Micro-CernVM: Slashing the Cost of Building and Deploying Virtual Machines

The traditional virtual machine building and and deployment process is centered around the virtual machine hard disk image. The packages comprising the VM operating system are carefully selected, hard disk images are built for a variety of different hypervisors, and images have to be distributed and decompressed in order to instantiate a virtual machine. Within the HEP community, the CernVM File System has been established in order to decouple the distribution from the experiment software from the building and distribution of the VM hard disk images. We show how to get rid of such pre-built hard disk images altogether. Due to the high requirements on POSIX compliance imposed by HEP application software, CernVM-FS can also be used to host and boot a Linux operating system. This allows the use of a tiny bootable CD image that comprises only a Linux kernel while the rest of the operating system is provided on demand by CernVM-FS. This approach speeds up the initial instantiation time and reduces virtual machine image sizes by an order of magnitude. Furthermore, security updates can be distributed instantaneously through CernVM-FS. By leveraging the fact that CernVM-FS is a versioning file system, a historic analysis environment can be easily re-spawned by selecting the corresponding CernVM-FS file system snapshot.Comment: Conference paper at the 2013 Computing in High Energy Physics (CHEP) Conference, Amsterda

Evaluation and design of function for tracing diffusion of classified information for file operations with KVM

Cases of classified information leakage have become increasingly common. To address this problem, we have developed a function for tracing the diffusion of classified information within an operating system. However, this function suffers from the following two problems: first, in order to introduce the function, the operating system's source code must be modified. Second, there is a risk that the function will be disabled when the operating system is attacked. Thus, we have designed a function for tracing the diffusion of classified information in a guest operating system by using a virtual machine monitor. By using a virtual machine monitor, we can introduce the proposed function in various environments without modifying the operating system's source code. In addition, attacks aimed at the proposed function are made more difficult, because the virtual machine monitor is isolated from the operating system. In this paper, we describe the implementation of the proposed function for file operations and child process creation in the guest operating system with a kernel-based virtual machine. Further, we demonstrate the traceability of diffusing classified information by file operations and child process creation. We also report the logical lines of code required to introduce the proposed function and performance overheads

Virtual horizontal machining center LOLA HBG 80 for program verification and monitoring

Ovaj rad opisuje konfigurisanje virtuelnog horizontalnog obradnog centra LOLA HBG80 u okviru sistema za programiranje i verifikaciju, kao i u okviru sistema otvorene arhitekture upravljanja. Horizontalni obradni centar LOLA HBG 80 podržan je ekvivalentnom virtuelnom mašinom u CAD/CAM okruženju (PTC Creo i Catia), STEP-NC mašinskom okruženju, kao i u upravljačkom sistemu. Virtuelna simulacija je od suštinske važnosti za obradu, a razvijene virtuelne mašine koriste se za verifikaciju programa i monitoring procesa obrade. Virtuelna mašina u sistemu za programiranje omogućava verifikaciju programa pre slanja na stvarnu mašinu i može da uključuje verifikaciju putanje alata (CLF-Cutter Location File) i verifikaciju G-koda. U radu se takođe govori o mogućnosti primene novog metoda programiranja poznatog kao STEP-NC i pripremi odgovarajućeg okruženja koje uključuje virtuelnu mašinu. Virtuelna mašina u sistemu upravljanja predstavlja poslednji nivo za konačnu verifikaciju programa, kao i sistem za nadzor procesa.This paper describes configuring the virtual horizontal machining center LOLA HBG80 within the programming and verification system and the open architecture control system. The horizontal machining center LOLA HBG 80 is represented by an equivalent virtual machine in a CAD/CAM environment (PTC Creo and Catia), STEP-NC Machine environment, and the control system. Virtual simulation is essential for machining, and the developed virtual machines are used for program verification and monitoring of the machining process. The virtual machine in the programming system allows the verification of the program before sending it to the real machine and includes verification of the tool path (CLF-Cutter Location File) and G-code. The paper also discusses the possibility of applying a new programming method known as STEP-NC and preparing an adequate environment that includes a virtual machine. The virtual machine in the control system represents the last level for the final program verification and the process monitoring system

ANALISA PERFORMA SISTEM BERKAS EXT4 PADA KONDISI TERVIRTUALISASI

ABSTRAKBeragamnya sistem berkas yang diciptakan serta digunakan oleh komputer dan sistem operasi maka jurnal ini dibuat untuk mempelajari lebih dalam salah satu sistem berkas yaitu ext4 dalam hal performanya untuk melakukan serangkaian tugas dari sebuah sistem berkas dengan menggunakan program tolak ukur khusus unix pada kondisi tervisualisasi dalam mesin virtualKata Kunci--- Ext4, Virtualisasi, Performa, Mesin Virtual, Sistem BerkasABSTRACK Various file system that created and used by computer and operating system, so this journal is written for in depth learning about one of the file system called ext4 on how they complete various task of file system using a benchmarking program for unix in virtualized condition in virtual machine.Keyword--- Ext4, Virtualization, Performance, Vitual Machine, File Syste

