The Xen Hypervisor was built for the Cloud from the outset: when Xen was designed, we anticipated a world, which today is known as cloud computing. Today, Xen powers the largest clouds in production. This talk explores success criteria, architecture, trade-offs and challenges for cloudy hypervisors.
It is intended for users and developers and starts with a brief introduction to Xen and XCP, their architecture, shine some light on common challenges for KVM and Xen, such as the NUMA performance tax and securing the cloud. It will introduce the concept of domain disaggregation as an approach to increase security, robustness and scalability: all important factors for building clouds at scale. The talk will conclude with an update on Xen support in Linux, Xen for ARM servers and other exciting developments in the Xen community and their implications for building open source clouds.
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Linuxcon EU : Virtualization in the Cloud featuring Xen and XCP
1. Virtualization in the Cloud:
Featuring Xen
Lars Kurth
Xen Community Manager
lars.kurth@xen.org
@lars_kurth
FREENODE: lars_kurth @xen_com_mgr
2. A Brief History of Xen in the Cloud
Late 90s
XenoServer Project
(Cambridge Univ.)
Global Public Computing
The XenoServer project is building
public infrastructure for wide-area “This dissertation proposes a new distributed computing
distributed computing. paradigm, termed global public computing, which allows
any user to run any code anywhere. Such platforms price
We envisage a world in which XenoServer
computing resources, and ultimately charge users for
execution platforms will be scattered across
resources consumed.“
the globe and available for any member of
the public to submit code for execution. Evangelos Kotsovinos, PhD dissertation, 2004
3. A Brief History of Xen in the Cloud
Late 90s Oct ‘03 ‘06 ‘08 ‘09 ‘11 ‘12
XenoServer Project Amazon EC2 XCP 1.x
(Cambridge Univ.) and Slicehost Cloud Mgmt
launched
Xen Presented Rackspace Linux 3.0
at SOSP Cloud
XCP packages
in Linux
XCP
Announced Xen for ARM
based Servers
PVH mode
5. Xen.org
• Guardian of Xen Hypervisor and related OSS Projects
• Xen Governance similar to Linux Kernel
• Projects
– Xen Hypervisor (led by 5 committers, 2 from Citrix)
– Xen Cloud Platform aka XCP (led by Citrix)
– Xen ARM : Xen for mobile devices (led by Samsung)
– PVOPS : Xen components and support in Linux Kernel (led by Oracle)
• 10+ vendors contributing more than 1% to the project
(AWS, AMD, Citrix, GridCentric, Fujitsu, Huawei, iWeb, Intel, NSA, Oracle, Samsung, Suse, …)
7. Hypervisor Architectures
Type 1: Bare metal Hypervisor Type 2: OS ‘Hosted’
A pure Hypervisor that runs directly on the A Hypervisor that runs within a Host OS and hosts
hardware and hosts Guest OS’s. Guest OS’s inside of it, using the host OS services
to provide the virtual environment.
VMn User-level VMM VMn
VM1 User
VM1
Apps
VM0 Device Models
VM0
Guest OS Guest OS
and Apps and Apps
Host OS
Scheduler Hypervisor
Ring-0 VM Monitor
Device Drivers/Models Device Drivers “Kernel “
MMU
Host HW Host HW
I/O Memory CPUs I/O Memory CPUs
Provides partition isolation + reliability, Low cost, no additional drivers
higher security Ease of use & installation
8. Xen: Type 1 with a Twist
Control domain
Thinner hypervisor
(dom0) • Functionality moved to Dom0
Device Models VMn
Using Linux PV OPS
VM1 • Using Linux Device Drivers
Drivers
VM0 • PV, PV on HVM and PVH modes
Guest OS • Sharing components with KVM
Linux & BSD and Apps
Hypervisor
In other words
Scheduler MMU XSM
• Re-use of Dom0 kernel components
I/O Memory CPUs
Host HW • Ease of use & Installation
• Isolation & Security
8
9. Xen and Linux
• Xen Hypervisor is not in the Linux kernel
• BUT: everything Xen and Xen Guests need to run is!
• Xen packages are mostly in Linux distros
– Install Dom0 Linux distro
– Install Xen package(s) or meta package
– Reboot
– Config stuff: set up disks, peripherals, etc.
