Virtualization.com

News and insights from the vibrant world of virtualization and cloud computing

virtualization

Another Study Predicts Huge and Rapid Virtualization Market Growth

by Leave a Comment

Application Delivery Networking provider F5 Networks today released the results of another survey that shows the storage virtualization market is set to grow rapidly. The online study reveals the percentage of U.S. enterprises that use storage virtualization solutions will more than double from 21 % to 47 % in the next few years.

F5 Networks

The survey of 324 medium- and large-enterprise IT organizations in the U.S. and Europe was conducted in February and found that a primary driver for enterprise interest in storage virtualization is reduction in operating expense and capital investment. Underscoring their interest in reducing costs, respondents indicated that 20 % of IT labor is spent on storage-related activities such as provisioning, backup, and moving data.

We continue to see enterprise storage requirements grow at a remarkable rate, particularly for file-based, unstructured data, said Steve Bishop, CTO at VeriStor Systems. As a solutions provider specializing in advanced data storage and virtualization architectures, VeriStor is constantly seeking ways to help our customers reduce storage costs, improve resource utilization, and simplify storage administration. Technologies such as F5s Intelligent File Virtualization are key to enabling those types of solutions.

Other findings from the survey included:

  • Respondents stressed the need for storage virtualization solutions to work with a heterogeneous storage infrastructure. Sixty-three percent of U.S. companies rated this as important or very important.
  • Respondents showed a strong interest in solutions that address file-based storage — with 80 percent of respondents who are planning to deploy storage virtualization confirming this as part of their plan.
  • Existing storage virtualization users reported high success rates. Eighty-six percent of all U.S. companies reported achieving at least one or more of their original goals.

For additional survey information and results, please download the PDF from the following location: www.f5.com/pdf/news/20080404-state-of-storage-virtualization.pdf.

[Source: press release]

Montego Networks Debuts HyperVSecurity Alliance

by Leave a Comment

Montego Networks, which officially launched two weeks ago, has made an announcement at the RSA Conference 2008 about its HyperVSecurity Alliance, an initiative allowing third-party vendors to integrate their products with Montego’s HyperVSecurity technology platform.

Montego Networks logo

The Montego HyperVSecurity vendor-agnostic framework facilitates an interoperable virtual security architecture enabling VM-to-VM visibility, inspection and security, and delivers valuable solutions with minimal network configuration, reliability and performance headaches. For virtualization customers, the HyperVSecurity Alliance provides a flexible, integrated toolkit they can confidently deploy to address needs for virtual security, application performance and investment protection. Through its Alliance, Montego Networks is well positioned to build productive partnerships with vendors of best-of-breed IDS/IPS, patch management, behavioral analysis, anti-malware, network monitoring, and other applications.

The HyperVSecurity Alliance lets its partners rapidly leverage advantages of the Montego platform including fast access to virtual market applications, co-branded lead-generation channel presence & sales. Concurrently, it gives virtualization channel partners a ready-made portfolio of certified products, customer-ready solutions and cross-sell revenue opportunities.

The Charter Members of the HyperVSecurity Alliance include these networking and security solutions providers:

  • Cyberoam: Unified Threat Management Plus (UTM+)
  • Lancope: StealthWatch™ for NetFlow and sFlow-based Anomaly Detection and Network Performance Monitoring
  • Plixer International: Scrutinizer™ NetFlow Analyzer
  • StillSecure: Commercial and open source secure network infrastructure solutions including NAC, IDS/IPS, vulnerability management and a unified networking/security platform

The Montego HyperSwitch approaches virtualized network security from a new direction that integrates network policy enforcement and access control with a high-availability virtual security switch. This unique approach allows the Montego HyperSwitch to efficiently deliver advanced capabilities including policy-based virtual network partitioning, L2-L4 Firewall, Identity Firewall, Content Firewall, Virtual Network Discovery, Secure Inter-VM communication, 802.1Q VLANs, 802.1D Spanning Tree, Load-balanced Quality of Service (QoS), Policy-Based Switching, Policy-Based Traffic Mirroring, NetFlow, and more. The HyperSwitch also includes Montego Firewall Control Protocol (MFCP) which enables 3rd party security vendors to leverage API calls that allow for remote configuration of its security policies.

