Xen Project Introduces the Unikraft Unikernel Project

Xen Project Introduces the Unikraft Unikernel Project

Unikraft aims to simplify the process of building unikernels through a unified and customizable code base

SAN FRANCISCO, December 5, 2017 – The Xen Project, hosted by The Linux Foundation, today announced the formation of Unikraft. Unikraft is an incubation project under the Xen Project focused on easing the creation of building unikernels, which compile source code into a lean operating system that only includes the functionality required by the application logic.

The current generation of cloud computing requires workloads that are efficient, fast and secure. Containers are encouraging new ways of looking at the operating system. These trends are driving innovations with unikernels that allow developers to include only the bare minimum of traditional OS components to create lean, efficient, and fast-to-boot applications with an extra degree of isolation for environments like microservices, embedded devices, IoT, and automotive, among many others.

A long-time advocate of unikernels, the Xen Project supports initiatives like MirageOS, a library operating system that constructs unikernels for secure, high-performance network applications. The Xen Project is compatible with HaLVM, a port of the Glasgow Haskell Compiler toolsuite that enables developers to write high-level, lightweight virtual machines that can run directly on the Xen Project hypervisor. Galois originally developed HaLVM to allow for quick and easy prototyping of operating system components; however, it can also operate as a network appliance.

While many projects focus on building out unikernel components, a single unified code base with a modular architecture, like Unikraft’s, is needed to make the process of building unikernels quick, fast, and easily accessible to more developers.

“Unikernels provide a tremendous opportunity for those who are looking to ship workloads quickly and efficiently with isolation to eliminate security risk, but the complexity of building unikernels have stymied this technology’s time-to-market,” said Dr. Felipe Huici, Chief Researcher, Systems and Machine Learning Group, NEC Laboratories Europe. “Unikraft is on a mission to bring unikernels to market faster through an unified code that is customizable to meet the needs of a wide range of applications, and even runtime-specific unikernels, like MirageOS.”

“We are seeing a growing trend and interest around unikernels from inside and outside the Xen Project community with commits growing daily from a range of vendors in the embedded, automotive, enterprise application space, and more,” said Lars Kurth, Chairperson of the Xen Project. “We look forward to helping incubate this project and furthering collaboration within the unikernel community.”

Customizable Architecture Provides Flexibility

The Unikraft architecture consists of two basic components to make the process of building unikernels more fluidly: library pools and a build tool.

Library pools act as building blocks in creating customizable unikernels on top of a consistent code base. The library pools include:

  • Architecture libraries: Containing libraries specific to a computer architecture (e.g., x86_64, ARM32, or MIPS).
  • Platform Libraries: Allowing users to select platforms like Xen, KVM, bare metal, and user-space Linux.
  • Core libraries: Consisting of a rich set of functionality, which includes components like drivers (both virtual such as netback/netfront and physical such as ixgbe), filesystems, memory allocators, schedulers, network stacks, runtimes (e.g. a Python interpreter), and debugging and profiling tools.
  • External libraries: Ports of standard libs (e.g., libc, openssl) to the Unikraft system.

Automating the Unikernel Build Process

The Unikraft build tool compiles the application and the selected libraries together to create a binary for a specific platform and architecture (e.g., Xen on x86_64). The tool is inspired by the popular Linux kconfig system and consists of a set of Makefiles allowing users to select libraries, to configure them, and to receive warnings when library dependencies are not met.

To create a simple application, the user simply implements a main() function, fills out a simple Makefile and runs “make menuconfig”, where he or she selects from the libraries described above and configures the image, choosing, in the process, the target platform(s). The user then saves the configuration, types “make”, an Unikraft automatically generates the images, one per selected platform. This means that application developers no longer have to target a particular platform; in essence, with Unikraft, they get multiple platform support for free.

NEC Laboratories Europe, the European labs of NEC’s research branch focused on software research in the areas of IoT, data science and security and networking, is the main driving force behind Unikraft and is providing the initial implementation for this project.

The Xen Project will provide Unikraft with basic infrastructure and marketing support. Unikraft uses the 3-Clause BSD license and is available for download here. For more information on how to get involved in the project, the website is here.

About Unikraft

Unikraft is a project that aims to simplify the process of building unikernels. The architecture consists of customizable libraries and a build tool to create quick, fast and lean applications for embedded, IoT and automotive use cases, and more. Unikraft is an incubation project of the Xen Project, which provides basic infrastructure and marketing support to help a project to progress. For more information about Unikraft and to participate, please visit https://xenproject.org/developers/teams/unikraft.html.

Additional Resources

New Features in Xen Project 4.9 Provide Better Usability in Automotive and Embedded

Updates include increased security to protect against QEMU compromises, features that lay the foundation for the next generation of cloud-native platforms, and more

 

SAN FRANCISCO, June 28, 2017 – Xen Project, hosted at The Linux Foundation, today announced the release of Xen Project Hypervisor 4.9. The latest release focuses on advanced features for embedded, automotive and native-cloud-computing use cases, enhanced boot configurations for more portability across different hardware platforms, the addition of new x86 instructions to hasten machine learning computing, and improvements to existing functionality related to the ARM® architecture, device model operation hypercall, and more.

