Slashdot Mirror
Linux 3.0 Will Have Full Xen Support
GPLHost-Thomas writes "The very last components that were needed to run Xen as a dom0 have finally reached kernel.org. The Xen block backend was one major feature missing from 2.6.39 dom0 support, and it's now included. Posts on the Xen blog, at Oracle and at Citrix celebrate this achievement."
... what??
Finally I get to run a newer kernel on EC2! I have been looking forward to this for months.
Spenny always gets it in the shorts.
Sleep your way to a whiter smile...date a dentist!
Not now.
Oh, I meant to write it is NOW included, sorry for the typo, maybe someone can change it???
Correct, it's a typo, sorry. It is NOW included.
Yo, Mike, you want us to unpimp this thing, lemme hear you say, "Vat?"
An editor could probably fix that, but since all we have is hashish-addled dupemonkeys, it's stuck that way.
... is 16 cores and 32 GB of RAM, and I can recompile the Kernel on Linux, encode an H.264 video on OS X, serve files via Apache HTTPD from OpenBSD, and watch streaming porn videos on Windows all simultaneously on the same machine!
Xen Dom0 support has been supported in released versions of NetBSD and Solaris for something like 4 years, while the VMWare lobby on the LKML was requiring the entire paravirtualisation subsystem to be rewritten before they'd accept patches, and Red Hat decided to push KVM as a Xen replacement, in spite of them having very different capabilities.
I am TheRaven on Soylent News
Care to comment on how successful Linux has been on handsets compared to its Windows equivalent? Or how about servers. Big servers. Like, oh I dunno, maybe you've heard of Google? m$ sure have - they just shell out all their searches to it.
No normal user would ever read /.
Dear FreeBSD,
When will you ever have a Xen dom0 support?
Thanks,
Charlie Root
FreeBSD Fanboi
Nice try, except dom0 (Domain zero) is Xen terminology, not something linux specific.
Products such as this aren't going to be used by mainstream mom&pop users, Xen will likely not be available in boxed set at your local computerstore or gameshop. The people using this will likely always come from an IT related background.
And as for windows:
- If you run Xen with Windows, the same terminology applies (except it would be run as dom1+ since Windows doesnt support dom0 to my knowledge)
- If you open up a MCSE manual for windows you'll find a hundred other things that sound just as complicated to a layman as dom0
Just what the hell is the difference between a bare iron hypervisor and KVM? Aren't they pretty much the same? Where are the patent lawsuits?
The Admin and the Engineer
To dedicate resources to producing a good cluster LVM lock manager that does not depend on CORAID?
Something like SGI's CXVM would be great!!!
.. thought for a moment the titles says Linux 3 will have full XMen support!
Well, the issue is that I couldn't see the submit buttons at the bottom when doing my submission. They were display too much at the bottom of the screen, and I could see only the few top pixels of them. I wanted to click on "Continue editing", but unlucky for me, it was posted without giving me a chance to rectify. So I don't think it's really my fault here... Maybe someone at /. wants to test the submission display so that it's better on Firef ^W Iceweasel 4.0.1 (my own backport running on Squeeze)...
Xen has features that KVM doesn't have (by design). For example Xen "stubdomains" and "driver domains", full memory address space separation between domains, etc.. and of course it's good to have multiple opensource virtualization platforms, competition is a good thing!
Comment removed based on user account deletion
virtualisation is complicated, maybe the article should have just said "Linux now has built in stuff to make it so you can run more than OS!", actually that's probably too complicated for most, how about "Another type of computer you don't use has built in support for running more computers inside it! it's like OSX and windows only it's another one!".
This is a joke. I am joking. Joke joke joke.
