XCP-ng 8.2 LTS - beta

Release Sep 30, 2020

We have been working on XCP-ng 8.2 for a few months now. We are now ready to release a beta of the latest version of our Hypervisor. We paid very special attention to XCP-ng 8.2 as it's going to be the very first LTS (Long Term Support) version!

LTS - what it means

A Long Term Support version means that we will provide bug fixes and security patches for XCP-ng 8.2 for 5 years! Additionally, we may also backport some features as long as it doesn't impact the overall stability. We are also working on the possibility to provide an even longer lifetime support, more information is coming soon.

How to upgrade

XCP-ng 8.2 is a minor number upgrade, which means you can use the yum upgrade method OR download the ISO file.

Download files are available here:

If you want a more complete "How to Upgrade" guide, you can refer to our documentation.

Provide feedback during the beta

If you don't know what to test, use our documentation regarding our development process.

As always a dedicated forum thread in available to get more information about the release, participate in the discussion, and provide constructive feedback.

Major highlights

UEFI implementation (coming soon)

XCP-ng exclusive

We worked on a complete reimplementation of the UEFI support in XCP-ng. Unfortunately, due to some last minute issues with Secureboot, we are postponing the release of this feature in the near future, before the Release Candidate of XCP-ng 8.2.

More information coming soon about that new UEFI implementation in XCP-ng.

Openflow controller access

XCP-ng exclusive

We automated the configuration needed by the user to allow communication with the Openflow controller in Xen Orchestra.

Learn more about the VIFs network traffic control in Xen Orchestra in this dedicated devblog

We also backported this feature to XCP-ng 8.1 as this improvements was already supported by older XCP-ng version.  

Core scheduling (experimental)

XCP-ng exclusive

We added a XAPI method allowing you to choose the frequency of the core scheduler. This feature will allow you to use hyperthreading with extra bits of security, in particular regarding side channel attacks (as Spectre, Meltdown, Fallout...).

You will have the option to select different granularity: CPU, core or socket, depending on the performance/security ratio you are looking for.

1.2.152 sched-gran (x86)
= cpu | core | socket

Default: sched-gran=cpu

Set the scheduling granularity. In case the granularity is larger than 1 (e.g. core on a SMT-enabled system, or socket) multiple vcpus are assigned statically to a “scheduling unit” which will then be subject to scheduling. This assignment of vcpus to scheduling units is fixed.

cpu: Vcpus will be scheduled individually on single cpus (e.g. a hyperthread using x86/Intel terminology)

core: As many vcpus as there are cpus on a physical core are scheduled together on a physical core.

socket: As many vcpus as there are cpus on a physical sockets are scheduled together on a physical socket.

Note: a value other than cpu will result in rejecting a runtime modification attempt of the “smt” setting.

Note: for AMD x86 processors before Fam17 the terminology in the official data sheets is different: a cpu is named “core” and multiple “cores” are running in the same “compute unit”. As from Fam17 on AMD is using the same names as Intel (“thread” and “core”) the topology levels are named “cpu”, “core” and “socket” even on older AMD processors.

This features will benefit from a friendly UI in Xen Orchestra in a future release.

Storage driver support (experimental)

XCP-ng exclusive

We added native support for:

  • Gluster
  • ZFS (latest version)
  • XFS
  • CephFS

New CPU support

We added support for:

  • Icelake CPUs
  • Cometlake CPUs

Configuration limits & OS support

Increased configuration limits

  • The maximum host RAM is now 6TiB
  • Max logical number of processors is now 448 CPUs

Guest operation support

  • SUSE Linux Enterprise Server 12 SP5 (64-bit) added
  • Ubuntu 20.04 (64-bit) added
  • Windows 7 removed
  • Windows Server 2008 SP2 removed
  • Windows Server 2008 R2 SP1 removed

Security Improvements

TLS certificate

The configuration of TLS certificates has been improved and you have now the ability to install new certificates with some XAPI commands.

Also, XCP-ng now enforces the use of the TLS 1.2 protocol for any HTTPS traffic between XCP-ng and an external network.

Latest Xen security patches

This new version of XCP-ng comes with the latest security patches available for the Xen Project.

Tags

Marc Pezin

CMO at Vates since 2017, I have been at the forefront of shaping and advancing the communication strategies and business development initiatives for Vates Virtualization Management Stack.