Xen Orchestra 5.103
Happy New Year! We’re kicking off 2025 with a feature-packed release: XO 5.103. This update not only brings powerful improvements to backups, UI, network management, and storage, but also opens the door for even more community-driven innovation.
This month, we’re inviting you to shape the future of Xen Orchestra and the Vates VMS stack—whether by testing cutting-edge features, contributing to translations, or helping us define the roadmap for our DevOps tools.
Let’s make 2025 the biggest year yet. So… let’s dive in!
👨🚀 Project & Community
This month might set a new record—we’re actively seeking your feedback on three different topics!
Your input is invaluable in shaping the future of XCP-ng, Xen Orchestra, and Vates. Whether it’s DevOps priorities, translations, or testing new features, you get to choose where you can help the most!
Let’s build the best Open Source virtualization platform together. 💪🔥
New translation platform
We’re excited to announce that we are rolling out a new translation tool for XO Lite and XO 6! 🎉
The platform we’ve chosen is Weblate, and—of course—we are self-hosting it on our own infrastructure running XCP-ng, with backups managed via Xen Orchestra.
For now, we’re testing the system, so we’re not expecting full translations just yet. Instead, we encourage you to submit a few words or phrases in different languages to help us validate the workflow. If everything runs smoothly, this will make contributing translations much easier going forward!
📢 Want to help? Register and submit a few translations in the language of your choice:
Michal Čihař
Removing the 2TiB limitation
While it was already possible to use volumes larger than 2TiB with the raw driver, there were major limitations: no snapshots, no live migration, and other missing features.
Now, we’re excited to introduce an alpha release of our elegant solution—one that minimizes migration complexity while unlocking full functionality. Instead of requiring a complete overhaul, we’ve added qcow2 format support to the existing tapdisk component.
In simple terms:
- You can keep all your existing SRs.
- Any new VDIs will automatically use the new format, enabling snapshots, live migration, and more.
- No disruptive migrations—just seamless support for larger VDIs!
You can learn more, test and report in here:
olivierlambert
The more users we have testing it, the faster we can refine it and make it production-ready.
Our DevOps team is waiting for your feedback
We now have a dedicated DevOps team, which means exciting progress ahead on key topics like Kubernetes integration, compatibility with existing K8s tools, CSI support, Pyrgos, and more.
However, to ensure we prioritize the right features, we need your feedback! Let us know what matters most to you, what challenges you're facing, and what integrations would help streamline your workflows.
📢 Share your needs and ideas, and we’ll work on making them a reality!
olivierlambert
XCP-ng monthly updates
This month brings updates for both XCP-ng 8.2 and 8.3. Be sure to read the announcement carefully and, as always, we recommend keeping your hosts up to date to benefit from the latest improvements, fixes, and security patches.
Gaël Duperrey
Gaël Duperrey
As progress continues across the Vates ecosystem—spanning XCP-ng, Xen Orchestra, and the wider community—we’ve also been hard at work improving core functionalities. Now, let’s dive into this month’s release and explore what’s new!
💾 Backup
This month brought significant improvements to the backup system in Xen Orchestra. Let’s take a closer look at what’s new!
Encryption algorithm upgrade
We’ve introduced ChaCha20-Poly1305 as the new encryption standard for backups, replacing AES-256-GCM as the default. This algorithm is widely regarded for its security, efficiency, and modern design. Already a de facto standard in projects like SSH and WireGuard, it is also recommended by ANSSI (the French cybersecurity agency).
Contributors to Wikimedia projects
Like AES-256-GCM, ChaCha20-Poly1305 is an AEAD (Authenticated Encryption with Associated Data) algorithm. This means it provides both confidentiality and data integrity without requiring additional checksum verification. Because encryption inherently includes integrity protection, we were able to remove redundant checksum calculations, leading to improved backup performance.
Performance-wise, AES-256-GCM benefits from hardware acceleration on modern CPUs via AES-NI, making it very efficient on x86-based architectures. However, ChaCha20-Poly1305 is often faster on systems that lack AES-NI, such as ARM-based platforms, making it a better choice for cross-platform compatibility. Another key advantage is that ChaCha20-Poly1305 does not impose a 64 GiB file size limit, unlike AES-256-GCM, which can be restrictive for large, block-based backups.
While ChaCha20-Poly1305 is not FIPS-certified, we continue to support AES-256-GCM for users who require compliance. If FIPS certification is necessary for your environment, you can manually configure your Backup Repository to use AES-256-GCM instead.
