On the Performance of the Solaris Operating System Under the Xen Security-Enabled Hypervisor Alexei Bavelski
Total Page:16
File Type:pdf, Size:1020Kb
Final Thesis On the Performance of the Solaris Operating System under the Xen Security-enabled Hypervisor by Alexei Bavelski LITH-IDA-EX--07/030--SE 2007-05-10 Linköpings universitet Department of Computer and Information Science Final Thesis On the Performance of the Solaris Operating System under the Xen Security-enabled Hypervisor by Alexei Bavelski LITH-IDA-EX--07/030--SE 2007-05-10 Supervisor: Prof. Dr. Christoph Schuba Examiner: Prof. Dr. Christoph Schuba Datum Avdelning, institution Date Division, department Institutionen för datavetenskap Department of Computer and Information Science 2007-05-10 Linköpings universitet Språk Rapporttyp ISBN Language Report category Svenska/Swedish Licentiatavhandling ISRN LITH-IDA-EX--07/030--SE X Engelska/English X Examensarbete C-uppsats Serietitel och serienummer ISSN D-uppsats Title of series, numbering Övrig rapport URL för elektronisk version http://www.ep.liu.se/ Titel Title On the Performance of the Solaris Operating System under the Xen Security-enabled Hypervisor Författare Author Alexei Bavelski Sammanfattning Abstract This thesis presents an evaluation of the Solaris version of the Xen virtual machine monitor and a comparison of its performance to the performance of Solaris Containers under similar conditions. Xen is a virtual machine monitor, based on the paravirtualization approach, which provides an instruction set different to the native machine environment and therefore requires modifications to the guest operating systems. Solaris Zones is an operating system-level virtualization technology that is part of the Solaris OS. Furthermore, we provide a basic performance evaluation of the security modules for Xen and Zones, known as sHype and Solaris Trusted Extensions, respectively. We evaluate the control domain (know as Domain-0) and the user domain performance as the number of user domains increases. Testing Domain-0 with an increasing number of user domains allows us to evaluate how much overhead virtual operating systems impose in the idle state and how their number influences the overall system performance. Testing one user domain and increasing the number of idle domains allows us to evaluate how the number of domains influences operating system performance. Testing concurrently loaded increasing numbers of user domains we investigate total system efficiency and load balancing dependent on the number of running systems. System performance was limited by CPU, memory, and hard drive characteristics. In the case of CPU-bound tests Xen exhibited performance close to the performance of Zones and to the native Solaris performance, loosing 2-3% due to the virtualization overhead. In case of memory-bound and hard drive-bound tests Xen showed 5 to 10 times worse performance. Nyckelord Keywords Xen Hypervisor, sHype, Solaris Operating System, performance evaluation, AIM benchmark Abstract This thesis presents an evaluation of the Solaris version of the Xen virtual machine monitor and a comparison of its performance to the performance of Solaris Containers under similar conditions. Xen is a virtual machine monitor, based on the paravirtualization approach, which provides an instruction set different to the native machine environment and therefore requires modifications to the guest operating systems. Solaris Zones is an operating system-level virtualization technology that is part of the Solaris OS. Furthermore, we provide a basic performance evaluation of the security modules for Xen and Zones, known as sHype and Solaris Trusted Extensions, respectively. We evaluate the control domain (know as Domain-0) and the user domain performance as the number of user domains increases. Testing Domain-0 with an increasing number of user domains allows us to evaluate how much overhead virtual operating systems impose in the idle state and how their number influences the overall system performance. Testing one user domain and increasing the number of idle domains allows us to evaluate how the number of domains influences operating system performance. Testing concurrently loaded increasing numbers of user domains we investigate total system efficiency and load balancing dependent on the number of running systems. System performance was limited by CPU, memory, and hard drive characteristics. In the case of CPU-bound tests Xen exhibited performance close to the performance of Zones and to the native Solaris performance, loosing 2-3% due to the virtualization overhead. In case of memory-bound and hard drive-bound tests Xen showed 5 to 10 times worse performance. Acknowledgements First and foremost I would like to thank my thesis supervisor Prof. Dr. Christoph Schuba for his feedback and for keeping me focused in my research. He has shown a large and consistent interest in my project and his numerous constructive comments have greatly improved this work. I would like to thank Stefan Berger from IBM TJ Watson Research Center for his help in installing sHype module on the Solaris platform. I thank Yuan Xu for providing me all results of her work and valuable comments about the benchmark. I also wish to thank my opponent Hasham Ud Din Qazi for his valuable comments on my report and on the whole work in general. And finally I thank all my friends and family, for their support during the work on this thesis. Table of Contents Chapter 1 Introduction ....................................................................................................................... 3 1.1 System Virtual Machines............................................................................................. 4 1.2 Virtualization Problems ............................................................................................... 6 1.3 Virtualization of x86 Architecture................................................................................. 7 1.4 Paravirtualization....................................................................................................... 10 1.5 Xen............................................................................................................................ 12 1.6 Xen for Solaris........................................................................................................... 17 1.7 Multi-level Security Systems ..................................................................................... 18 1.8 The sHype Security Architecture............................................................................... 20 1.9 Typographic Conventions ......................................................................................... 22 Chapter 2 Problem Statement ......................................................................................................... 23 2.1 Baseline Performance of Xen Hypervisor ................................................................. 24 2.2 Performance of Xen Hypervisor with Enabled Security Module................................ 24 2.3 Performance Comparison of Different Virtualization Technologies........................... 24 Chapter 3 Related Research ........................................................................................................... 27 3.1 Evaluations of Existing Implementations of Paravirtualization Technology .............. 28 3.2 Existing Evaluations of Xen Virtual Machine Monitor................................................ 31 3.3 Comparisons of Xen with Other Virtual Machine Monitors........................................ 38 Chapter 4 Methodology....................................................................................................................45 4.1 Test Bed Details........................................................................................................ 45 4.1.1 Hardware details .................................................................................................... 46 4.1.2 Xen......................................................................................................................... 46 4.1.3 sHype..................................................................................................................... 49 4.2 Testing Tools............................................................................................................. 51 4.2.1 Configuration.......................................................................................................... 52 1 4.3 Test Protocol............................................................................................................. 55 4.3.1 Evaluating performance of the Domain-0............................................................... 56 4.3.2 Evaluating performance of a user domain ............................................................. 57 4.3.3 Evaluation of cumulative system performance in case of concurrently loaded user domains........................................................................................................................... 58 Chapter 5 Results and Discussion................................................................................................... 61 5.1 Performance Evaluation of a Single Virtual Machine in the System ......................... 62 5.2 Performance Evaluation of a Single Virtual Machine Instance, while Number of Virtual Machines Increases ............................................................................................. 65 5.3 Performance Evaluation of Concurrently Loaded Virtual Machines.......................... 73 5.4 Summary..................................................................................................................