The Xen Project continues to see growth in embedded and automotive environments as more companies look to expand virtualization to embedded devices while continuing to reap the benefits of the hypervisor, including cost savings due to consolidation; abstraction of the hardware to allow applications to be decoupled from hardware specifics; and the benefit of hardware-based isolation to better protect against software defects and to contain failures. In addition, more contributions are beginning to lay the foundation for hypervisor features and benefits in cloud-native platforms.

“Contributions with the Xen Project have greatly expanded over the last few years, and we are seeing more companies participating in the project with an eye toward automotive, embedded, security, and native-cloud computing,” said Lars Kurth, Chairperson of the Xen Project Advisory Board. “We are very excited to see this engagement from a community standpoint as these additional contributors help the Xen Project progress in embedded, automotive and security, but also conversely help our more traditional stronghold environments like in server virtualization, Infrastructure as a Service, and desktop virtualization.”

Expanding Xen Project Features in Embedded and Automotive

  • The "null" scheduler, which enables use cases where every virtual CPU can be assigned to a physical CPU removing almost all of the scheduler overheads in automotive and embedded environments. Usage of the “null” scheduler guarantees near zero scheduling overhead, significantly lower latency, and more predictable performance.
  • The new vwfi parameter for ARM (virtual Wait For Interrupt) allows fine-grained control of how the Xen Project Hypervisor handles WFI (Wait for Interrupt) instructions. Setting vwfi to "native" reduces interrupt latency by approximately 60%. Benchmarks on Xilinx® Zynq®  Ultrascale+™  MPSoCs have shown a maximum interrupt latency of less than 2 microseconds, which is extremely close to hardware limits and small enough for the vast majority of embedded use cases.
  • Xen 4.9 includes new standard ABIs for sharing devices between virtual machines (including reference implementations) for a number of embedded, automotive and cloud native computing use cases.

    For embedded/automotive a virtual sound ABI was added implementing audio playback and capture as well as volume control and the possibility to mute/unmute audio sources. In addition a new virtual display ABI for complex display devices exposing multiple framebuffers and displays has been added. Multi-touch support has been added to the virtual keyboard/mouse protocol (enabling touch screens).

Laying the Foundation for the Next Generation of Cloud-Native Computing

During the Xen 4.9 release cycle, a Xen 9pfs frontend was upstreamed in the Linux kernel and a backend in QEMU. It is now possible to share a filesystem from one virtual machine to another, which is a requirement for adding Xen Project support to many container engines, such as CoreOS rkt.

The PV Calls ABI has also been introduced to allow forwarding POSIX requests across guests: a POSIX function call originating from an app in a DomU can be forwarded and implemented in Dom0. For example, guest networking socket calls can be executed to Dom0, enabling a new networking model which is a natural fit for cloud-native apps.

 

Contributions for this release of the Xen Project hypervisor came from Amazon, AMD Aporeto, ARM, BitDefender, Citrix, EPAM, Fujitsu, Huawei Technologies, Intel, Invisible Things Lab, Nokia, Oracle, Star Lab, Suse, Xilinx, Zentific, and a number of universities and individuals. The Xen Project continues to see contributions go up release after release. This release had 25% more contributors to the core hypervisor, and an increase of 17% of contributions coming from the hypervisor, tests, and other related components.

Additional new features and Improvements to existing functionality include:

  • Boot Xen on EFI platforms using GRUB2 (x86): from Xen Project 4.9 and GRUB2 2.02 onwards, the Xen Project Hypervisor can be booted using the multiboot2 protocol on legacy BIOS and EFI x86 platforms. Partial support for the multiboot2 protocol was also introduced into network boot firmware (iPXE). This makes the Xen Project boot process much more flexible; boot configurations can be changed directly from within a bootloader (without having to use text editors) and boot configurations are more portable across different platforms.
  • DMOP (Device Model Operation Hypercall): In Xen 4.9 the interface between Xen Project software and QEMU was completely re-worked and consolidated. There is now only a single hypercall in Xen (the DMOP hypercall) that is carefully designed to allow the privcmd driver to audit any QEMU memory ranges and parameters that are passed to Xen via DMOP. The Linux privcmd driver enables DMOP auditing, which significantly limits the capability of a compromised QEMU to attack the hypervisor.
  • Alternative runtime patching and GICv3 support for ARM 32-bit guests: Alternative runtime patching enables the hypervisor to apply workarounds for erratas affecting the processor and to apply optimizations specific to a CPU and GICv3 support was extended for 32-bit ARM platforms, bringing this functionality to embedded use-cases.
  • System Error Detection (ARM): Xen on ARM made a step forward in reliability and serviceability with the introduction of System Error detection and reporting, a key feature for customers with highly available systems.
  • Intel and x86 Feature Support: The latest version of the Xen Project hypervisor adds the support of Neural Network Instructions AVX512_4VNNIW and Multiply Accumulation Single precision AVX512_4FMAPS as subfamilies of AVX512 instruction sets. With these instructions enabled in Xen for both HVM and PV guests, programs in guest OSes can take full advantage of these important instructions to speed up machine learning computing. This Xen release also further enhances VT-d Posted Interrupt (PI) optimization, Machine Check Exception(MCE) handling, and more.
  • GCOV support: We removed the old GCOV implementation and replaced it with an updated version that supports more formats and exposes a more generic interface.

