Slashdot Mirror

← Back to Stories (view on slashdot.org)

IBM Pledges To Make Xen More Secure

Posted by Hemos on from the getting-news-for-development dept.

An anonymous reader writes "In the latest posting on the Xen developer list, IBM pledges to make Xen more secure by porting its secure hypervisor (sHype) architecture to it. In their posting, IBM discusses an SELinux like access control frame work, resource control and monitoring and trusted computing support for Xen. It appears that a lot is happening on the Xen front (for example, the announcement of XenSource Inc. and Intel's code drop in the xeno-unstable.bk tree for their super secret VT CPU)."

134 comments

  1. Did anyone else... by Lostie · · Score: 4, Funny

    ... think of Half-Life when reading the headline?

    1. Re:Did anyone else... by Anonymous Coward · · Score: 0

      Yep. I figured IBM had ways to defend against crowbar-wielding scientists in garish orange armor.

    2. Re:Did anyone else... by djb6 · · Score: 0

      IBM hire Gordan Freeman to install IBM Linux servers on alien planets :)

    3. Re:Did anyone else... by Aeonite · · Score: 2, Funny

      Yes. I'm thinking Xen is already as secure as it's going to be thanks to the efforts of one Gordon Freeman.

      Eat that, Combine.

    4. Re:Did anyone else... by JohnGrahamCumming · · Score: 1

      No, I thought it was referring to the computer that ran the Liberator on Blake's 7. Then a little geek voice in my head said that that computer was Zen not Xen.

      John.

    5. Re:Did anyone else... by ptomblin · · Score: 1

      Yup. And somebody already made the Gordon Freeman joke I was going to make.

      So, was that airboat I'm using in Half-Life 2 an IBM product?

      --
      The next Cmdr Taco duplicate will be ready soon, but subscribers can beat the rush and see it early!
    6. Re:Did anyone else... by Dougie+Cool · · Score: 0

      I did too. I was sort of hoping they'd stabilised the resonance cascade and changed history, but no, I have to keep playing.

      --
      ~~Every few years or so I'm accidentally fashionable!
    7. Re:Did anyone else... by Anonymous Coward · · Score: 0

      Good thing IBM has Gordon Freeman working for them.

  2. Slashdot pledes to use spellcheck more often by Beatbyte · · Score: 1, Funny

    I could only hope that will be the next posted story.

    --
    Get paid to code OSS
  3. Come on! by Anonymous Coward · · Score: 0, Offtopic

    More about the typo!
    I know you can post more about it!

    1. Re:Come on! by Anonymous Coward · · Score: 0


      Of course we can.

      It wasn't a typo, it was a homophonic spelling mistake.

  4. Right, he meant IBM PLEADS... by Glasswire · · Score: 1

    ...I bet you thought he meant pledges....

    1. Re:Right, he meant IBM PLEADS... by stratjakt · · Score: 1

      No shit, IBM ain't doing the work. It's done for free by the OSS dopes.

      They aren't, and have never been, in the business of improving stuff.

      --
      I don't need no instructions to know how to rock!!!!
  5. I'm lazy, refuse to RTFA by LowneWulf · · Score: 5, Insightful

    .... seriously people, when describing some new feature of some obscure software package, can you PLEASE tell us WHAT IS IS!?!??!one!!?

    "And now, Fronzo v2.1.e, now 21% more secure!"

    1. Re:I'm lazy, refuse to RTFA by inox · · Score: 5, Informative

      xen is certainly not an obscure software package.
      read more at http://www.cl.cam.ac.uk/Research/SRG/netos/xen/

      its a virtual machine monitor that allows you to run concurrently multiple OS on the same machine, achieving the same kind of functionnality than vmware, although the approaches are different

    2. Re:I'm lazy, refuse to RTFA by Meostro · · Score: 1
      its a virtual machine monitor that allows you to run concurrently multiple OS on the same machine, achieving the same kind of functionnality than vmware, although the approaches are different
      And that's not obscure?
    3. Re:I'm lazy, refuse to RTFA by erlenic · · Score: 1

      Sounds pretty obscure to me. How many people (slashdot readers, at least) seriously have a need for this?

    4. Re:I'm lazy, refuse to RTFA by Skasta · · Score: 2, Informative

      Slashdot users may not need this, but it is usefull for businesses of all sizes. That is why most corporations like IBM, HP, Intel and Novell are starting to have employees work on Xen.

    5. Re:I'm lazy, refuse to RTFA by neoform · · Score: 1

      Why do so many vendors go on about how they take security seriously and are striving to make their product more secure..?

      I for one hope and assume this of ALL vendors.. so why tell me that? go out and make it secure, this should be a standard practice and not a feature. "NEW AND IMPROVED! OUR SYSTEM DOESN'T CRASH AND HACKERS CAN'T GET IN AS EASILY!! BUY NOW!"..

      --
      MABASPLOOM!
    6. Re:I'm lazy, refuse to RTFA by Anonymous Coward · · Score: 0

      Why do so many vendors go on about how they take security seriously and are striving to make their product more secure..?

      It's not *their* product. It's open source. They're pledging resources to an open source app.

    7. Re:I'm lazy, refuse to RTFA by erlenic · · Score: 1
      I realize that many companies have a legitimate need for this. My point though was that LowneWulf was right to call this obscure. The target audience or this post is not businesses of all sizes, it's slashdot readers.

      I could see this being very useful at my company, and if we used it I'd be the one to implement it. Still, I hadn't heard of it either, and I've been looking. So even the people it's intended for haven't heard of it. I'd say that qualifies it as obscure (although I'd like to see that change.)

    8. Re:I'm lazy, refuse to RTFA by justsomebody · · Score: 1, Insightful

      And that's not obscure?

