dunlap: Committer, Xen Project lars_kurth
  • 4. What is Xen and Xen Project? Versatile Virtualization Platform Designed to be a component in a SW stack Ease of use for end-users was never a design goal Xen Hypervisor = “Engine” Taken by integrators to build a product, service, … Analogy: integrators build a “car” with Xen as “engine” Xen Project Development community with several sub projects that develop technologies related to Xen – Hypervisor – PV Drivers – Unikernel related projects: MirageOS, Unikraft
  • 5. Rewind to the Beginning
  • 6. Original Use Cases Server Consolidation Co-located hosting facilities, Distributed web services Cloud Computing Secure Computing Platforms and Application Mobility High availability, Fault tolerance, Checkpointing
  • 7. Original Design Goals Modular architecture Via disaggregation Flexible architecture Via use of system services High degree of customisability Initial goal: server and possibility of desktop products
  • 8. OpenXT, SecureView (desktop, laptops, tablets) Defense Applications Unikernels Cyberchaff (HalVM) Defense Applications Xenon Hypervisor family, Magrana Server, … Cloud Computing Amazon Web Services, Tencent, Alibaba Cloud, Oracle Cloud, IBM SoftLayer, Rackspace, … Server Virtualization Linux Distros, Citrix Hypervisor, Huawei UVP, Oracle VM, XCP-ng ARLX/Virtuosity OA, Bromium uXen, Crucible Hypervisor Embedded Defense / Security Applications Embedded/ Automotive Virtuosity, XILINX Xen Zynq, Perseus, GlobalLogic Nautilus, EPAM Fusion General purpose desktop and mobile Virtualization XenClient, NxTop, Neosphere, Samsung, Qubes OS VMI Bitdefender, AIS, Zentific
  • 9. So, how did we get to such a diverse product eco-system?
  • 10. Strong Security mindset by main Xen Developers
  • 11. From the Beginning Disaggregation was part of the original Xen conception Influenced by microkernel thinking VMn Guest OS Applications VM0 (or Dom0) Dom0 Kernel Native Driver System Services XS TSDE Scheduler MMU Timers Interrupts
  • 12. From the Beginning Disaggregation was part of the original Xen conception Influenced by microkernel thinking VMn Guest OS Applications VM0 (or Dom0) Dom0 Kernel System Services XS TS Scheduler MMU Timers Interrupts Driver Domain Guest OS Native Driver Service Domain Guest OS System Services DE Disaggregate Disaggregate
  • 13. From the Beginning Disaggregation was part of the original Xen conception Influenced by microkernel thinking The PV protocols were specifically designed for untrusted backends and untrusted native device drivers Particularly the grant tables Security technologies were always in maintainers minds They were up-streamed without resistance Sometimes with a lot of support from maintainers
  • 14. Today: Used by … OpenXT, SecureView (desktop, laptops, tablets) Defense Applications Unikernels Defense Applications Xenon Hypervisor family, Magrana Server, … Cloud Computing Server Virtualization ARLX/Virtuosity OA, Crucible Hypervisor Embedded Defense / Security Applications Automotive Virtuosity, GlobalLogic Nautilus, EPAM Fusion General purpose desktop and mobile Virtualization Qubes OS VMI
  • 15. Tension: Core vs. non-Core Usage Many security technologies were not made easy to use Disaggregation is a good example Product schedule pressure, led to – Core team members choosing the quick to implement / more performant approach ➜ New features went into Dom0 first – Maintainers reviewing non-Core contributions: takes effort to understand and guide contributors to the best approach ➜ This did often not happen E.g. Xen has no build capability for disaggregated domains Led to duplication amongst vendors Increased the barrier to adoption for newcomers
  • 16. Strong Security Mindset Enabled non-Core Security Contributions
  • 17. From Military Clouds to Desktop/Tablet Use Cases on x86
  • 18. Xen Summit: 2007, New York, USA
  • 19. Xen Summit: 2007, New York, USA US DoD employees presented approaches to Apply EAL5 Common Criteria Security Clearance for Xen Xen Security Modules (XSM) EAL5 CC related research led to the Xenon Separation VMM family Today: widely used by DoD departments XSM was subsequently upstreamed Defense Applications Xenon Hypervisor family, Magrana Server, … Server Virtualization Linux Distros, Citrix Hypervisor, Huawei UVP, Oracle VM, XCP-ng
  • 20. 2012: The Xenon Separation VMM Secure virtualization infrastructure for military clouds (pdf) “ We reduce the size of the code base by dropping support for selected features that are not needed to run commodity operating systems, e.g. Windows 7 or Linux. Because the internal design and construction of the base Xen VMM is highly modular, removing some of the features does not disable any of the remaining features. The total effort required was about 3 engineers over a period of 2 years, and includes the effort of keeping up with the Xen community. ”
  • 21. x86: Desktop / Tablet Use Cases 2009: Virtual Computer releases NxTop 1.0 NxTop is the first of 3 Xen based client solutions Citrix and Neocleus release their first solutions in 2010 2012: Snowden-approved Qubes OS 1.0 releases Today, Qubes OS 4.0 is the first technology to use PVHv2 in production 2013: Citrix and DoD collaborate to create SecureView In 2015, XenClient is discontinued and released as OpenXT SecureView continues to be developed on top of OpenXT OpenXT, SecureView (desktop, laptops, tablets) Defense Applications General purpose desktop Virtualization XenClient, NxTop, Neosphere, Qubes OS
  • 22. Reflection Early & continued engagement of Security Researchers Security feature contributions before being productized Xen became an attractive platform for security research Enabler: The Xen community accepted contributions Modular Architecture Enabled specialised and certifiable products for defence use But: Innovations were not attempted to be up-streamed
