Key Features

Hierarchical Memory Expansion

Supports unified management of multiple types of memory and storage media as well as smooth expansion of the system capacity. For services that are sensitive to memory and have obvious internal hot access, the memory cost is significantly reduced with the same performance.

  • Hot and cold page identification. The busy/idle status statistics mechanism of the kernel-mode memory page can accurately identify the cold and hot distribution of process memory page accesses.
  • Configurable elimination policies. A configuration interface is provided to customize the cold and hot tiering policies for memory pages.
  • Smooth expansion. Cold pages are automatically swapped out to the extended memory. The software deployed on the cold pages can run properly without changing or adapting the programming mode.
  • Multi-media expansion. Multiple media such as SCM, XL flash, and NVMe SSD can be used as the extended memory. The cold and hot memory tiering solution is specified based on the access speed of the media to expand the memory and reduce performance loss.

Enhanced Virtualization Function and Maintainability

The live migration Pro capability is extended to improve the maintainability and testability.

  • Live migration Pro feature. multifd is enhanced to support TLS, ensuring data security during migration. Concurrent compression of live migration data is supported, improving migration performance. Statistics on data page access frequency are added for live migration data prediction in advance.
  • Performance debugging tool (vmtop). You can dynamically view the resource usage of VMs in real time, including the CPU usage and memory usage. The x86_64 architecture is supported.
  • I/O suspension. I/O suspension is supported so that automatic retry is performed by default in case an I/O error occurs. If the retry times out, an alarm is reported.

Lightweight Virtual Runtime (StratoVirt)

Elastic memory, huge page, and system call filtering are added to enhance the performance and stability of the I/O subsystem.

  • Elastic memory. The memory can be allocated and reclaimed based on the memory requirements of the workload. The memory reclamation speed of virtio-balloon can reach 3 GB/s.
  • Huge page. Huge page in the lightweight framework provides continuous physical memory pages for lightweight VMs, improving VM memory access efficiency.
  • System call filtering. The device model has been simplified and system call filtering is supported. In the simplest configuration, only 35 system calls are required, effectively reducing the system attack surface.
  • Enhanced I/O subsystem. Multi-channel concurrent I/O capability is supported and the performance is improved. The I/O-QoS capability improves the flexibility and stability of VM I/O traffic management.

secGear Confidential Computing Programming Framework

The secGear unified confidential computing programming framework provides easy-to-use development kits, including lifecycle management, secure development library, auxiliary code generation tool, code building and signature tool, security capability, and security service component implementation solution in the security zone. Programming with secGear differentiates the system into secure and non-secure zones. It can be used in various scenarios, such as trust cycle, cryptographic databases, multi-party computing, and AI security protection.

  • The service layer provides complete security services running on the security side.
  • The middleware layer provides a set of protocol interfaces to meet basic security requirements.
  • The basic layer provides various enclave development interfaces or tools and supports C POSIX APIs and standard OpenSSL APIs on the security side. Users can freely develop secure applications based using those APIs.

Supporting OpenStack Queens/Rocky

OpenStack is a simple, scalable, rich, and standard cloud management operating system. For details about more features, see OpenStack Queens/Rocky release notes. You can download software packages from oepkg.

  • Integrated OpenStack Queens/Rocky, which enables the IaaS solution.
  • Enhanced block storage. Advanced functions such as capacity expansion, snapshots, and VM image cloning are supported.
  • Container-based deployment and network capabilities. Better integration with containers is achieved.
  • Extended services. Extended services such as control panel management, bare metal server deployment, and cloud resource tracing are supported.

有奖捉虫

“有虫”文档片段

存在的问题

提交类型 issue
有点复杂...
找人问问吧。
PR
小问题,全程线上修改...
一键搞定!
问题类型
规范和低错类

● 错别字或拼写错误;标点符号使用错误;

● 链接错误、空单元格、格式错误;

● 英文中包含中文字符;

● 界面和描述不一致,但不影响操作;

● 表述不通顺,但不影响理解;

● 版本号不匹配:如软件包名称、界面版本号;

易用性

● 关键步骤错误或缺失,无法指导用户完成任务;

● 缺少必要的前提条件、注意事项等;

● 图形、表格、文字等晦涩难懂;

● 逻辑不清晰,该分类、分项、分步骤的没有给出;

正确性

● 技术原理、功能、规格等描述和软件不一致,存在错误;

● 原理图、架构图等存在错误;

● 命令、命令参数等错误;

● 代码片段错误;

● 命令无法完成对应功能;

● 界面错误,无法指导操作;

风险提示

● 对重要数据或系统存在风险的操作,缺少安全提示;

内容合规

● 违反法律法规,涉及政治、领土主权等敏感词;

● 内容侵权;

您对文档的总体满意度

非常不满意
非常满意
创Issue赢奖品
根据您的反馈,会自动生成issue模板。您只需点击按钮,创建issue即可。