Xen Project Status Ian Pratt 12/3/07 1
Project Status xen.org and the Xen Advisory Board Xen project mission Ubiquitous virtualization Realizing Xen s architectural advantages From servers to clients Interoperability goals 12/3/07 2
The move to xen.org All community related activities have moved to www.xen.org Website, source repos, wiki, bugzilla Mailing lists will move over soon Objectives: 1. Independence of Xen project from any commercial org 2. Better community tools 3. Independent oversight 12/3/07 3
The Xen Project Advisory Board Advisory board constituted from largest contributors and key vendors that deliver Xen in the market, currently: Citrix IBM Intel HP Novell Red Hat Sun This group will also define procedures for evolving the group over time, as required 12/3/07 4
Role of Xen AB 1. Oversight of community code practices Help drive regular releases Ensure vendor neutrality Build vendor confidence and commitment 2. Guide the project roadmap 3. Development of a new trademark policy for the Xen trademark and Xen logo Document is in draft Will be agreed upon by all Xen AB members Aim to go live within a month 12/3/07 5
New Xen Trademark Policy The Xen AB members agree that Xen is a valuable mark and should be made available to commercial products and the community Non-commercial / community work product is exempt from the trademark requirements since it is product development related, and therefore cannot confuse the customer Commercial products that wish to use the Xen marks must meet quality criteria that classify the product as a Faithful Implementation Faithful implementations interoperate with other vendors products and implement key APIs of the hypervisor Tested using the FIT, which will be developed by the community, freely available for vendor-self-certification Police intent and rely on vendors intentions to do the right thing Products that pass the FIT are automatically granted a license to the marks The community will be able to review and comment on the policy and feedback will be incorporated before it is finalized 12/3/07 6
Xen Project Mission Statement Build the industry standard open source hypervisor Core "engine" that is incorporated into multiple vendors products Maintain our industry-leading performance Be first to exploit new hardware acceleration features Help OS vendors paravirtualize their OSes Maintain our reputation for stability and quality Security must now be paramount Support multiple CPU types; big and small systems From server to client to mobile Foster innovation Be a great platform for research and experimentation Drive interoperability Between Xen-based products With other virtualization products 12/3/07 7
Ubiquitous Virtualization The overhead of virtualization is getting smaller: Through hardware assistance CPU : VT/AMDV, NPT/EPT, ASIDs, APIC Chipset : IOMMU I/O : multi-queue NICs, self-virtualizing NICs and HBAs Through targeted paravirtualization of OSes Particularly higher-level paravirtualization Near-zero overhead Allows always-on virtualization Even for a single high-performance VM Xen s goal : be the best choice for ubiquitous deployment 12/3/07 8
Realizing Xen s Architectural Advantages Xen s true hypervisor architecture enables excellent security and scalability Lightweight service domains I/O driver domains and utility domains Device emulation domains Domain building / measurement domains Allows efficient large SMP scalability Minimum privilege, small TCB De-privilege and disaggregate domain 0 12/3/07 9
From Servers to Clients Security and manageability are key drivers for client virtualization Service partitions; multi-level secure VMs; BYOPC Hypervisor needed to take advantage of secure boot and attestation (TXT/TPM) Preparing Xen for client IOMMU HVM device pass-through Enhanced power management USB device pass-through 3D graphics virtualization 12/3/07 10
Interoperability goals xen.org needs to define reference guests and hypervisors for interoperability testing Enhanced automated test infrastructure Open Virtual Format (OVF): Virtual appliance file format Defined by Dell, HP, IBM, MSFT, VMWare, XenSource; now going through DMTF Need to develop a full Xen implementation Management APIs XenAPI, CIM, libvirt Essential for a vibrant ISV ecosystem Add native Viridian hypercall support 12/3/07 11
Conclusions The Xen Advisory Board aims to strengthen vendor confidence and commitment to the Xen Community Ubiquitous virtualization provides great opportunity for mass Xen deployment Xen leads commercial hypervisors in many key areas Xen remains a hotbed of innovation 12/3/07 12
12/3/07 13
