Feeds

back to article KVM kings unveil 'cloud operating system'

Virtualization sucks, because it makes it difficult for an application to get the most out of its underlying infrastructure. And so a startup staffed by the originators of the KVM hypervisor wants to change that with an ambitious open source project called OSv. The OSv "cloud operating system" was announced by Cloudius Systems …

COMMENTS

This topic is closed for new posts.

Oh, I get it

It's like a medieval knight getting a performance boost by not wearing armour.

4
0
Boffin

Yes, But...

This reminds me of the time some guy named Linus announced he'd just thrown an experimental, GPLed 386 kernel over the wall for other Minix users to try out. Today's version is quite a bit more sophisticated. If the fundamental concepts are indeed sound, this could prove to be a very interesting homesteading within ESR's Noosphere.

0
1

Re: Yes, But...

Actually, it reminds me of IBM's VM/CMS (dumb OS running on a smart hypervisor.) I've often wondered what mainframe graybeards think about everyone's newfound fondness for virtualization...

4
0
Silver badge

@ NullReference Exception (was: Re: Yes, But...)

I don't have a beard, but my mustache is gray. I'm -ex DEC (came in for BSD, got into TOPS-10/20) and HP (un*x & TCP/IP), and consulted for IBM, Sun, and cisco (TCP/IP, sometimes un*x), on and off, for about 15 years. Does that count?

In my mind the entire modern "cloud" concept is pure marketing twaddle, designed to make money off of people who have absolutely zero clue about the nuts & bolts of computing/networking/system security.

Well, you did ask.

12
5
Boffin

Re: OSv Vis-à-vis CMS

CMS started life independent of the original CP-67 hypervisor development, so it is not a good comparison. GCS, OTOH, was later developed to provide all the MVS facilities needed to support the port of VTAM into the VM suite of products. CMS maintained its ability to be IPLed on bare metal for long time, but GCS never had that ability (or need). CMS did have some MVS (and VSE) facilities including VSAM but nowhere near what was needed for VTAM, particularly multiple task support (process in POSIX-speak).

I have the beard, too (moustache isn't grey, though) and started working with VM around 1978. The VM community inside and outside IBM developed virtualization into a powerful paradigm despite much resistance inside IBM and that history is well-documented. A major pillar was the VM-specific hardware development throughout the process that provided crucial performance gains and also allowed the hypervisor to itself be IPLed in a virtual machine. To our minds, z/VM provides industrial-strength virtualization, as the number of busy Linux instances a mainframe could handle with great stability even over a decade ago testifies. In general we would like to see desktop computers get there, too, while hoping mainframe virtualization will always continue to lead the way.

3
0
Megaphone

Re: @ NullReference Exception (was: Yes, But...)

Judging by what you wrote, I guess you are one of those people who have zero clue... beard or no beard, a single server architecture isn't interesting in this era. How would you sustain a website / game / saas that has a significant number of users without using some sort of cloud based infrastructure?

What you overlook, is that people pay money to run Linux based virtual machines in public clouds and if they'll use OSv, they will pay less as the mentioned performance boost is directly translated to the amount of virtual machines needed to support a specific workload.

0
4
Silver badge

Re: @ NullReference Exception (was: Yes, But...)

See this post of mine from 2010:

http://forums.theregister.co.uk/forum/containing/769679

0
1
Silver badge

I've been running my personal cloud using a KVM switch ...

.... for about thirty years ;-)

Honestly, Marketards, show a little bit of intelligence/creativity.

1
6
Anonymous Coward

Re: I've been running my personal cloud using a KVM switch ...

careful Jake, mention KVM switches and the BBC will report that you're a "sophisticated hacker" using "an advanced technology" (from their coverage of the attack against Santander), think it was last Friday. If you didn't see it, looks like someone managed to put a KVM switch with IP access on a machine within a bank branch, yet the BBC managed to keep a straight face when also saying "no one in the bank was in any way involved" (no-one? who let the person in to the branch and allowed them unsupervised access to the ports on a box?)

3
0
Silver badge

@AC 08:35 (was: Re: I've been running my personal cloud using a KVM switch ...)

I am a sophisticated hacker. I make a living from it. Legally.

Placing a remotely operated KVM into a bank isn't hacking, it's social engineering.

3
4
Silver badge

Re: I've been running my personal cloud using a KVM switch ...

The BBC couldn't string together a coherent tech article if their lives depended on it.

A recent article on the 64 bit iPhone 6 and Samsung's announcement that it will move to ARMv8 for its next generation of devices noted that there aren't any 64 bit apps for either iOS or Android. Completely failing to appreciate that most Android apps run exclusively on a virtual machine (Dalvik) and will be able to take advantage of the 64 bit cpu if the Dalvik VM is compiled for it (which, of course, it will be).

