Stefano Stabellini

Xen on x86 platforms offers two kinds of virtual machines: PV and HVM. PV is the oldest kind of guest, doesn't need any emulation, but requires extensive modifications to the guest operating system kernel. HVM is a newer kind of guest, which exploits hardware virtualization extensions, and offers an emulated PC-like environment. Linux typically runs on Xen as a PV guest but can also run as an HVM guest very efficiently. Windows runs as an HVM guest only.

QEMU is a critical component in Xen deployments because is in charge of emulating most devices for HVM guests, including IDE disks and PCI network cards. In fact in the Xen community QEMU is often called the "device model". QEMU's emulated interfaces are conveniently available for the guest to use. At the same time of course they are also exposed to malicious guests, which are inevitably going to try to find vulnerabilities in those interfaces, to take control over the system.

Therefore securing QEMU is critical. QEMU should be protected from guest attacks, not just in best case scenarios, where deployments use advanced and complex security hardening techniques, such as stubdoms or SELinux, but in all cases, for all users.

This presentation will show the defense in depth mechanisms which the Xen Project is putting in place to secure the execution of QEMU in Dom0 by default. The talk will explain the reasons behind the design choices and how they compare against other hypervisors and other deployment scenarios. Users will learn the trade-offs of the different solutions and will learn how to discern secure from insecure configurations.

This talk will explain how to deploy OpenStack using the Xen hypervisor to run your virtual machines.

It will start by describing the OpenStack architecture and its most important components. It will go into details on how to use DevStack to setup an OpenStack development environment based on Xen and Libvirt. It will also cover the most popular and robust deployment schemes for OpenStack with Xen and Libvirt aimed for production servers, including Ubuntu packages from the latest LTS, Chef and Puppet.

The audience will learn the most important OpenStack and Xen config options, the pitfalls to avoid in their deployment and how to tweak both of them to get the best performance and stability out of your OpenStack cloud.

During the last few months of 2011 the Xen Community started an effort to port Xen to ARMv7 with virtualization extensions, using the Cortex A15 processor as reference platform.

The new Xen port is exploiting this set of hardware capabilities to run guest VMs in the most efficient way possible while keeping the ARM specific changes to the hypervisor and the Linux kernel to a minimum. Developing the new port we took the chance to remove legacy concepts like PV or HVM guests and only support a single kind of guests that is comparable to "PVH" in the Xen X86 world.

Linux 3.7 was the first kernel release to run Xen on ARM as Dom0 and DomU. Xen 4.3, out in July 2013, is the first hypervisor release to support ARMv7 with virtualization extensions and ARMv8.

This talk will explain why ARM virtualization is set to be increasingly relevant for the automotive industry in the coming years. We will go on to describe how Xen exploits the strengths of the hardware to meet the requirements of the industry. We will illustrate the early design choices and we will evaluate whether they were proven successful or a failure.

The goals of the talk are to:

• describe the Xen architecture
• explain how Xen on ARM is different from Xen on x86

• provide a status update of the project

• explain what are the benefits of virtualization for the automotive industry

• explain what Xen provides for this use case that other hypervisors do not