Xen Project Software Overview
|Xen Project Features|
|Xen Project-enabled Kernels|
|Xen Project-Enabled operating systems|
|PV-Enabled operating systems|
|Xen Kernel Feature Matrix|
|PV on HVM|
|PV on HVM Drivers|
|Information about using PV-on-HVM drivers|
|HowTo on PV-on-HVM drivers|
|Choice of ToolStacks|
|Xen Project or XCP?|
|Host OS Install Considerations|
|Live CDs, DVDs, etc.|
|Guest VM Images|
- 1 What is the Xen Project Hypervisor?
- 2 Introduction to Xen Project Architecture
- 3 Guest Types
- 4 Toolstacks, Managment APIs and Consoles
- 5 Getting Xen Project, Host and Guest Install
- 6 Getting Help!
- 7 Also See
What is the Xen Project Hypervisor?
The Xen Project hypervisor is an open-source type-1 or baremetal hypervisor, which makes it possible to run many instances of an operating system or indeed different operating systems in parallel on a single machine (or host). The Xen Project hypervisor is the only type-1 hypervisor that is available as open source. It is used as the basis for a number of different commercial and open source applications, such as: server virtualization, Infrastructure as a Service (IaaS), desktop virtualization, security applications, embedded and hardware appliances. The Xen Project hypervisor is powering the largest clouds in production today.
Here are some of the Xen Project hypervisor's key features:
- Small footprint and interface (is around 1MB in size). Because it uses a microkernel design, with a small memory footprint and limited interface to the guest, it is more robust and secure than other hypervisors.
- Operating system agnostic: Most installations run with Linux as the main control stack (aka "domain 0"). But a number of other operating systems can be used instead, including NetBSD and OpenSolaris.
- Driver Isolation: The Xen Project hypervisor has the capability to allow the main device driver for a system to run inside of a virtual machine. If the driver crashes, or is compromised, the VM containing the driver can be rebooted and the driver restarted without affecting the rest of the system.
- Paravirtualization: Fully paravirtualized guests have been optimized to run as a virtual machine. This allows the guests to run much faster than with hardware extensions (HVM). Additionally, the hypervisor can run on hardware that doesn't support virtualization extensions.
This page will explore the key aspects of the Xen Project architecture that a user needs to understsand in order to make the best choices.
- Guest types: The Xen Project hypervisor can run fully virtualized (HVM) guests, or paravirtualized (PV) guests.
- Domain 0: The architecture employs a special domain called domain 0 which contains drivers for the hardware, as well as the toolstack to control VMs.
- Toolstacks: This section covers various toolstack front-ends available as part of the Xen Project stack and the implications of using each.
Introduction to Xen Project Architecture
Below is a diagram of the Xen Project architecture. The Xen Project hypervisor runs directly on the hardware and is responsible for handling CPU, Memory, and interrupts. It is the first program running after exiting the bootloader. On top of the hypervisor run a number of virtual machines. A running instance of a virtual machine is called a domain or guest. A special domain, called domain 0 contains the drivers for all the devices in the system. Domain 0 also contains a control stack to manage virtual machine creation, destruction, and configuration.
Components in detail:
- The Xen Project Hypervisor is an exceptionally lean (<150,000 lines of code) software layer that runs directly on the hardware and is responsible for managing CPU, memory, and interrupts. It is the first program running after the bootloader exits. The hypervisor itself has no knowledge of I/O functions such as networking and storage.
- Guest Domains/Virtual Machines are virtualized environments, each running their own operating system and applications. The hypervisor supports two different virtualization modes: Paravirtualization (PV) and Hardware-assisted or Full Virtualization (HVM). Both guest types can be used at the same time on a single hypervisor. It is also possible to use techniques used for Paravirtualization in an HVM guest: essentially creating a continuum between PV and HVM. This approach is called PV on HVM. Guest VMs are totally isolated from the hardware: in other words, they have no privilege to access hardware or I/O functionality. Thus, they are also called unprivileged domain (or DomU).
- The Control Domain (or Domain 0) is a specialized Virtual Machine that has special privileges like the capability to access the hardware directly, handles all access to the system’s I/O functions and interacts with the other Virtual Machines. It also exposes a control interface to the outside world, through which the system is controlled. The Xen Project hypervisor is not usable without Domain 0, which is the first VM started by the system.
- Toolstack and Console: Domain 0 contains a control stack (also called Toolstack) that allows a user to manage virtual machine creation, destruction, and configuration. The toolstack exposes an interface that is either driven by a command line console, by a graphical interface or by a cloud orchestration stack such as OpenStack or CloudStack.
