Xen 2.0 Virtual Machine Monitor Released

An anonymous reader writes "The Xen team are pleased to announce the release of Xen 2.0, the open-source Virtual Machine Monitor. Xen enables you to run multiple operating systems images concurrently on the same hardware, securely partitioning the resources of the machine between them. Xen uses a technique called 'para-virtualization' to achieve very low performance overhead -- typically just a few percent relative to native. This new release provides kernel support for Linux 2.4.27/2.6.9 and NetBSD, with FreeBSD and Plan9 to follow in the next few weeks. Xen 2.0 runs on almost the entire set of modern x86 hardware supported by Linux, and is easy to 'drop-in' to an existing Linux installation. The new release has a lot more flexibility in how guest OS virtual I/O devices are configured. For example, you can configure arbitrary firewalling, bridging and routing of guest virtual network interfaces, and use copy-on-write LVM volumes or loopback files for storing guest OS disk images. Another new feature is 'live migration', which allows running OS images to be moved between nodes in a cluster without having to stop them. Visit the Xen homepage for downloads and documentation."

Xen 2.0 Koan

[gowen]

What is the sound of one hand crashing?

Alas, no Windows...

[October_30th]

A port of Windows XP was developed for an earlier version of Xen, but is not available for release due to licensce restrictions

Sigh... how hard would it be to get a license and distribute it as a binary-only module to people like me who'd be willing to pay for it? I'm sure it'd still be less expensive than the existing alternatives.

Otherwise this looks very nice. In fact, I didn't know that there was such a mature free virtual machine available.

Re:Alas, no Windows...

[Frasier]

Sigh... how hard would it be to get a license and distribute it as a binary-only module to people like me who'd be willing to pay for it?

Microsoft has their own virtual server product. They propably do not want competition, especially something that allows one to run Windows XP and Linux on the same machine at the same time.

I would personally love to have access to a Windows system without having to dedicate entire machine for it. But Microsoft has not, is not, and propably will not show any signs of willingness to cooperate with non-Microsoft systems.

Re:Alas, no Windows...

[bairy]

MS's virtual server allows linux distro's. See my other comment here

Re:Alas, no Windows...

[petaflop]

Which is very interesting, given that that project is sponsered by the EPSRC (Engineering and physical sciences research council) and Microsoft UK. See page 11 of the White paper for details.

Re:Alas, no Windows...

[julesh]

How about if hardware manufactures started putting this into the bios and calling it a new platform that just so happens to be nearly identical to and backwards compatible with x86. Would Microsoft have to start supporting it then?

If a major hardware manufacturer were to release and sell significant numbers of a PC that windows wouldn't run on, MS would do what they used to do back in the Windows 2/3 days -- release a special OEM version that will work (see e.g. RM Nimbus 186s).

Of course no hardware manufacturer is likely to be able to sell significant numbers of a PC that won't run windows. Catch-22.

Re:Alas, no Windows...

[julesh]

VMware developers must have bought a license, so what's the problem here?

VMware runs an unmodified version of Windows by presenting a virtual machine that is practically indistinguishable from a real PC. Therefore they don't need a license.

Re:Alas, no Windows...

[ColdGrits]

VirtualPC runs Linux like crap. The sound doesn't work and is less than stable.

Sounds like the emulation is pretty accurate then! ;-)

(Oh c'mon, lighten up, it's a joke...)

Obligotory.

Oh man, can you imagine the overhead on a virtual beowulf cluster using this?

That's cool...

[grub]

So from a Linux or Plan9 VM I can watch the BSD VMs die in realtime!

disclaimer: I love OpenBSD

64 bit?

[gr8_phk]

Does it work with AMD64? How about with one 64 and one 32 bit OS? The FAQ just says "x86".

Re:64 bit?

[Orgazmus]

AMD64 is x86-64, and yes it is x86-compatible.
It should work

Re:64 bit?

[julesh]

From the manual:

A port specifically for x86/64 is in progress, although Xen already runs on such systems in 32-bit legacy mode

Re:64 bit?

[isolationism]

Being an Athlon 64 Socket 939 owner I tried to do just that -- unfortunately it didn't compile cleanly "out of the box" (at least, for me) just yet, it errors out on compiling file_stream.o because of something to do with libxutil.so.

You could probably compile it fine in a 32-bit chroot or something, but I'll leave that to someone else to try. I'm happy to wait for release 2.x for full AMD64 support.

Of course, don't let me stop you from trying. Anyone who does get it to compile, let us know what you did ...

It's not really useful if...

[spidergoat2]

It can't run AmigaDOS.

Re:It's not really useful if...

[Zorilla]

Yeah, I agree. These guys missed a huge user base by completely missing the point of running virtual machines. It looks like I'm still stuck in the mud until someone develops a solution to get all my TRS-80 apps working again.

