Xen allows the hardware resources of a machine to be virtualized and
dynamically partitioned, allowing multiple different guest
operating system images to be run simultaneously. Virtualizing the
machine in this manner provides considerable flexibility, for example
allowing different users to choose their preferred operating system
(e.g., Linux, NetBSD, or a custom operating system). Furthermore, Xen
provides secure partitioning between virtual machines (known as
domains in Xen terminology), and enables better resource
accounting and QoS isolation than can be achieved with a conventional
operating system.
Xen essentially takes a `whole machine' virtualization approach as
pioneered by IBM VM/370. However, unlike VM/370 or more recent
efforts such as VMware and Virtual PC, Xen does not attempt to
completely virtualize the underlying hardware. Instead parts of the
hosted guest operating systems are modified to work with the VMM; the
operating system is effectively ported to a new target architecture,
typically requiring changes in just the machine-dependent code. The
user-level API is unchanged, and so existing binaries and operating
system distributions work without modification.
In addition to exporting virtualized instances of CPU, memory, network
and block devices, Xen exposes a control interface to manage how these
resources are shared between the running domains. Access to the
control interface is restricted: it may only be used by one
specially-privileged VM, known as domain 0. This domain is a
required part of any Xen-based server and runs the application software
that manages the control-plane aspects of the platform. Running the
control software in domain 0, distinct from the hypervisor
itself, allows the Xen framework to separate the notions of
mechanism and policy within the system.
