Today the software stack inside cloud instances closely follows the traditional pattern, the pattern optimised for a completely different settings. The emerging OS-less software technologies promise to radically simplify the software inside virtual servers. Erlang on Xen is one of such technologies. It is a highly-compatible reimplementation of the Erlang VM that run directly on Xen. The super-elastic services based on Erlang on Xen adhere to 7 'commandments': 1) Do not assume the presence of OS underneath; 2) Software must be oblivious to boundaries of physical nodes 3) All services share the same auto-scalable infrastructure 4) Run computations near the data they process 5) Child nodes get configuration from the parent only 6) Avoid “administration” at all costs 7) SMP is abomination of cloud computing.
LCEU13: Securing your cloud with Xen's advanced security features - George Du...The Linux Foundation
Xen is a mature enterprise-grade virtual machine with many advanced security features which are unique to Xen. For this reason it's the hypervisor of choice for the NSA, the DoD, and the new QubesOS Secure Desktop project. While much of the security of Xen is inherent in its design, many of the advanced security features, such as stub domains, driver domains, XSM, and so on are not enabled by default. This session will describe all of the advanced security features of Xen, and the best way to configure them for the Cloud environment. When the audience leaves, they should have a general framework to evaluate the security of their system, know the key security features of Xen, and have a basic framework of knowledge to help them make sense of the documentation. This talk will *not* go into mind-numbing detail about specific commands to type or configuration options.
Xen, XenServer, and XAPI: What’s the Difference?-XPUS13 Bulpin,PavlicekThe Linux Foundation
Many people have difficulty understanding the difference between the Xen Hypervisor, XenServer, and XAPI. In this session, James Bulpin, Director of Technology for XenServer, and Russell Pavlicek, Evangelist for the Xen Project, will attempt to clarify what each project is, what it does, and how it compares with the others. We will cover some of the basic features and functions, the tasks for which each is suitable, and where the projects overlap. Attendees will come away with a better sense of where these three projects fit in the world of Xen virtualization.
It is no accident that Xen software powers some of the largest Clouds in existence. From its outset, the Xen Project was intended to enable what we now call Cloud Computing. This session will explore how the Xen Architecture addresses the needs of the Cloud in ways which facilitate security, throughput, and agility. It will also cover some of the hot new developments of the Xen Project.
Google uses virtualization for internal corporate infrastructure. As part of this, we have developed a number of tools, some open source, for managing the Xen deployment. The talk will describe the technical infrastructure used, the internal workflows and machine management processes, and the specific use-cases for virtualization.
In this talk, we will give an overview of the state of the Xen Project, trends that impact the project, see whether challenges that surfaced last year have been addressed and how we did it, and highlight new challenges and solutions for the coming year.
LCEU13: Securing your cloud with Xen's advanced security features - George Du...The Linux Foundation
Xen is a mature enterprise-grade virtual machine with many advanced security features which are unique to Xen. For this reason it's the hypervisor of choice for the NSA, the DoD, and the new QubesOS Secure Desktop project. While much of the security of Xen is inherent in its design, many of the advanced security features, such as stub domains, driver domains, XSM, and so on are not enabled by default. This session will describe all of the advanced security features of Xen, and the best way to configure them for the Cloud environment. When the audience leaves, they should have a general framework to evaluate the security of their system, know the key security features of Xen, and have a basic framework of knowledge to help them make sense of the documentation. This talk will *not* go into mind-numbing detail about specific commands to type or configuration options.
Xen, XenServer, and XAPI: What’s the Difference?-XPUS13 Bulpin,PavlicekThe Linux Foundation
Many people have difficulty understanding the difference between the Xen Hypervisor, XenServer, and XAPI. In this session, James Bulpin, Director of Technology for XenServer, and Russell Pavlicek, Evangelist for the Xen Project, will attempt to clarify what each project is, what it does, and how it compares with the others. We will cover some of the basic features and functions, the tasks for which each is suitable, and where the projects overlap. Attendees will come away with a better sense of where these three projects fit in the world of Xen virtualization.
It is no accident that Xen software powers some of the largest Clouds in existence. From its outset, the Xen Project was intended to enable what we now call Cloud Computing. This session will explore how the Xen Architecture addresses the needs of the Cloud in ways which facilitate security, throughput, and agility. It will also cover some of the hot new developments of the Xen Project.
Google uses virtualization for internal corporate infrastructure. As part of this, we have developed a number of tools, some open source, for managing the Xen deployment. The talk will describe the technical infrastructure used, the internal workflows and machine management processes, and the specific use-cases for virtualization.
In this talk, we will give an overview of the state of the Xen Project, trends that impact the project, see whether challenges that surfaced last year have been addressed and how we did it, and highlight new challenges and solutions for the coming year.
Linaro Connect Asia 13 : Citrix - Xen on ARM plenary sessionThe Linux Foundation
The Xen on ARM effort has had a short, but impressive, history. In late 2011, Citrix seeded a Xen.org community project to port Xen to ARMv7 with virtualization extensions targeting the Cortex A15 as the reference platform. In 2012, the project scope was expanded to include the ARMv8 architecture. Linux 3.7 was the first kernel release to run on Xen on ARM as Dom0 and DomU. Very soon now (Q2 2013), Xen 4.3 will fully support several different ARM platforms, including Samsung Chromebooks, Versatile Express Cortex A15 and Arndale development boards.
