Overview
The Virtualization and Systems Architecture group specializes in operating system and hypervisor research and development, with a strong focus on I/O technologies. We are currently engaged in a number of projects in such diverse areas as TCP/IP stack acceleration in the AIX operating system, the internal networking architecture of a distributed storage controller, I/O performance and architectural improvement in the Linux Kernel-based Virtual Machine (KVM) hypervisor, and intrusion detection for storage.
Previous engagements include the development of the iSCSI standard and boot-over-iSCSI functionality (iBoot), the design and development of IBM's Blade Center Open Fabric Manager, investigating IOMMU support in operating systems and hypervisors, studying IOMMU performance, devising a scalable architecture for I/O virtualization, and building the IP Only Server.
In the Xband project we are defining and implementing an Infiniband-based architecture for the IBM XIV family of storage controllers. The Xband architecture provides low latency and high throughput data transfer, while maintaining low CPU utilization. It also provides high availability and reliability of the system and very short fail-over times.
The Linux Kernel-based Virtual Machine (KVM) hypervisor has gained a lot of attention in recent years and is an attractive open source hypervisor which is included or will be included in all Linux distributions. Our team is engaged in hypervisor research and development, with KVM as our platform of choice. We are focusing on architectural improvements to KVM for new IBM System x platforms, in particular in the area of I/O virtualization.
During 2008 we worked with the KVM community on direct assignment of PCI devices to virtual machines. Direct assignment enables an unmodified virtual machine to use its own driver to directly interact with a real device. The main advantages of direct access is performance improvement compared to other I/O methods that require hypervisor involvement in the I/O path, and the ability to support any odd-ball device that does not have emulation support in the hypervisor. We contributed direct assignment support to KVM, and it is now included in the Linux kernel.
In the AIX TCP/IP stack acceleration project our goal is dramatic improvement of I/O performance on modern multi-core or clustered servers. We are revising the structure of server I/O subsystems, in order to boost the overall system performance, increase the system's robustness, and to enable efficient and scalable I/O virtualization.
Providing security features into the storage controller is essential when hosts are compromised or in case when multiple hosts share an attack that can be detected only by the central storage. The IDStor (Intrusion Detection for Storage) research project examines how can the security of a controller be improved when adding an "on the wire" packet inspection layer that detects threats at the block level protocol, and a block-to-file map that extends the usual block-level view of the controller to a file view, thus enabling the detection of file-level threats. A long term goal of this project is to design a solution that can leverage a highly parallel, multi-core environment.
Senior Manager
Muli Ben-Yehuda,
Email: muli@il.ibm.com