- Xen Project-enabled operating systems: Domain 0 requires a Xen Project-enabled kernel. Paravirtualized guests require a PV-enabled kernel. Linux distributions that are based on recent Linux kernel are Xen Project-enabled and usually include packages that contain the hypervisor and Tools (the default Toolstack and Console). All but legacy Linux kernels are PV-enabled, capable of running PV guests.
- Xen Project Release Features
- Xen Project-Enabled operating systems
- PV-Enabled operating systems
- Availability of Xen Project Functionality on Linux Kernel (by version)
The hypervisor supports running two different types of guests: Paravirtualization (PV) and Full or Hardware assisted Virtualization (HVM). Both guest types can be used at the same time on a single hypervisor. It is also possible to use techniques used for Paravirtualization in an HVM guest and vice versa: essentially creating a continuum between the capabilities of pure PV and HVM. We use different abbreviations to refer to these configurations, called HVM with PV drivers, PVHVM and PVH.
IMPORTANT: Guest types are selected through builder option in the configuration file (also see man pages).
- What Color is your Xen? - this article provides great insights on coming up with a cleaner and easier to understand terminology
- Xen PVH: Bringing Hardware to Paravirtualization - this article gives a good overview of the new PVH mode
- Xen Feature Detection
- Virtualization Spectrum
PVOpenSolaris. Linux kernels have been PV-enabled from 2.6.24 using the Linux pvops framework. In practice this means that PV will work with most Linux distributions (with the exception of very old versions of distros).
Note that it is possible to use PV Drivers for I/O to speed up HVM guests. On Windows this requires that appropriate PV drivers are installed. You can find more information at
- Xen Project PV Drivers
- 3rd Party GPL PV Drivers (signed drivers are available)
- Windows PV Drivers Portal
Note that Xen Project PV (paravirtual) guests automatically use PV drivers: there is thus no need for these drivers - you are already automatically using the optimized drivers. PVHVM drivers are only required for HVM (fully virtualized) guest VMs.
- More Information...
- Information about using PV-on-HVM drivers
- HowTo on PV-on-HVM drivers
- Xen Project Windows HVM guests can use the opensource GPLPV drivers
In a nutshell, PVH means less code and fewer Interfaces in Linux/FreeBSD: consequently it has a smaller TCB and attack surface, and thus fewer possible exploits. Once hardened and optimised, it should It also have better performance and lower latency, in particular on 64 bit hosts.
PVH requires support in the guest operating system and is enabled with pvh=1 in the configuration file.
- PVH Guest support is available from Xen 4.4
- PVH Dom0 support is available from Xen 4.5
- PVH from Xen 4.7+: in late 2015, we started an initiative to re-architect and simplify the PVH architecture, as the original implementation has some limitations. This effort has on the development list been dubbed as HVMLite or PVHv2. From a user's perspective, the PVH re-work will behave as PVH does, but implementation wise it uses much more of the HVM code execution path rather than the PV execution path (which is why developers dubbed it HVMLite on the mailing lists and in a few developer facing presentations). At this stage, we have not decided yet how to call the feature once it is complete, but most likely we will stick with PVH to avoid confusion, although on the mailing list you may still see references to HVMLite. Once complete, the original PVH implementation will still be available for a bit, but will eventually be replaced by the new version. For a more detailed explanation see .
For more info see:
- Xen PVH: Bringing Hardware to Paravirtualization - this article gives a good overview of the new PVH mode
- PVH: PV Guest in HVM container (presentation)
- Xen on ARM Cortex A15 (presentation) - also uses PVH
- PVH: PV Guest in HVM container (video)
- Xen on ARM Cortex A15 (video) - also uses PVH
Toolstacks, Managment APIs and Consoles
Xen Project software employs a number of different toolstacks. Each toolstack exposes an API, which will run different tools. The figure below gives a very brief overview of the choices you have, which commercial products use which stack and examples of hosting vendors using specific APIs.
The Xen Project software can be run with the default toolstack, with Libvirt and with XAPI. The pairing of the Xen Project hypervisor and XAPI became known as XCP which has been superceded by open source XenServer. The diagram above shows the various options: all of them have different trade-offs and are optimized for different use-cases. However in general, the more on the right of the picture you are, the more functionality will be on offer.
Which to Choose?
- The article Choice of ToolStacks gives you an overview of the various options, with further links to tooling and stacks for a specific API exposed by that toolstack.
- Xen or XCP also provides good pointers on whether to use Xen or XCP (which has been supplanted by open source XenServer).
