Before Xen became part of the foundation, Kurth says, many people in the Linux community favored KVM. “The thinking really went along the lines of: KVM=Linux=Good. Xen=Citrix=Bad.” With the open source community connecting Xen with Citrix, the project’s features and open source nature were overlooked. Kurth says that Xen’s new role as a Linux Foundation Collaborative Project has changed how the community and press view it.
Tag Archives: xen
Xen to Become Linux Foundation Collaborative Project
The Xen Project is an open source virtualization platform licensed under the GPLv2 with a similar governance structure to the Linux kernel. Designed from the start for cloud computing, the project has more than a decade of development and is being used by more than 10 million users. As the project experiences contributions from an increasingly diverse group of companies, it is looking to The Linux Foundation to be a neutral forum for providing guidance and facilitating a collaborative network.
via Xen to Become Linux Foundation Collaborative Project | The Linux Foundation.
Erlang on Xen – at the heart of super-elastic clouds
Upon reception of an HTTP request, the demo spawns a new Xen domain with LING VM and a web application written in Erlang. After serving a single request the domain simply shuts itself down and frees all resources. The whole process takes 1.5-2sec
US-CERT Vulnerability Note VU#649219 – SYSRET 64-bit operating system privilege escalation vulnerability on Intel CPU hardware
A ring3 attacker may be able to specifically craft a stack frame to be executed by ring0 (kernel) after a general protection exception (#GP). The fault will be handled before the stack switch, which means the exception handler will be run at ring0 with an attacker’s chosen RSP causing a privilege escalation.
Details from Red Hat
RHSA-2012:0720-1 & RHSA-2012:0721-1: It was found that the Xen hypervisor implementation as shipped with Red Hat Enterprise Linux 5 did not properly restrict the syscall return addresses in the sysret return path to canonical addresses. An unprivileged user in a 64-bit para-virtualized guest, that is running on a 64-bit host that has an Intel CPU, could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the hypervisor level. (CVE-2012-0217, Important)
HVM Compatible Processors
This should be useful to someone looking for HardwareVirtualMachine (HVM) compatibility by specific processors. In other words, CPU’s utilizing AMD SVM (Secure Virtual Machine), or Intel(R) Virtualization Technology (currently VT-x).
Xen Guest (DomU) Installation
xm commands
List Domains (Xen Guests)
# xm list
Start a Guest
# xm create [guest-config]
Connect to a guest console ( Back: ESC-] (US-keyboard), Ctrl-5 (German keyboard))
# xm console [guest_name]
Shutdown a guest
# xm shutdown [guest_name]
Destroy (Power off) a guest
# xm destroy [guest_name]
Monitor guests
# xm top
virsh commands
# virsh
virsh # help
virsh start [guest_name]
Setting up Stable Xen Dom0 with Fedora
Xen – KVM – Linux – and the Community
KVM is a type-2 hypervisor built into the Linux kernel as a module and will ship with any Linux distribution moving forward as no work is required for the Linux distributions to add KVM. Having a virtualization platform built-in to the Linux kernel will be valuable to many customers looking for virtualization within a Linux based infrastructure; however these customers will lose the flexibility to run a bare-metal hypervisor, configure the hypervisor independent of the host operating system, and provide machine level security as a guest can bring down the operating system on KVM. Xen, on the other hand is a type-1 hypervisor built independent of any operating system and is a complete separate layer from the operating system and hardware and is seen by the community and customers as an Infrastructure Virtualization Platform to build their solutions upon.
Installing and Configuring Fedora Xen Virtualization
There are two common approaches to virtualization – full virtualization and para-virtualization. Full virtualization provides complete abstraction between the hardware and the guest operating system. In this scenario, the guest operating system is provided a complete virtual physical environment in which to run and, as such, is unaware that it is running inside a virtual machine. One advantage of full virtualization is that the operating system does not need to be modified in order to run in a virtualized environment. This means that proprietary operating systems such as Windows can be run on Linux systems.
Disadvantages of full virtualization are that performance is slightly reduced as compared to para-virtualization, and some virtualization platforms, such as Xen, require CPUs with special virtualization support built in (such as Intel-VT and AMD-V).
via Installing and Configuring Fedora Xen Virtualization – Techotopia.
The Perfect Xen 3.0.1 Setup For Debian
This tutorial provides step-by-step instructions on how to install Xen (version 3.0.1) on a Debian Sarge (3.1) system.
Xen lets you create guest operating systems (*nix operating systems like Linux and FreeBSD), so called “virtual machines” or domUs, under a host operating system (dom0). Using Xen you can separate your applications into different virtual machines that are totally independent from each other (e.g. a virtual machine for a mail server, a virtual machine for a high-traffic web site, another virtual machine that serves your customers’ web sites, a virtual machine for DNS, etc.), but still use the same hardware. This saves money, and what is even more important, it’s more secure. If the virtual machine of your DNS server gets hacked, it has no effect on your other virtual machines. Plus, you can move virtual machines from one Xen server to the next one.
Via The Perfect Xen 3.0.1 Setup For Debian | HowtoForge – Linux Howtos and Tutorials.
This howto works for other distros as well.
I’ve gone this far without ever having to compile a kernel … until now. 🙂 Though the howto is a bit dated, I downloaded the latest xen distro here. (xen 4.1.1)