citrix systems and chairman of xen · pdf filecitrix systems and chairman of xen.org 1. ... vm...
TRANSCRIPT
®Announcement
• The Xen Advisory Board is excited to
announce that Fujitsu and VA Linux have
accepted invitations to join the board!
3
®Xen Today
• ~18% enterprise server market share (Yankee, Aug 08)
• >80% of the Public Cloud is Xen based
– World's largest virtualization deployments are Xen based
• Development Community: over 50 Companies,
25 Universities, from 25 Countries, ~250 developers
– More than 20,000 code submissions
• Used in Severs, Desktops, Laptops, Storage Appliances,
Network Appliances and Smart Phones
– x86, IA64, ARM support
®
Xen is great. It’s powerful
and easy to use. But most
important is the very active
community around it.
That was a very big reason
for us in selecting Xen.
Xen Powers the World’s Infrastructure Clouds
Werner Vogels
CTO, Amazon.com ”
“
®Xen Tops Performance Comparisons
Keith Ward, Virtualization Review
“Xen is the Porsche of hypervisors”
“Xen outperforms VMware ESX 3.5 by 41% in user scalability tests.”
The Tolly Group
®
Xen Hypervisor
First and Best to
support new
CPU, chipset,
and Smart IO
Technologies
Pioneers of
OS Para-virtualization
®The Xen Client Initiative
• Formed in 2007 to develop Xen for desktop and laptop
• Develop enhanced power management, USB, WiFi,
WWAN, 3D Graphics, fingerprint reader, multi-touch, etc
• Support for latest hardware technologies
• Tiny footprint hypervisor, Embeddable in Flash memory
or small disk partition
• Aiming to make virtualization ubiquitous on client
devices...
9
®Client Hypervisor Benefits
• Security, Manageability, Supportability, Auditability
• Building Multi-Level Secure systems– Run multiple VMs with policy controlled information flow
• E.g. Personal VM; Corporate VM; VM for web browsing; VM for banking
– Trusted hypervisor provides secure isolation
• Enables “out-of-band” management and policy
enforcement– Malware detection, remote access, image update, backup, VPN, etc.
Requires a true type-1 hypervisor architecture
Xen is ideally suited to this!
10
®
Xen Hypervisor
Personal VM Business VM
Audio USB
Disk ACPI
GPU
NIC
Xen Client Architecture
Control
Domain
Service
VM
x86 HardwareTXT
TPM
®“Business” & “Personal” Environments
• Allows Local App Installs
• Minimal Management
– Virus Scanner
– Security Patches
• No SLA
– Self-Service Wipe
Business Personal
• Locked Down
• No Local App Installs
• Tightly Managed
• Self-Service Corporate App Installs
®Xen Cloud Platform (XCP)
• XCP Expands Xen.org’s remit beyond the core
hypervisor, to create a full virtual infrastructure layer for
Cloud deployments– Simplify and streamline use of Xen by Cloud providers and vendors
– Promote greater standardisation of components between vendors
• Advanced virtual infrastructure to enable Virtual Private
Datacenters rather than just Virtual Private Servers– Multi-tenant hosts, networking, storage, etc
– Promote interoperability between xen-based clouds and other clouds
– Drive standards activities via DMTF
14
®XCP Status
• Seeking proposals, code contributions and
offers of development support
• Draft v0.1 proposal available for download
from xen.org, seeking comment & feedback
– Easy install ISO, build from source
16
®
Where Xen Cloud Platform Fits
Resource Pool
VMMgt
State
Mgt
StateMgt
State
Mgt
State
VMVM
VM
VM
VMVM
VMVM
Management API
& OVF Format
®XCP 0.1 Draft proposal
• Xen 3.4; Linux 2.6.27; optimized dom0 file system
• xapi toolstack– Resource Pools; VM, host, networking and storage
management; snapshots and checkpoints; live and persistent
performance statistics; status alerting; role-based access
control; OVF/CIM support
• Windows PV Drivers; installer etc.