1
0
Gold badge
Mushroom

So one 0 day vuln in the JVM and...

I'd ask "What could go wrong," but I think the downside is pretty clear.

1
0

Re: So one 0 day vuln in the JVM and...

You know that this applies to linux kernel, glibc, hypervisor technology, .... There will always be many different attack vectors and I do not think using JVM makes it worse.

1
0
Roo
Bronze badge

Re: So one 0 day vuln in the JVM and...

The article suggests to me that the JVM is your only line of defence against your entire box being compromised. JVMs are big complicated beasts so the chance of fault or hack circumventing the JVM's protection mechanisms are quite high (because a JVM presents a very large attack surface), and because the JVM is the only line of defence your machine will be fully compromised. Overall the chances of a show-stopping vulnerability look substantially higher to me.

This seems to be a short-cut to making the MIT Exokernel concept a little more palatable to a wider audience. A JVM seems like a good fit because JVMs behave as though they have an entire machine to themselves in any case (selfish memory management, lack of the concept of a PID etc).

It'll be interesting watching the community adding all the stuff to it to make it into a fully fledged OS over the years. :)

2
0

Re: So one 0 day vuln in the JVM and...

Roo: "The article suggests to me that the JVM is your only line of defence against your entire box being compromised."

"Only" being the key word. A few layers less to worry about w.r.t. 0-day vulnerabilities. If this OSv becomes popular, it will also make sure all flaws in JVM will get full attention and quickly be ironed out. This will help all JVM related projects (quite a lot). In the end, this could upgrade Java's current bad reputation a lot too...

Just 2 cents worth.

0
2
nyh

Re: So one 0 day vuln in the JVM and...

The worst that can happen in that case is that the application can mess with the kernel that runs it. But since only a single application runs on this kernel, this doesn't gain the attacker anything he didn't already have after breaking into the JVM.

2
2
Gold badge
Unhappy

Re: So one 0 day vuln in the JVM and...

"The article suggests to me that the JVM is your only line of defence against your entire box being compromised. JVMs are big complicated beasts so the chance of fault or hack circumventing the JVM's protection mechanisms are quite high (because a JVM presents a very large attack surface), and because the JVM is the only line of defence your machine will be fully compromised. Overall the chances of a show-stopping vulnerability look substantially higher to me."

My point exactly

With no other barriers (because you removed them for speed) the JVM is the 1st, last and only line of defense.

A single layer security system.

1
0
Anonymous Coward

Re: So one 0 day vuln in the JVM and...

As someone state earlier getting to the 'kernel' gains you nothing because it is only running one thing, so there is no OS to hook, so you probably can't even crash the VM.

Yours is exactly a pointlessly alarmist comment.

2
1
Roo
Bronze badge

Re: So one 0 day vuln in the JVM and...

OK, but I think you guys are missing a really important point here. I very much doubt that people will buy a server and run just ONE of these JVMs, it would be a very expensive way to host apps. What they are more likely to do is to run > 1 of these JVMs and in this more likely scenario the rest of the JVMs and the entire machine are owned. Imagine the fun you could have talking directly to the hardware without a pesky OS to stop you from bricking the machine or spamming the network to death with garbage... Sweet dreams ops guys... ;)

0
0

Re: So one 0 day vuln in the JVM and...

OK, but I think you guys are missing a really important point here. I very much doubt that people will buy a server and run just ONE of these JVMs, it would be a very expensive way to host apps. What they are more likely to do is to run > 1 of these JVMs and in this more likely scenario the rest of the JVMs ...

---

Ok, a few things have gone awry with this thread.

First, most app deployments at scale run a single application service per VM/ server. There will be other OS services on the machine, but only ever 1 application service per machine. This model fits perfectly, strip away the OS overhead and allow the single app instance direct access to the hypervisor, increasing speed and also security.

When talking about Java security problems, these almost exclusively refer to java applets and desktop Java. Applets especially are broken and have no place in the world today. Server side Java on the other hand has an excellent security record and model.

Giving a JVM access to the hypervisor and removing everything else will reduce the attack surface available against that instance, not increase it. If a JVM becomes compromised, then that is the application compromised, no matter if the host OS is safe or not. The application is the valuable thing, not the host OS, thats just a commodity necessary to run an app.

So removing the host and all its services will reduce the vectors available to attack an application.

1
0
Roo
Bronze badge

Re: So one 0 day vuln in the JVM and...

"So removing the host and all its services will reduce the vectors available to attack an application."

I strive to keep stuff simple, so in principle I should welcome the idea of reducing the number of components and thereby reduce the chances of having broken components (I really liked the MIT Exokernel work for example). The problem with the scheme presented in this article is that you are throwing out battle hardened layers of security and replacing them with brand spanking new stack of code that has yet to go through that battle-hardening process.

