Xen devel - Mar 2005 - A little more clarification

Tim

Thank you for your comments.  I am still having a problem in trying to 
visualize a few things.  I hope you can persevere with me on this. Sorry 
to be so lengthy on something that seems more than obvious to others on 
the list. Let me explain.

Back in the days of Linux kernel 2.2.x I purchased VMWARE (for Linux) 
which was intended -- in non technical terms --  to be installed on top 
of or into my existing (SuSE 6.2 or 6.4 or equivalent installed 
distribution using kernel 2.2.x) Linux distribution. I just followed the 
instructions and it worked but I had no real insight into the matter. 
Then a few weeks ago a chap on the [SLE] list said he had downloaded Xen 
and installed it on top of or into his existing SuSE 9.1 (kernel 2.6.x) 
distribution installation. He indicated (just as with VMWARE) that he 
had a virtual Linux distribution installed on top of his existing or 
primary Linux installation. He indicated that both the initial 
installation and the virtual one ran concurrently. Although, that is 
probably not a techincally correct way of talking about these things. So 
when reading the tutorial and installation web pages for Xen I was 
predisposed to interpret this material from that same standpoint.  In 
otherwords, I either properly or improperly assumed that there must be a 
2.4.x or 2.6.x Linux system already up and working with the servers such 
as NFS, Telnet, SSH, portmap, and others as well the NIC and other 
physical interface devices all working.  In my mind it was this already 
installed and working distribution that would become the (basis) GUEST 
OS for DOMAIN 0 once the kernel was modified (ported) and installed 
becoming joined to Xen.

When I used VMWARE I just followed instructions but did not appreciate 
the reasoning or proprietary software architecture behind those 
instructions.  Because I now want to work with the source code of Xen 
and the Linux kernel I want very much to develop an accurate and proper 
insight. That is why I am now dwelling on this issue which was supposed 
to be my point #1 of 4 high level points in my previous email. So now I 
will ask my question.

Is what I have assumed correct, must there be an existing 2.4 or 2.6.x 
kernel based Linux installation up and running which must be modified 
(kernel modification or ported) to run Xen?  It is my understanding that 
the Xen source code installation or the binary installation both require 
a properly pre installed fully functional Linux system as the basis of 
Xen operation.  Once it''s (pre installed linux distribution) 2.4.x or 
2.6.x kernel has been modified to work with the Xen software and tools 
we have created this Linux distribution into an Xen-based system called 
Domain 0 that becomes so when shutdown and then booted???

If my assuption correctly follows the Xen documentation then my first 
point should have read:

NOTE:: If this point is flawed by the assumpition that there must be a 
fully functional pre existing 2.4 or 2.6.x Linux sytem then my thinking 
is all screwed up. It would not be the first time. BTW, by OS I don''t 
mean just the kernel. Some consider the entire installation the OS -- an 
obvious mutation.  I don''t know how Xen documentation defines OS.  For 
some people the kernel is the OS as it is the primary layer.  For others 
the distribution less the desk top, games, graphical applications, 
office packages and any non command line controlled packages constitute 
the OS.  I use the latter definition.  So if OS means just the kernel 
code then  I will have to significantly change my point #1.

The following detail is what I meant to imply by my point #1.

#1 -- The BUILD:
The  Xen distribution includes 3 main components (Xen itself, ports of 
Linux 2.4 and 2.6.x kernels to run on (with) Xen, and user-space tools 
required to manage an Xen-based system) all of which assumes the 
existence of an already installed and fully fuctional  pre existing 
Linux system which must be adapted (to become the default Xen Linux 
build identified as DOMAIN 0.  Domain 0 is  the primary layer 
(controlled by the Xen package) and consists of the GUEST OS (the 
adapted pre existing Linux system) hosted by a secure pseudo virtual 
machine (a controlled execution environment using the adapted or ported 
kernel and Xen tools and processess to run and monitor parts of the 
GUEST OS (entire installed linux system?)).  The pre existing system 
once so adapted and running under Xen control contains support for 
relatively modern server-class network and disk hardware. The Xen 
process (called xend) runs in highest privilege in DOMAIN 0 and  it''s 
code detects and starts secondary processors, sets up interrupt routing, 
time slicing, and performs PCI bus enumeration as well as offloads 
hardware support issues to DOMAIN 0 GUEST OS which is the modified pre 
existing Linux installed distribution.  As such, Xen provides a secure 
virtual machine for this GUEST OS, builds other domains using an OS 
installed in a root file system placed on a partition and booted from 
that partition, manages their virtual devices and performs 
administrative tasks.

