KVM is still Linux. Xen is still not.

It’s been gratifying to see lots of folks finding my site a couple of months after my first post, reading the article “KVM is Linux, Xen is Not“, and retweeting it to a broader audience. I seem to have hit a nerve, and I hope I have provided some value in helping folks understand the differences between KVM and Xen.

If you’ve read in the last couple of weeks, you probably noticed that posting has attracted some less than positive comments from Xen adherents.

All cards on the table: I am a KVM adherent. I work for Red Hat, and I work on a KVM-based product. Moreover, I personally believe that KVM is the best technology going forward for open source virtualization.

My goal in the post was to point out the architectural differences between Xen and KVM, before and after the inclusion of some Xen code beginning with Linux 3.0. And yes, to poke some fun at Citrix and Oracle.

Based on the recent comments I’ve gotten, I thought it was worth writing a short post before going on to other topics.

I was tempted to do some editing to the original post (a footnote here, a qualification there), but aside from fixing a couple of incorrect links, I decided to let it stand as originally written and posted for better or worse.

I do apologize for initially pointing to the incorrect article as the attribution link for Simon Crosby’s quote. I have made that correction in the post.

But unless there are technical inaccuracies, I am not making any further edits. You the reader can decide if I was fair, pushing things to make a point, or way off base and need to apologize for muckraking.

Let’s step back in time a bit…

Now, the post is a bit out of its historical context. After all I wrote most of it in July of 2011 for a different forum to address a real issue–the confusion about what Xen being “accepted” into Linux actually means.

Confusion still reigns

Almost a year later, people still ask what that announcement from Oracle and Citrix means. And still the overwhelming impression that people come away with from reading the coverage and talking to sales people is that Xen is now integrated into Linux, and that KVM’s advantages in that regard are moot.

Addressing that confusion was the ultimate intent of the post.

Was it a bit cheeky to call out the Oracle and Citrix at the top of the article? Sure. Guilty as charged. It helped get the post out to a broader audience than I  expected for what at its heart is a relatively dry but important architectural distinction.

Is there anything technically inaccurate in the post? I haven’t heard of anything yet, but I commit to immediately correct any technical inaccuracies.

Did I not give the people behind the posts the benefit of the doubt? Maybe. I admit I was fixated on the inaccuracies and FUD circulating at the time.

I will say this: if you understand enough about the architecture of Xen, of KVM, and the process of including code in the Linux kernel, then reading in full the cited articles will give you an accurate account of what the Xen announcement means for Xen and for KVM.

If however you don’t know hypervisor architectures that well, or you only read the press and second hand accounts, or what a sales person told you, or the headlines and soundbites, then you probably got the wrong impression. This article was written for you.

Enough said.

I’m moving on to other topics. Feel free to comment.

About these ads

6 thoughts on “KVM is still Linux. Xen is still not.

  1. Just wanted to say thanks for the original article. I’m looking at starting my own business soon which will require some kind of VM servers, and its been quite hard to find decent breakdowns and comparisons of technology that is this niche, to help make decisions on which platform to commit too. (sofar most of what I’ve been able to find is youtube videos with some idiot trying to show you how to set up xen, inside of another virtualised desktop environment like VirtualBox…)

    Despite working for RedHat, As an entirely objective reader without a commitment to either system at this point, i thought your article was very well balanced and dealt with the actual facts. I was leaning towards Xen, but i think you’ve made it pretty clear which system i should be using.

    As for the detractors. Fanboys will be fanboys, and as you’ve pointed out, none of them could rebuff your points from any technical standpoint. It was all just a bunch of spin from what i could see.

  2. I’m only getting started with hypervisors but as far as I understand it, Chuck’s statement that Xen “cannot leverage directly Linux technologies such as transparent huge pages, CFS scheduler, paging, memory overcommitment with KSM, etc.” stands but so does the original blog post’s comment by northox stating “I see great value for XEN not being built on top of Linux – mainly from a security perspective”.

    qubes-os.org e.g. is an operating system that runs several Linux instances under Xen and is argued to secure each of them better because the Xen code is a much smaller piece of software than Linux since e.g. its drivers run in dom0, not directly in the hypervisor, thus being simpler to secure.

    So while a buggy wifi/gfx/usb driver might lead to your KVM hypervisor being compromised, leading to all instances running on it being compromised as well, Xen would be able to confine it to dom0. That’s not to say that a compromised dom0 is not a problem, just less of a problem than a compromised KVM host.

    I’m still very much trying to figure all of this out myself, so please do correct me where I’m wrong.

    • Actually, having learnt a bit more about this now I can say that my understanding was wrong: A compromised dom0 (which has all the tools to control the domUs) surely has got to mean the guests are compromised as well. I guess I still don’t fully understand where the claimed Xen security benefit lies.

  3. Pingback: Xen 进入 Linux 内核的意义

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s