Tips and Tricks for Making VM Migration More Secure

A challenge for any cloud installation is the constant tradeoff of availability versus security. In general, the more fluid your cloud system (i.e., making virtualized resources available on demand more quickly and easily), the more your system becomes open to certain cyberattacks. This tradeoff is perhaps most acute during active virtual machine (VM) migration, when a VM is moved from one physical host to another transparently, without disruption of the VM’s operations. Live virtual machine migration is a crucial operation in the day-to-day management of modern cloud environment.

Linux.com recently published an article from John Shackleton of Adventium Labs that focuses on how to recognize and avoid common attacks with VM migration. Read the full article here.

 

FOSDEM Here We Come!

It’s that time of the year again – FOSDEM is coming to Brussels February 4 – 5 and the Xen Project team will be attending again.

We’ll be at a booth with Citrix, Oracle, both Xen Project members, and Vates. Xen Orchestra, which offers a complete web UI for controlling a XenServer and Xen infrastructure, will be demoed at the booth. You can find us in section K, level 1, group C, booth 5 or to make it easier between TOR/TAILS and OpenStack.

If you want to learn more about Xen Project technology, FOSS licenses and unikernels, then we recommend you come by the booth and/or head to the following presentations:

Live patching the Xen Project hypervisor
*Happening Saturday from 11:30 – 11:55
Live patching is the process of updating software while it is running, i.e. no more reboots. This type of technology is particularly important for cloud providers who need to keep themselves up and running 24/7. This talk covers everything from the design and implementation of live patching for Xen Project software to how it differs from live patching for Linux.

Mixed License FOSS Projects
*Happening Saturday from 11:35 – 12:20
Many projects start out with the intention of staying a single license FOSS project, but as your project grows there are some different licenses that you may not have anticipated. This talk will explore unintended consequences, risks and best practices through Xen Project examples on license issues. If you are an open source project that is growing fast, this is definitely a talk you don’t want to miss.

Adventures in Building Unikernel Clouds
*Happening Saturday from 14:45 to 15:25
Unikernels are a great approach to building the next generation of cloud infrastructure – they are performant and have a small attack surface. Even though the concept of a unikernel is not new, there has not been a ton of work done in building them for the infrastructure today. This talk provides a deep dive into the various layers of infrastructure that one needs to build out their own infrastructure of unikernels.

Towards a HVM-like Dom0 for Xen: Reducing the OS burden while taking advantage of new hardware features
*Happening Saturday from 18:45 to 19:00
Xen Project hypervisor uses a microkernel design that allows multiple concurrent operating systems to run on the same hardware. One of the key features of Xen Project software is that it is OS agnostic, meaning that any OS (with proper support) can be used as a host. This talk provides an overview on the different kind of guests supported by Xen Project software and how these new hardware features are used in order to improve and evolve them. It also describes the design and implementation of a new guest type, called PVHv2, and how it can be used as a control domain (Dom0).

We look forward to seeing you there. For those who can’t attend, follow our Twitter feed for FOSDEM updates and to stay up-to-date  on what’s happening with the project.

The Power of Hypervisor-Based Containers

The modern trend towards cloud-native apps seems to be set to kill hypervisors with a long slow death. Paradoxically, it is the massive success of hypervisors and infrastructure-as-a-service during the last 15 years that enabled this trend.

Stefano Stabellini provides an overview of the rise of containers and how hypervisors are co-existing and thriving in the era of containers. Read more here.

Xen Project 2017 Predictions: The Growth and Changes of the Hypervisor in 2017 and More

Embedded systems become virtualized, IoT security concerns continue and the container community diversifies… What else will happen to the hypervisor and beyond in 2017? Two members of the Xen Project, Stefano Stabellini and James Bulpin, provide insight on where the hypervisor is going in 2017 and other virtualization and infrastructure trends to watch out for in this VMblog post.

What’s New with Xen Project Hypervisor 4.8?

I’m pleased to announce the release of the Xen Project Hypervisor 4.8. As always, we focused on improving code quality, security hardening as well as enabling new features. One area of interest and particular focus is new feature support for ARM servers. Over the last few months, we’ve seen a surge of patches from various ARM vendors that have collaborated on a wide range of updates from new drivers to architecture to security.

We are also pleased to announce that Julien Grall will be the next release manager for Xen Project Hypervisor 4.9. Julien has been an active developer for the past few years, making significant code contributions to advance Xen on ARM. He is a software virtualization engineer at ARM and co-maintainer of Xen on ARM with Stefano Stabellini.

This release also marks the start of our first 6-month release cycle. Despite the shorter timeframe and putting more thorough security processes in place, we have maintained development momentum for Xen Project Hypervisor.

We’ve also worked with the Debian community to bring Xen Project Hypervisor 4.8 to the upcoming release (codename “Stretch”).

Here are the categories with updates to highlight in 4.8

  • Hypervisor General
  • Hypervisor x86
  • Hypervisor ARM
  • Toolstack
  • Xen Project Test Lab
  • Misc.

Hypervisor General

  • Credit2 scheduler is now supported: Compared to the default Credit scheduler, the Credit2 scheduler is more scalable and better at supporting latency sensitive workloads such as VDI, video and sound delivery, as well as unikernel applications. Credit2 is still based on a general purpose, weighted fair share, scheduling algorithm unlike some of the more specialized Xen Project schedulers such as RTDS and ARINC653.
  • Domain creation time optimisation: An optimisation to TLB flush is introduced to greatly reduce the number of flushes needed during domain creation. This has lead to the reduction of domain creation time for very large domains (with hundreds of gigabytes of RAM) from a few minutes to tens of seconds.
  • XSM policy is refactored and cleaned up: XSM policy files are refactored and cleaned up so that they are better organised and easier to understand. If configured, we can also now attach the in-tree default policy to Xen binary, so there is no need to load the default policy via boot loader.
  • Live Patching hook support: Live Patching is now able to look for the “hooks” section in the payload and execute code from there. This update gives the patch author more control in modifying data and code.

