Category Archives: User Story

A user explains how they employ Xen Project software

Xen Project Contributor Spotlight: Stefano Stabellini

The Xen Project is comprised of a diverse set of member companies and contributors that are committed to the growth and success of the Xen Project Hypervisor. The Xen Project Hypervisor is a staple technology for server and cloud vendors, and is gaining traction in the embedded, security and automotive space. This blog series highlights the companies contributing to the changes and growth being made to the Xen Project, and how the Xen Project technology bolsters their business.

contemporary-1850469_1920

Name: Stefano Stabellini
Title: Virtualization Architect
Company: Aporeto

When did you start contributing to the Xen Project?  
I started contributing to Xen Project in 2008. At that time, I was working for Citrix in the XenServer product team. I have been contributing every year since then, that makes it 10 years now!

How does contributing to the Xen Project benefit your company?
Aporeto is a cloud-native security company. By participating in Xen Project development, Aporeto gains access to the technology it needs. In fact, Xen Project is a great platform to build secure sandboxing solutions. Xen Project has always made security one of its top priorities. The clear and transparent security policy, the disaggregated architecture, and the many open source security projects based on Xen Project stand as proofs of that.

How does the Xen Project’s technology help your business?
The world of today is very different from the world when Xen Project started, but the need for solid security solutions has only increased. Xen Project distinguishes itself for providing a trustworthy foundational platform with strong security and isolation properties. At Aporeto we intend to use those properties to provide a secure runtime environment for cloud-native applications.

What are some of the major changes you see with virtualization and the transition to cloud native computing? 
Virtualization will become less about virtualizing hardware and more about providing secure execution environments for applications in different formats. For that to happen, it needs to move away from the emulation of ancient hardware devices and compatibility with aged boot processes. Virtualization is transitioning to modern, nimble, and legacy-free executing models that are a better fit for cloud-native applications.

What advice would you give someone considering contributing to the Xen Project?
Learning the intricate details of the Xen Project hypervisor can be daunting at first, but it is fun, and the community is great. My advice is never to stop learning, take nothing for granted, and empower your curiosity to discover how things work at all levels.

What excites you most about the future of Xen?
Xen is an extremely flexible platform for building vastly different disaggregated architectures. For this reason, it can be used at all levels, from Big Iron to IoT and safety critical domains. We are seeing new use-cases and new sub-projects being created, and I think the trend will only increase in the next few years. This is very exciting!

Xen Project Membership Spotlight: Citrix

The Xen Project is comprised of a diverse set of member companies and contributors that are committed to the growth and success of the Xen Project Hypervisor. The Xen Project Hypervisor is a staple technology for server and cloud vendors, and is gaining traction in the embedded, security and automotive space. This blog series highlights the companies contributing to the changes and growth being made to the Xen Project, and how the Xen Project technology bolsters their business.

contemporary-1850469_1920

Name: James Bulpin
Title: Senior Director, Technology
Company: Citrix

When did you join the Xen Project and why/how is your organizations involved?
Citrix was a founding member of the Xen Project and, through the work of XenSource, which was acquired by Citrix in 2007, has been active in the open-source Xen Project hypervisor since 2005. Personally I’ve been involved with Xen since its very early days as a research project in the early 2000s.

Citrix is a significant contributor to, consumer of, and leader in the Xen Project. The Xen Project hypervisor forms the core of our XenServer platform, which has widespread use as a free platform for general purpose server virtualization, a commercial server virtualization and cloud hosting platform, a technology component in other Citrix products, and the platform of choice for Citrix’s flagship application and desktop delivery solutions. We see the Xen Project hypervisor as a powerful, flexible and secure foundation on top of which a wide variety of products, solutions and services can be built.

How does your involvement benefit your company?
A hypervisor is a complex entity, requiring deep knowledge of many areas of technology in order to implement successfully; it requires deep knowledge of CPU virtualization instructions, interrupt and exception handling, efficient resource management (such as CPU scheduling), a wide variety of I/O virtualization mechanisms, multiple mechanisms to boot virtual machines, multiple security boundaries, and so on. By collaborating with other vendors who share our need for an efficient, flexible hypervisor, and with vendors whose technology can be enabled through the hypervisor, we are able to achieve far more than any one of us could on our own. Ultimately this allows us to bring a very sophisticated solution to our customers at a low cost.

How does the Xen Project’s technology help your business?
In addition to the Xen Project hypervisor and other components being a core part of our commercial products, Xen Project has enabled rapid multi-vendor innovation that helps us to get ahead of the competition and helps our customers solve their problems. The open-source nature of the hypervisor removes barriers to collaboration and accelerates innovation. In recent years this has allowed Citrix and its partners to be first to market with innovative solutions such as virtualized GPUs with NVIDIA and Intel, VM introspection with BitDefender, and hypervisor live patching built in collaboration with Oracle, Amazon and others.

What are some of the major changes you see with virtualization and the transition to cloud native computing?
Over time we expect to see virtualization creeping up the stack. Hypervisors and the CPU virtualization instructions they rely upon virtualize at the lowest layers; PaaS and cloud-native services are effectively performing virtualization further up the stack (e.g. a Linux container virtualizes the kernel, and a “lambda” type function virtualizes a language runtime environment).

Although we’ve seen FUD that argues that these high levels of virtualization render the lower levels obsolete, in reality the different layers of virtualization bring different values to an overall cloud computing platform. We see that cloud platforms will evolve to use multiple virtualization techniques, albeit in a more integrated fashion than we see today. For example we anticipate that platforms providing container or PaaS services will actually rely on hypervisor techniques and CPU virtualization instructions to provide a strong security boundary (particularly in a multi-tenant context) at the bottom, and use container technology, software sandboxing and other lightweight virtualization techniques on top. Such as solution will likely have a very tight integration between the layers to minimize overhead. The small, flexible, and efficient structure of the Xen Project hypervisor makes it an attractive technology to embed in a system like this.