My next question:
What exactly is an HTTP/S server -- apparently it is a requirement for 
browser administration access to a Xen-based system? Is Apache such a 
server and if not can it be turned into such a server???

One more question:
Regarding the source code.  I have been reviewing Python and C 
(gcc/gcc++) and was wondering if there was a high level diagram showing 
dependencies (hierarchy based on caller and called)  and code utilized 
(python, C, binary insertions, etc.)???

Based on what I am learning here (mostly from you) I have been 
constructing a very high level chart showing levels, key Xen processes, 
and stuff like that.  I will send you a copy once I am sure the 
information is correct and properly represents what is happening.

Thank you very much in advance for your comments and advice.

Ted

Hi Ted,

On Wed, Mar 02, 2005 at 08:32:20PM -0700, Ted Hilts
wrote:
> Is what I have assumed correct, must there be an existing 2.4 or 2.6.x 
> kernel based Linux installation up and running which must be modified 
> (kernel modification or ported) to run Xen? 
Yes.  Domain 0 is basically a linux 2.6 distribution with a kernel that
has been ported to run on top of Xen.
> It is my understanding that 
> the Xen source code installation or the binary installation both require 
> a properly pre installed fully functional Linux system as the basis of 
> Xen operation. 
Yep.
> Once it''s (pre installed linux distribution) 2.4.x or 
> 2.6.x kernel has been modified to work with the Xen software and tools 
> we have created this Linux distribution into an Xen-based system called 
> Domain 0 that becomes so when shutdown and then booted???
Yep. Once you have your bootloader set up, it boots Xen and then
the kernel of domain 0 on top of it.

http://www.cl.cam.ac.uk/netos/xen/readmes/user/user.html#SECTION02240000000000000000

(That user manual also has a general overview of how Xen is meant to
work, which I think answers most of your other questions.)
 
> My next question:
> What exactly is an HTTP/S server -- apparently it is a requirement for 
> browser administration access to a Xen-based system? Is Apache such a 
> server and if not can it be turned into such a server???
I''m not sure where you got that requirement -- it''s needed for
Xenoboot,
but that''s an entirely separate project, and not necessary at all for
Xen.  

(And incidentally, yes. http://httpd.apache.org/docs-2.0/ssl/ssl_intro.html)
> One more question:
> Regarding the source code.  I have been reviewing Python and C 
> (gcc/gcc++) and was wondering if there was a high level diagram showing 
> dependencies (hierarchy based on caller and called)  and code utilized 
> (python, C, binary insertions, etc.)???
I don''t believe so, but someone on the list might correct me. :)

Tim.

-- 
Tim Deegan                           (My opinions, not the
University''s)
Systems Research Group
University of Cambridge Computer Laboratory


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xen-devel

Hi Ted,
> Is what I have assumed correct, must there be an existing 2.4 or 2.6.x
> kernel based Linux installation up and running which must be modified
> (kernel modification or ported) to run Xen?
Yes.
> It is my understanding that 
> the Xen source code installation or the binary installation both require
> a properly pre installed fully functional Linux system as the basis of
> Xen operation.  Once it''s (pre installed linux distribution) 2.4.x
or
> 2.6.x kernel has been modified to work with the Xen software and tools
> we have created this Linux distribution into an Xen-based system called
> Domain 0 that becomes so when shutdown and then booted???
Yes.
> #1 -- The BUILD:
> The  Xen distribution includes 3 main components (Xen itself, ports of
> Linux 2.4 and 2.6.x kernels to run on (with) Xen, and user-space tools
> required to manage an Xen-based system) all of which assumes the
> existence of an already installed and fully fuctional  pre existing
> Linux system which must be adapted (to become the default Xen Linux
> build identified as DOMAIN 0.
Correct.
> The Xen 
> process (called xend) runs in highest privilege in DOMAIN 0 and 
it''s
> code detects and starts secondary processors, sets up interrupt routing,
> time slicing, and performs PCI bus enumeration as well as offloads
> hardware support issues to DOMAIN 0 GUEST OS which is the modified pre
> existing Linux installed distribution.
You''re misunderstanding here - the lowlevel stuff (secondary
processors,
interrupt routing, PCI, scheduling domains, etc, etc) happens in Xen.  Xen != 
xend.

Xen itself sits *below* the kernels of all the domains on the system 
(including domain 0) and handles the low-level details of the system.  The 
guest kernels are ported to run on top of Xen by using the interfaces it 
provides.