The Present And Future of Xen

by Leave a Comment

Over the past few months, a number of people have been vouching the idea that Xen’s development and adoption is slowing down because of the Citrix’ acquisition.

Paula over at ZDNet appears to have misunderstood what XenSource/Citrix explained her.

Citrix might have jumped some marketing hoops by first claiming to be an application delivery company, then trying to position itself next to VMWare as a virtualization company, and subsequently buying XenSource in order to reclaim its application delivery role while trying to benefit from the Xen brand.

But rest assured: they are still heavily backing Xen.

Paula proclaims:

“Open source backers will likely take another look at Xen and re-consider other open source firms embracing virtualization”

Well … it’s true different open source integrators were confused when XenSource decided to take their XenEnterprise 4.0 management GUI Windows-only, leaving the Linux Desktop users in the cold. Yes, some customers were lost, but the open source guys were never interested in a GUI that limited the functionality of an open and free product they were used to work with anyway, and neither were the kernel code contributors. So the question is if they were looking at XenSource in the first place.

At FOSDEM, we asked Ian Pratt how he feels about the evolution of the Xen open source community after the Citrix acquisition and if he thought the contributions from the community were slowing down. An excerpt from our interview:

“We certainly haven’t seen that , if you think about the life of the Xen project, there have been a number of significant changes. When we left the University to set up XenSource people were worried we might go of and take Xen in closed source or something, but we didn’t. It’s the same group of guys, basically myself, Keir Frasier, Steve Hand working on the project, and now many more of course. The Citrix acquisition of XenSource was obviously something we had to explain to people. I think the community has seen that nothing has changed . One of the things that we did do was just to provide greater transparency, set up Xen.org , the Xen advisory board and the Xen.org website. The advisory board has members from companies like Intel, AMD, HP, IBM, … big companies that are now contributing to Xen and have oversight from the advisory board, so I think the community is pretty happy and it’s going from strength to strength.”

In a video interview with Tarry Singh at VMworld Europe 2008, Simon Crosby stated:

“You have to understand that Xen is the foundation of the faith, we (Citrix) are first and foremost committed to this community and to that method of development for the server tools and Hypervisor. So one of the community questions was that Citrix was not known for open source and what was gonna happen with Xen.

It turned out, otherwise we would never have agreed to go, that Citrix has thrown a huge amount of money towards the open source community. We’ve setup Xen.org – we’ve always wanted to do that, as a start-up we could never get there.

Xen.org is run by a charter committee of the major contributors and it has its own program management and it’s independent of us (Citrix) and that’s exactly the way we wanted it. Ian still leads the project, we still probably contribute about 60% of the code, but also all of these major partners deliver to us.

So the community is going from strength to strength, which is terrific.

We had 2 or 3 developer summits each year, at the one we had at the end of last year in Santa Clara we had more than 200 people attend.”

When comparing Xen.org to Eclipse.org, Simon replied:

“The difference is that Eclipse is an independent legal entity. With the Xen community, we discussed whether or not to do that and the cost of it and we decided that we would not do that, so we set up a steering committee which oversees several key components of Xen. First of all, the road map that advises the project on where to go, it sets the policy by which the Xen trademark is used and then that is all administered for the benefit of the community with the explicit admission by the advisory board by Citrix

It leaves us without the cost and the legal infrastructures of setting independent .org but with all principle and all the guiding.”

RedHat

The Last Xen Summit was a 200-person conference, mainly Xen developers, with people from Sun, HP, Novell, RedHat, Virtual Iron, Oracle, Intel, AMD, Samsung, Solarflare, Google and of course Xensource/Citrix It’s too bad Ohloh doesn’t support Mercurial (the Xen.org source managemt system) or we could have had real statistics on the Xen contributions but it’s fairly obvious most of the big players are contributing.

Which linux distro didn’t adopt Xen as a virtualization technology ? Xen Adoption in which distro ? True they are supporting other open source technologies apart from Xen and they are working on creating a uniform way to manage different virtualization techniques, but no matter how you look at it.. they all adopted Xen.

So let’s have a look at the companies that are adopting Xen in their products, starting with Citrix.

