Xen 4.5 Boosts Virtualization Security

By Sean Michael Kerner  |  Posted 2015-01-15 Print this article Print
virtualization security

Kurth added that the Xen development community has also been working on enabling introspection on ARM guests, but it wasn't fully completed for Xen 4.5. The expectation is that the ARM introspection changes will make it into Xen 4.6, he said.

Overall ARM support has improved in the Xen 4.5 release, however, with increased RAM support.

"Previously we only supported a little less than 1GB of memory per VM on ARM," Stabellini said. "Raising the maximum amount of guest memory from 1GB to 1TB is a huge step forward and puts Xen on ARM at the same level of Xen on x86."

Xen 4.6

Looking forward to the rest of 2015, the Xen Project is working on a number of initiatives. While the release date for the next Xen milestone update has not been announced, Stabellini said it will likely be in the third quarter of the year.

Among the potential features that will land in a Xen update later in 2015 is support for guest NUMA (Non-Uniform Memory Access). Stabellini explained that the potential feature provides the ability to export NUMA information to virtual machines in order to allow the guest operating system to make smarter choices about memory allocation.

"In addition, we have a few interesting ideas on how to further improve hypervisor security and the performance of paravirtualized IO protocols, disk and network in particular," Stabellini said.

Kurth also expects continued focus on Xen security hardening throughout 2015. The Xen hypervisor is widely deployed in public cloud infrastructures including Amazon, IBM and Rackspace. On Oct. 1, 2014, the Xen Project revealed that, prior to the flaw's public disclosure, it had fixed a critical flaw that triggered a public cloud reboot.

From Kurth's perspective, 2015 will also be about continuing to grow the Xen community, not just in terms of participation but also in terms of process. He noted that the code contributions from new participants in the Xen community are important, as is the ability within the existing community to be able to review contributions.

"One of the challenges we are facing as a community today is that we have many newcomers who are still learning how to effectively work with the community," Kurth said.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel