vbacd - introduction to xen cloud platform - 2/28
DESCRIPTION
XCP combines the Xen hypervisor with enhanced security, storage, and network virtualization technologies to offer a rich set of virtual infrastructure cloud services. These XCP cloud services can beleveraged by cloud providers to enable isolation and multi-tenancy capabilities in their environments. XCP also provides the user requirements of security, availability, performance, and isolation for private and public cloud deployments. [Presented as part of the Open Source Build a Cloud program on 2/28/2012 - http://cloudstack.org/about-cloudstack/cloudstack-events.html?categoryid=6]TRANSCRIPT
X E N I N T H E C LO U D H I S TO RY
"Xenoserver are machines that can safely and securely perform useful work on behalf of any user who is prepared to pay for the resources consumed"
Reed et al., 7th Workshop on Hot Topics in Operating Systems, 1999
Global Public Computing
“This dissertation proposes a new distributed computing paradigm, termed global public computing, which allows any user to run any code anywhere. Such platforms price computing resources, and ultimately charge users for resources consumed.“
Evangelos Kotsovinos, PhD dissertation, 2004
'99
XenoServers Project(Cambridge University)
XEN IN THE CLOUD HISTORY
Oct ‘03
Xen Presented at SOSP
Nov ‘02
Xen Repository Published
‘09 ‘11
XCPAnnounced
Dom0in Linux
‘08‘06
Amazon EC2and
Slicehostlaunched Rackspace
Cloud
'99
XenoServers Project
‘12
XCP 1.5
XCP 1.0 Kronos
XEN WAS DESIGNED FOR THE CLOUD AND THE CLOUDS ARE BUILT ON XEN!
BASIC XEN CONCEPTS
Xen Hypervisor
Control domain (Dom0)
Host HW
VMn
VM1
VM0
Guest OSand Apps
Memory CPUsI/O
Scheduler, MMU
One or more service domains
Dom0 Kernel
VM in Xen termionlogy is DomU
XEN GUEST VIRTUALIZATION TYPES
• Paravirtualization (PV)o Guest kernel made Xen-aware (open source kernels)o Avoid or replace non-virtualizable operationso Very fast and legacy hardware is supported
• Hardware-assisted virtualization (HVM)o Unmodified guest (full virtualization of proprietary OSes)o Requires Intel VT-x or AMD-V (virtualization in hardware)
• PV on HVMo Emulate when necessary/beneficial (e.g. boot/BIOS)o Performs better or near PV for a variety of workloads
XEN AND THE L INUX KERNEL
Xen was initially a University research project
Invasive changes to the kernel to run Linux as a PV guest
Even more changes to run Linux as dom0
XEN AND THE L INUX KERNEL
DomU/Dom0 Xen guest support was not in upstream Linux kernel
Great maintenance effort on distributions
Fedora/Ubuntu temporarily dropped Dom0 support
Xen was harder to install
XEN AND THE L INUX KERNEL
PVOPS Project
Xen DomU since Linux 2.6.23
Xen Dom0 since Linux 3.0
On-going work on feature set and performance optimization. Dom0 support in distros much better!
XEN CLOUD PLATFORM (XCP)
XCP OVERVIEW
• Open source version of Citrix XenServero wiki.xen.org/wiki/XCP/XenServer_Feature_Matrix
• Enterprise-ready server virt. and cloud platformo Extends Xen beyond a single physical machine (host pools)o Built-in templates for Windows and Linux guestso Open vSwitch built-in and is default networking stack
• Datacenter and cloud-ready management APIo XenAPI (XAPI) is fully open sourceo CloudStack and OpenStack integration
XC P TO O L S TA C K D I S T R O I N D E P E N D E N C E
Extend the delivery model beyond XCP Appliance• apt-get install xcp-xapi or yum install xcp-xapi
Debian Wheezy, Ubuntu 12.04 LTS working (Project Kronos )
Fedora and CentOS in progress (Project Zeus) Volunteer to help and/or add support for your
favorite distro
XEN VS. XCP VS. PROJECT KRONOS
Xen XCP Project Kronos
Hypervisor: latest stable via Debian/Ubuntu package
Dom0 OS: CentOS, Debian, Fedora, NetBSD, OpenSuse, RHEL 5.x, Solaris 11, …
CentOS 5.5 Debian and Ubuntu
Dom 0: 32 and 64 bits 64 bits 32 and 64 bits
Linux 3 Dom0: Yes As of XCP 1.5, not yet Yes
Toolstack: Libxl or Libvirt stable XAPI latest XAPI
Advanced functionality: build it yourself Open vSwitch , storage repositories, and signed PV drivers built-in
build it yourself
Configurations: everything directed by stable XAPI directed by latest XAPI
Usage Model: distro support or do it yourself Shrink wrapped and tested distro support or do it yourself
Distribution: Source or via Linux/Unix distribution
ISO (source available) source or via Debian/Ubuntu packages
XCP/XAPI FUTURE
• XCP & XAPI configuration of choice for cloudso Optimized for usage patterns in cloud orchestration (e.g.
