Slashdot Mirror
Linux VMs For Everyone
Over at Newsforge, Grant Gross has written an interesting overview of the options available for hosting multiple Linux installations on virtual machines; interestingly, it's not just for those with the big bucks for high-end IBM hardware, though that's surely nice.
In particular, VMware's "undoable disks" are great in this regard.
CEE5210S The signal SIGHUP was received.
it's not just for those with the big bucks for high-end IBM hardware
This isn't really new. Slashdot had an article about it a month or two ago. Unfortunately the link escapes me.
After seeing that article, I presented it at work. We now use it to keep the logging facility and services separate from each other, so a break in to one service doesn't compromise the others or the logs.
It works pretty slick.
Cool! Not only are you allowed to run Linux on your computer for FREE but you are allowed to run 1000 copies of Linux on your computer for FREE!!
Now, 1000 copies of Windows on a machine would cost... $100,000? Nehehe. Linux rocks =P
What are the price/performance ratios for virtual machines? Is it cheaper to run 10 VM's on one 10 times faster machine than just 10 slower machines? Because the VM idea is exactly the opposite of Beowulf cluster, and it doesn't look very cost-effective.
~shiny
WILL HACK FOR $$$
I can't remember my windows days all that well, but doesn't the Microsoft Windows license apply to a single computer??? Wouldn't that mean you can run as many copies of windows, as long as they are on the same computer, as you want?
Who knows? Maybe Micro$$oft did shoot themselves in a foot?
The reason there's a value to virtual machines is because you can't buy half a computer [from reputable vendors!]. If you have four jobs that only require 1/4 of the resources of a modern PC, but they all need different security contexts, you must a) buy four servers or b) buy one server and run 4 virtual machines.
There's probably even some value in a beowulf cluster of virtual machines-- if you want to write and test cluster-based software when you don't have access to a cluster.
e-genera has some neat dynamically reconfigurable computers that amount to a single-rack, virtualized server farm that can run a customized version of SMPed Linux or Win2k/XP.
The biggest trick the devil pulled was letting lawyers become politicians so they can write the laws.
If youre hosting, you cant beat this solution
..)
Folks over at Solucorp
Have made kernel patch and utilites to make this almost painless, as well as some precompiled kernels, (I would laways roll my own but
This as I said kicks for hosting, its not just a chroot, and its not like the jail on BSD, its....well different.
This isnt somethign youre going to do on your desktop machine , its going to allow you to span resources, this is COMPLETLEY different from VMWare etc, for all the yahoos that are gonna say this has been around forveer.
After SEVERLY abusing our test server to hell an back starting 2-1 we are going to be offering hosting in this enviroment , we have clients that want their own playground but dont want the maintenece, some have semi-secure data theyre just no comfortable on a shared solution and cant quite justify a dedicated box, were already slated for 10 clients and with their current traffic and traffic times, they will all play very nicley on the same machine
P.S. LOAD up on the ram , and make sure to use SCSI , Low ram and Ide will work but start to bog under load, remeber you have 10 different Linux installations trying to access the disk at once.....
Sig went tro...aahemmm.....fishing........
It depends. One key thing multi-user systems have which is great is, of course, task switching. Multiple process control. I'm sure that of 10 copies of word running at the same time would run well on a machine that's 10 times powerful than the base, but that's if all 10 copies were maxing out their resources continuously.
Also, If there can be a way of 1 copy in memory of the program/OS itself and multiple copies can be run at the same time without taking up more memory, that would be great too. Sort of like the kernel, it only loads once but services multiple processes. A program that can service multiple users without creating multiple copies.
All in all, maybe 20VM's on a machine 10 times faster might be enough as it doesn't need to scale liniarly unless the machines are completely maxed out. And if the kernel could be loaded in memory once and act as multiple OS's, that'd kick butt too. Sorta like FreeBSD's jail. (Is fbsd the only one to have jail now?)
-
ping -f 255.255.255.255 # if only
But how do you assure decent IO in a virtualized machine? I'd imagine it would be pretty poor with the disk head skipping all over the place. I'm also curious if the processor cache would hold up well.
The holy grail seems to me to be cheap processors and disks hooked up via infiniband.
The article talks about how hundreds, even thousands of OSes can run on one machine. Well, what if the underlying VM architecture, or even the hardware itself crashes?
Now you have hundreds, even thousands of customers mad at you... and all their stuff is on just one machine. Yikes!
Did Intel fix the x86 self-virtualization problem with the Pentium and laters? I know that the '386 and '486 couldn't fully virtualize themselves, because it was possible for non-supervisor code to look at certain flags.
A 680x0 (x >= 1) could fully virtualize itself, because the condition codes could be accessed separately from the status register (MOV.B D0, CCR as opposed to MOV.W, D0, SR).
Just curious. Oh, and I think the article got it wrong. They said VM has been around for 20+ years, I believe it's closer to 30+. Any old JCL'ers out there?
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
The Inquirer's take on this doesn't make any sense to me. Won't MS love HyperThreading because it will force people to buy 4-CPU licenses for 2-CPU machines? Or maybe customers will avoid the issue by disabling HyperThreading in the BIOS. Or maybe MS will release a patch for Windows that recognizes the difference between physical and logical CPUs. It doesn't seem like a huge problem.
We went to an IBM presentation on this 6mo ago, which was aimed at marketing types but still pretty interesting. It only takes minutes to image a new server and put it online. I'm guessing that if you ever needed to reboot one it would take seconds.
455fe10422ca29c4933f95052b792ab2
Can someone explain the practical difference between this and *BSD's jail() environment? On a side note, why *doesn't* Linux support jail()?