      No. Not even close. Having running few different virtual systems can make your system much more secure. The only problem was that running virtual servers was real CPU hog. That's why Xen uses paravirtual approach. Difference between virtual and paravirtual is that virtual is translating operations, while paravirtual enables direct access. One problem in paravirtual access is that OS running in it must be modified (so,... no Windows and no OSX here)

      You can solve all problems which were before with chroot and more. Run another OS in Xen and mail server on it. Imagine that you got hacked. Hacker is still a long way from the same effect as if it would be if service was running in the same OS instance. Basically you can achieve DMZ on one machine. And if you set internal firewalls right you hit jackpot as admin. And here comes the beauty of paravirtual approach. You don't suffer much if you run system inside system.

      Typical user doesn't need few systems running, I agree. Server should.

      btw. Anybody asking questions like you would probably think that SELinux is obscure too. Why having system file flags, ACLs and SELinux templates (why 3 but 1 sole purpose of it? Well, maybe because they aren't serving the same purpose).

      --
      Signature Pro version 1.13.2-3 release 83.5 beta3try7 after-breakfast edition
    9. Re:I'm lazy, refuse to RTFA by Anonymous Coward · · Score: 1, Interesting

      I'm team lead for Unix/Linux for a division of a Fortune 300 and we're deploying Xen all over the place. I'd say it's not obscure at all. My objective is to collapse a couple hundres RH installations onto a handfull of boxes. We don't need a z800 but we also don't need 100+'s of discrete hardware systems either.

      With IBM, Novell, etc. getting on board, and with containers in Solaris 10 being deployed more, the VM architecture is going to be huge very soon - no matter who's implmentation.

    10. Re:I'm lazy, refuse to RTFA by Meostro · · Score: 2

      I repeat: "And that's not obscure?"

      useful != not obscure

      Please consult the definition of obscure to understand my intent. #3 is the best fit for what i'm trying to convey, "relatively unknown" versus "useless" or anything similar.

      I have no doubt that it's useful to somebody (otherwise IBM et al would have no interest in it), but that doesn't make it any less obscure. Most organizations will throw another box on the line instead of parallelizing / virtualizing the OS, it's just Easier(TM). It might be more secure to set up different VMs, but that's probably trickier than setting up another box and slapping a firewall in between. Also, if an org is running several apps on a single box they should already understand the security implications of doing so, and that's their choice to make.

      Just for curiosity's sake, what separate purposes do system file flags, ACLs and SELinux templates serve? Never worked with it, have no idea what they are beyond the generic sense...

      Easier is a registered trademark meaning "how we've done it forever, and we're not going to change because change is bad".

    11. Re:I'm lazy, refuse to RTFA by larien · · Score: 1
      Reminds me of washing powder adverts; "New improved Ariel gets clothes even whiter!". We got this for about 10 years and you're wondering about the old Ariel from 10 years ago. What was it, "get some stains out, some of the time"?

      Extend that to Windows which has become "faster and more secure" with each iteration; by inference, Windows NT 3.x was klunky, slow and a collander of security holes. Admittedly, that's not far from the truth, but I doubt it was ever advertised that way.

    12. Re:I'm lazy, refuse to RTFA by arjun · · Score: 1

      today's fortune just about gets it: ... Logically incoherent, semantically incomprehensible, and legally ... impeccable!

      2 out of 3 ain't bad.

    13. Re:I'm lazy, refuse to RTFA by jdh28 · · Score: 1

      Do you really mean:

      useful != (!obscure)
      which simplifies to
      useful = obscure

      or do you actually mean

      !(useful => !obscure)

      ?

    14. Re:I'm lazy, refuse to RTFA by Anonymous Coward · · Score: 0

      > xen is certainly not an obscure software package.

      Indeed. If you're in the area of Operating Systems research, Xen isn't obscure. The original paper was published at SOSP.

    15. Re:I'm lazy, refuse to RTFA by greenhide · · Score: 1
      He wrote
      useful != not obscure
      ,not
      useful != (!obscure)
      , so you can't exactly cancel out the initial !. Instead, consider "not obscure" as an entire entity:
      "useful" != "not obscure"
      --
      Karma: Chevy Kavalierma.
    16. Re:I'm lazy, refuse to RTFA by IHateSlashDot · · Score: 1
      Xen is exceptionally obscure. Sorry to burst your bubble.

      I also don't understand why people continue to compair Zen to VMWare. Not only are the approaches different, so is the functionality. I guess the fact that both products use the term 'virtual' confuses people.

    17. Re:I'm lazy, refuse to RTFA by Meostro · · Score: 1

      What I really mean in place of = is the twidly little symbol for correlation (like U for union or U umop-apisdn for intersection), but I don't know it and I don't know how to put said symbol into a format slashcode will understand and/or pass through.

      Plain inglitsch:
      Usefulness and obscurity are in no way related.

    18. Re:I'm lazy, refuse to RTFA by caluml · · Score: 1
      Extend that to Windows which has become "faster and more secure" with each iteration;

      Can you imagine the adverts for Longhorn?
      Wndows Longhorn: Not as good as the next one

      --
      Get your own free personal location tracker
    19. Re:I'm lazy, refuse to RTFA by PSC · · Score: 2, Informative

      its a virtual machine monitor that allows you to run concurrently multiple OS on the same machine, achieving the same kind of functionnality than vmware, although the approaches are different

      XEN, while unlike the VMware Workstation and GSX Server versions, works pretty similar to VMware ESX Server. It is kind of like a micro kernel providing a hardware abstraction layer and scheduling mechanism. The first guest image booted controls the abstraction layer, pretty much like XEN.

      Well, the pricing approach of XEN is fundamentally different, though.

