Skip to main content

2021: Xen Project, virtualization and beyond

By February 10, 2021Announcements, Commentary

This post originally appeared on VM Blog.

By George Dunlap, Advisory Board Chair for the Xen Project

The Xen Project has been around for the better part of two decades. As a leading virtualization software, that has the benefit of being both mature and open source, many predictions have already come to fruition.  We could predict that Xen would be in a satellite or a rocket, but it already is.  We could predict that Xen will help deliver your Christmas presents, but it’s been doing that for years thanks to Amazon.  We could also predict that Xen would help build an F1 car, but it’s been doing that for years, too.  Just because Xen is a common software for many of the world’s advancements and everyday conveniences, doesn’t mean we don’t have a few tricks up our sleeves.

2021 Predictions

Right out of the gate, a safe bet would be to see Xen in even more embedded devices. Xen offers the benefits of being open-source, has a mature code base and community as well as has a lean codebase making it perfectly suited for embedded use cases. In addition, the Xen Project has been making progress in its Functional Safety Special Interest Group, a key piece of mass adoption of virtualization in many embedded devices.

Another trend we will likely see is that lightweight ARM instances will become more common in public clouds.  Amazon has already started this trend with the introduction of their Graviton Processor.  With Apple Silicon now demonstrating conclusively that ARM can be made to perform competitively with x86 while retaining the power savings of the ARM platform, we expect there to be a significant renewal of interest in ARM in the cloud.

Now that we’ve covered the tablestakes, let’s dive into some more interesting predictions. As compute power for IoT grows, virtualization to allow consolidation will become more and more important.  As demand for virtualization grows, demand for VM management infrastructure will also grow.  Borrowing a page from the server world, embedded VM orchestration systems will become more common.  Systems like EVE or embedded k3s, which allow for VMs to be installed, configured, and updated with a simple, standardized configuration system will become more and more common.

When it comes to the future of Xen and virtualization, it’s always fun to shoot for the moon and, even if it ends up being a stretch. A product based on Xen will begin to be FuSa certified.  A roadmap for how certification can be achieved has already been laid out, and several concrete steps towards it have been taken.  “All” that’s needed to be done now is to generate requirements from the existing interface,  track new changes and tie them into the requirements, and address any coding style guideline changes.  That’s still a lot of work for one year, but not outside the realm of possibility.  Once Xen is certified, it will be the first open-source hypervisor to achieve safety certification.  Along with the Zephyr project, this will break new ground and pave the way for further open-source projects to be safety certified in the future.

Xen will run on a RISC-V chip with virtualization extensions.  RISC-V is a fully open architecture, not dominated by a single company.  Since emerging from academia less than 10 years ago, its governance and ecosystem is quickly maturing.  One thing that many people find attractive about RISC-V is the possibility to have build fully open, verifiable platforms from silicon to operating systems, with no “binary blobs” where nation-states or other actors could hide backdoors.  On such systems, having open hardware and firmware is critical to booting up the system securely; partitioning system functionality is also critical to keep the system secure. Xen’s architecture is designed specifically to allow this sort of “disaggregation” into small components with the minimum required privileges.  It’s no coincidence that a lot of the interest in Xen on RISC-V is coming from the QubesOS and OpenXT communities: RISC-V is seen as an opportunity to take the safety they have with Xen to the next level.  Doing a full port to a new architecture is a major undertaking, but it’s been done with Xen several times now; most recently with the ARM port.  Getting it done within a year is certainly a stretch goal, but bigger goals have been accomplished before.