(Note to mods: take a joke)

Re:It's not really useful if...

[Zorilla]

Wow. The reference to the TRS-80 wasn't enough. The line that said it was a joke (to avoid thoughtless troll or offtopic mods) wasn't enough. It looks like whenever I am joking on Slashdot, I need to put the following line at the bottom:

THIS IS A JOKE, DO NOT TAKE IT SERIOUSLY - THIS IS A JOKE, DO NOT TAKE IT SERIOUSLY - THIS IS A JOKE, DO NOT TAKE IT SERIOUSLY - THIS IS A JOKE, DO NOT TAKE IT SERIOUSLY

Since we all love screenshots...

[Zemplar]

Direct link: http://www.cl.cam.ac.uk/Research/SRG/netos/xen/scr eenshots/index.html

Re:And the point of this application is..

[grub]

Let's assume you're an ISP and have a few big machines on the racks. Your customers don't want or need that much horsepower but want their webserver (which you maintain) to run under Linux, or NetBSD, or FreeBSD, or whatever.. You can do it.

Let's assume you're a developer and want to test your code under various OSs, now you can do it on the same box in realtime (read: no reboots)

The list goes on and on, it's a great technology.

Great for free "UX's" but not for Win32

[slashnik]

from http://www.cl.cam.ac.uk/Research/SRG/netos/xen/faq .html

1.3 Which OSes run on Xen?
To achieve such high performance, Xen requires that OSes are ported to run on it. So far we have stable ports of Linux 2.4, Linux 2.6, and NetBSD. Ports of FreeBSD and Plan 9 are nearing completion.

Not as cool.

From the FAQ, it states that you can only run OS's ported to it. While this might be great for cluster testing, or software design, this is defintely no VMware replacement. I am slightly disappointed in this, but I can see where it has its place.

Re:Not as cool.

[frenetic3]

No, no... This is HUGE for virtual hosting/virtual private server providers (i.e. web hosting providers that provide you with a virtual machine on which you're root, not some locked down /home directory with a million other people.) VPS'es allow you to run whatever distro you want, be root, run whatever PHP/Python/MySQL versions you need, etc. Basically (IMO) the control and flexibility of a dedicated server without the nightmare of having to replace faulty hardware or dealing with random outages. I have one for the company I run (until it gets too large for a VPS).

Hosting providers have used UML (and maybe VMware) for this but it's comparatively too slow. Virtuozzo does this (and is successful, and charges a fair amount of $ for it), so they must be shitting bricks right now.

-fren

Re:And the point of this application is..

Actually, a couple ISPs and datacenters are already working on using Xen for this exact purpose.

http://xen.terrabox.com will be back online in the next 72 hours. You can find a wiki about xen there. One page is available for listing of any companies that offer Xen based virtual servers. So far the customers that i have setup under Xen have been quite impresed with the speed and stability as compared to the traditional virtualized and meta-virtualied linux vhost setups. :)

This is a VM platform, not a VMWare competitor

[ites]

Big difference. VMWare is about virtualising a foreign OS. Since VMWare abstracts at the BIOS and hardware level it can run almost all OSes the CPU will support but it takes a large performance hit.

Xen is a VM platform, i.e. it lets you set up multiple virtual machines that run with very little extra overhead. A lot like User Mode Linux, except easier to configure and install.

Here's a typical use case: you want to make a network "security box" that includes firewall, proxy, web server, email, wiki, irc. Now, conventionally you put all these services in the same Linux system (or whatever OS you use). Using Xen you run all of the services in their own virtual machine, so that if the firewall gets compromised, for instance, an attacker cannot get access to other parts of your system.

It's a very useful tool.

Oh, another use case I just thought of too: how about a 'hidden' Linux OS on your Windows box that does all your email, browsing, and other Internet work that you want to keep secure. Click the icon, up pops Mozilla, except it's running in a different virtual OS.

Yup, definitely very useful.

Re:This is a VM platform, not a VMWare competitor

[gtrubetskoy]

Here's a typical use case: you want to make a network "security box" that includes firewall, proxy, web server, email, wiki, irc.

My preference for this would be Linux VServer or jails on BSD which have practically no overhead. Xen would only be useful if the requirement is to run different OS's on the same machine.