When XenEnterprise initially launched, Peter Levine told the world that their target audience was to provide easy-to-install (in less than 10 minutes as he could do himself) bare-metal virtualization for the Windows market. They were not planning a RedHat / MySQL style Xen distribution in free and commercial versions with support and updates, they went straight for a target audience that was used to buy proprietary software from a vendor, the Windows users.

Apart from Citrix, which is planning to launch their XenEnterprise 4.1 release in the next couple of months, amongst the first adopters were RedHat and Novell.

Novell

When Novell claimed first adoption , RedHat was saying Xen wasn’t stable enough yet. But today, Xen is a core part of both major Linux Distributors offerings. (and with them lots of other Linux distributions) The race however continues when RedHat and Novell started fighting over which version was about to offer better Window guest support 🙂

Amazon was also a really fast adopter. When Jeff Barr announced the Elastic Compute Cloud Beta, he told the world that they had built EC2 using Xen. In essance, Elastic Compute Cloud, or EC2, allows users to deploy server instances on-demand. Amazon isn’t selling Xen as a product, they are using Xen to provide the world with one of their most used services. Different startups and SMBs are using EC2 as their home on the web.

And let’s have a look at the people selling Xen implementations.

Virtual Iron came from a dubious non-Xen background and is now positioning its platform as an Enterprise-level platform for server virtualization and virtual infrastructure management. Their product consists of a Java-based Virtualization Manager that is used to manage the virtualization services that are deployed on bare-metal servers.

Back in 2007, Simon Crosby wrote:

“The Virtual Iron Hypervisor is not the Xen Hypervisor – it’s a proprietary product (some of which is open-sourced because they use bits & pieces of Xen code). Virtual Iron has not yet made any significant contributions back to the Xen community. Presumably they believe this gives them an edge in the market. Maybe it does. But if that’s the case, I don’t understand why they don’t just stand up and say so, rather than trying to jump on the Xen brand-wagon.”

Simon invited them multiple times to join the Xen community and it seems they accepted the invitation as the Virtual Iron people were even presenting on the last Xen summit. According to Wikipedia, today – as so many others – their platform is based on the Xen Hypervisor. The exact answer is probably somewhere in the source code.

Oracle

When in November 2007, Oracle first launched their OracleVM there was a lot of fuzz because Oracle claimed both features other people didn’t have as well as better performance. Back then I blogged:

“First, seemingly Larry is claiming that his Xen package is better than others since he supports Live Migration and all the others don’t. I don’t know where he gets that idea.. I have to admit I don’t remember which year it was, but it was somewhere in December when I first started with Live Migration of Xen machines and it was also on a CentOS platform. No fancy GUI, no hardcover manuals that had it all documented. But fast and seamlessly working live migration, ready for everybody to use. Second, he is claiming that Xen was re-engineered by Oracle to be faster than the competition. The way you read it there is that Oracle took Xen, modified it then started redistributing it. Is that really what happened ? Are they redistributing the source, or are they violating the GPL ? Because if they are redistributing the source, everybody just got a faster Xen.”

Earlier, Charles Philips from Oracle had been telling GCN that cite “We’re big proponents of Linux and standard technologies, so we’re going to put the time toward Xen,” Phillips said. “Our strategy will be around Xen.” which didn’t surprise anybody as Oracle had been pushing before to get a single virtualization supportive interface into the Linux kernel.

The openSolaris people started out with building a DomU for Xen, at first, but what they really wanted was to run openSolaris for both their Dom0 and DomU. Today Sun is supporting the sun seemed to be working on Xen for Sparc but it seems they abandoned that effort.

Obviously Sun has is Solaris Zones technology but as running different isolated environments on one kernel is totally different from running different kernels Zones and xVM are obviously complementary technologies.

Toon Vanagt asked Ian Pratt :

“When I look at the Xen GPL License, I found it interesting that Xen is being renamed as xVM by Sun, OracleVM by Oracle. Oracle first announced OracleVM and then had to admit it was actually a tweaked Xen version. But they didn’t publish the tweaked code, did they?”