JVMs are very big complicated pieces of code - and they have had more than their fair share of remotely exploitable vulnerabilities, and at the end of the day I see no inherent reason why the folks writing a JVM would be any better at security than say kernel devs.

Also you haven't actually addressed the point that if one JVM is compromised *everything* running on that hypervisor is vulnerable, you merely sidestepped it. I think there is a vanishingly low probability of running just one app on one JVM on these boxes, folks will want to do stuff like deployment and monitoring what the system is up to and that will usually end up being set of services that is installed on each box as part of a standard build.

I don't mind people trying this stuff out, just don't expect everyone to jump into the shark tank with you. :)

0
0

Re: So one 0 day vuln in the JVM and...

ah, I see what your point was now, and it wasn't sidestepped, it was that I don't see this as an issue.

Yes, I would expect people to run multiples of these on the same hypervisor, however, the hypervisor is in charge of protecting itself, and does so. It stops its guests from doing naughty things, whether they are fully fledged multi tasking OS' or something very different, like these app container things.

Eg, You can run your custom OS on AW (which uses Xen), but you wouldn't expect to be able to take over host, no matter what guest OS you run.

2
0
Roo
Bronze badge

... I'll come clean (was Re: So one 0 day vuln in the JVM and...)

I took a look at their website, my interest is piqued by the idea of running C++ binaries. I'll give it a shot (eventually), maybe it'll be another handy widget for the toolbox. Would be fun to try it out on something like a Seamicro style box (suitably firewalled + crew of paranoid sys admin on 24x7 watch natch. :P).

0
0
Bronze badge

Reanimating

Ah, resurrecting the idea of the protecting the system by allowing programming only in a safe language. Like in Burroughs and its Algol 60 dialect from the 1960's.

3
1

Nothing new - move along now

Running without an OS is common stuff in embedded systems. Yawn.

2
0

Re: Nothing new - move along now

Running without an OS in embedded systems sounds like a terrible idea :)

0
1
Bronze badge
Trollface

Wow

Right better get my copy of Windows 2.0 ready

0
0
Silver badge

@ Captain Scarlet (was: Re: Wow)

Try Slackware. Trust me.

0
1

a hypervisor

is also a OS, right ?

these guys gave us kvm on top of the os,

and now tell us we can live without kvm on top of the os.

yes.

I know.

Been there, done that, still doing it. without KVM.

:-)

boats float

0
0

Sounds like SmartOS

The Joyent people have released their SmartOS, which is a OpenSolarish. It is used successfully, as a Cloud OS to deploy Virtual Machines with Solaris Zones and KVM.

0
0
Gold badge
Unhappy

Read the article. The "one application" is the whole f**king system.

Bottom line like the x86 hardware RNG. Trade safety for performance.

Your choice.

And BTW if we're talking OS's implemented in HLL's lets have Unix and C as well?

0
0
Anonymous Coward

An OS does more than just memory management

So in principle, this simply means you write applications to use the "IBM PC hardware API" instead of the POSIX API. I guess the intent is to run this under KVM, not actually on the real hardware, so that when one application/JVM fails, it doesn't bring down the whole system.

But what about a network stack? What about local file systems, and remote network filesystems? What about threading? Are these all going to be implemented as Java libraries?

Maybe you pay the price of a context switch when you talk to the kernel, but at least the filesystem and network code you are then using is highly optimised and well tested.

It sounds to me like you might as well just go the whole hog and write your applications to run under DOS. You get a filesystem of sorts; you can load TCPIP.SYS as a TSR; and you can access up to 4G of RAM with HIMEM.SYS.

0
0
Bronze badge

Virtualization sucks, because it makes it difficult for an application to get the most out of its underlying infrastructure

Hey, we have a contender for Stupidest Opening Sentence of the Week. "Yeah, those damn VM supervisors and hypervisors, keeping me from using all of the hardware resources. Screw this. I'm rewriting all my back-office apps to run on the bare metal."

As previous commentators noted, there doesn't seem to be much that's technically innovative here. So they're using a hypervisor as a monitor to run the JVM. Sure, there's probably some market for that, but the article is more than a little overblown.

0
0
Anonymous Coward

Sounds like MirageOS, ErlangOnXen or HalVM

This sounds like all the other library OS'es that have been around for a while. Check out : https://github.com/GaloisInc/HaLVM, http://www.xenproject.org/developers/teams/mirage-os.html and http://erlangonxen.org/ ... with the exception that Java does maybe not lend itself that much to implement a lean library OS.

Would like to know, how this is different.

0
0
This topic is closed for new posts.