Author Archives: zkeaton

Automotive, Security and the Future of the Xen Project at The Xen Project Developer and Design Summit

The Xen Developer and Design Summit schedule is now live! This conference combines the formats of the Xen Project Developer Summits with the Xen Project Hackathons. If you are part of the Xen Project’s community of developers and power users, come join us in Budapest, Hungary, July 11 – 13 for this must-attend event!

pandas-656890_1920

The conference will cover many different topic areas including community, embedded/automotive, performance, tooling, hardware, security and more. The format will include traditional panels and presentation, as well as design and problem solving sessions.

Design and problem solving session proposals will be accepted until July 7. This is a great way to meet other developers face-to-face to:

  • Discuss and advance the design and architecture of future functionality
  • Coordinate and plan upcoming features
  • Discuss and share best practices and ideas on how to improve community collaboration
  • Hear interactive sessions covering lessons learned from contributors, users and vendor

Submit your design and problem solving ideas here.

Keynotes this year are coming from Lars Kurth, Xen Project Chairperson and Director of Open Source Solutions at Citrix; Oleksandr Andrushchenko, Lead Software Engineer at EPAM Systems; Stefano Stabellini, Virtualization Architect at Aporeto; and Wei Liu, Senior Software Engineer at Citrix.

Here’s a small sampling of other speaking sessions during the conference:

Automotive

  • Dedicated Secure Domain as an Approach for Certification of Automotive Sector Solutions from Iurii Mykhalskyi of GlobalLogic
  • Harmony of CPU Scheduling Between RT Guest OS and Rich Guest OS in Automotive Virtualization from Sangyun Lee of LG Electronics

Security

  • Hypervisor-Based Security: Bringing Virtualized Exceptions Into the Game from Mihai Dontu of Bitdefender
  • Uniprof: Transparent Unikernel Performance Profiling and Debugging from Florian Schmidt of NEC

Future of Xen

  • Intel GVT-g: From Production to Upstream from Zhi Wang of Intel
  • Recent and Ongoing Xen Related Work in the Linux Kernel from Jürgen Groß of SUSE

General Hypervisor

  • Bring up PCI Passthrough on ARM from Julien Grall of ARM
  • EFI Secure Boot, Shim and Xen: Current Status of Developments from Daniel Kiper of Oracle

You can view the entire schedule here. Early bird specials for tickets (price is $250) are available until May 31st.

A special thank you to our Diamond Sponsor Citrix and Gold sponsors ARM, Intel and Superfluidity. We look forward to seeing you at the event in July, and please stay informed on Xen Project updates by following us on social (Twitter and Facebook) and registering to our xen-announce mailing list.

 

Q&A with GlobalLogic on the Xen Project and Automotive Virtualization

The Xen Project is commonly used in embedded scenarios due to its security features, light-weight architecture and open source community. These core attributes are now making it more pervasive in the automotive industry, which has similar demands to the embedded industry, especially when it comes to security requirements.

To better understand how the Xen Project is used in the automotive space, we sat down with the folks at GlobalLogic to discuss updates on its Nautilus platform, which uses the Xen Project hypervisor; why they originally chose Xen; how hypervisors generally work in the automotive space; and the company’s upcoming plans with automotive virtualization.

Last year when we talked to GlobalLogic, you mentioned that GPU Virtualization was the next phase of automotive innovation. Where are you at in terms of implementing GPU Virtualization?

We have successfully implemented our Nautilus platform’s GPU virtualization feature for several Tier 1 automotive vendors (located in Japan, the US, and Europe). This was a big win for us and we learned a lot along the way and experienced some major benefits. Mainly, GPU virtualization has eliminated almost all performance degradation during the rendering of heavy 3D graphics scenes, allowing us to create a new level of IVI systems.

Why is the hypervisor important for automotive virtualization and GPU Virtualization in general? Why is Xen Project the hypervisor of choice for you within this space?

The hypervisor allows a significant decrease to the cost of automotive production and reduces the cost of BOM because the functions that were previously executed on different CPUs can be run on separate VMs. At the same time, GPU virtualization is beneficial in the process of 2D/3D graphics rendering. Therefore, the use of hypervisor enables building systems that perform better than their more expensive completely-hardware analogues.

Moreover, there are less processors per board, which leads to higher fail-safety. Essentially, a virtual system divided into a number of small subsystems is cheaper to maintain.

At the dawn of our project, GlobalLogic engineers considered various hypervisors, and finally decided that Xen Project was the most suitable solution because it is open source and has a rich history of application in various fields. Using the Xen Project, lets us concentrate on specific vehicle-related challenges instead of reinventing a virtualization solution.

What are the top three benefits you get from using the Xen hypervisor?

