 Good morning. This project is one project of the virtual square project, virtual square team. Virtual square is a container project, is actually a group which are carrying out several projects. So let me start from the end of the talks, saying that if I'm not on time and I have to finish the talk earlier, wiki.virtualsquare.org is the place where you can find all the information and the examples and everything. Let us start the other way around. Okay. Talking about what are the goal of the virtual square group, there are several kinds of virtualities in our software. So virtual machine, virtual networks, these are kinds of tiles of a puzzle or Lego blocks, and we want to combine all this idea together. So the main goals are communications. So we want different virtual entities to communicate together. Actually, we have different virtual machines, and we cannot make them communicate directly without the US tools. Integrations, so we want to have different virtualities seen as special cases of a broader view about virtuality, and then with this kind of unification between among all the concept of virtuality, we want to extend this idea of virtuality and design in virtualities. Okay, let us go to the focus, let us focus on the topic of this talk, VOS, a process with a view. What's a view? It's process in modern operating systems has a view of the word made by the answer given back by system codes. So a process can see the network, can see the file system, can see all the execution environment through the answer it receives from the system code. Actually, currently, there is a usually hidden low in modern operating systems named the GlobalViewAssumption. It means that it is common that all the processes running on one operating system are sharing the same view, so the same network, the same file system view, in a broader view the same naming. That's almost true in positive system, almost true for two reasons. There are some exceptionalized CH routes that change the view of the file system or virtual machines that in the reality change completely the view of processes, but they create a new domain in which there is a GlobalViewAssumption. There are other notable exceptions that are coming like containers or other stuff in the kernel. System virtual machines, so let me say like KMU, like KVM, PRPC, require to put an entire operating system. If you want to mount a file system and you are not root, you can start a virtual machine and make the file system mounted by the operating system of the virtual machine. But you need to put an entire operating system. The user mode Linux is a system called virtual machine, so instead of virtualizing the whole hardware, it virtualizes just at the system call level, but it puts an entire Linux operating system. Fake route, change route, fuse, SysTrace, all are tailored to specific application. It is not a broadened view on virtualization. And most important, the major part of this virtualization tools require you to be root to run them. In Unix, in POSIX, you have a global effect of many comments. So if you mount a file system, that file system is mounted for everybody, for all the processes. If you want to protect the file system from undesired accesses, you need to work with permissions. But the fact that the file system is mounted is a global view effect. Or if you change the IP address, the IP address of the single stack running on the operating system, which is not a rule given by God to have one stack, to have one single view on the file system, why a user can't define his or her own virtual private network. So in one session, even one single shell, we want to use a different networking, not the kernel stack. ViewS means that. So we have designed the way to have each process, given its own view of the world. So mount a file system, the definition of access permission, the definition of interfaces, IP addresses, networking journal, definition of the right. Everything can be done at process level. So we redefine the system code behavior, so system code can behave in different manner. We can define even new system code if you need them. And we want to achieve the goal. We have achieved the goal of maintaining very compatibility with accessing code. So you have not to recompile everything. And the idea is to have a modular system so you can add and run only the virtualization you need. And you don't need to be rude. There are several ways to implement this kind of virtualization. One is a new kernel, but it's unpractical. Either a system called virtual machine, so think to a user mode Linux, but instead of booting an entire kernel, this user mode view, one view, let you load the specific modules for what you want to implement. And the virtualization is partial. So you can have part of the file system, which is real, that interacts with part of the file system, which is virtual, or a kernel module. And we have now a prototype, even of a kernel module, based on new trace. So let us go on the other way around. So we have one view runs on vanilla 2.6 kernel. You don't need to patch the kernel, too. But if you want, there is a patch to increase performance, but it's not necessary. KMU, on the opposite, need a year trace. Year trace is a support for virtualization made by Roland McGrath from my right head. And it is faster than your view, and it is more transparent. Transparent because one view is based on ptrace, and ptrace has some limitation. ptrace, OK. Let me skip this. OK, let me go to the heart of the presentation. One module of one view, or KMU, the module, are compatible as one fuse. So think of fuse, the kernel. It's a fuse inside the kernel, and then you have user support for fuse. There is fuse, file system at user level within UM. And we have source-level compatibility with the module. So if you have a module for encrypted file system, NKFS, you just have to recompile it with our library, and it became user-mode-fuse-module. We have all this module running, x2, it, iso, fat, and we have developed this. And then we have inherited NKFS as a sage, CRAM, where we have added outer-endiness. And there is a new module, prototype FSFS, but I have no time to introduce that. Let me let us see by hand what else mean. So if you are into a one-view machine at the beginning, nothing changes. You just start a shell, and it seems that you are working with outside one view. But you can add the one-fuse service, and then you can take a file system image and mount it using the system mount command as a user. And you have mounted this file system. If you go to another shell and you type LSTMPF1, it is empty, or even it doesn't exist because it's virtual. It's like you have two layers of kernel, so the system call coming from the processes. If they're referring to something virtual, are managed by the second layer of kernel. Otherwise, I'll send it to the real kernel. This is a hard work. So we have mounted to show that it can be nested. First, we mount an encrypted file system that contains, no, we mount a remote file system that contains an encrypted file system that contains an X2 file system. One dev is similar, but for devices. Let us go here. You can define a device mount as dev-hda as a user. You can partition it, make a file system, and mount the file system. You create a virtual slash dev slash hda bin format if you want to run a bin format in the kernel, the virtual way. And LWP is a complete stack, network stack. Voo4, Voo6, it's a neighbor stack. And you can run. Here we have the real interfaces. And then when we add the module, we have the new interfaces. VD is VDE, our virtual distributed Ethernet network. It's another result of the virtual square team. And then I can SSH this machine. And this shell is working on a different stack. Virtual distributed Ethernet is our virtual network. Appears as a local network. There are switches that are at the counterpart of the real switches. You can create wires between different remote switches. For example, you can use SSH as a wire. OK, this read quickly this. We are kernelizing VDE, defining a new family of protocol, inter-processor network, which is something like the family Unix, the Unix socket. But it's multicast. And we have used this for kernel VDE, but also for MPEG-TS stream dispatching. So it's a general tool. So this is a final summary. We have created several tools. All these tools, except for the very new one, are available at SUSFORGE. And SSH, I'll say Tabian. Stop.