[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] nested virtualizaiton test report for Xen 4.3-RC1


  • To: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
  • From: Rich Persaud <Richard.Persaud@xxxxxxxxxx>
  • Date: Mon, 1 Jul 2013 19:23:07 +0000
  • Accept-language: en-US
  • Delivery-date: Mon, 01 Jul 2013 19:23:42 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xen.org>
  • Thread-index: Ac5NbpkOvTZ/oXqmQTu9vg3dkxk4Rwl9tekAAAJpW4AAxb1bgA==
  • Thread-topic: [Xen-devel] nested virtualizaiton test report for Xen 4.3-RC1

On Thu, Jun 27, 2013 at 12:37:56PM +0100, George Dunlap wrote:
> On Fri, May 10, 2013 at 12:07 PM, Ren, Yongjie <yongjie.ren@xxxxxxxxx> wrote:
> > Hi All,
> > This the a nested virtualization test report for Xen 4.3-RC1 on Intel 
> > hardware. We use Linux 3.9.1 as Dom0.
> > a. Virtual EPT and VMCS shadowing features can work fine.
> > b. Xen, KVM and VMware can basically work on top of L0 Xen.
> > c. 32bit/64bit Linux and Windows are covered as L2 guests.
> 
> Sorry I just saw this -- thanks for the nice enumeration.
> 
> Two questions.  First, I don't see the Win7 "XP compatibility mode" on
> this list -- that would be L0 Xen, L1 Win7, L2 XP.  This seems like
> probably the most likely actual real-world use of nested virt.  Is
> that on your radar at all?
> 
> Secondly, what do you think is the primary use case for Xen-on-Xen (or
> KVM-on-Xen, &c)?  Who would want to use it and why?
 
One use case is u-Xen (used by Bromium) on XenClient XT.

Who could use it: XC-XT users who isolate VM workloads of different security 
levels, who want to isolate specific tasks (e.g. web browsing) within a single 
VM.

Why would they use it? For defense in depth, XC-XT could provide VM isolation 
(boot-time TXT measured launch and VT-d isolation of NICs) while u-Xen could 
provide run-time task separation within an isolated VM.

Rich

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.