Xen Virtualization Technology (Part 1)

Tonight I’m discussing Xen Virtualization Technology. This technology is the best I’ve ever worked with when it comes to virtualization of hardware on an x86-based machine.

What is Xen? From the Xen FAQ: “Xen is a virtual machine monitor (VMM) for x86-compatible computers. Xen can securely execute multiple virtual machines, each running its own OS, on a single physical system with close-to-native performance.” Xen can be used to run multiple instances of an operating system on separate “domains,” as they are called, each of which appears to be it’s own physical server to the operating system.

How does it work? Well, the basics are this: A Xen “hypervisor” runs on the native hardware (this is typically a Linux 2.6- or 2.4-based system, although Xen version 2.0 can be installed on NetBSD 3.0 as the host system, as well) which is considered “domain zero” (dom0.) Under dom0, you can create a virtually unlimited number of domains, each of which is a virtual machine. You specify how much RAM to dedicate to this virtual machine, optionally assign a specific processor on which it should run, and optionally assign a specific IP address. You can then install any of: Linux 2.4, Linux 2.6, NetBSD 2.0, NetBSD 3.0, FreeBSD 5.x, or Plan 9 as the guest operating system. Aside from a specific kernel with hooks into the Xen Hypervisor (dom0), this system runs in completely unmodified form, which means that you can run any software that runs on any of these systems.

How well does it work? Very well. There is practically zero overhead with the Xen system, meaning that nearly 100% of your processing power and RAM can be dedicated to the virtual machines that are hosted on the system. This virtualization technique works in precisely the way you would expect it to work….If you have two virtual machines (VMs) dedicated to one processor and both are heavily loaded, each utilizes half of the processor….neither will take over the machine and push other VMs out of the way. This software scales nearly endlessly, too – you can have ten VMs on one machine, and if set up properly, when all ten VMs are loaded to the max, each will behave as though it has a processor that is one tenth the power of the primary system. I haven’t gotten through extensive tests to indicate if each VM can use more than (CPU Power) / (# of VMs) horsepower if other VMs are idle, but so far the tests seem to indicate precisely that.

Here is my anecdotal evidence as of today…
Part 1: A co-worker of mine and I installed a basic CentOS 4.2 system on a simple dual-processor box (dual PIII 600 MHz, 1GB RAM) as domain zero, then created two sub-domains (dom1 and dom2). We assigned dom0 to utilize processor 0, then assigned dom1 to processor 0 and dom2 to processor 1. Each subdomain was given 384 MB of RAM. We ran a variety of benchmarks on dom0 without either subdomain running, and it behaved like a 600 MHz PIII, as expected. We then loaded up both subdomains with CentOS 4.2 and ran the same benchmarks on each, both separately and simultaneously. Each came up with results within a percentage point of dom0, indicating that they each behaved as though they were independent 600 MHz machines with 384MB of RAM.
Part 2: We then “shutdown” both dom1 and dom2, set dom 1 to also use processor 1, then proceeded to start them back up and ran the benchmarks again. Simultaneous tests showed that each was running on a 300 MHz machine with 384MB of RAM. Individual tests (where one domain was running fully loaded and the other was idle) indicated roughly 600 MHz machines…

What this seems to indicate to me is that the software works as expected…load up a machine with a few VMs and get the performance you expect out of them. You could give these subdomain VMs to anyone, trusted or not (supposing you took all security considerations into account), and you wouldn’t need to worry about whether any one person would be monopolizing the physical hardware in such a manner that it would prevent another VM from operating correctly.

My thoughts: Although these tests are not exhaustive, nor run more than a few times each, it gives me a good indication of the possibilities available if you need or want to run a few separate machines with modest processing requirements…you can buy one or two dual processor (or quad processor, or dual-core dual-processor (quad-core)) machines, load them up with RAM, and run a good number of virtual machines on them. This technology could be used for separating out web hosts, testing out configurations in a virtual sandbox, separating application hosting from database hosting, and more. This would be perfect for running a VPS (Virtual Private Server) hosting environment. In fact, there is at least one provider that is starting to use Xen technology exclusively for all new VPS hosts – Rimu Hosting.

I haven’t explored all the options nor found all the pitfalls to utilizing Xen Virtualization Technology, but from a first look, I would say that it is pretty hot, and the tech to use if you are thinking of virtualizing any of your Linux or BSD systems. (Not OpenBSD at this time.) And exciting things are on the horizon with Intel and AMD promising hardware virtualization in the near future…this kind of technology would allow Xen software to run unmodified versions of x86-based operating systems, including Windows, OpenBSD, and dare I hint at the possibility…MacOS X for Intel…pending support and authorization from Apple, of course.

Stay tuned for more on Xen in the near future!

Welcome!

David J. Pryke   February 27, 2006   No Comments on Welcome!

Welcome, and hello! My name is Dave, and I am a Systems Administrator in Pennsylvania, USA. I am starting this blog to discuss various sysadmin related topics, including network and systems security, systems configurations, tips for optimizing systems and networks, using open source tools in a corporate environment, and more.

I will be writing about my experiences and various things I know to be true in the IT environment, from a Systems Administrator’s perspective. You may not agree with some things that I write here, especially if you are in IT but are not a sysadmin…this doesn’t mean that I think you are wrong…it means simply that I am looking at the situation from a different perspective. I encourage your comments and will try to respond to them. Feel free to advance this into a forum where we can all learn something that will help us in the IT world, and in our jobs.

As with anyone in this field, I am constantly learning and seeking out new ways to do things, mostly for three reasons: will it provide better security and/or performance?, will it save the company money?, and is it the “Right Way” to do it? Undoubtedly, the answers to each of these questions are often tenuous and hard to justify empirically, but when appropriate, I will make the effort to analyze the largest pros and cons under each category and try to give information that will help you to decide which solution will work best for you.

I may not get the chance to update this blog every day…as I’m sure many of you experience, some days my job will take many more than eight hours of my time, while others, it will barely take two. For the same reason, I may update it more than once on some days. Take it all with a grain of salt, as each Sys Admin needs to take his or her own environment, experience, and politics into account for each solution, but I hope I can shed some light on the various options for those “running the show” in IT environments worldwide.

Thanks for visiting this blog, and know that I encourage your comments!