citrix systems and chairman of xen · pdf file“hp will offer the citrix xenserver hp...
TRANSCRIPT
®
Xen Directions
Ian Pratt
Citrix Systems and Chairman of Xen.org
1
®Outline
• A brief overview of Xen and Xen.org
• Why virtualization matters
• Xen Architecture and Roadmap
• The Xen Client Initiative
2
®The Xen Story
• Mar 1999 XenoServers HotOS paper
• Apr 2002 Xen hypervisor development starts
• Oct 2003 Xen SOSP paper
• Apr 2004 Xen 1.0 released
• Jun 2004 First Xen developer‟s summit
• Nov 2004 Xen 2.0 released
• 2004 Hardware vendors start taking Xen seriously
• 2005 RedHat, Novell, Sun and others adopt Xen
• 2006 VMware and Microsoft adopt paravirtualization
• Sep 2006 First XenEnterprise released
• May 2008 Xen embedded in Flash on HP/Dell servers3
®
Xen
Citrix, Intel, AMD, IBM, HP, Oracle,
Sun, Unisys, SGI, Samsung,
RedHat, Novell, Fujitsu, VALinux,
NTT, NEC, US DoD, NSA, many
Universities (over 60 orgs)
Xen: An Open Reference Standard
®
Xen Hypervisor
First and Best to
support new
CPU, chipset,
and Smart IO
Technologies
Pioneers of
OS “Paravirtualization”
(Hyper-V compatible)
®Unlocking Hardware Innovation
Only a hypervisor can deliver
the benefits of the new hardware
Hardware Virtualization Support
• Nested Page Tables (VT2/VMI)
• FlexPriority, FlexMigrate
• Smart NICs (e.g. VT-C/VMDq) and HBAs
Multi-core Processors
• More efficient utilization
• Hides complexity from guests
Enhanced Security
• TPM and secure boot (TXT)
• IOMMU to protect device DMA accesses
• Full Execute-Disable (NX/XD)
®Xen Tops Performance Comparisons
Keith Ward, Virtualization Review
"The Porsche of hypervisors? XenServer. Raise your hand if you saw that coming.... The pokiest? ESX.
“XenServer 5 outperforms VMware ESX 3.5 by 41% in (XenApp) user scalability tests.”
The Tolly Group
®
Xen is great. It’s powerful
and easy to use. But most
important is the very active
community around it.
That was a very big reason
for us in selecting Xen.
Xen Powers the World‟s IT Infrastructure Clouds
Werner Vogels
CTO, Amazon.com”
“
®Xen Today
• ~17% enterprise server market share (Yankee, Aug 08)
• World's largest virtualization deployments are Xen based
• Development Community: over 50 Companies,
25 Universities, from 25 Countries, ~250 developers
• More than 20,000 code submissions
• x86, IA64, ARM support
• Used in Severs, Desktops, Laptops, Storage Appliances,
Network Appliances, PDAs and Smart Phones
®
•
•
•
•
•
•
•
•
•
•
®XenServer Embedded
“HP will offer the Citrix XenServer HP Select Edition as the preferred and
recommended solution for virtualization on Proliant Systems”
Scott Farrand, VP Software, HP Industry Standard Servers
• Hypervisor embedded into firmware
• Closely coupled and optimized for server h/w
• Dedicated hypervisor better able to meet the rapid h/w product cycle than a full OS, and thus best placed to fully enable new hardware features
®
12
First Virtualization Benefits
• Server consolidation– Consolidate scale-out success
– Exploit multi-core CPUs
• Manageability– Secure remote console
– Reboot / power control
– Performance monitoring
• Ease of deployment– Rapid provisioning
• VM image portability– Move image between different hardware
– Disaster Recovery
®2nd Generation Virtualization Benefits
Avoid planned downtime with VM Relocation
Dynamically re-balance workload to meet app SLAs or to saver power
®2nd Generation Virtualization Benefits
Restart-HA monitors hosts and VMs to keep apps running
Hardware Fault Tolerance with deterministic replayor checkpointing
®Hypervisor Security
• Hypervisors add more s/w and thus increase the attack
surface:– Network-facing control stack
– VM containment
• True type-1 hypervisor much smaller and defensible than
an OS– Xen was designed with security as a key priority
• Principle of least privilege, layered defences approach
• Xen Security Modules developed by the US NSA
– Secure hypervisor launch using Trusted Platform Module (TPM) and
Trusted Execution Technology (TXT)
• Xen is field hardened from extensive cloud deployments
®Improving Security with Hypervisors
• Hypervisors allow administrative policy
enforcement outside the OS– Firewalls, IDS, malware scanning etc
• More robust as can not be disabled
• Provides protection within a network rather than just at borders
– Hardening OSes with immutable memory, taint tracking,
logging and replay
– Backup policy, multi-path IO, HA, FT etc
• Availability and Reliability
®Hypervisor I/O Architecture
Event Channel Virtual MMUVirtual CPU Control IF
Hardware (CPU, MMU, physical memory, Ethernet, SCSI/IDE etc)
Physical
Device
Driver
Control OS
Device
Manager &
Control s/w
VM0
Guest OS
VM1
Virtual Device Driver
Guest OS
Applications
VM2
Guest OS
Applications
VM3
Safe HW IF
Virtual Machine Monitor
Virtual Device Mux
Applications
Virtual Device Driver Device Emulation
“h/w” Device Driver
®Hardware Assisted I/O Architecture
Event Channel Virtual MMUVirtual CPU Control IF
Hardware (CPU, MMU, physical memory, Ethernet, SCSI/IDE etc)
Physical
Device
Driver
Control OS
Device
Manager &
