XEN

Last Updated: August 16, 2005

Introduction
Virtualization and Paravirtualization
Xen
What Xen Can Do
Infrastructure Simplification
Security
Continuous Availability
Migration
Sandbox Testing
Server Roll-out
TCO and ROI
Xen and the Future

For more information on Xen and the services provided by Option-C, Ltd., please contact us at: info@option-c.com. Also feel free to browse our wiki
Option-C is not affiliated with XenSource, Inc. or the University of Cambridge.
All trademarks and registered trademarks are the property of their respective owners.

Introduction

One of the most important aspects of business infrastructure is the design, implementation, and maintenance of the data center. Some companies do their work on a few PCs; others need hundreds of servers.

Over the last decade the importance of the data center has grown by leaps and bounds along with the complexity of enterprise software applications.

Best practices in IT dictate that server applications be isolated. Databases should be separate from web servers; e-mail servers should be segregated from print servers. Application server separation is secure and allows for simple redundancy. If one server dies its effect on others is minimal, and it's relatively easy to replace the functionality lost.

This, however, is expensive. The physical servers are under-utilized, often with resource use under 10%. Power and cooling requirements continue to increase as new machines are introduced into the data center.

So the problem is: How do we control or lower IT costs while maintaining the security and control of isolating our servers?

The answer: Through virtualization of the data center.

- Return to top -

Virtualization and Paravirtualization

The Wikipedia defines virtualization as “the process of presenting computing resources in ways that users and applications can easily get value out of them, rather than presenting them in a way dictated by their implementation, geographic location, or physical packaging.”

We use a more specific definition: Virtualization is the capability of running multiple isolated “guest” operating systems, each inside their own virtual machine, on top of a “host” OS, in a tightly controlled and secure manner.

Small picture of a basic virtualization setup

Mainframes have had this capability for over 30 years, but mainframes are too expensive for most IT departments.

In recent years there have been several commercial Intel-x86 based virtualization packages. These, too, are expensive, charging hundreds or thousands of dollars per CPU, putting them out of the reach of small businesses. These packages often attempt to emulate all aspects of the modern PC which causes them to be significantly slower than the native OS.

In this document we focus upon Xen, one of the few virtualization packages to use “paravirtualization” to optimize system resource use.

The wikipedia defines paravirtualization as "a virtualization technique that presents the abstraction of virtual machines with a software interface that is similar but not identical to that of the underlying hardware."

Paravirtualization is more difficult to achieve because of the wide variety of hardware available. As a result, design decisions generally dictate that the software's focus will not be on support of everything, but rather a solid support of the important hardware (memory, storage, etc.).

- Return to top -

Xen

During the development of the product, the Xen developers maintained several important requirements for their software:

Support a variety of full operating systems to allow for support (without modification) of complex, enterprise-level applications.
Full support of commodity hardware (Intel x86, 32- and 64-bit and compatible, PowerPC).
System must be able to provide full accounting metrics for utility computing
VMs (Virtual Machines) must be isolated; one VM must not adversely affect the performance of others
Performance overhead due to virtualization must be minimal

The creators of Xen made a conscious decision to not be all things for all computers. Most data centers do not have a need for high-end graphics and sound cards in their machines, so Xen does not emulate these.

Instead, Xen focuses upon the resources most needed in the modern data center (memory, network and block devices), and allows direct access to these in a controlled and secure way. This allows Xen to provide up to 97% of the native speed of the host machine.

According to several studies, the average resource use per CPU in the modern IT department is between 5% and 10% across the board. If you have a server using an average of 10% of resources, then that same level will be available in a Xen virtual machine.

A strong point in favor of Xen is the software purchase cost. For other products you will pay hundreds or thousands of dollars per CPU. Xen is Open Source; there is no upfront purchase cost.

This means that the IT department can focus their money on the implementation and support rather than the purchase and licensing of the software.

- Return to top -

What Xen Can Do

Xen is a powerful, well-supported product with ongoing active development. It has caused enough developer interest that portions of the codebase are being included in the Linux kernel tree. It has caused enough investor interest that three large VC firms have invested a substantial amount of money.

Those facts are not generally important to a data center administrator. They want to know: why should they use Xen?

The answers are:

Infrastructure simplification
Security
Continuous Availability
Migration
Sandbox Testing
Server Roll-out
TCO and ROI

- Return to top -

Infrastructure Simplification

Infrastructure Simplification is the concept of changing a business' data infrastructure to accomplish business goals now, and to prepare for the future. One way to do this is to combine physical machines making them both less expensive and easier to administer.

Xen allows you to do this by converting physical machines into virtual machines. By doing this you get back wasted resources; power, cooling and space requirements drop. In addition, you have a data center that can be expanded more rapidly as needs dictate. If you need a new server, simply clone an existing one, modify as needed, and switch it on.

From the functionality point-of-view, running 10 virtual machines is little different than running 10 physical machines. From the administration and configuration perspectives, it is far easier.

Image of infrastructure simplification

- Return to top -

Security

From a network point-of-view, a VM is the same as a physical machine. As a result it is important that administrators continue to implement strong security practices.

Each VM is segregated within the host from all other VMs. The only connectivity between VMs is that which is defined by the System Administrators, as in a normal network.

If a VM is compromised in some way – a virus, or a worm, for example – it is quick and easy to stop the machine and rollback to a recent backup. If you want to isolate a VM then perform the same actions as if the VM were a physical machine. If a VM is hacked, shut it down without affecting the other virtual machines or the host machine.

- Return to top -

Continuous Availability

In developing Xen, the designers mandated the need for high availability of the VMs. This means that the hypervisor will not allow one badly behaving VM to affect the others.

If a single virtual machine goes down for any reason, quickly reboot without affecting the others. When a machine is running under Xen its boot time is significantly faster than a native installation on a physical machine.

Internal tests (with a non-optimized installation of Mandrake Linux Desktop running MySQL and Apache) show the native boot of the system takes 32 seconds whereas the Xen VM can reboot (shutdown and boot) in 28 seconds; booting alone took 16 seconds. Similar results where obtained for other machines. An optimized Xen VM boots in as little as 10 seconds.

The speed of the reboot combined with the capability to quickly migrate VMs allows the System Administrator to offer better continuous availability.

Two methods that help with continuous availability are Migration and Sandbox Testing.

- Return to top -

Migration

One headache administrators often get is caused when a system is misbehaving. For example, if a web hosting company finds a single website is being hit hard, they're going to want to move the site so that it doesn't affect other sites running on the same physical box. This can cause minutes of downtime. Even if they're prepared with one of the packages that allows for “instant” migration it still takes time. For a brochure-site, seconds or minutes of downtime don't usually mean much, but for a site like Amazon or eBay it can mean lost sales.

Xen claims a migration downtime as low as 30 to 60 milliseconds with no loss of client connectivity.

Most companies accept that they're not going to have 100% uptime, both on internal and external servers. However, when the print and file servers goes down 10 minutes before a VP has to make a big presentation, someone will be in trouble. With Xen, it's possible to migrate those servers to prepared hardware, in less than a second, and have them up and running again.

- Return to top -

Sandbox Testing

One of the best reasons to use a VM is to test out new software and patches. Our consultants have often seen machines that have been patched without thorough testing because the creator of the OS assured everyone that the patch was a) highly critical, and b) wouldn't hurt existing systems.

One of our consultants specifically remembers "...going to the client site and rather than performing the needed work, I spent the majority of a day assisting in the removal of a patch (actually several patches combined into one) and putting each individual patch back on, one-by-one, until the problem was found. As a result, the corporate website was down for the majority of a day."

Using Xen it would have been easy to:

Duplicate the Web Server VM quickly (by copying the existing one or using the latest backup)
Apply the patches
Test the patched system
Switch the tested, patched system online and retire the old version.

- Return to top -

Server Roll-out

One of the biggest headaches for data centers is the roll-out of new servers. If the data center doesn't have the specified hardware it can take weeks to perform a server roll-out. Even with the hardware, cloning one physical machine to another and then configuring can take hours.

With Xen, it takes minutes. To roll-out a copy of an existing server, simply duplicate the image file or the partitions, make the needed configuration changes, and boot the new server.

After an OS has been ported to Xen, any VM will run on top of it. Rolling out new servers becomes as easy as performing the following steps:

Configure new or repurposed hardware with Xen.
Migrate existing, new, or cloned VMs to the additional hardware.