In this talk, we will outline how virtualization enabled server consolidation and cloud computing, as well as innovative and secure solutions for both desktops and mobile devices. We will explain why Citrix saw the need for the project, and why it is highly relevant in today’s cloud-centric virtualization landscape. We will discuss the opportunities this has brought to the Xen ecosystem, and then peek into the future possibilities which Xen on ARM will enable. While Xen is best known as technology powering some of the biggest clouds in the industry, but could also be powering virtual machines on devices that fit in your pocket.
The talk will also include a brief overview of the Xen on ARM architecture, including the key design principles employed. The techniques pioneered during the ARM port will allow the Xen community to remove many legacy components from the Xen code base, streamlining both the ARM and x86 implementations. We will share some data on the challenges in porting Xen to new ARM boards. Due to full reliance on Device Tree and to the minimal hardware requirements of the hypervisor, ports to new boards require surprisingly little effort.
Finally, the talk will conclude by outlining the immediate roadmap for Xen on ARM.
Oscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCPThe Linux Foundation
Do you dream of being able to spin up ten or twenty (or a thousand) virtual machines in an instant? Discover and repair resource bottlenecks without moving a finger? Dodge the loss of an entire storage array with no-one noticing? Span across data centers with a fleet of virtual machines? This is no sales pitch; during this tutorial, we’ll demonstrate how to leverage truly FOSS tools to build a powerful, scalable cloud that easily competes with those proprietary solutions!
This deep-dive into Xen, Xen Cloud Platform, and other FOSS cloud tools and concepts is intended both for those ready to wholeheartedly embrace virtualization and for those already seasoned in general virtualization practices. You’ll leave with a collection of pre-made tools that you can use right out of the box or modify to your liking. You’ll also leave with immediately useful knowledge on best practices and common pitfalls, presented by actual FOSS practitioners like you.
We begin this tutorial by discussing Xen, Xen Cloud Platform (XCP), and XCP cloud concepts (pools, hosts, storage, networks, etc.). We then explore in detail the API that makes Xen so useful for building a cloud, explore provisioning of hosts and guests using PXE, and discuss templating and installing guest virtual machines. Critical to understanding potential bottlenecks, identifying tuning opportunities and planning for the future, we will discuss performance monitoring and methodologies. Next, we teach you how to make the most of your new FOSS cloud capabilities and discuss in detail high availability infrastructure for storage and networking, advanced networking capabilities like bonding/VLANs, and the cloud orchestration tools that save you time and money. All of this with a focus on XCP in enterprise environments. Tools discussed include DRBD, Pacemaker, Open vSwitch, Cloudstack, Openstack, and more.
We conclude by shedding light on exciting developments: Xen 4.2 has recently been released, with just over a year of development time and nearly 3,000 changesets. We will discuss many of the new features introduced in 4.2, as well as what changes we have in store for the 4.3 release as well as other exciting developments.
Cloud leaders such as Rackspace and Internap are building their next generation cloud using OpenStack and Xen+XenAPI, not everyone uses OpenStack with KVM. Lets take a look at how OpenStack and Xen work together, and look at how you can get more involved.
XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...The Linux Foundation
Since its inception, the Xen Orchestra project which uses AGPLv3, always had a philosophy to listen and engage the community. User feedback shaped our initial concept, which first targeted system administrators. Eventually, our users drove us to support cloud-scale deployments supporting up to 2000 VM's. Retaining simplicity in usage and installation, while evolving Xen Orchestra to cloud scale posed many challenges. This led us to build many new features such ACLs, self-service, live charts, config drive management, and more, forced us to constantly evolve our architecture. First we will show how user needs changed our architecture, and how we implemented challenging problems such as user permissions, ACLs, Containers in a virtualized infrastructure and self service. We will conclude with a short demo, what is next and a lessons learned.
XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...The Linux Foundation
Defending the security of interconnected systems is shifting to depend upon methods for determining the level of trust to be placed in devices and users, with mandatory enforcement of access control policies and robust mechanisms for ensuring the integrity of communication between mutually-authenticated entities.
Virtualization-based security leverages trust in the hypervisor to provide strong mechanisms to virtual machines, enabling increased protection, in server, client and embedded deployments.
The interfaces provided by the hypervisor for inter-domain communication determine critical properties for data isolation and control of information flow.
Hypervisor-Mediated data eXchange describes key aspects of these data transfer primitives and has some support in Hyper-V. The first Open Source implementation of HMX is Argo, a Xen hypervisor feature developed with the OpenXT Project.
Rackspace has years of experience with running Xen at scale, starting with Xen and migrating to XenServer. We will share why we use Xen/XenServer along with some of the issues that we've experienced. We will touch on our experience with migrating from Xen to XenServer and the challenges there. We will share information about Rackspace Cloud Servers architecture, and touch briefly on OpenStack when doing so. We will explain how we use Xen to quickly deploy new Openstack services with what we call Nova on Nova. And finally, we will discuss what additional features and improvements are needed and why.
How we collaborated with the CentOS and Xen projects to build a next-generation platform at Go Daddy. Discussion of the design considerations, infrastructure, succes stories and challenges of this paradigm change
XPDDS18: CPUFreq in Xen on ARM - Oleksandr Tyshchenko, EPAM SystemsThe Linux Foundation
The motivation of hypervisor based CPUFreq is to enable the one of the main PM use-cases (Dynamic voltage and frequency scaling) in virtualized system powered by Xen hypervisor. Rationale behind this activity is that CPU virtualization is done by hypervisor and the guest OS doesn't actually know anything about physical CPUs because it is running on virtual CPUs.
