Innovations and New Features

Xen Project Continues to Innovate

Some Open Source projects reach their stated goals and begin to stagnate.  They focus on performance and bug fixing (which is good and appropriate), but innovation slowly grinds to a halt.  They have achieved their goal, but they forget a central truth of the IT world: goals always change given enough time.

Xen Project, on the other hand, has remembered that continuous innovation is the life-blood of a project.  Having a world-class hypervisor is terrific, but it is not enough for the future.  Yesterday's datacenter has given way to internal, external, and hybrid clouds.  Servers are now being supplemented by devices embedded in previously dumb objects.  Desktops are giving way to tablets, smart phones, and other portable devices.

Xen Project continues to look ahead and ask, "What will tomorrow's compute infrastructure look like?  And what functionality will we need to provide to enable it?"   This page highlights some of the latest innovations proceeding in the project.  Make sure you check back periodically to see some of the more interesting new work going on.

Some of the Project's Hottest Works in Progress:


Most organisations embrace the cloud today, with the speed and flexibility of as-a-service offerings proving irresistibly attractive. Even those who believe their organisations should remain stubbornly out of the cloud will often find cloud services in use somewhere within their own networks. One commonly-cited issue with corporate cloud use is security. The Xen Project is continuously improving security related operations as well as functionality.

Virtual Machine Introspection: A Security Innovation With New Commercial Applications
by Lars Kurth, 2016-08-11

A few weeks ago, Citrix and Bitdefender launched XenServer 7 and Bitdefender Hypervisor Introspection, which together compose the first commercial application of the Xen Project Hypervisor’s Virtual Machine Introspection (VMI) infrastructure. In this article, we will cover why this technology is revolutionary and how members of the Xen Project Community and open source projects that were early adopters of VMI (most notably LibVMI and DRAKVUF) collaborated to enable this technology.

Open Source Security Process Part 4: Xen Project's Policy for Responsible Disclosure with Maximum Fairness and Transparency
by Lars Kurth, 2015-11-19

In part four of this four-part series, Xen Project Advisory Board Chairman Lars Kurth takes a closer look at the Xen Project’s Security Policy and its evolution from its inception in 2011 to today and what it means for IT teams. Read Part 3: Are Today’s Open Source Security Practices Robust Enough in the Cloud Era?


One of the hottest topics in the future of the cloud is Unikernels.  Xen Project has been at the forefront, sponsoring the work of the Mirage OS team in our Incubator, supplying Mini-OS as a jumping-off point for developers, and improving the hypervisor so that it can handle many small unikernel-based VMs in the future.

The Next Generation Cloud: Rise of the Unikernel
by Lars Kurth, 2015-04-12

Traditional operating systems run multiple applications on a single machine, managing resources and isolating applications from one another. A unikernel runs a single application on a single virtual machine, relying instead on the hypervisor to isolate those virtual machines. Unikernels are constructed by using “library operating systems,” from which the developer selects only the minimal set of services required for an application to run. These sealed, fixed-purpose images run directly on a hypervisor without an intervening guest OS such as Linux.

Xen Automotive

Is your car your next hypervisor?  With the Xen Automotive subproject it will be!  Much work is being done to bring the Xen Project Hypervisor into the infotainment system of your next-generation vehicle.

Managing co­processors for Linux PV domains by running a Xen hypervisor on ARM platforms
by Andrii Tseglytskyi 2015-01-14, GlobalLogic

As modern ARM SoCs become faster and faster, they are now capable of performing the same high­load tasks that desktop PCs were performing a few years ago, such as HD video playback and high­speed graphic rendering. The structure of an ARM SoC is also now quite complicated. In addition to containing a CPU module or modules, it also includes several peripheral modules (e.g., UARTs, Wireless, HDMI ports, etc.) and co­processors that are designed to help with high­load tasks like Graphic Processor Unit (GPU) or Video Processor Unit (VPU) are assembled together with the main CPU on almost all modern ARM SoCs that are designed for mobile and automotive markets. The article will cover few aspects of sharing such coprocessors when running Xen on embedded SoC.