      --
      --- The light at the end of the tunnel is probably a burning truck.
    20. Re:I'm lazy, refuse to RTFA by jdh28 · · Score: 1

      I think you want "not implies", hence my '=>'

    21. Re:I'm lazy, refuse to RTFA by Anonymous Coward · · Score: 0

      Typing Xen into the Slashdot search box shows five stories related to it(including this one). Searching for "Xen virtualization" on google returns over 8,000 results(almost all look relevent). There have been articles mentioning it in at least a dozen different forums(including Computerworld, Linux Magazine, and ACM Queue). It is being looked at and/or supported by Intel, AMD, HP, and now IBM(not to mention the Linux distributions). Sorry to burst your bubble, but Xen is hardly "exceptionally obscure".

    22. Re:I'm lazy, refuse to RTFA by asdfghjklqwertyuiop · · Score: 1

      Sounds pretty obscure to me. How many people (slashdot readers, at least) seriously have a need for this?


      Well if you run a server of any kind virtualization is useful to you. I run a server for some of my own stuff (email, web, etc). It is a UML virtual machine (same concept as this Xen stuff) and it is the only virtual machine running on that physical hardware.

      What's the point of running only one server in a VM?

      Well, I can get consistent image-level backups of the system without shutting the system down. These backups are fully portable too...

      I take a backup of my system and move it to any other host (regardless of hardware) and have it run perfectly with zero changes to the VM. It is just a matter of moving a tarball from one host to another and starting the VM back up on the new host. That makes hardware changes very simple.

      I can take a snapshot of the filesystems from the physical host and scan the VM for intrusions and unauthorized changes in a way that can't be hidden by intruders.

      I once had to move my server accross town. I had a physical server set up in the new place ahead of time. To move the production VM, I shut it down, wrote the VM to a tape, took the tape with me over to the new place and untarred my virtual server onto the new system. No chance of breaking hardware during the move, screwing around with cables, etc. Didn't have to worry about stuff being down while new hardware was connected & tested.

    23. Re:I'm lazy, refuse to RTFA by Anonymous Coward · · Score: 0
      I think he meant
      jdh28 \elem Pedants

      in LaTeX.
    24. Re:I'm lazy, refuse to RTFA by HolyCoitus · · Score: 1

      Slashdot has mentioned Xen 3 times in as many months. Magazines about Linux have been publishing information about Xen since it is a major project stirring a lot of interest in a lot of people. It's not obscure because you haven't heard of it. That just means that it's not a userland tool.

      --
      That's scary.
  6. Less jumping puzzles please! by Anonymous Coward · · Score: 1, Funny

    And also close up those portals, we don't want any alien invasions.

    1. Re:Less jumping puzzles please! by Anonymous Coward · · Score: 0

      Try Half Life 2. I'm only a few hours into it, and "teeter totter puzzles" are evidently this year's jumping puzzles.

  7. Question by af_robot · · Score: 2, Insightful

    What is XEN?!

    1. Re:Question by BlackStar · · Score: 2, Funny

      One cannot simply hear the answer, for the answer is inside you waiting for you to quiet your mind so that it may rise to the surface. To achieve this, meditate upon the forgotten reference that was and is a part of the unseen aspect of the article. Meditate upon the vista of this.

    2. Re:Question by Hal_Porter · · Score: 1

      Xen is the untrained mind asking "What is Xen"

      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
    3. Re:Question by ckaminski · · Score: 1

      I fucking hate infinite loops... ;-)

  8. What this all means by Anthony+Liguori · · Score: 5, Informative

    Xen is an open source hypervisor for intel hardware. A hypervisor allows multiple operating systems to run side-by-side simultanously. Don't think VMware, think partitioning on a mainframe.

    Intel's VT technology is hardware support for partitioning. Google it.

    sHype is a research hypervisor at IBM that implements advanced security mechanisms much in the same way that SELinux does.

    So, think mainframe style partitioning with the security of SELinux.

    1. Re:What this all means by Anonymous Coward · · Score: 1, Informative

      Or if you are going to think VMWare, think VMWare ESX server edition...

      Xen can do CPU bounding on its guest OSes making sure they only use a fixed amount of CPU cycles. This ability differentates it from User-Mode-Linux and other kernel-as-process type virtualizations.

    2. Re:What this all means by SunFan · · Score: 1

      think partitioning on a mainframe.

      Now thousands of Linux geeks will install this on their $299 PC and think "Holy shit, I have a mainframe in my house! I need to put this on my resume!"

      --
      -- Microsoft is the most expensive commodity operating system and office suite vendor in the marketplace.
    3. Re:What this all means by Chaostrophy · · Score: 1

      Why not use http://www.conmicro.cx/hercules/ to get a real 370/s390/z type box on your Linux machine? From mainframe like to mainframe.

      And then there is FLEX-ES if you want support, and that can even use pci-to-channel cards to support real mainframe devices.

      --
      Plato seems wrong to me today
    4. Re:What this all means by mrpull · · Score: 1

      Holy Cow!
      The Hercules IBM Mainframe emulator is maintained by none other than TRON GUY .
      That guy is a stud.
      mr.

    5. Re:What this all means by greenhide · · Score: 1

      In case you were worried by the .cx extension; don't fear -- this is a real page, not some nasty image that will burn your eyes out.

      Unless, of course, you are really grossed out by an old man in a TRON suit.

      --
      Karma: Chevy Kavalierma.
    6. Re:What this all means by ckaminski · · Score: 1

      So XENbios wouldn't be out of the question? :-)

  9. Doesn't run Windows by cerberusss · · Score: 2, Interesting
    I wish it would run Windows, but it doesn't. That would mean a cheap alternative to VMWare and would also mean a much higher usage (and thus testing).

