Virtualization Blog

Discussions and observations on virtualization.

XenServer Dundee Released

It was a little over a year ago when I introduced a project code named Dundee to this community. In the intervening year, we've had a number pre-release builds; all introducing ever greater capabilities into what I'm now happy to announce as XenServer 7. As you would expect from a major version number, XenServer 7 makes some rather significant strides forward, and defines a significant new capability.

Let's start first with the significant new capability. Some of you may have noted an interesting new security effort appear in upstream Xen a few years ago. Leading this effort was Bitdefender, and at the time it was known by the catchy title of "virtual machine introspection". This effort takes full advantage of the Intel EPT virtualization extensions to permit a true agentless anti-malware solution, where the anti-malware engine is placed in a service VM which is inaccessible from the guest VMs. XenServer 7 officially supports this technology with the Direct Inspect API set, and is platform ready for Bitdefender GravityZone HVI. For virtualization users, the combination of Direct Inspect and GravityZone HVI reduces the attack surface for malware by both removing in-guest agents, and by actively monitoring memory usage from the hypervisor to detect malicious memory accesses and flag questionable activity for remediation. When combined with support for Intel SMAP and PML, XenServer 7 offers significantly increased security compared to previous versions. Since secure operation extends to secure access to the host management APIs, XenServer 7 fully supports TLS 1.2, and can optionally mandate the use of TLS 1.2.

XenServer 7 extends the vGPU market initially defined in 2013 to include both increased scalability with NVIDIA GRID Maxwell M10 and the latest Intel Iris Pro virtual graphics. When combined, these vGPU extensions open the door to greater adoption of virtualized graphics by both increasing the number of GPU enabled VMs per host, as well as potentially removing the requirement for a dedicated GPU add-in card.

Operating virtual infrastructure at any level of scale requires an understanding of the overall health of the environment. While recent XenServer versions have included the ability to upload server status information to the free Citrix Insight Services, this operation was completely manual. With XenServer 7, we're introducing Health Check which is a proactive service which works in concert with Insight Services to monitor the operational health of a XenServer environment, and proactively alert you to any issues. The best part of Health Check is that it's completely free and open to any user of XenServer 7.

No major release would be complete without a requisite bump in performance, and XenServer 7 is no exception. Host memory limits have been bumped to 5TB per host, with a corresponding bump to 1.5TB per VM; OS willing of course. Host CPU count has been increased to 288 cores, and guest virtual CPU count has increased to 32; again OS willing. Disk scalability has also increased with support for up to 255 virtual block devices per VM and 4096 VBDs per host, all while supporting up to 20,000 VDIs per SR. Since XenServer often is deployed in Microsoft Windows environments, Active Directory support for role based authentication is a key requirement, and with XenServer 7, we've improved overall AD performance to support very large AD forests with a resulting improvement in login times.

 

XenServer 7 is available for download today, and can be obtained for free from the XenServer download page.

XenServer 7.0 performance improvements part 1: Low...
XenServer Administrators Handbook Published
 

Comments 29

Guest - user on Tuesday, 24 May 2016 17:22

I don't think it is fair to say BitDefender led the VMI effort. I can think of a few groups that were much more advanced and stronger drivers in bringing this out of research.

0
I don't think it is fair to say BitDefender led the VMI effort. I can think of a few groups that were much more advanced and stronger drivers in bringing this out of research.
Willem Boterenbrood on Tuesday, 24 May 2016 18:22

Congrats on the new release!
We were waiting for it to arrive, finally XenServer support for Xeon v3/4 CPU masking and much more improvements, thanks.

0
Congrats on the new release! We were waiting for it to arrive, finally XenServer support for Xeon v3/4 CPU masking and much more improvements, thanks.
Guest - Ivan G. on Wednesday, 25 May 2016 02:00

Do you have any plans on

- Update docs to version 7 (currently redirect to v6.5)?
- Provide upgrade instructions?

0
Do you have any plans on - Update docs to version 7 (currently redirect to v6.5)? - Provide upgrade instructions?
David Cottingham on Tuesday, 07 June 2016 14:59
Fixed -- thanks for catching that :-). Upgrades: please see http://docs.citrix.com/content/dam/docs/en-us/xenserver/xenserver-7-0/downloads/xenserver-7-0-installation-guide.pdf .
Guest - Ivan G. on Wednesday, 25 May 2016 02:51

Is DVS appliance supported in xenserver 7? I do not see any downloads, Citrix downloads page shows "Requires additional permissions to access" in Premium and Standard editions of XS.

0
Is DVS appliance supported in xenserver 7? I do not see any downloads, Citrix downloads page shows "Requires additional permissions to access" in Premium and Standard editions of XS.
David Cottingham on Tuesday, 07 June 2016 15:07

DVSC is supported on 7.0. We're working on getting the downloads on citrix.com accessible.