Xend is a management process that deals with the high-level management side of 
the system.  It builds domains, records what domains are running, sends them 
control messages, provides access to their consoles via TCP etc.  Xend
isn''t
required for the system to run, just to perform these management-plane 
functions.
> As such, Xen provides a secure 
> virtual machine for this GUEST OS, builds other domains using an OS
> installed in a root file system placed on a partition and booted from
> that partition, manages their virtual devices and performs
> administrative tasks.
Root filesystems can be stored anywhere dom0 can access like a block device.  
Files, LVM volumes, MD devices, whole disk drives, partiitons, network block 
devices, etc. etc.
> My next question:
> What exactly is an HTTP/S server -- apparently it is a requirement for
> browser administration access to a Xen-based system? Is Apache such a
> server and if not can it be turned into such a server???
HTTPS?  It''s a secured version of HTTP.  I don''t think you
shouldn''t need to
install anything extra to make this work - Twisted includes its own HTTP 
server.

(btw, Apache can serve over HTTPS but we don''t use it in Xen)
> One more question:
> Regarding the source code.  I have been reviewing Python and C
> (gcc/gcc++) and was wondering if there was a high level diagram showing
> dependencies (hierarchy based on caller and called)  and code utilized
> (python, C, binary insertions, etc.)???
Nope, not really :-)  The Xen User Manual, Xend manual and Xen Interface 
Manual (in the docs) directory might help you understand a bit more about the 
system.  To comprehend the source code itself, I''m afraid
there''s not really
any kind of map.

HTH,
Mark
> Based on what I am learning here (mostly from you) I have been
> constructing a very high level chart showing levels, key Xen processes,
> and stuff like that.  I will send you a copy once I am sure the
> information is correct and properly represents what is happening.
>
> Thank you very much in advance for your comments and advice.
>
> Ted

-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xen-devel

>>My next question:
>>What exactly is an HTTP/S server -- apparently it is a requirement for
>>browser administration access to a Xen-based system? Is Apache such a
>>server and if not can it be turned into such a server???
>>    
>>
>
>HTTPS?  It''s a secured version of HTTP.  I don''t think you
shouldn''t need to
>install anything extra to make this work - Twisted includes its own HTTP 
>server.
>
>(btw, Apache can serve over HTTPS but we don''t use it in Xen)
>  
>
netstat -anp  excerpt of Xen 2.0.4 on CentOS 3.4:

  tcp        0      0 0.0.0.0:8000                
0.0.0.0:*                   LISTEN      17856/python       
  tcp        0      0 0.0.0.0:8001                
0.0.0.0:*                   LISTEN      17856/python       
  tcp        0      0 0.0.0.0:8002                
0.0.0.0:*                   LISTEN      17855/xfrd         
  tcp        0      0 0.0.0.0:8080                
0.0.0.0:*                   LISTEN      17977/python       

User manual says this can be configured via 
/usr/lib/python2.3/site-packages/xen/sv/params.py. This file does not 
exist in the /usr/lib/python*, but /etc/xen/xend-config.sxp includes:

  # Port xend should use for the HTTP interface.
  (xend-port         8000)

Questions:

1) xend web interface appears on port 8080 (non SSL).  Is the 
xend-config.sxp parameter not honored?

2) Does Twisted natively support SSL? I found conflicting statements in 
my brief research.

3) What is listening on ports 8000 and 8001?

4) Related subject, how is xfrd (port 8002) secured against malicious 
domain transfers?


Rich





-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xen-devel

Rich Persaud wrote:
> Questions:
>
> 1) xend web interface appears on port 8080 (non SSL).  Is the 
> xend-config.sxp parameter not honored?
I''m not sure.  I''m reasonably sure that even if you could
support
changing the port, changing it to 443 would not automatically make it 
use SSL.
> 2) Does Twisted natively support SSL? I found conflicting statements 
> in my brief research.
I''m not sure about "native" but I''m quite sure you
can use SSL with Twisted.
> 3) What is listening on ports 8000 and 8001?
Xend listens on 8000 (provides a web interface).  8001 is used by Xend 
for events.
> 4) Related subject, how is xfrd (port 8002) secured against malicious 
> domain transfers?
It''s not.  This is one of the reasons why VM-Tools takes such a 
different approach to domain migration.

All of the tools in VM-Tools are small and single purposed.  One of 
these tools (vm-create) will have the ability to read a saved image from 
standard input.  Another tool (vm-save) will be able to save an image to 
standard output.