In this talk Oleksandr will briefly describe the possible approach of generic CPUFreq in Xen on ARM, the advantages and disadvantages of having DVFS support on ARM boards powered by Xen hypervisor and share results of his CPUFreq PoC which implies power consumption measurements with and without CPUFreq enabled on R-Car Gen3 based board as an example.
CIF16: Rethinking Foundations for Zero-devops Clouds (Maxim Kharchenko, Cloud...The Linux Foundation
The unikernel approach should not be limited to cloud workloads. The cloud infrastructure itself must be built around the same principles. Our goal is to be able to unroll a private cloud on a hundred of servers within an hour. The resultant cloud infrastructure should not require any maintenance afterwards. The talk discusses the current progress of Cloudozer in making this vision a reality.
XPDS13: In-Guest Mechanism to Strengthen Guest Separation - Philip Tricca, Ci...The Linux Foundation
Terms related to security like 'disaggregation' and 'stubdom' have found their way into the standard Xen vernacular. Implementations of these architectures still require heavy lifting but examples have made their way into both the open source and commercial products. In this talk Philip presents a lesser known but complimentary method to confine QEMU processes using SELinux type enforcement. This architecture alone is interesting but Philip believes its utility extends beyond QEMU and SELinux. Future problems like inter-VM communication mechanisms hold unique challenges with regard to access control and policy semantics. Philip will argue that an approach influenced by sVirt and user-space object managers will be useful here. As always, attendees should expect tangents into abstract topics like the nature of trust and the utopic world that strong security mechanisms will bring about.
LF Collaboration Summit: Xen Project 4 4 Features and FuturesThe Linux Foundation
Xen Project 4.4 Release Information.
Delivered by Russell Pavlicek at Linux Foundation Collaborative Summit on March 27, 2014.
Updated for LinuxCon/CloudOpen North America in August 2014.
Xen is a mature enterprise-grade virtual machine with many advanced security features which are unique to Xen. For this reason it's the hypervisor of choice for the NSA, the DoD, and the new QubesOS Secure Desktop project. However, while much of the security of Xen is inherent in its design, many of the advanced security features, such as stub domains, driver domains, XSM, and so on are not enabled by default. This session will describe all of the advanced security features of Xen, and the best way to configure them for the Cloud environment.
Linuxcon EU : Virtualization in the Cloud featuring Xen and XCPThe Linux Foundation
The Xen Hypervisor was built for the Cloud from the outset: when Xen was designed, we anticipated a world, which today is known as cloud computing. Today, Xen powers the largest clouds in production. This talk explores success criteria, architecture, trade-offs and challenges for cloudy hypervisors.
It is intended for users and developers and starts with a brief introduction to Xen and XCP, their architecture, shine some light on common challenges for KVM and Xen, such as the NUMA performance tax and securing the cloud. It will introduce the concept of domain disaggregation as an approach to increase security, robustness and scalability: all important factors for building clouds at scale. The talk will conclude with an update on Xen support in Linux, Xen for ARM servers and other exciting developments in the Xen community and their implications for building open source clouds.
Linaro Connect Asia 13 : Citrix - Xen on ARM plenary sessionThe Linux Foundation
The Xen on ARM effort has had a short, but impressive, history. In late 2011, Citrix seeded a Xen.org community project to port Xen to ARMv7 with virtualization extensions targeting the Cortex A15 as the reference platform. In 2012, the project scope was expanded to include the ARMv8 architecture. Linux 3.7 was the first kernel release to run on Xen on ARM as Dom0 and DomU. Very soon now (Q2 2013), Xen 4.3 will fully support several different ARM platforms, including Samsung Chromebooks, Versatile Express Cortex A15 and Arndale development boards.
In this talk, we will outline how virtualization enabled server consolidation and cloud computing, as well as innovative and secure solutions for both desktops and mobile devices. We will explain why Citrix saw the need for the project, and why it is highly relevant in today’s cloud-centric virtualization landscape. We will discuss the opportunities this has brought to the Xen ecosystem, and then peek into the future possibilities which Xen on ARM will enable. While Xen is best known as technology powering some of the biggest clouds in the industry, but could also be powering virtual machines on devices that fit in your pocket.
The talk will also include a brief overview of the Xen on ARM architecture, including the key design principles employed. The techniques pioneered during the ARM port will allow the Xen community to remove many legacy components from the Xen code base, streamlining both the ARM and x86 implementations. We will share some data on the challenges in porting Xen to new ARM boards. Due to full reliance on Device Tree and to the minimal hardware requirements of the hypervisor, ports to new boards require surprisingly little effort.
Finally, the talk will conclude by outlining the immediate roadmap for Xen on ARM.
Oscon 2012 : From Datacenter to the Cloud - Featuring Xen and XCPThe Linux Foundation
Do you dream of being able to spin up ten or twenty (or a thousand) virtual machines in an instant? Discover and repair resource bottlenecks without moving a finger? Dodge the loss of an entire storage array with no-one noticing? Span across data centers with a fleet of virtual machines? This is no sales pitch; during this tutorial, we’ll demonstrate how to leverage truly FOSS tools to build a powerful, scalable cloud that easily competes with those proprietary solutions!
