​New version of Xen hypervisor arrives for the cloud and enterprise

Want a new and improved hypervisor for your cloud or data-center? Then consider the latest edition of Xen, Xen 4.5, from the Linux Foundation's Xen Project Collaborative Project.

Xen, one of the oldest open-source hypervisors, has long been popular with major cloud services such as Amazon Web Services, Rackspace Public Cloud, and Verizon Cloud. Now, with improved performance, quality, security and scalability that today's cloud and enterprise data-center computing workloads demand. In particular, for x86-based solutions this latest version offers improved cache monitoring technology. This, in turn, helps to resolve the "noisy neighbor" dilemma. A noisy neighbor is a virtual machine (VM), which demands more than its fair share of system resources thus slowing down other VMs.

The other significant new features and capabilities in Xen Project Hypervisor 4.5 include:

Major performance enhancements: Xen now includes a new Project Hypervisor (PVH) bare-metal virtualization mode, which supports running as dom0 with Linux platforms on Intel CPUs. Dom0 is Xen's first running operating system. You can think of it as the host operating system for Xen's production virtual machines (VM)s.

PVH is an extension to the classic Xen Project Paravirtualization (PV). Unlike PV, it makes better use of Intel newest virtualization extensions such as virtual machine extensions (VMX) to speed up Xen's startup on each server. In addition, the new dom0 model can execute operations without calling on the hypervisor. Finally, improvements to the interrupt delivery mechanism for PCI pass-through to memory and networking improves both resource latency and, therefore, guest performance.

Better Intel chip utilization: Xen also now takes fuller advantage of Intel Resource Director Technology (RDT). This is designed to improve VM performance and manageability. RDT's Cache Monitoring Technology (CMT) can be used to monitor Last Level Cache (LLC) usage by application threads. With this, in turn, programmers can build applications that can do a better job of balancing workloads.

More Powerful High Availability: Xen has borrowed from KVM, Linux's built-in hypervisor, the concept of Coarse-grained Lock-stepping (COLO). With COLO you can replicate the state of a primary VM (PVM) on demand to a secondary VM (SVM) on a different physical system. In short, with this you can provide non-stop VM services by enabling near-instantaneous local and remote recovery from a failed VM.

This is still a work in progress. COLO, which will be fully integrated in a future release, is built on top of the Remus project, a periodic VM check-pointing program.

ARM architecture updates: Xen, which started as an x86 architecture only hypervisor, started working with ARM chips in 2012 This new release now supports VMs of up to 1TB of guest RAM on ARM. At the same time, it also lowers the ARM virtualization overhead by supporting super page mappings in the hypervisor and faster interrupt end of interrupts (EOI)s without maintenance interrupts.

This release also enhances interrupt handling on ARM by supporting priorities and irq migration (virtual and physical). Developers can also securely and quickly boot Xen Project hypervisors on ARM using UEFI firmware. With this, combined with the QEMU PV back-ends--storage, console, keyboard, mouse, and framebuffer--Xen claims that the ARM implementation now offers near feature parity with the x86 model. Finally, Xen on ARM now supports many new ARM firmware interfaces and platforms such as the AMD Seattle 64-bit server System on a Chip (SoC).

New Introspection of HVM Guests Security Feature: The Xen project also claims that with infrastructure changes, such as multi-extended page table (EPT) views and memory introspection hardware acceleration, Xen can now provide improved security. Specifically, by enabling both pages and memory to be inspected, it's easier to enables hardware-enforced VM isolation. This, in turn, can be used to spot and then lock down kernel exploits, zero days, rootkits and other advanced malware attacks on a specific VM.

"We're clearly ahead of the market with x86 performance and ARM architecture updates," claimed Lars Kurth, Xen Project Advisory Board Chairman, in a statement. "This benefits our traditional strongholds where strong security, flexibility and multi-tenancy are required."

Mauri Whalen, Intel's director of Open Source Technology Center Core System Software, added that Intel's architecture combined "with Xen Project technology [already] underpins many of the world's largest and most successful data centers and clouds and continues to set the standard for performance, flexibility, and value. With support for cache monitoring and VM check-pointing, Xen Project 4.5 offers new levels of efficiency and automation on Intel architecture, along with powerful new options for high availability and disaster recovery."

Related Stories:

• Ubuntu is working on a new secure container hypervisor: LXD
• Hypervisors: The cloud's potential security Achilles heel
• Xen brings its virtualization goodness to more ARM chipsets
• Xen becomes a Linux Foundation project