    They give a reason:

    Longer term, virtualisation features in next-generation CPUs should make it much easier to support unmodified OSes: at that time we will reconsider Windows support.
    Although I understand, I'm unsure why VMWare and Bochs can run Windows and Xen can't...
    --
    8 of 13 people found this answer helpful. Did you?
    1. Re:Doesn't run Windows by keebler · · Score: 5, Informative

      It's because Xen requires modifications to the OS in order to function. An earlier version supported XP (sorta), but it hasn't been maintained.

      VMWare doesn't require OS modifications because it virtualizes the entire machine (slow). Xen does, because it only fully virtualizes some resources, and forces the OS to go through the hypervisor (not as slow).

      --
      My HOUSEHOLD APPLIANCE is on DRUGS.
    2. Re:Doesn't run Windows by Anonymous Coward · · Score: 0

      I'm unsure why VMWare and Bochs can run Windows and Xen can't... Bochs and VMware can run operating systems unmodified. Xen requires changes to the OS so its performance doesn't suck as much as Bochs's and VMware's.

    3. Re:Doesn't run Windows by WindBourne · · Score: 1

      There are instructions on the Intel that are not easily virtualized (read this as expensive to run). That is what you get with VMWare/Bochs over Xen.

      If you need to run Windows, than you can afford to do VMWare. I paid 200 for it so that I could run several linux instances (modeling network equipment).

      --
      I prefer the "u" in honour as it seems to be missing these days.
    4. Re:Doesn't run Windows by Ath · · Score: 1
      If you need to run Windows, than you can afford to do VMWare. I paid 200 for it so that I could run several linux instances (modeling network equipment).

      Obviously you are referring to VMware Workstation. There is also VMware GSX (for workgroup level server virtualization) and VMware ESX (for more enterprise level functionality like management and moving live virtual servers to other physical servers).

      VMware is not just targeted at development environments. It is a robust and capable virtualization platform. While it does things differently than Xen, VMware already supports any mainstream x86-based OS. No doubt that Xen will perform better for any OS that supports it and it will be a great next generation virtualization platform.

      We are currently deploying a large scale VMware-based global infrastructure. The great thing is, if you need more servers then you just add a virtual one. If you need more actual hardware resources (CPU, RAM, disk space) then you can add that separately. But those resources are better pooled.

    5. Re:Doesn't run Windows by cerberusss · · Score: 1
      If you need to run Windows, than you can afford to do VMWare

      It's an excellent product and my company paid for it. However, I don't find the pricing friendly for the Linux hobbyist who runs Linux fulltime but wants an occasional trip to Windows.

      --
      8 of 13 people found this answer helpful. Did you?
    6. Re:Doesn't run Windows by harrkev · · Score: 1
      No doubt that Xen will perform better for any OS that supports it and it will be a great next generation virtualization platform.
      <sarcasm>
      I can just see Microsoft jumping though hoops in order to get XP (or LongHorn) to work with this.
      </sarcasm>
      --
      "-1 Troll" is the apparently the same as "-1 I disagree with you."
    7. Re:Doesn't run Windows by GiMP · · Score: 1

      Microsoft could utilize Xen too.. people could run multiple instances of Windows on a single server. With Windows, that would mean more licenses sold.

      The interesting thing about this is how it could eventually eliminate the need for dual-booting for users transitioning to Linux while allowing accelerated 3d to both systems. (meaning, you can game from both OS without rebooting).

      This is, of course, dependent on Microsoft supporting Xen. They are much more likely, however, to build a proprietary system off of VirtualPC.

    8. Re:Doesn't run Windows by Anonymous Coward · · Score: 0

      > VMWare doesn't require OS modifications because it virtualizes the entire machine (slow).

      False. Bochs maybe, but VMware doesn't virtualize the entire machine; if it did, you could run MacOSX on x86! (which is not possible with VMware).
      Vmware does some neat tricks with the code inside the virtual machine (I guess they are patented): it changes the troublesome assembly instructions, and then it lets run the virtual machine full speed, directly on the real CPU. This explains why VMware is FAST (maybe not as fast as Xen)

    9. Re:Doesn't run Windows by Eric+Smith · · Score: 4, Informative
      There are instructions on the Intel that are not easily virtualized (read this as expensive to run). That is what you get with VMWare/Bochs over Xen.
      Both Intel and AMD have stated that they plan to add virtualization support to forthcoming CPUs, which will have at least two useful benefits:
      1. VMware will run with much lower overhead, because it will no longer have to prescreen instruction sequences for those that have to be simulated (or binary translation, or whatever it s they're currently doing)
      2. Xen will be able to support unmodified guest operating systems
      I assume that the latter is what the mentioned Intel code drop is all about.

      Intel has mentioned two (different?) virtualization features, code named "Vanderpool" and "Silvervale". AMD calls theirs "Pacifica", and it is apparently not a clone of the Intel schemes, though it is expected to provide the same benefits.

    10. Re:Doesn't run Windows by kasperd · · Score: 1

      Both Intel and AMD have stated that they plan to add virtualization support to forthcoming CPUs... Xen will be able to support unmodified guest operating systems

      I have read about those plans. Still I wonder how well the virtualization will work. So maybe they will be able to virtualize a CPU we know today, but will they also be able to virtualize themselves? If the new CPU cannot virtualize itself it won't be long before we see a new Windows version requiring the virtualization features, such that this new Windows version will run only directly on the hardware and not in the virtual environment. If that happens we will back in todays state. Unless it will be able to virtualize itself, I don't trust all the promises about what good it will do.