Comments from Xen Project Users and Contributors

"PVCalls and Xen 9pfs lay the foundation for next generation of cloud-native platforms,” said Stefano Stabellini, Virtualization Architect at Aporeto. “They enable Xen Project software integration in container engines such as CoreOS rkt. More importantly, Xen Project software with PVCalls and 9pfs support will allow better, simpler protection for cloud-native apps because it provides security by default with a smaller overhead than traditional virtualization."

“Xen plays an important role in the future of embedded systems and the next generation of data centers and cloud computing,” said Philippe Robin, Director of Open Source, ARM. “Performance, efficiency and reliability are fundamental attributes of the ARM architecture, and enabling lower interrupt latency and the inclusion of features to better support system error detection is a big step forward in improving reliability and serviceability, while maintaining the right levels of performance.”

“Native support of key peripherals is important to increase the Xen Project hypervisor footprint in the embedded systems domain,” said Alex Agizim, CTO Automotive & Embedded Systems, EPAM. “It is essential to isolate exposed and potentially vulnerable software from hardware and other mission-critical parts in cloud-connected devices. Standardized PV ABIs for sound, display and input provide a simple and reliable way to build a fully interactive digital cockpit solution for the connected vehicle. The latest Xen Project release encourages a wider adoption of the Xen Project Hypervisor in automotive, industrial and IoT applications.”

“Intel is committed to furthering open cloud and virtualization technologies to help data centers transform today’s massive amounts of data into meaningful insights,” said Imad Sousou, Vice President and General Manager, Intel Open Source Technology Center. “Working across the industry, Intel helps to ensure that open virtualization hypervisors, such as the Xen Project, are optimized for the latest Intel® platforms, delivering maximum flexibility, security and value.”

“We are continuing to see a need for low interrupt latency in both the embedded space as well as in traditional and native-cloud computing environments,” said Edgar Iglesias, Principal Engineer at Xilinx. “The Xen Project hypervisor continues to deliver features and improvements with each release to make it easier for us to create new programmable technology for next generation systems. Congratulations to all those that participated in the development of Xen Project 4.9 for creating another solid and essential release.”

 

Xen Project will be hosting its annual conference, Xen Project Developer and Design Summit from July 11 to July 13 in Hungary, Budapest. The conference brings together the Xen Project’s community of developers and power users to determine the future of the project and to share knowledge around best practices with the Xen Project in embedded, automotive, cloud, security environments and more.

Additional Resources

About Xen Project

Xen Project software is an open source virtualization platform licensed under the GPLv2 with a similar governance structure to the Linux kernel. Designed from the start for cloud computing, the Project has more than a decade of development and is being used by more than 10 million users. A project at The Linux Foundation, the Xen Project community is focused on advancing virtualization in a number of different commercial and open source applications including server virtualization, Infrastructure as a Services (IaaS), desktop virtualization, security applications, embedded and hardware appliances. It counts many industry and open source community leaders among its members including: Alibaba, Amazon Web Services, AMD, ARM, Cavium, Citrix, Huawei, Intel, Oracle, Qualcomm, and Rackspace. For more information about the Xen Project software and to participate, please visit XenProject.org.

###

Media Contact
Zibby Keaton
Xen Project
208-290-4853
zkeaton@linuxfoundation.org

Xen Project’s MirageOS Expands its Ecosystem in Latest Release

Innovative unikernel open source project increases commercial use cases and improves ease of use with contributions from Docker, IBM, Citrix and more

SAN FRANCISCO, February 23, 2016 – The Xen Project, a project hosted at The Linux Foundation, today announced the release of MirageOS v3.0. The new version includes support and tooling that allows MirageOS unikernels to target additional hypervisors such as KVM and FreeBSD’s bhyve. MirageOS 3.0 also provides building blocks that can be used within traditional applications for advanced features and capabilities like out-of-the-box VPN support in native applications.

The current generation of cloud computing requires workloads that are efficient, fast and secure. Unikernels allow developers to include only the bare minimum of traditional operating system components to create lean, efficient, and fast-to-boot applications, whether they are working with microservices, embedded devices, or IoT. The open source MirageOS ecosystem now consists of hundreds of these systems building blocks that can be combined with application code into single-purpose unikernels or be used as components.

"Interest in unikernels continues to grow, and with the release of MirageOS v3.0, including the contribution of KVM support from IBM research, developers can enjoy an expanded set of target platforms. With MirageOS in widespread usage as a key component of Docker for Mac and Windows, and Docker Inc’s ongoing support of the project, the MirageOS ecosystem looks well placed for a strong future." – Fintan Ryan, industry analyst at RedMonk

New Targets for MirageOS: Expanding its Ecosystem

MirageOS v3.0 adds new targets for virtio and ukvm via the Solo5 unikernel base contributed by IBM. The virtio target allows deployment of unikernels onto KVM/QEMU and FreeBSD’s bhyve. The new ukvm target extends the unikernel philosophy of modularity and “only what is required” to the next layer down, creating a monitor with thinner interfaces that are specialised to the guest unikernel.

