Xen Project Status Ian Pratt · Xen Project Status Ian Pratt 12/3/07 1 ® 12/3/07 2 Project Status...
Transcript of Xen Project Status Ian Pratt · Xen Project Status Ian Pratt 12/3/07 1 ® 12/3/07 2 Project Status...
®
Xen Project Status
Ian Pratt
12/3/07 1
®
12/3/07 2
Project Status
• xen.org and the Xen Advisory Board• Xen project mission• Ubiquitous virtualization• Realizing Xen’s architectural advantages• From servers to clients• Interoperability goals
®
12/3/07 3
The move to xen.org
• All community related activities havemoved to www.xen.org
• Website, source repos, wiki, bugzilla• Mailing lists will move over soon• Objectives:
1. Independence of Xen project from anycommercial org
2. Better community tools3. Independent oversight
®
12/3/07 4
The Xen Project Advisory Board
• Advisory board constituted from largestcontributors and key vendors that deliver Xen inthe market, currently:– Citrix– IBM– Intel– HP– Novell– Red Hat– Sun
• This group will also define procedures forevolving the group over time, as required
®
12/3/07 5
Role of Xen AB
1. Oversight of community code practices– Help drive regular releases– Ensure vendor neutrality– Build vendor confidence and commitment
2. Guide the project roadmap3. Development of a new trademark policy
for the Xen™ trademark and Xen logo– Document is in draft– Will be agreed upon by all Xen AB members– Aim to go live within a month
®
12/3/07 6
New Xen™ Trademark Policy
• The Xen AB members agree that Xen is a valuable mark and should bemade available to commercial products and the community
• Non-commercial / community work product is exempt from thetrademark requirements since it is product development related, andtherefore cannot confuse the customer
• Commercial products that wish to use the Xen marks must meet qualitycriteria that classify the product as a “Faithful Implementation”– Faithful implementations interoperate with other vendors products and
implement key APIs of the hypervisor– Tested using the FIT, which will be developed by the community, freely
available for vendor-self-certification– Police intent and rely on vendors intentions to do the right thing– Products that pass the FIT are automatically granted a license to the marks
• The community will be able to review and comment on the policy andfeedback will be incorporated before it is finalized
®
12/3/07 7
Xen Project Mission Statement
• Build the industry standard open source hypervisor– Core "engine" that is incorporated into multiple vendors’ products
• Maintain our industry-leading performance– Be first to exploit new hardware acceleration features– Help OS vendors paravirtualize their OSes
• Maintain our reputation for stability and quality– Security must now be paramount
• Support multiple CPU types; big and small systems– From server to client to mobile
• Foster innovation– Be a great platform for research and experimentation
• Drive interoperability– Between Xen-based products– With other virtualization products
®
12/3/07 8
Ubiquitous Virtualization
• The overhead of virtualization is getting smaller:– Through hardware assistance
• CPU : VT/AMDV, NPT/EPT, ASIDs, APIC• Chipset : IOMMU• I/O : multi-queue NICs, self-virtualizing NICs and HBAs
– Through targeted paravirtualization of OSes• Particularly higher-level paravirtualization
Near-zero overhead• Allows always-on virtualization• Even for a single high-performance VM
• Xen’s goal : be the best choice for ubiquitousdeployment
®
12/3/07 9
Realizing Xen’s Architectural Advantages
• Xen’s true hypervisor architecture enablesexcellent security and scalability
• Lightweight service domains– I/O driver domains and utility domains– Device emulation domains– Domain building / measurement domains
• Allows efficient large SMP scalability• Minimum privilege, small TCB
– De-privilege and disaggregate domain 0
®
12/3/07 10
From Servers to Clients
• Security and manageability are key drivers forclient virtualization– Service partitions; multi-level secure VMs; BYOPC
• Hypervisor needed to take advantage of secureboot and attestation (TXT/TPM)
• Preparing Xen for client– IOMMU HVM device pass-through– Enhanced power management– USB device pass-through– 3D graphics virtualization
®
12/3/07 11
Interoperability goals
• xen.org needs to define reference guests andhypervisors for interoperability testing– Enhanced automated test infrastructure
• Open Virtual Format (OVF):– Virtual appliance file format– Defined by Dell, HP, IBM, MSFT, VMWare,
XenSource; now going through DMTF– Need to develop a full Xen implementation
• Management APIs XenAPI, CIM, libvirt– Essential for a vibrant ISV ecosystem
• Add native Viridian hypercall support
®
12/3/07 12
Conclusions
• The Xen Advisory Board aims tostrengthen vendor confidence andcommitment to the Xen Community
• Ubiquitous virtualization provides greatopportunity for mass Xen deployment
• Xen leads commercial hypervisors inmany key areas
• Xen remains a hotbed of innovation…
®
12/3/07 13
®
12/3/07 14
Xen Architectural Advantages
• True hypervisor design– Small privileged component, principle of least
privilege• Secure compartmentalization
– Grant tables allow controlled sharing• Optimized as a hypervisor• Cross-platform: x86, ia64, Power and ARM• OS agnostic: Windows, Linux, Solaris, *BSD• Flexible to enable domain0 disaggregation
– Control-plane OS (e.g. OpenBSD or MiniOS)– Driver domains– Service domains (e.g. virus scanners, firewalls etc)
®
12/3/07 15
Post-3.0.0 Change Log
0
20
40
60
80
100
120
140
160
180
200
Number of Changesets per week
3.0.0 3.0.23.0.1 3.0.3 3.0.4
®
12/3/07 16
Xen Roadmap
• Server– Performance and scalability optimizations– Enable Smart IO devices– SCSI pass-through
• Security– Domain0 disaggregation; XSM Xen Security Modules– Secure boot, TPM, certification, multi-level secure
systems• Client
– Power management• Suspend and hibernate; Clock management
– 3D video• direct h/w access; high-performance guest virtualization
– USB device pass-through
®
12/3/07 1712/3/07 17
Virtualization benefits #1
• Server consolidation– Consolidate scale-out success– Exploit multi-core CPUs
• Manageability– Secure remote console– Reboot / power control– Performance monitoring
• Ease of deployment– Rapid provisioning
• Disaster Recovery• Ease of hardware upgrade/replacement
– Portability: no need to upgrade OS due to new h/w
®
12/3/07 1812/3/07 18
Virtualization benefits #2
• Resource pools (server clusters)– Zero-downtime maintenance– Load balancing– High Availability
• Administrative policy enforcement– Backup, Firewalls, Malware detection.