      --

      Do you care about the security of your wireless mouse?
    11. Re:Doesn't run Windows by Curtman · · Score: 1
      VMware already supports any mainstream x86-based OS

      I notice that doesn't include SCO:

      The following guest operating systems may not work with VMware Workstation. There are currently no plans to support these guests:
      • BeOS
      • IBM OS/2 and OS/2 Warp
      • Minix
      • QNX
      • SCO Unix
      • UnixWare
      Oh right, you said mainstream. Nobody actually uses SCO products anymore do they?
    12. Re:Doesn't run Windows by Anonymous Coward · · Score: 0

      Given SCO seem to be suing anyone they've ever signed a contract with, that's probably a good move.

    13. Re:Doesn't run Windows by Anonymous Coward · · Score: 0

      It isn't so long since Microsoft payed a couple of interns to get XP embedded working on Xen, as a proof of concept. Of course, they then sat on it, and refused anyone permission to release it, but that's besides the point.

    14. Re:Doesn't run Windows by tweek · · Score: 1

      Well the interesting thing that IBM has added to the Power line is the ability to MICROpartition the LPARs. Think about being able to carve out portions of a CPU instead of having to waste a full CPU on the LPAR.

      When you really think about "On Demand" in relation to technologies like paritioning and virtualization, it really sinks in what they mean. Why waste a full system set of resources allocated to a database server just for backup capability. Why not partition a micropartition of resources such has 1 half a CPU and enough memory to run the OS and then when you have a failover or volume need, have the hypervisor reallocate the resources more evenly or fail them all over to the backup LPAR.

      Imagine if slashdot we're able to fire up extra instances of apache on LPARs to meet a big demand for a specific story and then drop the resources down when not needed? It becomes really visible when you have a 32bit JVM that can only use X amount of memory but you can fire up entire OS lpars instantly to add more app servers to a cluster.

      --
      "Fighting the underpants gnomes since 1998!" "Bruce Schneier knows the state of schroedinger's cat"
    15. Re:Doesn't run Windows by Anonymous Coward · · Score: 0

      Internally, MS does a lot of work with competitors code. MS R&D was to reverse engineer others code. They still do that, but not as much. In every case, it is never with core employees who are allowed to touch code windows. Generally, though, the code goes back to legal/management where they evealuated it for ideas.

      BTW, most major companies do similar things.

    16. Re:Doesn't run Windows by ckaminski · · Score: 1

      It's a difference between Free Software, and an encumbered bit of software because they'd have to purchase an MS Source License to build their own compatible HAL.

    17. Re:Doesn't run Windows by ckaminski · · Score: 1

      At this level, all instructions are assembly.

      What it changes is the function jumps. If you have code that makes lots of cross-process function calls, VMware slows way down. Yet doing loop processing, it's fast, native cpu speed.

      [URL:http://www.anticracking.sk/EliCZ/import/Vx8 6. txt] A paper by the Bochs guys, written long ago, about the issues with virtualizing the x86.

    18. Re:Doesn't run Windows by ckaminski · · Score: 1

      No, Please no. Not a rehash of 3dNow! / MMX again, PLEASE!?!?

    19. Re:Doesn't run Windows by cerberusss · · Score: 1

      That might be true, but there must be technical ways around this. I still find it a damn shame that with all this knowledge in the open source community, there's still no piece of software that matches VMWare's featureset.

      --
      8 of 13 people found this answer helpful. Did you?
    20. Re:Doesn't run Windows by ckaminski · · Score: 1

      I'm sure there is. Take a collection, gather $20,000-$50,000 USD, and buy a commercial source license to redistribute the HAL, vs. what was surely an educational source license that the Xen developers used.

      Then you can Open Source all of Xen, except the Windows HAL, which they can charge a nominal fee for, and continue development.

      It's a cost vs. effort tradeoff. XEN is a first step, code morphing on the fly is next. It will take time, but eventually it will arrive.

  10. Questions by stratjakt · · Score: 1


    1.3 Which OSes run on Xen?

    To achieve such high performance, Xen requires that OSes are ported to run on it. So far we have stable ports of Linux 2.4, Linux 2.6, and NetBSD. Ports of FreeBSD and Plan 9 are nearing completion.

    1.4 Does Xen support Microsoft Windows?

    Unfortunately there are no plans to support any versions of Windows in the near future. Furthermore, a port of Windows would be encumbered by licensing issues. Longer term, virtualisation features in next-generation CPUs should make it much easier to support unmodified OSes: at that time we will reconsider Windows support.

    What is Xen good for, exactly? I mean I can run NetBSD, linux, linux and linux on the same machine?

    In what sort of situation would I want more virtual linux machines, where UML wouldn't suffice? When would I need to run NetBSD and linux together, when everything that runs on one can be recompiled easily for the other?

    I could see concurrently running Windows and linux as a useful thing in business, since sometimes you just can't get away from Windows.

    What's it good for that vmware isn't, if you need to run customized OS's on top of it?

    I'm just curious. Anyone use it? What exactly are it's features, besides free vs Free vs blah blah philosophy, I'm talking technology here.

    --
    I don't need no instructions to know how to rock!!!!
    1. Re:Questions by Transdimentia · · Score: 3, Insightful

      The first thing that pops into my mind would be for partitioning your machine into slices for hosting/dedicated customers while preventing them from walking on each other or even knowing they are there?

    2. Re:Questions by Chirs · · Score: 3, Informative

      It's roughly 10 times faster than UML.

    3. Re:Questions by Anonymous Coward · · Score: 1, Informative

      What is Xen good for, exactly? I mean I can run NetBSD, linux, linux and linux on the same machine?

      Xen can run it almost at its native speed, unlike other virtualization technologies.

    4. Re:Questions by Paul+Crowley · · Score: 3, Informative

      I'd assumed you were greatly exaggerating for dramatic effect, but benchmarks show a range from almost no improvement to a factor of 5.