Virtual horizontal machining center LOLA HBG 80 for program verification and monitoring

Ovaj rad opisuje konfigurisanje virtuelnog horizontalnog obradnog centra LOLA HBG80 u okviru sistema za programiranje i verifikaciju, kao i u okviru sistema otvorene arhitekture upravljanja. Horizontalni obradni centar LOLA HBG 80 podržan je ekvivalentnom virtuelnom mašinom u CAD/CAM okruženju (PTC Creo i Catia), STEP-NC mašinskom okruženju, kao i u upravljačkom sistemu. Virtuelna simulacija je od suštinske važnosti za obradu, a razvijene virtuelne mašine koriste se za verifikaciju programa i monitoring procesa obrade. Virtuelna mašina u sistemu za programiranje omogućava verifikaciju programa pre slanja na stvarnu mašinu i može da uključuje verifikaciju putanje alata (CLF-Cutter Location File) i verifikaciju G-koda. U radu se takođe govori o mogućnosti primene novog metoda programiranja poznatog kao STEP-NC i pripremi odgovarajućeg okruženja koje uključuje virtuelnu mašinu. Virtuelna mašina u sistemu upravljanja predstavlja poslednji nivo za konačnu verifikaciju programa, kao i sistem za nadzor procesa.This paper describes configuring the virtual horizontal machining center LOLA HBG80 within the programming and verification system and the open architecture control system. The horizontal machining center LOLA HBG 80 is represented by an equivalent virtual machine in a CAD/CAM environment (PTC Creo and Catia), STEP-NC Machine environment, and the control system. Virtual simulation is essential for machining, and the developed virtual machines are used for program verification and monitoring of the machining process. The virtual machine in the programming system allows the verification of the program before sending it to the real machine and includes verification of the tool path (CLF-Cutter Location File) and G-code. The paper also discusses the possibility of applying a new programming method known as STEP-NC and preparing an adequate environment that includes a virtual machine. The virtual machine in the control system represents the last level for the final program verification and the process monitoring system

Naked Object File System (NOFS): A Framework to Expose an Object-Oriented Domain Model as a File System

We present Naked Objects File System (NOFS), a novel framework that allows a developer to expose a domain model as a file system by leveraging the Naked Objects design principle. NOFS allows a developer to construct a file system without having to understand or implement all details related to normal file systems development. In this paper we explore file systems frameworks and object-oriented frameworks in a historical context and present an example domain model using the framework. This paper is based on a fully-functional implementation that is distributed as free/open source software, including virtual machine images to demonstrate and study the referenced example file systems

Improving Virtual Appliance Management through Virtual Layered File Systems

Managing many computers is difficult. Recent virtualization trends exacerbate this problem by making it easy to create and deploy multiple virtual appliances per physical machine, each of which can be configured with different applications and utilities. This results in a huge scaling problem for large organizations as management overhead grows linearly with the number of appliances. To address this problem, we present Strata, a system that introduces the Virtual Layered File System (VLFS) and integrates it with virtual appliances to simplify system management. Unlike a traditional file system, which is a monolithic entity, a VLFS is a collection of individual software layers composed together to provide the traditional file system view. Individual layers are maintained in a central repository and shared across all VLFSs that use them. Layer changes and upgrades only need to be done once in the repository and are then automatically propagated to all VLFSs, resulting in management overhead independent of the number of virtual appliances. We have implemented a Strata Linux prototype without any application or operating system kernel changes. Using this prototype, we demonstrate how Strata enables fast system provisioning, simplifies system maintenance and upgrades, speeds system recovery from security exploits, and incurs only modest performance overhead

Using a virtual machine to protect sensitive Grid resources

Most Grid systems rely on their operating systems (OSs) to protect their sensitive files and networks. Unfortunately, modern OSs are very complex and it is difficult to completely avoid intrusions. Once intruders compromise the OS and gain system privilege, they can easily disable or bypass the OS security protections. This paper proposes a secure virtual Grid system, SVGrid, to protect sensitive system resources. SVGrid works by isolating Grid applications in Grid virtual machines. The Grid virtual machines' filesystem and network services are moved into a dedicated monitor virtual machine. All file and network accesses are forced to go through this monitor virtual machine, where SVGrid checks request parameters and only accepts the requests that comply with security rules. Because SVGrid enforces security policy in the isolated monitor virtual machine, it can continue to protect sensitive files and networks even if a Grid virtual machine is compromised. We tested SVGrid against attacks on Grid virtual machines. SVGrid was able to prevent all of them from accessing files and networks maliciously. We also evaluated the performance of SVGrid and found that performance cost was reasonable considering the security benefits of SVGrid. Furthermore, the experimental results show that the virtual remote procedure call mechanism proposed in this paper significantly improves system performance. Copyright © 2006 John Wiley & Sons, Ltd.Peer Reviewedhttp://deepblue.lib.umich.edu/bitstream/2027.42/56163/1/1134_ftp.pd