LCEU14: Integrating Linux and the Real-Time ERIKA OS Through the Xen Hypervis...The Linux Foundation
Modern cars, as well as aircrafts, are equipped not only with more and more complex control systems, but also with increasingly advanced user interfaces and infotainment systems. The growing computational demand of these applications can now be met only with multi-core systems, which are actually supplanting single-core ones. Also, safety-critical and non-safety-critical components must be isolated from each other. In this presentation we show a double-OS system, running on a dual-core ARM platform and using the Xen hypervisor to run, in two isolated domains, (1) the automotive-grade ERIKA Enterprise OS, a small-footprint real-time OS suitable for safety-critical control tasks, and (2) a full-featured Linux OS, which is then able to support any complex user interface or multimedia service. The system also provides a basic, safe communication mechanism between the two operating systems.
Xen, XenServer, and XAPI: What’s the Difference?-XPUS13 Bulpin,PavlicekThe Linux Foundation
Many people have difficulty understanding the difference between the Xen Hypervisor, XenServer, and XAPI. In this session, James Bulpin, Director of Technology for XenServer, and Russell Pavlicek, Evangelist for the Xen Project, will attempt to clarify what each project is, what it does, and how it compares with the others. We will cover some of the basic features and functions, the tasks for which each is suitable, and where the projects overlap. Attendees will come away with a better sense of where these three projects fit in the world of Xen virtualization.
Linaro Connect Asia 13 : Citrix - Xen on ARM plenary sessionThe Linux Foundation
The Xen on ARM effort has had a short, but impressive, history. In late 2011, Citrix seeded a Xen.org community project to port Xen to ARMv7 with virtualization extensions targeting the Cortex A15 as the reference platform. In 2012, the project scope was expanded to include the ARMv8 architecture. Linux 3.7 was the first kernel release to run on Xen on ARM as Dom0 and DomU. Very soon now (Q2 2013), Xen 4.3 will fully support several different ARM platforms, including Samsung Chromebooks, Versatile Express Cortex A15 and Arndale development boards.
In this talk, we will outline how virtualization enabled server consolidation and cloud computing, as well as innovative and secure solutions for both desktops and mobile devices. We will explain why Citrix saw the need for the project, and why it is highly relevant in today’s cloud-centric virtualization landscape. We will discuss the opportunities this has brought to the Xen ecosystem, and then peek into the future possibilities which Xen on ARM will enable. While Xen is best known as technology powering some of the biggest clouds in the industry, but could also be powering virtual machines on devices that fit in your pocket.
The talk will also include a brief overview of the Xen on ARM architecture, including the key design principles employed. The techniques pioneered during the ARM port will allow the Xen community to remove many legacy components from the Xen code base, streamlining both the ARM and x86 implementations. We will share some data on the challenges in porting Xen to new ARM boards. Due to full reliance on Device Tree and to the minimal hardware requirements of the hypervisor, ports to new boards require surprisingly little effort.
Finally, the talk will conclude by outlining the immediate roadmap for Xen on ARM.
LCEU13: Securing your cloud with Xen's advanced security features - George Du...The Linux Foundation
Xen is a mature enterprise-grade virtual machine with many advanced security features which are unique to Xen. For this reason it's the hypervisor of choice for the NSA, the DoD, and the new QubesOS Secure Desktop project. While much of the security of Xen is inherent in its design, many of the advanced security features, such as stub domains, driver domains, XSM, and so on are not enabled by default. This session will describe all of the advanced security features of Xen, and the best way to configure them for the Cloud environment. When the audience leaves, they should have a general framework to evaluate the security of their system, know the key security features of Xen, and have a basic framework of knowledge to help them make sense of the documentation. This talk will *not* go into mind-numbing detail about specific commands to type or configuration options.
LCEU14: Integrating Linux and the Real-Time ERIKA OS Through the Xen Hypervis...The Linux Foundation
Modern cars, as well as aircrafts, are equipped not only with more and more complex control systems, but also with increasingly advanced user interfaces and infotainment systems. The growing computational demand of these applications can now be met only with multi-core systems, which are actually supplanting single-core ones. Also, safety-critical and non-safety-critical components must be isolated from each other. In this presentation we show a double-OS system, running on a dual-core ARM platform and using the Xen hypervisor to run, in two isolated domains, (1) the automotive-grade ERIKA Enterprise OS, a small-footprint real-time OS suitable for safety-critical control tasks, and (2) a full-featured Linux OS, which is then able to support any complex user interface or multimedia service. The system also provides a basic, safe communication mechanism between the two operating systems.
Xen, XenServer, and XAPI: What’s the Difference?-XPUS13 Bulpin,PavlicekThe Linux Foundation
Many people have difficulty understanding the difference between the Xen Hypervisor, XenServer, and XAPI. In this session, James Bulpin, Director of Technology for XenServer, and Russell Pavlicek, Evangelist for the Xen Project, will attempt to clarify what each project is, what it does, and how it compares with the others. We will cover some of the basic features and functions, the tasks for which each is suitable, and where the projects overlap. Attendees will come away with a better sense of where these three projects fit in the world of Xen virtualization.
Linaro Connect Asia 13 : Citrix - Xen on ARM plenary sessionThe Linux Foundation
The Xen on ARM effort has had a short, but impressive, history. In late 2011, Citrix seeded a Xen.org community project to port Xen to ARMv7 with virtualization extensions targeting the Cortex A15 as the reference platform. In 2012, the project scope was expanded to include the ARMv8 architecture. Linux 3.7 was the first kernel release to run on Xen on ARM as Dom0 and DomU. Very soon now (Q2 2013), Xen 4.3 will fully support several different ARM platforms, including Samsung Chromebooks, Versatile Express Cortex A15 and Arndale development boards.
In this talk, we will outline how virtualization enabled server consolidation and cloud computing, as well as innovative and secure solutions for both desktops and mobile devices. We will explain why Citrix saw the need for the project, and why it is highly relevant in today’s cloud-centric virtualization landscape. We will discuss the opportunities this has brought to the Xen ecosystem, and then peek into the future possibilities which Xen on ARM will enable. While Xen is best known as technology powering some of the biggest clouds in the industry, but could also be powering virtual machines on devices that fit in your pocket.
The talk will also include a brief overview of the Xen on ARM architecture, including the key design principles employed. The techniques pioneered during the ARM port will allow the Xen community to remove many legacy components from the Xen code base, streamlining both the ARM and x86 implementations. We will share some data on the challenges in porting Xen to new ARM boards. Due to full reliance on Device Tree and to the minimal hardware requirements of the hypervisor, ports to new boards require surprisingly little effort.