Of course there are also additional management tools available for different API's. For more information see:
- Ecosystem Listing of Projects and Commercial Products which employ Xen Project software
- DEPRECATED Xen Project Management Tools
Getting Xen Project, Host and Guest Install
Choice of Control Domain (Dom0)
As stated earlier, the Xen Project hypervisor requires a kernel as control domain. Most Xen Project-enabled kernels are very similar from the perspective of the hypervisor itself. Choosing the right Dom0 for you comes down to:
- How familiar you are with a specific distro (e.g. packaging system, etc.)
- Xen Project Hypervisor version that ships with the distro
- Whether you can get commercial support (if you need it)
If you use XCP, you typically will not be interfacing much with Dom0. That is unless you are a power user.
Getting Xen Project software
The Xen Project hypervisor is available as source distribution from XenProject.org. However, you can get recent binaries as packages from many Linux and Unix distributions, both open source and commercial.
Xen Project Source Distributions The Xen Project community delivers the hypervisor as a source distribution, following the delivery model of the Linux kernel. The software is released approximately once every 6-9 months, with several update releases per year containing security fixes and critical bug fixes. To build Xen Project software from source, you can either download a source release or you can fetch the source tree from the source repository. Each source release and the source tree contain a README file in the root directory, with detailed build instructions for the hypervisor. The release notes for each release also contain build instructions and so does the Compiling Xen Project software page.
Xen Project software in Linux/Unix Distributions Most Linux and many Unix distributions contain built binaries of the Xen Project hypervisor that can be downloaded and installed through the native package management system. If your Linux/Unix distribution includes the hypervisor and a Xen Project-enabled kernel, we recommend to use them as you will benefit from ease of install, good integration with the distribution, support from the distribution, provision of security updates etc. Installing the hypervisor in a distribution typically requires the following basic steps: a) Install your favourite distribution, b) Install Xen Project package(s) or meta-package, c) check boot settings and d) reboot. After the reboot, your system will run your favourite Linux/Unix distribution as Control Domain on top of the hypervisor.
Host and Guest Install
The following documents
- Category:Host Install contains guides on how to install a control domain for various Linux/Unix distros
- Category:Guest Install contains guides on how to install a variety of guests for various Linux/Unix distros
|This table contains a list of Xen Project resources for various Linux and Unix distributions.||
|Arch Linux||archlinux.org||Arch Linux is a lightweight and flexible Linux® distribution that tries to “keep it simple”.||
|Alpine Linux||alpinelinux.org||A security-oriented, lightweight Linux distribution based on musl libc and busybox.||
|CentOS 5||centos.org||CentOS is an Enterprise-class Linux Distribution derived from sources freely provided to the public by a prominent North American Enterprise Linux vendor. CentOS conforms fully with the upstream vendor's redistribution policy and aims to be 100% binary compatible. (CentOS mainly changes packages to remove upstream vendor branding and artwork.) CentOS is free.||
|CentOS 6||centos.org||CentOS is an Enterprise-class Linux Distribution derived from sources freely provided to the public by a prominent North American Enterprise Linux vendor. CentOS conforms fully with the upstream vendor's redistribution policy and aims to be 100% binary compatible. (CentOS mainly changes packages to remove upstream vendor branding and artwork.) CentOS is free.||
CentOS 6.0 - 6.3 does not include Xen Project software, but you can get support from various sources. The following articles may be useful
CentOS 6.4+ does include Xen Project support and can be used as a dom0 and domU out-of-the-box, thanks to the Xen4CentOS project
Xen packages in CentOS 6 and commercial support are also available from "Xen made easy!"
