UTwinVM: Reliable hints on the effects of hypervisor updates on VMs in the Cloud
Pages 103 - 116
Abstract
We investigate the problem of getting hints on the effects of virtualization system (aka hypervisor) updates impact on virtual machines (VMs). System administrators can be reluctant to apply updates due to vague hints regarding the updates' impact on running applications. The problem is challenging since VMs are black boxes by design, reducing the scope of the data that can be retrieved and analyzed. Additionally, cloning VMs is only sometimes possible for obvious legal and privacy concerns.
In this paper, we present UTwinVM for Updated Twin VM, a mechanism to obtain valuable hints concerning the impact of updates on applications running in VMs. UTwinVM key idea is to generate a digital twin of running VMs that mimics the original VMs workloads behavior if they were running on with the updated virtualization stack. To achieve that, UTwinVM records several metrics regarding running VMs and the virtualization system on the initial server and on another server where the intended updated system runs. Then, it leverages a non-linear negative squared solver to determine how the initial system differs from the updated one. Based on that, it runs through specific scripts, workloads in VMs will match workloads running in the production VMs as if they were running on the updated system. Consequently, system administrators can observe these recreated workloads to obtain hints on the potential performance impact on production VMs. UTwinVM is non-intrusive for VMs and does not require modifications to the virtualization system.
We implement an open-source prototype of UTwinVM atop the Linux/KVM virtualization system (v6.6.4). Our evaluation shows that UTwinVM incurs no overhead on running VMs and less than 11% performance impact on host services while providing accurate hints for several update scenarios - up to 99%.
References
[1]
7zip. 7-benchmark, 2008. https://www.7-cpu.com/utils.html - Last accessed on 15/07/2021.
[2]
Steve Herrod (VMWare Alumus). The amazing vm record/replay feature in vmware workstation 6, 2007. http://tiny.cc/aximuz - Last accessed on 10/07/2021.
[3]
Apache. ab - apache http server benchmarking tool. https://httpd.apache.org/docs/2.4/programs/ab.html.
[4]
Jens Axboe. Fio-flexible i/o tester synthetic benchmark. https://github.com/axboe/fio (Accessed: 2021-06-13), 2005.
[5]
Hyun wook Baek, Abhinav Srivastava, and Jacobus Van der Merwe. Cloudvmi: Virtual machine introspection as a cloud service. In 2014 IEEE International Conference on Cloud Engineering, pages 153--158, 2014.
[6]
Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, and Andrew Warfield. Xen and the art of virtualization. ACM SIGOPS operating systems review, 37(5):164--177, 2003.
[7]
Nathan Binkert, Bradford Beckmann, Gabriel Black, Steven K Reinhardt, Ali Saidi, Arkaprava Basu, Joel Hestness, Derek R Hower, Tushar Krishna, Somayeh Sardashti, et al. The gem5 simulator. ACM SIGARCH computer architecture news, 39(2):1--7, 2011.
[8]
Stella Bitchebe, Djob Mvondo, Laurent Réveillère, Noël de Palma, and Alain Tchana. Extending intel pml for hardware-assisted working set size estimation of vms. In Proceedings of the 17th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE 2021, page 111--124, New York, NY, USA, 2021. Association for Computing Machinery.
[9]
Rasmus Bro and Sijmen Jong. A fast non-negativity-constrained least squares algorithm. Journal of Chemometrics, 11:393--401, 09 1997.
[10]
James Bucek, Klaus-Dieter Lange, and Jóakim v. Kistowski. Spec cpu2017: Next-generation compute benchmark. In Companion of the 2018 ACM/SPEC International Conference on Performance Engineering, pages 41--42, 2018.
[11]
Kevin Burns, Antonio Barbalace, Vincent Legout, and Binoy Ravindran. Kairosvm: Deterministic introspection for real-time virtual machine hierarchical scheduling. In Proceedings of the 2014 IEEE Emerging Technology and Factory Automation (ETFA), pages 1--8, 2014.