Xen Architectural Advantages True hypervisor design Small privileged component, principle of least privilege Secure compartmentalization Grant tables allow controlled sharing Optimized as a hypervisor Cross-platform: x86, ia64, Power and ARM OS agnostic: Windows, Linux, Solaris, *BSD Flexible to enable domain0 disaggregation Control-plane OS (e.g. OpenBSD or MiniOS) Driver domains Service domains (e.g. virus scanners, firewalls etc) 12/3/07 14
Post-3.0.0 Change Log 200 180 160 140 120 100 80 60 40 20 0 Number of Changesets per week 3.0.0 3.0.1 3.0.2 3.0.3 3.0.4 12/3/07 15
Xen Roadmap Server Performance and scalability optimizations Enable Smart IO devices SCSI pass-through Security Domain0 disaggregation; XSM Xen Security Modules Secure boot, TPM, certification, multi-level secure systems Client Power management Suspend and hibernate; Clock management 3D video direct h/w access; high-performance guest virtualization USB device pass-through 12/3/07 16
Virtualization benefits #1 Server consolidation Consolidate scale-out success Exploit multi-core CPUs Manageability Secure remote console Reboot / power control Performance monitoring Ease of deployment Rapid provisioning Disaster Recovery Ease of hardware upgrade/replacement Portability: no need to upgrade OS due to new h/w 12/3/07 17
Virtualization benefits #2 Resource pools (server clusters) Zero-downtime maintenance Load balancing High Availability Administrative policy enforcement Backup, Firewalls, Malware detection. Abstracting physical world complexity e.g. Multi-path storage and networking Simplifies application stack certification Certify app on OS, OS on hypervisor, hypervisor on h/w Virtualization is destined to be ubiquitous 12/3/07 18
Enabling new hardware features CPU : getting the most from VT / AMDV ASID Address Space Identifiers Nested paging reduces overhead of MMU virtualization (no shadow pagetables) APIC/IPI virtualization Chipset Hardware assisted paravirtualization Secure boot LT/SKINIT, TPM IOMMU / VT-d Device pass-through (e.g. for Windows graphics) Grant table integration for protected inter-domain DMA 12/3/07 19
Enhancing Block I/O Block I/O is easier to virtualize than Network I/O: Lower # requests/second, bigger batches Data can be DMAed direct to final destination We do pretty well with blkfront/back today SCSI front/back very promising Fibre Channel NPIV easily adopted to allow assignment of WWN to VMs Migrate WWN with VM, just like network MAC addrs Smart HBAs (PCI-IOV) offer potential for direct guest access 12/3/07 20
Accelerating Network IO Network IO is tough: High packet rate Data must be copied to deliver to VM Some applications latency sensitive Netfront/back can be an IO bottleneck Use multiple driver domains for multiple NICs New Netfront/back2 will adopt a late copy approach, improving scalability Copy initiated by receiving domain, not driver domain Better cache behaviour and improved CPU accounting Netfront/back2 will support Smart NICs: #1 multi-queue NICs avoid the need for RX data copy #2 virtualization-friendly NICs mapped directly into guests 12/3/07 21
Summary The Xen Community powers Xen forward at an incredible rate Virtualization is destined to achieve near bare-metal levels of performance, resulting in always-on ubiquitous virtualization Xen can become the industry standard for platform-integrated virtualization 12/3/07 22
Platform-integrated virtualization Hypervisor integrated into system firmware Closely coupled with server hardware Dedicated hypervisor better able to meet the rapid h/w product cycle that a full OS, and thus best placed to fully enable new hardware features Virtualization must be OS agnostic Future likely to be more OS heterogeneous Virtual Appliances with customized or minimal OSes Standardized interfaces essential Xen/VMware/Viridian virtual hardware and hypercalls Must have proven reliability and security Must have close to bare metal performance 12/3/07 23
SPECjbb2005 Sun JVM installed RHEL5 guest / SPECjbb2005 Sun JVM Relative score to native (higher is better) 1.2 1 0.8 0.6 0.4 0.2 0 1-vcpu 2-vcpu 4-vcpu Native ESX 3.0.1 XenEnterprise 3.2 12/3/07 24
Windows 2003 Passmark CPU results 1 0.9 Relative score to native (higher is better) 0.8 0.7 0.6 0.5 0.4 0.3 0.2 0.1 0 Integer Math Floating Point Math SSE/3DNow! Compression Encryption Image Rotation String Sorting CPU Mark Native ESX 3.0.1 XenEnterprise 3.2 12/3/07 25
Windows 2003 Passmark memory results Relative score to native (higher is better) 1 0.9 0.8 0.7 0.6 0.5 0.4 0.3 0.2 0.1 0 Allocate Small Block Read Cached Read Uncached Write Memory Mark Native ESX 3.0.1 XenEnterprise 3.2 12/3/07 26