- Return to top -

TCO and ROI

Turning off leased or purchased machines will allow the data center to save immediately on cooling and power needs, and to lower administration costs. In addition, since hardware is now available, it is easier and quicker to expand the data center as needed.

During future upgrade cycles it becomes easier to budget and focus on functionality requirements rather than spending money on hardware needs, simultaneously raising the ROI and lowering the TCO.

- Return to top -

Xen and the Future

Xen was created in Cambridge University, England. Recently the architects started a Silicon Valley company called XenSource, Inc., specifically to promote the widespread adoption of Xen and to provide user support.

Being Open Source does not mean that there is no support for Xen. Indeed, Xen is backed and supported by several of the largest companies in the world, in particular IBM, Intel, AMD, Hewlett Packard, Red Hat and Novell/SUSE. It has the financial support of several well-known VC companies, including Kleiner Perkins Caufield & Byers, Sevin Rosen, and Accel Partners.

Xen has made a public commitment to work with all industry partners to continue the development of the hypervisor, and to support all enterprises interested in incorporating Xen into their products.

This includes appropriate updates to support future chipsets and new functionalities. Xen is actively working with Intel and AMD as they start to provide CPU-based support for virtualization, while development on the 64-bit and PowerPC architectures is progressing rapidly.

Work on the software side is not slow either with version 3.0 due out soon. Xen is continuing to provide additional OS support, and is working on newer developments such as PAE.

While XenSource's emphasis is on the development and enhancement of the main architecture of Xen, Option-C is focusing on the development and implementation of enterprise-level tools to simplify administration and configuration of VMs.

Some of our tools include:

A full support infrastructure
Methods of using distributed filesystems to run and support Xen VMs
Automatic remote-location failover of both host and virtual machines
XenAdmin (XA) - a GUI-based administration tool
WebXenAdmin (WXA) - a browser-based administration tool

With these tools you'll be able to have fully functional Xen VMs running in minutes, ready for your own configuration.

If you need to:

save your IT resources
simplify your infrastructure for today and tomorrow
lower your TCO
raise your ROI

then contact Option-C.

If you want something specifically tailored to your needs, we'll be happy to provide such services. You can feel confident relying on our familiarity with Xen to provide you the solutions you need.

For your virtualization solutions call Option-C and let us show you how Xen can help.