This deep-dive into Xen, Xen Cloud Platform, and other FOSS cloud tools and concepts is intended both for those ready to wholeheartedly embrace virtualization and for those already seasoned in general virtualization practices. You’ll leave with a collection of pre-made tools that you can use right out of the box or modify to your liking. You’ll also leave with immediately useful knowledge on best practices and common pitfalls, presented by actual FOSS practitioners like you.
We begin this tutorial by discussing Xen, Xen Cloud Platform (XCP), and XCP cloud concepts (pools, hosts, storage, networks, etc.). We then explore in detail the API that makes Xen so useful for building a cloud, explore provisioning of hosts and guests using PXE, and discuss templating and installing guest virtual machines. Critical to understanding potential bottlenecks, identifying tuning opportunities and planning for the future, we will discuss performance monitoring and methodologies. Next, we teach you how to make the most of your new FOSS cloud capabilities and discuss in detail high availability infrastructure for storage and networking, advanced networking capabilities like bonding/VLANs, and the cloud orchestration tools that save you time and money. All of this with a focus on XCP in enterprise environments. Tools discussed include DRBD, Pacemaker, Open vSwitch, Cloudstack, Openstack, and more.
We conclude by shedding light on exciting developments: Xen 4.2 has recently been released, with just over a year of development time and nearly 3,000 changesets. We will discuss many of the new features introduced in 4.2, as well as what changes we have in store for the 4.3 release as well as other exciting developments.
Cloud leaders such as Rackspace and Internap are building their next generation cloud using OpenStack and Xen+XenAPI, not everyone uses OpenStack with KVM. Lets take a look at how OpenStack and Xen work together, and look at how you can get more involved.
XPDS16: Xen Orchestra: building a Cloud on top of Xen - Olivier Lambert & Jul...The Linux Foundation
Since its inception, the Xen Orchestra project which uses AGPLv3, always had a philosophy to listen and engage the community. User feedback shaped our initial concept, which first targeted system administrators. Eventually, our users drove us to support cloud-scale deployments supporting up to 2000 VM's. Retaining simplicity in usage and installation, while evolving Xen Orchestra to cloud scale posed many challenges. This led us to build many new features such ACLs, self-service, live charts, config drive management, and more, forced us to constantly evolve our architecture. First we will show how user needs changed our architecture, and how we implemented challenging problems such as user permissions, ACLs, Containers in a virtualized infrastructure and self service. We will conclude with a short demo, what is next and a lessons learned.
XPDDS19: Argo and Hypervisor-Mediated Data eXchange (HMX) - Christopher Clark...The Linux Foundation
Defending the security of interconnected systems is shifting to depend upon methods for determining the level of trust to be placed in devices and users, with mandatory enforcement of access control policies and robust mechanisms for ensuring the integrity of communication between mutually-authenticated entities.
Virtualization-based security leverages trust in the hypervisor to provide strong mechanisms to virtual machines, enabling increased protection, in server, client and embedded deployments.
The interfaces provided by the hypervisor for inter-domain communication determine critical properties for data isolation and control of information flow.
Hypervisor-Mediated data eXchange describes key aspects of these data transfer primitives and has some support in Hyper-V. The first Open Source implementation of HMX is Argo, a Xen hypervisor feature developed with the OpenXT Project.
Rackspace has years of experience with running Xen at scale, starting with Xen and migrating to XenServer. We will share why we use Xen/XenServer along with some of the issues that we've experienced. We will touch on our experience with migrating from Xen to XenServer and the challenges there. We will share information about Rackspace Cloud Servers architecture, and touch briefly on OpenStack when doing so. We will explain how we use Xen to quickly deploy new Openstack services with what we call Nova on Nova. And finally, we will discuss what additional features and improvements are needed and why.
How we collaborated with the CentOS and Xen projects to build a next-generation platform at Go Daddy. Discussion of the design considerations, infrastructure, succes stories and challenges of this paradigm change
XPDDS18: CPUFreq in Xen on ARM - Oleksandr Tyshchenko, EPAM SystemsThe Linux Foundation
The motivation of hypervisor based CPUFreq is to enable the one of the main PM use-cases (Dynamic voltage and frequency scaling) in virtualized system powered by Xen hypervisor. Rationale behind this activity is that CPU virtualization is done by hypervisor and the guest OS doesn't actually know anything about physical CPUs because it is running on virtual CPUs.
In this talk Oleksandr will briefly describe the possible approach of generic CPUFreq in Xen on ARM, the advantages and disadvantages of having DVFS support on ARM boards powered by Xen hypervisor and share results of his CPUFreq PoC which implies power consumption measurements with and without CPUFreq enabled on R-Car Gen3 based board as an example.
CIF16: Rethinking Foundations for Zero-devops Clouds (Maxim Kharchenko, Cloud...The Linux Foundation
The unikernel approach should not be limited to cloud workloads. The cloud infrastructure itself must be built around the same principles. Our goal is to be able to unroll a private cloud on a hundred of servers within an hour. The resultant cloud infrastructure should not require any maintenance afterwards. The talk discusses the current progress of Cloudozer in making this vision a reality.
XPDS13: In-Guest Mechanism to Strengthen Guest Separation - Philip Tricca, Ci...The Linux Foundation
Terms related to security like 'disaggregation' and 'stubdom' have found their way into the standard Xen vernacular. Implementations of these architectures still require heavy lifting but examples have made their way into both the open source and commercial products. In this talk Philip presents a lesser known but complimentary method to confine QEMU processes using SELinux type enforcement. This architecture alone is interesting but Philip believes its utility extends beyond QEMU and SELinux. Future problems like inter-VM communication mechanisms hold unique challenges with regard to access control and policy semantics. Philip will argue that an approach influenced by sVirt and user-space object managers will be useful here. As always, attendees should expect tangents into abstract topics like the nature of trust and the utopic world that strong security mechanisms will bring about.
