Author Archives: zkeaton

How To Shrink Attack Surfaces with a Hypervisor

A software environment’s attack surface is defined as the sum of points in which an unauthorized user or malicious adversary can enter or extract data. The smaller the attack surface, the better. Linux.com recently sat down with Doug Goldstein (https://github.com/cardoe or @doug_goldstein) to discuss how companies can use hypervisors to reduce attack surfaces and why the Xen Project hypervisor is a perfect choice for security-first environments. Doug is a principal software engineer at Star Lab, a company focused on providing software protection and integrity solutions for embedded systems.

You can read the full interview here.

Tips and Tricks for Making VM Migration More Secure

A challenge for any cloud installation is the constant tradeoff of availability versus security. In general, the more fluid your cloud system (i.e., making virtualized resources available on demand more quickly and easily), the more your system becomes open to certain cyberattacks. This tradeoff is perhaps most acute during active virtual machine (VM) migration, when a VM is moved from one physical host to another transparently, without disruption of the VM’s operations. Live virtual machine migration is a crucial operation in the day-to-day management of modern cloud environment.

Linux.com recently published an article from John Shackleton of Adventium Labs that focuses on how to recognize and avoid common attacks with VM migration. Read the full article here.

 

FOSDEM Here We Come!

It’s that time of the year again – FOSDEM is coming to Brussels February 4 – 5 and the Xen Project team will be attending again.

We’ll be at a booth with Citrix, Oracle, both Xen Project members, and Vates. Xen Orchestra, which offers a complete web UI for controlling a XenServer and Xen infrastructure, will be demoed at the booth. You can find us in section K, level 1, group C, booth 5 or to make it easier between TOR/TAILS and OpenStack.

If you want to learn more about Xen Project technology, FOSS licenses and unikernels, then we recommend you come by the booth and/or head to the following presentations:

Live patching the Xen Project hypervisor
*Happening Saturday from 11:30 – 11:55
Live patching is the process of updating software while it is running, i.e. no more reboots. This type of technology is particularly important for cloud providers who need to keep themselves up and running 24/7. This talk covers everything from the design and implementation of live patching for Xen Project software to how it differs from live patching for Linux.

Mixed License FOSS Projects
*Happening Saturday from 11:35 – 12:20
Many projects start out with the intention of staying a single license FOSS project, but as your project grows there are some different licenses that you may not have anticipated. This talk will explore unintended consequences, risks and best practices through Xen Project examples on license issues. If you are an open source project that is growing fast, this is definitely a talk you don’t want to miss.

Adventures in Building Unikernel Clouds
*Happening Saturday from 14:45 to 15:25
Unikernels are a great approach to building the next generation of cloud infrastructure – they are performant and have a small attack surface. Even though the concept of a unikernel is not new, there has not been a ton of work done in building them for the infrastructure today. This talk provides a deep dive into the various layers of infrastructure that one needs to build out their own infrastructure of unikernels.

Towards a HVM-like Dom0 for Xen: Reducing the OS burden while taking advantage of new hardware features
*Happening Saturday from 18:45 to 19:00
Xen Project hypervisor uses a microkernel design that allows multiple concurrent operating systems to run on the same hardware. One of the key features of Xen Project software is that it is OS agnostic, meaning that any OS (with proper support) can be used as a host. This talk provides an overview on the different kind of guests supported by Xen Project software and how these new hardware features are used in order to improve and evolve them. It also describes the design and implementation of a new guest type, called PVHv2, and how it can be used as a control domain (Dom0).

We look forward to seeing you there. For those who can’t attend, follow our Twitter feed for FOSDEM updates and to stay up-to-date  on what’s happening with the project.

The Power of Hypervisor-Based Containers

The modern trend towards cloud-native apps seems to be set to kill hypervisors with a long slow death. Paradoxically, it is the massive success of hypervisors and infrastructure-as-a-service during the last 15 years that enabled this trend.

Stefano Stabellini provides an overview of the rise of containers and how hypervisors are co-existing and thriving in the era of containers. Read more here.

Xen Project 2017 Predictions: The Growth and Changes of the Hypervisor in 2017 and More

Embedded systems become virtualized, IoT security concerns continue and the container community diversifies… What else will happen to the hypervisor and beyond in 2017? Two members of the Xen Project, Stefano Stabellini and James Bulpin, provide insight on where the hypervisor is going in 2017 and other virtualization and infrastructure trends to watch out for in this VMblog post.

Future of Xen Project: Video Spotlight Interview with Xen Project’s Chairperson Lars Kurth

Lars Kurth had his first contact with the open source community in 1997 when he worked on various parts of the ARM toolchain. He has since become an open source enthusiasts, worked on several open source communities, and is the chairperson of the Xen Project Advisory Board. He is also the Director of the Xen Project at Citrix.

He recently sat down to discuss why Xen Project software makes sense for the cloud and where the community and technology is heading this year in this short video. Read on for more.

The Xen Project community has flourished and grown throughout the years. The latest release from the Xen Project (Hypervisor 4.6) produced the best quality and quantity of contributors from cloud providers, software vendors, hardware vendors, academic researchers and individuals.

The Xen Project entices new users to join with its high energy and inclusive nature. It periodically hosts hackathons to give developers the opportunity to meet face to face, to discuss development, coordinate, write code, and collaborate with other developers. The Project will have its next hackathon at ARM’s headquarters in Cambridge on April 18 – 19.

Since the Xen Project became a collaborative project under the Linux Foundation tutelage in 2013, the technology has been able to break into a lot of new use cases, most notably automotive and embedded — check out GlobalLogic’s use of Xen on Linux.com if you haven’t read it already. These recent innovations areas have also been very beneficial to traditional Xen Project use cases. For example, Automotive real-time scheduling is not only important for this industry, but server and data centers as they relate to things like online gaming.

From it’s inception, Xen was created for cloud computing — its early work with Amazon AWS allowed the hypervisor to create a great architecture for the cloud. It has since brought on a lot of new members and contributors to help continue to address the current and future needs of cloud computing, and will continue to innovate in new market segments from automotive to Unikernels.