"Unikernels are emerging in response to needs for an ever-more responsive and secure cloud. This technology has the potential to influence cloud applications, serverless computing, network function virtualization, and Internet of Things, making these platforms more efficient and secure. IBM Research is excited to be part of the MirageOS 3.0 release. Through contributions like the Solo5 unikernel base and 'ukvm', we are helping lay the foundation for new ways of using the cloud in the cognitive era." – Giovanni Pacifici, Vice President of Cloud and Cognitive Platform at IBM Research

Real world deployments of MirageOS

A number of use cases that illustrate the versatility and the high-growth potential of MirageOS have emerged since its inception in December 2013, including:

  • Docker for Mac and Windows used MirageOS to provide the filesystem and networking translation layers between OSX, Windows and Linux, allowing for a more seamless user experience on the most popular operating systems.

  • "Using MirageOS libraries as building blocks helped us accelerate development on Docker for Mac and Windows. By using the MirageOS TCP/IP stack, we enabled a critical feature for customers on enterprise networks — that Docker for Mac can be used even when connected to restrictive corporate VPNs. We're excited that users now have an integrated environment for building, assembling and shipping applications from Mac or Windows.” - Patrick Chanezon, Chief Developer Advocate at Docker

  • Ericsson Research in Silicon Valley have demonstrated a new standalone software platform concept to unify automation, orchestration and the compilation of a designated set of Network Function Virtualization (NFV) platforms. These platforms do not rely on current cloud orchestration or software-defined network technologies, but instead introduce the concept of ‘nanoservices’ that are orchestrated by MirageOS unikernels and Xen.

  • By applying unikernel technology to the NFV space, Ericsson Research demonstrated a set of specialized highly secure and stable ‘nano-NFVs’ that can easily be streamed into its next-gen cloud with better performance and security than existing NFVs.

    “Applying Unikernel technology and MirageOS offered Ericsson Research a new way of innovating, designing and implementing a new event-driven framework that we used for a technical PoC. We are looking forward to applying the new features of MirageOS 3.0 to further explore possibilities for optimizing our prototype.” – Per Karlsson, Head of Ericsson Research Silicon Valley

Improvement to User Experience and General Growth

Contributions to the project have vastly grown creating a more stable base of libraries and tooling. User experience has improved in many different areas including the build, packaging and release process, debugging and logging, workflow to simplify the development phase, and documentation. A full list of user experience improvements is recorded in the MirageOS blog.

Since its last major release in June 2014, the project has received an uptick in interest and contributions from research groups and now has over 350 contributors across hundreds of repositories. This includes Mindy Preston, the current release manager, who first came to the project as a Xen Project Outreachy intern. Outreachy is an organization that helps people from groups underrepresented in free and open source software get involved.

“Having a healthy open source community is essential in the growth and vitality of incubation projects that the Xen Project fosters. MirageOS has done a great job of activating its community to create more tooling and use cases for this project and unikernels in general. We look forward to seeing this project continue to mature and expand as we believe that unikernels are the next wave of instrumenting applications for the current and future needs of cloud computing.” – Lars Kurth, Chairperson of the Xen Project Advisory Board

For more information about MirageOS and to participate, please visit mirage.io. In addition, please find the following links for:

About MirageOS

MirageOS is an open source project led by Dr. Anil Madhavapeddy of the Systems Research Group at the University of Cambridge. Additional contributors include developers from Citrix, Docker, IBM, the FreeBSD Core Team, Galois, Jane Street, OCamlPro, and a growing number of individual contributors. Institutional and grant support for MirageOS comes from OCaml Labs, Horizon Digital Economy Research, the User Centric Networking, Networks as a Service, Contrive, and Databox projects, as well as Jane Street. MirageOS is an incubation project of the Xen Project, which provides basic infrastructure and marketing support to help a project to progress. For more information about MirageOS and to participate, please visit mirage.io.

About Xen Project

Xen Project software is an open source virtualization platform licensed under the GPLv2 with a similar governance structure to the Linux kernel. Designed from the start for cloud computing, the Project has more than a decade of development and is being used by more than 10 million users. A Project at The Linux Foundation, the Xen Project community is focused on advancing virtualization in a number of different commercial and open source applications including server virtualization, Infrastructure as a Services (IaaS), desktop virtualization, security applications, embedded and hardware appliances. It counts many industry and open source community leaders among its members including: Alibaba, Amazon Web Services, AMD, ARM, Cavium, Citrix, Huawei, Intel, Oracle, Qualcomm, and Rackspace. For more information about the Xen Project software and to participate, please visit XenProject.org.

###

Media Contact
Zibby Keaton
Xen Project
208-290-4853
zkeaton@linuxfoundation.org

Xen Project Welcomes Qualcomm to its Advisory Board

A world leader in next-generation wireless technologies joins open source project to accelerate ARM-server and hyperscale cloud development

SAN FRANCISCO, December 19, 2016 - The Xen Project, a project hosted at The Linux Foundation, today announced that Qualcomm Technologies, Inc., a subsidiary of Qualcomm Incorporated, is a new Advisory Board member. Qualcomm Technologies actively contributes to the Xen Project hypervisor and is increasing its support for the foundational open source technologies that enable hyperscale cloud computing.