Migration is simply a matter of piping vm-save to an instance of 
vm-create executed via ssh.

The transport is actually transparent to the migration process.  You 
could just as easily use rexec, or write a simple remote shell that did 
IP-level filtering instead of authentication.

This approach gives you a wide variety of choices in terms of signing, 
sealing, and authentication mechanisms.  Since ssh uses pam, you 
instantly are tied into most existing single sign-on environments 
(through pam_krb5, pam_winbind, etc.).  While using ssh as the transport 
is debatable, I believe tying into pam is inevitable for any migration 
implementation.

Of course, VM-Tools is still a work in progress.  Someone is currently 
working on migration support.  We''re hoping to have it available by the
end of the month.

Regards,
>
> Rich
>
>
>
>
>
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real
users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/xen-devel
>


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xen-devel

OK, let me list all the ports involved:

* 8000 - Xend''s HTTP interface for control
* 8001 - from Anthony''s e-mail this is Xend''s event port
* 8002 - from Anthony''s e-mail this is xfrd''s (control???)
port
* 8080 - this is the HTTP port for the XenSV web interface

The situation regarding web interfaces is a bit confused.  Xend serves a basic 
web interface on 8000 if you connect with a web browser or communicates using 
an SXP-based protocol if you connect using xm.

XenSV is a pretty web interface that runs as a separate server.  You connect 
to it using a browser pointed at port 8080.  It issues commands to Xend using 
the SXP-based protocol on port 8000 (!).

AFAIK, neither of these use SSL.  Xend can be secured by only allowing 
connections from localhost but XenSV cannot, so you should only use it in an 
environment where you have reason to trust your network!
> > 1) xend web interface appears on port 8080 (non SSL).  Is the
> > xend-config.sxp parameter not honored?
>
> I''m not sure.  I''m reasonably sure that even if you could
support
> changing the port, changing it to 443 would not automatically make it
> use SSL.
The parameter in the Xend config file is for Xend''s HTTP control
interface
(i.e. to make this other than 8000).  This is not the same as the XenSV web 
interface, which is at 8080.  The XenSV one is the one you have to edit a 
Python file to change the port :-/

HTH,
Mark
> > 2) Does Twisted natively support SSL? I found conflicting statements
> > in my brief research.
>
> I''m not sure about "native" but I''m quite sure
you can use SSL with
> Twisted.
>
> > 3) What is listening on ports 8000 and 8001?
>
> Xend listens on 8000 (provides a web interface).  8001 is used by Xend
> for events.
>
> > 4) Related subject, how is xfrd (port 8002) secured against malicious
> > domain transfers?
>
> It''s not.  This is one of the reasons why VM-Tools takes such a
> different approach to domain migration.
>
> All of the tools in VM-Tools are small and single purposed.  One of
> these tools (vm-create) will have the ability to read a saved image from
> standard input.  Another tool (vm-save) will be able to save an image to
> standard output.
>
> Migration is simply a matter of piping vm-save to an instance of
> vm-create executed via ssh.
>
> The transport is actually transparent to the migration process.  You
> could just as easily use rexec, or write a simple remote shell that did
> IP-level filtering instead of authentication.
>
> This approach gives you a wide variety of choices in terms of signing,
> sealing, and authentication mechanisms.  Since ssh uses pam, you
> instantly are tied into most existing single sign-on environments
> (through pam_krb5, pam_winbind, etc.).  While using ssh as the transport
> is debatable, I believe tying into pam is inevitable for any migration
> implementation.
>
> Of course, VM-Tools is still a work in progress.  Someone is currently
> working on migration support.  We''re hoping to have it available
by the
> end of the month.
>
> Regards,
>
> > Rich
> >
> >
> >
> >
> >
> > -------------------------------------------------------
> > SF email is sponsored by - The IT Product Guide
> > Read honest & candid reviews on hundreds of IT Products from real
users.
> > Discover which products truly live up to the hype. Start reading now.
> > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> > _______________________________________________
> > Xen-devel mailing list
> > Xen-devel@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/xen-devel

-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xen-devel

On Thu, 3 Mar 2005, Anthony Liguori wrote:
> Rich Persaud wrote:
>
>> Questions:
>> 
>> 1) xend web interface appears on port 8080 (non SSL).  Is the 
>> xend-config.sxp parameter not honored?
>
> I''m not sure.  I''m reasonably sure that even if you could
support changing
> the port, changing it to 443 would not automatically make it use SSL.
>
>> 2) Does Twisted natively support SSL? I found conflicting statements in
my
>> brief research.
>
> I''m not sure about "native" but I''m quite sure
you can use SSL with Twisted.
I''m sure I saw it mentioned: you might use stunnel 
(http://www.stunnel.org/) to make SSL wrappers for 8080 and whatnot.