More info: wiki.xen.org/wiki/Category:Host_Install
10. Basic Xen Concepts
Control Domain aka Dom0
Console • Dom0 kernel with drivers
• Xen Management Toolstack
VMn • Trusted Computing Base
Control domain VM1
(dom0) Guest Domains
One or more VM0
Toolstack driver, stub or • Your apps
Dom0 Kernel
service domains Guest OS
and Apps
• E.g. your cloud management stack
Driver/Stub/Service Domain(s)
Scheduler MMU XSM Hypervisor
• A “driver, device model or control
Host HW service in a box”
I/O Memory CPUs
• De-privileged and isolated
• Lifetime: start, stop, kill
10
11. Xen Variants for Server & Cloud
Xen Hypervisor XCP
Toolstack / Console Default / XL (XM) Libvirt / VIRSH XAPI / XE
Increased level of functionality and integration with other components
Get Binaries from … Linux Distros Linux Distros Debian & Ubuntu
ISO from Xen.org
Products Oracle VM Huawei UVP Citrix XenServer
Used by … Many
Others
More info: xen.org/community/presentations.html
11
13. PV Domains & Driver Domains
Technology:
Control domain Guest VMn Driver Domain
(dom0) e.g. • Paravirtualization
Apps • Disk Linux PV guests have limitations:
• Network
• limited set of virtual hardware
PV Back Ends PV Front Ends PV Back End
Advantages
HW Drivers HW Driver • Fast
• Works on any system
Dom0 Kernel Guest OS Dom0 Kernel*
(even without virt extensions)
Xen Hypervisor Driver Domains
• Security
Host HW • Isolation
I/O Memory CPUs
• Reliability and Robustness
*) Can be MiniOS
13
14. HVM & Stub Domains
Technology:
Dom0 Guest VMn Stubdomn Guest VMn
• Shows emulation using QEMU/Device Model
(SW Virtualization)
IO Emulation IO Emulation
• In other situation HW can be used
Device Model Device Model Disadvantages
• Emulation slower than PV
IO Event IO Event (mainly I/O devices)
Dom0 Kernel VMEXIT Mini OS VMEXIT
Advantages
• No kernel support needed
Xen Hypervisor
Stub Domains
Host HW • Security
• Isolation
• Reliability and Robustness
14
15. The Virtualization Spectrum
VS Virtualized (SW)
VH Virtualized (HW)
P Paravirtualized
Fully Virtualized (FV) VS VS VS VH
FV with PV disk & network P VS VS VH HVM mode/domain
PVHVM P P VS VH
PVH x86 Xen 4.3 P P P VH
PVH ARM v7+ Xen 4.3 P VH P VH PV mode/domain
Fully Paravirtualized (PV) P P P P
16. The Virtualization Spectrum
Optimal performance
Scope for improvement
Poor performance
Fully Virtualized (FV) VS VS VS VH
FV with PV disk & network P VS VS VH HVM mode/domain
PVHVM P P VS VH
PVH x86 Xen 4.3 P P P VH
PVH ARM v7+ Xen 4.3 P VH P VH PV mode/domain
Fully Paravirtualized (PV) P P P P
17. PVH Benefits
• Solves a number of historical problems with PV and HVM
– AMD 64 bit and x86-64 architecture is not a good match for PV for Privileged Instructions
and Page Tables
– Will allow to simplify the Xen and PVOPS architecture in the longer term
• Fastest of PV and HVM on all architectures
– No need for emulation
– Uses HW virtualization where it is fastest
– Uses PV where PV is fastest
– Should provide the best trade-offs for most work-loads
More info: wiki.xen.org/wiki/Virtualization_Spectrum &
More info: xen.org/xensummit/xs12na_talks/M9.html
19. XCP – Xen Cloud Platform
Complete stack for server virtualization
• Extends Xen to cover multiple hosts
• Adds further functionality and integrations
for cloud, storage and networking to Xen HV
• GPLv2
• XenServer is a commercial XCP distro
Two Flavours
• Appliance (ISO using CentOS Dom0)
• Packages in Debian & Ubuntu
(more distros to come)
20. Major XCP Features
• VM lifecycle: live snapshots, checkpoint, migration
• Resource pools: flexible storage and networking
• Event tracking: progress, notification
• Upgrade and patching capabilities
• Real-time performance monitoring and alerting
• Built-in support and templates for Windows and Linux guests
• Open vSwitch support built-in (default)
More info: wiki.xen.org/wiki/XCP_Release_Features
21. XCP 1.6 Beta
• Internal Improvements:
Xen 4.1.2, CentOS 5.7 with kernel 2.6.32.43, Open vSwitch 1.4.1
• New format Windows drivers: installable by Windows Update Service
