The 4th Xen Summit was hosted by IBM at the TJ Watson Research Center in Yorktown Heights on 17+18 April. About 130 of the key contributors to the Xen project were there, and the program offered 43 presentations over two days. It was fantastic to be at TJ Watson – probably the true home of virtualization.
The Summit confirmed for me the tremendous vitality of the Xen community and the power of the open source development model. It seems to me that what Xen does is correctly align the financial incentives of all of the development organizations – each develops its part, and benefits in return from the huge contribution of the community. The rate of development, bug fixing and testing is much greater than any proprietary development team could attain.
With the major Linux Distros now both shipping Xen and the release of XenSource’s XenEnterprise 3.2, the key contributors are now focusing on secure, extensible management APIs and tools, extension of the Xen I/O architecture to include Intel and AMD IOMMUs and the PCI-SIG I/O Virtualization standards, advances in multi-platform support, I/O performance enhancement and tuning, and extending the paravirtualized I/O protocol that gives Xen its edge over other hypervisor architectures. Some of the new developments that I thought were partcularly interesting, are listed below. Here are the slides from all talks, and here is a scorecard and update on the Xen project roadmap.
New Ports: Sam-bung Suh of Samsung reported on his team’s Xen port to the ARM 9processor for use as an embedded, secure hypervisor on mobile devices. Since the ARM is so different from the x86, it is great to see the architecture transfer so cleanly. More importantly, it is superb to see Xen gaining mind-share in the mobile device world – one that has not yet had the advantage of virtualization for platform cost reductions and increased security.
Jes Sorensen of SGI gave a “work in progress” update on his Xen port to the SGI Altix Super-computerclass system. This is a highly NUMA architecture, so there are numerous x86 assumptions in the current code base that don’t apply. Jes is slowly weeding them out. There were also project updates and BoFs for the PowerPC and the IA64 porting teams group.
Secure Xen API: Ewan Mellor of XenSourcepresented the XML RPC based XenAPI, which is the project’s Xen management API that will be supported on an ongoing basis. XenSource has already developed SDKs and training for its ISV partners to assist with development of powerful management applications against the API. The API can be secured through the use of PAM security modules, and supports the open source Xen CIM providers, as well as python, perl and C bindings. Ewan believes that Red Hat may port its libvirt library to the XenAPI to so that it can be more easily supported as Xen continues to evolve.
3D Graphics acceleration: If you’ve followed the fuss about VMware’s rumoured 3D graphics acceleration for VMware Fusion, you can see for yourself the incredible 3D graphics performance Andres Llagar Cavilla is getting with VMGL on Xen. Seems to run faster on Xen than ESX, too. He shows footage of on-line games that generate 90fps, and it looks stunning. Anyone keen to tackle the Windows port of this work?
Security: Two very important presentations – the first on a project led by John McDermott at the US DoD Naval Research Lab to put Xen through Common Criteria level 5 security clearance, which is a key requirement for highly secure DoD/NSA type deployments. George Coker of the US NSA gave a talk with an update on the NSA proposed Xen Security Modules that extend the existing sHype based MAC to make the platform more secure.
Performance Tuning: Jose Renato Santos of HP reported on extensive micro-benchmarking of the networking stack, and offered several recommendations for improving performance. Ian Pratt of XenSource gave an overview of the design of the NetChannel2 Paravirtualized I/O protocol, and Suzanne McIntosh of IBM introduced XenSocket for shared-memory speed inter-guest communication in Xen.
Hardware Assisted Virtualization: Jun Nakajima of Intel and Elsie Wahlig and Wei Huang and Sebastian Biemueller of AMD gave updates on their work to add support for Extended Page Tables (EPT/NPT), IOMMUs Address Space Identifiers and PCI-SIG IOV draft standards.
Xen API in kernel.org Linux: Jeremy Fitzhardinge of XenSource reported on the upstreaming of the Xen paravirt_ops work into kernel.org Linux, currently slated for 2.6.21. He has also contributed significant clean up code to the Linux kernel in the process. The Linux distros view the completion of this work as critical for getting them off the back-porting merry-go-round, so it’s great to see it nearing completion.
My key take-aways: The Xen project is going from strength to strength. Millions of copies of the Xen hypervisor are now in circulation courtesy of the projedt and the Linux Distros. And our easy to use, ESX beating, high performance virtualization platform is now freely available for Windows and Linux.