Technology | DOI:10.1145/1467247 .1467253 Kirk L. Kroeker

8/14/2019 Technology | DOI:10.1145/1467247 .1467253 Kirk L. Kroeker

http://slidepdf.com/reader/full/technology-doi1011451467247-1467253-kirk-l-kroeker 1/3



news

march 2009 | vol. 52 | no. 3 | communications of the acm 19

Quantum Computing

AtomsTeleported a em scenss rm heUnversy Mrylnd ndhe Unversy Mchgnhve successully elerednrmn beween r ms, hused n serend enclsed cnners,crss dsnce ne meer,rers Science. accrdng he scenss, hs s he frs me h nrmn hsbeen elered beween wsere ms n uncnnecedcnners.

Wh her rcl,he scenss successully elered qunumnrmn beween w

yerbum ns, usng mehd elern n whch hens re smuled em hns nd he qunum sesre nerred rm he clr he emssns. the scenssrer h m--melered nrmn cn berecvered wh erec ccurcy rxmely 90% he me,nd hey beleve h fgure cnbe mrved.

“our sysem hs heenl rm he bss r lrge-scle ‘qunum reeer’h cn newrk qunum

memres ver vs dsnces,”sys Chrsher Mnre,he em leder nd hyscsressr he Unversy Mrylnd. “Mrever,ur mehds cn be used ncnjuncn wh qunumb erns cree key cmnen needed r qunum cmun.

“one rculrly rcvesec ur mehd sh cmbnes he unquedvnges bh hns ndms,” sys Mnre. “phnsre del r rnserrng

nrmn s ver lng dsnces, wheres mser vluble medum r lng-lved qunum memry.the cmbnn reresensn rcve rchecure r ‘qunum reeer,’ h wuldllw qunum nrmn be cmmunced ver muchlrger dsnces hn cn bedne wh jus hns. als,he elern qunumnrmn n hs wy culdrm he bss new ye qunum inerne h culduerrm ny cnvennl

ye clsscl newrk r cern sks.”

that has become increasingly popu-

lar. While it might be easy to think

o virtualization as adding a sotware

layer that requires additional controlsto maintain security, proponents o

virtualization argue that it serves the

opposite purpose, and instead rep-resents a core enhancement to secu-

rity. “The only way we know how toget strong isolation is to keep thingssimple,” says Mendel Rosenblum,

ounder o VMware and a proessor o

computer science at Stanord Univer-sity. “And the only way we know how to

do that is to have isolation enorced at

the lowest level.”

Modern operating systems have ahigh level o unctionality—and a cor-

responding level o complexity and

number o potential weaknesses. “I

look at virtualization as a step towardgetting out o the mess we have in

terms o these systems being so in-secure,” says Rosenblum, who main-

tains that better security is a natural

result o virtualization. Still, he says, itis incumbent on those working on vir-

tualization to build layers that don’t

make virtualized systems so ull o ea-

tures and complex that they becomedifcult to secure.

Ian Pratt, ounder o XenSource and

vice president o advanced products at

Citrix, has a similar view o virtualiza-tion’s relationship to security. “I you

look at hypervisors or laptops andphones, it’s not about consolidation,”

he says. “It’s about security and being

able to secure dierent partitions on

a device.”Citrix is developing sotware or

a model o mobile computing that

the company calls “bring your owncomputer,” with the idea being or

employees to use their own laptop

or securely connecting to the corpo-

rate network. In this model, the lap-top runs a corporate virtual machine

directly on top o a hypervisor ratherthan in a hosted virtual environment

contained by the employee’s personal

operating system.

“You need to provide very strict iso-lation between those environments

because you really don’t trust the per-

sonal environment,” says Pratt. “It isonly through using a hypervisor where

you can achieve that strong isolation

between those environments.”Like VMware’s Herrod, Pratt points

to smartphones as one maniestation

o this new way o thinking about vir-

tualization and security. In Pratt’sexample, a handset might have one

virtual machine that controls the ra-

dio, another that contains all the de-ault sotware and applications, and athird that operates everything the user

downloads and installs. “The whole

idea behind this,” says Pratt, “is thatbecause you have this strong isolation,

no matter what rubbish you download

and install on the phone, you are stillgoing to be able to make that 911 call

whenever you need it.”

Proponents o virtualization say

that, in addition to acilitating new ways o enorcing security, virtual-

ization technologies are leading tonew ways o distributing sotware.“Virtualization not only gives you the

ability to manage hardware more e-

ectively,” says Rosenblum, “but alsoallows you to treat the sotware you’re

running dierently.” One way o lever-

aging virtualization’s capabilities isto ship complete packages o running

virtual machines rather than having

users assemble operating systems

and applications themselves, he says.The idea represents a dierent take

on sotware as a service, a model thatobviates the need or users to assem-ble applications themselves. “It’s not

like you buy all the separate parts to

make a car, but that’s what we do withcomputers,” says Rosenblum, who

predicts that virtualization will lead to

users simply invoking complete, au-thenticated virtual machines tailored

to their particular needs.

cr cllg

While virtualization is continuing to

make inroads in several new areas and

W vrlz,ppl wll b bl b rwrk p d

p gl d.



