Citrix has realized a while ago that newer usage models are emerging that would require two or more Virtual Machine Monitors (VMMs) to be hosted on the same client system. Citrix has been heavily engaged with Intel® to take advantage of new hardware capabilities designed to accelerate nesting of hypervisors (VMMs). Specifically, the 4th generation of Intel vPro Technology—which is available in 4th generation Intel® Core processors—includes a capability called Intel® VMCS Shadowing that greatly reduces the frequency with which the guest VMM must access the root VMM in a nested environment.  With Intel VMCS Shadowing, the root VMM is able to define a shadow VMCS [CSI1] in hardware. A guest VMM can access this shadow VMCS directly, without interrupting the root VMM. Since the shadow VMCS is implemented in hardware, required accesses can be completed nearly as fast as in a non-nested environment.

Application performance can be impacted each time the virtual or shadow VMCS is synchronized with the physical VMCS that is used by the root VMM. The root VMM must synchronize every field that could have possibly been accessed, even though most of the fields are never touched.  To address this situation, Intel VMCS Shadowing includes an additional capability known as VMREAD and VMWRITE bitmaps. These bitmaps allow for selective access to the shadow VMCS. The root VMM can tune the bitmaps so that the 5-10 percent of VMCS fields that are commonly accessed are written directly to the shadow VMCS, while the very rarely accessed fields are synchronized through the slower path that is managed by the root VMM.

Support of VMCS shadowing has been added to The Xen Project™ hypervisor and is being migrated into Citrix XenClient® product editions. This work is still in an experimental stage. There’re various engineering quality factors that will have to be met and ensured during nesting like system responsiveness and stability. We expect at some near point in the future that our customers will be able to run multiple security micro-hypervisors inside a VM powered by XenClient® XT hypervisor at the bottom.

“XenClient is an open and extensible platform. Intel and Citrix have worked closely together over the past several years to optimize Citrix XenClient® for Intel® vPro™ Technology. We are delighted continue our joint effort as we prepare to launch our 4th Generation Intel Core vPro Processors with Intel VMCS Shadowing ,” says Yasser Rasheed, Director of Architecture/CTO, Business Client Platforms Division at Intel Corporation.

Virtualization is a game changing technology given all of its security, isolation, control and monitoring benefits. At Citrix we promote openness and extensibility, driving innovation across the entire ecosystem. We spent years developing the best Type-1 client hypervisor and we truly understand how hard it is to develop and maintain one of them. Citrix Xen® Hypervisor is a foundational open platform on which system security, management and measurement vendors can integrate their features. In that model Citrix Xen® hypervisor becomes the root hypervisor for system virtualization security and management.

The benefits from virtualization or a micro-hypervisor are not limited to security. Other benefits of these additions to the XenClient XT platform include system measurement, performance monitoring, high availability, etc. In essence, when people decide to innovate in the right direct then the sky is obviously the limit.

About Citrix XenClient XT:

Download and evaluate XenClient XT in your own environment for free and read more about the latest release of XenClient XT!

Join the conversation by connecting with the Citrix XenClient team online!

About the Author:

Ahmed Sallam is a Citrix cross-functional VP and CTO leading technology and solutions strategy in new emerging era of smart devices, IoT, IoE, system virtualization, server physicalization and security. His focus is on new emerging end-to-end solutions ranging from devices to networks to clouds across Citrix lines of products. Ahmed drives Intellectual Property growth opportunities and monetization strategy fro Citrix as well. He works closely with software and hardware ecosystem partners integrating into Citrix open platforms. He served as CTO and VP of Product Strategy for Client Virtualization. Ahmed is a renowned expert across the industry well known for pioneering new models in computer system virtualization-based security and management delivering flexible, well-managed and secure computer experience with high safety assurances. Ahmed holds 25 issued patents and has more than 40 published and pending patent applications.

Follow Ahmed on Twitter: https://twitter.com/ahmedsallam

Check out Ahmed’s LinkedIn profile: www.linkedin.com/in/ahmedsallam


 [CSI1] Virtual Machine Control Structure.