TY - GEN
T1 - VMSH
T2 - 17th European Conference on Computer Systems, EuroSys 2022
AU - Thalheim, Jörg
AU - Okelmann, Peter
AU - Unnibhavi, Harshavardhan
AU - Gouicem, Redha
AU - Bhatotia, Pramod
N1 - Publisher Copyright:
© 2022 ACM.
PY - 2022/3/28
Y1 - 2022/3/28
N2 - Lightweight virtual machines (VMs) are prominently adopted for improved performance and dependability in cloud environments. To reduce boot up times and resource utilisation, they are usually "pre-baked"with only the minimal kernel and userland strictly required to run an application. This introduces a fundamental trade-off between the advantages of lightweight VMs and available services within a VM, usually leaning towards the former. We propose VMSH, a hypervisor-agnostic abstraction that enables on-demand attachment of services to a running VM-allowing developers to provide minimal, lightweight images without compromising their functionality. The additional applications are made available to the guest via a file system image. To ensure that the newly added services do not affect the original applications in the VM, VMSH uses lightweight isolation mechanisms based on containers. We evaluate VMSH on multiple KVM-based hypervisors and Linux LTS kernels and show that: (i) VMSH adds no overhead for the applications running in the VM, (ii) de-bloating images from the Docker registry can save up to 60% of their size on average, and (iii) VMSH enables cloud providers to offer services to customers, such as recovery shells, without interfering with their VM's execution.
AB - Lightweight virtual machines (VMs) are prominently adopted for improved performance and dependability in cloud environments. To reduce boot up times and resource utilisation, they are usually "pre-baked"with only the minimal kernel and userland strictly required to run an application. This introduces a fundamental trade-off between the advantages of lightweight VMs and available services within a VM, usually leaning towards the former. We propose VMSH, a hypervisor-agnostic abstraction that enables on-demand attachment of services to a running VM-allowing developers to provide minimal, lightweight images without compromising their functionality. The additional applications are made available to the guest via a file system image. To ensure that the newly added services do not affect the original applications in the VM, VMSH uses lightweight isolation mechanisms based on containers. We evaluate VMSH on multiple KVM-based hypervisors and Linux LTS kernels and show that: (i) VMSH adds no overhead for the applications running in the VM, (ii) de-bloating images from the Docker registry can save up to 60% of their size on average, and (iii) VMSH enables cloud providers to offer services to customers, such as recovery shells, without interfering with their VM's execution.
KW - VM introspection
KW - Virtual machines
UR - http://www.scopus.com/inward/record.url?scp=85128036709&partnerID=8YFLogxK
U2 - 10.1145/3492321.3519589
DO - 10.1145/3492321.3519589
M3 - Conference contribution
AN - SCOPUS:85128036709
T3 - EuroSys 2022 - Proceedings of the 17th European Conference on Computer Systems
SP - 678
EP - 696
BT - EuroSys 2022 - Proceedings of the 17th European Conference on Computer Systems
PB - Association for Computing Machinery, Inc
Y2 - 5 April 2022
ER -