Xen Project Overview and UpdateXen Project Overview and Update

Ian Pratt, Chairman of Xen.org, andChief Scientist, Citrix Systems Inc.

Ian Pratt, Chairman of Xen.org, andChief Scientist, Citrix Systems Inc.

2© 2007 Citrix Systems, Inc. — All rights reserved

Xen Community Story• 2002 Oct Xen hypervisor development starts• 2004 Xen 1.0 and 2.0 released, First Xen developer’s summit

• 2005 XenSource founded, Xen 3.0 released

• 2006 CPU enhancements for virtualization ship; Linux distros ship XenAll x86 OSes “enlightened”: Vmware, Microsoft adopt paravirtualizationFirst XenEnterprise releaseAmazon EC2 Launches

• 2007 XenSource acquired by Citrix• 2008 Xen embedded in Flash on HP/Dell servers

First embedded Xen on laptops

3© 2007 Citrix Systems, Inc. — All rights reserved

Xen Today

• ~17% enterprise server market share (Yankee, Aug 08)

• World's largest virtualization deployments are Xen based

• Community: over 50 Companies, 20 Universities, from 20 Countries, ~250 developers

• More than 10,000 code submissions since Xen 3.0

• x86, IA64, ARM support

• In Severs, Laptops, Storage & Network Appliances, PDAs

4© 2007 Citrix Systems, Inc. — All rights reserved

Xen is great. It’s powerful and easy to use. But most important is the very active community around it.

That was a very big reason for us in selecting Xen.

Xen Powers the World’s IT Infrastructure Clouds

Werner Vogels CTO, Amazon.com ”

“

5© 2007 Citrix Systems, Inc. — All rights reserved

2008 Winner, Server VirtualizationBest of Open Source Software Awards

Congratulations, and Thank You!

6© 2007 Citrix Systems, Inc. — All rights reserved

Xen Project Mission

• Build the industry standard open source hypervisor

• Lead the industry in virtualization performance

• Ensure continued stability and high quality in the code base

• Support multiple CPU types; big and small systems

• Foster and sponsor innovation

• Drive toward vendor interoperability and compatibility

7© 2007 Citrix Systems, Inc. — All rights reserved

Xen

Citrix, Intel, AMD, VA Linux, Fujitsu, IBM, HP, Unisys, SGI, Samsung, Sun, Red Hat, Novell, DoD, NSA (over 50

orgs)

Xen: An Open Reference Standard

8© 2007 Citrix Systems, Inc. — All rights reserved

The Xen Project Advisory Board• Represents major contributors and vendors that offers Xen based

products. Current members:

• Defines and approves the Xen® Trademark Policy (“What is Xen?”)

• Oversees community code practices and roadmap

9© 2007 Citrix Systems, Inc. — All rights reserved

Virtualization Benefits

XAvoid planned downtime with VM Relocation

Dynamically re-balance workload to meet app SLAs or to saver power

10© 2007 Citrix Systems, Inc. — All rights reserved

Virtualization Benefits

XRestart-HA monitors hosts and VMs to keep apps running

XHardware Fault Tolerance with deterministic replayor checkpointing

11© 2007 Citrix Systems, Inc. — All rights reserved

Xen Hypervisor

First and Best tosupport new

Intel VT & AMD-V,Smart IO & chipset

Technologies

Leaders inOS Enlightenment

(Also Hyper-V compatib

12© 2007 Citrix Systems, Inc. — All rights reserved

Unlocking Hardware Innovation

Only a hypervisor can deliver the benefits of the new hardware

Only a hypervisor can deliver the benefits of the new hardware

Hardware Virtualization Support• Nested Page Tables (VT2/VMI) • FlexPriority, FlexMigrate• Smart NICs (e.g. VT-C/VMDq) and HBAs

Hardware Virtualization Support• Nested Page Tables (VT2/VMI) • FlexPriority, FlexMigrate• Smart NICs (e.g. VT-C/VMDq) and HBAs