• Networking: Better VLAN scalability, LACP bonding, IPv6
• More guest OS templates: Ubuntu Precise 12.04, RHEL/CentOS,
Oracle Enterprise Linux 6.1 & 6.2, Windows 8
• Storage XenMotion:
– Migrate VMs between hosts or pools without shared storage
– Move a VM’s disks between storage repositories while the VM is running
More info: xen.org/download/xcp/releasenotes_1.6.0.html &
More info: xen.org/download/xcp/index_1.6.0.html
25. System characteristics cloud users care about:
“Robustness, Performance, Scalability & Security”
Results XCP User Survey 2012 – 90% of users quoted these as most important attributes
26. Disaggregation
• Split Control Domain into Driver, Stub and Service Domains
– See: ”Breaking up is hard to do” @ Xen Papers
– See: “Domain 0 Disaggregation for XCP and XenServer”
• Unique benefit of the Xen architecture
– Robustness: ability to safely restart parts of the system
(e.g. just 275ms outage from failed Ethernet driver)
– Performance: lightweight, Xen scheduler
– Scalability: more distributed system (less reliable on Dom0)
– Security: Minimum privilege; Narrow interfaces; Restart domains
• Used today by Qubes OS and Citrix XenClient XT
• Prototypes for XCP and XenServer
27. User VM User VM
NF BF NF BF
NB gntdev NB gntdev gntdev
Dom0 Network NFS/
Dom0 Qemu xapi Qemu Network NFS/ Local
drivers iSCSI drivers iSCSI storage
Domain
manager
drivers . drivers drivers
qemu
. qemu
healthd storaged storaged storaged
networkd . networkd
xenopsd tapdisk . tapdisk tapdisk
libxl vswitch blktap3 xapi vswitch blktap3 blktap3
syslogd
eth eth
Dom0 eth eth scsi
Xen
NIC CPU CPU
NIC RAM RAM NIC NIC
(or
(or SR- (or SR- (or SR- RAID
SR-IOV
IOV VF) IOV VF) IOV VF)
VF)
28. User VM User VM
NF BF NF BF
NB gntdev NB gntdev gntdev
Dom0 Network NFS/ Qemu xapi Logging Qemu Network NFS/ Local
driver iSCSI domain domain domain domain driver iSCSI storage
Domain
domain driver domain driver driver
manager
domain domain domain
qemu qemu
healthd storaged storaged storaged
networkd networkd
xenopsd tapdisk tapdisk tapdisk
libxl vswitch blktap3 xapi syslogd vswitch blktap3 blktap3
dbus over v4v
eth eth eth eth scsi
Xen
CPU CPU
NIC NIC RAM RAM NIC NIC
(or SR- (or SR- (or SR- (or SR- RAID
IOV VF) IOV VF) IOV VF) IOV VF)
29. Xen Security Advantages
• Even without Advanced Security Features
– Well-defined trusted computing base (much smaller than on type-2 HV)
– Minimal services in hypervisor layer
• Xen Security Modules (or XSM)
– Developed, maintained and contributed to Xen by NSA
– Generalized Security Framework for Xen
– Compatible with SELinux (tools, architecture)
– XSM object classes maps onto Xen features
• XSM together with Disaggregation
– Security sensitive Desktop use-cases developed for the NSA
29
30. User VM User VM
NF BF NF BF
NB gntdev NB gntdev gntdev
Dom0 Network NFS/ Qemu xapi Logging Qemu Network NFS/ Local
driver iSCSI domain domain domain domain driver iSCSI storage
Domain
domain driver domain driver driver
manager
domain domain domain
qemu qemu
healthd storaged storaged storaged
networkd networkd
xenopsd tapdisk tapdisk tapdisk
libxl vswitch blktap3 xapi syslogd vswitch blktap3 blktap3
dbus over v4v
eth eth eth eth scsi
XSM policy
restricting access Xen
NIC CPU CPU
NIC RAM RAM NIC NIC
(or
(or SR- (or SR- (or SR- RAID
SR-IOV
IOV VF) IOV VF) IOV VF)
VF)
32. Cool new functionality & initiatives
• New PVH virtualization mode (Oracle)
– Patches being up-streamed to Xen and Linux (3.7 & 3.8) as we speak
– Sweet spot for performance
• Xen for ARM servers (using new PVH mode)
– Cortex A15/ ARM v7: can start guests on Versatile Express; Samsung Chromebook next
– ARM v8: porting work started on simulator and patches being up-streamed
• New Xen ports
– FreeBSD Xen port (SpectraLogic & HP)
– Xen MIPS port (by BroadCom)
• Language run-times running on bare-metal Xen
– ErlangOnXen.org , Openmirage.org
More info: wiki.xen.org/wiki/Xen_Roadmap/4.3 & wiki.xen.org/wiki/XCP_Roadmap
34. • Designed for the Cloud : many advantages for cloud use!