LF Collaboration Summit: Xen Project 4 4 Features and FuturesThe Linux Foundation
Xen Project 4.4 Release Information.
Delivered by Russell Pavlicek at Linux Foundation Collaborative Summit on March 27, 2014.
Updated for LinuxCon/CloudOpen North America in August 2014.
Xen is a mature enterprise-grade virtual machine with many advanced security features which are unique to Xen. For this reason it's the hypervisor of choice for the NSA, the DoD, and the new QubesOS Secure Desktop project. However, while much of the security of Xen is inherent in its design, many of the advanced security features, such as stub domains, driver domains, XSM, and so on are not enabled by default. This session will describe all of the advanced security features of Xen, and the best way to configure them for the Cloud environment.
Linuxcon EU : Virtualization in the Cloud featuring Xen and XCPThe Linux Foundation
The Xen Hypervisor was built for the Cloud from the outset: when Xen was designed, we anticipated a world, which today is known as cloud computing. Today, Xen powers the largest clouds in production. This talk explores success criteria, architecture, trade-offs and challenges for cloudy hypervisors.
It is intended for users and developers and starts with a brief introduction to Xen and XCP, their architecture, shine some light on common challenges for KVM and Xen, such as the NUMA performance tax and securing the cloud. It will introduce the concept of domain disaggregation as an approach to increase security, robustness and scalability: all important factors for building clouds at scale. The talk will conclude with an update on Xen support in Linux, Xen for ARM servers and other exciting developments in the Xen community and their implications for building open source clouds.
The FermiCloud Project has been operating an Infrastructure-as-a-Service private Cloud using OpenNebula since the fall of 2010. FermiCloud has made significant contributions in X.509-based authentication and authorization, accounting, fabric deployment and high-availability cloud infrastructure. Our current program of work, carried out jointly with KISTI, focuses on interoperability and federation with the goal of running scientific cloud-based workflows across multiple clouds. I will identify some of the technical challenges that remain to be solved in widespread cloud deployment, as well as lessons that we have learned from grid computing and applied to the cloud environment.
Bio:
Steven C. Timm, PhD. is the group leader of the FermiGrid Services Group in the Grid and Cloud Computing Department at Fermi National Accelerator Laboratory, Batavia Illinois, USA, where he has been on the computing staff since 2000 with various responsibilities in large-scale distributed computing. He is the lead of the FermiCloud project and also responsible for leading the operations of the FermiGrid authentication and authorization servers and batch servers. Dr. Timm received his M.S. in Computer Science from Andrews University andhis Ph.D. in Physics from Carnegie Mellon University.
Enabling Scientific Workflows on FermiCloud using OpenNebulaNETWAYS
The FermiCloud Project has been operating an Infrastructure-as-a-Service private Cloud using OpenNebula since the fall of 2010. FermiCloud has made significant contributions in X.509-based authentication and authorization, accounting, fabric deployment and high-availability cloud infrastructure. Our current program of work, carried out jointly with KISTI, focuses on interoperability and federation with the goal of running scientific cloud-based workflows across multiple clouds. I will identify some of the technical challenges that remain to be solved in widespread cloud deployment, as well as lessons that we have learned from grid computing and applied to the cloud environment.
A LogicalDOC Cluster is a number of computers working together to ensure a document management system is available and performing efficiently.
The computers in the network exist independently but are connected to maximize the performance of the system.
Data Analytics Using Container Persistence Through SMACK - Manny Rodriguez-Pe...{code} by Dell EMC
New digital business models facilitated by containers require collecting and analyzing device data. Apache Mesos removes the need to build separate stacks and combines optimized application containers and data analytics into a single platform. In this session, we will explore new approaches to data analytics using REX-Ray as a container persistence tool and the SMACK stack - Spark, Mesos, Akka, Cassandra, Kafka – a set of tools for building data and messaging layers for digital engagement apps.
OSAC16: Unikernel-powered Transient Microservices: Changing the Face of Softw...Russell Pavlicek
In most current microservice-based architectures, the machine images powering the microservice are quite traditional: a full software stack from operating system to application, which takes significant resources to host and plenty of time to start and stop. As a result, most current microservice workloads are persistent, having to start before they are needed and sitting idle when there’s no work to do. This wastes precious resources and slows the application’s ability to scale out as workloads require.
The arrival of lightweight technologies like Docker and containers have opened the door to lighter workloads in the microservice arena, but the advent of unikernels might be a game changer. These ultralight, highly secure workloads combine the entire software stack—from operating system functions to application—into a single, tiny package that runs directly on a hypervisor. Start times for many unikernel-based VMs can be measured in milliseconds, raising the question: why waste time and resources with persistent microservices? Why not consider transient microservices, which appear when there is something to do and disappear immediately thereafter?
While the use of transient microservices could free up much computing power, it will also change the architecture and orchestration of software solutions. The concept of services that may have a lifetime measured in seconds—or less—does not currently exist in popular cloud-based systems.
CMPE 297 Lecture: Building Infrastructure Clouds with OpenStackJoe Arnold
Lecture for the San Jose State masters program on cloud computing. Topic focuses on using OpenStack to deploy infrastructure clouds with commodity hardware and open source software. Covers virtualization, networking, storage, deployment and operations.