Finally, the talk will conclude by outlining the immediate roadmap for Xen on ARM.
LCEU13: Securing your cloud with Xen's advanced security features - George Du...The Linux Foundation
Xen is a mature enterprise-grade virtual machine with many advanced security features which are unique to Xen. For this reason it's the hypervisor of choice for the NSA, the DoD, and the new QubesOS Secure Desktop project. While much of the security of Xen is inherent in its design, many of the advanced security features, such as stub domains, driver domains, XSM, and so on are not enabled by default. This session will describe all of the advanced security features of Xen, and the best way to configure them for the Cloud environment. When the audience leaves, they should have a general framework to evaluate the security of their system, know the key security features of Xen, and have a basic framework of knowledge to help them make sense of the documentation. This talk will *not* go into mind-numbing detail about specific commands to type or configuration options.
XPDS14: Xen and the Art of Certification - Nathan Studer & Robert VonVossen, ...The Linux Foundation
With the rapid growth in computing power of embedded platforms, system designers are turning to hypervisors to consolidate functionality in order to reduce the Size, Weight, Power, and Cost of embedded systems. With the recent addition of ARM support to the Xen hypervisor, Xen provides an attractive Open Source option for such systems. However, some of the industries most interested in this technology, such as automotive, medical, and avionics, have strict safety certification requirements. Nathan Studer will give a brief overview on DornerWorks efforts certifying Xen, describe the hurdles and advantages that Xen and its development model lend to the certification effort, and layout a proposed path for certifying Xen.
How we collaborated with the CentOS and Xen projects to build a next-generation platform at Go Daddy. Discussion of the design considerations, infrastructure, succes stories and challenges of this paradigm change
It is no accident that Xen software powers some of the largest Clouds in existence. From its outset, the Xen Project was intended to enable what we now call Cloud Computing. This session will explore how the Xen Architecture addresses the needs of the Cloud in ways which facilitate security, throughput, and agility. It will also cover some of the hot new developments of the Xen Project.
This talk provides an overview of the Xen Project eco-system and its main use-cases in a number of important market segments: it covers server virtualization, cloud computing and embedded, automotive and related. Lars Kurth highlights why the Xen Project is relevant in these market segments: he provides an overview of the Xen Project's architecture, relevant existing functionality and ongoing and planned developments. To complement the picture, he covers open-source projects that are related to Xen and are of interest for these use-cases. Excellent Software security is key to all of these use-cases. Thus, Lars specifically covers the Xen Project's security features, track record and touches on the project's security practices. He concludes with a few resources that help you get started with the Xen Project and highlight Internship Programs which the project supports.
The talk was delivered at Root Linux Conference 2017. Learn more: http://linux.globallogic.com/materials. The video is available at https://www.youtube.com/watch?v=sjQnAIJji4k
Rackspace has years of experience with running Xen at scale, starting with Xen and migrating to XenServer. We will share why we use Xen/XenServer along with some of the issues that we've experienced. We will touch on our experience with migrating from Xen to XenServer and the challenges there. We will share information about Rackspace Cloud Servers architecture, and touch briefly on OpenStack when doing so. We will explain how we use Xen to quickly deploy new Openstack services with what we call Nova on Nova. And finally, we will discuss what additional features and improvements are needed and why.
Linuxcon EU : Virtualization in the Cloud featuring Xen and XCPThe Linux Foundation
The Xen Hypervisor was built for the Cloud from the outset: when Xen was designed, we anticipated a world, which today is known as cloud computing. Today, Xen powers the largest clouds in production. This talk explores success criteria, architecture, trade-offs and challenges for cloudy hypervisors.
It is intended for users and developers and starts with a brief introduction to Xen and XCP, their architecture, shine some light on common challenges for KVM and Xen, such as the NUMA performance tax and securing the cloud. It will introduce the concept of domain disaggregation as an approach to increase security, robustness and scalability: all important factors for building clouds at scale. The talk will conclude with an update on Xen support in Linux, Xen for ARM servers and other exciting developments in the Xen community and their implications for building open source clouds.
Delivered by Russell Pavlicek at CentOS Dojo, Denver, CO, April 10. 2014.
A basic introduction to Xen4CentOS: What it provides, how to install it, and where it is going.
The 4.5 release no a minor "point" update: it is one of the most feature-rich releases in the project's history. It contains several important additions. Most notably, new Xen PVH virtualization mode now supports running as dom0, enhanced support for Remus, significant ARM architecture updates, security improvements, real-time scheduling, support for Intel Cache Monitoring Technology (CMT), as well as improvements for automotive and embedded use-cases. Other enhancements include additional support for FreeBSD, systemd support, additional libvirt support, the release of Mirage OS 2.0, and more.
Besides giving an overview of Xen 4.5, we will explain the project's roadmap process and share what's ahead for 2015: such as improved OpenStack integration and hotpatching (applying security fixes without the need to reboot).
LF Collaboration Summit: Xen Project 4 4 Features and FuturesThe Linux Foundation
Xen Project 4.4 Release Information.
Delivered by Russell Pavlicek at Linux Foundation Collaborative Summit on March 27, 2014.
Updated for LinuxCon/CloudOpen North America in August 2014.
Google uses virtualization for internal corporate infrastructure. As part of this, we have developed a number of tools, some open source, for managing the Xen deployment. The talk will describe the technical infrastructure used, the internal workflows and machine management processes, and the specific use-cases for virtualization.
XPDS13: Erlang on Xen - Redefining the Cloud Software Stack - Victor Sovietov...The Linux Foundation
Today the software stack inside cloud instances closely follows the traditional pattern, the pattern optimised for a completely different settings. The emerging OS-less software technologies promise to radically simplify the software inside virtual servers. Erlang on Xen is one of such technologies. It is a highly-compatible reimplementation of the Erlang VM that run directly on Xen. The super-elastic services based on Erlang on Xen adhere to 7 'commandments': 1) Do not assume the presence of OS underneath; 2) Software must be oblivious to boundaries of physical nodes 3) All services share the same auto-scalable infrastructure 4) Run computations near the data they process 5) Child nodes get configuration from the parent only 6) Avoid “administration” at all costs 7) SMP is abomination of cloud computing.
XPDS14: Xen and the Art of Certification - Nathan Studer & Robert VonVossen, ...The Linux Foundation
With the rapid growth in computing power of embedded platforms, system designers are turning to hypervisors to consolidate functionality in order to reduce the Size, Weight, Power, and Cost of embedded systems. With the recent addition of ARM support to the Xen hypervisor, Xen provides an attractive Open Source option for such systems. However, some of the industries most interested in this technology, such as automotive, medical, and avionics, have strict safety certification requirements. Nathan Studer will give a brief overview on DornerWorks efforts certifying Xen, describe the hurdles and advantages that Xen and its development model lend to the certification effort, and layout a proposed path for certifying Xen.