Re:This is a VM platform, not a VMWare competitor

[Anthony+Liguori]

VMWare is about virtualising a foreign OS. Since VMWare abstracts at the BIOS and hardware level it can run almost all OSes the CPU will support but it takes a large performance hit. Hehe.. The VMWare marketing guys have gotten you pretty good. What your describing is something called full virtualization. It's what IBM does in PowerPC (with something like the OpenPower platform) and with hardware support can be pretty darn fast. The IA-32 architecture is not capable of full virtualization. If you don't believe me, just read any of the dozens of papers written on the topic. Memory poses a problem (albiet one that's overcomable) but the thing that makes it impossible is the behavior of three instructions. Virtualization's really a simple concept. You run an OS at a lower priviledge than it expects and the priviledged instructions will throw exceptions that can be caught and emulated. Certain instructions on IA-32 silently fail when executed outside of ring 0 making it impossible to emulate those instructions. What tools like VMWare do is run through the executable and change those instructions to illegal instructions or do dynamic rewriting of the executable. That's right, they have to dynamically rewrite the executable. Have you ever wondered why VMWare asks you what OS it will be running? Because it has a big set of tables of where instructions need to be rewritten. Have you ever tried to run a checked build of Windows in VMWare or better yet a newer version of Windows that just isn't supported? It fails miserably. The difference between VMWare and Xen is that Xen accepts the difficulties and then decides that if we're already going to change the OS, let's just make a few more changes to improve performance. Adding VMWare-style virtualization support to Xen wouldn't be that difficult if you have the tables and such that VMWare had. Remember too, VMWare requires OS-drivers to be installed.. there's a reason for that.

Re:This is a VM platform, not a VMWare competitor

[TimMann]

You're largely (though not entirely) mistaken about how VMware virtual machines work. User code runs in direct execution up to where it tries to make a system call or takes a page fault (etc.) and traps into privileged code. Privileged code is *dynamically* translated at runtime; we don't have big tables that tell us exactly where all the instructions in each supported operating system need to be patched. That would be totally impractical.

We ask what guest OS you're running because we have certain OS-specific optimizations, things that help one OS a lot while hurting others. Most OSes will run fine (though more slowly) on the "other" OS setting. A small number need specific workarounds that are enabled only if you select the right OS setting.

Checked Windows builds work fine AFIAK. If you have one that doesn't work, file a bug report. New OS versions usually work without VMware changes, though not always. Sometimes they'll exercise a system feature that is slow until we optimize it more in the next release, or sometimes their drivers will try to use a device in a new way that our emulation of it doesn't yet support.

We do supply some device drivers for guest OSes, not to work around any shortcomings in our CPU virtualization, but because for performance reasons some of the virtual hardware we implement is not the same as any real hardware that the guest has its own drivers for. The only such devices are the virtual display card (which works as a standard VESA device even if you don't install our driver, albeit slowly), one of the two virtual ethernet cards we support (the other is a standard though elderly AMD card), and one of the two pointing devices (the other is a standard PS/2 mouse). Hmm, I think we also supply some SCSI drivers, but only because some guest OSes don't have good drivers for either of the two standard SCSI cards we emulate (one from BusLogic and one from LSI Logic).

As you can guess from the above, I work for VMware -- in engineering if that makes me more believable to you, although I haven't encountered our marketing folks lying. Standard disclaimer: I'm speaking only for myself here, not officially for VMware.

Re:This is a VM platform, not a VMWare competitor

[Sir_Ahzz]

Or if you wanted to run different distros. Or if you wanted to isolate virtual server kernels from each other since it HAS been known to have a kernel flaw that let a jail/vserver into the other vservers. From a security standpoint, I wouldn't sell virtual servers like vserver. It's just asking to get your ass handed to you by a hacker in my experience. 8-P With xen, even if you get a root comprimise, or a kernel comprimise, the individual domains are isolated from each other in such a way as to prevent one from interfering with another.

Re:versus UML?

UML has MASSIVE context switching overhead.
UML runs insidethe host OS and thus is a security risk.
UML doesn't access hardware via native drivers (PCI hardware that is).
UML is DOG slow compared to xen domains for IO.

I could go on. UML is/was a good solution, but if you wanted a BSD, plan9, or other OS trunnign on the same hardware as linux, forget it.

Under Xen, you can run 1 domain that uses hda, hdb, and the USB stuff directly, a second accesses a second IDE set at hde and hdf and a second PCI video card.

Remembers, xen isn't about just launchign another OS, it's about splitting up the hardware in a secure fashion. :)

Absolutely cool tech!

[a_hofmann]

GPLed virtualization software that according to the benchmarks achieves performance unseen in current approaches - sounds like a dream come true.

It would be astonishing if those benchmark numbers hold true in a production environment, which might well be as the selected benchmarks (SPECint, Postgres, Apache, ..) should give a fair picture of the overall performance hit for the virtualized systems.

Being able to partition your OS without serious performance implication would open a whole lot of new possibilities for developers that previously where only possible with huge investments in high-end hardware and expensive virtualization software licenses.

I've already decided: My price for the most useful opensourced application in 2004 goes to..... Xen :)

Re:Absolutely cool tech!

I don't have a page you can visit but in practice I was able to run 2x as many virtual hosts under xen than I could with the same hardware under UMLs at even faster speeds. I just ran out of physical memory on the athlon machines is all. :)

So yeah, the benchmarks really are very close to real world results from my personal experience.

