denali_osdi_2002 - Scale and Performance in the Denali...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Scale and Performance in the Denali Isolation Kernel Andrew Whitaker, Marianne Shaw, and Steven D. Gribble University of Washington { andrew,mar,gribble } @cs.washington.edu Abstract This paper describes the Denali isolation kernel, an operating system architecture that safely multiplexes a large number of untrusted Internet services on shared hardware. Denalis goal is to allow new Internet services to be pushed into third party infrastructure, relieving Internet service authors from the burden of acquiring and maintaining physical infrastructure. Our isolation kernel exposes a virtual machine abstraction, but unlike conven- tional virtual machine monitors, Denali does not attempt to emulate the underlying physical architecture precisely, and instead modifies the virtual architecture to gain scale, performance, and simplicity of implementation. In this paper, we first discuss design principles of isolation ker- nels, and then we describe the design and implementation of Denali. Following this, we present a detailed evalua- tion of Denali, demonstrating that the overhead of virtu- alization is small, that our architectural choices are war- ranted, and that we can successfully scale to more than 10,000 virtual machines on commodity hardware. 1 Introduction Advances in networking and computing technol- ogy have accelerated the proliferation of Internet ser- vices, an application model in which service code ex- ecutes in the Internet infrastructure rather than on client PCs. Many applications fit this model, includ- ing web sites, search engines, and wide area plat- forms such as content distribution networks, caching systems, and network experimentation testbeds [25]. The Denali project seeks to encourage and enhance the Internet service model by making it possible for untrusted software services to be pushed safely into third party hosting infrastructure, thereby separat- ing the deployment of services from the management of the physical infrastructure on which they run. While this has clear benefits, it also faces difficult technical challenges. One challenge is scale : for cost- efficiency and convenience, infrastructure providers will need to multiplex many services on each server machine, as it would be prohibitively expensive to dedicate a separate machine to each service. A sec- ond challenge is security : infrastructure providers cannot trust hosted services, and services will not trust each other. There must be strong isolation be- tween services, both for security and to enforce fair resource provisioning. In this paper, we present the design, implemen- tation, and evaluation of the Denali isolation ker- nel , an x86-based operating system that isolates un- trusted software services in separate protection do- mains. The architecture of Denali is similar to that of virtual machine monitors such as Disco [6], VMWare [31], and VM/370 [9]. A virtual machine monitor carves a physical machine into multiple vir- tual machines; by virtualizing all hardware resources,...
View Full Document

Page1 / 15

denali_osdi_2002 - Scale and Performance in the Denali...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online