How we collaborated with the CentOS and Xen projects to build a next-generation platform at Go Daddy. Discussion of the design considerations, infrastructure, succes stories and challenges of this paradigm change
It is no accident that Xen software powers some of the largest Clouds in existence. From its outset, the Xen Project was intended to enable what we now call Cloud Computing. This session will explore how the Xen Architecture addresses the needs of the Cloud in ways which facilitate security, throughput, and agility. It will also cover some of the hot new developments of the Xen Project.
This talk provides an overview of the Xen Project eco-system and its main use-cases in a number of important market segments: it covers server virtualization, cloud computing and embedded, automotive and related. Lars Kurth highlights why the Xen Project is relevant in these market segments: he provides an overview of the Xen Project's architecture, relevant existing functionality and ongoing and planned developments. To complement the picture, he covers open-source projects that are related to Xen and are of interest for these use-cases. Excellent Software security is key to all of these use-cases. Thus, Lars specifically covers the Xen Project's security features, track record and touches on the project's security practices. He concludes with a few resources that help you get started with the Xen Project and highlight Internship Programs which the project supports.
The talk was delivered at Root Linux Conference 2017. Learn more: http://linux.globallogic.com/materials. The video is available at https://www.youtube.com/watch?v=sjQnAIJji4k
Rackspace has years of experience with running Xen at scale, starting with Xen and migrating to XenServer. We will share why we use Xen/XenServer along with some of the issues that we've experienced. We will touch on our experience with migrating from Xen to XenServer and the challenges there. We will share information about Rackspace Cloud Servers architecture, and touch briefly on OpenStack when doing so. We will explain how we use Xen to quickly deploy new Openstack services with what we call Nova on Nova. And finally, we will discuss what additional features and improvements are needed and why.
Linuxcon EU : Virtualization in the Cloud featuring Xen and XCPThe Linux Foundation
The Xen Hypervisor was built for the Cloud from the outset: when Xen was designed, we anticipated a world, which today is known as cloud computing. Today, Xen powers the largest clouds in production. This talk explores success criteria, architecture, trade-offs and challenges for cloudy hypervisors.
It is intended for users and developers and starts with a brief introduction to Xen and XCP, their architecture, shine some light on common challenges for KVM and Xen, such as the NUMA performance tax and securing the cloud. It will introduce the concept of domain disaggregation as an approach to increase security, robustness and scalability: all important factors for building clouds at scale. The talk will conclude with an update on Xen support in Linux, Xen for ARM servers and other exciting developments in the Xen community and their implications for building open source clouds.
Delivered by Russell Pavlicek at CentOS Dojo, Denver, CO, April 10. 2014.
A basic introduction to Xen4CentOS: What it provides, how to install it, and where it is going.
The 4.5 release no a minor "point" update: it is one of the most feature-rich releases in the project's history. It contains several important additions. Most notably, new Xen PVH virtualization mode now supports running as dom0, enhanced support for Remus, significant ARM architecture updates, security improvements, real-time scheduling, support for Intel Cache Monitoring Technology (CMT), as well as improvements for automotive and embedded use-cases. Other enhancements include additional support for FreeBSD, systemd support, additional libvirt support, the release of Mirage OS 2.0, and more.
Besides giving an overview of Xen 4.5, we will explain the project's roadmap process and share what's ahead for 2015: such as improved OpenStack integration and hotpatching (applying security fixes without the need to reboot).
LF Collaboration Summit: Xen Project 4 4 Features and FuturesThe Linux Foundation
Xen Project 4.4 Release Information.
Delivered by Russell Pavlicek at Linux Foundation Collaborative Summit on March 27, 2014.
Updated for LinuxCon/CloudOpen North America in August 2014.
Google uses virtualization for internal corporate infrastructure. As part of this, we have developed a number of tools, some open source, for managing the Xen deployment. The talk will describe the technical infrastructure used, the internal workflows and machine management processes, and the specific use-cases for virtualization.
XPDS13: Erlang on Xen - Redefining the Cloud Software Stack - Victor Sovietov...The Linux Foundation
Today the software stack inside cloud instances closely follows the traditional pattern, the pattern optimised for a completely different settings. The emerging OS-less software technologies promise to radically simplify the software inside virtual servers. Erlang on Xen is one of such technologies. It is a highly-compatible reimplementation of the Erlang VM that run directly on Xen. The super-elastic services based on Erlang on Xen adhere to 7 'commandments': 1) Do not assume the presence of OS underneath; 2) Software must be oblivious to boundaries of physical nodes 3) All services share the same auto-scalable infrastructure 4) Run computations near the data they process 5) Child nodes get configuration from the parent only 6) Avoid “administration” at all costs 7) SMP is abomination of cloud computing.
The SlideShare 101 is a quick start guide if you want to walk through the main features that the platform offers. This will keep getting updated as new features are launched.
The SlideShare 101 replaces the earlier "SlideShare Quick Tour".
Kernel Recipes 2014 - Xen as a foundation for cloud infrastructureAnne Nicolas
It is no accident that Xen software powers some of the largest Clouds in existence. From its outset, the Xen Project was intended to enable what we now call Cloud Computing.
This session will explore how the Xen Architecture addresses the needs of the Cloud in ways which facilitate security, throughput, and agility. It will also cover some of the hot new developments of the Xen Project.
Julien Grall, Citrix
The Xen Hypervisor was built for the Cloud from the outset: when Xen was designed, we anticipated a world, which today is known as cloud computing. Today, 10 years after the project started, Xen powers the largest clouds in production.
This talk explores success criteria, architecture, trade-offs and challenges for cloudy hypervisors. It is intended for users and developers and starts with a brief introduction to Xen and XCP, their architecture, common challenges for KVM and Xen and securing the cloud. It will introduce concepts such as the virtualization spectrum, the concept of domain disaggregation and the Xen Security Modules as techniques to increase security, robustness and scalability. All important factors for building clouds at scale.
The talk will conclude with exciting developments in the Xen community, such as Xen support for ARM servers, Mirage appliances that can be run on any Xen based cloud, etc. and explore their implications for building open source clouds.