[12]
Anton Burtsev, David Johnson, Mike Hibler, Eric Eide, and John Regehr. Abstractions for practical virtual machine replay. In Proceedings of The 12th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE '16, page 93--106, New York, NY, USA, 2016. Association for Computing Machinery.
[13]
Deyan Chen and Hong Zhao. Data security and privacy protection issues in cloud computing. In 2012 International Conference on Computer Science and Electronics Engineering, volume 1, pages 647--651, 2012.
[14]
Young-ri Choi and Hoon Choi. Evaluating the performance of resource overcommitted virtualized systems. In 2010 Proceedings of the 5th International Conference on Ubiquitous Information Technologies and Applications, pages 1--6, 2010.
[15]
Jim Chow, Dominic Lucchetti, Tal Garfinkel, Geoffrey Lefebvre, Ryan Gardner, Joshua Mason, Sam Small, and Peter M. Chen. Multi-stage replay with crosscut. SIGPLAN Not., 45(7):13--24, mar 2010.
[16]
Christopher Clark, Keir Fraser, Steven Hand, Jacob Gorm Hansen, Eric Jul, Christian Limpach, Ian Pratt, and Andrew Warfield. Live migration of virtual machines. In Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation-Volume 2, pages 273--286, 2005.
[17]
Cybersecurity and Infrastructure Security Agency. Continued threat actor exploitation post pulse secure vpn patching, 2020. https://us-cert.cisa.gov/ncas/alerts/aa20-107a.
[18]
DataCenterKnowledge. Why some data centers don't patch and why they should, 2020. http://tiny.cc/6ximuz.
[19]
Christina Delimitrou and Christos Kozyrakis. Bolt: I know what you did last summer... in the cloud. In Proceedings of the Twenty-Second International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS '17, page 599--613, New York, NY, USA, 2017. Association for Computing Machinery.
[20]
George W. Dunlap, Samuel T. King, Sukru Cinar, Murtaza A. Basrai, and Peter M. Chen. Revirt: Enabling intrusion analysis through virtual-machine logging and replay. SIGOPS Oper. Syst. Rev., 36(SI):211--224, December 2003.
[21]
Geekbench. Geekbench 5.4. https://www.geekbench.com/ - Last accessed on 4/04/2021.
[22]
Michelle Goddard. The eu general data protection regulation (gdpr): European regulation that has a global impact. International Journal of Market Research, 59(6):703--705, 2017.
[23]
J.B. Grizzard and R.W. Gardner. Analysis of virtual machine record and replay for trustworthy computing. 32:528--535, 09 2013.
[24]
Ori Hadary, Luke Marshall, Ishai Menache, Abhisek Pan, Esaias E Greeff, David Dion, Star Dorminey, Shailesh Joshi, Yang Chen, Mark Russinovich, and Thomas Moscibroda. Protean: VM allocation service at scale. In 14th USENIX Symposium on Operating Systems Design and Implementation (OSDI 20), pages 845--861. USENIX Association, November 2020.
[25]
Michael R. Hines, Umesh Deshpande, and Kartik Gopalan. Post-copy live migration of virtual machines. SIGOPS Oper. Syst. Rev., 43(3):14--26, jul 2009.
[26]
Michael R. Hines and Kartik Gopalan. Post-copy based live virtual machine migration using adaptive pre-paging and dynamic self-ballooning. In Proceedings of the 2009 ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE '09, page 51--60, New York, NY, USA, 2009. Association for Computing Machinery.
[27]
Chung-Hsing Hsu and Ulrich Kremer. Iperf: A framework for automatic construction of performance prediction models. In Workshop on Profile and Feedback-Directed Compilation (PFDC), Paris, France. Citeseer, 1998.
[28]
Jingyuan HU, Xiaokuang Bai, Sai Sha, Yingwei Luo, Xiaolin Wang, and Zhenlin Wang. Working set size estimation with hugepages in virtualization. In 2018 IEEE Intl Conf on Parallel Distributed Processing with Applications, Ubiquitous Computing Communications, Big Data Cloud Computing, Social Computing Networking, Sustainable Computing Communications (ISPA/IUCC/BDCloud/SocialCom/SustainCom), pages 501--508, 2018.