This why Xen PDF might explain it well. Under Xen, guests are running inside the host operating system. In Xen, the hypervisor starts a special Linux kernel (the dom0) that will only take care of drivers for the guests. The design is really different, and has different features. For example, in Xen, you can have your dom0 to run on 2 cores, leaving the rest for the guests (I'm not sure that is possible in KVM), and if you want to avoid any possible CPU starvation, you can even have the guests to not use the cores that the dom0 is using. The CPU scheduler is also very different (and there's not only one available...).
thanks, but it still sounds to me like the difference between, say, Linux and BSD and SysV... yeah, different... but, oh so similar (basically they're all kernel+user land). So sounds like Xen is a little more sophisticated. But besides that, besides features, at their core, what really is all that different between KVM and bare iron hypervisors?
The Admin and the Engineer
The very first sentence to me sums up why Linux is not successful on the desktop relative to Windows for OSx.
Sorry, but I find this a ridiculous point. I expect from Slashdot some degree of technical level. If Slashdot summaries had to explain everything understandable to "normal desktop users", I would had to find another place to read. Xen is not music player, and requires some knowledge. To me is a product addressed to technical people.
I'm not sure if you are trolling on purpose, or if you don't understand what this news is all about. But I'll bite.
You see, linux runs on almost any kind of hardware: from embedded systems on toasters to phones, desktop computers, laptops, to big servers. Even most supercomputers to date are running Linux. There is a _lot_ of different users that would use Linux in many different ways.
Xen is a technology that virtualizes machines, mainly intended for the data center and cloud computing environments.
This is NOT intended for users in any way. Your mom does NOT have to know that Xen even exists, just like windows users don't need to know what IIS or Apache is in order to browse the web.
Would you also say that windows and OSX is "is way too complicated for people" because you read slashdot news about some geeky kernel details about windows/OSX ?
Surely "no user should need to know, or care about this sort of thing.".
They don't. So do you about Xen. I'm not sure why someone like you is reading and posting on /., because this is usually "news for nerds", as the site indicates. :)
As many slashdotters would say about your reasoning behind your post: "You are doing it wrong." ;)
Actually the design is pretty different. Take a look at these slides: http://www.slideshare.net/xen_com_mgr/why-xen-slides . That should explain the differences. Xen is also multi-OS, ie. you can use also BSD/Solaris in addition to Linux as a Xen host, while KVM is Linux-only as host.
Remember Xen hypervisor is opensource (GPL), just like Linux kernel, so all the Oracle and Citrix code in the hypervisor and in the kernel is opensource. Citrix uses XenServer as a platform to run their other products, and obviously Xen is the best platform to run those Citrix "windows products". Novell ships Xen in Suse Linux Enterprise (SLES) 10 and 11. Debian ships Xen in their current version. I heard Ubuntu is going to add Xen back now when the kernel components are included in upstream Linux. Fedora ships Xen aswell. Not to mention majority of the cloud (Amazon EC2, Rackspace, etc) are running Xen.
Thanks again. From your link:: "KVM has a very different model - Linux kernel as hypervisor"
Aha! KVM is a hypervisor too? Xen has no kernel? Again... besides the features... the function appears the same to me. Take KVM, remove the drivers, make it tiny, minimalistic... and besides features, the model appears the same to me. Xen is more advanced, more features... but basically, they're both bare iron hypervisors, right?
The Admin and the Engineer
I Thougth i had a IT background. I Do run virtualisation product on my desktop for development purposes. I Did this even long before this was useful (For just the cool factor of running 2 OS'es at the same time).
But after 2 minutes of reading it still is not clear what Dom0 is, and what the consequences are. In fact the "domain" is not explained.
You might say that I am not expert enough, but the whole problem is that Xen might not be simple enough, failing the KISS principble.
