Good news for Debian users.
After quite a long while of doubts if there will be a working, complete Xen environment in the upcoming Debian Lenny, there are Xen packages with an up to date dom0 Kernel available: http://packages.debian.org/lenny/linux-image-2.6.26-1-xen-686
Thanks to the debian guys who put their energy into getting this solved (whoever actually made these patches, I don’t know yet) ! Still, I guess we’re all looking forward bein able to use real vanilla pv_ops kernels for dom0, as well as for domU with a full feature set…
Good news: The probably well-known (though still in beta), Xen-based service EC2 from Amazon is getting a new feature, that some(at least myself di) might have missed since a while: Elastic Block Storage! While until know, changing data on the EC2 system could only be stored in a S3 webservice or any database running on your traditional provider’s host, they now offer a service with “normal” block device storage.
While I’ve been hesitating to spend time getting into the technology and usage of this service, it seems to become quite interesting now!
There is even a clone already, that offer similar functionality (also Xen-based, and even said to be API compatible with EC2): Eucalyptus.
Joana Rutkowska and her team presented very interesting insights on Xen security, as well as attacks against it, at this years Black Hat conference in Las Vegas.
In a trilogy of talks(“Xen 0wning trilogy”), they gave information about “Subverting the Xen Hypervisor”, “Detecting and preventing the Xen hypervisor subversions”, as well as “Bluepilling the Xen hypervisor”.
In a final comment in her blog about the talks, Joana concludes: “It’s worth noting that we chose Xen as the target not because we think it’s insecure and worthless. On the contrary, we believe Xen is the most secure bare-metal hypervisor out there (especially with all the goodies in the upcoming Xen 3.3). Still we believe that it needs some improvements when it comes to security.”
Sounds like a nice last word
Read some of the highlights of the talks explained by Joana.
We have added a new project to the projects page: Ganeti
Ganeti is a tool for the management of Virtualization clusters. It offers very easy management of systems with multiple virtualization servers and deployment of instances on these. It includes user-transparent setup of mirrored disks for these nodes with DRBD, running commands on all cluster noes and distributing files on the whole cluster.
Experimental support for HVM Xen is available, and support of KVM as Hypervisor, as well as libvirt for controlling the systems is in development.
It was originally developed in house at Google for internal usage on test systems, and as 1.0 released after a while under the GPL license.