Running Xen

David Martinjak writes "Running Xen: A Hands-On Guide to the Art of Virtualization was published by Prentice Hall, and authored by Jeanna N. Matthews, Eli M. Dow, Todd Deshane, Wenjin Hu, Jeremy Bongio, Patrick F. Wilbur, and Brendan Johnson. The book, which will be referred to as simply Running Xen, was a great resource on Xen and virtualization from the administration side. A wide range of topics was covered from installing Xen all the way up to managing virtual resources, including migrating guest environments. Overall, the explanations were concise and understandable; while the information was presented in a straightforward manner. Running Xen was definitely a useful resource for administering systems with Xen." Keep reading for the rest of David's review. Running Xen: A Hands-On Guide to the Art of Virtualization author Jeanna N. Matthews, Eli M. Dow, Todd Deshane, Wenjin Hu, Jeremy Bongio, Patrick F. Wilbur, and Brendan Johnson pages 586 publisher Prentice Hall rating 9 reviewer David Martinjak ISBN 0132349663 summary A hands-on guide to virtualization with Xen The flow of the book was intuitive, and reasonable; this was especially valuable for discussing a newer technology where the terms could be confusing. Fortunately, the authors kept the language clear so that the reader easily could understand the subject of discussion. This unambiguous presentation of content was a welcomed feature.

Running Xen started with a thorough-enough explanation of virtualization. Several different approaches to virtualization were compared and contrasted, which should help the reader to understand where Xen resides in the whole domain. This first chapter was a great introduction as it provided just the right amount of information. At no point did I consider the explanations to be short or lacking; nor did I feel overloaded with details. The authors seemed adequately aware that the title of the book was Running Xen, and they stuck to that scope.

After the introduction, the book moved right into actually running Xen. This helped to keep the my attention on the subject, and tied back in to the proper flow of the material. At first, the chapter began with baby steps. It introduced the Xen LiveCD, and information on working within the Xen environment. Subsequent chapters moved into a more intermediate level of usage: installing Xen in a third-party distrobution, and running pre-built guest images. Popular third-party distrobutions such as Ubuntu, Gentoo, CentOS, and OpenSUSE were covered; and this section also included instructions for using compiled Xen binaries and building your own from source.

One of the topics I was most interested in was building a custom, minimal guest environment from a particular distro. Chapter 7, "Populating Guest Images", provided all of the information I was looking for along with some other interesting facts. The popular distros were covered again (Ubuntu, Gentoo, etc.), but this time a twist was added to the mix. "Populating Guest Images" started off with installing Windows XP in Xen. This was a complete surprise to me. If you prefer GNU/Linux on the server, but Windows XP on the desktop, and have been looking to consolidate with virtualization; this chapter is a must-read. The chapter also helped solidify the understanding of concepts presented earlier in the book. For example, the first chapter discussed two different types of guests: paravirtual (PV) and Hardware Virtual Machine (HVM). In "Populating Guest Images", the authors led the reader through building guests of each type. The process was presented in a logical fashion which was easy to follow, making the book that much more enjoyable.

Running Xen then moved on to putting the guests on the network. Chapter 10, "Network Configuration", covered several options for networking guest environments in Xen. It would be an understatement to say that this chapter was thorough. Overall, the authors did a great job explaining the differences between the networking options, and how to implement each one. Unfortunately the needs of the reader are variable, so this chapter overflowed with information. The upside was that readers with complex virtualized network segments will not be disappointed. The downside was that I, personally, only really needed a small percentage of the chapter's content. Therefore, much of the chapter was technically irrelevant to me individually.

There was one other unfortunate issue, which occurred in the next chapter. Chapter 11, "Securing a Xen System", contained syntax errors for iptables rules. Mainly one dash was used instead of two when specifying the destination port in some rules. For example, LISTING 11.10 displayed the syntax -dport which caused an error. However, the syntax was correct at other places in the book (LISTING 10.24, for example). Additionally, there was a problem on output formatting where the command prompt and output lines ran together in the print (LISTING 11.11). This could cause confusion for some readers intently following the text.