The first benefit that we have experienced is the decreased time to market for the manufacturers. Secondly, our customers get demos for free – if we used a proprietary product, we couldn’t afford this. Finally, it is great to experience the constant support of the global community and the community-driven approach to vulnerability detecting and fixing that we get with the Xen Project.

Were there any challenges with implementing Xen? How did you overcome these challenges?

The main challenges that we had with Xen and GPU virtualization was related to the different based ARM platforms. To overcome this, we developed a bench of drivers and extended the environment around them.

What are the next stages of growth for with automotive virtualization? Any trends that we should watch out for?

GlobalLogic is actively working on the commercialization of the Nautilus platform. We are expanding the GPU feature to a network of customers and vehicle models. At the same time, we are expanding the functionality of virtualization in areas like self-driving, advanced driver assistance systems (ADAS), connected services, safety, etc.

How To Shrink Attack Surfaces with a Hypervisor

A software environment’s attack surface is defined as the sum of points in which an unauthorized user or malicious adversary can enter or extract data. The smaller the attack surface, the better. Linux.com recently sat down with Doug Goldstein (https://github.com/cardoe or @doug_goldstein) to discuss how companies can use hypervisors to reduce attack surfaces and why the Xen Project hypervisor is a perfect choice for security-first environments. Doug is a principal software engineer at Star Lab, a company focused on providing software protection and integrity solutions for embedded systems.

You can read the full interview here.

Tips and Tricks for Making VM Migration More Secure

A challenge for any cloud installation is the constant tradeoff of availability versus security. In general, the more fluid your cloud system (i.e., making virtualized resources available on demand more quickly and easily), the more your system becomes open to certain cyberattacks. This tradeoff is perhaps most acute during active virtual machine (VM) migration, when a VM is moved from one physical host to another transparently, without disruption of the VM’s operations. Live virtual machine migration is a crucial operation in the day-to-day management of modern cloud environment.

Linux.com recently published an article from John Shackleton of Adventium Labs that focuses on how to recognize and avoid common attacks with VM migration. Read the full article here.

 

FOSDEM Here We Come!

It’s that time of the year again – FOSDEM is coming to Brussels February 4 – 5 and the Xen Project team will be attending again.

We’ll be at a booth with Citrix, Oracle, both Xen Project members, and Vates. Xen Orchestra, which offers a complete web UI for controlling a XenServer and Xen infrastructure, will be demoed at the booth. You can find us in section K, level 1, group C, booth 5 or to make it easier between TOR/TAILS and OpenStack.

If you want to learn more about Xen Project technology, FOSS licenses and unikernels, then we recommend you come by the booth and/or head to the following presentations:

Live patching the Xen Project hypervisor
*Happening Saturday from 11:30 – 11:55
Live patching is the process of updating software while it is running, i.e. no more reboots. This type of technology is particularly important for cloud providers who need to keep themselves up and running 24/7. This talk covers everything from the design and implementation of live patching for Xen Project software to how it differs from live patching for Linux.

Mixed License FOSS Projects
*Happening Saturday from 11:35 – 12:20
Many projects start out with the intention of staying a single license FOSS project, but as your project grows there are some different licenses that you may not have anticipated. This talk will explore unintended consequences, risks and best practices through Xen Project examples on license issues. If you are an open source project that is growing fast, this is definitely a talk you don’t want to miss.

Adventures in Building Unikernel Clouds
*Happening Saturday from 14:45 to 15:25
Unikernels are a great approach to building the next generation of cloud infrastructure – they are performant and have a small attack surface. Even though the concept of a unikernel is not new, there has not been a ton of work done in building them for the infrastructure today. This talk provides a deep dive into the various layers of infrastructure that one needs to build out their own infrastructure of unikernels.

Towards a HVM-like Dom0 for Xen: Reducing the OS burden while taking advantage of new hardware features
*Happening Saturday from 18:45 to 19:00
Xen Project hypervisor uses a microkernel design that allows multiple concurrent operating systems to run on the same hardware. One of the key features of Xen Project software is that it is OS agnostic, meaning that any OS (with proper support) can be used as a host. This talk provides an overview on the different kind of guests supported by Xen Project software and how these new hardware features are used in order to improve and evolve them. It also describes the design and implementation of a new guest type, called PVHv2, and how it can be used as a control domain (Dom0).

We look forward to seeing you there. For those who can’t attend, follow our Twitter feed for FOSDEM updates and to stay up-to-date  on what’s happening with the project.

The Power of Hypervisor-Based Containers

The modern trend towards cloud-native apps seems to be set to kill hypervisors with a long slow death. Paradoxically, it is the massive success of hypervisors and infrastructure-as-a-service during the last 15 years that enabled this trend.

Stefano Stabellini provides an overview of the rise of containers and how hypervisors are co-existing and thriving in the era of containers. Read more here.