Evaluating Xen IA-64 Security and Performance César De Rose FACIN - PUCRS
Gelato ICE - Singapore, October 2006
Gelato ICE - Singapore, October 2006
Agenda
Introduction Groups working with Xen at PUCRS Infrastructure/team Xen research areas
Resource
Management
Linux Scalability / NUMA
Software Testing
Where are we today Conclusions Contact information
Gelato ICE - Singapore, October 2006
Introduction*
Xen is a complete and robust GPL Virtual Machine Monitor Outstanding performance and scalability Excellent resource control and protection Live relocation makes seamless migration possible for many real-time workloads
*Xen and the Art of Virtualization Ian Pratt - Chief architect of the Xen project
Gelato ICE - Singapore, October 2006
Virtualization in the Enterprise*
X X
X
Consolidate under-utilized servers
Avoid downtime with VM Relocation
Dynamically re-balance workload to guarantee application SLAs
Enforce security policy (sandbox) *Xen and the Art of Virtualization Ian Pratt - Chief architect of the Xen project
Gelato ICE - Singapore, October 2006
Groups working with Xen at PUCRS Software Testing PUCRS
HP Brasil R&D HP Labs
OurGrid - UFCG Resource Management Resource Management in Cluster and Grids PUCRS
Linux Scalability PUCRS
Gelato Linux IA-64
PUCRS is a Gelato Member Since 2003
Gelato ICE - Singapore, October 2006
Infrastructure / team
Cooperative project with HP Brazil since 1999 Lab areas
Staff
Aprox. 200 m2 in the CS building (machine rooms, meeting rooms, training rooms, offices) 5 Full time profs, 5 PhD, 8 master, 8 undergraduate students
Hardware
3 mid-size clusters with different configurations some connected by high-speed networks (SCI, Myrinet) totalizing 80 processors 10 consoles, 3 servers, local network 4 node Itanium 2 SMP cluster (Gelato Grant) Quad Itanium 1 SMP 25 machines for training and experiments
Gelato ICE - Singapore, October 2006
Xen research areas
Resource Management
Xen
Adaptive Environment (XenAE)
XenGrid
Linux Scalability Software Testing
Performance
and security testing
Gelato ICE - Singapore, October 2006
XenAE - Motivation
Virtualization provides a flexible container called Virtual Machine (VM) to execute computing systems
VM’s capacity in terms of computing power and memory capacity can be configured to best fit system requirements and modified on the fly to attend new system demands
Enterprise systems present variable demands during long term execution
VM’s capacity must be adequate to system demands in order to avoid under/over utilization
VMs can be migrated between physical machines during execution
Systems can be easily reallocated in other machines when necessary (e.g., demand for more computing power capacity, machine maintenance)
Systems executing in different physical machines can be consolidated in a single hardware with guaranteed isolation (security) to provide better utilization of available resources
Gelato ICE - Singapore, October 2006
XenAE - State of the art
Configuration of VMs to best fit system demands is performed in an ad hoc fashion
Explicit
monitoring of system load and resources utilization
Manual
reconfiguration
Reactive
management
Virtual machines are still too tied to the hardware
Each
machine uses a single virtualization layer to handle its VMs
VM
management is performed directly in the machine where the VM resides
Gelato ICE - Singapore, October 2006
XenAE - Vision
Virtualization should, besides controlling the access to the underlying hardware, dynamically configure VM’s capacity to best attend system demands
The
configuration of VM’s to improve system performance must be handled dynamically by the virtualization layer
Virtualization environment
VM’s
must be executed and managed in a virtualized environment instead of a virtualization-enabled machine (transparency)
Virtualization
layer should perform the balancing between available resources and system demands
Gelato ICE - Singapore, October 2006
XenAE - Virtualization environment
Adapt VMs to attend system (OS+Apps) demands
Manage resources to improve overall system utilization
Gelato ICE - Singapore, October 2006
XenAE - Challenges
Perform an optimization of the systems being executed through VMs while maintaining overall system performance
Model system demands in relation to VM configuration parameters
Identify system behavior to predict load variation and dynamically increase or decrease VM’s capacity
Providing transparency for the creation and management of VMs in a distributed environment