The Xen Project hypervisor is often first-to-market in offering support for the latest features in ARM and is heavily committed to pushing its technology forward with ARM-based servers. Xen Project virtualization has a lean architecture that is perfectly suited to ARM architecture-based solutions for data center applications, energy-efficient cloud operations as well as embedded applications.

"Qualcomm Technologies is committed to supporting many open source communities that power the foundation of hyperscale cloud computing, including Xen Project," said Elsie Wahlig, director of product management, Qualcomm Datacenter Technologies. "As an advisory board member and through our code contributions, we are working to continue to make the Xen Project hypervisor a first-class hypervisor for the ARM architecture."

Qualcomm Technologies is one of the top 10 contributors to the Xen Project’s latest release 4.8, which was released in early December. Qualcomm Technologies’ contributions include ARM enablement and bug fixes. The Xen Project continues to focus on improving performance, enhancing security and management, and fine-tuning the hypervisor for better ARM support to capitalize on new developments with mobile, cloud and web-scale computing.

"Xen Project virtualization has continually helped advance the server space and supports some of the largest clouds in production today," said Lars Kurth, advisory chairperson for the Xen Project. "We're excited to welcome Qualcomm Technologies as a new advisory board member. By stepping up their commitment to the Xen Project, Qualcomm Technologies is making a commitment to advance Xen Project virtualization now and into the future."

Qualcomm Technologies joins 15 advisory board members who are committed to the segment and technical success of the Xen Project hypervisor. Member involvement includes, financial support, technical contributions and high-level policy guidance.

About Xen Project

Xen Project software is an open source virtualization platform licensed under the GPLv2 with a similar governance structure to the Linux kernel. Designed from the start for cloud computing, the Project has more than a decade of development and is being used by more than 10 million users. A Project at The Linux Foundation, the Xen Project community is focused on advancing virtualization in a number of different commercial and open source applications including server virtualization, Infrastructure as a Services (IaaS), desktop virtualization, security applications, embedded and hardware appliances. It counts many industry and open source community leaders among its members including: Alibaba, Amazon Web Services, AMD, ARM, Bromium, Cavium, Citrix, Huawei, Intel, Oracle, Qualcomm, and Rackspace. For more information about the Xen Project software and to participate, please visit XenProject.org.

###

Media Contact
Zibby Keaton
Xen Project 
208-290-4853 
zkeaton@linuxfoundation.org

Xen Project Hypervisor Continues to Expand into Embedded Use Cases in Latest Release

Updates focus on ARM server enhancements, security hardening and quality code

SAN FRANCISCO, December 7, 2016 – The Xen Project, hosted at The Linux Foundation, today announced the release of Xen Project Hypervisor 4.8. The latest release focuses on advanced embedded use cases, features to support security-first environments and continued advancement in support of ARMv8-A® based servers. Xen Project technology continues to see growth in these environments due to its flexibility, extensibility and customizability.

As the demand for 64-bit ARMv8-A data centers builds, Xen Project continues to lead by delivering advanced ARM server feature support. Xen Project Hypervisor 4.8 provides initial support for ARM server Live Patching. This allows users to apply security fixes to the Xen Project hypervisor without rebooting, providing five-to-nine reliability for ARM servers. The new feature, available as a preview, also supports the needs of security-first embedded uses cases, such as automotive and avionics.

Over the last year, contributors with strong security and embedded backgrounds have joined the Xen Project. Furthering its stronghold in embedded and security, the project now supports GICv2m (an interrupt controller with MSI capabilities), mmio-sram and IO memory regions with special caching requirements.

“New functionality added to the Xen Project for market segments like automotive, aviation, embedded and security have turned out to be valuable building blocks for traditional server virtualization and hyperscale clouds,” said Lars Kurth, chairperson of the Xen Project. "Some of the innovations contributed by vendors from these segments have helped increase performance, scalability and reduced latency for general workloads, while others led to a more flexible and customizable software architecture that benefit all users of the Xen Project hypervisor and positions us well for future growth across all market segments.”

In the 4.8 release, the general purpose Credit2 scheduler is now supported for production use. Compared to the default Credit scheduler, the Credit2 scheduler is more scalable and is better at supporting latency sensitive workloads such as VDI, video and sound delivery, as well as unikernel applications. Credit2 is still based on a general purpose, weighted fair share, scheduling algorithm unlike some of the more specialized Xen Project schedulers such as RTDS and ARINC653.

Major contributions for this release come from ARM, BitDefender, Bosch, Citrix, Freescale, Intel, Linaro, Oracle, Qualcomm, SUSE, Star Lab, the US National Security Agency, Xilinx, Zentific, and a number of universities and individuals.

The following new features and capabilities are available in Xen Project Hypervisor 4.8:

  • Support for Xilinx® Zynq® UltraScale+™ MPSoC: In the embedded space, as multi-chip and multi-OS systems consolidate into virtualized Systems on Chips, Xen Project software’s ability to scale down and provide partitioning with low overhead is key to these environments. Xen Project Hypervisor 4.8 comes with support for the Xilinx Zynq UltraScale+ MPSoC, making it much easier for Xilinx customers to integrate Xen into their solution.

  • ARM Architecture Updates: Xen Project 4.8 ARM DomU ACPI support is now able to build ARM64 guests with ACPI support, such as Red Hat Enterprise Linux Server for ARM Development Preview (available via Partner Early Access Program). It can also run unmodified Xen on ARM.

  • The new release supports alternative runtime patching for ARM64, a powerful technology to dynamically adapt the Xen Project hypervisor code at boot time. This enables the hypervisor to apply workarounds for erratas affecting the processor and to apply optimizations specific to a CPU.

  • Intel and x86 Feature Support: The latest version of Xen Project hypervisor adds support of Intel® Advanced Vector Extensions 512 (Intel® AVX-512), which is a natural extension to AVX and AVX2. Intel AVX-512 instructions offer higher performance for the most demanding computational tasks. They represent a significant leap to 512-bit SIMD support. This enables processing of twice the number of data elements that AVX/AVX2 can process with a single instruction and four times that of SSE.

  • This Xen Project release also comes with PVCLOCK_TSC_STABLE_BIT support, which greatly improves user space performance for time related operations. Another x86 feature is CPUID faulting emulations making it possible to make CPUID fault in HVM userspace program without hardware support.

  • PVH v2 update: PVH v2 guest (without PCI passthrough support) ABI is also now stabilized. Guest operating system developers can start porting OSes to this mode, which is simpler and gives them all the goodies that hardware and software provide.

Comments from Xen Project Users and Contributors

"The Xen Project Hypervisor is continuing to grow with new contributors, technologies and use-cases and is increasingly being used in market segments like automotive, mobile and IoT, as well as in its traditional cloud, datacenter and VDI use-cases" said James Bulpin, senior director of technology and chief architect of XenServer, Citrix Systems. "It is exciting to see such a breadth of new development come from a very dedicated and talented group of developers and engineers that make up the Xen Project community."

"Xen Project hypervisor plays an important role in both the future of embedded systems and in the next generation of cloud computing, especially as these systems increase the use of field programmable gate arrays for acceleration," said Edgar Iglesias, principal engineer at Xilinx. "Xilinx is committed to creating new programmable technology for next generation systems, and we see Xen Project and its community as being instrumental in this process. We want to congratulate the Xen Project community at large for its work with Xen Project 4.8. Its solid software development practices have delivered yet another great Xen Project hypervisor release."

“Xen is an extremely important project as part of making the deployment of ARM-based servers a reality,” said Thomas Molgaard, director of product management, Business Segment Group, ARM. “Uninterrupted server availability will be critical for computing in safety-sensitive environments such as connected vehicles. Being able to apply a critical hypervisor patch to fix an issue without affecting operations is a significant step forward.”             

Additional Resources

About Xen Project

Xen Project software is an open source virtualization platform licensed under the GPLv2 with a similar governance structure to the Linux kernel. Designed from the start for cloud computing, the Project has more than a decade of development and is being used by more than 10 million users. A project at The Linux Foundation, the Xen Project community is focused on advancing virtualization in a number of different commercial and open source applications including server virtualization, Infrastructure as a Services (IaaS), desktop virtualization, security applications, embedded and hardware appliances. It counts many industry and open source community leaders among its members including: Alibaba, Amazon Web Services, AMD, ARM, Bromium, Cavium, Citrix, Huawei, Intel, Oracle, and Rackspace. For more information about the Xen Project software and to participate, please visit XenProject.org.

###

Media Contact
Zibby Keaton
Xen Project 
208-290-4853 
zkeaton@linuxfoundation.org

Xen Project Hypervisor 4.7 Brings Non-Disruptive Patching

Latest Xen Project release delivers security enhancements for embedded and automotive use cases with support for the latest hardware features

SAN FRANCISCO, June 23, 2016 – The Xen Project, a project hosted at The Linux Foundation, today announced the release of Xen Project 4.7. The release minimizes downtime and improves the user experience with non-disruptive security patching, and includes security enhancements for embedded, automotive, IoT and new security use cases. The new release also adds support for the latest hardware features from Intel and ARM.

Xen Project Hypervisor 4.7 comes equipped with Live Patching, a technology that enables re-boot free deployment of security patches to minimize disruption and downtime during security upgrades for system administrators and DevOps practitioners. Xen Project 4.7 implements version 1 of the Hypervisor Live Patching specification, which is designed to encode the vast majority of security patches (approximately 90%) as Live Patching payloads. This version ships with a Live Patching enabled hypervisor and payload deployment tools and is available as a technology preview.

For security, embedded automotive and IoT use cases, Xen Project introduced the ability to remove core Xen Hypervisor features at compile time via KCONFIG. This ability creates a more lightweight hypervisor and eliminates extra attack surfaces that are beneficial in security-first environments, microservice architectures and environments that have heavy compliance and certification needs, like automotive.

“The Xen Project hypervisor is innovating in all areas and continues to evolve to meet the new needs of cloud computing and compute infrastructures,” said Lars Kurth, chairperson of the Xen Project advisory board. “Xen Project 4.7 is a testament to the incredible collaboration that is happening within the community, and a continuation of our shorter release cycle.”