      --
      Xenu loves you!
    5. Re:Questions by vidarh · · Score: 1

      For an example, think virtual webhosting. Most hosting companies will sell you either a colocated box where you get root, or a shared hosting account where you don't. Some of them will offer UML or vservers alternatives where you get root on a virtual box. Xen allows the same thing, but faster than UML or VMWare, and with more total separation than vservers.

    6. Re:Questions by Lemming+Mark · · Score: 2, Informative

      In addition to other posted comments, Xen can also perform live migration (move running virtual machines to another host without stopping them) and can run Linux device drivers in sandboxed, restartable domains.

    7. Re:Questions by woah · · Score: 1
      Actually it's really supprising that UML ranks so low in their benchmarks. I've always found UML performance to be close to that of the host. Definitely not an order of magnitude difference.

      Then again what else do you expact from "sponsored" research.

    8. Re:Questions by lcde · · Score: 1

      What is Xen good for, exactly? I mean I can run NetBSD, linux, linux and linux on the same machine?

      Imagine a different kind of chrooted enviroment. Or imagine each user being able to have full access to a linux distro on a single machine.

      --
      :%s/teh/the/g
    9. Re:Questions by Anonymous Coward · · Score: 0

      If you've found UML performance to be close to that of the host, you either have one fucked up host, or you haven't seriously used UML. Just think about the contortions UML needs to go through to handle a system call, for instance, and you'll see why it's so easy to improve on. :)

      If you're using a compute-intensive load, UML probably is quite close to the host, but as soon as you start taking system calls and page faults you're lost. Even the UML site admits to losing
      30% of their performance when doing kernel builds, even using SKAS mode.

      Disclaimer: I wrote a lot of the old Windows XP port to Xen.

    10. Re:Questions by afifim · · Score: 1

      One of the biggest potential features (and people seem to have missed that) is how failovers could get to work. So let's you have multiple Xen hosts, running multiple OS's on them. Should a Xen host fail then the OS's and applications running on it migrate to another Xen host dynamically without any noticable slowdown. Similarly think UML, but fast enough to actually replace ALL servers. Not just development boxes that you didn't want to purchase hardware for, but all servers in an enterprise could reside on Xen hosts. So instead of having 100 servers most running at 30% utilisation but can't merge them due to applications not playing nice or .. or ... Xen solves that.

    11. Re:Questions by Anonymous Coward · · Score: 0

      Xen can also perform live migration (move running virtual machines to another host without stopping them)

      Please, reference - I can't imagine a PostgreSQL server or other complex software with shared memory, locks, etc moving anywhere while running.
      TIA

    12. Re:Questions by Lemming+Mark · · Score: 1
      This link (nb. I took it from another post on this article) also mentions it: http://www.linux-mag.com/2004-10/xen_01.html/

      It's also (briefly) covered in the Xen 2.0 user manual. There's a research paper covering the technical details but it's not publically available yet so there isn't a link I can give you.

      I can't imagine a PostgreSQL server or other complex software with shared memory, locks, etc moving anywhere while running.
      That is a problem of process migration but because Xen migrates whole virtual machines, the shared memory and the locks move with the process. The live migration was benchmarked migrating Apache server VMs whilst running SpecWeb against them and with migration of Quake 3 servers whilst running multiplayer games.

      Of course, you have to arrange for the / filesystem device to be available at both the source and destination machines for the migration (e.g. use a network filesystem or network block device, or a SAN).

  11. Trust Blues by Doc+Ruby · · Score: 0, Troll

    If IBM makes an open-source Trusted Computing component that is indistinguishable to Windows components authenticating it across the Net, IBM will have made up for a multitude of sins. Between IBM and Novell, Linux might just keep us out of the clutches of the Windows hegemony for another decade.

    --

    --
    make install -not war

    1. Re:Trust Blues by Doc+Ruby · · Score: 1, Troll

      I hate to see Solaris/Sun go down
      I hate to see Solaris/Sun go down
      'Cause, my server, it's got no workaroun'

      Upgrade tomorrow, like I upgraded today
      If I upgrade tomorrow, like I upgraded today
      I'll install XP and get some bills to pay

      Redmond software, with its web of trust
      Pulls the users around by their technolust
      With crappy software that should be left to rust

      Give me the Trusted Computing blues
      Blues that I can't use
      Swap my Linux for Windows
      Lord, make me pay my dues

      I love IBM like a jailbird loves the key
      Like a Finland hacker loves the CVS tree
      Bigger blues come and set my PC free

      --

      --
      make install -not war

    2. Re:Trust Blues by Anonymous Coward · · Score: 0

      hummmm. You may wish to keep your day job. I can imagine you singing and I prefer to hear a gagle of penguins. :)

    3. Re:Trust Blues by Doc+Ruby · · Score: 1

      I'm just glad that Billie Holliday ignored that kind of advice when she recorded the original lyrics of WC Handy's "St. Louis Blues".

      --

      --
      make install -not war

  12. Expect but don't assume. by glrotate · · Score: 1

    I can't think of anything more foolish if you are an IT professional than to "assume" products are secure.

    1. Re:Expect but don't assume. by neoform · · Score: 1

      i did say i assume their products are secure, i said i assume they're trying to make their system secure.. why make it their selling point that they're working on security.. ?

      --
      MABASPLOOM!
  13. s "hype"? by diegocgteleline.es · · Score: 1

    Finally a software product that describes its main characteristic after its name! Of course that was after the market-leader of such trend - "Loooong"horn.

    1. Re:s "hype"? by Hal_Porter · · Score: 1

      Yup, this shit is beyond technobabble

      Original
      "Intel's code drop in the xeno-unstable.bk tree for their super secret VT CPU"

      Technobabble
      We have quasixenoinstabilities Doctor! Reverse the polarity of the neutron flow!

      Maybe I need to remodulate the harmonics in my English parser or something, but the technobabble makes more sense.