For those interested in the technical details, you can find the full ChaCha20-Poly1305 specification in RFC 8439.
Faster encrypted backups
Encrypted backups now run faster, thanks to a key optimization: removing redundant checksums. Since encryption inherently provides integrity verification, separate checksum calculations were unnecessary, so we removed them, significantly boosting performance.
Incremental replication backup size displayed
You can now see the actual space used by incremental replication backups. This was tricky to compute accurately, but we made it work! The backup view now displays the real storage consumption on the destination Storage Repository (SR), giving you a better understanding of your backup footprint. It will be displayed in the new XO 6 dashboard.
Avoid disabling blocks on encrypted SR
We’ve added a safeguard to prevent disabling block-based mode on an existing backup configured with both blocks + encryption. Without this check, disabling blocks could lead to issues during merge, as some parts of the backup would remain encrypted while others wouldn’t. This new backend-level safety measure ensures a seamless and reliable backup workflow.
More documentation on backups
We’re continuously improving our backup documentation, especially around retention policies—a topic that can be complex to navigate. If you haven’t checked it in a while, we highly recommend taking a look at the latest updates: 👉 Backup Documentation
🥝 Core UI
CoreUI is our new component framework and design system, built to power both XO Lite and XO 6. This month, we've made various improvements, particularly in the VM console experience.
Better consoles
We've introduced a loading state indicator for consoles, ensuring better feedback when a session is starting. Additionally, when a VM is halted, instead of displaying a blank or unresponsive console, a clear visual placeholder image is now shown, improving the user experience.
Interacting with the console has also become more seamless. We've added essential actions such as Ctrl+Alt+Del and other key commands directly within the interface. The console now also supports full-screen mode, making it easier to work with VMs in a dedicated view.
Finally, keyboard focus improvements ensure a smoother workflow. When the console is active, focus is now automatically set, meaning you can start typing without extra clicks. Additionally, tab navigation is fully supported, allowing users to switch between UI elements efficiently using just the keyboard.
Network management
We've laid the groundwork for network management in CoreUI! All the necessary components have been created and assembled, allowing us to accurately report network data within the UI. While the side panel for managing network configurations is not yet available, rest assured that it’s coming next month. This marks an important step toward a more integrated and seamless network management experience in both XO Lite and XO 6.
Stay tuned for further updates!
Spanish translation
A huge thanks to David Johnston (aka DSJ2 on GitHub) for his valuable contribution in adding Spanish language support to both XO Lite and XO 6! This marks another step in making Xen Orchestra more accessible to a broader audience. We truly appreciate the community's efforts in helping us improve and expand localization. ¡Gracias!
🛰️ XO 6
While CoreUI serves as the global component library, XO 6 and XO Lite remain two distinct products, each designed to solve different challenges. Let’s take a look at what’s new in XO 6 this month.
Mobile-friendly dashboard
The dashboard now adapts properly to mobile devices, ensuring a smoother experience when managing your XCP-ng infrastructure on the go. While most users interact with Xen Orchestra from a desktop or laptop, sometimes you only have your phone: and in those cases, having a functional interface is far better than nothing!
Network display
A dedicated network view is now available for both pools and hosts. This new interface provides a clear summary of everything you need to know about your network configuration in XCP-ng, helping you quickly assess and manage connectivity across your infrastructure.
Language Sync from XO 5 to XO 6
XO 6 doesn’t yet have a dedicated preferences section, but language settings from XO 5 are now automatically synced. If you’ve set your preferred language in the User Zone of XO 5, it will be reflected in XO 6 as well!
🔭 XO Lite
Just like XO 6, XO Lite continues to receive monthly updates, ensuring a steady stream of improvements. If your system is connected to the internet, XO Lite will automatically update to the latest version. For air-gapped environments, make sure to keep up with your regular XCP-ng updates to benefit from the latest features.
Network display
Similar to XO 6, XO Lite now includes a dedicated network view for both pools and hosts. This new feature brings essential network insights directly into the XO Lite interface, making network management more accessible and intuitive.
🪐 XOA
We’re actively working on bringing dedicated XOA instances tailored for deployment on AWS, designed specifically for users operating in hybrid cloud environments. This initiative aims to provide a seamless experience for those managing both on-premises and cloud-based infrastructures.
Currently, this feature is in beta, but we’re making steady progress—stay tuned for more updates in the near future! If you are interested, please contact us.