Control s/w
VM0
Guest OS
VM1
Virtual Device Driver
Guest OS
Applications
VM2
Guest OS
Applications
VM3
Safe HW IF
Virtual Machine Monitor
Virtual Device Mux
Applications
Virtual Device Driver Device Emulation
“h/w” Device Driver
H/W Accel
DriverH/W Accel
Driver
®Network Performance
Type-0
0
5
10
15
20
25
30
35
CP
U (
%)
usercopy
kern
xen1
grantcopy
kern0
xen0basic smart
NIC
SR-IOV
NIC
native
201%
100%123% 105%
• New Smart NICs reduce CPU overhead substantially
• Care must be taken with type-2/3 NICs to ensure benefits
of VM portability and live relocation are not lost
s/w only
®
• Full featured open source virtual switch for Xen
• Isolation & resource control enables hypervisor multi-tenancy
• Supports key network control plane protocols
• Full visibility into and reporting of traffic via
• Netflow
• SPAN / RSPAN
• Enhanced security through
• Replication of traffic to external IDS
• Per VM firewall & policies that migrate with the VM on live relocation
• High performance
New Distributed Virtual Switch for Xen
VMVM
VMVM
Hypervisor
®
Distributed Virtual Switch for XenServer
VMVM
VMVM
Hypervisor
VMVM
VMVM
Hypervisor
VMVM
VMVM
Hypervisor
DVS
Controller
• External DVS Controller manages per-VM and per-overlay state
• Offers enhanced security and visibility, centralized logging
• Provides a single config & management view of a distributed virtual edge switch
• Per VM firewall policies migrate with VM
• Implemented as a virtual appliance with per-flow time scale control over each host switch
®The Xen.org Xen Client Initiative
• Formed in October 2007 to develop Xen for desktops and laptop
– Develop true „bare metal‟ type-1 Hypervisor, plus interim type-2 Virtual
Machine Monitor
• Develop enhanced power management, USB, WiFi, WWAN, 3D
Graphics, fingerprint reader, multitouch etc
• Support for Intel® vPro™ technologies: TXT w/TPM, VT-d, AMT
• Tiny footprint hypervisor, Embeddable in Flash memory, or
Disk/SSD
• Citrix and Intel spearhead the Xen Client Initiative
• Aiming to make virtualization ubiquitous on client devices...
®Client Hypervisor Benefits
• Security, Manageability, Supportability, Auditability
• Building Multi-Level Secure systems– Run multiple VMs with policy controlled information flow
• E.g. Personal VM; Corporate VM; VM for web browsing; VM for banking
• Enables “out-of-band” management and policy
enforcement– Malware detection, remote access, image update, backup, VPN, etc.
• Requires a true type-1 hypervisor architecture– Trusted hypervisor provides secure isolation
®Client Virtual Machine Monitor Architectures
Type 2 VMMType 1 Hypervisor
Type-1 hypervisor
hardware
personal image corporate imageType-2 hypervisor
hardware
Personal Image
corporate image
®Type 1 vs. Type 2 Client Hypervisors
Type 1 Type 2
High Performance User Experience
No Dependency on Existing Operating
System
Low Overhead Virtualization Layer
Hardware Independence for All
Environments on the System
Fully Isolated Computing
Environments
Direct Access to Hardware
Manage All Environments as a VM
Secure Hypervisor Boot
®Intel® Trusted Execution Technology
Boots software into a known, trusted state
Isolates assigned memory partitions from other software
Closes software without exposing its data
1001010
000010111
01110100100
110011010011
Intel vPro™ Tech. Pltfm
TPM 1.2
Intel vPro™ Tech. Pltfm
TPM 1.2
Intel vPro™ Tech. Pltfm
TPM 1.2
Intel TXT
Measured Launch
Environment
Open Memory
VT-x, VT-d Isolated Memory
OS
Apps
Hardware
Unauthorized:
From 3rd party
Enabling Secure Virtualization
®
x86 Hardware
Xen Hypervisor
Control Domain
Personal VM Business VM
Audi
oGPUUSB
Disk ACPI NIC
Type 1 Client Hypervisor Architecture
TXT
TPM
®
x86 Hardware
Xen Hypervisor
Control Domain
Personal VM Business VM
Audi
oGPUUSB
Disk ACPI NIC
Hardware Isolation Operation
TXT
TPM
®
x86 Hardware
Xen Hypervisor
Control Domain
Personal VM Business VM
Audi
oUSB
Disk ACPI
GPU
NIC
Hardware Pass Through Operation
TXT
TPM
®
Laptop
Policy
BackupImages
Data Sync
Client Virtualization Possibilities
• High Performance Bare-metal Client Virtualization– Provides a High Definition User Experience
– Securely Run Multiple Hardware Independent Images
– Provide Ability to get under the client OS and manage it
• And New Way to Deliver Desktops– Use a Single Image for Initial Deployment and Ongoing Management
– Efficient Two-way Data Synchronization
– Flexible policy controls
– Integrated Encryption and Backup
®“Business” & “Personal” Environments
Business Personal
• Allows Local App Installs
• Minimal Management– Virus Scanner
– Security Patches
• No SLA– Self-Service Wipe
• Locked Down
• No Local App Installs
• Tightly Managed
• Self-Service Corporate App Installs
®
Personal
Bridge “Business” & “Personal”
Business
BusinessPersonal
®Conclusions
• Hypervisors will become ubiquitous, near zero
overhead, built in to the hardware
• Xen provides the best performance and security
• The open source community behind Xen provides
great advantages over proprietary development
• Virtualization is a really fun area to be working in!
33