      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
  14. Re:It's similar to Netraverse... by Anonymous Coward · · Score: 0

    Actually, the OS patching thing is no big deal since someone's already done the windows patching work for you. If you're running win4lin, go into the win4lin directory in /opt and you'll find plaintext lists of patches for every version of windows it supports. Win4lin effectively is Xen for windows and is a 20 year-old product (via Merge), nothing new there...

    So it's certainly possible for a 3rd party to integrate those patches into Xen without the Xen developers' blessing. =) Netraverse might hate you for it, but it probably could be argued that a comprehensive list of non-virtualizable patches can only be done one way.

    Keep in mind that a tool similar to Bochs/VMWare could be used to generate patchlists automatically so it's only a matter of time before someone gets a clue and updates Xen to allow Win4lin type functionality.

  15. Answer ? by DrYak · · Score: 1
    I could see concurrently running Windows and linux as a useful thing in business, since sometimes you just can't get away from Windows.


    [Warning : Flamebait ahead]
    Excuse-me.
    You don't think running Windows on a MainFrame, don't you ?
    You know these big super computer that are supposed to crash only once per century ?
    [/Warning : Off]

    More seriously : Xen is intended for machines that are only used to run different flavors of unix any way. I could eventually complain about it's lack of support for Solaris. But I don't think any one is missing Windows.
    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
    1. Re:Answer ? by stratjakt · · Score: 1

      Thank you. I asked for technical answers, not "We ahte MSFT ahhahaha j00 suck" zealot bullshit.

      There's a huge need for Windows. Hell, The AS400 runs Windows. There are apps, services, interfaces, etc, that only run on Windows, whether you like it or not. This is why vmware exists, and actually makes money.

      --
      I don't need no instructions to know how to rock!!!!
    2. Re:Answer ? by Curtman · · Score: 1

      This is why vmware exists, and actually makes money

      So use it. Go ahead and try to convince Microsoft to support Xen. Please let us know how that goes.

  16. windows client yet? by nurb432 · · Score: 1

    I know it takes some binary changes, but have any 'patches' been released yet to allow for windows ( xp/2000/2003 ) to run as a client yet?

    --
    ---- Booth was a patriot ----
    1. Re:windows client yet? by demon · · Score: 1

      You can't "patch" the binary OS; there are fundamental changes that have to be made about how page tables and certain supervisor-only operations are done. Microsoft Research UK actually ported the XP kernel to Xen 1.2, reportedly, but due to licensing restrictions, it won't be released publicly (and I suspect from higher-up pressure to make sure that their VirtualPC stuff is the preferred virtualization environment for use with Windows).

      --

      Sam: "That was needlessly cryptic."
      Max: "I'd be peeing my pants if I wore any!"
    2. Re:windows client yet? by Anonymous Coward · · Score: 0
      You can't "patch" the binary OS
      Yes, you can. It just isn't easy.
  17. Xen? more secure? by AgentGray · · Score: 1

    What with all those portals opening up...who knows what your going to get.

    What do I know...I'm from City 17, not Black Mesa.

    --
    "Power corrupts. PowerPoint corrupts absolutely."
  18. An idea by Mitchell+Mebane · · Score: 2, Interesting

    I wonder if ReactOS has any plans for supporting Xen in the future? They're not at a "Windows replacement" stage yet, but the project seems to be moving pretty fast.

    --

    The roots of education are bitter, but the fruit is sweet.
    --Aristotle
  19. What IBM will gain by Alain+Williams · · Score: 1
    On it's big machines (mainframes) you can run lots of virtual Linux machines under VM, by using Xen they will be able to have the same configuration from big zSeries (Mainframe) to iSeries (AS400) to small Intel serers and maybe even desktop.

    Presumably Xen isn't quite as secure as VM and this work will fix that.

    I wonder if they will then port OS/390 and OS/400 to run on top of Xen ?

    1. Re:What IBM will gain by Lemming+Mark · · Score: 1
      Presumably Xen isn't quite as secure as VM and this work will fix that.
      It's not a case of security in the conventional sense (exploits, etc.). The enhancements are specifically to allow complex Mandatory Access Controls (SELinux style), which Xen itself doesn't currently support (although you can run SELinux in Xen VMs, there's nothing that works on a whole-machine level.
    2. Re:What IBM will gain by Anonymous Coward · · Score: 0

      Umm...Xen runs x86 guest operating systems. So unless IBM plans to port OS/390 and OS/400 to x86 (hint: no), I find it particularly unlikely.

      Especially since they already have production quality partitioning for those platforms already.

  20. Re:in other news.. by homer_ca · · Score: 1

    "have called this Zen stuff anti semitic"

    Buddhism is anti-semitic?

  21. What this all means-Pocket Mainframe. by Anonymous Coward · · Score: 0

    "Now thousands of Linux geeks will install this on their $299 PC and think "Holy shit, I have a mainframe in my house! I need to put this on my resume!""

    Why not? Personal PCs certainly are headed that way.

    In fact if it wasn't for accidents of history. Our computers would be so much more than they are now.

    1. Re:What this all means-Pocket Mainframe. by SunFan · · Score: 2, Insightful

      In fact if it wasn't for accidents of history. Our computers would be so much more than they are now.

      Well, I figure Microsoft has set us back twenty years. The UNIX old-is-new-again migration is beginning to repair that damage, especially with recent advancements that leave Windows feeling lonely. Only Microsoft isn't UNIX, anymore, except for fringe systems.

      One good thing about Microsoft is it allowed people to learn a little about what they actually want in a computer, which helped drive refinements in Linux/UNIX. This is ultimately a good thing, and will better allow Microsoft's business model to become obselete as more people get what they want in open systems.