Device Passthrough to Driver Domain in Xen
by Yurii Konovalenko 2015-02-25, GlobalLogic

As we all know, one of the most common sources of OS crashes are hardware drivers and the issues with them. On systems with visualization, it seems logical to create a separate domain and place hardware drivers (or at least the buggiest of them) there. One of the most significant tasks of creating a system with such a driver domain is to correctly provide it with resources (e.g., IO memory, IRQs). The main idea of passthrough described in the paper is to grant access for DomD through Dom0.

RT-Xen on ARM
by Denys Drozdov 2015-03-10, GlobalLogic

The paper analyzes the latency of OS scheduling for symmetric and asymmetric multi-processing support cases – as well as incoming packet handling in Xen – using default credit and real-time schedulers. It also demonstrates how the real-time scheduler affects latency. With RT-Xen support, most of the incoming packets are predictably handled within 1 millisecond with a small overhead at the destined guest OS, which is a feasible time bound for most soft real-time applications.

Xen Project User Summit 2013 Videos and Presentations

logo xenprouserVideos


Slides can be found here

Why Xen Project?

The Xen Project team is a global open source community that develops the Xen Project Hypervisor and its associated subprojects.  Xen (pronounced /’zɛn/) Project has its origins in the ancient greek term Xenos (ξένος), which can be used to refer to guest-friends whose relationship is constructed under the ritual of xenia ("guest-friendship"), which in term is a wordplay on the idea of guest operating systems as well as a community of developers and users. The original website was created in 2003 to allow a global community of developers to contribute and improve the hypervisor.  Click on the link to find more about the projects’s interesting history.

The community supporting the project follows a number of principles: Openess, Transparency, Meritocracy and Consensus Decision Making. Find out more about how the community governs itself.

What Differentiates the Xen Project Community?

In any Open Source effort, the community makes the difference -- and the Xen Project community is a jewel!  Our community is both active and growing.  2015's 4.6 release had more new features than any release in a decade!  Some project communities lose steam after a decade; ours is actually becoming more diverse, with more and more organizations stepping in to help build new features.  Innovation is not slowing down -- it is accelerating! In the age of the cloud, the hypervisor needs to be opening doors to new experiences. The cloud is not static; your hypervisor cannot afford to be static either. It should be unlocking new possibilities to enable the next generation of the cloud. That's precisely what we are doing at Xen Project.

What Differentiates the Xen Project Software?

There are several virtualization technologies available in the world today. Our Xen Project virtualization and cloud software includes many powerful features which make it an excellent choice for many organizations:

Supports multiple guest operating systems: Linux, Windows, NetBSD, FreeBSD A virtualization technology which only supports a few guest operating systems essentially locks the organization into those choices for years to come. With our hypervisor, you have the flexibility to use what you need and add other operating system platforms as your needs dictate. You are in control.
Supports multiple Cloud platforms: CloudStack, OpenStack A virtualization technology which only supports one Cloud technology locks you into that technology. With the world of the Cloud moving so quickly, it could be a mistake to commit to one Cloud platform too soon. Our software keeps your choices open as Cloud solutions continue to improve and mature.
Reliable technology with a solid track record The hypervisor has been in production for many years and is the #1 Open Source hypervisor according to analysts such as Gartner. Conservative estimates show that Xen has an active user base of 10+ million: these are users, not merely hypervisor installations which are an order of magnitude higher. Amazon Web Services alone runs ½ million virtualized Xen Project instances according to a recent study and other cloud providers such as Rackspace and hosting companies use the hypervisor at extremely large scale. Companies such as Google and Yahoo use the hypervisor at scale for their internal infrastructure. Our software is the basis of successful commercial products such as Citrix XenServer and Oracle VM, which support an ecosystem of more than 2000 commercially certified partners today. It is clear that many major industry players regard our software as a safe virtualization platform for even the largest clouds.
Scalability The hypervisor can scale up to 4,095 host CPUs with 16Tb of RAM. Using Para Virtualization (PV), the hypervisor supports a maximum of 512 VCPUs with 512Gb RAM per guest. Using Hardware Virtualization (HVM), it supports a maximum of 128 VCPUs with 1Tb RAM per guest.
Performance Xen tends to outperform other open source virtualization solutions in most configurations. Check out Ubuntu 15.10: KVM vs. Xen vs. VirtualBox Virtualization Performance (Phoronix, Oct 2015) for a recent benchmarks of Xen 4.6.

