Monthly Archives: May 2016

Intel hosts OpenXT Summit on Xen Project based Client Virtualization, June 7-8 in Fairfax, VA, USA

This is a guest blog post by Rich Persaud, former member of the Citrix XenServer and XenClient engineering and business teams. He is currently a consultant to BAE Systems, working on the OpenXT project, which stands on the shoulders of the Xen Project, OpenEmbedded Linux and XenClient XT.

While the Xen Project is well known for servers and hosted infrastructure, Type-1 hypervisors have been used in client endpoints and network appliances, improving security and remote manageability. Virtualization-based security in Qubes and Windows 10 is also educating system administrators about hardware security (IOMMU and TPM) and application trust models.

Released as open-source software in 2014, OpenXT is a development toolkit for hardware-assisted security research and appliance integration. It includes hardened Linux VMs that can be configured as a user-facing software appliance for client devices, with virtualization of storage, network, input, sound, display and USB devices. Hardware targets include laptops, desktops and workstations.

OpenXT stands on the shoulders of the Xen Project, OpenEmbedded Linux and XenClient XT. It is optimized for hardware-assisted virtualization with an IOMMU and a TPM. It configures Xen network driver domains, Linux stub domains, Xen Security Modules, Intel TXT, SE Linux, GPU passthrough and VPNs. Guest operating systems include Windows, Linux and FreeBSD. VM storage options include encrypted VHD files with boot-time measurement and non-persistence.

The picture below shows a typical OpenXT software stack, including Xen, Linux and other components.

The picture above shows one of many configurations of the OpenXT software stack, including Xen, Linux and other components.

OpenXT enables loose coupling of open-source and proprietary software components, verifiable measurements of hardware and software, and verified launch of derivative products. It has been used to develop locally/centrally managed software appliances that isolate high-risk workloads, networks and devices.

The inaugural OpenXT Summit brings together developers and ecosystem participants for a 2-day conference in Fairfax, VA, USA on June 7-8, 2016. The event is hosted by Intel Corporation. The audience for this event includes kernel and application developers, hardware designers, system integrators and security architects.

The 2016 OpenXT Summit will chart the evolution of OpenXT from cross-domain endpoint virtualization to an extensible systems innovation platform, enabling derivative products to make security assurances for diverse hardware, markets and use cases.

The Summit includes one day of presentations, a networking reception and one day of moderated technical discussions. Presentation topics will include OpenXT architecture, TPM 2.0, Intel SGX, Xen security, measured launch, graphics virtualization and NSA research on virtualization and trusted computing.

For more information, please see the event website at http://openxt.org/summit.

For presentations and papers related to OpenXT, please see http://openxt.org/history.

Announcing Xen Project 4.7 RC and Test Day Schedule

Yesterday we created Xen 4.7 RC2 and will release a new release candidate every Wednesday, until we declare a release candidate as the final candidate and cut the Xen 4.7 release. We will also hold a Test Day every Friday for the release candidate that was released the Wednesday prior to the Test Day. This means we will have Test Days on May 13th, 20th, 27th and June 3rd. Your testing is still valuable on other days, so please feel free to send Test Reports as outlined below at any time.

Getting, Building and Installing a Release Candidate

Release candidates are available from our git repository at

git://xenbits.xen.org/xen.git (tag 4.7.0-<rc>)

where <rc> is rc1, rc2, rc3, etc. and as tarball from

http://bits.xensource.com/oss-xen/release/4.7.0-<rc>/xen-4.7.0-<rc>.tar.gz
http://bits.xensource.com/oss-xen/release/4.7.0-<rc>/xen-4.7.0-<rc>.tar.gz.sig

Detailed build and Install instructions can be found on the Test Day Wiki.

Testing new Features, Test and Bug Reports

You can find Test Instructions for new features on our Test Day Wiki and instructions for general tests on Testing Xen. The following pages provide information on how to report successful tests and how to report bugs and issues.

Happy Testing!

Please Welcome new Members of the Xen Project Hypervisor Leadership Team

Evolution of Hypervisor Git Commits within the project. Note that in in the same time period, the number of individuals and organisations contributing to the project has nearly doubled.

Evolution of Hypervisor Git Commits within the project. Note that in parallel the number of individuals and organisations contributing to the project has nearly doubled.