What advice would you give someone considering joining the Xen Project?
Although many members will join with a particular goal in mind, such as adding functionality to the hypervisor to enable their own products/technology, I would recommend looking beyond that and considering how to best leverage the opportunity to collaborate with the other members. For example, adding a mechanism to Xen to enable the use of a particular piece of hardware is valuable in its own right, however using the Project to collaborate with a vendor that can exploit that mechanism and that piece of hardware and take it to a broader customer base could end up providing an ever better return on investment. I would also encourage new joiners to get involved in code and design review of other members’ contributions. This is a great way to quickly learn about Xen, helps improve the code, and fuels the necessary “give and take” model that an open source project needs to operate successfully.

What excites you most about the future of Xen?
Xen has already proven itself in a number of diverse use-cases including traditional server virtualization, large-scale cloud computing, and client virtualization. I’m excited to see Xen, as a reusable technology component, grow in new use-cases such as edge computing, automotive, aviation and aerospace. Xen’s flexibility, small footprint, and OS independence make it a good fit in these growing sectors.

 

Q&A with GlobalLogic on the Xen Project and Automotive Virtualization

The Xen Project is commonly used in embedded scenarios due to its security features, light-weight architecture and open source community. These core attributes are now making it more pervasive in the automotive industry, which has similar demands to the embedded industry, especially when it comes to security requirements.

To better understand how the Xen Project is used in the automotive space, we sat down with the folks at GlobalLogic to discuss updates on its Nautilus platform, which uses the Xen Project hypervisor; why they originally chose Xen; how hypervisors generally work in the automotive space; and the company’s upcoming plans with automotive virtualization.

Last year when we talked to GlobalLogic, you mentioned that GPU Virtualization was the next phase of automotive innovation. Where are you at in terms of implementing GPU Virtualization?

We have successfully implemented our Nautilus platform’s GPU virtualization feature for several Tier 1 automotive vendors (located in Japan, the US, and Europe). This was a big win for us and we learned a lot along the way and experienced some major benefits. Mainly, GPU virtualization has eliminated almost all performance degradation during the rendering of heavy 3D graphics scenes, allowing us to create a new level of IVI systems.

Why is the hypervisor important for automotive virtualization and GPU Virtualization in general? Why is Xen Project the hypervisor of choice for you within this space?

The hypervisor allows a significant decrease to the cost of automotive production and reduces the cost of BOM because the functions that were previously executed on different CPUs can be run on separate VMs. At the same time, GPU virtualization is beneficial in the process of 2D/3D graphics rendering. Therefore, the use of hypervisor enables building systems that perform better than their more expensive completely-hardware analogues.

Moreover, there are less processors per board, which leads to higher fail-safety. Essentially, a virtual system divided into a number of small subsystems is cheaper to maintain.

At the dawn of our project, GlobalLogic engineers considered various hypervisors, and finally decided that Xen Project was the most suitable solution because it is open source and has a rich history of application in various fields. Using the Xen Project, lets us concentrate on specific vehicle-related challenges instead of reinventing a virtualization solution.

What are the top three benefits you get from using the Xen hypervisor?

The first benefit that we have experienced is the decreased time to market for the manufacturers. Secondly, our customers get demos for free – if we used a proprietary product, we couldn’t afford this. Finally, it is great to experience the constant support of the global community and the community-driven approach to vulnerability detecting and fixing that we get with the Xen Project.

Were there any challenges with implementing Xen? How did you overcome these challenges?

The main challenges that we had with Xen and GPU virtualization was related to the different based ARM platforms. To overcome this, we developed a bench of drivers and extended the environment around them.

What are the next stages of growth for with automotive virtualization? Any trends that we should watch out for?

GlobalLogic is actively working on the commercialization of the Nautilus platform. We are expanding the GPU feature to a network of customers and vehicle models. At the same time, we are expanding the functionality of virtualization in areas like self-driving, advanced driver assistance systems (ADAS), connected services, safety, etc.

Tips and Tricks for Making VM Migration More Secure

A challenge for any cloud installation is the constant tradeoff of availability versus security. In general, the more fluid your cloud system (i.e., making virtualized resources available on demand more quickly and easily), the more your system becomes open to certain cyberattacks. This tradeoff is perhaps most acute during active virtual machine (VM) migration, when a VM is moved from one physical host to another transparently, without disruption of the VM’s operations. Live virtual machine migration is a crucial operation in the day-to-day management of modern cloud environment.

Linux.com recently published an article from John Shackleton of Adventium Labs that focuses on how to recognize and avoid common attacks with VM migration. Read the full article here.

 

The Power of Hypervisor-Based Containers

The modern trend towards cloud-native apps seems to be set to kill hypervisors with a long slow death. Paradoxically, it is the massive success of hypervisors and infrastructure-as-a-service during the last 15 years that enabled this trend.

Stefano Stabellini provides an overview of the rise of containers and how hypervisors are co-existing and thriving in the era of containers. Read more here.

Xen Project 2017 Predictions: The Growth and Changes of the Hypervisor in 2017 and More

Embedded systems become virtualized, IoT security concerns continue and the container community diversifies… What else will happen to the hypervisor and beyond in 2017? Two members of the Xen Project, Stefano Stabellini and James Bulpin, provide insight on where the hypervisor is going in 2017 and other virtualization and infrastructure trends to watch out for in this VMblog post.