-- 
Matt Piechota
Key Available from pgp.mit.edu
PGP Key fingerprint = FC90 4D65 2F8A 38E9 D1A8  FABB 7AE8 C194 5EC8 9CAD


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xen-devel

Mark

Thankyou for your complete set of answers --  you scratched where you 
seemed to know I would be itchy. I have been over the manuals a number 
of times -- they are well written and I have no complaints.  But I 
seemed unable to completely "get it as intended".  You have bridged
that
problem for me.  Thanks to both you and Tim.  

I will try to download Tim''s latest CD effort and test it but there is
a
good chance I will be unsuccessful in dowloading a very large file.

By way of introduction. One of the reasons why I wanted to be CERTAIN on 
these matters is because I would like to participate where I can on this 
list even though green around the ears with the whole subject of virtual 
machines.  Getting information over the internet is for me a major 
difficulty.  Today, I expect to install SuSE 9.1 (which I have working 
on another Linux machine) onto a Linux machine where I have 20 GIG  -- a 
full hard drive I can free up.  I may wait until I can make this a 200 
Gig drive.  Or I may go ahead and use the present 20 Gig drive for a 
learning exercise and then replace it. The idea is I want to create a 
specific area in my Lan for this Xen virtual technology.  Later, for 
this same machine,  I expect to replace another two 20 Gig drives for 
200 Gig drives for the same reason (my point #4 in previous email).  I 
have plans but no money for a network storage unit consisting of 8 200 
Gig drives if the cost of acquiring these drives drops. Also, I would 
like to get a 64 bit Linux machine and deploy it for the same reason. 
Certainly if I can manage this I will be able to provide a good test 
bed.  But first I have to develop some meaningful experience.  Too bad 
there is not a  "Xen For Dummnies" manual, that might do the trick.

I''m a retired IT person.  Before I retired I did a lot of code and 
database development.  Now, I do some code development but only to 
support various information processing that serves as content to web 
pages. I do my development work in my LAN (consisting of some 16 
machines), six Linux, 3 XP (ugh), and the remainder Win95. Two Linux 
machines do double duty as gateways to the Internet handling two Dial Up 
(about 28k max) (ugh) telephone lines and other work. I do perl 
development and other tasks on the Linux machines including uploading 
web pages to my USA based web server.   

There are no alternatives like Sattelite or DSL or cable services 
available as I live with my wife and my LAN and our dogs and cats in a 
rural area on a farm 60 miles NE of Edmonton, the capital city of the 
province of Alberta in Canada. My ISP has assured me this situation will 
not change. Dial Up for ever. There''s gotta be an affordable way around
this.  I cannot afford business rates for a corporate sattelite 
connection and the Bell "sattelite in -- ground line out" arrangement 
does not work well for ftp and it not supported for ftp. I had  hoped to 
use one of the Linux machines operating from my LAN out over sattelite 
to the Internet instead of the web server I operate in the USA.  I have 
about 2 Gig (used) on the USA web server. IF I ever get such a 
connection to my LAN  I will mirror all the information you people want 
to make available to the public and the list,

The 3 XP machines do double duty as data acquistion over the internet, 
shared storage, and web development. (the whole effort is non commercial 
non profit and religious) and are used as data servers to my main work 
activities.  The acquired data is used for web page content for my USA 
based web server. My bandwidth (even with 2 telephone lines) is 
inadequate for my needs.  So when I have the need to get technical 
information I have to divert one of the XP machines to that task so the 
data acquisition packages  can get that information for me.  When I''m 
not sure exactly what and where the needed information exists such as 
was the case with Xen I aim my data acquisition tools at a web site 
effectively mirroring it and it''s references. But this takes a lot of 
time to happen (but frees me up for other pressing issues) because the 
other XP machines are also going 7x24 round the clock every day.  Then 
of course there is hoards of email and sometimes it takes half a day to 
get several hundred emails a day processed and get rid of the viruses 
and worms. Yes, I have a Windows Netscape based mail client (ugh) and am 
in the process of changing this to Linux. But I have to free up time 
before that can happen.

Enough of that.  If I want to surf the Internet and poke around reading 
web pages not yet downloaded then I have to suspend running processes 
that are often reluctant to suspend because the CPUs are going flat out. 
 I have been trying to get a service where I pay for specified 
downloaded information put onto a CD or DVD and then mailed to me. 
 Apparently there is someone that provides this service but this person 
has not responded to my email.  

