Son of Solaris raids Linux for KVM hypervisor
Joyent erects 'first major hypervisor' in half decade
In the summer of 2008, Google flipped the switch on its App Engine, letting outside developers build applications atop its state-of-the-art online infrastructure – and it soon got a lecture from Jason Hoffman.
Hoffman – the founder and chief technology officer of Joyent, a San Francisco outfit offering a (somewhat) similar service to developers and enterprises – joined a Google engineer on stage at a "cloud computing" conference in San Francisco, and he proceeded to chide the web giant for not open sourcing its BigTable distributed database and other top-secret software underpinning its back-end infrastructure.
Google, Hoffman insisted, should offer a "more loving cloud" along the lines of Joyent's service, which was built atop a largely open source Solaris-based operating system known as SmartOS.
"The reality is that if you're using BigTable as your data store and you want to get the benefit of scale, you can't leave [App Engine]," he said, contradicting the Google engineer sitting in the seat next to him. "Unless Google either open sources BigTable or makes it so you can buy it and install it on your own servers, you're locked in."
Hoffman is unselfconsciously brash and impressively loquacious - he answers most questions before they're finished - and from the cockpit of his relatively small cloud-computing outfit, he's intent on keeping pace with the industry's biggest names - while taking more than a few potshots along the way.
On Monday, Joyent announced that it is open sourcing a version of the KVM hypervisor for SmartOS, and Hoffman hailed the project as "the first major hypervisor to show up in the past five years", saying that the move takes the company beyond VMware and Red Hat and Microsoft – and, yes, Google too. Google, he continues to point out, doesn't open source its core infrastructure.
"We had just a few final things to do with our operating system so that we could look at it and say 'OK, this is a once-every-ten-or-twenty-year thing', and one of them was hardware virtualization," Hoffman tells The Register.
'It runs Windows better than Windows'
Previously, SmartOS offered only operating system-level virtualization based on Sun Microsystem's containers architecture - meaning users could not run other OSes atop Joyent's software and services - and by porting KVM to the platform, Joyent will eliminate this restriction. Hoffman tells us that after open sourcing its native KVM – partly under the Common Development and Distribution License and partly under the GNU Public License - the company will turn on hardware virtualization atop its live infrastructure this fall.
The company also sells its software to service providers through hardware manufacturers like Dell, and these products will also be updated with Joyent's native KVM.
Though Joyent has not released official benchmarks rating its new hypervisor, Hoffman claims some ample performance gains. With I/O-bound database workloads, he says, the SmartOS KVM is five to tens times faster than bare metal Windows and Linux (meaning no virtualization), and if you're running something like the Java Virtual Machine or PHP atop an existing bare metal hypervisor and move to SmartOS, he says, you'll see ten to fifty times better performance - though he acknowledges this too will vary depending on workload.
"If anyone uses or ships a server, the only reason they wouldn't use SmartOS on that box would be religious reasons," he says. "We can actually take SQL server and a Windows image and run it faster than bare metal windows. So why would you run bare metal Windows?"
In essence, KVM is running as a process inside the SmartOS containers, Hoffman says, allowing the hypervisor to tap the plumbing the company has already built into the operating system. "KVM looks like a process on SmartOS, so you can take a normal operating system and you can run it as a virtual machine and you can take advantage of everything you do with command and control around a process."
The Sun also rises
According to Hoffman, this means users can benefit from ZFS – the file system and logical volume manager Joyent inherited from Sun Microsystems – and its DTrace dynamic tracing framework – another Sun technology used to troubleshoot OS and operating system issues. With ZFS, Hoffman says, users can do live VM migration without a SAN, and with DTrace, they can do things he says they've never done before.
"We're actually able to do instrumentation around Windows and Linux that Windows and Linux have never seen, not even at Microsoft or Red Hat," he says. "With DTrace and KVM, we have arbitrary observability at the hardware/software boundary. On the one hand, this doesn't deliver the total, up-the-stack visibility that we get with DTrace in [Joyent's OS-level virtual machines], but it does allow for unprecedented visibility into things like I/O latency, interrupt delivery, CPU scheduling."
The entire package, Hoffman says, also gives Joyent the edge on virtualization giant VMware. "What we were missing was a virtualization layer for legacy workloads," he says. "The big question was whether we could do a solid KVM implementation before VMware could ween itself off of SANs and before true multi-tenant features could show up in Red Hat or even the ability to do instrumentation. And we have."
Both VMare and Red Hat declined to comment. But other virtualization architects question whether Joyent is everything Hoffman cracks it up to be. Serguei Beloussov, the chief architect and executive chairman at virtualization outfit Parallels, sees little future for Joyent and its KVM port because the company is facing so many competitors and because it doesn't have a broad development community backing its operating system and hypervisor. "It will need a lot of man hours to support all those different platforms atop its hypervisor," he tells us. Many of Joyent's competitors rely on more widely used open source technologies.
Simon Crosby, the chief architect of the Xen hypervisor and the brains behind a new virtualization outfit known as Bromium, makes a similar argument, wondering whether Joyent can adequately develop both an operating system and a hypervisor in the long term. After all, Sun had trouble doing so.
Crosby acknowledges that KVM atop SmartOS may provide some performance improvement over Xen, a paravirualization technology, but he says that this performance gap is minimal, that these sorts of gaps are always shrinking, and that KVM is inherently less secure than Xen. "With KVM, if you manage to compromise the hypervisor, you are in the host, and all games are over for everybody," he says.
Beloussov describes hypervisors as "commodity technologies", saying what really makes the difference is the technology you build around the hypervisor, but Hoffman argues that Joyent's technology is second to none. When asked if the company might have trouble keeping up with development of its own hypervisor, he points to the pedigree of his staff. "Over the last five years," he says, "I've had the pleasure of gutting the Sun kernel team." He also says his kernel teams includes former BSD committers from Intel and engineers from the Apple and Google kernel teams. "We don't have a problem when it comes to manpower," he says of his 120-person company.
He then points out that Joyent originally built a version of Xen for the SmartOS kernel, but switched to KVM because it touched fewer parts of the OS than Xen. Hoffman says this will make the platform much easier to support. And he adds that Joyent is backed by money and engineering from Intel and that his company will have little trouble supporting hardware. Joyent has already helped ship SmartOS on servers from the likes of Dell, HP, and Fujitsu.
Hoffman also disputes Crosby's suggestion that the SmartOS KVM is less secure than Xen, pointing out that Joyent's container model ensures that the OS isn't susceptible to the KVM exploits recently revealed at the BlackHat security conference. He enjoys a good battle of words. And on some level, you have to admire his – and Joyent's – swashbuckling style.
Sponsored: Network DDoS protection