Security is one of the major concerns when moving critical services to virtualization or cloud computing environments. The hypervisor provides a high level of security due to its modular architecture, which separates the hypervisor from the control and guest operating systems. The hypervisor itself is thin and thus provides a minimal attack surface. The software also contains the Xen Security Modules (XSM), which have been developed and contributed to the project by the NSA for ultra secure use-cases. XSM introduces control policy providing fine-grained controls over its domains and their interaction amongst themselves and the outside world. And, of course, it is also possible to use the hypervisor with SELinux. In addition, Xen’s Virtual Machine Introspection (VMI) subsystems make it the best hypervisor for security applications. For more information, see Virtual Machine Introspection with Xen and VM Introspection: Practical Applications.

The Xen Project also has a dedicated security team, which handles security vulnerabilities in accordance with our Security Policy. Unlike almost all corporations and even most open source projects, the Xen Project properly discloses, via an advisory, every vulnerability discovered in supported configurations. We also often publish advisories about vulnerabilities in other relevant projects, such as Linux and QEMU.
Flexibility Our hypervisor is the most flexible hypervisor on the market, enabling you to tailor your installation to your needs. There are lots of choices and trade-offs that you can make. For example: the hypervisor works on older hardware using paravirtualization, on newer hardware using HVM or PV on HVM. Users can choose from three tool stacks (XL, XAPI & LIBVIRT), from an ecosystem of software complementing the project and choose the most suitable flavour of Linux and Unix operating system for their needs. Further, the project's flexible architecture enables vendors to create Xen-based products and services for servers, cloud, desktop in particular for ultra secure environments.
Modularity Our architecture is uniquely modular, enabling a degree of scalability, robustness, and security suitable even for large, critical, and extremely secure environments. The control functionality in our control domain can be divided into small modular domains running a minimal kernel and a driver, control logic or other functionality: we call this approach Domain Disaggregation. Disaggregated domains are conceptually similar to processes in an operating system. They can be started/ended on demand, without affecting the rest of the system. Disaggregated domains reduce attack surface and distribute bottlenecks.  It enables you to restart an unresponsive device driver without affecting your VMs.
VM Migration The software supports Virtual Machine Migration. This allows you to react to changing loads on your servers, protecting your workloads.
Open Source Open Source means that you have influence over the direction of the code. You are not at the mercy of some immovable external organization which may have priorities which do not align with your organization. You can participate and help ensure that your needs are heard in the process. And you never have to worry that some entity has decided to terminate the product for business reasons. An Open Source project will live as long as there are parties interested in advancing the software.
Multi-vendor support The project enjoys support from a number of major software and service vendors.  This gives end-users numerous places to find support, as well as numerous service providers to work with.  With such a rich commercial ecosystem around the project, there is plenty of interest in keeping the project moving forward to ever greater heights.



Project contributors include people from a number of notable organizations.  Official Xen Project member organizations include: Alibaba / Aliyun, AWS, AMD, ARM, Bromium, Cavium, Citrix, Google, Intel, NetApp, Oracle, Rackspace, and Verizon.

We regularly measure contributions to the project, which you can see in our Acknowledgement pages.

Xen Project Ecosystem and Users

The project sports a large ecosystem of hosting and cloud vendors, small users, and research institutions. They continue to produce tools interfacing with our code, as well as Open Source projects and commercial products that have been built on top of, or interface with, our software. If you want to find out more, go to the Ecosystem  Directory. We do not know exactly how big our user base is, as our software gets distributed by third parties, Linux distributions, etc. However, from the data we have we know that our user base is in the tens of millions individuals and organizations that use solutions involving Xen Project software.

Success Stories

If you would like to be added to this page, please contact us.

Cavium (March 2015)

With several companies introducing ARM servers recently, cloud providers and enterprise datacenters are excited to see new alternatives for reducing costs and power use come to market. Cavium, a semiconductor leader with a long heritage in security and wireless/ networking, entered the race with the introduction of ThunderX™ the industry’s first 48-core and 96-core family of ARMv8 workload optimized processors. To get to this point, numerous companies, developers and organizations, including Cavium, put great effort into the development of server software, standards and products to make ARM based SoCs a viable option in these environments. For Cavium, joining the Xen Project was a critical part of its work to advance the evolving ARM ecosystem. According to Larry Wikelius, Xen Project Advisory Board member and Cavium’s Director of Ecosystems and Partner Enablement, it has also been crucial to competing in this evolving market.

