Intel new version of hypervisor . The hypervisor is built around components
joint project , in which, in addition to Intel, Alibaba, Amazon, Google and Red Hat also participate. Rust-VMM is written in the Rust language and allows you to create task-specific hypervisors. The Cloud Hypervisor is one such hypervisor that provides a high-level virtual machine monitor (VMM) that runs on top of KVM and is optimized for cloud-native tasks. Project Code licensed under Apache 2.0.
Cloud Hypervisor is focused on running modern Linux distributions using virtio-based paravirtualized appliances. Among the key tasks mentioned are: high responsiveness, low memory consumption, high performance, simplification of configuration and reduction of possible vectors for attacks.
Emulation support is kept to a minimum and the emphasis is on paravirtualization. Currently only x86_64 systems are supported, but AArch64 support is on the way. Of the guest systems, only 64-bit Linux builds are currently supported. CPU, memory, PCI and NVDIMM settings are made at the build stage. It is possible to migrate virtual machines between servers.
In the new version:
- Work continued on moving paravirtualized I/O to separate processes. Added the ability to use backends to interact with block devices . The change allows you to connect block devices based on the vhost-user module to the Cloud Hypervisor, such as , as backends for paravirtualized storage;
- Introduced in the last release, support for moving network operations to backends , extended with a new backend based on a virtual network driver . The backend is written in Rust and is now used in Cloud Hypervisor as the main paravirtualized network architecture;
- To increase the efficiency and security of communications between the host environment and the guest system, a hybrid implementation of sockets with AF_VSOCK addressing (virtual network sockets) working through virtio is proposed. Implementation is based on the developments of the project developed by Amazon. VSOCK allows you to use the standard POSIX Sockets API for interaction between applications on the side of the guest system and the host, which makes it easy to adapt ordinary network programs for such interaction and implement the interaction of several client programs with one server application;
- Initial support for a management API using the HTTP protocol has been provided. In the future, this API will allow initiating asynchronous operations on guest systems, such as hot plugging resources and migrating environments;
- Added a transport implementation layer based on virtio MMIO (Memory mapped virtio), which can be used to create minimalistic guest systems that do not require PCI bus emulation;
- As part of an initiative to expand support for running nested guest systems in Cloud Hypervisor, the ability to forward paravirtualized IOMMU devices through virtio has been added, which allows you to increase the security of nested and direct device forwarding.
- Provided support for Ubuntu 19.10;
- Added the ability to run guest systems with more than 64 GB of RAM.
Additionally, it can be noted adjacent virtual machine monitor , also written in Rust, based on Rust-VMM and running on top of KVM. Firecracker is a fork of the project used by Google to run applications ΠΈ in ChromeOS. Firecracker is being developed by Amazon Web Services to improve the performance and efficiency of the AWS Lambda and AWS Fargate platforms.
The platform is designed to run virtual machines with minimal overhead and provides tools for creating and managing isolated environments and services built using a serverless development model (function as a service). Firecracker offers lightweight virtual machines, called microVMs, that use hardware virtualization technologies to fully isolate them, yet provide the performance and flexibility of traditional containers. For example, when using Firecracker, the time from the start of the microVM to the start of the application does not exceed 125ms, which allows you to launch new virtual machines with an intensity of up to 150 environments per second.
The new release of Firecracker has added a mode of operation without running an API handler ("--no-api"), which limits the environment to only hard-coded settings in the configuration file. Static configuration is specified via the "--config-file" option and is defined in JSON format. Of the command line options, support for the βββ delimiter has also been added, after which the flags are passed along the chain without processing.
Firecracker developer Amazon also on sponsorship of developers of the Rust programming language. It is noted that Rust is increasingly used in the company's projects and developments on it have already been implemented in services such as Lambda, EC2 and S3. Amazon provided the Rust project with the infrastructure to store releases and builds in S3, run regression tests on EC2, and maintain a docs.rs site with documentation for all packages from the crates.io repository.
Amazon also program , where open projects can get free access to AWS services that can be used for resource storage, build, continuous integration, and testing. Of the projects already approved for participation in the program, in addition to Rust, AdoptOpenJDK, Maven Central, Kubernetes, Prometheus, Envoy and Julia are noted. Applications are accepted from any open source projects supplied under licenses approved by OSI.
Source: opennet.ru