OpenStack, CloudStack OpenNebula)
• Exploit advanced Xen security featureso Driver domains, stub domainso Dom0 dissagregation
• Xen on ARM (XAPI on ARM)
XCP 1.5
• Architectural Improvements: Xen 4.1, GPT, smaller Dom0
• GPU pass through: for VMs serving high end graphics
• Performance and Scalability: 1 TB mem/host 16 VCPUs/VM, 128 GB/VM. (Note: limits are due to XAPI restriction not Xen hypervisor)
• Enhanced Guest OS Support: Support for Ubuntu 10.04 (32/64-bit). Updated support for Debian Squeeze 6.0 64-bit, Oracle Enterprise Linux 6.0 (32/64-bit) and SLES 10 SP4 (32/64-bit). Experimental VM templates for CentOS 6.0 (32/64-bit), Ubuntu 10.10 (32/64-bit) and Solaris 10.
XAPI : WHAT IS IT?
• XAPI (or XenAPI) is the backbone of XCPo Provides the glue between all components
• It's a XML-RPC style API, served via HTTPSo Provided by a service on every XCP Dom0 hosto Designed to by highly programmableo API bindings for many languages: .NET, Java, C,
Powershell, Python
• XAPI is Extensible via plugins (e.g. used by OpenStack)
XAPI FROM 30000 FEET (STORAGE)
Storage Repository
Physical Block Device(s)
VM
Virtual Disk ImageVirtual Disk Image
Virtual Block DeviceVirtual Block Device Virtual Block Device
VM
LVM, iSCSI, NFS. etc.
XAPI FROM 30000 FEET (NETWORK)
Network
Physical Interface(s) (PIF(s))
VM
Virtual Interface (VIF)
Virtual Interface (VIF)
Virtual Interface (VIF)
VM
Network
Physical Interface(s) (PIF(s))Bridge, Open vSwitch, Bond, VLAN, etc.
XAPI FROM 30000 (METRICS)
Host
host_metrics
VBD
VBD_Metrics
PIF
PIF_metrics
VM
VM_metrics
xen.org/files/XenCloud/ocamldoc/apidoc
XAPI OVERVIEW
• VM lifecycle management: live snapshots, checkpoint, migration
• Resource pools: live migration, auto configuration, disaster recovery
• Flexible storage (NFS, iSCSI, LVM) and networking (Open vSwitch)
• Event tracking: progress (VM status), notification (disk full)• Upgrade and patching capabilities (of XCP)• Real-time performance monitoring and alerting (metrics)
OPEN VSWITCH
• Software switch, similar to:o VMware vNetwork Distributed Switcho Cisco Nexus 1000V
• Distribution agnostic. Plugs right into Linux kernel.
• Reuses existing Linux kernel networking subsystems.
• Backwards-compatible with traditional userspace tools.
WHY USE OPEN VSWITCH WITH CLOUD?
• Automated control: OpenFlow
• Multi-tenancy
• Monitoring and QoS
See also: XenServer Distributed Virtual Switch Controller
XAPI MANAGEMENT OPTIONS
• XAPI frontend command line tool: XE (tab-completable)
• Desktop GUIso Citrix XenCenter (Windows-only)o OpenXenManager (open source cross-platform XenCenter clone)
• Web interfaceso Xen VNC Proxy (XVP)
lightweight VM console only user access control to VMs (multi-tenancy)
o XenWebManager (web-based clone of OpenXenManager)
• XCP Ecosystem: ProjectPage, ProductsPage
OPENXENMANAGER
XEN VNC PROXY (XVP)
XCP AND CLOUD ORCHESTRATION STACKS
SECURITY AND THE NEXT WAVE OF XEN
• Security is key requirement for Cloud
• Security is the primary goal of client virtualizationo Desktop, Laptops, Tablets & Smart Phones
• Maintaining isolation between VMs is criticalo Spatial and temporal isolationo Run multiple VMs with policy controlled information flow
(e.g. Personal VM; Corporate VM; VM for web browsing; VM for banking)
PLACEMENT OF CLOUD MANAGEMENT TOOL
Installed in a VM (DomU)
Pros Isolation of cloud VM Security properties Pre-packaged appliance
Cons More complex Less flexible
Directly installed on Dom0
Pros Simple install Flexibility
Cons Less isolation Cloud service is potential entry
point to compromise Dom0
ARCHITECTURE CONSIDERATIONS
Type 1: Bare metal Hypervisor Type 2: OS ‘Hosted’
Provides partition isolation + reliability,higher security
Low cost, no additional drivers Ease of use & installation
Host HWMemory CPUsI/O Host HW MemoryCPUsI/
O
HypervisorScheduler
MMUDevice
Drivers/Models
VMn
VM1
VM
Guest OSand Apps
Host OS
Device Drivers
Ring-0 VM Monitor “Kernel “
VMn
VM1
VM
Guest OSand Apps
UserApps
User-level VMM
Device ModelsVirtual
Machine Control
Control domain (dom0)
Host HW
VMn
VM1
VM0
Guest OSand Apps
Memory CPUsI/O
HypervisorScheduler
MMU
Drivers
Device Models
Linux, BSD, etc.