Given that context, your complete set of answers is extremely helpful 
and I thank you and Tim again.

Thanks very much, Ted


Mark Williamson wrote:
>Hi Ted,
>
>  
>
>>Is what I have assumed correct, must there be an existing 2.4 or 2.6.x
>>kernel based Linux installation up and running which must be modified
>>(kernel modification or ported) to run Xen?
>>    
>>
>
>Yes.
>
>  
>
>>It is my understanding that 
>>the Xen source code installation or the binary installation both require
>>a properly pre installed fully functional Linux system as the basis of
>>Xen operation.  Once it''s (pre installed linux distribution)
2.4.x or
>>2.6.x kernel has been modified to work with the Xen software and tools
>>we have created this Linux distribution into an Xen-based system called
>>Domain 0 that becomes so when shutdown and then booted???
>>    
>>
>
>Yes.
>
>  
>
>>#1 -- The BUILD:
>>The  Xen distribution includes 3 main components (Xen itself, ports of
>>Linux 2.4 and 2.6.x kernels to run on (with) Xen, and user-space tools
>>required to manage an Xen-based system) all of which assumes the
>>existence of an already installed and fully fuctional  pre existing
>>Linux system which must be adapted (to become the default Xen Linux
>>build identified as DOMAIN 0.
>>    
>>
>
>Correct.
>
>  
>
>>The Xen 
>>process (called xend) runs in highest privilege in DOMAIN 0 and 
it''s
>>code detects and starts secondary processors, sets up interrupt routing,
>>time slicing, and performs PCI bus enumeration as well as offloads
>>hardware support issues to DOMAIN 0 GUEST OS which is the modified pre
>>existing Linux installed distribution.
>>    
>>
>
>You''re misunderstanding here - the lowlevel stuff (secondary
processors,
>interrupt routing, PCI, scheduling domains, etc, etc) happens in Xen.  Xen
!=
>xend.
>
>Xen itself sits *below* the kernels of all the domains on the system 
>(including domain 0) and handles the low-level details of the system.  The 
>guest kernels are ported to run on top of Xen by using the interfaces it 
>provides.
>
>Xend is a management process that deals with the high-level management side
of
>the system.  It builds domains, records what domains are running, sends them
>control messages, provides access to their consoles via TCP etc.  Xend
isn''t
>required for the system to run, just to perform these management-plane 
>functions.
>
>  
>
>>As such, Xen provides a secure 
>>virtual machine for this GUEST OS, builds other domains using an OS
>>installed in a root file system placed on a partition and booted from
>>that partition, manages their virtual devices and performs
>>administrative tasks.
>>    
>>
>
>Root filesystems can be stored anywhere dom0 can access like a block device.
>Files, LVM volumes, MD devices, whole disk drives, partiitons, network block
>devices, etc. etc.
>
>  
>
>>My next question:
>>What exactly is an HTTP/S server -- apparently it is a requirement for
>>browser administration access to a Xen-based system? Is Apache such a
>>server and if not can it be turned into such a server???
>>    
>>
>
>HTTPS?  It''s a secured version of HTTP.  I don''t think you
shouldn''t need to
>install anything extra to make this work - Twisted includes its own HTTP 
>server.
>
>(btw, Apache can serve over HTTPS but we don''t use it in Xen)
>
>  
>
>>One more question:
>>Regarding the source code.  I have been reviewing Python and C
>>(gcc/gcc++) and was wondering if there was a high level diagram showing
>>dependencies (hierarchy based on caller and called)  and code utilized
>>(python, C, binary insertions, etc.)???
>>    
>>
>
>Nope, not really :-)  The Xen User Manual, Xend manual and Xen Interface 
>Manual (in the docs) directory might help you understand a bit more about
the
>system.  To comprehend the source code itself, I''m afraid
there''s not really
>any kind of map.
>
>HTH,
>Mark
>
>  
>
>>Based on what I am learning here (mostly from you) I have been
>>constructing a very high level chart showing levels, key Xen processes,
>>and stuff like that.  I will send you a copy once I am sure the
>>information is correct and properly represents what is happening.
>>
>>Thank you very much in advance for your comments and advice.
>>
>>Ted
>>    
>>
>
>  
>

Rich Persaud wrote:
> 2) Does Twisted natively support SSL? I found conflicting statements in 
> my brief research.
With pyopenssl installed it does.


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xen-devel