The Xen Project has experienced incredible growth in our community (see diagram on the right) and simultaneously the Xen Project advisory board has funded a lot of great projects that help support the larger Xen Project ecosystem, for example MirageOS, a library operating system that constructs unikernels for secure, high-performance network applications across a variety of cloud computing and mobile platforms. These projects are extremely important to the expansion and betterment of virtualization and cloud computing infrastructure, but also demand more work to be done by committers and maintainers.

We understood that there was plenty of leadership among the community, but didn’t know the best way to promote contributors to maintainers and committer roles for leadership to the Hypervisor and its interface with Linux.

We decided to introduced a new convention, by which we actively reminded community members to nominate or self-nominate themselves for leadership roles. Often times, active developers simply worked on the project, but did not consider to nominate newcomers (or themselves) for these leadership roles within the project.

We also felt that running the entire nomination process in public, which may include public feedback on a nominee, could discourage people from recommending themselves or recommending others. So we decided to follow the approach that Debian uses for Technical Committee seats, where candidates are nominated in private. A group of the senior leadership for the Xen Project would then review the submissions and provide feedback and acceptance, making the overall process less intimidating.

As for committers and maintainers, we promoted several key Xen Project contributors to these distinguished roles based on previous experience and similar work they had already been performing, but didn’t have the authorship to own. This very important as it will ensure the group of maintainers that we currently have will have the support they need to accommodate for the Xen Project hypervisor.

Through taking the approach of consistent promotion and private forums, we have found some incredible new members to the Xen Project Hypervisor Leadership team that we want to introduce to you.

Committers
The following people have been elected to be new Committers to the project, they will be joining long-time committers Ian Campbell, Ian Jackson, Jan Beulich and Konrad Rzeszutek Wilk:

Andrew Cooper has been working on the Hypervisor since 2011 and has added a number of major new features such as Migration v2, significant change to trap handling, improvements to cpuid handling for guests and many more.

George Dunlap has been working on the Hypervisor since 2005 and was heavily involved in making the tracing system useable for performance analysis, optimising the shadow code, wrote the credit2 scheduler and developed many other significant features and improvements in the hypervisor. In addition, he was our first Release Manager and is leading the CentOS Virtualisation SIG within CentOS.

Stefano Stabellini has been working on the Hypervisor and the Linux Kernel since 2007 and was instrumental in bringing ARM support to the Xen Hypervisor. He has also been leading many other activities within the project, such as the creation of libxenlight, adding support upstream QEMU to Xen, Xen OpenStack integration and Raisin.

Wei Liu started to work on the Xen Project as a GSoC student in 2011 (working in virtio support). He has been working on libxl support, event channel scalability, MiniOS and many other major Xen features. In addition, he has been the Xen Project Release Manager since Xen Project 4.6 release.

Andrew and Wei celebrated their appointment at the Xen Project hackathon last month by submitting and ACKing a piece of code while on a punt on the river Cam in Cambridge, UK.

Security Team
In addition, Andrew Cooper and George Dunlap are now also members of the Xen Project Security Team, alongside Ian Jackson, Jan Beulich, Konrad Rzeszutek Wilk and Tim Deegan.

Maintainers
The following people were also recently added as MAINTAINERS of the project: Doug Goldstein (KConfig, Travis CI), Julien Grall (ARM support, device tree, …), Meng Xu (RTDS Scheduler) and Paul Durrant (x86 I/O emulation, x86 viridian enlightenments, …). In addition, we clarified some ambiguities around the maintainer role.

Linux Kernel Maintainers
Jürgen Gross who has been a Linux kernel and Xen developer since 2004, but has significantly increased his engagement within the community in the last two years, is now Linux Kernel maintainer for the Xen Hypervisor Interface alongside Boris Ostrovsky and David Vrabel. Other maintainers of Xen specific components in the Linux Kernel are Stefano Stabellini, Wei Lui, and Konrad Rzeszutek Wilk.

A couple of months ago two of our committers, Keir Fraser and Tim Deegan, formally stepped down in their roles as committers from the Hypervisor team. We want to thank Keir and Tim for the vast contributions to the project. We look forward to seeing what they work on next and, again, thank them for the success that they brought to the open source Xen hypervisor.