Feeds

O/S bloat: What's the cure?

Code belly's gonna get you

Beginner's guide to SSL certificates

Comment It is becoming increasingly obvious that a virtual server wastes great chunks of its memory occupied by the operating system wrappers around the applications in the virtual machines (VM) running in the physical server. If each VM occupies 50MB, and 20MB of that is the Windows O/S, then around 40 per cent of the servers's DRAM holds repetitive and relatively useless code.

In a virtual server a main function of the O/S wrapper around the apps is to provide a bridge to facilities controlled by the hypervisor. If there are 20 VMs then there are 20 copies of, say, Windows, all doing pretty much the same thing - which, if you added the essential part to the hypervisor, could be cut by 19 copies since the VMs would then share the now centralised Windows O/S.

It is worse than that as VMs often contain a single application, yet Windows is a multi-tasking O/S with code to prevent different applications interfering with each other, code to schedule multiple applications, and code to provide virtual memory resources, paging to disk and so forth. None of this needed when a VM contains a single app and there is no multi-user contention for resources within the VM.

In such a situation Windows is memory-hogging overkill that prevents more VMs executing in the server because server memory is filled up with repetitive instances of Windows bloat.

But Microsoft doesn't see it like this, and one product manager said it wasn't a good idea to consolidate functionality from Windows-controlled VMs in a Hyper-V environment because you would then run the risk of a single point of failure.

You can't have thin O/S wrappers around O/Ss in VMs unless the hypervisor takes on the necessary functionality stripped out of the currently fat O/S wrappers, there are thin O/S wrappers available, and application code can be compiled to execute with the thin O/S wrappers.

Microsoft is happy to provide thin client software but not a thin version of Windows to run under Hyper-V. VMware isn't, as far as we know, supporting the development of a thin O/S wrapper around apps destined to execute in VMware VMs. The result is that we're stuck with repetitive O/S bloat in virtual servers which are forced to waste processor cycles, memory capacity and electricity cycles loading, storing and executing repeated instances of O/S code that are not needed, which nobody wants, and which, unless it's Linux, have to be licensed and paid for.

A Windows and Unix tax is preventing virtual servers from running at their full potential.

Security researchers at HP Labs in Bristol have been looking at how to protect desktop and other users from the results of their own carelessness. When downloading free software to achieve some business end, such as an unusual file format conversion, they are inadvertently loading botnets, trojans and other malware onto their systems which can infect a corporate network.

Richard Brown from HP Labs says they have come up with the idea of a bare metal hypervisor which is integrated with a trusted computing module (TCM) fitted to the system the hypervisor is running. The aim is to help prevent "botnets and trojans in the dark archives of users' machines".

The applications are run inside secured virtual machines which have no direct access to hardware resources at all. Any VM that is infected with malware can simply be deleted and the infection destroyed.

The researchers have made another step to reduce malware instances by coming up with the idea of a a virtual machine appliance. These are lightweight virtual appliances in which the VM contains the application and a skinny O/S delivering its needs to the hypervisor and receiving hypervisor services for the app.

Brown says that a desktop user can then run different trusted and secured virtual machines for different applications with differing needs, such as access to a secure banking network, running business applications, and doing general mainstream PC work.

The fun bit is that such an environment has been prototyped with a Xen-based hypervisor talking to the bare-metal, and lightweight thin Linux O/S wrappers created to run applications compiled to execute inside them. A potential answer to repetitive VM O/S bloat has been devised by researchers looking to solve a security problem.

Brown thinks that things will evolve such that a bare metal hypervisor and thin O/S-style VM ecosystem will evolve alongside the current full-blown O/S VM model. It may happen if hardware manufacturers and Linux hypervisor suppliers get together and produce thin Linux VM operating systems.

Ah, but will they? It would be great if they did because it would remove at a stroke the Windows and Unix VM tax, in terms of both license money and memory occupancy, that inhibits the full exploitation of both server and desktop virtualisation technology. ®

Security for virtualized datacentres

More from The Register

next story
It's Big, it's Blue... it's simply FABLESS! IBM's chip-free future
Or why the reversal of globalisation ain't gonna 'appen
'Hmm, why CAN'T I run a water pipe through that rack of media servers?'
Leaving Las Vegas for Armenia kludging and Dubai dune bashing
Bitcasa bins $10-a-month Infinite storage offer
Firm cites 'low demand' plus 'abusers'
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
CAGE MATCH: Microsoft, Dell open co-located bit barns in Oz
Whole new species of XaaS spawning in the antipodes
Microsoft and Dell’s cloud in a box: Instant Azure for the data centre
A less painful way to run Microsoft’s private cloud
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.