"Xen Cloud Platform”, Mike McClurg, Senior Engineer, Xen.org Engineering
The Xen Cloud Platform is an open-source, enterprise-ready server virtualization platform. It is based on the Xen hypervisor, and represents the common code base for Citrix's XenServer product line. This presentation gives an introduction to XCP, and how it relates to both the Xen hypervisor and to Citrix's XenServer. It covers XCP's XenAPI and how it can be used by two of the most popular cloud orchestration frameworks, CloudStack and OpenStack. Finally, it discusses the XCP "roadmap," and the plans for the future of XCP.
Crash Course on Open Source Cloud ComputingMark Hinkle
Fourth update to these slides, still working on them but wanted them to be available for CloudCamp RTP
Updates:
- Appliance Creation Tools
- OVF
- Added Bitnami, Boxgrinder, SuseStudio
- Removed marginal tools for Cloud (BFCG2, OpenNMS)
- Added logstash
XDF18: Heterogeneous Real-Time SoC Software Architecture - Stefano Stabellini...The Linux Foundation
Hypervisors are key to enable mixed-criticality systems: a critical workload, typically with real-time requirements, running alongside a larger operating system, such as Linux. The interrupt latency needs to be deterministic, and the boot time of the critical function only a fraction of a second. Hypervisors are also the enabling technology to securely deploy new customers apps at runtime, without affecting system safety.
This presentation will give an overview of hypervisor technologies for Xilinx platforms. It will introduce the most recent developments of the Xen hypervisor, including the "null" scheduler and dom0less, and it will explain how to make use of the new features to best configure Xen for embedded environments.
Static partitioning is used to split an embedded system into multiple domains, each of them having access only to a portion of the hardware on the SoC. It is key to enable mixed-criticality scenarios, where a critical application, often based on a small RTOS, runs alongside a larger non-critical app, typically based on Linux. The two domains cannot interfere with each other.
This talk will explain how to use Xen for static partitioning. It will introduce dom0-less, a new Xen feature written for the purpose. Dom0-less allows multiple VMs to start at boot time directly from the Xen hypervisor, decreasing boot times drastically. It makes it very easy to partition the system without virtualization overhead. Dom0 becomes unnecessary.
This presentation will go into details on how to setup a Xen dom0-less system. It will show configuration examples and explain device assignment. The talk will discuss its implications for latency-sensitive and safety-critical environments.
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...The Linux Foundation
TrenchBoot is a cross-community OSS integration project for hardware-rooted, late launch integrity of open and proprietary systems. It provides a general purpose, open-source DRTM kernel for measured system launch and attestation of device integrity to trust-centric access infrastructure. TrenchBoot closes the UEFI Measurement Gap and reduces the need to trust system firmware. This talk will introduce TrenchBoot architecture and a recent collaboration with Oracle to launch the Linux kernel directly with Intel TXT or AMD SVM Secure Launch. It will propose mechanisms for integrating the Xen hypervisor into a TrenchBoot system launch. DRTM-enabled capabilities for client, server and embedded platforms will be presented for consideration by the Xen community.
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...The Linux Foundation
Artem will briefly cover what has been done since the first talk on Xen in Automotive domain back in 2013, what is going on now and what is still missing for broad adaptation of Xen in vehicles. The following topics will be covered:
Embedded/automotive features of Xen
Collaboration with AGL and GENIVI organizations for standardization
Efforts on Functional Safety compliance
Artem will also go over typical automotive use scenarios for Xen which may not be the same as generic computing use of hypervisor.
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...The Linux Foundation
In this keynote talk, we will give an overview of the state of the Xen Project, trends that impact the project, see whether challenges that surfaced last year have been addressed and how we did it, and highlight new challenges and solutions for the coming year.
In recent years unikernels have shown immense performance potential (e.g., boot times of only a few ms, image sizes of only hundreds of KBs).The fundamental drawback of unikernels is that they require that applications be manually ported to the underlying minimalistic OS, needing both expert work and often considerable amount of time.
The Unikraft project provides a unikernel code base and build system that significantly simplifies the building of unikernels. In addition to support for a number CPU architectures, languages and frameworks, Unikraft provides debugging and tracing features that are generally sorely missing from unikernel projects. In this talk we will talk about these features, show a set of preliminary performance numbers, and provide a roadmap for the project's future.
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...The Linux Foundation
The idea of making Xen secret-free has been floating since Spectre and Meltdown came into light. In this talk we will discuss what is being done and what needs to be done next.
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxThe Linux Foundation
This talk will introduce Dom0-less: a new way of using Xen to build mixed-criticality solutions. Dom0-less is a Xen feature that adds a novel approach to static partitioning based on virtualization. It allows multiple domains to start at boot time directly from the Xen hypervisor, decreasing boot times dramatically. Xen userspace tools, such as xl and libvirt, become optional.
Dom0-less extends the existing device tree based Xen boot protocol to cover information required by additional domains. Binaries, such as kernels and ramdisks, are loaded by the bootloader (u-boot) and advertised to Xen via new device tree bindings.
The audience will learn how to use Dom0-less to partition the system. Uboot and device tree configuration details will be explained to enable the audience to get the most out of this feature. The talk will include a status update and details on future plans.
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...The Linux Foundation
As the number of contributions grow, reviewer bandwidth becomes a bottleneck; and maintainers are always asking for more help. However, ultimately maintainers must at least Ack every patch that goes in; so if you're not a maintainer, how can you contribute? Why should anyone care about your opinion?
This talk will try to lay out some advice and guidelines for non-maintainers, for how they can do code review in a way which will effectively reduce the load on maintainers when they do come to review a patch.
This talk is a follow-up to our Summit 2017 presentation in which we covered our plans for Intel VMFUNC and #VE, as well as related use-cases. This year, we will provide a report on what we have accomplished in Xen 4.12, and what remains to be addressed. We will also give a brief status update of VMI on AMD hardware. The session will end with some real-world numbers of the Hypervisor Introspection solution running on Citrix Hypervisor 8.0 with #VE enabled.
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...The Linux Foundation
Safety certification is one of the essential requirements for software to be used in highly regulated industries. Besides technical and compliance issues (such as ISO 26262 vs IEC 611508) transitioning an existing project to become more easily safety certifiable requires significant changes to development practices within an open source project.
In this session, we will lay out some challenges of making safety certification achievable in open source and the Xen Project. We will outline the process the Xen Project has followed thus far and highlight lessons learned along the way. The talk will primarily focus on necessary process, tooling changes and community challenges that can prevent progress. We will be offering an in-depth review of how Xen Project is approaching this challenging goal and try to derive lessons for other projects and contributors.