The Xen Project powers more than 10 million users across enterprise and cloud computing in addition to embedded and mobile devices. First to market with Intel and ARM features, many of the world’s largest companies and service providers use and invest in Xen Project software. Xen Project software is used in many commercial products, including Bitdefender Hypervisor Introspection, which was developed in close collaboration with Citrix. This technology leverages Xen Project’s Virtual Machine Introspection feature to reveal malicious activity, however stealthy, which can remain invisible to traditional endpoint security.

Major contributions for this release come from AMD, ARM, Bitdefender, Bosch, Broadcom, Citrix, Fujitsu, GlobalLogic, Huawei, Intel, Linaro, Netflix, Novetta, NSA, Oracle, Red Hat, Star Lab, SUSE, Xilinx, and a number of universities and individuals. Xen Project’s functionality continues to evolve to serve new compute infrastructures such as mobile, hyper-scale computing, massive workloads, security-intensive applications, embedded computing, cloud computing, hosting providers, and hardware appliances.

The following new features and capabilities are available in Xen Project Hypervisor 4.7:

  • Usability Improvements: In Xen 4.7, a new XL command line interface to manage PVUSB devices has been introduced to manage PVUSB devices for PV guests. The new XL commands also enables hot-plugging of USB devices as well as QEMU disk backends, such as drbd, iscsi, and more in HVM guests. This new feature allows users to add and remove disk backends to virtual machines without the need to reboot the guest. In addition, the soft reset for HVM guests allows for a more graceful shutdown and restart of the HVM guest.

  • Support for a wider range of workloads and applications: The PV guest limit restriction of 512GB has been removed to allow the creation of huge PV domains in the TB range. TB sized VMs, coupled with Xen Project’s existing support for 512 vCPUs per VM, enable execution of memory and compute intensive workloads, like big data analytics workloads and in-memory databases.

  • Improved Live Migration support: CPU ID Levelling enables migration of VM’s between a larger range of non-identical hosts than previously supported.

  • Enhanced Development with ARM: Xen Project now supports booting on hosts that expose ACPI 6.0 (and later) information. The ARM Server Base Boot Requirements (SBBR) stipulate that compliant systems need to express hardware resources with ACPI; thus this support will come in useful for ARM Servers. This effort was carried out by Shannon Zhao of Linaro with minor patches from Julien Grall of ARM.

  • Additionally, PSCI 1.0 compatibility allows Xen Project software to operate on systems that expose PSCI 1.0 methods. Now, all 1.x versions of PSCI will be compatible with Xen Project software. More information on Power State Co-ordination Interface can be found here. This effort was also carried out by Julien Grall with a patch from Dirk Behme of Bosch.

  • New feature support for the Intel® Xeon® processor product family: Xen Project 4.7 supports VT-d Posted Interrupts, which provides hardware-level acceleration to increase interrupt virtualization efficiency. It reduces latency and improves user experience through performance improvements, especially for interrupt-intensive front- end workloads such as web servers.

  • Xen Project 4.7 is the first to include Code and Data Prioritization (CDP), part of the Intel® Resource Director Technology (RDT) Framework and an extension of Cache Allocation Technology (CAT), first introduced in Xen Project 4.6. The introduction of CDP allows isolation of code/data within the shared L3 cache of multi-tenant environments, reducing contention and improving performance.

    Additional features specific to the Intel Xeon processor family in Xen Project 4.7 include: VMX TSC Scaling, which allows for easier migration between machines with different CPU frequencies and support for Memory Protection Keys, a new security feature for hardening the software stack.

Comments from Xen Project Users and Contributors

“Oracle is committed to designing and delivering best-in-class cloud services to help businesses transition from traditional systems to the cloud,” said Ajay Srivastava, senior vice president, Linux and Virtualization, Oracle. “The new live patching capabilities in Xen Project Hypervisor 4.7 can help reduce downtime for private, public and hybrid cloud environments, which is of vital importance to our customers.”

“Intel is focused on enabling widespread cloud adoption and works across the industry to deliver the best architecture for the current and future needs of compute, storage, and networking,” said Susie Li, Director of Virtualization, Intel Open Source Technology Center and Xen Project Advisory Board Member. “The work the Xen Project community has achieved underpins many of the world’s largest and most successful data centers in the world, setting the standard for performance, security, and capabilities. Xen Project 4.7 is developed with the latest Intel platform features to make it easier to deploy and scale clouds, so businesses can deliver services to their customers faster and more securely.”

“Organizations continually have to readjust their security strategy to mitigate deep threats to IT systems. Bitdefender Hypervisor Introspection (HVI), which is tightly integrated with XenServer Direct Inspect API from Citrix, runs memory introspection at the hypervisor-level,” said Harish Agastya, Vice President of Enterprise Solutions at Bitdefender. “The Xen Project hypervisor provides critical virtualization and security building blocks, which enable us to partner with Citrix to create a new security layer that detects suspicious activities by working directly with raw memory – a level of insight from which malware cannot hide.”

Additional Resources

  • Xen Project Hypervisor technical blog
  • Xen Project Hypervisor version 4.7 download

About Xen Project

Xen Project software is an open source virtualization platform licensed under the GPLv2 with a similar governance structure to the Linux kernel. Designed from the start for cloud computing, the Project has more than a decade of development and is being used by more than 10 million users. A Project at The Linux Foundation, the Xen Project community is focused on advancing virtualization in a number of different commercial and open source applications including server virtualization, Infrastructure as a Services (IaaS), desktop virtualization, security applications, embedded and hardware appliances. It counts many industry and open source community leaders among its members including: Alibaba, Amazon Web Services, AMD, ARM, Bromium, Cavium, Citrix, Huawei, Intel, NetApp, Oracle, Rackspace, and Verizon Terremark. For more information about the Xen Project software and to participate, please visit XenProject.org.

###

Media Contact
Zibby Keaton
Xen Project 
208-290-4853 
zkeaton@linuxfoundation.org

Xen Project Community Hosts Annual Developers Summit in August

Open Source Hypervisor Community Descends on Toronto to Discuss, Educate and Collaborate on the future of the Xen Project Virtualization

SAN FRANCISCO, June 8, 2016 – The Xen Project, a project hosted at The Linux Foundation, today announced the program and speakers for theXen Project Developer Summit that brings together developers, integrators and power users for in-person collaboration and educational presentations. The event will take place in Toronto, Canada from August 25-26, 2016 co-located with LinuxCon North America.

The Xen Project hypervisor was built to be forward-looking and nimble like the cloud itself. It powers the new needs of computing and virtualization through a rich ecosystem of community members that focus on everything from security, embedded, and web-scale environments. The Summit is an opportunity for developers and software engineers to collaborate and discuss the latest advancements of Xen Project software. It is a neutral event focused on education and collaboration amongst those interested in Xen Project technology, virtualization and cloud computing.

“The Xen Project community is made up of an incredibly talented group of developers,” said Lars Kurth, chairperson of the Xen Project advisory board. “The Xen Project Developer Summit, is a great opportunity to learn more about how the Xen Project is growing with new computing infrastructures and how it is used in new market segments, such as the automotive industry, mobile as well as IoT.”

In addition to presentations, the Xen Project will be running a half-day hackathon alongside the Summit on the last day. Xen Project hackathons have evolved in format into a series of structured problem solving sessions that scale up to 50 people.

This flagship event features presentations on the latest developments, best practices, collaboration, product roadmap updates and future planning from developers and users who are leading the way in server density, hardware, automotive, cloud and enterprise security. The following are several confirmed speakers and presentations:

  • Christopher Clark, consultant at BAE Systems, will present on the OpenXT Project and how developers can assist in contributing to the project. OpenXT Project is a development toolkit for hardware-assisted security research and appliance integration; it stands on the shoulders of the Xen Project, OpenEmbedded Linux and XenClient XT.
  • Mihai Dontu, technical project manager at Bitdefender, will present on the technical hurdles he and his team had to overcome when building a commercial product on the introspection capabilities of the Xen Project hypervisor. This presentation is meant to provide guidelines to anyone interested in building a professional security product utilizing the latest Xen Project features.
  • George Dunlap, senior engineer at Citrix, will provide an overview on how developers can improve the code review process for maintainers before they review a patch.
  • Julien Grall, software virtualization engineer at ARM, will cover how to understand how page table should be compliant with the ARM specifications; he will also give an overview of how Xen ARM is handling page table.
  • Weidong Han, architect of virtualization at Huawei, will discuss his team’s analysis on Xen Project core scalability features and functions.
  • Jun Nakajima, senior principal engineer at Intel, will highlight what it takes to build HPC Cloud based on Xen Project software.
  • Konrad Wilk, software development manager at Oracle, will provide an overview about bringing hot-patching to the Xen Project hypervisor. This new feature will allow system administrators to update the hypervisor without the need to reboot.

To view the full schedule, please head here: http://events.linuxfoundation.org/events/xen-project-developer-summit/program/schedule

Citrix is a Diamond sponsor for the event, and Huawei and Intel are both Platinum sponsor. If you are interested in sponsoring, please contact Kara Foley, kfoley@linuxfoundation.org. In addition, follow updates on the event via Xen Project’s Twitter, Google+ or Facebook page. Hashtag for the event is #xendevsummit.

About Xen Project

Xen Project software is an open source virtualization platform licensed under the GPLv2 with a similar governance structure to the Linux kernel. Designed from the start for cloud computing, the Project has more than a decade of development and is being used by more than 10 million users. A Project at The Linux Foundation, the Xen Project community is focused on advancing virtualization in a number of different commercial and open source applications including server virtualization, Infrastructure as a Services (IaaS), desktop virtualization, security applications, embedded and hardware appliances. It counts many industry and open source community leaders among its members including: Alibaba, Amazon Web Services, AMD, ARM, Bromium, Cavium, Citrix, Huawei, Intel, NetApp, Oracle, Rackspace, and Verizon Terremark. For more information about the Xen Project software and to participate, please visit XenProject.org.

###

Media Contact
Zibby Keaton
Xen Project 
208-290-4853 
zkeaton@linuxfoundation.org