It’s that time of year again. That wonderful time when I get to attend the Intel Developer Forum in San Francisco, something I’ve been doing for a number of years now.
This year, however, there is a new story with multiple companies and components coming together. As a result, Citrix is now able to demonstrate what years of collaborative effort with Intel have produced.
There are two key things that the XenServer product group will be demonstrating this year, (i) Simple, secure and scalable clouds, now with the added benefit of Mirantis OpenStack integration and (ii) Virtualized 3D graphics in XenServer with Intel GVT-g.
(i) So first off, what do I mean by secure and scalable clouds?
With the evolution of IT infrastructures, there has been an ever-increasing move towards virtualized data-centres, whereby our sensitive data might now be distributed across multiple physical hosts, different virtual layers and even in different physical locations. This can present security and compliance challenges for some customers, particularly for example, when an organisation is bound by government regulation.
One way in which organisations are able to demonstrate compliance, is through the assurance that data is secure and that the underlying infrastructure has not been compromised in anyway. From a Citrix XenServer perspective, our focus has been to integrate our hypervisor platform layer with Intel’s Trusted Execution Technology (TXT). This integration is used to establish and maintain a hardware root-of-trust, with XenServer providing a verifiable hosting environment that conforms to the required business’ compliance and security policies.
What this essentially means is that at build time, we take known good values of the hypervisor platform including aspects of its control domain such as the kernel and init.rd as well as the hypervisor kernel itself and their combined hash-value is stored in a whitelist. Then, each time afterwards when the hypervisor platform is booted, these values are rehashed and stored locally within the Trusted Compute Module (TPM), a secure chip within the host hardware.
Now, every time a VM or hypervisor action is performed from the cloud orchestration layer, these hashed values within the TPM are compared to the known good values held in the whitelist, confirming that the underlying host platform(s) have not been compromised in anyway. It could be an administrator or user starting a workload (VM), or perhaps moving one between different hosts within or across data-centres.
Yes, you read correctly, I wrote OpenStack clouds…
Earlier this year, Citrix made a couple of strategic announcements. In April 2015, we announced that the company would be joining the OpenStack foundation as a corporate sponsor, and then in May 2015, Citrix became a part of the Mirantis ‘Unlocked’ partner program. Our intention here is to create simple and scalable OpenStack clouds, integrating XenServer with Mirantis’ Nova Networks.
What we will be demonstrating here at IDF is how businesses will be able to make use of Mirantis’ Fuel to configure and deploy an OpenStack cloud with Citrix XenServer fully provisioned and leveraging Intel TXT.
Okay, but Citrix XenServer as a platform for clouds?
So this doesn’t come up as a question too often, however I’ve heard it a couple of times and the only real answer is ‘absolutely, yes’!
Let me break this down; Citrix XenServer is the commercial implementation of a freely available version found on xenserver.org consumes Xen. For those of you that don’t know, Xen is the open source hypervisor layer that is a part of the Linux Foundation and contributed to by organisations including Citrix, Intel, AMD and Oracle to name a few.
The reason I mention this is that Xen itself, is the most widely deployed hypervisor, forming the basis for Amazon’s Web Services cloud. Citrix XenServer is also used to power the largest public OpenStack cloud, Rackspace. There are of course many other public and private cloud examples, some using different orchestration layers, but as a hypervisor for cloud, Xen and XenServer were designed, no, they were architected for this.
This year Citrix has released two iterations of XenServer, v6.5 and most recently in May, SP1. One aspect of these releases was the significant leaps in single host performance and scalability limits, and Citrix are now able to support customers running up to 1000 VMs per host. Obviously the correct underlying host hardware is needed to support this, and whilst we don’t see any customers trying to reach that scale at the moment, they can rest assured that even scaling up to one or two thirds of that amount is still well within our maximum supported amount, an amount we test in our labs, so certainly not a theoretical limit.
For more information around what has been announced earlier this year on XenServer, please see these two blog articles:
- Citrix XenServer v6.5 SP1: Double Density, Docker Containers and Enhanced Graphics Support!
- XenServer v6.5 – What You Need to Know.
(ii) What’s this about virtualized graphics?
Citrix XenServer has demonstrated its thought leadership in this space for several years now, working with NVIDIA back in 2013 to release the first virtualized graphics implementation based on their GRID vGPU K1 and K2 cards.
Earlier this year with XenServer v6.5 and SP1, Citrix increased the scalability of this vGPU to 96 sessions per host. Additionally we released the capability to support Intel GVT-d, GPU pass-through for VMs, which provides a 1:1 relationship between the VM and GPU.
Intel GVT-g however is virtualized graphics, the ability to share the single GPU with multiple users’ VMs.
Why is Intel GVT-g interesting?
The key differences between this and other virtualized graphics implementations pertains to the architecture being used. Intel’s GVT-g, today, relies on an E3 v4 chip with Iris Pro graphics, a C226 chipset and BIOS that can set 1G graphics aperture size and the important thing here is that the GPU is built into the hardware. No additional cards. No additional infrastructure CAPex.
The fact that the GPUs are embedded, means that this solution is suddenly opened up to alternative hardware types that today might not support the additional GPU cards required to effect such a solution, such as blade servers.
On to IDF!
If any of this, whether simple, secure and scalable clouds with OpenStack, or enhanced 3D graphics is of interest to you, and I sincerely hope that it is, then I strongly urge you to come along to the Citrix booth #661 in the IDF expo hall. I will be there along with Bob Ball and Paul Durrant and others from the Citrix team that are helping make all this a reality.
What else is Citrix doing at IDF15?
Clearly I am biased towards XenServer as you can see from my blog, however there are a couple of other joint Citrix/Intel activities going on here at IDF this year. Please be sure to also check out these other technology solutions:
- Citrix Octoblu and Intel IOT gateway in the enterprise – Intel Software Pavilion and Citrix Booth #661
- Virtual ADC Pool for Automated Networks with Citrix NetScaler – Network Builders Community #156
News: Citrix Sponsors OpenStack Foundation To Help Drive Cloud Interoperability Standards:
News: Citrix and Mirantis Team To Bring Products Powering Largest Cloud Infrastructures To Mirantis OpenStack Customers:
Blog: Unlock the Cloud with Citrix & Mirantis at OpenStack Silicon Valley!
PDF Solution Brief: Foundational Security with Intel® TXT and Citrix XenServer