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...The Linux Foundation
Safety certification is one of the essential requirements for software to be used in highly regulated industries. The Xen Project, a secure and stable hypervisor that is used in many different markets, has been exploring the feasibility of building safety certified products on top of Xen for a year, looking at key aspects of its code base and development practices.
In this session, we will lay out the motivation and challenges of making safety certification achievable in open source and the Xen Project. We will outline the process the project has followed thus far and highlight lessons learned along the way. The talk will cover technical enablers, necessary process and tooling changes and community challenges offering an in-depth review of how Xen Project is approaching this exciting and and challenging goal.
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixThe Linux Foundation
2018 saw fundamental shifts in security boundaries which were previously taken for granted. A lot of work has been done in the past 2 years, and largely in secret under embargo, but there is plenty more work to be done to strengthen the existing mitigations and to try to recover some performance without reopening security holes.
This talk will look at speculative execution sidechannels, the work which has already been done to mitigate the security holes, and future work which hopes to bring some improvements.
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdThe Linux Foundation
The Arm architecture provides a set of guidelines that any software should abide by when accessing the memory with MMU off and update page-tables. Failing to do so may result in getting TLB conflicts or breaking coherency.
In a previous talk ("Keeping coherency on Arm"), we focused on updating safely the stage-2 (aka P2M) page-tables. This talk will focus on the boot code and Xen memory management.
During this session, we will introduce some of the guidelines and when they should be used. We will also discuss how Xen boot sequence needs to be reworked to avoid breaking the guidelines.
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...The Linux Foundation
For many years the QEMU codebase has contained PV backends for Xen guests, giving them paravirtual access to storage, network, keyboard, mouse, etc. however these backends have not been configurable as QEMU devices as their implementation did not fully adhere to the QEMU Object Model (QOM).
Particularly the PV storage backend not using proper QOM devices, or qdevs, meant that the QEMU block layer needed to maintain legacy code that was cluttering up the source. This was causing push-back from the maintainers who did not want to accept any patches relating to that Xen backend until it was 'qdevified'.
In this talk, I'll explain the modifications I made to QEMU to achieve 'qdevification' of the PV storage backend, how compatibility with the libxl toolstack was maintained, and what the next steps in both QEMU and libxl development should be.
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DThe Linux Foundation
PCI is a local computer bus for attaching hardware devices in a computer, and is the main peripheral bus on modern x86 systems. As such, having a proper way to emulate it is crucial for Xen to be able to expose both fully emulated devices or passthrough devices to guests.
This talk will focus on the current status of PCI emulation in Xen, how and where it is used, what are its main limitations and future plans to improve it in order to be more robust and modular.
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsThe Linux Foundation
Volodymyr will speak about TEE mediators. This is a new feature in Xen which allows multiple virtual machines to interact with Trusted Execution Environment available on platform. He developed mediator for one of TEEs, namely OP-TEE.
He will give background information on why TEE is needed at all and share some implementation details.
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...The Linux Foundation
Xen is a very powerful hypervisor with a talented and diverse developers community. Despite the fact it's almost everywhere (from the Cloud to the embedded world), it can be difficult to set up and manage as a system administrator. General purpose distros have Xen packages, but that's just a start in your Xen journey: you need some tooling and knowledge to have a working and scalable platform.
XCP-ng was built to overcome those issues: by bringing Xen to the masses with a fully turnkey distro with Xen as its core. It's the logical sequel to the XCP project, with a community focus from the start. We'll see how it happened, what we did, and what's next. Finally, we'll see the impact of XCP-ng on the Xen Project.
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...The Linux Foundation
Doug has long advocated for more CI/CD (Continuous Integration / Continuous Delivery) processes to be adopted by the Xen Project from the use of Travis CI and now GitLab CI. This talk aims to propose ideas for building upon the existing process and transforming the development process to provide users a higher quality with each release by the Xen Project.
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...The Linux Foundation
High level toolstacks for server and cloud virtualization are very mature with large communities using and supporting them. Client virtualization is a much more niche community with unique requirements when compared to those found in the server space. In this talk, we’ll introduce a client virtualization toolstack for Xen (redctl) that we are using in Redfield, a new open-source client virtualization distribution that builds upon the work done by the greater virtualization and Linux communities. We will present a case for maturing libxl’s Go bindings and discuss what advantages Go has to offer for high level toolstacks, including in the server space.
Today Xen is scheduling guest virtual cpus on all available physical cpus independently from each other. Recent security issues on modern processors (e.g. L1TF) require to turn off hyperthreading for best security in order to avoid leaking information from one hyperthread to the other. One way to avoid having to turn off hyperthreading is to only ever schedule virtual cpus of the same guest on one physical core at the same time. This is called core scheduling.
This presentation shows results from the effort to implement core scheduling in the Xen hypervisor. The basic modifications in Xen are presented and performance numbers with core scheduling active are shown.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
3. • Linux user since 1995; Linux desktop since 1997
• Linux advocate before I ever saw the software
• Early Linux advocate at Digital Equipment Corporation, Compaq
• Former FOSS columnist for Infoworld, Processor magazines
• Former panelist on The Linux Show webcast
• Wrote book, Embracing Insanity: Open Source Software Development (2000)
• Speaker at 50+ Open Source conferences
• Became Xen Project Evangelist employed by Citrix in January 2013
• Formerly with Cassatt Corporation in San Jose, cloud startup (2004-2009)
About the Speaker...
4. About the Xen Project Stack
• The main components:
– Xen Project Hypervisor, the central FOSS project
– Xen Project API, the Cloud enabled subproject
• Better known as “XAPI”
– Xen Project is a Linux Foundation Collaborative Project
– These are the subjects of this talk
• And then there’s:
– XenServer, a popular Xen Project-based product
• Was partially closed source; open-sourced by Citrix in 2013
6. IT Before the Cloud
• Stability is Paramount
– The value of IT to the corporation is consistent service availability
– Service capacity specified a year or more in advance
– What’s up, stays up
• Change is Bad
– Change to status quo is disruptive and dangerous
– Changes are beaten into submission until they become part of
the new status quo – and then they are no longer changes
7. IT Reinvented in the Cloud
• Availability of Services is Paramount
– The value of IT to the corporation is consistent service availability
at levels matching dynamic business demand
– Service capacity must move with business needs
– What’s up when depends on what’s needed when
• Change is Good
– Services must change to cover the needs of the moment
– Lack of change = lack of value
8. Cloud 101: Layers of the Cloud
App
Operating System Layer
Virtualization Layer
Cloud Orchestration Layer
9. Virtualization in the Cloud
• It must be stable
• It must be secure
• It must be configurable on a large scale
– The “user at machine” paradigm does not work
– If it requires a mouse, you’re in trouble
• It must take orchestration (APIs, command line)
• It must be multi-tenant
• It must not lock you into one concept or provider of Cloud
10. Xen Project: Highly Stable
• Solid track record
–Amazon’s AWS cloud business uses Xen Project
–Verizon launched a new Xen Project-based cloud
• Linux Foundation Project Partners:
–Amazon, AMD, ARM, CA, Cisco, Citrix,
Google, Intel, NetApp, Oracle, Rackspace,
Verizon, and more
11. Xen Project: Highly Secure
• SELINUX
• FLASK
– SELINUX capabilities at the VM level by the same team
• Disaggregation
– Segment device drivers into discrete VMs
• Architectural advantages of a Type-1 Hypervisor
– See the slides of my Advanced Security talk on XenProject.org or
join us on September 15 in New York City for User Summit
12. Xen Project: Configurable at Scale
• Toolstacks give rich API and command line capabilities
• Not GUI-centric
• Empowers orchestration via scripting, power tools (Puppet,
Chef, etc.), GUIs (XenServer’s XenCenter, Xen Orchestra,
etc.), and Cloud layers (OpenStack, CloudStack, Open
Nebula, etc.)
