virtualized worlds: January 2008

Tuesday, January 22, 2008

Interview: Virtualization integrated into the OS



PROFOSS Raphaƫl Bauduin did an interview with me about virtualization

Why integrate virtualisation in the Operating System?
The acceptance of virtualization is growing every day. IDC already predicts a penetration of 48% (currently: 22%) for virtual servers in India in 2008. Using virtualization required noticable skill until recently. The growing number of users requires more automation mechanisms and simpler tools. As users are not as skilled as specialists interfaces and tools need to be integrated seamless and in an ergonomic way. Away from server and data center centric point of view we think about desktops, mobile, embedded and smart devices or real time systems. There's growing demand for virtualization bringing encapsulation and isolation to their respective functions. Consumer devices will need integrated virtualization.

Is virtualisation a security feature or a security risk for an OS provider?
Virtualization offers encapsulation and isolation for applications and their environments. From that point of view it is regarded a security feature since there are bluescreens and freezes. Having consolidated multiple servers and applications to a single box on the other hand makes this virtual host a more attractive target for an attack. Next to applications optimized for virtual environments we'll see environments with reduced complexity optimized to operate as a virtual host allowing only backup and system management agents next to the virtual machine monitor. The first generation of embedded hypervisors following that direction is delivered to the market.

Are management tools also to be integrated in the OS, or will this stay separated?
Tools for basic management (e.g. to start or delete virtual machines) are already integrated. We will see more functionality (HA/DR capabilities, inter host communication, etc.) in those tools. On the other hand classic management tools from the big players are not virtualization centric but focusing on business logic and processes. Those solutions are becoming aware of virtual environments more and more allowing management functions similar to those part of the virtualization offering. The next generation of tools from virtualization vendors will incorporate more functions aimed at business logic and processes due to the fact that virtualization is becoming mainstream. Yet we cannot immediately expect functionality offered by management specialists with experience accrued over decades.

Now that SUSE integrates Xen, are other choices like for example Linux-VServer still available to system administrators?
Technically it is possible to integrate some virtualization and emulation solutions, like e.g. linux/390 on z/VM on hercules on VMware, Xen on ESX, OpenVZ or Linux VServer as SUSE Xen guest. Yet we cannot expect top performance in such heterogenous environments and this would not be recommended for production use at the moment. The smaller the environment and the number of applications respectively it would make sense to combine the best from different virtualization approaches. That would require that solutions are aware of each other and have a communication interface to omit concurrent use of the very same resources typically meaning congestions.

As virtualised environments become so easy to deploy, isn't there a risk of over-virtualisation?
Virtualization brings more value and reliability to those environments. Administrators will have to weigh options and choose appropiate quality of service for a deployment. In terms of higher numbers of virtual instances management tools will evolve as well: We already see lifecycle functions in some tools. It's not unlikely to see an 'end-of-life' tag for a vm used for testing applications or temporary workforces. As well I could think of virtual machine monitors checking security, patch level, etc. prior to starting the virtual environment.
Is integrating Xen in the OS the first step to a situation where each application runs isolated in its own environment?
In IT Operations it is a classic principle for decades to isolate applications. Xen virtualization in the distribution will encourage administrators to apply that principle to more applications and services. Virtualization mangement tools will bring more automation features for virtual machines, their lifecycle and adaption of business processes. The more automation we have, the more applications will have dedicated execution environments.

Thursday, January 17, 2008

Xen 3.2 available for download


Folks,

We're pleased to announce the official release of Xen 3.2.0!

This has been a while coming, and represents the culmination of a lot of
work to improve architectural cleanliness 'under the hood', while also
providing a range of new user-visible features including:

- Xen Security Modules (XSM)
- ACPI S3 suspend-to-RAM support for the host system
- Preliminary PCI pass-through support (using appropriate Intel or AMD
I/O-virtualisation hardware)
- Preliminary support for a wider range of bootloaders in fully virtualised
(HVM) guests, using full emulation of x86 'real mode'.
- Faster emulation of standard (non-super) VGA modes for HVM guests
- Configurable timer modes for HVM guests, depending on how the guest OS
manages time-keeping
- Many other changes and enhancements across all supported machine
architectures


Download here!


Wednesday, January 09, 2008