KVM is an annual event that brings together developers who drive KVM development and the users who depend on KVM as part of their offerings. Sessions will address the current and future state of Linux virtualization technology and KVM.
IBM experts will present a paper about alternatives to nested virtualization. Learn more about the talk here.
Learn the latest KVM best practices.
During this session, IBM experts will present a paper about alternatives to nested virtualization.
Abstract: Although nested virtualization has been well-designed in the community, there still exist several challenges that remain to be addressed. For instance, enabling such feature exposes more attack surfaces, since the implementation of nested virtualization heavily enlarges the code base of hypervisors. Furthermore, in the emerging field of confidential computing, encrypted VM technology such as AMD SEV and Intel TDX does not support nested virtualization. To address these challenges, the presenters propose an alternative to nested virtualization, namely a SecondaryVM framework. In this framework, a primary VM is booted within a cgroup partition and given the capability to launch secondary VMs in the same cgroup. The presenters will show current implementation progress, challenges, and future use cases of this framework, such as allowed operations/processes issued by primary VMs, network communications among primary and secondary VMs, storage/images of the secondary VMs, and deployment with diverse platforms (Libvirt, Kubevirt, etc.).MYMengmei YeResearch staff memberIBMARAngelo RuoccoResearch staff memberIBM