13. Single Host
Basic Functions
Multiple Hosts
Additional Functionality
Xen Project: Rich Toolstacks
Increased level of functionality and integration with other components
Default / XL (XM)Toolstack / Console Libvirt / VIRSH XAPI / XE
Hypervisor
Single Host
Additional Functionality
Xen Project Hypervisor
14. 14
Xen Project: Tools for Different Solutions
Increased level of functionality and integration with other components
Default / XL (XM)Toolstack / Console Libvirt / VIRSH
Products Oracle VM Huawei UVP XenServer
Project
XAPI / XE
Xen Project Hypervisor
15. 15
Xen Project: Tools for Different Clouds
Increased level of functionality and integration with other components
Default / XL (XM)Toolstack / Console Libvirt / VIRSH
Used by …
Project
XAPI / XE
Products Oracle VM Huawei UVP XenServer
Xen Project Hypervisor
16. Xen Project: A Multi-tenant Solution
• Multiple groups share common resources securely
– Clouds require sharing common resources
– Organizations often need their VMs to be visible to each other,
but entirely invisible to all other VMs
– XAPI makes this happen
– Critical ability for hosting providers
17. Xen Project: Doesn’t lock you in
• Xen Project does not force its view of the Cloud on you
• Xen Project does not force you to use a “favored” Cloud
solution
• This is one of the reasons why Cloud innovation happens in
the world of FOSS: It gives power to the Cloud, but allows
Cloud orchestration solutions to innovate
• There is no attempt to bend your efforts to the will of
some corporate business plan
20. • See the following teams on the new XenProject.org site:
– Hypervisor
– XAPI
– ARM Hypervisor (for Servers as well as Mobile Devices)
– Mirage OS
• Governance : mixture between Linux Kernel and Apache
– Consensus decision making
– Sub-project life-cycle (aka incubator)
– PMC style structure for team leadership
2013: Xen Project Joins Linux Foundation
21. Xen Project Contributor Community is Diversifying
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
2010 2011 2012
Citrix UPC
SUSE Amazon
University AMD
GridCentric Individual
NSA Intel
Fujitsu iWeb
Misc Oracle
Spectralogic University of British Columbia
• The number of “significant”
active vendors is increasing
• New feature development driving
new participation
22. More Xen Project Features…
• Unikernel development and support (Mirage OS, etc.)
• ARM hardware support
• Live Migration of VMs: XenMotion (via XAPI)
• High Availability: Remus (& COLO for non-stop)
• Wide variety of Control Domains supported
• Even wider variety of Guest Domains
• Multiple virtualization modes improve performance
24. Hypervisor Architectures
Type 1: Bare metal Hypervisor
A pure Hypervisor that runs directly on the
hardware and hosts Guest OS’s.
Provides partition isolation + reliability,
higher security
Host HW
Memory CPUsI/O
HypervisorScheduler
MMUDevice Drivers/Models
VMn
VM1
VM0
Guest OS
and Apps
25. Hypervisor Architectures
Type 1: Bare metal Hypervisor
A pure Hypervisor that runs directly on the
hardware and hosts Guest OS’s.
Type 2: OS ‘Hosted’
A Hypervisor that runs within a Host OS and hosts
Guest OS’s inside of it, using the host OS services
to provide the virtual environment.
Provides partition isolation + reliability,
higher security
Low cost, no additional drivers
Ease of use & installation
Host HW
Memory CPUsI/O
Host HW
Memory CPUsI/O
HypervisorScheduler
MMUDevice Drivers/Models
VMn
VM1
VM0
Guest OS
and Apps
Host OS
Device Drivers
Ring-0 VM Monitor
“Kernel “
VMn
VM1
VM0
Guest OS
and Apps
User
Apps
User-level VMM
Device Models
26. Xen Project: Type 1 with a Twist
Type 1: Bare metal Hypervisor
Host HW
Memory CPUsI/O
HypervisorScheduler
MMUDevice Drivers/Models
VMn
VM1
VM0
Guest OS
and Apps
27. Xen Project: Type 1 with a Twist
Type 1: Bare metal Hypervisor
Host HW
Memory CPUsI/O
HypervisorScheduler
MMUDevice Drivers/Models
VMn
VM1
VM0
Guest OS
and Apps
Host HW
Memory CPUsI/O
Hypervisor
VMn
VM1
VM0
Guest OS
and Apps
Xen Project Architecture
Scheduler MMU
28. Xen Project: Type 1 with a Twist
Type 1: Bare metal Hypervisor
Host HW
Memory CPUsI/O
HypervisorScheduler
MMUDevice Drivers/Models
VMn
VM1
VM0
Guest OS
and Apps
Host HW
Memory CPUsI/O
Hypervisor
VMn
VM1
VM0
Guest OS
and Apps
Xen Project Architecture
Scheduler MMU
Control domain
(dom0)
Drivers
Device Models
Linux & BSD
29. Xen Project and Linux
• Xen Project Hypervisor is not in the Linux kernel
• BUT: everything needed to run the hypervisor is
• Xen Project packages in all distributions (not in
RHEL6, but CentOS 6 via Xen4CentOS)
– Install Control Domain (Dom0) Linux distribution
– Install Xen Project package(s) or meta package
– Reboot
– Configure stuff: set up disks, peripherals, etc.
