Our paper about virtual appliance configuration and management was accepted to the TeraGrid 2007 conference and is now online: A Scalable Approach To Deploying And Managing Appliances.
This paper examines configuration and security issues that large and heterogeneous deployments of virtual appliances/workspaces will face.
From the introduction:
The goal of this paper is to develop a holistic approach that would provide scalable and sustainable ways of managing and deploying virtual workspaces implemented as VM images. We will discuss ways of leveraging existing configuration management tools, exemplified by the Bcfg2 system, for VM image lifecycle management that will allow systems staff to deploy robust virtualized resources for their users. We will also describe the process of contextualization — integration of an appliance in its deployment context — and discuss its reference implementation using Bcfg2 and the Workspace Service.
My colleague Borja Sotomayor’s Masters paper, A Resource Management Model for VM-Based Virtual Workspaces, is now available for download. Congratulations Borja!
This is a long but well organized paper that goes into detail about different resource management scenarios for VMs and grid computing. It includes discussion and experimental results of combining different scheduling techniques for VMs (including advanced reservation) and accurately dealing with overheads (this problem is introduced in Overhead Matters: A Model for Virtual Resource Management).
Abstract follows in quotes. I also recommend the two page introduction to get a better idea of what this is all about.
Virtual workspaces provide an abstraction for dynamically deployable execution environments on a Grid. For this abstraction to be effective, it must be possible to provide on-demand software environments and enforceable fine grained resource allocations for these workspaces. Virtual machines are a promising vehicle to realize the virtual workspace abstraction, as they allow us to instantiate a precisely defined virtual resource, configured with desired software configuration and hardware properties, on a set of physical resources.
In this paper, we describe a model of virtual machine provisioning in a Grid environment that allows us to define such virtual resources and instantiate them on a physical Grid infrastructure. Our model focuses, firstly, on providing users with an accurate representation of virtual resources. To accomplish this, the overhead resulting from instantiating and managing virtual resources is scheduled at the same level as virtual resources, instead of being deducted from a user’s resource allocation. Secondly, our model also focuses on efficiently managing virtual resources by reducing the amount of overhead.
We argue that this model, compared to resource management models that rely on the job abstraction for remote execution, enables resource providers to accurately provision resources to users, while using their physical resources efficiently. We show experimental results that demonstrate the benefits of this model both from the resource providers and the user’s perspective, in two common resource management scenarios for virtual workspaces: advance reservations and batch-style submissions.
For more relevant talks and papers from the group, see the Workspace publications page.
In this month’s Globus Consortium Journal is an article by Kate Keahey giving an update on VTDC 06 (she was the PC). She discusses adoption issues, especially current missing links. Highly recommended if you are interested in the intersection between Grid computing and virtualization!
From the VEE 07 call for papers:
The 2007 ACM International Conference on Virtual Execution Environments Call For Papers
VEE brings together researchers and practitioners in the area of virtual execution environments for programs. These areas include such topics as high-level language virtual machines (JVMs, CLRs, etc.), process and system virtual machines, hardware support for virtualization, interpreters, translators, machine emulators, and simulators. The VEE conference seeks original papers in areas including, but not limited to:
* Virtual machines for high-level languages
* High-level languages for virtualization
* System support for virtual execution environments
* Virtual execution environment support for parallelism
* Virtualization for security, correctness, and reliability
* Dynamic compilation techniques
* Binary translation and optimization
* Novel aspects or applications of interpreters
* Processor/architecture simulators
* Experiences with virtual execution environments
Paper submission deadline is Monday, February 5th, 2007.
VEE 07 website
I ran across an interesting overview paper, Attacks on Virtual Machine Emulators by Peter Ferrie, Senior Principal Researcher, Symantec Advanced Threat Research.
Abstract - As virtual machine emulators have become commonplace in the analysis of malicious code, malicious code has started to fight back. This paper will explain known attacks against the most widely used virtual machine emulators (VMware and VirtualPC). It will also demonstrate newly discovered attacks on other virtual machine emulators (Bochs, Hydra, QEMU, and Xen), and describe how to defend against them.
A lot of the paper covers detection which I would say is different from an attack.
An interesting thing discussed is a way to use the CPUID instruction in combination with examining pages in the TLB to detect the presence of VMMs (cf. this previous entry here).
There is also a description of an authentication method that Parallels employs, a session key placed into the general registers by the guest (it also discusses a way of crashing Parallels on demand).
Slides and the paper can be downloaded from the author’s homepage.
(This is part of a series of entries)
Because Xen and KVM both support unmodified guests, I’d speculate that in the long run their raw CPU performance will converge on whatever concrete limitation that hardware-assisted virtualization presents. And paravirtualization may continue to reign here, or it may not. The harder issues to think about are disk and network I/O.
I was part of an investigation into how to make resource guarantees for workspaces under even the worst conditions on non-dedicated VMMs (Division of Labor: Tools for Growth and Scalability of Grids). The amount of CPU needed to support the guests’ I/O work (what I like to casually call the “on behalf of” work in the service domain) was pretty high and we looked at how to measure what guarantees were needed for the service domain itself to make sure the guest guarantees were met. So we had to write code that would extrapolate the CPU reservations needed across all domains (including the service domain).
One major source of the extra CPU work is context switching overhead, the service domain needs to switch in to process pending I/O events (on large SMPs, I’ve heard recommendations to just dedicate a CPU to the service domain). Also, in networking’s case, the packets are zero copy but they must still traverse the bridging stack in the service domain.
One important thing to consider for the long run on this issue is that there is a lot of work being done to make slices of HW such as Infiniband available directly to guest VMs, this will obviate the need for a driver domain to context switch in. See High Performance VMM-Bypass I/O in Virtual Machines
Container based, kernelspace solutions offer a way out of a lot of this overhead by being implemented directly in the kernel that is doing the “on behalf of” work. They also take advantage of the resource management code already in the Linux kernel.
They can more effectively schedule resources being used inside their regular userspace right alongside the VMs (I’m assuming) — and more easily know what kernel work should be “charged” to what process (I’m assuming). These two things could prove useful, avoiding some of the monitoring and juggling that is needed to correctly do that in a Xen environment (see e.g., the Division of Labor paper mentioned above and the Xen related work from HP).
There is an interesting paper Container-based Operating System Virtualization: A Scalable, High-performance Alternative to Hypervisors out of Princeton.
The authors contrast Xen and VServer and present cases where hard-partitioning (that you find in Xen) breeds too much overhead for grid and high performance use cases. Where full fault isolation and OS heterogeneity are not needed, they advocate that the CPU overhead issues of Xen I/O and VM context switches can be avoided.
(The idea presented there of live updating the kernel (as you migrate the VM) is interesting. For jobs that take months (that will miss out on kernel updates to their template images) or services that should not be interrupted, this presents an interesting alternative for important security updates (though for Linux, I’m under the impression that security problems are far more of a problem in userspace).)
