From: Jeff Duzak (jduzak_at_exchange.microsoft.com)
Date: Sun Feb 29 2004 - 21:09:05 PST
The Denali Isolation Kernel is a system akin to a virtual machine
monitor which can host several thousand virtual machines on a single
machine. Like Disco, Denali is designed to achieve scalability through
multiple virtual machines. Unlike Disco, Denali is designed to run on
commodity hardware, and does not provide exact hardware emulation.
The stated purpose of Denali is to allow a large number of untrusted
services, such as web services, to run on a single machine. Therefore,
Denali must provide isolation between the services, both for protection
and resource use considerations.
It is not a goal of the system to provide absolute backwards
compatibility. Therefore, the hardware emulation that the system
presents to each virtual machine is modified from the actual hardware in
three important areas: First, the instruction set is different;
certain difficult instructions are not supported, while a few
Denali-specific instructions are added. Second, the virtual memory
system is implemented by Denali, as opposed to the OS itself. Third,
interrupts are virtualized, and batched, when appropriate. These
modifications improve performance as well as simplify the implementation
of the system.
Because of its inexact hardware emulation, Denali cannot support
unmodified commodity OSs in its VMs. Therefore, OSs have to be ported
to the Denali platform. As of the time the paper was written, no
commodity OS had yet been ported to run on Denali. However, a much
simplified, library operating system called Ilwaco was developed for
Denali. Using such a simplified operating system might actually be a
better choice for a server application anyway, as it would afford the
application more control over resource allocation, as we have seen in
the Exokernel system.
Some specific benchmarks, such as TCP throughput, were used to measure
the Denali system against a commodity OS. The Denali system performed
reasonably well. The commodity OS outperformed the Denali system by up
to 40%, in terms of TCP throughput.
The scalability of the Denali system was measured using a large number
of VMs, each running a web server application. The performance of the
system was measured while controlling a number of variables, including
the popularity of the various web servers being run, the size of web
pages served, and the size of memory blocks paged to and from disk.
These variables can be tuned to obtain optimal system performance.
However, the general scaling characteristics of the system are similar
in all the situations reported. The system shows very good scaling
(that is, very steady total throughput of all VMs) up to a certain point
somewhere between 1000 and 2000 VMs, and then a steep drop after that.
The claim of scaling to 10,000 machines is somewhat suspect; at 10,000
VMs, the system serves about 15 requests per second, compared with about
5000 requests per second at lower numbers of VMs.
The idea of supporting a large number of untrusted applications on a
single machine seems extremely useful. Further, the approach Denali
takes of simplifying the virtual hardware interface is a completely
reasonable choice, given the applications it is intended to support.
The Denali system seems to achieve its goals, except for the claim of
scaling to 10,000 VMs.
This archive was generated by hypermail 2.1.6 : Sun Feb 29 2004 - 21:09:06 PST