[29]
Zhichao Hua, Dong Du, Yubin Xia, Haibo Chen, and Binyu Zang. EPTI: Efficient defence against meltdown attack for unpatched VMs. In 2018 USENIX Annual Technical Conference (USENIX ATC 18), pages 255--266, Boston, MA, July 2018. USENIX Association.
[30]
Avi Kivity, Yaniv Kamay, Dor Laor, Uri Lublin, and Anthony Liguori. kvm: the linux virtual machine monitor. In Proceedings of the Linux symposium, volume 1, pages 225--230. Dttawa, Dntorio, Canada, 2007.
[31]
Alexey Kopytov. Sysbench: a system performance benchmark. http://sysbench.sourceforge.net/, 2004.
[32]
Michael Larabel. Linux patches improve vm guest performance when the host encounters memory pressure. https://www.phoronix.com/news/Better-Guest-For-Host-RAM-Press.
[33]
Libvirt. Libvirt virtualization api, 2006. https://libvirt.org/ - Last accessed on 09/06/2021.
[34]
Yuhui Lin, Adam Barker, and John Thomson. Modelling vm latent characteristics and predicting application performance using semi-supervised non-negative matrix factorization. In 2020 IEEE 13th International Conference on Cloud Computing (CLOUD), pages 470--474, 2020.
[35]
Haikun Liu, Cheng-Zhong Xu, Hai Jin, Jiayu Gong, and Xiaofei Liao. Performance and energy modeling for live migration of virtual machines. In Proceedings of the 20th International Symposium on High Performance Distributed Computing, HPDC '11, page 171--182, New York, NY, USA, 2011. Association for Computing Machinery.
[36]
Steffen Maass, Mohan Kumar Kumar, Taesoo Kim, Tushar Krishna, and Abhishek Bhattacharjee. <span class="smallcaps smallercapital">eco</span>tlb: Eventually consistent tlbs. ACM Trans. Archit. Code Optim., 17(4), sep 2020.
[37]
John D McCalpin. Stream benchmark. Link: www.cs.virginia.edu/stream/ref.html# what, 22:7, 1995.
[38]
Anna Melekhova. Machine learning in virtualization: Estimate a virtual machine's working set size. In 2013 IEEE Sixth International Conference on Cloud Computing, pages 863--870, 2013.
[39]
Michael P. Mesnier. //trace: Parallel trace replay with approximate causal events. In 5th USENIX Conference on File and Storage Technologies (FAST 07), San Jose, CA, February 2007. USENIX Association.
[40]
A B M Moniruzzaman, Kawser Wazed Nafi, and Syed Akther Hossain. Virtual memory streaming technique for virtual machines (vms) for rapid scaling and high performance in cloud environment. In 2014 International Conference on Informatics, Electronics Vision (ICIEV), pages 1--6, 2014.
[41]
Justin Moore, Jeff Chase, Keith Farkas, and Parthasarathy Ranganathan. Data center workload monitoring, analysis, and emulation. CAECW '05: Proceedings of the Eighth Workshop on Computer Architecture Evaluation Using Commercial Workloads, 01 2005.
[42]
Djob Mvondo, Alain Tchana, Renaud Lachaize, Daniel Hagimont, and Noël De Palma. Fine-grained fault tolerance for resilient pvm-based virtual machine monitors. In 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pages 197--208, 2020.
[43]
Djob Mvondo, Boris Teabe, Alain Tchana, Daniel Hagimont, and Noel De Palma. Closer: A new design principle for the privileged virtual machine os. In 2019 IEEE 27th International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS), pages 49--60, 2019.
[44]
Jun Nakajima. Intel updates. Xen Summit November, 2007.
[45]
Neel Natu and Peter Grehan. Nested paging in bhyve. The FreeBSD Project, http://people.freebsd.org/neel/bhyve/bhyvenestedpaging.pdf, 2014.
[46]
Vlad Nitu, Aram Kocharyan, Hannas Yaya, Alain Tchana, Daniel Hagimont, and Hrachya Astsatryan. Working set size estimation techniques in virtualized environments: One size does not fit all. Proc. ACM Meas. Anal. Comput. Syst., 2(1), April 2018.