Gelato ICE - Singapore, October 2006
XenGrid - Motivation
Software experiments over a distributed system is hard to reproduce
Resources
Network
Hard
availability variation
load variation
to get access to third-parties resources
However, it is a important platform to current applications
Grid
computing
P2P
computing
Web
services
Gelato ICE - Singapore, October 2006
XenGrid - State of the art
Simulation
Use
of a high-level mathematic model of the system
Requires
translation software being tested to the simulation language
Too
much abstract, can fail to predict low-level components’ behaviour
Emulation
Use
of a local network to emulate the behaviour of a distributed system
It
is a distributed application that executes the experiment
Experiment
must be compatible with the emulator
Gelato ICE - Singapore, October 2006
XenGrid - Vision
Use virtualization to support experiments over a distributed environment
Virtual distributed environment
Can support a large amount of experiments (VMs can adapt to the experiment)
GUI allowing users to design the distributed system
Machines specs and connections among them
Building blocks to platform components (HW and SW)
Deployment of the virtual environment into the physical one
Physical environment: cluster, NOW, both…
Efficient storage of experiments’ states (further utilization)
Gelato ICE - Singapore, October 2006
Switch 1 Latency = X Switch 2
Bandwidth = Y Router 1
Router 2
Distributed topology required by the user
Cluster running Xen
Gelato ICE - Singapore, October 2006
XenGrid - Challenges
Creation of virtual networks whit the network capacity requested by the user
Simulate a WAN in a LAN
Efficient way of store applications and configurations (VMs)
Efficient storage/recover of state of an experiment
Fine control of the experiment by its owner
GUI for system creation, monitoring, management, deployment and tracking of applications execution.
Determination of a methodology to map user requirements to resources present in the site
Keep both the experiment and the environment realistic
Gelato ICE - Singapore, October 2006
Linux Scalability
Overview/Problem Definition
Although Xen supports SMP machines, its scalability on this type of machine has not been assessed. We will also improve Xen operating systems support in NUMA machines
Technical Approach
Evaluate
Xen scalability in machines with several processors
Investigate the ability of Xen to provide the correct NUMA information to the operating systems that are running on top of Xen
Gelato ICE - Singapore, October 2006
Performance and Security Testing
Overview/Problem Definition
Evaluate the impact of introducing the additional computation layers necessary to provide virtual resources to applications
Investigate performance metrics of relevance for XEN IA-64 virtual machine monitor and a benchmark-based testing strategy for these metrics
Investigation of strategies for security testing of Xen
Some security vulnerabilities can be detected with static analysis of the source code Focus on possible vulnerabilities introduced by the virtual machine monitor
Gelato ICE - Singapore, October 2006
Performance and Security Testing
Technical Approach
Study of performance/availability metrics for virtual machine monitors Elaboration of performance models Investigation/development of benchmarks for comparing the actual performance with the results predicted by the model Study of source code analysis techniques applicable to Xen Selection and/or development of testing strategy/algorithm Implementation (if needed)
Gelato ICE - Singapore, October 2006
Where are we today
What we have
Open-source tools for Xen deployment and management in site resources based on a vGrid description (XML)
Performance evaluation of enterprise benchmarks executing over Xen IA-32
Looking Ahead
Performance evaluation of enterprise benchmarks executing over Xen IA-64
Evaluation of Xen scalability in machines with several processors
Security testing results, techniques and tools for IA-64 Xen
Performance test benchmarks and results for IA-64 Xen
Gelato ICE - Singapore, October 2006
Conclusions
Bad News
Xen
IA-64 running over Debian/Sarge is not mature
yet!
Unstable Unpredictable Insecure
Good News
We
obtained very nice results with Xen IA-32
HP and other companies are committed to improve the code for IA-64 and include in the mainstream distributions
Very active IA-64 dev_list at Debian Source
We expect Xen IA-64 to catch up soon!
Contact
[email protected]