Xen is a secure baremetal hypervisor (xen.gz), around 2 MB in size, and it's the first thing that boots on your computer from GRUB. After Xen hypervisor has started it boots the "management console" VM, called "Xen dom0", which is most often Linux, but it could also be BSD or Solaris. Upstream Linux kernel v3.0 can run as Xen dom0 without additional patches. Xen dom0 has some special privileges, like direct access to hardware, so you can run device drivers in dom0 (=use native Linux kernel device drivers for disk/net etc), and dom0 then provides virtual networks and virtual disks for other VMs through Xen hypervisor. Xen also has the concept of "driver domains", where you can dedicate a piece of hardware to some VM (with Xen PCI passthru), and run the driver for the hardware in the VM, instead of dom0, adding further separation and security to the system. Xen "Driver domain" VMs can provide virtual network and virtual disk backends for other VMs. KVM on the other hand is a loadable module for Linux kernel, which turns Linux kernel into a hypervisor. The difference is that in KVM all the processes (sshd, apache, etc) running on the host Linux and the VMs share the same memory address space. So KVM has less separation between the host and the VMs, by design. VMs in KVM are processes on the host Linux, not "true" separated VMs.
As far as Linux is concerned, a KVM virtual machine is just another process. So your whole infrastructure-critical server VMs are treated exactly the same as the random daemons that get started up as a matter of course but never used. Worse yet, the same scheduling algortihms are used -- although the VMs have to handle interrupts, while processes don't.
In Xen, there's a scheduler dedicated to scheduling VMs, and the algorithm is tweaked specifcially to deal with VMs.
TCP: Why the Internet is full of SYN.
German engineering the house, ya?
==================
Hippie Logger Jock
==================
... as most users don't use vanilla upstream kernels. And, most distributors / distros have a supported release which provides Xen Dom0 support (including Red Hat).
It's partly historical and partly because Xen is structured differently to lots of other virtualisation systems.
"Domain" is to "virtual machine" as "process" is to "program". i.e. it's a running instance of a virtual machine. If you kill a VM and restart it, it's the same VM but a different domain. In practice VM and domain are blurred a bit when people talk, though.
Domain 0 is a bit like the host OS, but for technical reasons it's not exactly.
So what exactly makes this so special? It's a step for one of the many virtualization solutions in the market these days.
I for one wouldn't trust Oracle with any part of my infrastructure if I can help it. Citrix to me still is a company that makes an expensive Xclient for MicroSoft products and a niche product they bought, Xen, with no apparent synergy with their windows products, and who else really cares?
Bingo!
Andy Warhol got it right / Everybody gets the limelight
Andy Warhol got it wrong / Fifteen minutes is too long.
MagicWB comes to Linux - I've been waiting for this since I sold my Amiga 1200!
There doesn't have to be a battle -- there's room in the OSS world for two technologies. Xen and KVM are different technologies. For most desktop users, KVM is probably the best option; but on big servers, linux running KVM has to mix scheduling between VMs and processes. Since Xen runs VMs exclusively, it can focus only on algorithms that work well for VMs.
TCP: Why the Internet is full of SYN.
Wish I read your explanation of Xen a few years ago. In those few sentences you explained more than in a whole 200 pages book about Xen.
IME (and I freely accept I may be utterly wrong...), all that means is the building blocks are in place to do it.
The F/OSS software for managing virtualisation is still pretty dire - if I'm being honest, it feels like someone read a VMWare feature list and decided to copy it without first ensuring they understood what all the features actually were. So they bang on about how having "feature equivalence" yet close investigation suggests that it's not as simple as that.
YHBT. YHL. HAND.
http://www.informationweek.com/news/190500358
You might say that I am not expert enough, but the whole problem is that Xen might not be simple enough, failing the KISS principble.
The KISS principle applies to the implementation... NOT to your ability to understand it
Thanks for your patience! Explanation appreciated.
The Admin and the Engineer
Not sure which Xen book you read, but the grandparent makes a lot of errors and I'd be surprised if a book was that inaccurate. Mine is slightly out of date, but at least was accurate at the time of printing (technical review was done by the original Xen developer).
