Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Xen Project Overview and UpdateXen Project Overview and Update
Ian Pratt, Chairman of Xen.org, andChief Scientist, Citrix Systems Inc.
Ian Pratt, Chairman of Xen.org, andChief Scientist, Citrix Systems Inc.
2© 2007 Citrix Systems, Inc. — All rights reserved
Xen Community Story• 2002 Oct Xen hypervisor development starts• 2004 Xen 1.0 and 2.0 released, First Xen developer’s summit
• 2005 XenSource founded, Xen 3.0 released
• 2006 CPU enhancements for virtualization ship; Linux distros ship XenAll x86 OSes “enlightened”: Vmware, Microsoft adopt paravirtualizationFirst XenEnterprise releaseAmazon EC2 Launches
• 2007 XenSource acquired by Citrix• 2008 Xen embedded in Flash on HP/Dell servers
First embedded Xen on laptops
3© 2007 Citrix Systems, Inc. — All rights reserved
Xen Today
• ~17% enterprise server market share (Yankee, Aug 08)
• World's largest virtualization deployments are Xen based
• Community: over 50 Companies, 20 Universities, from 20 Countries, ~250 developers
• More than 10,000 code submissions since Xen 3.0
• x86, IA64, ARM support
• In Severs, Laptops, Storage & Network Appliances, PDAs
4© 2007 Citrix Systems, Inc. — All rights reserved
Xen is great. It’s powerful and easy to use. But most important is the very active community around it.
That was a very big reason for us in selecting Xen.
Xen Powers the World’s IT Infrastructure Clouds
Werner Vogels CTO, Amazon.com ”
“
5© 2007 Citrix Systems, Inc. — All rights reserved
2008 Winner, Server VirtualizationBest of Open Source Software Awards
Congratulations, and Thank You!
6© 2007 Citrix Systems, Inc. — All rights reserved
Xen Project Mission
• Build the industry standard open source hypervisor
• Lead the industry in virtualization performance
• Ensure continued stability and high quality in the code base
• Support multiple CPU types; big and small systems
• Foster and sponsor innovation
• Drive toward vendor interoperability and compatibility
7© 2007 Citrix Systems, Inc. — All rights reserved
Xen
Citrix, Intel, AMD, VA Linux, Fujitsu, IBM, HP, Unisys, SGI, Samsung, Sun, Red Hat, Novell, DoD, NSA (over 50
orgs)
Xen: An Open Reference Standard
8© 2007 Citrix Systems, Inc. — All rights reserved
The Xen Project Advisory Board• Represents major contributors and vendors that offers Xen based
products. Current members:
• Defines and approves the Xen® Trademark Policy (“What is Xen?”)
• Oversees community code practices and roadmap
9© 2007 Citrix Systems, Inc. — All rights reserved
Virtualization Benefits
XAvoid planned downtime with VM Relocation
Dynamically re-balance workload to meet app SLAs or to saver power
10© 2007 Citrix Systems, Inc. — All rights reserved
Virtualization Benefits
XRestart-HA monitors hosts and VMs to keep apps running
XHardware Fault Tolerance with deterministic replayor checkpointing
11© 2007 Citrix Systems, Inc. — All rights reserved
Xen Hypervisor
First and Best tosupport new
Intel VT & AMD-V,Smart IO & chipset
Technologies
Leaders inOS Enlightenment
(Also Hyper-V compatib
12© 2007 Citrix Systems, Inc. — All rights reserved
Unlocking Hardware Innovation
Only a hypervisor can deliver the benefits of the new hardware
Only a hypervisor can deliver the benefits of the new hardware
Hardware Virtualization Support• Nested Page Tables (VT2/VMI) • FlexPriority, FlexMigrate• Smart NICs (e.g. VT-C/VMDq) and HBAs
Hardware Virtualization Support• Nested Page Tables (VT2/VMI) • FlexPriority, FlexMigrate• Smart NICs (e.g. VT-C/VMDq) and HBAs
Multi-core Processors • More efficient utilization• Hides complexity from guests
Multi-core Processors • More efficient utilization• Hides complexity from guests
Enhanced Security• TPM and secure boot (TXT)