30. Basic Xen Project Concepts
30
Control domain
(dom0)
Host HW
VMn
VM1
VM0
Guest OS
and Apps
Memory CPUsI/O
Console
• Interface to the outside world
Control Domain aka Dom0
• Dom0 kernel with drivers
• Xen Management Toolstack
Guest Domains
• Your apps
Driver/Stub/Service Domain(s)
• A “driver, device model or control
service in a box”
• De-privileged and isolated
• Lifetime: start, stop, kill
Dom0 Kernel
HypervisorScheduler MMU XSM
Trusted Computing Base
31. Basic Xen Project Concepts: Toolstack+
31
Control domain
(dom0)
Host HW
VMn
VM1
VM0
Guest OS
and Apps
Console
Memory CPUsI/O
Dom0 Kernel
Toolstack
HypervisorScheduler MMU XSM
Console
• Interface to the outside world
Control Domain aka Dom0
• Dom0 kernel with drivers
• Xen Project Management Toolstack
Guest Domains
• Your apps
Driver/Stub/Service Domain(s)
• A “driver, device model or control
service in a box”
• De-privileged and isolated
• Lifetime: start, stop, kill
Trusted Computing Base
32. Basic Xen Project Concepts: Disaggregation
32
Control domain
(dom0)
Host HW
VMn
VM1
VM0
Guest OS
and Apps
Console
Memory CPUsI/O
One or more
driver, stub or
service domains
Dom0 Kernel
Toolstack
HypervisorScheduler MMU XSM
Console
• Interface to the outside world
Control Domain aka Dom0
• Dom0 kernel with drivers
• Xen Project Management Toolstack
Guest Domains
• Your apps
Driver/Stub/Service Domain(s)
• A “driver, device model or control
service in a box”
• De-privileged and isolated
• Lifetime: start, stop, kill
Trusted Computing Base
34. Xen Project Virtualization Vocabulary
• PV – Paravirtualization
– Hypervisor provides API used by the OS of the Guest VM
– Guest OS needs to be modified to provide the API
• HVM – Hardware-assisted Virtual Machine
– Uses CPU VM extensions to handle Guest requests
– No modification to Guest OS
– But CPU must provide VM extensions
• FV – Full Virtualization (another name for HVM)
35. Xen Project Virtualization Vocabulary
• PVHVM – PV on HVM drivers
– Allows H/W virtualized guests to use PV disk and I/O drivers
– No modifications to guest OS
– Better performance than straight HVM
• PVH – PV in HVM Container (new in 4.4)
– Almost fully PV
– Uses HW extensions to eliminate PV MMU
– Eventually best mode for CPUs with virtual H/W extensions
36. The Virtualization Spectrum
Fully Virtualized (FV) VS VS VS VH
FV with PV for disk & network P VS VS VH
PVHVM P P VS VH
PVH P P P VH
Fully Paravirtualized (PV) P P P P
VH Virtualized (HW)
P Paravirtualized
VS Virtualized (SW)
HVM mode/domain
PV mode/domain
Xen Project 4.4
37. The Virtualization Spectrum
Fully Virtualized (FV) VS VS VS VH
FV with PV for disk & network P VS VS VH
PVHVM P P VS VH
PVH P P P VH
Fully Paravirtualized (PV) P P P P
Scope for improvement
Poor performance
Optimal performance
HVM mode/domain
Xen Project 4.4
PV mode/domain
38. Split Control Domain into Driver,
Stub and Service Domains
– See: ”Breaking up is hard to do” @ Xen Papers
– See: “Domain 0 Disaggregation for XCP and XenServer”
Used today by Qubes OS and Citrix XenClient XT
Prototypes for XAPI
Disaggregation
See qubes-os.org
Different windows run
in different VMs
39. More Security
Increased serviceability and flexibility
Better Robustness
Better Performance
Better Scalability
Benefits of Disaggregation
Ability to safely restart parts of the system
(e.g. just 275ms outage from failed Ethernet driver)
41. CPUCPU
RAM RAMNIC
(or SR-
IOV VF)
NIC
(or SR-
IOV VF)
NIC
(or SR-
IOV VF)
NIC
(or SR-
IOV VF)
RAID
Xen Project Hypervisor
Dom0Network
drivers
NFS/
iSCSI
drivers
Qemu xapi Local
storage
drivers
NFS/
iSCSI
drivers
Network
drivers
Qemu
eth eth eth eth scsi
User VM User VM
NB gntdev NB
NF BF NF BF
qemu qemu
xapi
vswitch
networkd
tapdisk
blktap3
storaged
syslogd
vswitch
networkd
tapdisk
blktap3
storaged
tapdisk
blktap3
storaged
gntdev gntdev
Dom0
xenopsd
libxl
healthd
Domain
manager
Dom0
.
.
.
.
Xen Project Hypervisor
xapi
42. CPUCPU
RAM RAMNIC
(or SR-
IOV VF)
NIC
(or SR-
IOV VF)
NIC
(or SR-
IOV VF)
NIC
(or SR-
IOV VF)
RAID
Dom0 Network
driver
domain
NFS/
iSCSI
driver
domain
Qemu
domain
xapi
domain
Logging
domain
Local
storage
driver
domain
NFS/
iSCSI
driver
domain
Network
driver
domain
User VM User VM
NB gntdev NB
NF BF NF BF
dbus over v4v
qemu
xapi
xenopsd
libxl
healthd
Domain
manager
vswitch
networkd
tapdisk
blktap3
storaged
syslogd vswitch
networkd
tapdisk
blktap3
storaged
tapdisk
blktap3
storaged
gntdev gntdev
eth eth eth eth scsi
Xen Project Hypervisor Xen Project Hypervisor
D
o
m
0
dbus over v4v
.
.
.
43. 43
Xen Project Security Advantages
• Even without Advanced Security Features
– Well-defined trusted computing base (much smaller than on type-2 HV)
– Minimal services in hypervisor layer
• Xen Project Security Modules (or XSM) and FLASK
– XSM is Xen Project equivalent of LSM (Linux Security Modules)
– FLASK is Xen Project equivalent of SELinux
– Developed, maintained and contributed to Xen Project by NSA
– Compatible with SELinux (tools, architecture)
– XSM object classes maps onto Xen Project features
More info: http://www.xenproject.org/component/allvideoshare/video/latest/
lfnw2014-advanced-security-features-of-xen-project-hypervisor.html
44. 44
Xen Project Security Modules: FLASK
• What does FLASK provide?
– Granular security
• Can a guest domain talk with other guest domains?
• Can a guest domain only communicate with the Control Domain?
• Can a Guest domain have memory which cannot be read by the Control Domain?
