What is Xen, and Why is it cool?
 | ||
 | Email weblog link | |
 | Discuss | |
 | Blog this |
Nat Torkington
Feb. 18, 2005 12:57 PM
Permalink
Xen is like the Mach microkernel, where you can have multiple operating systems running at once and a thin kernel handles switching between them and managing device access. This thin layer in Xen is called the hypervisor, and is analogous to the Mach microkernel. It provides an idealized hardware layer that you port your OS to, and in return you get the ability to run multiple operating system instances at once (e.g., run two copies of Redhat's latest, one copy of the Novell Desktop, and an OpenBSD), freeze and restore snapshots of a running OS, and more.
What you can't do with Xen is run Windows on it--that's always going to be VMware's niche (at least until Intel's VM technology becomes ubiquitous). But Xen makes a whole lot of situations possible that are slow or impossible at the moment. Two applications that are working well for Xen: testing and server load balancing. If you're working on your app and want to test it on a staging server, it's no fun to reboot, or negotiate time on a shared staging server, and it's way less fun to rebuild if your app hoses the staging server. The Xen way, you run your development OS and your staging OS on your machine at the same time and switch from one to the other when you need to. If the staging server gets borked, you delete that running OS and reload from a saved stable snapshot.
In the server room, it's often easier and more secure to manage a single service on a running machine. The more ways into a box, the less defensible it is and the more risk for damage and service downtime if the box is compromised. So run Xen and use one OS instance per service. If a service is compromised, only that service is compromised. If you experience high load, say due to Slashdotting, you can easily reconfigure machines to run different services. (You can rdist the snapshot of an OS running that service and then bring it up on however many machines you need).
The potential for Xen is great. We're going to feature them at OSCON because their technology is just so cool. Lots of companies like RedHat and HP are very interested in what Xen makes possible, because the hypervisor enables things that seemed like wishful fantasy a few years ago. I loved my time meeting with one of the company's founders and playing with Xen--they're very smart engineers with their heads screwed on right. There's obviously a lot of work to be done in making Xen friendlier to install, getting more tools around the administration of Xen, etc., so the interest and involvement of companies with big budgets is a good thing. They'll help move Xen from the research lab where it was born to data centers and developer desktops where it can be ubiquitous and useful.
So look for lots of action from Xen. I expect the next versions of Novell, HP, etc.'s offerings will feature Xen support (either standard or as an alternate kernel shipped with the distro). I hope there'll be a great distro like Ubuntu or Gentoo offering a Xen install as well as a solo install. This will give everyone a painless way to do some very cool things and open the door for even cooler things down the line.
--Nat
Nat Torkington is conference planner for the Open Source Convention, OSCON Europe, and other O'Reilly conferences. He was project manager for Perl 6, is on the board of The Perl Foundation, and is a frequent speaker on open source topics. He cowrote the bestselling Perl Cookbook.
You must be logged in to the O'Reilly Network to post a comment.
Showing messages 1 through 11 of 11.
-
XEN and ia32/x86 Security
2005-03-25 16:09:31 BillCaelli [Reply | View]
-
XEN and ia32/x86 Security
2007-03-21 04:59:07 MichaelHunt [Reply | View]
You technical description is not true.
First of all, the guest OS does not run in ring 0. Therefore it can not change the cr3 register to modify the MMU data.
Second. Segmentation is a BAD thing. We don't have flat memory because of "a desire to suport [sic] RISC", but because it's the right thing to do. The x64/amd64 architecture doesn't even have a segmented mode, or so I'm told.
Please everyone, do not glaze over at the technical jargon of BillCaelli and just accept it. He is wrong.
-
Hardware Virtualization?
2005-03-14 09:04:17 brucehodo [Reply | View]
Xen provides the capability to run multiple OS's on a system.
But what about running the same OS on different hardware platforms? Can't the virtualization work both ways?
Not being tied to a particular system could be advantageous, especially if you wanted to migrate from x86 to a Cell-based system, for example. You wouldn't have to change your OS and all of your apps, just change the microcode (an old IBM term)
layer.
That could negate the need for the prereqs of an application specifying hardware.
Just specify XEN.
-
QEMU
2005-03-04 15:36:31 druiloor [Reply | View]
Has anyone tried running MS-Windows in an Xen domain
under this? (Maybe within a Linux or *BSD instance):
http://fabrice.bellard.free.fr/qemu/
Another thing though, i never see Ozone mentioned as
one of the OSs that can run ontop Xen, even though its a neat projet (at least IMO):
http://www.o3one.org/xen.html
-
running window on Xen
2005-02-25 10:44:33 bbaker [Reply | View]
Sure you can! You just have to get the ReactOS
guys involved.
-
Xen vs UML
2005-02-20 06:55:43 khurtwilliams [Reply | View]
I am not sure I understand how Xen is better than other solutuons like User Mode Linux (UML). Linode has developed a business around UML selling VMs.
-
Zones a better alternative for virtualization
2005-02-18 17:24:38 derekmorr [Reply | View]
While Xen does sound intereting, for production virtualization, I think Solaris Zones is a much better alternative. It still gives you a secure environment, but it saves a lot of memory and disk space. You don't have to run and maintain a full-blown OS for each service you run. And, Zones let you create multiple-cpu containers, unlike Xen (currently). -
Zones a better alternative for virtualization
2005-02-21 08:02:45 Sysadmn [Reply | View]
The other way-cool part of Solaris Zones versus UML, BSD Jails, or Xen is that they're tied to resource limits. I hope Xen picks this up - it's great to be able to tell a virtual machine, "If things get busy, you get at most 1/2 a CPU and 512 MB of memory. If no one else is busy, use all you want." We can put 10 dev instances on a machine - each developer thinks they have their own machine (including reboots, root password, etc). The only thing they can't do is load testing - but that's what QA is for, right?
| Showing messages 1 through 11 of 11. |
Return to weblogs.oreilly.com.
Weblog authors are solely responsible for the content and accuracy of their weblogs, including opinions they express, and O'Reilly Media, Inc., disclaims any and all liabililty for that content, its accuracy, and opinions it may contain.
This work is licensed under a
Creative Commons License.
"If a service is compromised, only that service is compromised."
What proof do we have of this?
Remember x86 architecture involves two vital security structures, i.e. memory segmentation and capability structure (such as stack only, code segment, data segment, adrees extent linitations and enforcement, etc.) and a 4-ring structure based on MULTICS. Now, let's assume XEN runs at ring 0 and does the stupid thing of setting all/most of the segment registers to a single base address and extent ( the sort of LINUX/Windows mess we got into because of a desire to suport RISC, two state architecture). This means that virtual machines also run in ring 0 or in another ring, say, ring 3, the application level according to Intel.
All an attacker has to do is to restart the memory segmentation structure, for example ( see the work done at SUNY at Stoney Brook, New York) and its all over! Other possibilities exist.
There appears to be some mistake. XEN is NOT a true "B2", MLS level system with complete VM isolation (remember MULTICS and IBM Systems 360/67!). Indeed, with only one MSR register set we have the potential to capture the master register set and jump machines!
No - XEN is really useful - great for development activity BUT never, never should it be proposed as a "saviour" for security! CIO's and management may grab this as a cheap alternative to true security architecture.
Regards,
Bill