Re:MS have one of these

[LilMikey]

Yes, yes... MS bought out Virtual PC. That was a sad day. There's also VMWare and Virtuozzo if you're looking for any way to "run" 2 OSes at once. I'd have to say that VMWare and VirtualPC are in a class seperate from Xen if for no other reason than performance.

Xen is designed to run the client operating system as peers. No single vm can steal the whole machine away from the others and the performance overhead of the virtulization is almost nothing as indicated here. No Virtual PC in that graph but in my experience VMWare performs slightly better than Virtual PC and my observations are supported by these guys. VMWare and VirtualPC run the OS as just another processes in the real OS. Something terrible happens to the host OS and the VPC/VM slows to a crawl. Something major happens in the virtual OS and the host slows to a crawl. They're more emulation that virtualization.

Re:Plan 9....?

[Hatta]

Plan 9 from outer space??

Not quite. Plan 9 from Bell Labs.

Re:It's not enough

[RLiegh]

For fucks sake! If you're going to pay for Windows 98 you might as well also pay for VMWare.

On the other hand if you're going to pirate Windows 98 you may as well also pirate VMWare.

VMware is hundreds, read that again: hundreds of dollars; windows 98....isn't.

Also, the version which I'm using is an upgrade version I have which came with a used laptop I paid $50 for a couple years back. When it asks for the windows disks I'm upgrading from, I throw in the windows 3.1 disks I've had sitting around since 94.

As far as vmware goes. vmware will not switch to fullscreen mode because of weirdness with DGA under X which I could not fix even after spending a fair amount of time googling for it; that alone puts it in the not-for-thirty dollars camp, and definately not for hundreds of $$$.

Steal or Deal?

[ringe82]

Most people with a little knowledge of history would say so, but I think we've got to realize Microsoft finally seems to know there's a time to steal and a time to deal.

Work on Xen has been supported by UK EPSRC grant GR/S01894, Intel Research, HP Labs and Microsoft Research.

Re:Steal or Deal?

[Frasier]

Microsoft Research operates fairly independently and it's focus is in research, not product development. They publish papers and their projects are reasonably open but that openness has mostly not carried over to Microsoft itself.

QEMU

[nns6561]

QEMU is a similar open source project. It's supposed to run unmodified versions of Windows even. Does anybody know what QEMU's lastest performance numbers are?

Re:QEMU

[dmaxwell]

Win98 is barely usable on a 2.4 Ghz PIV. It is good for running proprietary groupware clients and the like. The next version will have decent SB16 support and some small performance increases.

Re:QEMU

[Abcd1234]

Actually, it's really that similar at all. Xen is a virtualization architecture that allows you to run "ported" OSs concurrently. QEMU is a full x86 hardware emulator, CPU and all, meaning that the OS thinks it's running on real hardware. VMWare, which is in yet another class, virtualizes the x86 CPU, along with trapping and executing "leaky" instructions (since Intel can't seem to make a real, virtualizable ISA), meaning the majority of the guest software instructions are executed on the underlying CPU, but the rest of the architecture is emulated, just like in QEMU. Note, this requires VMWare to run on real x86 hardware, though, whereas QEMU can run basically anywhere, and Xen could, in theory, run any OS that was ported to the underlying hardware architecture.

Re:QEMU

[oldmanmtn]

Performance numbers? No. Performance perception: unusably slow.

I was able to install a recent build of Solaris 10 on it without a hitch, so the functionality seems to be very solid. However, the installation took almost 6 hours, or about 10 times longer than a native installation. Since installation is all about I/O, this doesn't bode well for actually running the OS when the CPU performance will be much more important.

As for your suggestion that QEMU is similar to Xen: no, it's not. QEMU emulates the entire machine - including the CPU. This leads to the hideous performance I described. Xen doesn't emulate the CPU - the real CPU executes the instructions. I haven't used Xen yet, but this should allow it to run at near-native performance.

Re:Virtualisation features?

[laudney]

Google for "Intel Vanderpool".

coLinux (Cooperative Linux)

[thefon]

I use http://www.colinux.org/ to run linux inside windows 2000/XP. It is free and a lot faster than vmware. You can even download a debian image for a quickstart.

Xen vs. User Mode Linux

[arete]

I'm looking to do exactly what User Mode Linux claims to be for, but it seems like Xen does it too. Which is more reliable? Faster? Easier to install?

Basically I want just slightly more functionality than a chroot jail - I want to be able to run a service on a virtual filesystem (ie, a filesystem that exists as a file) with an linux OS version that may vary from the host OS (ie, I can upgrade one service without having to do them all at the same time) I want a compromise of one service to have minimum security implications for the others. And I want to be able to move a service/virtualmachine from one physical machine to another with a minimum of hassle.

Thanks in advance!