Feeds

O/S bloat: What's the cure?

Code belly's gonna get you

Application security programs and practises

Comment It is becoming increasingly obvious that a virtual server wastes great chunks of its memory occupied by the operating system wrappers around the applications in the virtual machines (VM) running in the physical server. If each VM occupies 50MB, and 20MB of that is the Windows O/S, then around 40 per cent of the servers's DRAM holds repetitive and relatively useless code.

In a virtual server a main function of the O/S wrapper around the apps is to provide a bridge to facilities controlled by the hypervisor. If there are 20 VMs then there are 20 copies of, say, Windows, all doing pretty much the same thing - which, if you added the essential part to the hypervisor, could be cut by 19 copies since the VMs would then share the now centralised Windows O/S.

It is worse than that as VMs often contain a single application, yet Windows is a multi-tasking O/S with code to prevent different applications interfering with each other, code to schedule multiple applications, and code to provide virtual memory resources, paging to disk and so forth. None of this needed when a VM contains a single app and there is no multi-user contention for resources within the VM.

In such a situation Windows is memory-hogging overkill that prevents more VMs executing in the server because server memory is filled up with repetitive instances of Windows bloat.

But Microsoft doesn't see it like this, and one product manager said it wasn't a good idea to consolidate functionality from Windows-controlled VMs in a Hyper-V environment because you would then run the risk of a single point of failure.

You can't have thin O/S wrappers around O/Ss in VMs unless the hypervisor takes on the necessary functionality stripped out of the currently fat O/S wrappers, there are thin O/S wrappers available, and application code can be compiled to execute with the thin O/S wrappers.

Microsoft is happy to provide thin client software but not a thin version of Windows to run under Hyper-V. VMware isn't, as far as we know, supporting the development of a thin O/S wrapper around apps destined to execute in VMware VMs. The result is that we're stuck with repetitive O/S bloat in virtual servers which are forced to waste processor cycles, memory capacity and electricity cycles loading, storing and executing repeated instances of O/S code that are not needed, which nobody wants, and which, unless it's Linux, have to be licensed and paid for.

A Windows and Unix tax is preventing virtual servers from running at their full potential.

Security researchers at HP Labs in Bristol have been looking at how to protect desktop and other users from the results of their own carelessness. When downloading free software to achieve some business end, such as an unusual file format conversion, they are inadvertently loading botnets, trojans and other malware onto their systems which can infect a corporate network.

Richard Brown from HP Labs says they have come up with the idea of a bare metal hypervisor which is integrated with a trusted computing module (TCM) fitted to the system the hypervisor is running. The aim is to help prevent "botnets and trojans in the dark archives of users' machines".

The applications are run inside secured virtual machines which have no direct access to hardware resources at all. Any VM that is infected with malware can simply be deleted and the infection destroyed.

The researchers have made another step to reduce malware instances by coming up with the idea of a a virtual machine appliance. These are lightweight virtual appliances in which the VM contains the application and a skinny O/S delivering its needs to the hypervisor and receiving hypervisor services for the app.

Brown says that a desktop user can then run different trusted and secured virtual machines for different applications with differing needs, such as access to a secure banking network, running business applications, and doing general mainstream PC work.

The fun bit is that such an environment has been prototyped with a Xen-based hypervisor talking to the bare-metal, and lightweight thin Linux O/S wrappers created to run applications compiled to execute inside them. A potential answer to repetitive VM O/S bloat has been devised by researchers looking to solve a security problem.

Brown thinks that things will evolve such that a bare metal hypervisor and thin O/S-style VM ecosystem will evolve alongside the current full-blown O/S VM model. It may happen if hardware manufacturers and Linux hypervisor suppliers get together and produce thin Linux VM operating systems.

Ah, but will they? It would be great if they did because it would remove at a stroke the Windows and Unix VM tax, in terms of both license money and memory occupancy, that inhibits the full exploitation of both server and desktop virtualisation technology. ®

Eight steps to building an HP BladeSystem

More from The Register

next story
Sysadmin Day 2014: Quick, there's still time to get the beers in
He walked over the broken glass, killed the thugs... and er... reconnected the cables*
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
Amazon Reveals One Weird Trick: A Loss On Almost $20bn In Sales
Investors really hate it: Share price plunge as growth SLOWS in key AWS division
SHOCK and AWS: The fall of Amazon's deflationary cloud
Just as Jeff Bezos did to books and CDs, Amazon's rivals are now doing to it
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.