Let's start at the end. KVM VMs and userspace Linux applications do not share the same address space. This isn't even true if you remove KVM - userspace processes have isolated address spaces. KVM requires the CPU have virtualisation extensions, which means (among other things) nested page tables. This means that there is hardware-enforced separation between the pages. The guest OS sees page tables that map from virtual to pseudophysical address space, but thinks that they map from virtual to physical. The host (Linux) sets the mapping from these pseudophysical pages to real memory pages and the CPU enforces this mapping. Xen uses exactly the same mechanism in HVM mode (it uses some other tricks in paravirtual mode).
The driver domains are correct, but it's worth noting that Xen will use VT-d or equivalent to protect against malicious use. Linux can't give a userspace program direct access to the disk controller, because if it did then a rogue DMA command could compromise the kernel. Xen will use the IOMMU to ensure that each peripheral may only issue DMAs to memory owned by the driver domain. The Solaris VM that you have accessing your block device and exporting virtual disks from ZVOLs, for example, can trample its own address space with rogue DMAs, but it can't touch any memory in other VMs.
This means that Xen (in theory) has a smaller attack profile than KVM. Xen is basically a microkernel, and it enforces low privilege on the services (OS instances) that provide drivers and the management console. With KVM, the entire kernel runs in privileged mode. It's fairly common these days for the management console domain to have either no network access, or highly-restricted access, and be separated from the driver domains. If there is a flaw in the network stack in Linux and an attacker compromises it, then with KVM they now have access to all of your VMs. With Xen, they control that driver domain, and they can inject packets into the other VMs, but they are no more able to compromise them than they would be if they controlled the router one hop away.
KVM recently gained support or live migration (this has been stable in Xen for a long time - they were doing demos of live-migrating a Quake 2 server with clients connected since the early 2000s), but it doesn't have any of the high-availability stuff that Xen 4 includes. This allows you to do things like run two instances of the same VM on different machines and transparently fail-over when one dies.
I am TheRaven on Soylent News
The question I have is: Can I run Xen with my Linux dom0 and have Windows on dom1 with full GPU support and easily swap between the two so I can run my basic Linux desktop on one hand and have Windows load up and run a game in another. So far no VM solution has real capability to use full video acceleration on "guest" operating systems.
Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
A lot of the Xen developers use KVM. You can run Xen and PV kernels inside KVM, which (apparently) is great for debugging. They're very different tools though. The problem is companies like Red Hat that spread a lot of FUD about Xen and tell everyone to use KVM instead, which makes about as much sense as telling them to use bash instead of vim.
I am TheRaven on Soylent News
I'd like to see the "normal user" puzzle over this:
http://www.nirsoft.net/articles/windows_7_kernel_architecture_changes.html
Uh huh. That's right. Designing an OS can get a bit.... complicated.
I am very small, utmostly microscopic.
Just when Linus finally started convincing people that Linux 3.0 would be a "normal time based release" with "no major changes" they whip this milestone feature out from under the rug.
Xen out of the box? Linux 3.0.
Life is Reality
You could have full GPU support in Windows, using the PCI passthrough system (if your hardware is VT-d capable). But, to my knowledge, swapping between a Linux desktop using the GPU and windows using the GPU as well isn't possible. However, you can run in full screen both windows and linux, if you use the SDL driver.
For all this, it might be more easy to use Virtualbox though. Virtualbox is more adapted to the desktop environment, and when you have a Direct-X / OpenGL call in windows, it is translated into an Open-GL in your Linux (I'm not sure if it would also do that if you were running Windows as host, you'd have to check by yourself if you are interested in doing so). For that reason, Virtualbox is damned fast when it comes to read films, or play games, in a virtualized Windows. It doesn't work perfectly with all video boards though, as much as I could see.
The part that you are missing is that at the hart of Citrix desktop virtualization (they call it VDI), there's Xen running. That's the reason why they bought Xen, and why they are pushing its development. So yes, there's a synergy, and it's also for their Windows stuff...
Here's why Citrix bought XenSource.