• What type of device model is used in this domain?
• The ability to define multiple security roles on the domain level
• User types can be defined and assign roles
• Policy constraint logic
More info: http://wiki.xenproject.org/wiki/Xen_Security_Modules_:_XSM-FLASK
45. CPUCPU
RAM RAMNIC
(or SR-
IOV VF)
NIC
(or SR-
IOV VF)
NIC
(or SR-
IOV VF)
NIC
(or SR-
IOV VF)
RAID
Xen Project Hypervisor
Dom0 Network
driver
domain
NFS/
iSCSI
driver
domain
Qemu
domain
xapi
domain
Logging
domain
Local
storage
driver
domain
NFS/
iSCSI
driver
domain
Network
driver
domain
eth eth eth eth scsi
User VM User VM
NB gntdev NB
NF BF NF BF
qemu
xapi
xenopsd
libxl
healthd
Domain
manager
vswitch
networkd
tapdisk
blktap3
storaged
syslogd vswitch
networkd
tapdisk
blktap3
storaged
tapdisk
blktap3
storaged
gntdev gntdev
FLASK policy
restricting access
D
o
m
0
.
.
.
dbus over v4v dbus over v4v
Xen Project Hypervisor
47. • Fully functional for ARM v7 & v8
• ARM v7:
– Versatile Express, Arndale, Samsung Chromebook,
Cortex A15, Allwinner A20/A31
• ARM v8: Fast Model, APM X-Gene “Mustang”
Xen Project for ARM Servers
http://wiki.xenproject.org/wiki/Xen_ARM_with_Virtualization_Extensions
48. ARM SOC
Xen Project + ARM = A Perfect Match
ARM Architecture Features for Virtualization
Hypervisor mode : EL2
Kernel mode : EL1
User mode : EL0
GIC
v2
GT
2 stage
MMU
I/O
Device Tree describes …
Hypercall Interface HVC
49. ARM SOC ARM Architecture Features for Virtualization
EL2
EL1
EL0
GIC
v2
GT
2 stage
MMU
I/O
Device Tree describes …
HVC
Xen Project + ARM = A Perfect Match
Xen Project Hypervisor
50. ARM SOC ARM Architecture Features for Virtualization
EL2
EL1
EL0
GIC
v2
GT
2 stage
MMU
I/O
Device Tree describes …
HVC
Xen Project + ARM = A Perfect Match
Xen Project Hypervisor
Any Xen Project Guest VM (including Dom0)
Kernel
User Space
HVC
51. ARM SOC ARM Architecture Features for Virtualization
EL2
EL1
EL0
GIC
v2
GT
2 stage
MMU
I/O
Device Tree describes …
HVC
Xen Project + ARM = A Perfect Match
Xen Project Hypervisor
Dom0
only
Any Xen Project Guest VM (including Dom0)
Kernel
User Space
I/O
PV
back
PV
frontI/O
HVC
52. One mode to rule them all
x86: PVHVM P P VS VH
x86: PVH P P P VH
ARM v7 & v8 P VH VH VH
Scope for improvement
Optimal performance
HVM mode/domain
PV mode/domain
53. Code Size of x86 and ARM Hypervisors
X86 Hypervisor 100K -120K LOC Any x86 CPU
ARM Hypervisor for
mobile Devices
60K LOC ARM v5 – v7
(no virtual extensions)
(extra code for RT)
ARM Hypervisor for
Servers
17K LOC ARM v7+
(w/ virtual extensions)
55. Application stacks only running on Xen Project APIs
Works on any Xen Project cloud or hosting service
Examples
– ErlangOnXen.org : Erlang
– HalVM : Haskell
– Mirage OS : Ocaml
– Osv: Java, C
Benefits:
– Small footprint
– Low startup latency
– Extremely fast migration of VMs
Library Operating Systems
Xen Project Hypervisor
Control domain
(dom0)
Host HW
Guest VMn
Apps
HW Drivers
PV Back Ends
Library OS
embedded
in Language
run-time
Dom0 Kernel
56. • Part of the Xen Project incubator
• V2.0 Released July 2014
• Light and small like Docker, but with the full security of the
Xen Project Hypervisor
• Clean-slate protocols implementations, e.g.
– TCP/IP, DNS, SSH, Openflow (switch/controller), HTTP, XMPP
Mirage OS
More info: http://www.xenproject.org/developers/teams/mirage-os.html
58. • PVH mode is here!
• Updated and improved libvirt support
• Xen4CentOS: Xen Project for CentOS 6
• Experimental EFI support & nested virtualization
• Improved ARM, SPICE, GlusterFS support
New in Xen Project 4.4 (April 2014)
See slides: http://www.xenproject.org/component/allvideoshare/video/latest/
lf-collaboration-summit-xen-project-4-4-features-and-futures.html
59. • PVH mode performance improvements
• More Mirage OS and unikernel support
• Even more ARM, libvirt improvements
• REMUS reworked (COLO still in development)
• And much, much more…
Coming in Xen Project 4.5 (Dec 2014)
See status: http://wiki.xenproject.org/wiki/Xen_Project_Hypervisor_Roadmap/4.5
60. • Establish a shared test infrastructure
– Most major contributors are duplicating effort
• Usability and better distribution integration
• More focus on downstreams
– Examples: CloudStack and Xen Orchestra
• Xen Automotive
• XenGT (GPU Passthrough)
• Better Libvirt and virt-manager integration
– Embed Xen Project more into the Linux ecosystem and provide benefits for the
wider Linux community
What’s next (and already happening)
61. • Document Days (monthly)
• Test Days (prior to release)
• Mailing Lists , IRC, Newsletter
• XenProject.org (sign up, it’s free!)
Getting Started with Xen Project
Hackathon: Next one expected Spring 2015
Developer Summit: Aug 18-19 @ LinuxCon
User Summit: Sept 15 in New York City
62. • We’ve got a great lineup of sessions!
• Topics include:
– Security, Cloud Integration, Unikernels, Orchestration, …
– SUSE Cloud, OpenStack, XenServer, CentOS, Xen Orchestra, OSv,
HaLVM, COLO and more
• Regular price $79; use code below to register for half price!
CODE: XenMDMeetup
Xen Project User Summit, Sept 15 in NYC
63. Thank You!
Slides available under CC-BY-SA 3.0
From www.slideshare.net/xen_com_mgr
@RCPavlicek
• News: blog.XenProject.org
• Web: XenProject.org
– Help for IRC, Mailing Lists, …
– Stackoverflow-like Q&A
• Wiki: wiki.XenProject.org
• Presentations & Videos: see XenProject.org