Ian’s reply:

“Oh no, they have. I mean, the fact is that there are lots of different vendors shipping Xen products that also they ship the Xen engine, pick up the Hypervisor the core engine and incorporate it into their own products. Obviously, the Linux vendors Novell and Redhat, there is Sun, there is obviously Xensource / Citrix , Virtual Iron, etc. Lots of different companies are doing that. Actually the GPL license means that any changes they make will go back into the main project. In reality, pretty much all those companies just pick it up as is. Take the latest stable release, which is maintained, they might add the odd little patch to it, but it really is all very clear, there is all uniformity in the Xen versions that are out there.”

“Most of those companies are very close to mainline Xen. They post a couple of patches in some cases, but not always. What they’ll be doing is taking Xen and it’s really on top of Xen , in the rest of their Virtualization stack that runs in user space, that’s where they’ll be probably doing their own of things, they’ll have their own management tools, they’ll have their own way of wanting to present virtualization to the user, so if you think about what the operating system vendors are typically doing is they want to expose virtualization using the same tools and user interfaces etc. they use for exposing other facilities in that operating system. Which if you think about it, is quite different from what companies like say Xensource is trying to do , which is to try and effectively build a virtual machine hosting appliance. You know, you just put the CD in the server, install it and just manage it from let’s say a windows GUI or a webinterface . So every company is bringing Xen to market in a different way for a different kind of user . And that is where the differentiation happens, but the core engine is the same throughout.”

So which Xen should you choose? One of the main decision points when choosing a Xen vendor is probably whether you want to virtualize Linux, Windows, or a mix. The different vendors have different relationships with Microsoft and will therefore be able to provide different levels of support and integration with their products. But one thing is certain: you have a lot more choice when going for a Xen alternative, than the other way around.

Building and maintaining a community is and will remain a difficult thing. Sun is learning that and Citrix / Xen.org will also have to learn that. Six months from now, the story might be totally different. But today Xen.org is growing stronger every day with corporate contributions from all over the planet.

The Gap Between Hardware and Software

by 1 Comment

Interesting read over at EE Times Asia, titled “IC industry addresses multicore, programming software gap“.

An excerpt:

“The semiconductor industry is starting to address what’s being called a software gap between a rising tide of multicore processors and a lack of parallel programming tools and techniques to make use of them.

The gap came into stark focus in the embedded world at the Multicore Expo, where chipmakers Freescale Semiconductor, Intel Corp., MIPS and a handful of silicon startups sketched out directions for their multicore products. Others warned that the industry has its work cut out for it delivering the software that will harness the next-generation chips.”

“There is a major gap between the hardware and the software,” said Eric Heikkila, director of embedded hardware research at Venture Development Corp. (VDC).

About 55 % of embedded system developers surveyed by VDC said they are using or will use multicore processors in the next 12 months. That fact is fueling the company’s projections that the market for embedded multicore processors will grow from about $372 million in 2007 to $2.47 billion in 2011.

In the PC market, the figures are even more dramatic. About 40 % of all processors Intel shipped in 2007 used multiple cores, but that will rise to 95 % in 2011, said Doug Davis, general manager of Intel’s embedded group.

But on the software side, vendors reported that only about 6 % of their tools were ready for parallel chips in 2007, a figure that will only rise to 40 % in 2011, VDC said. As much as 85 % of all embedded programming is now done in C or C++, languages that are “difficult to optimize for multicore,” said Heikkila.

Standardization

The Multicore Association announced at the Multicore Expo it has completed work on an applications programming interface for communications between cores, and is now working to define a standard for embedded virtualization.

“The ultimate goal of every computer scientist is to create a new language, but my personal view is we should not do it this time around,” said Wen-mei Hwu, a veteran researcher in parallel programming and professor of engineering at the University of Illinois at Urbana-Champaign, referring to a flowering of languages developed for big parallel computers two decades ago, many of which never gained traction. I believe there will be new language constructs in C/C++ to support some of the new frameworks people will develop, but even these constructs, if we are not careful, will not be widely adopted,” Hwu said. “Ultimately, I think we will make a small amount of extensions to C, but I think it’s too early.”

On-chip fabric

For their part, Freescale and Intel sketched out design trends they see on the horizon for their multicore chips.

“Freescale is now sampling the first dual-core versions of its PowerQuicc processors, aimed at telecom OEMs. The chips are part of a family that will eventually scale to 32-core devices”, said Dan Cronin, VP of R&D for Freescale’s networking division.

