sKVM, a superfast KVM-based hypervisor, is one of the central deliverables of MIKELANGELO [1]. Architecture enhancements focus on I/O sub-system improvements for HPC and big data use cases both in performance and security.
The newly introduced I/O core manager (IOcm) will dynamically tune the system by increasing or decreasing the number of dedicated cores performing I/O for virtual machines (VMs) based on the behaviour of the workload. With the adaptive algorithm, tuning decisions are made to always keep the most efficient utilization of the I/O cores. The use cases in MIKELANGELO project are analyzed and evaluated, in order to improve the dynamic tuning mechanisms.
Network I/O performance will furthermore be improved by a lightweight RDMA virtualization, for the broadest possible coverage of existing applications exploiting the new high performing interconnects with both socket and InfiniBand API for guest applications. Communication between virtual machines on the same host will be based on a shared memory shortcut providing additional performance improvements. This solution of lightweight RDMA virtualization does not only aim at improving the communication performance, but also ensuring that no additional modification is required in the guest applications.
Having higher performance in a virtualization environment normally means losing some degrees of security as a trade-off. In order to have both higher performance and higher level of security, a new security solution within the sKVM provides monitoring at the hypervisor level, profiling and mitigation mechanisms. The security component is addressing several possible security issues and examples of attacks and threats for the modern virtualization architecture. Advanced security solutions are then presented identifying the security issues and avoiding further threats from those virtual machines that are attempting to violate the security policies.
The deliverable sets the initial hypervisor design which is the basis for an overarching architecture to maximize I/O performance with enhanced security on all levels of MIKELANGELO stack.