0
46kviews
Explain Xen architecture in detail.
1 Answer
4
2.9kviews

enter image description here

  • Xen is an open source hypervisor program developed by Cambridge University.
  • Xen is a microkernel hypervisor, which separates the policy from the mechanism.
  • The Xen hypervisor implements all the mechanisms, leaving the policy to be handled by Domain 0, as shown in figure does not include any device drivers natively.It just provides a mechanism by which a guest OScan have direct access to the physical devices. As a result, the size of the Xen hypervisor is keptrather small.
  • Xen provides a virtual environment located between the hardware and the OS.
  • A number of vendors are in the process of developing commercial Xen hypervisors, among the mare Citrix XenServer and Oracle VM.
  • The core components of a Xen system are the hypervisor, kernel, and applications.
  • The organization of the three components is important.
  • Like other virtualization systems, many guest OSescan run on top of the hypervisor.
  • The guest OS, which has control ability, is called Domain 0, and the others are called Domain U. Domain 0 is a privileged guest OS of Xen.
  • It is first loaded when Xen boots without any file system drivers being available. Domain 0 is designed to access hardware directly and manage devices. Therefore, one of the responsibilities of Domain 0 is to allocate and map hardware resources for the guest domains (the Domain U domains).
  • For example, Xen is based on Linux and its security level is C2. Its management VM is named Domain 0, which has the privilege to manage other VMs implemented on the same host.
  • If Domain0 is compromised, the hacker can control the entire system. So, in the VM system, security policies are needed to improve the security of Domain 0.
  • Domain 0, behaving as a VMM, allows users to create, copy, save, read, modify, share, migrate, and roll back VMs as easily as manipulating a file, which flexibly provides tremendous benefits for users.
  • It also brings a series of security problems during the software life cycle and data lifetime.
  • Traditionally, a machine’s lifetime can be envisioned as a straight line where the current state of the machine is a point that progresses monotonically as the software executes.
  • During this time, configuration changes are made, software is installed, and patches are applied. In such an environment, the VM state is in to a tree: At any point, execution can go into N different branches where multiple instances of a VM can exist at any point in this tree at any given time. VMs are allowed to roll back to previous states in their execution (e.g., to fix configuration errors) or rerun from the same point many times (e.g., as a means of distributing dynamic content or circulating a “live” system image).
Please log in to add an answer.