The team behind the open source Xen hypervisor announced today provided an update to the project that adds better nested performance, more robust live patching capabilities, improved security and support for Linux subdomains that make it possible to execute code within a specialized domain.
In addition, Xen Project Hypervisor 4.14 adds the ability to run Xen as a guest under Hyper-V, the hypervisor Microsoft employs on the Azure cloud.
George Dunlap, Xen Project Advisory Board Chair, said that latter capability will make it easier to create centrally managed hybrid cloud computing environments that span lightweight instances of Xen at the network edge and instances of Xen running in the Microsoft Azure Cloud. Xen is a core component of the Edge Virtualization Engine (EVE) being developed by LF Edge, which, like the Xen Project, is being developed under the auspices of The Linux Foundation.
Dunlap also noted IT teams can employ Xen Project Hypervisor to run containers on top of virtual machines, which makes it possible to centrally manage the deployment of containerized applications from the edge to the cloud.
Xen Project Hypervisor 4.14 also extends Raspberry Pi 4 support for devices with 4GB and 8GB of RAM, in addition to supporting the next-generation AMD EPYC processor, codenamed Milan.
Finally, Xen Project Hypervisor 4.14 adds support for faster introspection of malware; the ability to live-patch security fixes in a way that ensures they are implemented in the right order; and control flow tools to combat Return-Oriented Programming (ROP) attacks.
Dunlap noted the Xen team continues to work on Secret-free Xen, which prevents memory from being mapped as part of a side-channel attack.
Golang bindings are also been expanded to make it easier to develop code on top of Xen using the Go programming language, and add the ability to migrate virtual machines with no drivers or broken drivers.
While there is no shortage of options when it comes to virtual machines, Dunlap said the more they are viewed as a commodity the more likely organizations will opt to rely on an open source project, as many organizations are deciding there isn’t enough differentiated value to warrant paying for a commercial license.
It’s too early to say how much organizations will continue to rely on virtual machines. Many IT teams do so now to provide a layer of isolation that is often deemed critical for security. Other IT teams are starting to rely more on containers deployed on bare-metal servers or a lighter-weight instance of a virtual machine that serves only to isolate workloads.
Regardless of the path forward, the more platforms that run a common layer of virtual infrastructure, the easier it is to manage a hybrid IT environment. The real challenge is being able to enforce that level of IT discipline in an era where developers often spin up virtual machines wherever they find them.