|Debian||debian.org||The Debian project produces an entirely free operating system that empowers its users to be in control of the software running their computers.||
|Fedora||fedoraproject.org||Fedora is a RPM-based distribution with a 6-month release cycle, and is the community-supported base of RHEL releases.||
|FreeBSD||freebsd.org||FreeBSD® is an advanced operating system for modern server, desktop, and embedded computer platforms.||
|Finnix||finnix.org||Finnix is a sysadmin utility Linux LiveCD, and includes out-of-the-box Xen Project guest support.||
|Gentoo Linux||gentoo.org||Gentoo Linux is a special flavor of Linux that can be automatically optimized and customized for just about any application or need. Extreme performance, configurability and a top-notch user and developer community are all hallmarks of the Gentoo experience.||
|NetBSD||netbsd.org||NetBSD is a free, fast, secure, and highly portable Unix-like open source operating system.||
|Oracle Linux||oracle.com||Oracle Corporation distributes Oracle Linux the Unbreakable Enterprise Kernel. Oracle states that the Unbreakable Enterprise Kernel is compatible with RHEL, Oracle middleware and 3rd-party RHEL-certified applications. Oracle Linux supports KVM, Xen Project, and Oracle VM Server for x86, which is based on Xen.||
|openSuSE||opensuse.org||openSuSE is a free and Linux-based operating system for your PC, Laptop or Server.||
|Red Hat Enterprise Linux (RHEL) 5.x||redhat.com||RHEL 5.x includes the Xen Project 3.4 Hypervisor as well as a Xen Project-enabled kernel, and can be used as a dom0 and domU||
|Red Hat Enterprise Linux (RHEL) 6.x||redhat.com||RHEL 6.x does not include the Xen Project Hypervisor. But, a Dom0 capable kernel, Xen Project hypervisor, and libvirt packages for use with RedHat Enterprise Linux 6 and its derivatives are available from either the Xen4CentOS project or the "Xen made easy!" effort.||
|Ubuntu||ubuntu.com||Fast, secure and stylishly simple, the Ubuntu operating system is used by 20 million people worldwide every day.||
The Xen Project community contains many helpful and friendly people. We are here for you. There are several ways to get help and keep on top of what is going on!
- Read News!
- Read Documentation!
- Contact other users, to ask the questions and discuss the hypervisor or other Xen Project-related projects
- Xen Project Home page aggregates selected news stories and blog posts
- The Xen Project Blog covers technical and community related stories
- xen-announce mailing list is a low frequency mailing list for important announcements
Documentation for projects hosted on XenProject.org is available on the Xen Project Wiki. Our wiki is active and community maintained. It contains a lot of useful information and uses categories extensively to make it easy to find information. You may also want to check:
Search Mailing Lists All XenProject.org mailing lists are archived using the MarkMail system at xen.markmail.org. Before you ask a question, it is worth checking whether somebody else has asked the question before
Main Mailing Lists XenProject.org maintains a number of mailing lists for users of the hypervisor and other projects. English is used by readers on this list.
- xen-users is the list for technical support and discussions for the Xen Project hypervisor. If you are not sure where your question belongs start here!
- xen-api is the DEPRECATED list for technical support and discussions for the Xen Cloud Platform (XCP).
Internet Relay Chat (IRC) is a great way to connect with Xen Project community members in real time chat and for support.
- ##xen is the channel for technical support and discussions for the Xen Project hypervisor. If you are not sure where your question belongs start here!
- Check out our IRC page if you are not familiar with IRC.
There are a number of other places, where you can get help on Xen Project software. For example:
- Xen Project Questions on serverfault
- XCP & XenServer Questions on serverfault
- Many Linux Distributions that support Xen Project software have a dedicated list - see the table in this link
If you find a bug, you can report bugs against the software. Before you raise a bug, please read Reporting Bugs!
Roadmaps, Release Cadence, Maintenance Releases
The Xen Project community aims to release the Xen Project Hypervisor on an approximate cadence of 9 months. Roadmap information is tracked at Xen Roadmap. You can find information on the maintenance release cycle at Xen Project Maintenance Releases.
- Getting Started guides a new user through key decisions to be made
- Category:Host Install contains guides on how to install a control domain
- Category:Guest Install contains guides on how to install a variety of guests
- Category:Host Configuration contains documents related to bootloader, console and network configuration
- Guest VM Images provides pointers to various preinstalled guest images.
- LiveCD provides pointers to Live CDs of the Xen Project hypervisor
- Category:Manual contains Xen Project manual documents
- Category:Release Notes contain Xen Project release notes
- Xen Release Features contains a matrix of features against Xen Project versions
- Category:Xen 4.4 contain articles related to Xen Project 4.4 features, benchmarks, planning, etc.
Specialist Topics: Networking, Performance, Security, NUMA, VGA, ...
Specialized Xen Project topics:
- Category:Networking contains articles related to networking
- Category:NUMA contains all articles related to the running (or to improving the support for doing so) of the Xen Project Hypervisor on NUMA architectures
- Category:Performance contains documents, tuning instructions and benchmarks related to the performance of Xen Project software
- Category:Security contains documents related to Xen Project security
- Category:VGA contains documents related to VGA, VTd, GPY passthrough, etc.
FAQs, HowTos, ...
- Category:FAQ contains Xen Project FAQs
- Category:HowTo contains various HowTo's
- Category:Tutorial contains various Tutorials
|Language:||English • Deutsch • español • français • 日本語 • 한국어 • português do Brasil • русский • 中文|