20 communications o the acm | march 2009 | vol. 52 | no. 3

news

l e f t : P h o t o g r a P h

c o u r t e s y o f c a r o l i n e s e l f r i d g e ,

r i g h t P h o t o

g r a P h

c o u r t e s y o f i n f o r m a t i o n s d i e n s t W i s s e n s c h a f t

is leading to speculation about new

models o computing, the technology’s

overhead remains a core challenge.

Recent advances in hardware andsotware have been removing some o

the perormance concerns associated

with virtualization, but the goal is toeliminate the perormance gap alto-

gether. “We are not there yet, but what you’re going to see is enhancementsin processors and other technolo-

gies to make the perormance gap go

away,” says Leendert van Doorn, whois a senior ellow at AMD and respon-

sible or AMD’s virtualization technol-

ogy, including the AMD virtualization

extensions in the company’s latestquad-core Opteron processor, which

are designed to reduce the peror-

mance overhead o sotware-based vir-

tualization. “The big problem with vir-tualization right now is perormance

guarantees,” he says. “I you have adatabase transaction requirement o a

ew milliseconds, it is very difcult to

provide that guarantee in a virtualizedenvironment.”

Still, van Doorn says he is confdent

that this overhead will be reduced in

the coming years with better hardwareand sotware support or virtualiza-

tion. Currently, overhead in virtual-

ized environments varies rom a ew percent to upward o 20%, a fgure that

van Doorn says depends on several

actors, including how the hypervisor

is implemented and whether the oper-ating system running atop the hypervi-

sor is aware that it is being virtualized.“The Holy Grail is to get near-nativeperormance,” he says. “We are get-

ting closer to that goal.”

In addition to the perormance is-sue, there remains the issue o man-

ageability in the data center and else-

where. “For the next generation, every big sotware company is working on

comprehensive management tools,”

says van Doorn. The goal is to deal with

a massive number o virtual machines

i r, llw gv vrlzpbl bddd

r frwr.

and eectively make global optimiza-

tion decisions or thousands o virtual

systems running in data centers or in

the hands o a large work orce. So-phisticated management tools will be

essential in the uture imagined by vir-

tualization’s proponents, who predictthat industry is moving toward a world

in which the technology is ubiquitous,and where all new machines will have

virtualization capabilities embedded

in frmware.

Certainly, says Citrix’s Pratt, allservers, desktops, laptops, smart-

phones, routers, storage arrays, and

anything else running sotware that

must be isolated rom other applica-tions will be virtualized. The result?

“The main noticeable thing will be

more trustworthy computing,” says

Pratt. Echoing this sentiment, Herrodpredicts that users won’t think about

virtualization as a dierent orm o computing. “It will seamlessly ft into

our notion o computing,” he says,

“enabling a much simpler and moreproductive experience or all o us.”

Bed in lo angee, Kirk L. Kroeker i freeneeditor nd writer peiizing in iene nd tenoogy.steven hnd, citrix, nd cr Wdpurger, Vmwre,ited in te deveopent of ti rtie.

Obituaries

In Memoriam

t wrd cmur sccrcy s w smdmmbrs: ovr G. Srdg, w dd 82, d ig Wgr, 57.

Srdg, ws crr cudd ss Mit,

BBn, d Gte

lbrrs, s wdy rgrdd s dg r fd rfcgc d

r mc rc.“i rsc rsrc 1950s,” sys erc hrvz,rsd amrc assc arfcigc, “ rducd dckd ky rbms rw w kw mcrg rsrcrs, cudg cgs src d

mz vr rgrmr scs, ur

df d sc,ddcs mg vrbs,d usurvsd rg—rg wu xc ccss sgs bu succss vrsusur.”

i 1956, Srdg, wur cgus, rgzd

crc Drmu Cg d cr fd rfc gc. ads 1958 r, “pdmum: a prdgm r lrg,” s cssc ai rs ssy rvds bur r mcrg rsrc.

“t pdmum wrk rducd dsrbud mdr r rcg, wr cmmuy rcg ‘dms’ r gs w dr cmcs d ucsrrm dr subsks r cmbd

f swrs r bvrs,”hrvz s. “Rr

bg dcrd d md fxd, gs d r wrks cmmuccud vv w xrc.

“Fr dcds, ovr cmmucd xcg vs wr cmurs wud dy r r um s

d c sss wu d r dd xrss rbms,” sys hrvz. “Suc vs s vvd b cr rsrc um-cmur rc.”

ig Wgr, rssr cmur scc tcc Uvrsy Drmud, s w kw r sgrudbrkg wrk cmxy ry. h wr r mr mgrs,The Complexity of Boolean Functions (1987) d Branching Programsand Binary Decision Diagrams

(2000). i ry 1990s, wrkd rm yss

murscs, d scvc mzgrms bsd murscs, k vury grms d smudg, sud b sudd w mds rm

ry

fc grms dcmxy ry. Wgr’s w,rcrc

rducd rududrsdg ms suc murscs.

Wgr ws d mmbr Grm Cuc Scc d hums, dg scfc dvsry cmm Grmgvrm, 2004, d w Krd-Zus-Md,

Grmy’s ms rsguscmur scc wrd, 2006.

Documents

Technology | DOI:10.1145/1467247 .1467253 Kirk L. Kroeker