There's been a developing market for desktop virtualization (VDI) -- meaning not "running a VM inside my desktop", but for corporations to run "desktops" as VMs inside of servers and export them to think clients on people's desks.
Citrix has a ton of capabilities in this area. They have decades of experience with handling remote display technologies, dealing with users, dealing with disk images, and so on. So they were in a perfect position to capitalize on this new trend with their existing technology and expertise.
However, to really run desktop software, you need enterprise-grade virtual machine software. Citrix didn't have any. They could recommend people run Hyper-V, but it's a new technology and by most measures not really as good as other solutions. They could recommend that people buy VMWare. However, VMWare have their own VDI solution. If you were an IT exec, deciding what to deploy for your VDI solution, would you run Citrix's VDI controller on VMWare's hypervisor, or would you just run VMWare's VDI controller on VMWare's hypervisor? Odds are that you'd favor buying from one vendor; it's likely that the software will work better together, and in any case you'll never end up in a situation where Citrix says it's VMWare's problem and VMWare says it's Citrix's problem, and you're stuck in the middle.
Not having their own virtualization solution would be a big limiting factor for Citrix's success in the desktop market. So, they bought XenSource. Now they can offer XenDesktop and XenServer together, offering a complete stack of software from top to bottom. That's the synergy they were looking for.
But of course, that buying that stack as a whole only makes sense if XenServer is actually enterprise-grade virtualization -- so they're still keen for XenServer to be a viable product in its own right.
TCP: Why the Internet is full of SYN.
I'm not following. Are you are suggesting throwing out all NAT firewalls and connecting everything to the net to reduce the "attack surface" area? I don't know how that will work out for you, but I'm certain you will quickly "understand the threat" on your network. Sure hypothetical bugs might exist that allow this, but hypothetical bugs in quantum computing might allow it to become sentient and take over the stock exchange plunging us into the dark ages as our entire financial system crumbles. I'll take my chances.
Get a web developer
Is that a problem? I'm more interested in reading a site where people do know this stuff. The people who don't know or don't care have plenty of other places to go.
"Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS
In either case, NAT offers *some* protection but may not be viable in some IPv6 and other situations. My recommendation would be to use an appliance to both make stateful examinations of conversations in the firewall sense, use /etc/hosts instead of DNS, examine key vulnerable drivers for MD5, and use other methods to vet basic VMs that are used to clone for production activities. Among other steps.
In other words, from a security profile, KVM and Xen and other methods like LXC each have their own implications. You need to understand them so as to plan for vulnerability containment.
---- Teach Peace. It's Cheaper Than War.
Wish I had mod points.. this and your previous two post on the topic are gold.
My understanding of Xen was that it was a hypervisor, had a dom0 guest VM for administering the hypervisor, and dom0s for less privileged guest VMs.
Is this about running Xen inside Xen, or am I way off target?
tasks(723) drafts(105) languages(484) examples(29106)
Not that I have the ability to really even do anything with it but I thought that 2.4 and 2.6 were it, maybe a 2.8, but after that it was all just going to be daily, stable, and branch co.
3.0? Have they sold out to marketing?
the NPG electrode was replaced with carbon blac
Not a problem at all, in fact, as you say, it's the opposite; people know the stuff. My comment was merely directed to the previous poster.
yeah, everything but vmware is hard to set up, if you're going to sell VMs getting xen running is probably worthwhile tho. good news is vmware has an open source offering you can install straight out of your package manager (probably). i've actually spent a couple of weekends messing with virtualisation, that last post was me just being sarcastic at the troll.
This is a joke. I am joking. Joke joke joke.
But will it run Linux?
How about if they fix basic features like the ability to shutdown properly?
https://bugzilla.kernel.org/show_bug.cgi?id=33872
I fail to see how an unmoderated comment can be overrated. Maybe I have no sense of humor?
"The body may heal, but the mind is not always so resilient." -- Deus Ex: Human Revolution