Virtual Open Systems Newsletter
Edition of March 2014
In this edition Virtual Open Systems highlights KVM-on-ARM virtualization, Virtual-BFQ coordinated scheduler, FP7 SAVE and DREAMS research projects, KVM sVirt on omap5, ETSI NFV Vosys PoC, Snabbswitch network traffic fast packet processing:
- Product news: Virtual-BFQ Coordinated Scheduler in ARM Systems
- Leading the innovation: FP7 SAVE Project
- Leading the innovation: FP7 DREAMS Project
- Golden guide: KVM sVirt on OMAP5
- ETSI Standardization: NFV VOSYS ARMv8 PoC
- Networking Open Source: SnabbSwitch Network Fast Traffic
Achievements about Virtualization in ARM Embedded Platforms & Networking
Product news: Virtual-BFQ Coordinated Scheduler in ARM Systems
High latency or slow responsiveness issues may occur in a virtualized environment, if guests and the host are performing storage I/O operations concurrently. For this reason Virtual Open Systems has developed a new storage I/O scheduler called Virtual-BFQ (V-BFQ). V-BFQ extends the BFQ scheduler and applies the concept of coordinated scheduling. The goal of V-BFQ is to minimize latency and improve application responsiveness in scenarios where the system is saturated with heavy I/O workloads. In such cases, interactive and soft real-time applications, experience degradation in performance, delays and buffering problems. With V-BFQ in action, this kind of applications are identified by the scheduler in the guest, and subsequently are given priority to the physical storage medium by the host/hypervisor. Virtual Open Systems provides additional support to integrate V-BFQ to specific use cases and platforms.
Leading the innovation: FP7 SAVE Project
SAVE is an EU FP7 project, active since September 2013, pushing heterogeneous system architecture to improve the performance of embedded devices and HPC. The saveHSA architecture is composed by host CPU, GPU and FPGA based accelerators called DFE. The main target is an efficient virtualization-aware offloading technology combined with orchestrator to optimally distribute tasks on CPUs and hardware accelerators (GPUs, DFEs), even across virtual machine boundaries. Virtual Open Systems is providing the saveHSA hypervisor, based on the Linux KVM on ARM and VFIO for an efficient (low overhead) and innovative way to virtualize accelerators. Integration with the saveHSA orchestrator allows tasks to be optimally assigned to the available resources while preserving crucial isolation between virtual machines. The requirements for GPU and DFE virtualization have been defined and the development on supporting the saveHSA architecture with VFIO has been initiated by Virtual Open Systems.
Leading the innovation: FP7 DREAMS Project
Virtual Open Systems is actively involved since October 2013 in DREAMS, Distributed REal-time Architecture for Mixed criticality Systems, an EU FP7 project. The main challenge for DREAMS project is to manage applications having mixed-criticality requirements in modern networked multi-core chips. The main contribution from Virtual Open Systems includes the exploitation of virtualization technologies for security, safety and real-time performance, at chip as well as network levels. Virtual Open Systems' key contribution is the exploration and implementation of virtualization layer at the chip level using KVM/ARM hypervisor, for which key research axes include the co-existence of RTOS and GPOS, interrupt virtualization, real-time scheduling, secure computing and coordinated I/O scheduling for optimal performance. Virtual Open Systems has researched and identified a hierarchical virtualization approach to meet both hard real-time and general purpose computing requirements of DREAMS project, which will be implemented on ARMv8 SoCs.
Golden guide: KVM sVirt on OMAP5
Security plays a key factor in virtualized environments such as automotive, consumers, mobile and servers. Virtual Open Systems is actively involved in this field, developing innovative solutions to secure virtual machines (VM) and protect guest operating systems from security threats that may come from other VMs or the host as well. As matter of fact, Virtual Open Systems has introduced a new security layer to the KVM-on-ARM stack through SELinux and sVirt. SELinux, developed and open sourced by the National Security Agency (NSA) over 10 years ago, provides MAC (Mandatory Access Control) security policy to explicitly authorized virtual machine to access system resources and denies everything else. While sVirt protects against untrusted guests and misconfigured hosts. In addition Virtual Open Systems has published a guide describing how to secure KVM/ARM virtual machines on the TI OMAP5 uEVM development board.
ETSI Standardization: NFV VOSYS ARMv8 PoC
Network functions Virtualization (NFV) is a pivotal technology for the evolution of fixed and mobile network infrastructures by offering a new way to design, deploy and manage networking services. It enables to run networking components in software in a fully virtualized infrastructure based on standard servers eliminating the need of developing customized hardware platform. Virtual Open Systems as a member of the NFV specification group, is actively working to propose and demonstrate real scenarios and use cases within the NFV ecosystem. In this context, Virtual Open Systems is proposing an NFV Proof of Concept (PoC) that aims to evaluate and prove the feasibility of ARM platforms in the future Network Function Virtualization market. In particular the company is focusing on I/O virtualization use cases, to better optimize scenarios that depend on high throughput, low latency and the exposure of hardware accelerators in VNFs.
Networking Open Source: SnabbSwitch Network Fast Traffic
Virtual Open Systems in partnership with Snabb, is working on extending SnabbSwitch with virtio-net. The target is to create an OpenStack based NFV open source solution for the needs of the telecom industry. SnabbSwitch provides fast and easy packet processing of network traffic, and with the use of Lua scripting, it closes the gap between linux kernel system programmers and network software engineers. Virtual Open Systems has developed vhost-user, a protocol for replacing the in-kernel Linux vhost infrastructure with a user-space implementation, coupling directly the fast path between virtual machines and user-space applications. An ongoing effort is underway to bring this functionality in the QEMU community, and a relevant implementation is already employed in SnabbSwitch, providing high performance network connectivity to KVM guests. Both companies will continue their cooperation in bringing NFV networking solutions closer to network engineers.