My only complaint with the book was that the chapter on network configuration seemed to be rather long. For a person working with Xen at a business level, especially mid-size to enterprise, this chapter provided an excellent amount of insight and information. But for the person at home building his/her own test server for simple purposes, much of the content in this chapter was overkill. Additionally the few syntax errors were eye-sores, but any person with iptables experience could easily identify and fix the problems. It is just in my opinion, a published book should be syntactically correct so that the reader is not presented with contradicting results; nor should the reader have to conduct additional searches to rectify mistakes from the book's pages. However, these items are minor and pale in comparison to the outstanding wealth of knowledge in the text.

This book is highly recommended for anyone interested in virtualization with Xen. In addition to the regular paperback, Running Xen is also available on Safari. The paperback additionally includes a coupon code for a 45-day pass to access the book via Safari online.

David Martinjak is a programmer, GNU/Linux addict, and the director of 2600 in Cincinnati, Ohio. He can be reached at david.martinjak@gmail.com.

You can purchase Running Xen: A Hands-On Guide to the Art of Virtualization from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Black Mesa played around with Xen for a while...

... I don't think the results were favorable.

Another near-useless book review.

[XorNand]

I don't know why I keeping reading /. book reviews; I never feel like I get much information in exchange for my two minutes. Who is the target audience of this book? What kind of Xen experience did the reviewer have prior to picking up this book? What did he actually learn when he was finished with it? There's too much verbiage attributed to how he "felt" about the book or the style it was written in and not enough hard information.

In my personal experience, Xen isn't that hard to get working. I think I read a single HOWTO and was up and running in an afternoon. I subscribe to the mailing list which is a great resource for the more arcane problems (passing a PCI telephony card to an Asterisk domU, for instance). The developers and veterans are very patient and quite helpful. I was hoping this review would tell me why I should or should not spend money on another Xen resource. Since I feel like I still don't know anything about the book, it has failed to do so.

Re:Another near-useless book review.

[Lord+Apathy]

Does it tell me how to fix my fucking motorcycle?

Re:Another near-useless book review.

[bsDaemon]

Reading articles is too much for most people around here, you think they're going to read a whole book? * end sarcasm *

Re:Another near-useless book review.

[Fastball]

Does it tell me how to fix my fucking motorcycle?

Xen's dead, baby. Xen's dead.

Does XEN have a future?

Haven't the kernel developers basically given xen the cold shoulder, preferring now to dedicate their efforts to kvm, the virtualization solution which is now part of the mainline kernel? The problem, from what I recall from reading some threads on the subject a while back was that xen needs to keep pace w/ kernel driver development work, which is an extra effort for the developers. It's easier for them with kvm since it's part of their dev tree. Right now I think Ubuntu is the only big distributer shipping kvm; Redhat et al are doing xen .. I think (corrections please). On that count, xen is doing well. But moving forward, it seems like they have to do a lot of extra work to track kernel development, which will be made harder by virtue of the fact that key kernel developers may not feel like devoting time to what they feel is a duplicate effort.

Re:Does XEN have a future?

[squiggleslash]

Xen and KVM are completely different types of virtualization solution. The supposed rivalry between the two is largely bad journalism, not rooted in anything to do with the platforms themselves.

If you want to run a single physical computer with multiple operating system instances, such as replacing a bank of servers with a single machine, Xen is your guy. If you want to run VMs under Linux, KVM is your friend. Conflating the two is like comparing... well, to use a car analogy, for this is Slashdot, a railroad with a tractor trailer.

Re:Does XEN have a future?

[Richard+W.M.+Jones]

KVM is nice and shows promise, but performance wise the paravirtualized approach of xen is still significantly faster (as in very-near-bare-metal, even significantly faster than vmware ESX on most loads).

VirtIO, which is in latest versions of KVM, paravirtualizes all the hardware and gives you almost all the benefit.

KVM is where things are going because as a poster said above, it avoids having to write all the drivers twice over. Xen dropped the ball by not working closely with the Linux kernel developers. Now XenSource have been bought out by a Microsoft proxy, so the future for Linux & Xen is looking even less rosy.

As you say, Red Hat offers libvirt which hides the differences between virtualization systems, so for most administrators and application programmers, which system "wins" is not going to matter. (My personal opinion is that none of them will win outright, at least not for many many years - different approaches to virtualization are suitable for different areas).

Rich.

Re:Does XEN have a future?

[segedunum]

Xen and KVM are completely different types of virtualization solution.

Well yes they do do things differently, but KVM does it better and simpler by just running on Linux as the base system hypervisor. From a maintenance point of view things get far simpler, as the OP said.

