Xen and the Art of Virtualization
Articles and Tips:
01 Feb 2006
The concept of virtualization--"partitioning" a machine into multiple virtual machines (VMs) to support concurrent execution of multiple operating systems--has been around for some time. Virtualization comes in the form of hardware or software. IBM introduced virtual hardware in the 1960s with System 360/67 technology and has continued to develop software virtualization technology around its z/VM mainframe operating system. Today, the primary thrust for virtualization software comes from Microsoft, VMware and the Xen open source project (for x86 and x64 hardware).
Virtualization is one of the hottest topics in all of IT. The reason? Each VM can run one or more workloads, and multiple VMs can be hosted on a single server thereby improving server utilization, reducing hardware costs and potentially software licensing costs. The utilization of UNIX servers is typically about 15-20 percent, and some machines, typically Windows machines, are underutilized because they are often configured to run only one application.
IDC predicts that spending around virtualization activities will grow to nearly $15 billion worldwide by 2009 1. Most of this spending will be on hardware to run virtualization software. IDC also predicts that more than 75 percent of all companies with over 500 employees are deploying virtual servers--servers that run virtualization software. S/390, OS/400 and UNIX systems account for most of the customer spending on virtualized servers today, but virtualization on x86/x64-based Linux and Windows systems is expected to account for much of the future spending.
Virtual Machine Architectures
Software virtualization is generally implemented via a layer of virtualization software, sometimes referred to as a VM monitor (VMM), that presents the illusion of many VMs. A VM consists of a guest operating system, one or more installed applications, management tools, virus-detection software and other tools. Each VM has some or all of the functionality of the host computer, and the guest operating system uses drivers and other functionality from the host operating system.
The partitioning of a machine to support concurrent execution of multiple operating systems poses several challenges:
VMs must be isolated from one another.
It is important to support a variety of different operating systems to accommodate the heterogeneity of popular applications.
The performance overhead introduced by virtualization should be as small as possible.
The predominant VM architecture today is depicted in Figure 1 2. The virtualization software layer manages resources between the host and guest operating systems. Open source Xen 2.0 and Microsoft Virtualization Server 2005 are examples of the virtualization software layer.
Figure 2 presents a hypervisor-based VM architecture. Xen 3.0 is an example of the hypervisor technology. A hypervisor is virtualization software that is integrated with a host operating system, such as Linux or Windows. In a hypervisor-based environment, the hypervisor would be booted first followed by the associated host operating system. The hypervisor can be viewed as sitting on top of the hardware and virtualizing resources such as CPU and memory for VMs.
In a traditional implementation of virtualization, a VM has all of the functionality of the host computer. This is referred to as full virtualization. It has the advantage that guest operating systems do not have to be modified. VMware ESX Server is an example of a full virtualization implementation. But there are some issues: certain operating system supervisor instructions must be handled by the VMM for correct virtualization, possibly resulting in a high performance cost for some operations such as creating a new application process.
Another approach to virtualization is referred to as paravirtualization. Paravirtualization avoids the performance drawbacks of full virtualization by offering a VM abstraction similar to, but not identical to, the underlying hardware. The general approach to paravirtualization requires that guest operating systems be modified prior to runtime. This approach prohibits independence of the guest operating system and virtualization software layer; however, modifications aren't required for the applications. The Xen hypervisor is based on paravirtualization.
Virtualization Assists from AMD and Intel
Intel and AMD are providing a set of hardware enhancements: Virtualization Technology (VT) and Pacifica3, respectively, that can help improve virtualization solutions on appropriately configured systems. In current processor architectures, all software runs in one of four privilege rings (ring 0 through ring 3). An operating system traditionally runs in ring 0, and applications typically run in processor ring 3.
Because the virtualization software layer must have privileged control of platform resources, the usual solution prior to, say VT, is to run the layer in ring 0, and the guest operating system in less privileged rings such as ring 1 or ring 3. Without elaborating, VT basically creates the impression that guest operating systems are running at processor ring 0 with the virtualization software layer underneath at ring -1.
Competition in the virtualization software market has already begun to heat up with vendors racing to make changes to their virtualization licensing in attempts to remain competitive. Novell has the simplest virtualization policy as well as pricing that is lower than Microsoft and Red Hat. Its virtualization licensing policy has been in effect since August 2004 when SUSE Linux Enterprise Server 9 was introduced, and using one or more virtual images on a physical processor or server does not alter the SUSE Linux Enterprise Server 9 licensing policy. For example,
If VMware virtualization software is hosted on Windows Server 2003 on a two-processor server, then one or more copies of SUSE Linux Enterprise Server 9 can run as guest operating systems at the cost of one subscription for SUSE Linux Enterprise Server 9 on a two-processor server.
If SUSE Linux Enterprise Server 9 is hosting Xen, then any number of SUSE Linux Enterprise Server 9 guests can run for the price of a single SUSE Linux Enterprise Server 9 subscription on that server. That is, one subscription will cover the host SUSE Linux Enterprise Server and any number of guest SUSE Linux Enterprise Server operating systems.
Not only does Novell have the simplest and least expensive virtualization policy, it is ahead of Microsoft and Red Hat in delivering the new hypervisor technology. Novell will have a supported preview of Xen 3.x hypervisor technology in SUSE Linux Enterprise Server for selected enterprise customers in January/February 2006 and ship Xen 3.x with the next release of SUSE Linux Enterprise Server. Red Hat will ship Xen 3.x hypervisor technology integrated with RHEL 5 about six months later than Novell, and Microsoft will not have hypervisor technology available until the second release of Windows Longhorn Server in late 2008 or 2009.
1IDC Press Release, October 18, 2005, Increasing the Load: Virtualization Moves Beyond Proof of Concept in the Volume Server Market.
2The architecture in Figure 1 is sometimes referred to as the prehypervisor VM architecture.
3The Xen project team is collaborating with Intel and AMD to optimize their virtualization products to take advantage of VT and Pacifica.
* Originally published in Novell Connection Magazine
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.