– Resilience, Robustness & Scalability
– Security: Small surface of attack, Isolation & Advanced Security
Features
• Widely used by Cloud Providers and Vendors
• XCP
– Ready for use with cloud orchestration stacks
– Packages in Linux distros: flexibility and choice
• Open Source with a large community and eco-system
– Exciting new developments in the pipeline
35. • IRC: ##xen @ FREENODE
• Mailing List: xen-users & xen-api (lists.xen.org)
• Wiki: wiki.xen.org
• Ecosystem pages:
xen.org/community/ecosystem.html
• Presentations & Videos:
xen.org/community/presentations.html
• Xen Day Barcelona @ LinuxCon, Nov 8th :
xen.org/community/events/xendaybarcelona2012.html
@lars_kurth
Questions … @xen_com_mgr
FREENODE: lars_kurth
Slides available under CC-BY-SA 3.0
From www.slideshare.net/xen_com_mgr
Notes de l'éditeur
Xen started out as a research project at Cambridge University, UK in the late 90’sAim: to define infrastructure for wide-area distributed computingVision: was pretty much cloud computing as we know it todayOut of the project came a dissertation by EvangelosKotsovinos which defines Global Public Computing in terms ofDistributed resourcesPublic compute infrastructureCharge users for resources consumedWhat we understand as Public Cloud Computing AWS style today
Hold this thought! We will come back to this later….!
Overall, we have around 40-45 vendors contributing to the project per year and
Type 1 hypervisor: example ESXSimple architecture; Hypervisor replaces the kernelNo need to provide rich “process” semantics, like “user”, filesystems, etc.Device drivers need to be rewritten for each hardware platformType 2 is hosted: example kvm- The hypervisor is just a driver that typically works with user-level monitor.HW access is intercepted by the ring 0- VM monitor passed to the User level Virtual Monitor, which passes requests to the kernelRe-use of device drivers is traded off against security and a large trusted computing base (green)
PVOPS is the Kernel Infrastructure to run a PV Hypervisor on top of Linux
Device Model emulated in QEMUModels for newer devices are much faster, but for now PV is even faster
VM lifecycle (start, stop, resume) ... automation is the key pointLive snapshots: Takes a snapshot of a live VM (e.g. for disaster recovery or migration)Resource pools (multiple physical machines): XS & XCP onlylive migration: VM is backed up while running, onto shared storage (e.g. NFS) in a pool and when completed restarted elsewhere in that pool. disaster recovery: you can find lots of information on how this works at http://support.citrix.com/servlet/KbServlet/download/17141-102-19301/XenServer_Pool_Replication_-_Disaster_Recovery.pdf (the key point is that I can back up the metadata for the entire VM)Flexible storage: XAPI does hide details for storage and networkingI.e. I apply generic commands (NFS, NETAPP, iSCSI ... once its created they all appear the same) from XAPI. I only need to know the storage type when I create storage and network objects (OOL)Upgrading a host to a later version of XCP (all my configs and VMs stay the same) …and patching (broken now - bug, can apply security patches to XCP/XS or Dom0 but not DomU)
* Host Architectural Improvements. XCP 1.5 now runs on the Xen 4.1 hypervisor, provides GPT (new partition table type) support and a smaller, more scalable Dom0. * GPU Pass-Through. Enables a physical GPU to be assigned to a VM providing high-end graphics. * Increased Performance and Scale. Supported limits have been increased to 1 TB memory for XCP hosts, and up to16 virtual processors and 128 GB virtual memory for VMs. Improved XCP Tools with smaller footprint. * Networking Improvements. Open vSwitch is now the default networking stack in XCP 1.5 and now provides formal support for Active-Backup NIC bonding. * Enhanced Guest OS Support. Support for Ubuntu 10.04 (32/64-bit).Updated support for Debian Squeeze 6.0 64-bit, Oracle Enterprise Linux6.0 (32/64-bit) and SLES 10 SP4 (32/64-bit). Experimental VM templates for CentOS 6.0 (32/64-bit), Ubuntu 10.10 (32/64-bit) and Solaris 10. * Virtual Appliance Support (vApp). Ability to create multi-VM and boot sequenced virtual appliances (vApps) that integrate with Integrated Site Recovery and High Availability. vApps can be easily imported and exported using the Open Virtualization Format (OVF) standard.
PVOPS is the Kernel Infrastructure to run a PV Hypervisor on top of Linux
Just one example of a survey, many morehttp://www.colt.net/cio-research/z2-cloud-2.htmlAccording to many surveys, security is actually the main reason which makes or breaks cloud adoptionBetter security means more adoptionConcerns about security means slowed adoption
Just one example of a survey, many morehttp://www.colt.net/cio-research/z2-cloud-2.htmlAccording to many surveys, security is actually the main reason which makes or breaks cloud adoptionBetter security means more adoptionConcerns about security means slowed adoption
Ask some questions
PVOPS is the Kernel Infrastructure to run a PV Hypervisor on top of Linux
Performance : similar to other hypervisorsMaturity: Tried & Tested, Most Problems that are Problems are well knownOpen source: Good body of Knowledge, Tools