0
DVSC is supported on 7.0. We're working on getting the downloads on citrix.com accessible.
Guest - Erik on Wednesday, 25 May 2016 06:58

Does it support more guest vNics than previous versions?

0
Does it support more guest vNics than previous versions?
Andrew Halley on Thursday, 09 June 2016 16:18

The number of vNICs per VM remains at 7 (depending on Guest OS) and per Host remains at 512.

0
The number of vNICs per VM remains at 7 (depending on Guest OS) and per Host remains at 512.
Guest - user on Wednesday, 25 May 2016 08:14

Congrats! Please add MD5 and SHA256 checksums to the download page.

0
Congrats! Please add MD5 and SHA256 checksums to the download page.
Guest - Mark on Wednesday, 25 May 2016 09:42

> we're introducing Health Check which is a proactive service

So you've added trojan which automatically exfiltrates data to 3rd party in default install. Could you share more details so I can block it on border gateway?

0
> we're introducing Health Check which is a proactive service So you've added trojan which automatically exfiltrates data to 3rd party in default install. Could you share more details so I can block it on border gateway?
Guest - m on Wednesday, 25 May 2016 15:16

More importantly how does one completely disable and uninstall that feature.

0
More importantly how does one completely disable and uninstall that feature.
David Cottingham on Tuesday, 07 June 2016 15:10

Have no fear: it's entirely opt-in, i.e. you need to actually provide a Citrix account (through XenCenter) to use the service at all. So, no, it's not on by default.

You can elect to enable it for (say) one host if you want to try it out; you can enable/disable on a per-host basis.

0
Have no fear: it's entirely opt-in, i.e. you need to actually provide a Citrix account (through XenCenter) to use the service at all. So, no, it's not on by default. You can elect to enable it for (say) one host if you want to try it out; you can enable/disable on a per-host basis.
Guest - SvenS on Wednesday, 25 May 2016 10:04

is there any more specific news on smb support ?

smb 3.0 ?
how is it working with continuous availability with vm storage on storage head migrations for enterprise storage arrays?

any benchmarks vs nfs or classic block?

0
is there any more specific news on smb support ? smb 3.0 ? how is it working with continuous availability with vm storage on storage head migrations for enterprise storage arrays? any benchmarks vs nfs or classic block?
David Cottingham on Tuesday, 07 June 2016 15:20

7.0 does support connecting to SMB 3.0 shares. It does not have support for continuous availability as yet: Microsoft are apparently implementing this in upstream Linux, though, hence watch this space.

Benchmarks: yep, versus NFS, SMB yields about 4x10E7 bytes/s across a range of block sizes up to ~40 KB, where they're equal. SMB is then significantly better again at very large sizes (>=1,000,000 bytes), reaching >4.5x10E8 bytes/s.

0
7.0 does support connecting to SMB 3.0 shares. It does not have support for continuous availability as yet: Microsoft are apparently implementing this in upstream Linux, though, hence watch this space. Benchmarks: yep, versus NFS, SMB yields about 4x10E7 bytes/s across a range of block sizes up to ~40 KB, where they're equal. SMB is then significantly better again at very large sizes (>=1,000,000 bytes), reaching >4.5x10E8 bytes/s.
Guest - Andrew on Thursday, 26 May 2016 08:17

Any changes in CBT area? Can VM disk be extended without VM shutdown ?

0
Any changes in CBT area? Can VM disk be extended without VM shutdown ?
David Cottingham on Tuesday, 07 June 2016 15:21

Not as yet... There has been some work on CBT, but not ready for use as yet.

0
Not as yet... There has been some work on CBT, but not ready for use as yet.
Guest - Keerthiraja S.J on Thursday, 26 May 2016 08:19

Congrats on the New Release!

2
Congrats on the New Release!
Guest - Alex on Friday, 27 May 2016 12:33

Well, CentOS 7 dom0 is the most worthwhile in this release it seems. Does it boot quicker now? It may seem not critical when you're running, but when you're doing quick pool upgrade within small maintenance window, faster boot rocks.

1
Well, CentOS 7 dom0 is the most worthwhile in this release it seems. Does it boot quicker now? It may seem not critical when you're running, but when you're doing quick pool upgrade within small maintenance window, faster boot rocks.
Andrew Halley on Thursday, 09 June 2016 16:20

There's a whole selection of performance improvements in there in storage and networking and much more. Keep your eyes out for a blog post coming shortly.

0
There's a whole selection of performance improvements in there in storage and networking and much more. Keep your eyes out for a blog post coming shortly.
Guest - elto on Sunday, 29 May 2016 11:09

FYI, the big download button on the front page still downloads the 6.5 iso.

0
FYI, the big download button on the front page still downloads the 6.5 iso.

About XenServer

XenServer is the leading open source virtualization platform, powered by the Xen Project hypervisor and the XAPI toolstack. It is used in the world's largest clouds and enterprises.
 
Commercial support for XenServer is available from Citrix.