[47]
OpenStack. Openstack compute (nova), 2020. https://docs.openstack.org/nova/latest/ - Last accessed on 10/08/2021.
[48]
Oracle. End-to-end use case: Patching your data center, 2015. https://docs.oracle.com/cd/E24628_01/em.121/e27046/appdx_patching_use_case.htm#EMLCM94012.
[49]
Michael Pearce, Sherali Zeadally, and Ray Hunt. Virtualization: Issues, security threats, and solutions. ACM Comput. Surv., 45(2), March 2013.
[50]
SciPy. Scipy.org, 2001. https://www.scipy.org/ - Last accessed on 10/07/2021.
[51]
Yasser Shalabi, Mengjia Yan, Nima Honarmand, Ruby B. Lee, and Josep Torrellas. Record-replay architecture as a general security framework. In 2018 IEEE International Symposium on High Performance Computer Architecture (HPCA), pages 180--193, 2018.
[52]
Prateek Sharma, Lucas Chaufournier, Prashant Shenoy, and Y. C. Tay. Containers and virtual machines at scale: A comparative study. In Proceedings of the 17th International Middleware Conference, Middleware '16, New York, NY, USA, 2016. Association for Computing Machinery.
[53]
Pezhman Sheinidashtegol and Michael Galloway. Performance impact of ddos attacks on three virtual machine hypervisors. In 2017 IEEE International Conference on Cloud Engineering (IC2E), pages 204--214, 2017.
[54]
Ronak Singhal. Inside intel® core microarchitecture (nehalem). In 2008 IEEE Hot Chips 20 Symposium (HCS), pages 1--25, 2008.
[55]
Martin Slawski and Matthias Hein. Sparse recovery by thresholded non-negative least squares. In J. Shawe-Taylor, R. Zemel, P. Bartlett, F. Pereira, and K. Q. Weinberger, editors, Advances in Neural Information Processing Systems, volume 24. Curran Associates, Inc., 2011.
[56]
Xudong Sun, Runxiang Cheng, Jianyan Chen, Elaine Ang, Owolabi Legunsen, and Tianyin Xu. Testing configuration changes in context to prevent production failures. In 14th USENIX Symposium on Operating Systems Design and Implementation (OSDI 20), pages 735--751. USENIX Association, November 2020.
[57]
Yifeng Sun, Yingwei Luo, Xiaolin Wang, Zhenlin Wang, Binbin Zhang, Haogang Chen, and Xiaoming Li. Fast live cloning of virtual machine based on xen. In 2009 11th IEEE International Conference on High Performance Computing and Communications, pages 392--399, 2009.
[58]
Hassan Takabi, James B.D. Joshi, and Gail-Joon Ahn. Security and privacy challenges in cloud computing environments. IEEE Security Privacy, 8(6):24--31, 2010.
[59]
Blesson Varghese, Lawan Thamsuhang Subba, Long Thai, and Adam Barker. Container-based cloud virtual machine benchmarking. In 2016 IEEE International Conference on Cloud Engineering (IC2E), pages 192--201, 2016.
[60]
VMWare. Goodbye, replay debugging. http://www.replaydebugging.com/2011/09/goodbye-replay-debugging.html.
[61]
Carl A. Waldspurger. Memory resource management in vmware esx server. SIGOPS Oper. Syst. Rev., 36(SI):181--194, dec 2003.
[62]
Wei Wang, Zhiyu Hao, and Lei Cui. Clusterrr: a record and replay framework for virtual machine cluster. In Proceedings of the 18th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE 2022, page 31--44, New York, NY, USA, 2022. Association for Computing Machinery.
[63]
Xiaolin Wang, Jiarui Zang, Zhenlin Wang, Yingwei Luo, and Xiaoming Li. Selective hardware/software memory virtualization. In Proceedings of the 7th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments, VEE '11, page 217--226, New York, NY, USA, 2011. Association for Computing Machinery.
