Virtualization.com

News and insights from the vibrant world of virtualization and cloud computing

0wning Xen?

by 1 Comment

InvisibleThings.org posted some more details on their Xen Owning Trilogy session at last weeks Black Hat conference in Las Vegas.

Joanna Rutkowska and her crew gave a series of 3 talks discussing different potential security issues with Xen. With the VirtSec awareness growing this obviously is an important topic .

When quickly skimming trough the presentations the big question that arise is , how relevant is this all for a day to day production environment. Given the fact that some exploits assume you already root before you can install a stealth backdoor and others rely on specific hardware features that might or might not be available in your setup things might be that critical yet.

All 3 talks can be found on the Invisiblethingslab.com site

Virtualization.com will have a closer look at the discussed issues and we’ll be back with more detail later.

VMWare Joins the Linux Foundation

by Leave a Comment

The Linux Foundation announced that VMware has become a Silver member of the Foundation,

According to their site , The Linux Foundation is a nonprofit consortium dedicated to fostering the growth of Linux. Founded in 2007, the LF sponsors the work of Linux creator Linus Torvalds and is supported by leading Linux and open source companies and developers from around the world. The Linux Foundation promotes, protects and standardizes Linux

VMware’s participation in the Linux community includes the contribution of the Virtual Machine Interface (VMI), a paravirtualization interface as an open specification, and subsequent collaboration with the Linux kernel community and others in the development of a source-level paravirtualization interface (paravirt-ops) for the Linux kernel

According to Jim Zemlin, executive director of The Linux Foundation. “Linux is a natural platform for virtualization and cloud computing. VMware is obviously a leader in that field and a leading ISV who has embraced the Linux platform,”

Over at the Open Road , Matt Assay responds with questions around the alleged GPL violations VMWare still has to resolve.

In VentureCake’s the VMWare House Of Cards there is a lengthy discussion is about whether vmkernel, a proprietary blob that can only be loaded by a Linux kernel, can be considered a derived work of Linux.

It’s not a new discussion but hopefully with VMWare joining the Linux Foundation it’s one that will end soon , with clarity, and License compliance. Ass Matt notes

VMware can’t hope to cozy up to Linux and its community without participating on the
principles of transparency and trust. At present, it has shown little of the former
and has yet to earn much of the latter

.

Oracle releases VM virtualization templates

by Leave a Comment

At LinuxWorldExpo this week in San Francisco, Oracle Announced that it It is releasing a series of preconfigured templates for deploying software on its server virtualization technology.

The templates, which are already available at Oracle.com include configurations for Oracle Database 11g, Oracle Enterprise Manager, Oracle Siebel CRM 8.0 and Oracle Enterprise Linux.

“All four of these products can be deployed as Oracle VM templates, thereby bypassing the installation process,” said Monica Kumar, senior director of Linux and open source product marketing.

The templates should save customers anywhere from a few days to a few weeks of effort, according to Wim Coekaerts, vice president of Linux engineering at Oracle.

This is a perfect start for testing and development environments and allows people to play around with virtual Oracle instances with little to no installation effort.

At his own blog Wim reports

We decided not to create blackboxes but create virtual machine images which have been pre-configured with recommended patches, recommended OS settings, then the Oracle product on top with the recommended patchset level and also other changes and fixes applied.

In an interview with Techtarget Wim Coekaerts also mentioned that Oracle plans on releasing VM templates for Oracle products on a monthly base.

Qumranet Announces Craig Bauman as Vice President of Sales and Channel Chief

by Leave a Comment

Qumranet, with its hosted desktop virtualization product, Solid ICE, announced that Craig Bauman has joined the company as the vice president of sales and channels. Bauman will be responsible for launching the Qumranet Partner Program and leading the sales organization through its recent grow th stage.

Buaman joins Qumranet from TriActive. Prior to joining TriActive, Bauman was an enterprise sales director at Microsoft responsible for sales of the Windows enterprise management products in the U.S. and Canada driving sales growth. Bauman was also a key stakeholder in driving Microsoft’s acquisitions of AssetMetrix and Softricity.

Additionally, he has held sales leadership roles at Altiris (now Symantec) assisting
in the successful IPO and helping to grow the company from $10 million to $200 million revenues, along with a 300 percent increase in partner-led sales.

“Since launching Solid ICE several months ago, and with interest in desktop virtuali
zation soaring, it’s vital to get the right people in place to take advantage of these opportunities,” said Rami Tamir, president and co-founder, Qumranet. “Craig has been a major contributor to the virtualization and systems management industry and we
are honored to have him join our team.”