If you want to run a single physical computer with multiple operating system instances, such as replacing a bank of servers with a single machine, Xen is your guy. If you want to run VMs under Linux, KVM is your friend.

That statement is just, well, daft. You're implying that Xen can't run VMs under Linux but KVM can, or Xen can run VMs on systems other than Linux or something that KVM can't do? They're both Linux only at this point, and Xen effectively runs a forked version of Linux because it isn't, and won't be, upstream.

Re:Does XEN have a future?

[jandersen]

Haven't the kernel developers basically given xen the cold shoulder, ...? They may have, but I think Xen still has a future - just take a look at Oracle VM. Oracle is a substantial player in the marketplace, whatever else one may think of them, so Xen does have some serious backing. Oracle VM is, as far as I can see, little more than a basic Linux with Xen - "perfect for running Oracle Unbreakable Linux" :-) I've tried it, though, and it works well.

Re:Does XEN have a future?

[David+Jao]

Xen has pretty much no support for laptops. Unfortunately for Xen, it's becoming pretty clear that laptops are the future as far as general purpose computing goes. So I would say that Xen has no future.

The problem (and it is a showstopper) is that Xen has no ability to perform power management. Even worse, the design of Xen makes it almost impossible to support power management in any sane way. In Xen, every OS on your system runs in a virtual machine. Even the so-called "host" OS, which has special privileges for hardware access, runs in a virtual machine. The actual host kernel is a bare-bones hypervisor with so few features that it cannot be called a full-blown OS.

Power management is very difficult to do under the Xen architecture, because ACPI power management requires all of the power management code to run in the OS. Now, an OS running inside a VM has no ability to monitor power usage for other VMs -- that's the whole point of a VM, after all. So, under the Xen design, the power management code cannot run in the "host" OS. It has to run in the hypervisor.

However, power management is complicated enough, and involves enough dependencies, that by the time your hypervisor has implemented power management, it is already bloated and featureful enough to constitute a full-blown OS. Therein lies the problem: a full-blown OS is very difficult to develop in this day and age, and in order to succeed you need a large team. If you screw up, then the resulting product is fragile and unstable, and nobody wants that. Xen is a very small team compared to Microsoft, or Linux, or even FreeBSD. They have no chance to develop an OS on their own.

One might be tempted to implement some sort of passthrough design where the hypervisor piggybacks off of the power management code in the "host" OS, but such a design requires forking the "host" OS and still involves almost as much hypervisor bloat as implementing power management itself.

In short, KVM is the future, at least for regular users like you and me. KVM has no problems with power management, because under KVM the actual host kernel is the exact same Linux kernel that you normally use, with a complete ACPI implementation. Xen might have a place when it comes to big iron and server rooms, but history shows that very few technologies can survive in server-only space when there is mass-market competition (Itanium anyone?).

In fact, with the soaring cost of energy these days, power consumption is becoming a huge issue even on servers, so it's fair to say that Xen's days are numbered even in the server space unless they drastically change their design.

Re:Does XEN have a future?

[TheRaven64]

You're implying that Xen can't run VMs under Linux but KVM can, or Xen can run VMs on systems other than Linux or something that KVM can't do? They're both Linux only at this point, and Xen effectively runs a forked version of Linux because it isn't, and won't be, upstream. Xen is a hypervisor. It runs under Linux, not on top (although the Xen devs do often run Xen in KVM for development). It uses one or more slightly (or very, depending on your hardware) privileged guests to provide drivers. These can be Linux, NetBSD or Solaris.

KVM only works on systems that support hardware virtualisation. Xen will run unmodified operating systems on these platforms, but also supports paravirtualised guests on older systems (and paravirtualised guests are faster on any hardware). As far as I know, KVM is x86-only, while Xen runs on x86, PowerPC, Itanium and ARM (Samsung are doing some very cool things with Xen on ARM).

There are a few things that Xen supports that KVM doesn't, such as live migration. This is probably the right time for the obligatory plug for my book, if you want to learn more about how Xen works.

Re:Does XEN have a future?

[squiggleslash]

Well yes they do do things differently, but KVM does it better and simpler by just running on Linux as the base system hypervisor. From a maintenance point of view things get far simpler, as the OP said.