Static partitioning is used to split an embedded system into multiple domains, each of them having access only to a portion of the hardware on the SoC. It is key to enable mixed-criticality scenarios, where a critical application, often based on a small RTOS, runs alongside a larger non-critical app, typically based on Linux. The two domains cannot interfere with each other.
This talk will explain how to use Xen for static partitioning. It will introduce dom0-less, a new Xen feature written for the purpose. Dom0-less allows multiple VMs to start at boot time directly from the Xen hypervisor, decreasing boot times drastically. It makes it very easy to partition the system without virtualization overhead. Dom0 becomes unnecessary.
This presentation will go into details on how to setup a Xen dom0-less system. It will show configuration examples and explain device assignment. The talk will discuss its implications for latency-sensitive and safety-critical environments.
XPDDS19: How TrenchBoot is Enabling Measured Launch for Open-Source Platform ...The Linux Foundation
TrenchBoot is a cross-community OSS integration project for hardware-rooted, late launch integrity of open and proprietary systems. It provides a general purpose, open-source DRTM kernel for measured system launch and attestation of device integrity to trust-centric access infrastructure. TrenchBoot closes the UEFI Measurement Gap and reduces the need to trust system firmware. This talk will introduce TrenchBoot architecture and a recent collaboration with Oracle to launch the Linux kernel directly with Intel TXT or AMD SVM Secure Launch. It will propose mechanisms for integrating the Xen hypervisor into a TrenchBoot system launch. DRTM-enabled capabilities for client, server and embedded platforms will be presented for consideration by the Xen community.
XPDDS19 Keynote: Xen in Automotive - Artem Mygaiev, Director, Technology Solu...The Linux Foundation
Artem will briefly cover what has been done since the first talk on Xen in Automotive domain back in 2013, what is going on now and what is still missing for broad adaptation of Xen in vehicles. The following topics will be covered:
Embedded/automotive features of Xen
Collaboration with AGL and GENIVI organizations for standardization
Efforts on Functional Safety compliance
Artem will also go over typical automotive use scenarios for Xen which may not be the same as generic computing use of hypervisor.
XPDDS19 Keynote: Xen Project Weather Report 2019 - Lars Kurth, Director of Op...The Linux Foundation
In this keynote talk, we will give an overview of the state of the Xen Project, trends that impact the project, see whether challenges that surfaced last year have been addressed and how we did it, and highlight new challenges and solutions for the coming year.
In recent years unikernels have shown immense performance potential (e.g., boot times of only a few ms, image sizes of only hundreds of KBs).The fundamental drawback of unikernels is that they require that applications be manually ported to the underlying minimalistic OS, needing both expert work and often considerable amount of time.
The Unikraft project provides a unikernel code base and build system that significantly simplifies the building of unikernels. In addition to support for a number CPU architectures, languages and frameworks, Unikraft provides debugging and tracing features that are generally sorely missing from unikernel projects. In this talk we will talk about these features, show a set of preliminary performance numbers, and provide a roadmap for the project's future.
XPDDS19 Keynote: Secret-free Hypervisor: Now and Future - Wei Liu, Software E...The Linux Foundation
The idea of making Xen secret-free has been floating since Spectre and Meltdown came into light. In this talk we will discuss what is being done and what needs to be done next.
XPDDS19 Keynote: Xen Dom0-less - Stefano Stabellini, Principal Engineer, XilinxThe Linux Foundation
This talk will introduce Dom0-less: a new way of using Xen to build mixed-criticality solutions. Dom0-less is a Xen feature that adds a novel approach to static partitioning based on virtualization. It allows multiple domains to start at boot time directly from the Xen hypervisor, decreasing boot times dramatically. Xen userspace tools, such as xl and libvirt, become optional.
Dom0-less extends the existing device tree based Xen boot protocol to cover information required by additional domains. Binaries, such as kernels and ramdisks, are loaded by the bootloader (u-boot) and advertised to Xen via new device tree bindings.
The audience will learn how to use Dom0-less to partition the system. Uboot and device tree configuration details will be explained to enable the audience to get the most out of this feature. The talk will include a status update and details on future plans.
XPDDS19 Keynote: Patch Review for Non-maintainers - George Dunlap, Citrix Sys...The Linux Foundation
As the number of contributions grow, reviewer bandwidth becomes a bottleneck; and maintainers are always asking for more help. However, ultimately maintainers must at least Ack every patch that goes in; so if you're not a maintainer, how can you contribute? Why should anyone care about your opinion?
This talk will try to lay out some advice and guidelines for non-maintainers, for how they can do code review in a way which will effectively reduce the load on maintainers when they do come to review a patch.
This talk is a follow-up to our Summit 2017 presentation in which we covered our plans for Intel VMFUNC and #VE, as well as related use-cases. This year, we will provide a report on what we have accomplished in Xen 4.12, and what remains to be addressed. We will also give a brief status update of VMI on AMD hardware. The session will end with some real-world numbers of the Hypervisor Introspection solution running on Citrix Hypervisor 8.0 with #VE enabled.
OSSJP/ALS19: The Road to Safety Certification: Overcoming Community Challeng...The Linux Foundation
Safety certification is one of the essential requirements for software to be used in highly regulated industries. Besides technical and compliance issues (such as ISO 26262 vs IEC 611508) transitioning an existing project to become more easily safety certifiable requires significant changes to development practices within an open source project.