Hypervisor x86

  • CPUID faulting emulation: This makes CPUID fault in HVM userspace program without hardware support.
  • PVCLOCK_TSC_STABLE_BIT support: This greatly improves user space performance for time related syscalls.
  • Intel AVX-512 instructions support: These instructions offer higher performance for the most demanding computational tasks. They represent a significant leap to 512-bit SIMD support. This enables processing of twice the number of data elements that AVX/AVX2 can process with a single instruction and four times that of SSE.
  • PVH v2 DomU ABI is stabilised: The DomU guest ABI for PVH v2, without PCI passthrough support, is stabilised. Guest operating system developers can start porting OSes to this mode, which is simpler and gives them all the goodies that hardware and software provide.

Hypervisor ARM

  • Xen Project 4.8 ARM DomU ACPI support is now able to build ARM64 guests with ACPI support, such as Red Hat Enterprise Linux Server for ARM Development Preview (available via Partner Early Access Program). It can also run unmodified Xen on ARM.
  • Alternative patching support: This enables the hypervisor to apply workarounds for erratas affecting the processor and to apply optimizations specific to a CPU.
  • Live Patching initial support: Live Patching now supports both ARM32 and ARM64 platforms.
  • Support for Xilinx® Zynq® UltraScale+™ MPSoC: Xen Project Hypervisor 4.8 comes with support for the Xilinx Zynq UltraScale+ MPSoC making it much easier for Xilinx customers to integrate Xen into their solution.

Toolstack

  • Split out and re-license libacpi: The code inside hvmloader to construct guest ACPI tables is split out as a separate library libacpi, which is now shared across x86 and ARM. The code is re-licensed from GPL to LGPL.
  • HVM USB passthrough: It is now possible to passthrough USB devices to HVM guests with the help of QEMU.
  • Load BIOS via libxl: It is now possible to provide arbitrary BIOS binary to the guest making it easier to integrate and test Xen.
  • Libxl device handling framework: The device handling code inside libxl is reworked so that it is more extensible and easier to maintain.

Xen Project Test Lab

  • XTF is integrated into OSSTest: XTF is a micro-VM based test framework. It is now integrated into OSSTest and gates pushing patches to all supported Xen branches. This would help the project identify functional and security regressions more easily and quickly.

Misc.

  • Mini-OS ported to PVH v2: With the stabilization of PVH v2 DomU ABI, we are now confident to port mini-os to that mode. This would serve as an example to port guest OSes to PVH v2, as well as a foundation to more interesting micro-VM based work like building stub domains. The latter (stub domains) is a differentiator to other hypervisors, and could greatly enhance the security and scalability of Xen Project Hypervisor.
  • Mini-OS now supports ballooning up: Ideally, a service domain would need to dynamically adjust the memory it consumes, either voluntarily or via obeying command from hypervisor. This is an important feature to make Mini-OS based service domains more flexible in terms of memory consumption, which is one step towards that goal. Support for ballooning down Mini-OS is under development.

Summary

Despite the shorter release cycle, the community developed several major features, and found and fixed many more bugs. It is also rather impressive to see multiple vendors collaborate on the Xen Project Hypervisor to drive multiple projects forward. Major contributions for this release come from ARM, BitDefender, Bosch, Citrix, Freescale, Intel, Linaro, Oracle, Qualcomm, SUSE, Star Lab, the US National Security Agency, Xilinx, Zentific, and a number of universities and individuals.

Over the last year, contributors with strong security and embedded backgrounds have joined the Xen Project allowing us to  continue to focus on performance and flexibility without sacrificing security and reliability. Xen Project Hypervisor continues to move forward thanks to amazing efforts from companies developing products based on the hypervisor, such as XenServer 7 and Bitdefender Hypervisor Introspection, and novel new developments with Live Patching and Virtual Machine Introspection.

In this release, we took a security-first approach and spent a lot of energy to improve code quality and harden security. This inevitably slowed down the acceptance of new features a bit, but not enough to reach meaningful balance between mature security practice and innovation.

On behalf of the Xen Project Hypervisor team, I would like to thank everyone for their contributions (either in the form of patches, bug reports or packaging efforts) to the Xen Project. Please check our acknowledgement page, which recognizes all those who helped make this release happen.

The source can be located in the http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.8 tree (tag RELEASE-4.8.0) or can be downloaded as tarball from our website. More information can be found at

Please Welcome Our New Release Manager

Dear community members,

I’m pleased to announce that Julien Grall <julien.grall@arm.com> will be the Release Manager for the next Xen release.

The appointment was voted by the Committers and the vote passed.

Julien has done excellent jobs in many aspects. He has been an active  developer for the past few years and contributed a lot of code for Xen on ARM. He has been doing a good job in co-maintaining Xen on ARM with Stefano Stabellini. Particularly in 4.8 release, he showed his ability to make balanced decisions and influence other contributors to move various projects forward. He also expressed desire to work with greater Xen community and make bigger impact.

All in all, we believe Julien will do a good job in managing the next release. Thanks Julien for stepping up.

Regards,
Wei Liu (on behalf of the Xen Project Hypervisor team)