📡 REST API
This month, we’ve added a new endpoint—but more importantly, we’ve embarked on a major API overhaul that will bring better standardization, improved documentation, and long-term stability. Here’s what’s happening.
Data on space usage for replication
We've enhanced the Dashboard API endpoint to now include size usage on destination SRs for replication backups. This means you can programmatically retrieve the actual space consumed by replication backups, giving you better insights into your storage usage.
For those looking to interact with this endpoint, here’s an example request:
"storageRepositories": {
"size": {
"total": 80590583250944,
"used": 4423463350272,
"available": 76167119900672,
"other": 0,
"replicated": 0
}
},Major refactoring
We’ve started a major refactoring of our REST API, migrating it to the TSOA framework. TSOA allows us to directly generate OpenAPI specifications from TypeScript, bringing us closer to industry standards and improving maintainability.
Our goal is to make the REST API a first-class citizen in Xen Orchestra, ensuring better documentation, consistency, and ease of integration for developers. With this shift, API documentation will be automatically generated from the code itself, keeping it always up to date with the latest changes.
These modifications won’t break the existing API, but they will likely introduce a new versioned endpoint (v1 instead of v0). Versioning ensures smooth transitions between API updates, allowing users to adopt new improvements while maintaining compatibility with existing integrations.
This is a significant step toward a more robust, standardized, and developer-friendly Xen Orchestra API. Stay tuned for more updates!.
🐦 VMware to Vates (V2V)
We've improved VSAN support in our VMware to Vates (V2V) migration tool, ensuring better handling of specific URL changes. In most cases, migrating VMs from VSAN to XCP-ng now works out of the box.
However, due to limitations in VMware’s API, VSAN transfers are not the fastest and unfortunately do not provide real-time progress updates. In some cases, you may find that exporting VSAN VM disks to an NFS share first results in a faster migration process.
That said, V2V can now natively import VMs from an existing VSAN environment, making the transition from VMware to XCP-ng even smoother.
🆕 Misc
This month’s miscellaneous updates list is a bit shorter than usual. That’s because a significant portion of our efforts went into the XenServer 8 updates, along with the increasing priority of XO Lite and XO 6. However, we still have some notable improvements!
Improved CloudInit drive removal
Previously, you could configure XO to automatically remove the CloudInit drive after the first boot, preventing an unnecessary 10MiB drive from lingering after initial configuration. However, in some cases, we discovered that the removal process was happening too soon—before CloudInit had fully completed its setup.
This issue occurred because XO waited for the guest tools to be active before removing the drive, but in some operating systems, the tools could start before CloudInit finished its configuration, creating a race condition. While this didn't affect all users, it was inconsistent across different OS environments.
To ensure reliability, we’ve now added an extra delay of 30 seconds before the drive is removed. While this isn’t the most elegant solution, it guarantees that CloudInit has completed its job before cleanup occurs. In the end, waiting an additional 30 seconds to remove a 10MiB drive was a small tradeoff for ensuring this feature works correctly across all setups.
Server: remember pool's name and description
Previously, when adding a pool from the Settings > Server section in XO, you could assign a custom label to help identify it. However, there was a limitation: the pool name was only available while the pool remained connected. If the connection was lost, so was the pool name—leaving only the IP address as a reference. If no label had been set, it became impossible to determine which pool it was.
We've now improved this behavior. On first connection, if you haven't manually provided a label, XO will automatically fill it with the pool's name. This ensures that even if the pool gets disconnected for maintenance (or any other reason), you’ll still remember what it was, making it easier to reconnect later.
This small but impactful change improves usability and helps prevent confusion when managing multiple pools over time.
XS 8 updates installation
Last month, we introduced the ability to fetch available updates for XenServer 8 directly within Xen Orchestra. This month, we've taken it a step further: you can now download and install these updates easily from within XO.
To make the process as smooth as possible, you can leverage our Rolling Pool Upgrade (RPU) process, allowing you to apply updates efficiently across your infrastructure. Our update algorithm is designed to apply all updates at once, minimizing downtime and making the installation process as fast as possible.
Of course, if you prefer to install updates manually, that option is still available. While this feature required a fair amount of work, we’re happy to continue supporting our small but dedicated XenServer user base. Consider it a gesture of appreciation toward the project that originally inspired XCP-ng, as well as the powerful toolstack that helped shape Xen Orchestra into what it is today.