- Return to top -



Home About Experiences Projects Xen Option-C Wiki Contact Us	XEN Last Updated: August 16, 2005 Introduction Virtualization and Paravirtualization Xen What Xen Can Do Infrastructure Simplification Security Continuous Availability Migration Sandbox Testing Server Roll-out TCO and ROI Xen and the Future For more information on Xen and the services provided by Option-C, Ltd., please contact us at: info@option-c.com. Also feel free to browse our wiki Option-C is not affiliated with XenSource, Inc. or the University of Cambridge. All trademarks and registered trademarks are the property of their respective owners. Introduction One of the most important aspects of business infrastructure is the design, implementation, and maintenance of the data center. Some companies do their work on a few PCs; others need hundreds of servers. Over the last decade the importance of the data center has grown by leaps and bounds along with the complexity of enterprise software applications. Best practices in IT dictate that server applications be isolated. Databases should be separate from web servers; e-mail servers should be segregated from print servers. Application server separation is secure and allows for simple redundancy. If one server dies its effect on others is minimal, and it's relatively easy to replace the functionality lost. This, however, is expensive. The physical servers are under-utilized, often with resource use under 10%. Power and cooling requirements continue to increase as new machines are introduced into the data center. So the problem is: How do we control or lower IT costs while maintaining the security and control of isolating our servers? The answer: Through virtualization of the data center. - Return to top - Virtualization and Paravirtualization The Wikipedia defines virtualization as “the process of presenting computing resources in ways that users and applications can easily get value out of them, rather than presenting them in a way dictated by their implementation, geographic location, or physical packaging.” We use a more specific definition: Virtualization is the capability of running multiple isolated “guest” operating systems, each inside their own virtual machine, on top of a “host” OS, in a tightly controlled and secure manner. Mainframes have had this capability for over 30 years, but mainframes are too expensive for most IT departments. In recent years there have been several commercial Intel-x86 based virtualization packages. These, too, are expensive, charging hundreds or thousands of dollars per CPU, putting them out of the reach of small businesses. These packages often attempt to emulate all aspects of the modern PC which causes them to be significantly slower than the native OS. In this document we focus upon Xen, one of the few virtualization packages to use “paravirtualization” to optimize system resource use. The wikipedia defines paravirtualization as "a virtualization technique that presents the abstraction of virtual machines with a software interface that is similar but not identical to that of the underlying hardware." Paravirtualization is more difficult to achieve because of the wide variety of hardware available. As a result, design decisions generally dictate that the software's focus will not be on support of everything, but rather a solid support of the important hardware (memory, storage, etc.). - Return to top - Xen During the development of the product, the Xen developers maintained several important requirements for their software: Support a variety of full operating systems to allow for support (without modification) of complex, enterprise-level applications. Full support of commodity hardware (Intel x86, 32- and 64-bit and compatible, PowerPC). System must be able to provide full accounting metrics for utility computing VMs (Virtual Machines) must be isolated; one VM must not adversely affect the performance of others Performance overhead due to virtualization must be minimal The creators of Xen made a conscious decision to not be all things for all computers. Most data centers do not have a need for high-end graphics and sound cards in their machines, so Xen does not emulate these. Instead, Xen focuses upon the resources most needed in the modern data center (memory, network and block devices), and allows direct access to these in a controlled and secure way. This allows Xen to provide up to 97% of the native speed of the host machine. According to several studies, the average resource use per CPU in the modern IT department is between 5% and 10% across the board. If you have a server using an average of 10% of resources, then that same level will be available in a Xen virtual machine. A strong point in favor of Xen is the software purchase cost. For other products you will pay hundreds or thousands of dollars per CPU. Xen is Open Source; there is no upfront purchase cost. This means that the IT department can focus their money on the implementation and support rather than the purchase and licensing of the software. - Return to top - What Xen Can Do Xen is a powerful, well-supported product with ongoing active development. It has caused enough developer interest that portions of the codebase are being included in the Linux kernel tree. It has caused enough investor interest that three large VC firms have invested a substantial amount of money. Those facts are not generally important to a data center administrator. They want to know: why should they use Xen? The answers are: Infrastructure simplification Security Continuous Availability Migration Sandbox Testing Server Roll-out TCO and ROI - Return to top - Infrastructure Simplification Infrastructure Simplification is the concept of changing a business' data infrastructure to accomplish business goals now, and to prepare for the future. One way to do this is to combine physical machines making them both less expensive and easier to administer. Xen allows you to do this by converting physical machines into virtual machines. By doing this you get back wasted resources; power, cooling and space requirements drop. In addition, you have a data center that can be expanded more rapidly as needs dictate. If you need a new server, simply clone an existing one, modify as needed, and switch it on. From the functionality point-of-view, running 10 virtual machines is little different than running 10 physical machines. From the administration and configuration perspectives, it is far easier. - Return to top - Security From a network point-of-view, a VM is the same as a physical machine. As a result it is important that administrators continue to implement strong security practices. Each VM is segregated within the host from all other VMs. The only connectivity between VMs is that which is defined by the System Administrators, as in a normal network. If a VM is compromised in some way – a virus, or a worm, for example – it is quick and easy to stop the machine and rollback to a recent backup. If you want to isolate a VM then perform the same actions as if the VM were a physical machine. If a VM is hacked, shut it down without affecting the other virtual machines or the host machine. - Return to top - Continuous Availability In developing Xen, the designers mandated the need for high availability of the VMs. This means that the hypervisor will not allow one badly behaving VM to affect the others. If a single virtual machine goes down for any reason, quickly reboot without affecting the others. When a machine is running under Xen its boot time is significantly faster than a native installation on a physical machine. Internal tests (with a non-optimized installation of Mandrake Linux Desktop running MySQL and Apache) show the native boot of the system takes 32 seconds whereas the Xen VM can reboot (shutdown and boot) in 28 seconds; booting alone took 16 seconds. Similar results where obtained for other machines. An optimized Xen VM boots in as little as 10 seconds. The speed of the reboot combined with the capability to quickly migrate VMs allows the System Administrator to offer better continuous availability. Two methods that help with continuous availability are Migration and Sandbox Testing. - Return to top - Migration One headache administrators often get is caused when a system is misbehaving. For example, if a web hosting company finds a single website is being hit hard, they're going to want to move the site so that it doesn't affect other sites running on the same physical box. This can cause minutes of downtime. Even if they're prepared with one of the packages that allows for “instant” migration it still takes time. For a brochure-site, seconds or minutes of downtime don't usually mean much, but for a site like Amazon or eBay it can mean lost sales. Xen claims a migration downtime as low as 30 to 60 milliseconds with no loss of client connectivity. Most companies accept that they're not going to have 100% uptime, both on internal and external servers. However, when the print and file servers goes down 10 minutes before a VP has to make a big presentation, someone will be in trouble. With Xen, it's possible to migrate those servers to prepared hardware, in less than a second, and have them up and running again. - Return to top - Sandbox Testing One of the best reasons to use a VM is to test out new software and patches. Our consultants have often seen machines that have been patched without thorough testing because the creator of the OS assured everyone that the patch was a) highly critical, and b) wouldn't hurt existing systems. One of our consultants specifically remembers "...going to the client site and rather than performing the needed work, I spent the majority of a day assisting in the removal of a patch (actually several patches combined into one) and putting each individual patch back on, one-by-one, until the problem was found. As a result, the corporate website was down for the majority of a day." Using Xen it would have been easy to: Duplicate the Web Server VM quickly (by copying the existing one or using the latest backup) Apply the patches Test the patched system Switch the tested, patched system online and retire the old version. - Return to top - Server Roll-out One of the biggest headaches for data centers is the roll-out of new servers. If the data center doesn't have the specified hardware it can take weeks to perform a server roll-out. Even with the hardware, cloning one physical machine to another and then configuring can take hours. With Xen, it takes minutes. To roll-out a copy of an existing server, simply duplicate the image file or the partitions, make the needed configuration changes, and boot the new server. After an OS has been ported to Xen, any VM will run on top of it. Rolling out new servers becomes as easy as performing the following steps: Configure new or repurposed hardware with Xen. Migrate existing, new, or cloned VMs to the additional hardware. - Return to top - TCO and ROI Turning off leased or purchased machines will allow the data center to save immediately on cooling and power needs, and to lower administration costs. In addition, since hardware is now available, it is easier and quicker to expand the data center as needed. During future upgrade cycles it becomes easier to budget and focus on functionality requirements rather than spending money on hardware needs, simultaneously raising the ROI and lowering the TCO. - Return to top - Xen and the Future Xen was created in Cambridge University, England. Recently the architects started a Silicon Valley company called XenSource, Inc., specifically to promote the widespread adoption of Xen and to provide user support. Being Open Source does not mean that there is no support for Xen. Indeed, Xen is backed and supported by several of the largest companies in the world, in particular IBM, Intel, AMD, Hewlett Packard, Red Hat and Novell/SUSE. It has the financial support of several well-known VC companies, including Kleiner Perkins Caufield & Byers, Sevin Rosen, and Accel Partners. Xen has made a public commitment to work with all industry partners to continue the development of the hypervisor, and to support all enterprises interested in incorporating Xen into their products. This includes appropriate updates to support future chipsets and new functionalities. Xen is actively working with Intel and AMD as they start to provide CPU-based support for virtualization, while development on the 64-bit and PowerPC architectures is progressing rapidly. Work on the software side is not slow either with version 3.0 due out soon. Xen is continuing to provide additional OS support, and is working on newer developments such as PAE. While XenSource's emphasis is on the development and enhancement of the main architecture of Xen, Option-C is focusing on the development and implementation of enterprise-level tools to simplify administration and configuration of VMs. Some of our tools include: A full support infrastructure Methods of using distributed filesystems to run and support Xen VMs Automatic remote-location failover of both host and virtual machines XenAdmin (XA) - a GUI-based administration tool WebXenAdmin (WXA) - a browser-based administration tool With these tools you'll be able to have fully functional Xen VMs running in minutes, ready for your own configuration. If you need to: save your IT resources simplify your infrastructure for today and tomorrow lower your TCO raise your ROI then contact Option-C. If you want something specifically tailored to your needs, we'll be happy to provide such services. You can feel confident relying on our familiarity with Xen to provide you the solutions you need. For your virtualization solutions call Option-C and let us show you how Xen can help. - Return to top -
	Content of this site is Copyright 2004-2007, Option-C, Ltd.