Xen virtualization modes
Let's take a quick look on various Xen virtualization modes in terms of pros and cons.
For a deeper understanding, you can read this excellent Xen Wiki page.
Spoiler: in the end, there is only 2 modes. But we'll see some interesting variations in the HVM world.
PV mode
Guest OS (the VM) uses only the unpriviledged CPU ring.
Pros
- Fast boot time
- No QEMU usage (smaller attack surface, less processes on Dom0)
- Fast context switches.
Cons
- Expensive memory management updates (Xen is auditing all memory modifications on the guest)
- "Complicated" boot management (PyGrub).
Historically, PV was the first mode available. Perfect in a world when the hardware assisted features was still inexistent.
HVM mode
This mode uses hardware extensions and emulated devices, existing everywhere since almost 10 years now.
Pros
- Fast memory management (hardware management)
- Less complicated boot process (emulated BIOS)
Cons
- One QEMU process for each guest
- "Slow" boot process (starting the emulated BIOS first)
- Emulated hardware (an extra layer which has a cost).
This mode uses the capabilities of your hardware to management the memory. It can be interesting, but in general pretty limited without extra drivers.
So that's it? Not really. You have extra "modes", all of them based on HVM.
PVHVM mode
HVM guest with an operating system detecting it, and therefore using virtualized Xen interupts and timers + drivers for disks and network. For Linux VMs, it's done automatically by the kernel, for Windows guests, you need to install special drivers.
Pros
- Same than HVM…
- … but better performances than HVM (less layers).
Cons
- Same cons than plain HVM.
Note than in the vast majority of workload, PVHVM outperform PV from 15 to 30%.
PVH mode
The last step in virtualization: best of both PV and HVM. Story of this mode is a bit complicated: first step was trying to use PV guest (PVHv1) but it happened to be the wrong way. Due to hardware improvements (and other reasons), the new way, nammed PVHv2 -formerly HVMLite- is HVM based.
But this time ditching Qemu (less attack surface), reducing boot time and so on. How? Accessing directly the hardware for almost every operations.
Pros
- No QEMU usage (less complex, smaller attack surface)
- Fast boot
- Fast memory management
Cons
- not 100% finished yet
- not available yet in XenServer
As you can see, PVH mode (PVHv2 actually) is the future. We'll continue to monitor closely when it will be available in XenServer. Stay tuned!
XenServer: is my VM PV or HVM?
That's easy to spot in Xen Orchestra, in your VM view, General tab:
Or in the Advanced tab:
You can also use the search bar to display all your HVM guests at once (or PV guest), using the following syntax: virtualizationMode:hvm