Multi-core Processors • More efficient utilization• Hides complexity from guests

Multi-core Processors • More efficient utilization• Hides complexity from guests

Enhanced Security• TPM and secure boot (TXT)

• IOMMU to protect device DMA accesses• Full Execute-Disable (NX/XD)

Enhanced Security• TPM and secure boot (TXT)

• IOMMU to protect device DMA accesses• Full Execute-Disable (NX/XD)

13© 2007 Citrix Systems, Inc. — All rights reserved

OS Paravirtualization (Enlightenment)

• Extending the OS to be aware it is running in a virtualized environment• For performance and enhanced correctness• IO, memory size, CPU, MMU, time

• In Xen <2.0, some paravirtulizations were compulsory to close x86 virtualization holes• Intel VT / AMD-V allow incremental paravirtualization

• Paravirtualization is still very important for performance, and works along side enhancements to the hardware• Higher-level paravirtualizations yield greatest benefit

14© 2007 Citrix Systems, Inc. — All rights reserved 14

SPECjbb2005 Comparison

0

0.2

0.4

0.6

0.8

1

1.2

1-vcpu 2-vcpu 4-vcpu

Relat

ive sc

ore t

o na

tive

RHEL5 guest / SPECjbb2005 Sun JVM

Native ESX 3.0.1 XenEnterprise 3.2

15© 2007 Citrix Systems, Inc. — All rights reserved

w2k3 Terminal Server Concurrent Session test

16© 2007 Citrix Systems, Inc. — All rights reserved

Hypervisor Security

• “hidden hypervisor” attack is a myth, but exploitation of an installed hypervisor is a real and dangerous threat

• Hypervisors add more software and thus increase the attack surface• Network-facing control stack• VM containment

• Xen much smaller and defensible than an OS• Xen’s “strength in depth” approach

• Disaggregate, De-privilege, narrow interfaces• Xen Security Modules from the NSA

• Measured launch: TPM/TXT/SKINIT

17© 2007 Citrix Systems, Inc. — All rights reserved

Improving Security with Hypervisors

• Hypervisors allow administrative policy enforcement outside the OS• Firewalls, IDS, malware scanning etc

• More robust as not so easily disabled• Provides protection within a network rather than just at borders

• Hardening OSes with immutable memory, taint tracking, logging and replay

• Backup policy, multi-path IO, HA, FT etc• Availability and Reliability

• Xen Introspection API project (extending XenAccess library)

18© 2007 Citrix Systems, Inc. — All rights reserved

Xen Client : A Hypervisor for Client Devices• Security, Manageability and Supportability• Building Multi-level secure systems

• Run multiple guest VMs with very controlled information flow• Enables Bring-Your-Own-PC model• Corporate VM; VM for web browsing; VM for banking• Migration of VMs between datacentre and laptops for offline use• Seamless merging of VM displays

• “Embedded IT” virtual appliances• IDS, Malware detection, remote access, backup etc.

• Security requires a true hypervisor architecture

19© 2007 Citrix Systems, Inc. — All rights reserved

Xen Client Initiative

• 12 Vendors Collaborating on architecture and implementation of Xen client hypervisor

• Security is a key requirement

20© 2007 Citrix Systems, Inc. — All rights reserved

From Laptops to Phones•Smart phones and portable devices

• Xen ARM• Smart phones now suffer from many of the same problems as PCs

•Simple restricted use cases:• Three VMs running on one CPU:

• Real time VM for controlling the radio• VM for vendor/operator -supplied s/w• VM for user-downloaded software

21© 2007 Citrix Systems, Inc. — All rights reserved

Roadmap Current Projects

•XenClient•Xen Introspection API•Fault Tolerance• “Difference Engine” memory optimizations•Cloud infrastructure services

22© 2007 Citrix Systems, Inc. — All rights reserved

Closing Remarks

•Virtualization is destined to become ubiquitous• Every machine, Every workload• Built in to the platform• Client devices as well as servers

•Xen offers the best performance and the most secure architecture• Xen is powered by a growing community with a diverse range of

products and services