Thursday, September 17, 2009

Xen

Xen is a virtualization platform that allows one PC or server to run multiple operating systems simultaneous. This allows the users to do things like running different operating systems from the same machine or to provide one operating system for each application. The latter is good because it gives each application a clean execution environment. This ensures that different applications don't interact in mysterious ways and that one doesn't accidentally or intentionally bring the whole system down. It also allows for a more overall robust system as Xen is smaller than a full operating system and therefore less software (and less bugs) have to run at the highest privilege level.

The chapter on Xen in the book Beautiful Architecture presents it as an architecture built on distrust. Since each user is encapsulated in their own OS they have less opportunities to interfere with other users or the execution environment (Xen). In addition the client is somewhat more secure since they run their own environment, although as one other An-Hoe Shih pointed out there are still security risks involved as the virtualization platform might contain malicious code. However, this requires that the service provider is malicious and the client is still more secure against other clients.

What interest me most with Xen is the way the architecture divides concerns into different processors for security. Each operating system runs in its own process with dom0 being the supervisor. In addition it even allows different device drivers to be farmed out to completely new driver domains. The rationale for this is safety, and indeed processors aren't only for speed, but the side effect of this is a very scalable system as cores per chip are likely to move into the tens and hundreds.

It also makes me wonder whether we are finally getting ready to welcome the microkernel operating systems. In the nineties many argued their case, but they never quite made it through to most popular systems (Mac OS X being the exception). The reason for this was probably that they never reached the speed of well designed monolithic or hybrid kernels. But if we are ready to accept multiprocessor web-browser and whole virtualization platform indirections for safety and encapsulation then surely microkernels can't be that bad anymore. Besides, they too would have a good scaling story on future chips.

No comments:

Post a Comment