Sure, and Wifi does it better and simpler than Bluetooth by using Ethernet frames (The Bluetooth vs Wifi "war" is also a good example of where geeks get it completely, 100%, wrong by not recognizing the entirely different applications the technologies are aimed at.) You're comparing apples to oranges, and assuming that because KVM works better in a specific scenario that it works better.

That statement is just, well, daft. You're implying that Xen can't run VMs under Linux but KVM can, or Xen can run VMs on systems other than Linux or something that KVM can't do? They're both Linux only at this point, and Xen effectively runs a forked version of Linux because it isn't, and won't be, upstream

It's not daft, your response makes no sense. Let's break it down:

You're implying that Xen can't run VMs under Linux but KVM can

That's right. Xen cannot run VMs under Linux. Xen runs VMs on the bare hardware. In the Xen environment, operating systems run under Xen, not vice versa. The only way to run Xen "under" Linux is to run it in an emulator!

or Xen can run VMs on systems other than Linux or something that KVM can't do?

This sentence makes no sense as is. It can't run VMs under Linux, as stated above. In terms of operating system support, you can run various operating systems under Xen as "dom0". Dom0 is a special domain that most hardware is managed by by default (though you can redirect any almost piece of hardware to be managed by any guest system. For example, on my home server, one of the Ethernet cards is managed completely by a domU.) Dom0 can be one of many operating systems, including Linux-based systems, OpenSolaris/SunOS, OpenBSD, NetBSD, and certain versions of FreeBSD (with certain versions of Xen.) The only restrictions that go with being dom0 have to do with the kernels for those systems being Xen-aware.

This flexibility brings enormous advantages incidentally. With enough memory, you can install something like Solaris as your domU and have it export NFS shares upon a ZFS file system to all of the domUs, giving every operating system you run the advantages of the host. At the other extreme, you can install something small and light - bugs aside, I found Xen's integration with Ubuntu Server 8.04 LTS wonderful when setting up my little firewall-gateway/servers box. I have the barest Ubuntu Server installation (no X11/GNOME/etc) as dom0, and even barer systems for the domUs It's great.

They're both Linux only at this point, and Xen effectively runs a forked version of Linux because it isn't, and won't be, upstream.

Xen is PowerPC, ix86, and AMD64 at the moment. In terms of operating systems it can run as dom0, see above. In terms of operating systems it can run as domU, well, the choice is massive.

Really, what you're saying convinces me you haven't really investigated what makes Xen Xen. I would never install Xen on my laptop. I'd never install KVM on my server machine. Take another look at both, and see why their strengths make them suitable for different purposes, neither are solutions that fit every application, and they complement each other well in terms of the applications they efficiently support.

Re:Does XEN have a future?

[David+Jao]

First of all, I'm not fighting a war here. I'm just saying nature will take its course, and there is nothing you or I can do to stop it.

KVM will scale up to the server space. There is no technical reason why KVM requires "running everything as VMs on a desktop", even though that happens to be required today. In fact I guarantee you that one day KVM will be viable in the server arena. Once that happens, Xen is dead.

By contrast, Xen can never scale down to laptop or even desktop users, because the hypervisor design imposes unacceptable usage constraints for such users.

I said before, and I'll say again, it is very hard for any server-only computing technology to compete against mainstream alternatives. Admittedly, it is easier in the case of software (e.g. Oracle) than hardware (e.g. x86). However, x86 virtualization happens to be moving in the direction of hardware. All of these factors weigh against the hypervisor design. Incidentally, all of Xen's competitors, including VMware and Microsoft, offer at least some virtualization products not based on hypervisors. Xen is the only company tethered to hypervisors, and that does not bode well for them.

You say yourself that "people will try to force fit one solution to the other's area" but then you dismiss this as a non-issue. I think it is a bigger issue than you realize. For example, the reviewer of this book, among all people, complains several times in this review that the book is overkill for what he needs. It looks like he would be better served by KVM. If there is a "war" to be fought, then the goal must be to educate readers about the pros and cons of each option, so that they can choose intelligently. That's all I'm trying to do.

Re:Does XEN have a future?

[David+Jao]

There are a few things that Xen supports that KVM doesn't, such as live migration.

Wait, what? KVM supports live migration, and in fact KVM supports it better than Xen ever did.