In this session, we will lay out some challenges of making safety certification achievable in open source and the Xen Project. We will outline the process the Xen Project has followed thus far and highlight lessons learned along the way. The talk will primarily focus on necessary process, tooling changes and community challenges that can prevent progress. We will be offering an in-depth review of how Xen Project is approaching this challenging goal and try to derive lessons for other projects and contributors.
OSSJP/ALS19: The Road to Safety Certification: How the Xen Project is Making...The Linux Foundation
Safety certification is one of the essential requirements for software to be used in highly regulated industries. The Xen Project, a secure and stable hypervisor that is used in many different markets, has been exploring the feasibility of building safety certified products on top of Xen for a year, looking at key aspects of its code base and development practices.
In this session, we will lay out the motivation and challenges of making safety certification achievable in open source and the Xen Project. We will outline the process the project has followed thus far and highlight lessons learned along the way. The talk will cover technical enablers, necessary process and tooling changes and community challenges offering an in-depth review of how Xen Project is approaching this exciting and and challenging goal.
XPDDS19: Speculative Sidechannels and Mitigations - Andrew Cooper, CitrixThe Linux Foundation
2018 saw fundamental shifts in security boundaries which were previously taken for granted. A lot of work has been done in the past 2 years, and largely in secret under embargo, but there is plenty more work to be done to strengthen the existing mitigations and to try to recover some performance without reopening security holes.
This talk will look at speculative execution sidechannels, the work which has already been done to mitigate the security holes, and future work which hopes to bring some improvements.
XPDDS19: Keeping Coherency on Arm: Reborn - Julien Grall, Arm ltdThe Linux Foundation
The Arm architecture provides a set of guidelines that any software should abide by when accessing the memory with MMU off and update page-tables. Failing to do so may result in getting TLB conflicts or breaking coherency.
In a previous talk ("Keeping coherency on Arm"), we focused on updating safely the stage-2 (aka P2M) page-tables. This talk will focus on the boot code and Xen memory management.
During this session, we will introduce some of the guidelines and when they should be used. We will also discuss how Xen boot sequence needs to be reworked to avoid breaking the guidelines.
XPDDS19: QEMU PV Backend 'qdevification'... What Does it Mean? - Paul Durrant...The Linux Foundation
For many years the QEMU codebase has contained PV backends for Xen guests, giving them paravirtual access to storage, network, keyboard, mouse, etc. however these backends have not been configurable as QEMU devices as their implementation did not fully adhere to the QEMU Object Model (QOM).
Particularly the PV storage backend not using proper QOM devices, or qdevs, meant that the QEMU block layer needed to maintain legacy code that was cluttering up the source. This was causing push-back from the maintainers who did not want to accept any patches relating to that Xen backend until it was 'qdevified'.
In this talk, I'll explain the modifications I made to QEMU to achieve 'qdevification' of the PV storage backend, how compatibility with the libxl toolstack was maintained, and what the next steps in both QEMU and libxl development should be.
XPDDS19: Status of PCI Emulation in Xen - Roger Pau Monné, Citrix Systems R&DThe Linux Foundation
PCI is a local computer bus for attaching hardware devices in a computer, and is the main peripheral bus on modern x86 systems. As such, having a proper way to emulate it is crucial for Xen to be able to expose both fully emulated devices or passthrough devices to guests.
This talk will focus on the current status of PCI emulation in Xen, how and where it is used, what are its main limitations and future plans to improve it in order to be more robust and modular.
XPDDS19: [ARM] OP-TEE Mediator in Xen - Volodymyr Babchuk, EPAM SystemsThe Linux Foundation
Volodymyr will speak about TEE mediators. This is a new feature in Xen which allows multiple virtual machines to interact with Trusted Execution Environment available on platform. He developed mediator for one of TEEs, namely OP-TEE.
He will give background information on why TEE is needed at all and share some implementation details.
XPDDS19: Bringing Xen to the Masses: The Story of Building a Community-driven...The Linux Foundation
Xen is a very powerful hypervisor with a talented and diverse developers community. Despite the fact it's almost everywhere (from the Cloud to the embedded world), it can be difficult to set up and manage as a system administrator. General purpose distros have Xen packages, but that's just a start in your Xen journey: you need some tooling and knowledge to have a working and scalable platform.
XCP-ng was built to overcome those issues: by bringing Xen to the masses with a fully turnkey distro with Xen as its core. It's the logical sequel to the XCP project, with a community focus from the start. We'll see how it happened, what we did, and what's next. Finally, we'll see the impact of XCP-ng on the Xen Project.
XPDDS19: Will Robots Automate Your Job Away? Streamlining Xen Project Contrib...The Linux Foundation
Doug has long advocated for more CI/CD (Continuous Integration / Continuous Delivery) processes to be adopted by the Xen Project from the use of Travis CI and now GitLab CI. This talk aims to propose ideas for building upon the existing process and transforming the development process to provide users a higher quality with each release by the Xen Project.
XPDDS19: Client Virtualization Toolstack in Go - Nick Rosbrook & Brendan Kerr...The Linux Foundation
High level toolstacks for server and cloud virtualization are very mature with large communities using and supporting them. Client virtualization is a much more niche community with unique requirements when compared to those found in the server space. In this talk, we’ll introduce a client virtualization toolstack for Xen (redctl) that we are using in Redfield, a new open-source client virtualization distribution that builds upon the work done by the greater virtualization and Linux communities. We will present a case for maturing libxl’s Go bindings and discuss what advantages Go has to offer for high level toolstacks, including in the server space.