Qumranet is also the maintainer of the open source virtualization project KVM (Kernel-based Virtual Machine)

First Workshop on I/O Virtualization (WIOV’08) Announced

by Leave a Comment

Usenix has just announced it’s first Workshop on I/O Virtualization

Scheduled to take place in San Diego on 10 and 11 december this year , the event wil
l be co-located with the Usenix Symposium on Operating Systems Design and Implementa
tion (OSDI’08)

The past decade the focus was mostly on processor and memory virtualization. I/O vi
rtualization has received less attention. This workshop will provide a forum to dis
cuss the challenges of I/O virtualization that span the virtual machine monitor, gue
st operating system, processor, memory subsystem, and I/O subsystem

The workshop also opened its Call for Papers

Virtualization Workloads, a comparative study in Open Source environments

by Leave a Comment

At the Ottawa Linux Symposium, Benoit de Lingeris and his team from Revolution Linux presented their paper “Virtualization of Linux Server, a comparative study“, mostly the work of Fernando L. Camargos in pursuit of his Masters degree in Computer Science.

They looked at VirtualBox, Xen, KVM, OpenVZ, LinuxVServer and KQemu in an 64bit mode for all tests where possible (hence not for VirtualBox). Their Host OS was Ubuntu 7.10 and the VM’s were Ubuntu 6.06.

It’s pretty obvious that virtualization creates a little overhead, the bigger question however is how much overhead? What’s the penalty when virtualizing an environment? They focused on several aspects, the first one was just trying to figure out what impact the addition of a hypervisor had on an environment.
The second one how many virtual machines one could run in a virtualized environment.

They ran their tests multiple times and the results presented where averages of these tests.

In the first set of tests, impact of the hypervisor compared to the real native machine, they started of with a Linux Kernel compilation workload.

Here Linux Vserver lost almost no performance closely followed by Xen and then OpenVZ. Compared to native machine speed Both VirtualBox and (K)Qemu scored below 50%.
Their second test was file compressions. Here most of the environments scored around 85-95% native speed except from KQemu and OpenVZ.

The Samba team brought us dbench, “dbench is a filesystem benchmark that generates load patterns similar to those of the commercial Netbench benchmark, but without requiring a lab of Windows load generators to run. It is now considered a de-facto standard for generating load on the Linux VFS.”
Here LinuxVserver outscales the rest , Linux VServer scores good here as they use directly the IO drivers of the system where as others don’t. Xen is second best in this test but the other frameworks really need some work done here.

If you want to do low level data copy on UNIX obviously dd is your favorite tool. For the same reasons as above Linux-Vserver scores good here. The strange thing however is that it scores better than Native speed. When copying an existing file Xen and KVM are a good second but OpenVZ seemed to need some work. Another interesting fact is that KQemu and VirtualBox failed the test. When copying data from /dev/zero KVM scores better.

During the test the block devices were backed by different technologies , for Vserver it was a native disk , for Xen a file. Off course this doesn’t give equally good results. Different options for tuning are available here. Still a good advise, do not virtualize your fileserver.

When looking at network IO performance the team opted to use netperf for the test. VirtualBox, Linux-Vserver, Xen and OpenVZ all score good here. The performance of KQemu and KVM were a disaster.
When testing an Rsync with different filesizes OpenVZ scored best and most of the other tools performed around 80% native machine speed , except for KVM that seemed to have more problems with 1 big file than with different small ones. The good scores of VirtualBox are because of their modified IP stack and their efforts there obviously were worth the time…

So they covered, compiling, disk IO, network IO, obviously we want to know a bit about Database performance too. Revolution Linux chose Sysbench for this test. Again good scores for Linux-Vserver and xen , less for the rest

With strange Looks from the OpenVZ people in the audience they concluded that Linux-Vserver has excellent performance and has presented minimal overhead , off course Linux-VServer and OpenVZ are still chroots on steroids, not full virtualization solution. According to Revolution Linux Xen achieved great performance in most of the tests. KVM was fairly good for full virtualization but didn’t perform well for applications relying on I/0

As mentioned earlier apart from the overhead tests Revolution Linux also set to test the scalability , Only 2 tests here kernel compilation and Sysbench performed with n ( n = 1 , 2, 4,8 ,16 and 32) instances .

If they looked at the Number of Transactions globally per host , so spread over the different Virtual Machines) Xen is the best perform it actually reached a higher total throughout with 32 virtual machines than wit 1 vm, peaking at 4-8 VM’s.

With their new benchmark Kernels Compiled per hour , they only have results for Vserver and Xen. With 1 VM both VServer build around 10-11 Kernels per hour , and as of 2/4 VM’s they go up to 20. Xen keeps pace up to 16 VM’s and then slows down.

So obviously there is a very strong correlation between the performance of a machine and the number of instances in that machine.
Also here Linux-Vserver scores better than average with Xen as a good alternative for bare metal Virtualization.

Their conclusions: It has to be said that Revolution Linux is a Linux-VServer shop , and that’s where their preference goes. If they have to be able to run different kernels they seem to prefer Xen.

Generally speaking it seems lots of optimization could be done for different setups. often other than the default setups could help a technology gain a significant boost in performance.

Different network setups ,using specific network stacks ,
or different disk backends (real disk vs file based backends) a lot can change with tuning and installation by experience people.
The tests also have been performed about 6 months ago .. which means that today the results might probably be a lot different.