Xen allows live migration only between machines with identical or very similar processors. KVM supports live migration between any two systems that can run KVM. For example, if you want to live migrate from an Intel to an AMD host, KVM is your only option. If you want to live migrate a 32-bit guest between a 32-bit host and a 64-bit host, KVM will do that, Xen won't.

Re:Does XEN have a future?

[PetoskeyGuy]

Amazon EC2 is the largest installation of XEN servers I'm aware of. You can sign up right now and start up to 20 virtual machines for $.10 US per hour. There are some major services built on top of EC2. I would assume Amazon itself uses the technology to run their own services - that should provide a pretty good shelf life and development cycle.

Running... Xen!?

[Cctoide]

If you'll excuse my off-topicness for a moment here, I can't be the only one who was thinking "Wait, someone actually wrote a serious book about Half-Life?" when clicking onto this...

Nope. No one has heard of that book.

[spun]

On the other hand, most of us have read Zen and the Art of Motorcycle Maintenance. Which still doesn't tell you how to fix your motorcycle, that's what's so Zen about it.

"What's the sound of one hand adjusting a timing belt?"

Re:Nope. No one has heard of that book.

[spun]

Oh yes, I got that. Poor, sad little humor impaired moderators.

Xen isn't a silver bullet

[rips123]

I've deployed xen at work. It has its issues. A report on these would be much more useful to the slashdot crowd than a book full of information thats largely out of date the moment its published so here goes:

The two biggest issues that bit me:

1. I wanted to use external USB drives in a xen virtual machine. I can do PCI passthrough (exposing a whole PCI device) to a guest but only on linux. Solaris support doesn't exist yet and I think the FreeBSD support is still in the pipeline. Tough luck if you want to run, say, a kernel-based ZFS distro on a guest OS like I did. I ended up using a linux guest with para-virtualized PCI and zfs-fuse but I still have some memory leak issues that mean I have to restart the fuse daemon every so often - not ideal.

2. I wanted to virtualize an old windows PC used to run through web logfiles once a month. Xen can't virtualize DMA access so for hardware virtual machines like Windows XP, you end up with IO based disk access which uses MUCH more CPU than DMA access - especially for this sort of task.

Better than RedHat documentation

[RobNich]

The book HAS to be better than the documentation that RedHat provides for RHEL 5 Virtualization. It ranks among the worst-written, most useless documents I've read in a long time.

Re:Does XEN have a future?for this is Slashdot, a

[Robber+Baron]

for this is Slashdot, a railroad with a tractor trailer

http://www.qstation.org/BNSF_Triple_Crown/

http://www.deluxeinnovations.com/rolling/rollingwnc01.html

...you were saying?

Re:Thanks, that was interesting...

[squiggleslash]

Counterpoint? Drepper's not explaining that the "KVM and Xen are competitors" war is valid, he's just buying into it without justifying it. He doesn't "get" Xen so he assumes it's used in the same areas as KVM and that, therefore, crude performance comparisons are valid. I've not really read much of his stuff before, so it'd be inaccurate to say I've lost respect for the guy on reading that article, but it does sound like he's "not getting it" which reflects somewhat poorly on him. I know I made the right decision putting Xen on my firewall/gateway server, I can't imagine even considering virtualization for a network-accessable no-monitor/keyboard box sitting in my closet. I also know that I wouldn't want Xen on my desktop.

Saying "These both do virtualization therefore one is better than the other" is as silly as saying "Bluetooth and Wifi are both "doing wireless" therefore one is better than the other." The only way to make KVM usable in the area Xen excels is to refactor it so that Linux runs underneath it, not over it. This, of course, means it'll not be KVM, and it'll become a less than ideal application for desktop virtualization.

Likewise Xen can be refactored so it runs under Linux rather than vice-versa. Then it'll be hampered by Linux's limitations, and for the most part by GNU's too. There's no good reason to do this, there already are numerous desktop virtualization systems out there, why undermine the only viable server virtualization system in an effort to compete in an area that already has numerous alternatives?

If you want to compare KVM's performance, do it against its actual rivals like BOCHS and VMWare. If you want to compare Xen's... well, right now you have nothing to compare it to. You have to either say it's good enough for you, or it isn't, and if it isn't, buy multiple machines. If Drepper and others want to produce an alternative to Xen, they need to first understand what it is, why it's useful, and what it's used for. Clearly, if they're going to assume KVM is an alternative, they haven't bothered.