• IOMMU to protect device DMA accesses• Full Execute-Disable (NX/XD)
Enhanced Security• TPM and secure boot (TXT)
• IOMMU to protect device DMA accesses• Full Execute-Disable (NX/XD)
13© 2007 Citrix Systems, Inc. — All rights reserved
OS Paravirtualization (Enlightenment)
• Extending the OS to be aware it is running in a virtualized environment• For performance and enhanced correctness• IO, memory size, CPU, MMU, time
• In Xen <2.0, some paravirtulizations were compulsory to close x86 virtualization holes• Intel VT / AMD-V allow incremental paravirtualization
• Paravirtualization is still very important for performance, and works along side enhancements to the hardware• Higher-level paravirtualizations yield greatest benefit
14© 2007 Citrix Systems, Inc. — All rights reserved 14
SPECjbb2005 Comparison
0
0.2
0.4
0.6
0.8
1
1.2
1-vcpu 2-vcpu 4-vcpu
Relat
ive sc
ore t
o na
tive
RHEL5 guest / SPECjbb2005 Sun JVM
Native ESX 3.0.1 XenEnterprise 3.2
15© 2007 Citrix Systems, Inc. — All rights reserved
w2k3 Terminal Server Concurrent Session test
16© 2007 Citrix Systems, Inc. — All rights reserved
Hypervisor Security
• “hidden hypervisor” attack is a myth, but exploitation of an installed hypervisor is a real and dangerous threat
• Hypervisors add more software and thus increase the attack surface• Network-facing control stack• VM containment
• Xen much smaller and defensible than an OS• Xen’s “strength in depth” approach
• Disaggregate, De-privilege, narrow interfaces• Xen Security Modules from the NSA
• Measured launch: TPM/TXT/SKINIT
17© 2007 Citrix Systems, Inc. — All rights reserved
Improving Security with Hypervisors
• Hypervisors allow administrative policy enforcement outside the OS• Firewalls, IDS, malware scanning etc
• More robust as not so easily disabled• Provides protection within a network rather than just at borders
• Hardening OSes with immutable memory, taint tracking, logging and replay
• Backup policy, multi-path IO, HA, FT etc• Availability and Reliability
• Xen Introspection API project (extending XenAccess library)
18© 2007 Citrix Systems, Inc. — All rights reserved
Xen Client : A Hypervisor for Client Devices• Security, Manageability and Supportability• Building Multi-level secure systems
• Run multiple guest VMs with very controlled information flow• Enables Bring-Your-Own-PC model• Corporate VM; VM for web browsing; VM for banking• Migration of VMs between datacentre and laptops for offline use• Seamless merging of VM displays
• “Embedded IT” virtual appliances• IDS, Malware detection, remote access, backup etc.
• Security requires a true hypervisor architecture
19© 2007 Citrix Systems, Inc. — All rights reserved
Xen Client Initiative
• 12 Vendors Collaborating on architecture and implementation of Xen client hypervisor
• Security is a key requirement
20© 2007 Citrix Systems, Inc. — All rights reserved
From Laptops to Phones•Smart phones and portable devices
• Xen ARM• Smart phones now suffer from many of the same problems as PCs
•Simple restricted use cases:• Three VMs running on one CPU:
• Real time VM for controlling the radio• VM for vendor/operator -supplied s/w• VM for user-downloaded software
21© 2007 Citrix Systems, Inc. — All rights reserved
Roadmap Current Projects
•XenClient•Xen Introspection API•Fault Tolerance• “Difference Engine” memory optimizations•Cloud infrastructure services
22© 2007 Citrix Systems, Inc. — All rights reserved
Closing Remarks
•Virtualization is destined to become ubiquitous• Every machine, Every workload• Built in to the platform• Client devices as well as servers
•Xen offers the best performance and the most secure architecture• Xen is powered by a growing community with a diverse range of
products and services