XSM
XEN: TYPE 1 WITH A TWIST
• Thin hypervisoro Key functionality moved
to Dom0
• Using Linux PVOPSo Take advantage of PVo PV on HVMo No additional device
drivers (Linux 3.x dom0)
• In other wordso Low cost (drivers) o Isolation & security
XEN SECURITY ADVANTAGES
• Even without advanced security features o Well-defined trusted computing base
o (much cleaner than a type-2 hypervisor)o No extra services in hypervisor layer
• More Robustness: Mature, tried & tested architecture
• Xen Security Modules (or XSM)o Developed and contributed to Xen by NSAo Generalized security framework for Xeno The Xen equivalent of SELinux
XEN DOM0 DISAGGREGATION
• Split control domain (Dom0) into driver, stub and service domainso Each contains a specific set of control logico See: ”Breaking up is hard to do” @ Xen Papers
• Unique benefit of the Xen architectureo Security: minimum privilege; narrow interfaceso Performance: lightweight, e.g. Mini-OS service domainso Robustness: ability to safely restart parts of the systemo Scalability: more distributed system (less reliant on single
control domain)
QUBES OS / XENCLIENT XT
• First products configured to take advantage of the security benefits of Xen’s architecture
• Isolated driver domains
• Virtual hardware emulation domains
• Service VMs (global and per-guest)
• Xen Security Modules (XSM)
XENCLIENT ARCHITECTURE
Xen Hypervisor
Intel vPro Hardware
Man
agem
ent
Dom
ain
Net
wor
k Is
olat
ion User VM
Per host/deviceService VMs
Xen Security Modules
VT-d TXT
VT-x AES-NI
Policy Granularity
User VM
Policy Granularity
Dev
ice
Em
ulat
e
VP
N
Isol
atio
n
Dev
ice
Em
ulat
ion
VP
N
Isol
atio
n
Per guestService VMs
Con
trol
D
omai
n
XEN SECURITY IN THE CLOUD
• Xen-based server products (such as XCP) will start making use of advanced security featureso Driver domains, stub domains, service domainso Xen Security Modules (XSM)o Dom0 Disaggregation
• Driver domains, stub domains, services domains, and XSM already in upstream Xen
• Dom0 disaggregation code coming to xen-unstable
SUMMARY: WHY XEN?
• Designed for the Cloud : many advantages for cloud use!o Resilience, robustness & scalability o Security and architecture: small, clean attack surface, isolation
properties, and advanced security features
• Widely used in production by public cloud providers
• XCP & XAPIo Ready for use with cloud orchestration stacks o XCP and Project Kronos: flexibility and choiceo Lots of additional improvements for cloud still to come
• Flexibility and choice of usage models
• Open Source with a large community and eco-system
THANK YOU!
XEN RESOURCES
• IRC: ##xen @ FREENODE• Mailing List: xen-users & xen-api• Wiki: wiki.xen.org
o Beginners & User Categories• Excellent XCP Tutorials
o A day worth of material @xen.org/community/xenday11
REFERENCES
Xen and the Art of Repeated Research, Clarkson University www.clarkson.edu/class/cs644/xen/files/repeatedxen-use
nix04.pdf
XenAPI (XAPI) Classes xen.org/files/XenCloud/ocamldoc/apidoc
HOW TO CONTRIBUTE
• Same process as for Linux Kernelo Same license: GPLv2o Same roles: Developers, Maintainers,
Committerso Contributions by patches + sign-off
(Developer Certificate of Origin)o Details @
xen.org/projects/governance.html
COMMUNITY & ECOSYSTEM MAP
ADD #s
Consulting
Firms
Consulting
People
Xen Project
s
XCP Project
s
Xen Produc
ts
XCP Produc
ts
ResearchHostin
gVendor
s
xen.org/community/projects