The processors will use a new on-chip interconnect fabric. They will also embed in hardware a hypervisor, a kind of low-level scheduling unit, co-developed with IBM according to specs set in the Power.org group. “Freescale will release an open source reference design for companies that want to build virtualization software that taps into the hypervisor”, Cronin said.

[Source: VMBlog]

KVM-65 Released, Supports S390 Architecture

by Leave a Comment

KVM-65 was released today. The most interesting feature in this release is support for the S/390 architecture, more specifically, the System z9 line of mainframes. On x86, the most interesting change is the separation of timer and I/O completion handling into a separate thread (these used to be serviced by the same thread that executed vcpu 0). The change should result in improved responsiveness and better smp performance.

As Anthony Liguori puts it:

“The s390 is the grand-daddy of virtualization. Everything started there. In so many ways, everything we’re doing with x86 virtualization is just playing catch-up. The new exciting features like hardware virtualization support and hardware paging support have been in s390 forever.”

“s390 clearly has a very mature hypervisor. What many people may not know though is that it’s normal to run two hypervisors at any given time on s390. At the bottom level, there’s PR/SM which divides the machine into rather coarse partitions. Within a PR/SM partition, you can run z/OS or Linux. You can also run z/VM within a PR/SM partition. z/VM is another hypervisor that allows for much more sophisticated features like memory overcommit and processor overcommit. The user has the ability to decide how much hypervisor they need to maximize the efficiency of their workloads.”

These are the changes from KVM-64:

  • fix hotplug build for non-x86
  • ignore reads from the apic EOI register
  • fixes Linux 2.6.25-rclate bootup problems
  • compile fixes
  • fix ftruncate() on hugetlbfs use on older Linux hosts
  • endianness fix virtio-block
  • fixes virtio-blk on ppc
  • refactor in-kernel PIT to be a separate device
  • separate thread for I/O completions and timers
  • fix vmmouse smp
  • fix loading uninitialized variable into apic registers
  • fixes apic being disabled on smp Linux guests running X
  • disable kvm clock on Voyager or SGI Visual WS
  • s390 support
  • fix large pages
  • speedup msr processing on Intel via msr bitmap
  • add slab shrinker support
  • reduces nonswappable footprint under memory pressure
  • code cleanup
  • vm refcounting
  • only mark a page as accessed if it was really accessed by the guest
  • drop slots_lock while in guest mode
  • fixes long latencies with iothread
  • prepopulate guest pages only after write-protecting them
  • fixes smp race leading to guest spinning

[Source: Tales of a Code Monkey]

Third Brigade Wants In On The Virtualization Security Conversation

by Leave a Comment

There’s lots of conversation going on about virtualization and security (e.g. InformationWeek’s take), and now Third Brigade is anxious to be included in the conversation. The company issued a press release today with a presentation of their new approach to virtualized security.

Third Brigade

Third Brigade announced a new licensing model designed to address the accelerated adoption of virtual environments and help customers achieve the lowest total cost of ownership for virtualization security. Third Brigade licensing now allows for an unlimited number of virtual machines to be protected per physical server. The company also introduced a new, coordinated approach to intrusion defense for virtualized environments that will deliver better data protection than can be achieved by virtual security appliances.

When asked why Third Brigade’s approach to virtualization security is better, Wael Mohamed, President and CEO, Third Brigade said:

“The biggest threat left exposed by omitting virtual machine-based security, or relying solely on virtual security appliances, is the potential for one compromised virtual machine to be used to launch an attack against another virtual machine. An appliance or gateway model can’t see, and prevent, the malicious traffic between the VMs; Third Brigade can.” Mr. Mohamed continued, “We also believe sophisticated security coordination will be required between a security agent on a virtual machine and a security agent leveraging the VMsafe APIs, when they are available. We have created an attractive licensing model that will enable customers to take advantage of these advanced features.”

The new licensing model helps accelerate mission critical virtual deployments and removes any barriers to delivering best-of-breed security capabilities to every VM by allowing an unlimited number of VMs to be protected per physical server. For customers that are moving to, or have mixed physical and virtual environments, Third Brigade licenses are portable as a server is transitioned from the physical to virtual world. Pricing is also available for individual virtual machine instances for enterprises that have unique security requirements.

[Source: press release]