Feeds

O/S bloat: What's the cure?

Code belly's gonna get you

3 Big data security analytics techniques

Comment It is becoming increasingly obvious that a virtual server wastes great chunks of its memory occupied by the operating system wrappers around the applications in the virtual machines (VM) running in the physical server. If each VM occupies 50MB, and 20MB of that is the Windows O/S, then around 40 per cent of the servers's DRAM holds repetitive and relatively useless code.

In a virtual server a main function of the O/S wrapper around the apps is to provide a bridge to facilities controlled by the hypervisor. If there are 20 VMs then there are 20 copies of, say, Windows, all doing pretty much the same thing - which, if you added the essential part to the hypervisor, could be cut by 19 copies since the VMs would then share the now centralised Windows O/S.

It is worse than that as VMs often contain a single application, yet Windows is a multi-tasking O/S with code to prevent different applications interfering with each other, code to schedule multiple applications, and code to provide virtual memory resources, paging to disk and so forth. None of this needed when a VM contains a single app and there is no multi-user contention for resources within the VM.

In such a situation Windows is memory-hogging overkill that prevents more VMs executing in the server because server memory is filled up with repetitive instances of Windows bloat.

But Microsoft doesn't see it like this, and one product manager said it wasn't a good idea to consolidate functionality from Windows-controlled VMs in a Hyper-V environment because you would then run the risk of a single point of failure.

You can't have thin O/S wrappers around O/Ss in VMs unless the hypervisor takes on the necessary functionality stripped out of the currently fat O/S wrappers, there are thin O/S wrappers available, and application code can be compiled to execute with the thin O/S wrappers.

Microsoft is happy to provide thin client software but not a thin version of Windows to run under Hyper-V. VMware isn't, as far as we know, supporting the development of a thin O/S wrapper around apps destined to execute in VMware VMs. The result is that we're stuck with repetitive O/S bloat in virtual servers which are forced to waste processor cycles, memory capacity and electricity cycles loading, storing and executing repeated instances of O/S code that are not needed, which nobody wants, and which, unless it's Linux, have to be licensed and paid for.

A Windows and Unix tax is preventing virtual servers from running at their full potential.

Security researchers at HP Labs in Bristol have been looking at how to protect desktop and other users from the results of their own carelessness. When downloading free software to achieve some business end, such as an unusual file format conversion, they are inadvertently loading botnets, trojans and other malware onto their systems which can infect a corporate network.

Richard Brown from HP Labs says they have come up with the idea of a bare metal hypervisor which is integrated with a trusted computing module (TCM) fitted to the system the hypervisor is running. The aim is to help prevent "botnets and trojans in the dark archives of users' machines".

The applications are run inside secured virtual machines which have no direct access to hardware resources at all. Any VM that is infected with malware can simply be deleted and the infection destroyed.

The researchers have made another step to reduce malware instances by coming up with the idea of a a virtual machine appliance. These are lightweight virtual appliances in which the VM contains the application and a skinny O/S delivering its needs to the hypervisor and receiving hypervisor services for the app.

Brown says that a desktop user can then run different trusted and secured virtual machines for different applications with differing needs, such as access to a secure banking network, running business applications, and doing general mainstream PC work.

The fun bit is that such an environment has been prototyped with a Xen-based hypervisor talking to the bare-metal, and lightweight thin Linux O/S wrappers created to run applications compiled to execute inside them. A potential answer to repetitive VM O/S bloat has been devised by researchers looking to solve a security problem.

Brown thinks that things will evolve such that a bare metal hypervisor and thin O/S-style VM ecosystem will evolve alongside the current full-blown O/S VM model. It may happen if hardware manufacturers and Linux hypervisor suppliers get together and produce thin Linux VM operating systems.

Ah, but will they? It would be great if they did because it would remove at a stroke the Windows and Unix VM tax, in terms of both license money and memory occupancy, that inhibits the full exploitation of both server and desktop virtualisation technology. ®

SANS - Survey on application security programs

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Kingston DataTraveler MicroDuo: Turn your phone into a 72GB beast
USB-usiness in the front, micro-USB party in the back
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
BOFH: Oh DO tell us what you think. *CLICK*
$%%&amp Oh dear, we've been cut *CLICK* Well hello *CLICK* You're breaking up...
Just what could be inside Dropbox's new 'Home For Life'?
Biz apps, messaging, photos, email, more storage – sorry, did you think there would be cake?
IT bods: How long does it take YOU to train up on new tech?
I'll leave my arrays to do the hard work, if you don't mind
Amazon reveals its Google-killing 'R3' server instances
A mega-memory instance that never forgets
Cisco reps flog Whiptail's Invicta arrays against EMC and Pure
Storage reseller report reveals who's selling what
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.