• Abstracting physical world complexity– e.g. Multi-path storage and networking
• Simplifies application stack certification– Certify app on OS, OS on hypervisor, hypervisor on h/w
Virtualization is destined to be ubiquitous
®
12/3/07 19
Enabling new hardware features
• CPU : getting the most from VT / AMDV– ASID Address Space Identifiers– Nested paging reduces overhead of MMU
virtualization (no shadow pagetables)– APIC/IPI virtualization
• Hardware assisted paravirtualization
• Chipset– Secure boot
• LT/SKINIT, TPM
– IOMMU / VT-d• Device pass-through (e.g. for Windows graphics)• Grant table integration for protected inter-domain DMA
®
12/3/07 20
Enhancing Block I/O
• Block I/O is easier to virtualize than Network I/O:– Lower # requests/second, bigger batches– Data can be DMAed direct to final destination
• We do pretty well with blkfront/back today– SCSI front/back very promising
• Fibre Channel NPIV easily adopted to allowassignment of WWN to VMs– Migrate WWN with VM, just like network MAC addrs
• Smart HBAs (PCI-IOV) offer potential for directguest access
®
12/3/07 21
Accelerating Network IO
• Network IO is tough:– High packet rate– Data must be copied to deliver to VM– Some applications latency sensitive
• Netfront/back can be an IO bottleneck– Use multiple driver domains for multiple NICs– New Netfront/back2 will adopt a ‘late copy’ approach,
improving scalability• Copy initiated by receiving domain, not driver domain
– Better cache behaviour and improved CPU accounting– Netfront/back2 will support Smart NICs:
• #1 multi-queue NICs avoid the need for RX data copy• #2 virtualization-friendly NICs mapped directly into guests
®
12/3/07 22
Summary
• The Xen Community powers Xen forwardat an incredible rate
• Virtualization is destined to achieve nearbare-metal levels of performance, resultingin “always-on” ubiquitous virtualization
• Xen can become the industry standard forplatform-integrated virtualization
®
12/3/07 23
Platform-integrated virtualization
• Hypervisor integrated into system firmware• Closely coupled with server hardware
– Dedicated hypervisor better able to meet the rapidh/w product cycle that a full OS, and thus best placedto fully enable new hardware features
• Virtualization must be OS agnostic– Future likely to be more OS heterogeneous– Virtual Appliances with customized or minimal OSes
• Standardized interfaces essential– Xen/VMware/Viridian virtual hardware and hypercalls
• Must have proven reliability and security• Must have close to “bare metal” performance
®
12/3/07 2412/3/07 24
SPECjbb2005 Sun JVM installed
RHEL5 guest / SPECjbb2005 Sun JVM
0
0.2
0.4
0.6
0.8
1
1.2
1-vcpu 2-vcpu 4-vcpuRela
tive s
co
re t
o n
ati
ve (
hig
her
is b
ett
er)
Native ESX 3.0.1 XenEnterprise 3.2
®
12/3/07 2512/3/07 25
Windows 2003 Passmark CPU results
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
Integer Math Floating Point
Math
SSE/3DNow! Compression Encryption Image
Rotation
String Sorting CPU Mark
Rela
tive s
co
re t
o n
ati
ve (
hig
her
is b
ett
er)
Native ESX 3.0.1 XenEnterprise 3.2
®
12/3/07 2612/3/07 26
Windows 2003 Passmark memory results
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
Allocate Small
Block
Read Cached Read Uncached Write Memory Mark
Re
lati
ve
sc
ore
to
na
tiv
e (
hig
he
r is
be
tte
r)
Native ESX 3.0.1 XenEnterprise 3.2