• Coming soon:– vSwitch multi-tenant networking
18
®
New Open vSwitch
VM
Hypervisor
VM VMVMVM
Hypervisor
VM VMVMVM
Hypervisor
Isolation · Resource control · Multi-tenancy · Visibility · Security
VMVM
• Open Source Virtual Switch maintained at www.openvswitch.org
• Rich layer 2 feature set
®
Distributed vSwitch
HypervisorHypervisorHypervisor
Built-in policy-based ACLs move with VMs
Distributed Virtual Switch
VMVM VM VM VM VM VM VM VM VMVM
Virtual Interface (VIF) {MAC, IP} ACLspermit tcp 10.0.0.0 0.0.0.255 10.20.0.0 0.0.0.255 eq domain
permit tcp 192.168.0.0 0.0.0.255 10.20.0.0 0.0.0.255 eq domain
permit tcp 172.16.0.0 0.0.0.255 10.20.0.0 0.0.0.255 eq domain
permit udp 10.0.0.0 0.0.0.255 10.20.0.0 0.0.0.255 eq domain
permit udp 192.168.0.0 0.0.0.255 10.20.0.0 0.0.0.255 eq domain
permit udp 172.16.0.0 0.0.0.255 10.20.0.0 0.0.0.255 eq domain
permit tcp 10.0.0.0 0.0.0.255 10.20.0.0 0.0.0.255 eq 123
Virtual Interface (VIF) {MAC, IP} ACLspermit tcp 10.0.0.0 0.0.0.255 10.20.0.0 0.0.0.255 eq domain
permit tcp 192.168.0.0 0.0.0.255 10.20.0.0 0.0.0.255 eq domain
permit tcp 172.16.0.0 0.0.0.255 10.20.0.0 0.0.0.255 eq domain
permit udp 10.0.0.0 0.0.0.255 10.20.0.0 0.0.0.255 eq domain
permit udp 192.168.0.0 0.0.0.255 10.20.0.0 0.0.0.255 eq domain
permit udp 172.16.0.0 0.0.0.255 10.20.0.0 0.0.0.255 eq domain
permit tcp 10.0.0.0 0.0.0.255 10.20.0.0 0.0.0.255 eq 123
®
Distributed vSwitch
HypervisorHypervisorHypervisor
Isolation · Resource control · Multi-tenancy · Visibility · Security
Distributed Virtual Switch
VMVM VM VM VM VM VM VM VM VM VM
Distributed Virtual Switch
Tenant A
Tenant B
®Hardware Fault Tolerance
Restart-HA monitors hosts and VMs to keep apps running
Hardware Fault Tolerance with deterministic replayor checkpointing
Xen’s Software-Implemented Hardware Fault Tolerance enables true
High Availability for unmodified applications and operating systems
®Hardware Fault Tolerance
• University of British Columbia’s “Remus” project is
now in xen development branch
• Smart checkpointing approach yields excellent
performance– VM executes in parallel with checkpoint transmission, with all externally
visible state changes suppressed until checkpoint receipt acknowledged
– Checkpoints delta compressed
• Checkpointing possible across wide-area, even for multi-
vCPU guests
24
®SR-IOV
• SR-IOV: Single Root IO Virtualization– Virtualization friendly IO devices
• High performance, high efficiency
• Enables even the most demanding applications to
now be virtualized
• World First, demonstrated at Intel Developer
Forum in September!
25
®SR-IOV NIC Demonstration
26
Dell 10G Switch
NFS Common Storage w/OpenFiler
Dell R710 Server
XenServer and Intel 10G SR-IOV NIC
Dell R710 Server
XenServer and Intel 10G SR-IOV NIC
Dell R710 Server
XenServer and Intel 10G SR-IOV NIC
• Full 20Gb/s bi-directional throughput to VMs
• Low latency, High CPU efficiency
• Live relocation between hosts - Even hosts with different NICs
®Network Performance
Type-0
0
5
10
15
20
25
30
35
CP
U (
%)
usercopy
kern
xen1
grantcopy
kern0
xen0basic smart
NIC
SR-IOV
NIC
native
201%
100%123% 103%
• New Smart NICs reduce CPU overhead substantially
• Care must be taken with type-2/3 NICs to ensure benefits
of VM portability and live relocation are not lost
s/w only