Xen Project Virtualization Updated with Improved VMI and Security

The Release Marks The Best Quality and Quantity of Contribution

San Francisco, October 13, 2015 — The Xen Project, Collaboration Project hosted at The Linux Foundation, today announced the release of Xen Project 4.6. The new release comes equipped with greater security, improvements to network throughput as well as upgraded migration.

With this release, Xen Project’s Virtual Machine Introspection (VMI) is natively supported on both Intel and ARM chips, making it an ideal API for developers building monitoring and security applications. Additional updates allow for increased stability, scalability and usability to create a stable baseline for third-party security applications, including malware detection, forensics, security auditing and more.

Updates to the VMI create the foundation for easier integration with IT monitoring tools for more centralized management, while the inclusion of Intel® Cache Allocation Technology (CAT) and Memory Bandwidth Monitoring (MBM) enable additional system resources monitoring.

Major contributions from Citrix, Suse, Oracle, Intel, Linaro, Fujitsu, Novetta, Red Hat, Zentific, BitDefender, NSA, Verizon, Xilinx, Cavium, Huawei, Broadcom, GlobalLogic, AMD and a number of universities and individuals are pushing Xen Project innovation forward in areas such as security, performance and quality. Xen’s functionality continues to evolve to better serve new compute infrastructures such as mobile, hyper-scale computing, massive workloads, security-intensive applications, embedded computing, cloud computing, hosting providers, and hardware appliances.  

“Stability, performance and security are critical when it comes to running software on the modern Internet and cloud systems,” said Lars Kurth, Xen Project Advisory Board Chairperson. “The new Xen Project release puts these capabilities front and center and allows system administrator to determine where system vulnerabilities might lie to proactively assess potential security risks and to centralize and monitor how instances in IT infrastructure are affecting the overall stability of the environment.”

“Citrix has built the Xen Project Hypervisor 4.6 release into XenServer Dundee, which recently entered public beta. The alignment of the release cycle of Xen 4.6 and the production of the XenServer Dundee series of alpha and beta releases allowed us to improve the quality of both Xen and XenServer by continuously testing the XenServer Dundee and Xen 4.6 integration,” said James Bulpin, Senior Director of Technology and Chief Architect of XenServer, Citrix Systems. “The combination of early testing of Xen 4.6 makes us confident that the latest release will be one of the highest quality Xen Project releases so far, and will help us make XenServer Dundee one of the best XenServer releases as well.”

New features and capabilities of Xen Project 4.6:

  • Enables a new class of security applications: A number of significant improvements to Xen’s Virtual Machine Introspection (VMI) subsystems make it the best hypervisor for security applications. Hardware support for VM Functions (VMFunc) available on Intel’s 4th generation Haswell CPUs and Atom Silvermont CPUs decreases overheads. Support for Virtualization Exceptions is now available on Intel’s 5th generation Broadwell CPUs and Atom Goldmont CPUs has significantly reduced latency. VMI support for ARM CPUs has also been added.
  • Major improvements to scalability: Finer-grained grant table locks lead to significant scalability improvements in the Xen Project. For example, aggregate intrahost network throughput has improved more than 100% in some cases. In addition, byte-range locks were replaced with ticket locks, which have better fairness properties than previously used locks for improved scalability.
  • Redesign of live migration components to better support high availability: The Xen Project Hypervisors Live Migration subsystem implemented its second version (Migration v2) to be more robust, extensible and able to handle next-generation infrastructures. It has been tested by several vendors to ensure it is enterprise-ready. The updates provide better performance for 64 bit systems and add support for cross-bitness migration between 32 and 64 bit hosts. Migration v2 is optimized for PVH and Coarse-grained Lock-stepping (COLO), which will be fully integrated with Xen in the next release. In addition, Page Modification Logging (PML) was implemented for Intel CPUs, improving SpecJBB performance by 7.6% in log dirty mode.
  • Better quality: During the Xen 4.6 release cycle, the Xen Project increased its integration test capability by creating CI loops for Xen Hypervisor and OpenStack testing. Besides running tests on more hardware configurations, the number of test cases nearly doubled during the 4.6 release cycle, contributing to the best quality release yet. This is also reflected in test results by 3rd party vendor test suites, which are regularly run on the Xen Project codebase.
  • ARM support: The new release increases the maximum number of supported VCPUs for 64-bit ARM CPUs from 8 to 128 and adds support for 32-bit userspace applications to 64-bit guests. Additionally, new IP blocks, firmware interfaces and platforms are supported, such as non-PCI passthrough support, OVMF for ARM and GICv2 on GICv3 support. During the hardening phase of Xen 4.6, members of the Xen Project community closely collaborated with the CentOS Virtualization SIG to build and test Xen 4.6 packages for CentOS 7’s 64-bit ARM variant and tested it against OpenStack using libvirt. The full release of the Xen 4.6 CentOS 7 packages is available here.
  • Updates for automotive and embedded systems: The new release added support for two platforms targeting the embedded and automotive market segments: Xilinx Zynq® UltraScale+™ MPSoC and support for the Renesas R-Car Gen2 SoCs.
  • Intel Platform QoS Technologies for improved scalability and performance: Intel® Cache Allocation Technology (CAT) and Memory Bandwidth Monitoring (MBM) are included, which build on the Cache Monitoring Technology (CMT) introduced in Xen 4.5. CAT allows system administrators to assign more L3 cache capacity to individual VMs, resulting in lower latency and higher performance for high-priority workloads such as NFV, real-time and video-on-demand applications. MBM allows system administrators to identify memory bandwidth saturation on a Xen host that may be caused by several memory-intensive VMs running on the same host. Taking corrective actions, such as migrating VMs to a different Xen host, increases scalability and performance in the data center.

Additional Resources

About Xen Project

Xen Project software is an open source virtualization platform licensed under the GPLv2 with a similar governance structure to the Linux kernel. Designed from the start for cloud computing, the Project has more than a decade of development and is being used by more than 10 million users. A Collaborative Project at The Linux Foundation, the Xen Project community is focused on advancing virtualization in a number of different commercial and open source applications including server virtualization, Infrastructure as a Services (IaaS), desktop virtualization, security applications, embedded and hardware appliances. It counts many industry and open source community leaders among its members including: Alibaba, Amazon Web Services, AMD, ARM, Bromium, Cavium, Citrix, Google, Intel, NetApp, Oracle, Rackspace, and Verizon Terremark. For more information about the Xen Project software and to participate, please visit XenProject.org.

###

Media Contact
Zibby Keaton
Xen Project
208-290-4853
zkeaton@linuxfoundation.org

Read more