Unless otherwise noted, articles © 2005-2008 Doug Spencer, SecurityBulletins.com. Linking to articles is welcomed. Articles on this site are general information and are NOT GUARANTEED to work for your specific needs. I offer paid professional consulting services and will be happy to develop custom solutions for your specific needs. View the consulting page for more information.


Paravirtualization with XEN

From SecurityBulletins.com

Jump to: navigation, search

Written by Doug Spencer 11/16/2006
[SecurityBulletins.com]

--Draft--

The Xen virtualization is a bit different from many other types of virtualization. The Xen hypervisor is booted instead of the standard kernel. The hypervisor takes care of loading virtual machines. Xen virtual machines utilize paravirtualization. Paravirtualization in Xen generally requires modifications to the kernel that will run be run by Xen. The extra steps involved in setting this up increases the performance of the virutalization quite a bit, since the kernel can communicate its requirements to the hypervisor and get better response time.

The primary virtual machine on Xen is known as "Dom0" and has the ability to send control commands to the Xen hypervisor. The additional virtual machines are known as "DomU" and they DO NOT have any ability to send administrative commands to the hypervisor.

An interesting thing about Xen is that it can do live migrations of virtual machines from one physical server to another if shared storage is available. This functionality works very well. I've tested it using virtual machines running Debian images stored on NFS filesystems. It should also work well with cluster file systems such as Global File Sytem (GFS). Basically, Xen communicates with the remote system, duplicating the memory image and tracking changes during the migration. Once the memory image is copied, the final changes get propagated and the remote system is made active. There is practically no downtime, I've even done continuous pings, ls -lR and similar tests and have noticed no loss.

Several Linux distributions have packages with pre-built kernels that support Xen paravirtualization. There is also a live boot CD-ROM image that can be used to try Xen. The live boot image is a very easy way for a new user to try Xen without requiring a new install.

Personal tools