Slashdot Mirror
OS Virtualization Interview
VirtualizationBuff writes "KernelTrap has a fascinating interview with Andrey Savochkin, the lead developer of the OpenVZ server virtualization project. In the interview Savochkin goes into great detail about how virtualization works, and why OpenVZ outshines the competition, comparing it to VServer, Xen and User Mode Linux. Regarding virtualization, Savochkin describes it as the next big step, 'comparable with the step between single-user and multi-user systems.' Savochkin is now focused on getting OpenVZ merged into the mainline Linux kernel."
What's with "open" in the name of all these projects. Is anyone really impressed by that anymore?
Tom
Someday, I'll have a real sig.
well isn't Linux used mostly for server operations? Virtualization also adds a layer of safety and security between child OSes and their processor.
For one. VMWare ESX is quite expensive, I understand.
Uhh... these products aren't aimed at your desktop box. They're for use in server farms, where virtualization provides an additional measure of security, along with providing the server operator more flexibility in how their hardware is utilized.
Nah nah nah. It's going to be great. Picture this. You manage a university computer lab. The computers all have identical software, and all of the students files are stored on a network share. When computers are not in use, you'd like to dedicate the cycles to a long-standing distributed computation for experiments carried out by one of the departments.
The student logs in and a disk image runs their OS of choice, they don't have to reboot or know much, they just click an icon saying which OS, which instantly is presented to them. A batch process manager removes the load from the distributed experiment from their machine.
Or, perhaps something that's already fielded. You're a graduate student, and want to emulate 1000 compute nodes for a distributed computing experiment, you log into emulab, and tell the 50 that you've signed up for to boot 20 OS's a piece, and emulate a 1000 node network.
Or, perhaps you're studying viruses (this has also been done), and want to build an Internet scale honeynet.
Or, perhaps you're running a large server farm. You want an easy way to load balance a multitude of services, so you can run something that looks like 100 servers on perhaps 50. By dynamically balancing across nodes, services can automatically adjust themselves, independently of mechanisms built into their software (to some degree). When you want to add new hardware to the network, you just plug in the machine, and tasks start being farmed to it. When you want to retire some, you just tell the manager to stop moving tasks onto that machine, and wait for the tasks on that machine to move off.
Briefly put, VMMs rock. You have to think outside of "geeks playing with VMWare" to really see the interesting applications though.
Unlike Xen or VMware this OpenVZ doesn't run a separate kernel for each virtual machine. This seems like a security risk to me. A kernel bug will affect all the running virtual machines. In other words, you only need to break one kernel and you have them all.
Plus you can't run different operating systems on each virtual machine.
It does have some positive benefits, it all really depends on what you are doing. I like the security of Xen and VMware better though.
The ratio of people to cake is too big
I'm not convinced that virtualisation is going to be that much of a Big Thing(tm).
Allow me to introduce you to the world of Big Business: upper management want the Big Business pay check but, post dot-bomb bubble, they want none of the penalties associated with taking a risk. So you have the "one application per box" mentality. All of a sudden, you've got 20 boxes running at 5 percent utilization.
Can you see where virtualization would provide "virtually" the same thing with better cost efficiency?
Make no mistake, virtualization is just as much about pleasing management as it is about making sense.
More
Virtualization is HUGE. It helps solve a major problem. With few exceptions, most data centers are running out of power, not space. Servers consume 70-90% of their power draw when the CPU(s) is(are) at idle - and most servers in corporate America run below 15% utilization. If I can combine 4-8 servers into 1, I can save a tremendous amount of power. Here's some simple math.
A server consumes 400 W at idle and 500 W when all 4 processors are pegged at 100% utilization. If I take 4 servers that normally run at 10% utilization and combine them onto 1 server that runs and 40-50% utilization, I've saved 1100 W (4 x 400W - 500W). This is a huge value proposition for anyone who manages a data center.
I can rant forever, but trust me - this is no fad. There is a serious value proposition here.
Its amazing how low utilization of servers is. Developers love lots of servers, but don't use them nearly as much as they say... see article "Virtualization is the COOLEST thing" at http://blog.tallsails.com/
Uhh... these products aren't aimed at your desktop box. They're for use in server farms, where virtualization provides an additional measure of security
If windows apps (or group of apps) were virtualized, we could use activex webpages without having to worry about spyware. Just close the virtualization window and it's gone.
The same for e-mail, if you restrict write access only to the mail files, and all spawned process from the e-mail were virtualized. If it screws up, the most you lose is your e-mail, but no viruses or infections would be produced.
What to say of websites? Virus^H^H^H^H^Hfree games installation would be only temporary (or perhaps session based? Hmmmm interesting) and you wouldn't have to worry about becoming a botnet.
So yes, virtualization for Windows would be awesome.
That's brilliant, instead of actually expecting secure software, let's just use a 40 pound sledge to drive a nail. Virtualization means running a nested kernel, I don't feel like booting a sub-OS everytime I want to check mail or open a browser. It's far more efficient to just write the app properly.
I guess the true question is: Which solution is more likely to get attention ? Whiz-bang virtualization will probably win, since it seems very few people in this world have the patience and discipline to write respectable code anymore.
-Billco, Fnarg.com
And it's coming. But I think VMWare and Xen got it right. OpenVZ tries to do it inside the OS, which makes OS too much more complicated. It's not going to scale.
Basically, I would never jump into separating everything around just to make things safe, unless I look for a fancy way to mess up.
But for sure, this tool can be very useful for some cases.