[64]
Song Wei, Kun Zhang, and Bibo Tu. Performance impact of host kernel page table isolation on virtualized servers. In 2021 IEEE Asia-Pacific Conference on Image Processing, Electronics and Computers (IPEC), pages 912--919, 2021.
[65]
Philip M. Wells, Koushik Chakraborty, and Gurindar S. Sohi. Hardware support for spin management in overcommitted virtual machines. In Proceedings of the 15th International Conference on Parallel Architectures and Compilation Techniques, PACT '06, page 124--133, New York, NY, USA, 2006. Association for Computing Machinery.
[66]
Sheng Yang. Extending kvm with new intel virtualization technology. In KVM forum, 2008.
[67]
Xiantao Zhang, Xiao Zheng, Zhi Wang, Qi Li, Junkang Fu, Yang Zhang, and Yibin Shen. Fast and scalable vmm live upgrade in large cloud infrastructure. In Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS '19, page 93--105, New York, NY, USA, 2019. Association for Computing Machinery.
[68]
Yu Zhang, Renéa Oertel, and Wolfgang Rehm. Paging method switching for qemu-kvm guest machine. In Proceedings of the 2014 International Conference on Big Data Science and Computing, BigDataScience '14, New York, NY, USA, 2014. Association for Computing Machinery.
[69]
Yu Zhao. [patch mm-unstable v2 00/10] mm/kvm: locklessly clear the accessed bit. https://lore.kernel.org/linux-mm/[email protected]/T/.
[70]
Wei Zheng, Ricardo Bianchini, G. John Janakiraman, Jose Renato Santos, and Yoshio Turner. Justrunit: Experiment-based management of virtualized data centers. In Proceedings of the 2009 Conference on USENIX Annual Technical Conference, USENIX'09, page 18, USA, 2009. USENIX Association.
[71]
Minqi Zhou, Rong Zhang, Wei Xie, Weining Qian, and Aoying Zhou. Security and privacy in cloud computing: A survey. In 2010 Sixth International Conference on Semantics, Knowledge and Grids, pages 105--112, 2010.
Index Terms
- UTwinVM: Reliable hints on the effects of hypervisor updates on VMs in the Cloud
Index terms have been assigned to the content through auto-classification.
Recommendations
Fast and live hypervisor replacement
VEE 2019: Proceedings of the 15th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution EnvironmentsHypervisors are increasingly complex and must be often updated for applying security patches, bug fixes, and feature upgrades. However, in a virtualized cloud infrastructure, updates to an operational hypervisor can be highly disruptive. Before being ...
Eliminating the hypervisor attack surface for a more secure cloud
CCS '11: Proceedings of the 18th ACM conference on Computer and communications securityCloud computing is quickly becoming the platform of choice for many web services. Virtualization is the key underlying technology enabling cloud providers to host services for a large number of customers. Unfortunately, virtualization software is large, ...
A Low Overhead and Reliable Nested Virtualization VMM for Cloud Computing
WISA '13: Proceedings of the 2013 10th Web Information System and Application ConferenceCommodity operating systems have already gained functionality of virtual machine monitor. Nested virtualization is needed to run these commodity operating systems as virtual machines. Furthermore, with nested virtualization technology, users can run a ...
Comments
Information & Contributors
Information
Published In
December 2024
515 pages
ISBN:9798400706233
DOI:10.1145/3652892
- Chair:
- Jiannong Cao,
- Program Chair:
- Zhi Jin,
- Program Co-chair:
- Valerio Schiavoni,
- Workshop Chair:
- Janick Edinger
This work is licensed under a Creative Commons Attribution International 4.0 License.
In-Cooperation
- IFIP
- Usenix
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 02 December 2024
Check for updates
Qualifiers
- Research-article
Funding Sources
- ANR
- Rennes Metropole AIS
Conference
Middleware '24
Acceptance Rates
Overall Acceptance Rate 203 of 948 submissions, 21%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 67Total Downloads
- Downloads (Last 12 months)67
- Downloads (Last 6 weeks)38
Reflects downloads up to 02 Feb 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in