Our cities are amazing. They encompass both striking modernity, and yet are combined with tradition and rejuvenation. Massively scaled infrastructure and huge traffic thoroughfares can mingle with narrow streets, specialised, esoteric markets and small, fascinating shops. Increasingly – the software in our data centres resembles the complexity of our cities. In fact, they are merging. Each provides us with the hardware and software for the data and applications we’d be lost without.
The City of Dundee and the latest release of XenServer (which shares the same project name “Dundee”) can be thought of in similar ways. The Scottish City has a long history an exciting present and is building a strong future. Originally serving the markets of the industrial revolution, it rightly encapsulates itself in the phrase “One City, many Discoveries” by reinventing and rebuilding itself as a modern biomedical science centre and digital-arts powerhouse.
The XenServer 7.0 creation story is also a long one – starting by serving the markets of another revolution – that of server virtualisation. By progressively reinventing and rebuilding itself as a software platform for desktop, network and now the very kind of graphics virtualisation that Cities like Dundee depend on every day – XenServer the product and Dundee the City offer fascinating parallels.
Now that the XenServer Dundee release has been out in the world for a few weeks, it’s good to take the time to look also at the other Discoveries users are able to explore and find, once they get behind the main thoroughfares and headline features of this release.
Both the City and XenServer Dundee are open, extensible platforms for modern industry to occupy, utilise and innovate from. So, let’s take a wander along the broad, high-speed avenues of XenServer and its modernity before exploring the many other pathways and corridors that meet the needs of a wide variety of users.
Lets start with the biggest traffic intersection in the product – between the interdependent highways of storage and networking. The XenServer Dundee Team worked hard and long to improve both the throughput of data in and out of the system. They also improved the overall responsiveness
to commands and the rapidly changing traffic demands from the citizens (users) of a XenServer system.
Firstly, for storage – by judicious use of speculative polling in the input-output subsystem
– it has been possible to lower the latency in the thoroughfares the data passes through all the time. Think of this as optimising the flow of traffic through a modern City with careful use of sensors to optimise traffic lights and junctions, thus increasing the overall flow of cars and trucks. Large improvements of up to 50% have been made to shipping the “goods” (data) through the XenServer metropolis as a result.
By working with upstream Linux distributions (Debian and Ubuntu, for example) and providing improved drivers for Windows, these multi-lane network highways connect perfectly with the data thoroughfares running through these popular Guest Virtual Machines, thus delivering up to 140% faster and getting your data where it needs to go.
In subsequent blog posts, we’ll go further into the details of the many other changes made to the infrastructure, but what this means for the occupants of a XenServer Dundee system is that this continuous program of rejuvenation delivers improvements in a wide variety of metrics related to getting network and storage data between hosts and Virtual Machines anywhere from 20% to 200% faster.
Now, let’s take a sharp turn off these main roads, and lets go into one of the smaller, but getting busier, routes through the downtown of the XenServer Dundee release – graphics virtualisation. In the City of Dundee, one of the smaller routes leads to the docks, where the famous ship “The Discovery” used it’s technology aboard to explore the unknown continent of Antarctica.
Closer to home, the XenServer Dundee release is the first to take the next step forward in an era of exploration that started in 2013 with unleashing the power of PCI-card GPU devices for virtualised desktop users. Citrix has now partnered with NVIDIA to increase server densities, and also with Intel to let end-users explore this new terrain of graphically enhanced virtual desktops as never before.
What we’ve uncovered is that while power users, in some cases, use virtual graphics for high-end CAD/CAM applications and others use it for Virtual Reality(VR) or Computer-Generated_Graphics(CGI), this usage is limited by the electrical power of servers and the sheer costs and complexity of building and running such HW systems at scale.
However, with the XenServer Dundee release and Intel, we’ve moved beyond the exploration phase of this new continent of use-cases and into the more prosaic needs of giving everyday users of graphically intensive UIs, as well as the power users with their high-end applications, a faster and richer experience. It’s performance without the penalties.
So, instead of a few intrepid explorers on their GPU vessel, XenServer Dundee’s support for Intel’s Iris Pro on-chip GPUs gives access to this new world for all users of such systems. These lower-power systems, progressively rolled out across datacentres, allow graphics enabled desktops to scale across many more users. Think of it like the multi-story cruise ships that regularly visit the Antarctic coast that are capable of carrying many more users and giving them a great experience.
The art of this new “Discovery” in the XenServer Dundee release lies in how the same architecture has been improved and broadened to work with, both a wider range of NVIDIA cards as well as current and future generations of the Intel GPU-enabled chipsets.
For this architecture, a virtual GPU instance is maintained for each virtual machine, with performance-critical resources directly assigned to it. XenServer then runs a native graphics driver inside the VM (without XenServer intervention in any of the performance critical paths) which optimises the resources among the performance, feature, and sharing capabilities of the processor.
On a time-sliced basis, the agent in the hypervisor directly assigns the full GPU resource to each virtual machine, giving it (for a moment) a full, dedicated GPU, but from overall system view point many virtual machines are sharing single on-chip GPU, in the same way as for separate PCI devices.
Now, let’s take an on-ramp back onto one of the major routes through the City of XenServer Security. Perhaps not as glossy or flashy as the Graphics areas, but like the Police or Emergency Services in any of our great cities, both play a vital part of the systems on which much of our modern life, increasingly depends.
Like traditional police work – protecting people and property – the classical mode for securing a virtual machine is very similar to that of individual operating systems: using anti-virus software to trigger alarms and repair and report on damage. Increasingly like our Security Services, XenServer Dundee now also adds more advanced digital methods to analyses of policing running systems.
Exploiting a deeply integrated memory API in the hypervisor allows anti-virus programs to go “undercover.” They can study a users Virtual Machine (or VM) directly, in real-time, and take action faster and in a more scaleable way than ever before. This is very much a building block technology, providing an interface for one domain to ‘introspect’ another domains memory (in a nutshell, the ‘privileged’ domain is able to interact and audit another guest’s RAM pages). This technology has a number of interesting applications, but the focus of our announcement with XenServer 7.0 has been on how security partners can use it to build a brand new class of anti-virus security product, which is more efficient than traditional policing of files after the crimes have been committed.
As we all know, the best way to improve security in any City or system is to have the latest technology, multiple layers and agencies working closely together in complementary ways. In addition to the above:
- Encryption – XenServer Dundee has been upgraded to the latest version of TLS 1.2, which encrypts secure communications between components.
- Handing complex hierarchies – Power Broker Identity Services (PBIS) has been brought in, giving huge improvements in speed when navigating reliably through the complex layered structures of rights-based access controls commensurate with modern societies and Active Directory hierarchies. Populations of 10,000 groups with multi-storied layers up to 500 have all been proven to work smoothly.
- Trusted Execution – XenServer Dundee allows proactive anti-virus to be used in conjunction with Trusted Execution Technology, like Intel-TXT – to work together to provide the highest levels of confidence and security for end-users in their VMs.
In summary, the City of Dundee and the XenServer project resemble each other in many ways in their approaches to increase their capacity and performance. They do this by focusing on building and improving upon fundamental infrastructure for their traditional citizens and occupants, as well as adding innovative features and platforms for new industries. Both are looking forward to growth in new and existing markets and a future which, am sure, will lead to further Discoverys setting sail.