      --
      -- Microsoft is the most expensive commodity operating system and office suite vendor in the marketplace.
    2. Re:What this all means-Pocket Mainframe. by Anonymous Coward · · Score: 0

      "Well, I figure Microsoft has set us back twenty years. "

      Well when I use the phrase "accidents of history". I'm not just talking about Microsoft. All the ideas that either didn't make it to market, but were ahead of their time (Xerox, TI). Or died soon after hitting market (Apple Newton). Some because of monopoly behaviour. This applies as much to hardware as software (Intel). I don't think most people realize just how many good ideas see little of the light of day?*

      There's also those class of ideas that see the light, but they're only for an elite niche (XSIS 'The Analyst').

    3. Re:What this all means-Pocket Mainframe. by SunFan · · Score: 1

      I'm not just talking about Microsoft.

      It is arguable that Microsoft did so much damage that other important things are just specks in history. There's always people pining for Lisp or Amiga or whatever, but Microsoft took the world's understanding of security and reliability and sound engineering and buried it alive under marketing brochures.

      --
      -- Microsoft is the most expensive commodity operating system and office suite vendor in the marketplace.
    4. Re:What this all means-Pocket Mainframe. by Anonymous Coward · · Score: 0

      Um. Lisp is still around doing just fine, thankyouverymuch. We don't pine for it, we just use it. "Lisp Machine" hardware is another matter, but lisp machines were never affordable by mere mortals anyway.

    5. Re:What this all means-Pocket Mainframe. by Anonymous Coward · · Score: 0

      Lisp is crippled by no common way to access operating system features and no good non-commercial GUI toolkit. Lisp itself is great, but other environments have gone way beyond it in actually being useful for applications.

    6. Re:What this all means-Pocket Mainframe. by Anonymous Coward · · Score: 0

      How many years back do you think the proliferation of UNIX has set us?

    7. Re:What this all means-Pocket Mainframe. by Anonymous Coward · · Score: 0

      Personal PCs are headed for the same fate as the ATM Machine and the PIN Number.

    8. Re:What this all means-Pocket Mainframe. by SunFan · · Score: 1

      The worst aspect of UNIX is exemplified by SCO, but lawyers can be dealt with. Solaris 10 is light years ahead of Windows, now. Mac OS X combines the best of UNIX and Mac. Linux exceeds Windows on the server and is gaining elsewhere. This all probably stems from the fact that UNIX has always been the middle of the pack between Windows and Mainframes, and leads the pack in system transparency.

      --
      -- Microsoft is the most expensive commodity operating system and office suite vendor in the marketplace.
  22. X en? by Mubarmij · · Score: 1
    At first gland, I though the title was..

    IBM Pledges To Make XMen More Secure

    1. Re:X en? by jd · · Score: 1

      Hmmmm. I always thought Wolverine was a bit jumpy.

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  23. XEN and OpenPower. by Pinback · · Score: 1

    XEN does for the Intel platform what OpenPower does for the Power platform.

  24. In depth Xen article by oz_ko · · Score: 1
    For some interesting information on Xen take a look at

    http://www.linux-mag.com/2004-10/xen_01.html/

    Oz

  25. What this all means-Pocket Mainframe-LISP. by Anonymous Coward · · Score: 0

    "Lisp is crippled by no common way to access operating system features"

    Doesn't need an OS. Google for LispOS. Or even better the "Slate" project.

    "and no good non-commercial GUI toolkit."

    CLIM is the standard for Common Lisp.

    "Lisp itself is great, but other environments have gone way beyond it in actually being useful for applications."

    Oh it's still being used. Allegro Lisp, or Common Lisp are being used. Just as Smalltalk is being used. As both language, and OS.

  26. Hip Hip for the Open Source! by CEHT · · Score: 1

    Now all we need is project plans to implement most of these into the Linux kernel.

    --

    ============
    Mathematics will always come back to hunt you down, in so many ways

    1. Re:Hip Hip for the Open Source! by Lemming+Mark · · Score: 1

      Support for running on Xen 2.0 is likely to be integrated into the 2.6 kernel in the near future. Support for running 2.4 on Xen 2.0 will remain a separate patch.

      Xen support is planned to be checked into the mainline FreeBSD tree. Support for Xen 1.2 is already in the NetBSD mainline but for Xen 2.0, you need the patches that come with the Xen distribution.

  27. DemoCD? by JThundley · · Score: 1

    Does anyone have a link or a torrent for the XenDemoCD referenced on their main page? It's not on their downloads page like the link implies.

    1. Re:DemoCD? by JThundley · · Score: 1

      Sorry for being a poon-tard, I found the good stuff here.

    2. Re:DemoCD? by Lemming+Mark · · Score: 1

      There's not a demo CD for 2.0. It's simple to set up 2.0 on an existing Linux install and start testing virtual machines. There is a user developing a new, improved LiveCD, which may be distributed in future.

    3. Re:DemoCD? by Lemming+Mark · · Score: 1

      I wouldn't bother with the 1.2 demo CD - 2.0 is a massive leap over 2.0. Unfortunately there's not an existing CD for 2.0 but it's quite simple to install on your hard drive.

  28. We tried both, Xen is better for us. by leonexis · · Score: 1

    In what sort of situation would I want more virtual linux machines, where UML wouldn't suffice? When would I need to run NetBSD and linux together, when everything that runs on one can be recompiled easily for the other?

    Our company uses Xen in order to provide our customers with their own virtual server for services that we provide. We used UML at first, but found the performance very poor. While researching Xen, we got response times 2 to 10 times faster than the same site on UML. And UML had a nasty habit of crashing under high stress (on our servers at least).

    So in our case (yours results may vary), Xen was faster and more reliable.

    1. Re:We tried both, Xen is better for us. by ckaminski · · Score: 1

      Care to pimp the company? Can I get a dedicated host with Xen installed on it?