In our latest “Future of Xen” video, Larry says working with Xen Project hypervisor is an important requirement for certain customers. With many Cavium customers and partners already using the open source hypervisor, the company needs to not only support Xen, but commit to optimizing the hypervisor for private and public clouds as well as corporate datacenters. Cavium joined the Xen Project community last year and is pleased to see the Project dedicate significant resources and development cycles to ensuring full support, peak performance and efficiencies for ARM-based servers and SoCs. As a board member, Cavium is also able to shape the Project’s roadmap, ensuring it protects Xen deployments and a scale-out strategy to support cloud, telecommunications, Internet of Things devices, big data analytics and more. While the Project’s early commitment for ARM support is relevant, what’s equally important is the hypervior’s small footprint and the growing number of silicon vendors, software companies and end users investing in the Project.

So beyond scale out Data Center and Cloud deployments, what else is ahead for ARM-based servers and SoCs? Larry already sees the networking and carrier space mobilizing behind network function virtualization (NFV). Versions of its ThunderX chip aimed at (NFV) workloads as well as telecommunication, media, and gaming systems offer more I/O in general and security accelerators. Larry recently spoke about this topic at The Linux Foundation’s Collaboration Summit 2015 last month. Be sure to watch his video and check out slides from his talk to learn more. 

Intel (January 2015)

Intel’s Virtualization Architect Donald Dugger started working on Xen Project software eight years ago. We recently interviewed Don to find out why Intel continues to support, contribute and invest in the Xen Project. One of the first companies to contribute to hardware-assisted virtualization, today Intel remains equally focused on actively promoting open source virtualization. The company continually adds new virtualization features in its CPUs and is constantly evolving its virtualization support. Improved cache monitoring technology, which provides faster processing and better utilization to resolve the “noisy neighbor” dilemma when hosting large, resource-hungry data sets, is the latest contribution from the world’s largest chip company. Don spoke to eWeek about this new feature last week for the release of Xen Project Hypervisor version 4.5.

Get Involved

The Xen Project software is Open Source, which means you can get involved in the process -- and you don't even need to be a developer to do so!

How you may ask?  By a number of different ways.

The first is by simply using the software.  Open Source is only valuable if it is useful, and our project is no exception.  Download the software and try it out.  See if it works for you.  Start small and take it for a test drive.  Then think to yourself, "Could this make my life easier?  Could it solve a problem I have right now or will have in the near future?"  If so, take it to the next level and begin to make plans to deploy it in your situation.

Once you've started using it, then start talking.  The software won't get better unless people start communicating about their needs.  Does our software do what you need?  Could it be made simpler?  Faster?  Does it need better documentation?  Maybe quick how-to recipes for attacking certain problems?

If you're a company, join the Xen Project Advisory Board.  The project team needs code, but it also needs the support of active advocates who fund and manage the operations of the project.  The Xen Project Advisory Board ensures the project has the funding and infrastructure required to support development, and works closely with project committers and maintainers.

Our project gives you many ways to talk to the rest of the community, including:

  • IRC (Internet Relay Chat) for getting realtime answers to your questions from others in the community who may have conquered issues you are puzzling about (and for helping out others once you have begun using it yourself).
  • Question and Answer knowledgebase for posing issues in a more structured format and for helping others as you gain experience.
  • Mailing lists for getting the ear of a larger community of users and developers.
  • Wiki for storing information in an informal, flexible, dynamic yet longer lasting format.
  • Documentation for formal information.
  • Xen Project Uservoice for storing your feedback for the development team to consider.
  • Bug Reports are very important and one of the most valuable types of feedback you can give.  When you log a bug, you are working to make the software better, even if you are not a programmer.

In addition, the community holds periodic events which allow you to give feedback, as well as lend a hand in the effort to create even better software.  These events include:

  • Test Days which allow you to test new software and give feedback to the project in real time.
  • Documentation Days which allow you to participate in the creation and revision of entries for the Wiki and Documentation.

These facilities and events are useless unless people like you use them, so get involved!