Apparently the email didn't get delivered.
now we need to go OSS in diesel cars
The article a little bit skimps on details, bunching VMware and other things in same category.
;)
VMware, plex86 and bochs are in one category: Real virtualization solutions, allowing you to run any operating system. The level of security these tools provide is very high (guest OS shares nothing with host OS. All access is controlled by virtualization software).
Vmware works (surprisingly) pretty damn good, I haven't had an issue with it behaving any differently from a real OS running on same hardware. Of course, its a commercial solution with associated problems (no source, can't embed, pricey, etc). Its very fast, and reasonable on resources.
Plex86 is same idea as vmware, only Free.
Right now, though, plex86 is in state of disrepair, because lead developer has been laid off from Mandrake, and codebase is in flux. You'll have much more luck with Jan-1-2001 snapshots if you want to actually boot up any OS. Don't know how fast it is, never got it to boot up enough to run tests stably.
Bochs is even lower-level approach to virtualization: it can emulate x86 on any processor. Of course, its dog slow and eats lots of memory (Expect 100x hit on performance).
Other solutions (swsoft, ensim, linux virtual server(LVS)) are a lot closer to jail() system call of FreeBSD. With these, you are running one kernel for all "environments". Security is provided by other means ("root" in the jail has a lot of restrictions on it, such as use of IP addresses, etc).
With many of these solutions, you will run in certain incompatibility problems (root not able to things which it should be able to do, but restricted in jail). Transparency is an issue: for example, even though you don't see other jail's processes, there's still a single PID space, and you can tell which PIDs are running by forking 60000 times and recording which PIDS you get and which ones you don't. Also, user doesn't have full control over its environment, for ex, you can't have your own inittab, etc.
However, these solutions don't have any overhead, very resource-nonintensive (you can run 50 jails on one host with almost no performance impact).
Level of security these solutions provide is very questionable: if there's a jail check missing _anywhere_ in kernel where root access is verified, it will lead to a host compromise.
Note: Of the above mentioned solutions, I only worked with LVS (www.linuxvirtualserver.org), and its the only one that is GPL'd.
User-mode-linux (UML) occupies space in between: It doesn't virtualize the processor, but it has a separate kernel running for each VM, for excellent transparency, and reduced risk: As UML itself runs as non-root, even if a bug in UML implementation is found that would allow to make system call to host kernel, it would still at worst result in single-user compromise on the host. (Unlike LVS/jail where it would lead to root host compromise).
The way it works is following: UML is essentially a "port" of linux to linux. (I.E. linux that doesn't run on bare metal, but uses host's services to implement linux). It traps system calls by application and executes them itself.
Currently performance of UML is spotty (each syscall by application results in 3 context switches on host), but its being worked on at amazing pace. (Thanks Jeff)
Summary:
a) if you need to be able to run 10+ 'guest' environments on a host, look at LVS or jail.
b) if you need to run non-windows guest environments, vmware is your answer.
c) If you need to run 1-10 guest environments, with good security and you have memory to spare, look at UML. Its performance is likely to improve soon.
I plan on providing a "virtual colo" service based on UML for linux-oriented people and vmware for people who want to run Windows on their 'machine'. The idea is to provide service to people who outgrew traditional virtual hosting environments, but not quite ready yet (or don't want to pay) to have their own dedicated server. Pricing will be around 30$/mo.
There's probably even some value in a beowulf cluster of virtual machines
By running a cluster of virtual machines, the VM enviornment can take (RAM/DISK/CPU-CYCLES) and reallocate them where they are needed. It's like a cluster of mixed machines where the simple tasks are always running on the crappy low end machines, and the monster tasks are always run on the souped up high end machines. But you want to run all this on really fast hardware. So you run it on a beowolf cluster. The VM envoirnment can then reallocate real machines to run the VM machines that need the extra resources.
A virtual beowolf cluster running on a real beowolf cluster. Wow. Imagine a beowolf cluster of THOSE!
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
on this discussion a lot has been said about VMWARE. i just wish to quickly poit out that VMWARE new licence is redicolously restrictive basically prohibiting any VMware machine to act as a SERVER for any service. Read it yourself if you dont believe it.
The basica idea behind it was to prevent peopel from buying the ""cheap"" 300 USD version and doing virtual hosting but in reality that licence states more than that.
SIncerely
Giovanni Tummarello
www.Wup.it
We dont do commodity hosting, we only host existing clients, or clients we have done development for.
:) , RH 7.2 all current with 2.4.17 (probably rmap-11c tool, ill see)For now this is a limit of the vserver utilities, Backups of your VM root are done from the Root, server that has NO net access. Hosting like this is as I said expensive, but our clients pay for my administration, 300 a month email me if interested.
I am considering putting up another box, for people, a sort of develoment enviroment that we would maintain for these existing clients that want a sandbox aside from their production enviroment, I could possibly hast you there.
Bandwith is limited on that line, it is quite expensive in our area. 10 gigs a month transffer and 5 gigs HD space, on a 1.7 ghz box with 1 gig ram. You get one IP address, all yours
Sig went tro...aahemmm.....fishing........
I've got one of these accounts at webpipe.net. $35/month. 1 static IP. 20GB/month.
The Glass is Too Big: My Take on Things
In theory, that's true, but in theory, resource allocation should be done in the kernel. . .
One thing that makes virtual machines cheaper is that you can combine performance profiles. If you have one application which requires an average of 50, and a peak of 100, and a second application with the same 50 & 100, but the peak is at a different time, then with 2 seperate machines you need 2 of 100. With VM, you can get 1 of 150, because you know that the load will never exceed that, or you machine is not twice as fast, but only 1.5 times as fast. This gets easier and easier to do as you increase the number of applications.