Today Xen is scheduling guest virtual cpus on all available physical cpus independently from each other. Recent security issues on modern processors (e.g. L1TF) require to turn off hyperthreading for best security in order to avoid leaking information from one hyperthread to the other. One way to avoid having to turn off hyperthreading is to only ever schedule virtual cpus of the same guest on one physical core at the same time. This is called core scheduling.
This presentation shows results from the effort to implement core scheduling in the Xen hypervisor. The basic modifications in Xen are presented and performance numbers with core scheduling active are shown.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
3. Erlang on Xen 101
•
A new Erlang runtime, runs w/o OS
•
Conceived in 2009
•
Built from scratch, specifically to run on Xen
•
Optimised for low startup latency
•
Highly-compatible with Erlang/OTP
•
Not an open source (yet)
•
The public build service is free
•
EoX starts to exec Erlang code in 4-5 ms after the
launch
•
Sustainable spawning rate = 10 instances/sec
Friday, 25 October 13
3
4. 7 commandements of
Newsoftware:
1) Do not assume the presence of OS underneath
2) Software must be oblivious to boundaries of physical
nodes
3) All services must share the same auto-scalable fabric
4) Run computations near the data they process
5) Child nodes get configuration from the parent only
6) Avoid 'administration' at all costs
7) SMP is abomination of cloud computing
Friday, 25 October 13
5. 1) Do not assume the presence of OS
underneath
-A full-featured kernel is an overkill for cloud instances
-Linux is optimised for very reliable long-living servers
-Unix-like access control does not help in the cloud
-Virtual devices require much simpler drivers
-Newsoftware will often run without a traditional OS
Library OS – implement OS-level functions as a
library – Mirage OS, OSv, rump kernels
Language runtime OS – use high-level language
for OS-level functions – Erlang on Xen
5
Friday, 25 October 13
6. 2) Software must be oblivious to
boundaries of physical nodes
-Cloud services make confines of a physical node less
relevant
-You can only scale so much vertically, horizontal is the
true scaling
-A user application should be ready to partition the
computation onto many instances
-Many services can be ephemeral – provisioned only
when needed
Current cloud stacks are not ready yet
Cloud management should become an integral
part of all standard libraries
6
Friday, 25 October 13
7. 3) All services must share the same
auto-scalable fabric
-Running cloud management stack isn’t
different from other tasks. All animals tasks
are equal.
-Cloud services should be elastic too – it would
be only too natural to implement them using
the same auto-scalable infrastructure
Packaging of cloud services as auto-scalable
applications paves the way to autonomous
clouds with far-reaching implications
7
Friday, 25 October 13
8. INTERMISSION: Zerg Demo
See zerg.erlangonxen.org — instance-per-request proof of
concept and check out the table at bottom of the page
Friday, 25 October 13
8
9. 4) Run computations near data they
process
-“Scanning” database queries shovel all data
through the network
-Especially unpleasant when joining
-The cloud storage hides the real topology too
well
-I/O traffic could congest datacenter’s networks
Storage nodes should be able to run lightweight data
processing instances
Xen provides the proper isolation for safe local data
processing
Friday, 25 October 13
9
10. 5) Child nodes get configuration from
the parent only
-Apps are really big nowadays, and are difficult to
understand
-Configuration is a mess of config files, scripts, and
Chef recipes
-Introducing proper hierarchy and order should help
-Erlang uses supervisor-workers scheme that works
and keeps things simple and understandable
The final destination is no manual configuration at all
10
Friday, 25 October 13
11. 6) Avoid “administration” at all costs
-Human beings can react to once-per-hour events,
not on the second (or millisecond) timescale
-Human admins do not scale well
-Apps should discover services they need and
make scaling decisions
-Traditional admin tasks go away due to simpler
Newsoftware stack
The final destination is no configuration at all
Many administration tasks can and should be automated
11
Friday, 25 October 13
12. 7) SMP is abomination of cloud
computing
-SMP hinders VM migration
-Datacenter is the computer for the Newsoftware
-No shared memory - use message passing
-Passing messages between VMs on a local host
is as fast as shared memory/locking
-Respawn smaller VMs are much faster
Services built from single-core VMs are much more
elastic and robust
12
Friday, 25 October 13
13. 2 project ideas:
1) Dom0 based on Erlang on Xen
2) Javascript in a Xen bottle
Friday, 25 October 13
14. 1) Dom0 based on Erlang on Xen
“Implement Xen toolstack in Erlang, remove Linux from
Dom0”
-Dom0 toolstack reminds strongly of Erlang – events,
pattern matching, multiple processes, etc
-xl is fast, yet not fast enough for on-demand
instance provisioning
-Use Linux inside unprivileged driver domains
Current status:
A prototype instance spawning interface developed –
in C and Erlang (zerg.erlangonxen.org)
14
Friday, 25 October 13
15. 2) Javascript in a Xen bottle
“Evaluate all web scripts inside a separate
Xen domain”
-Increase security of web browsing
-Use languages other than Javascript
-Run web scripts faster – native speed
15
Friday, 25 October 13
16. 2) Javascript in a Xen bottle
“Evaluate all web scripts inside a separate Xen domain”
-Increase security of web browsing
-Use languages other than Javascript
-Run web scripts faster – native speed
API calls
Browser
domain
Callbacks
Engine
domain
Spidermonkey
16
Friday, 25 October 13