  • 23. Reflection Attempts to commercialize Xen on Desktop Enabled a new products leveraging Xen’s security features They also relied on removing upstream Xen code (on x86) BUT: None of these Xen capabilities were used in Server/Cloud Related Story: GPU Passthrough & Virtualization Were developed for Desktop Use Cases on Xen TODAY: GPU Virtualization is widely used in Server/Cloud
  • 24. Virtual Machine Introspection: from Research to Commercial Server Products
  • 25. Georgia Tech: 2007, Atlanta, USA
  • 26. Georgia Tech: 2007, Atlanta, USA 2007: Virtual Machine Introspection for Xen hatched at Georgia Tech – 2003: Initial Research by Tal Garfinkel & Mendel Rosenblum – Bryan Payne created a project called XenAccess Later expanded scope to other hypervisors as LibVMI 2009: XenAccess and mem-events APIs were added Used for security research and specialist security apps Enabler: The project accepted these changes with active help from maintainers
  • 27. Commercial interest in VMI 2013 to 2015: Intel launched its Haswell & Broadwell CPUs Specifically VMFUNC, EPTP and #VE capabilities New HW capabilities of Haswell & Broadwell generated commercial interest in VMI by multiple vendors 2014 to 2015: The XenAccess and mem-events APIs were re-architected into the VMI subsystem In parallel: related companion technologies such as alt2pm are being developed
  • 28. Productization 2015 to 2016: Citrix and Bitdefender collaborated to bring VMI to market through XenServer 7.0 and Bidefender HVI Today: Similar products are available from AIS and Zentific Today: ongoing contributions by security vendors to alt2pm indicate future productization
  • 29. Reflection Few security features made it into Server/Cloud For example: VMI & Live Patching WHY? HW capabilities were not enough It was too early or the market wasn’t ready Example: Dynamic Root of Trust related technologies Complex and Use Case dependent Example: Xen Security Modules - requires Specialist expertise; configuration is Use Case dependent
  • 30. From Desktop / Mobile Use Cases to Embedded / Automotive
  • 32. Samsung releases Secure Xen on Arm port This Xen port used paravirtualization and was kept as a Xen fork hosted by the Xen Project as requested by Samsung 2008 to 2014: Samsung regularly shows Xen demos Dual mobile operating systems running on Samsung devices and later Nexus 10 Demos and presentations covered – Innovations in real-time capabilities based on Xen – GPU sharing technologies based on Xen 2008, Seoul, Korea
  • 33. This showed what is possible Inspiring others to investigate and research along similar lines
  • 35. 2012, Cambridge, UK Xen on Arm reboot Patches for upstream Xen on Arm support are posted Armv7 and v8 are fully supported upstream by March 2014 The primary motivation for this work was to target Arm based servers Developers learned from the earlier Arm port: – Clean and simple architecture – Perfect match between Xen and Arm ISA – Much smaller code size compared to Xen on x86
  • 36. Upstream support and simplicity of Arm port enabled embedded Use Cases on Arm
  • 37. The missing Evolutionary Link From x86 to Arm 2010: Dornerworks contributes the ARINC653 Scheduler Launches ARLX (initially for x86) taking a similar approach to Xenon 2014: Dornerworks pioneers safety certification for Xen OpenXT, SecureView (desktop, laptops, tablets) Defense Applications General purpose desktop Virtualization XenClient, NxTop, Neosphere, Qubes OS ARLX/Virtuosity OA, Crucible Hypervisor Embedded Defense / Security Applications
  • 38. A new Evolutionary Wave 2014: Xen moves into embedded and automotive The Xen Project launched an automotive initiative Xen based distros and products are being developed 2015: First automotive Xen based platform GlobalLogic introduces the Nautilus platform at CES 2015 2015: First embedded Arm-only Xen Distro Xen Zynq Distribution for XILINX The last few years: R&D Similar order of magnitude to earlier waves
  • 40. Sedimentation: Functionality implemented in Software being fully or partly implemented in Hardware Example: PV Interrupt and Timers ➜ using IO APIC and Posted Interrupts Silicon vendors have always worked closely with Xen Xen’s had a significant impact on virtualization related technology in Hardware I wanted to tell this story, but: It’s very difficult to explain And much of the work was performed under NDAs
  • 41. What have we learned? What can you learn from Xen?
  • 42. Culture enables Innovation Accept changes for non-Core Use Cases In our case this was not planned: we inherited the culture But: do not sacrifice due diligence and future-proofing Help people trying to adopt Xen for non-Core Use Cases We were bad at this until about 3 years ago Work with new ideas, forks and distributions Developer Events: allow air-time for new ideas Forks are not always bad: Samsung fork hosted by us OpenXT (distro): close collaboration is key
  • 43. Process enables Innovation Feature/Configuration Classification Experimental ➜ Tech Preview ➜ Supported Marked non-Core functionality as Experimental or Preview Maintainership Contributors need to step up for larger non-Core Features Proves longer term commitment by the contributor Deprecation of Features Intent to deprecate is announced on list: identify objections Remove non-core Features, if stale or not used
  • 44. Tension need to be Managed Vendors have different Priorities These can lead to conflicts Non-Core vs. Core arguments can be ugly Active community management is required New Processes can lead to Tensions Security Vulnerability Management led to problems Who deals with a Vulnerability in non-Core code? We didn’t understand this ➜ created tension and rejection of non-Core features until we modified the process
  • 45. Process enables Innovation Security Support The security team does not handle non-Core Vulnerabilities – Supported Feature without Security Support – Delegated Security Support (e.g. ARINC653 scheduler) KCONFIG based Configuration Management Larger non-core features are build or run-time disabled Subprojects as incubators for New Ideas Can be used to foster innovation on the periphery Examples: MirageOS, Automotive Project, Unikraft