Slashdot Mirror
OS Virtualization Interview
VirtualizationBuff writes "KernelTrap has a fascinating interview with Andrey Savochkin, the lead developer of the OpenVZ server virtualization project. In the interview Savochkin goes into great detail about how virtualization works, and why OpenVZ outshines the competition, comparing it to VServer, Xen and User Mode Linux. Regarding virtualization, Savochkin describes it as the next big step, 'comparable with the step between single-user and multi-user systems.' Savochkin is now focused on getting OpenVZ merged into the mainline Linux kernel."
...that virtualisation is going to be that much of a Big Thing(tm). Those that will get the most use out of it will be the would-be dual/tri/mega-booters, and, let's face it, compared to the number of computer users in the world - heck, to the number of people that know roughly what virtualisation is - that number is going to be quite small.
What's with "open" in the name of all these projects. Is anyone really impressed by that anymore?
Tom
Someday, I'll have a real sig.
What's the distinction between what he is talking about and something like VMWARE ESX ?
I disagree, I think this is going to be big and is already starting.. In the corporate world, we have been moving many legacy systems onto VM's. Win2k3 also runs on VM's very nicely, great way to utilize that server you use for print/virus/iis, each having a seperate OS on same hardware. I think the VM buzz is really hitting much more mass right now. We are looking at mass roll-outs for desktops to get away from dual booting win/linux and would prefer to see this virtualised, as would clients.
For one. VMWare ESX is quite expensive, I understand.
"why OpenVZ outshines the competition, comparing it to VServer, Xen and User Mode Linux."
/. submitter, but Andrey slants it a little too.
Of course, Andrey works for the software company that wrote this thing, and their closed full-featured flavor, Virtuozzo. The VZ method is a good one, and has excellent performance, but it has its drawbacks, too. Personally, I don't like that my VPSes need to use my VPS provider's kernel, which lacks features I desperately want (like stateful iptables matching), and which forces me to reboot whenever they upgrade their kernel (my VPS can't be migrated to a host running a different kernel), and I can't upgrade until my provider does.
VServer, Xen, and UML all make different tradeoffs. VZ goes for performance. Saying one outshines the others is just trolling. That's mostly on the part of the
I don't want to crap on the OpenVZ project. They're working on very cool stuff, and I applaud SWSoft for opening the thing up. I just want people to keep the comparisons in context.
Unlike Xen or VMware this OpenVZ doesn't run a separate kernel for each virtual machine. This seems like a security risk to me. A kernel bug will affect all the running virtual machines. In other words, you only need to break one kernel and you have them all.
Plus you can't run different operating systems on each virtual machine.
It does have some positive benefits, it all really depends on what you are doing. I like the security of Xen and VMware better though.
The ratio of people to cake is too big
You need to move to Linode.com, seriously. They don't have any of the problems you mention. It's all UML for now, although they have some Xen boxes in beta that you can get on.
The interviewee keeps talking about Xen 3 like it's not out yet, but that's untrue.
Indeed, Xen 3 has been stable long enough that they're presently at 3.0.2. It's not prerelease anymore, and support for x86_64 and hardware-supported virtualization has been out and about for a while. I have semi-production (used by in-house staff only, but there are folks who can't work if it's down) systems running on Xen3 x86_64 DomUs, and the host they're on has been up (and running unattended) for 117 days now.
Sun has a OpenSolaris port to Xen (though I think it may be in-house-only still), and I have some good friends working on a microkernel OS targeted at embedded operation with a Xen DomU port pending (such that they -- and people working on it -- will be able to run it in parallel with the OS they use as their development platform). Being able to run more than one kernel -- indeed, more than one operating system -- is a big plus on the Xen side of things.
You know that Virtualisation has been around longer than I've been alive .. it came from the mainframe world and "discovered" by the x86 crowd :-)
All those mainframes running your banks wouldn't dream of using virtualisation ;-)
Virtualization is HUGE. It helps solve a major problem. With few exceptions, most data centers are running out of power, not space. Servers consume 70-90% of their power draw when the CPU(s) is(are) at idle - and most servers in corporate America run below 15% utilization. If I can combine 4-8 servers into 1, I can save a tremendous amount of power. Here's some simple math.
A server consumes 400 W at idle and 500 W when all 4 processors are pegged at 100% utilization. If I take 4 servers that normally run at 10% utilization and combine them onto 1 server that runs and 40-50% utilization, I've saved 1100 W (4 x 400W - 500W). This is a huge value proposition for anyone who manages a data center.
I can rant forever, but trust me - this is no fad. There is a serious value proposition here.
... a beowulf cluster of virtualization servers running beowulf clusters of VPSes!
I see myself using virtualization to run Windows inside Mac OS X. Don't like Xcode? It happens to be built on top of the most commonly used compiler, GCC. It is just a front end to replace using terminal based text editors and prevents you from needing to remember all the options needed to run GCC from the command line. I'd say that if any OS dies out, it will be Windows first. If people can dual boot/virtualize Windows on Macs, the biggest obstacle in the way of mass Mac adoption is gone. I'm confident that once people get Macs and play around in OS X (it's inevitable) then many will start switching to OS X for everyday use. Developers think they can just switch to Windows? Not likely when it gradually becomes considered a burden to swap to Windows, and suddenly Mac compatibility becomes a feature! I think it is far easier to write an Objective C/Cocoa Framework app (including all the necessary under the hood work in addition to a GUI) than it is to write a Windows application with a GUI. Just want to tie good old C++ into a GUI? Xcode already can do, or you could just compile it to run on the command line. Want to use a command line editor and GCC? Already there. Want to compile for Linux and Windows? Look at GNU Step and related open source implementations of Cocoa. C/C++ is the foundation for Objective C, so you can jump right in after a basic tutorial on objects and message passing. I don't see linux going anywhere, maybe gaining ground as Windows boxes suddenly become obsolete because of new mac switchers or Vista's (and successor's) large jump in system requirements. Given the trend among my friends (all of us college students, tomorrow's leaders, etc.) then Mac market share is looking at a sharp increase in the near future. Heck, I'm in aerospace engineering, and I'm writing this from a Powerbook G4, when many small, home brewed applications I encounter require Windows. But you know what? No small home brewed app is more than a match for Virtual PC. Any app that is something important enough to pay for has a Mac version or equivalent.
Last Post!
Its amazing how low utilization of servers is. Developers love lots of servers, but don't use them nearly as much as they say... see article "Virtualization is the COOLEST thing" at http://blog.tallsails.com/
VMware's P2V Assistant http://www.vmware.com/products/p2v/ will allow you to convert your current Windows partition into a VM.
Just to clarify: "Using Xen, you need to specify in advance the amount of memory for each virtual machine and create disk device and filesystem for it, and your abilities to change settings later on the fly are very limited." Xen supports a balloon driver that can allows for one to add or take away from the memory allocated to guest operating systems (DomU's). It is highly advised to us LVM2 to allocate disk space for DomUs, since it allows for easy changes to the partition. This makes file system management easier. "But most importantly, OpenVZ has the ability to access files and start from the host system programs inside VPS. It means that a damaged VPS (having lost network access or unbootable) can be easily repaired from the host system, and that a lot of operations related to management, configuring or software upgrade inside VPSs can be easily scripted and executed from the host system. In short, managing Xen virtual machines is like managing separate servers, but managing a group of VPSs on one computer is more like managing a single multi-user server." Using LVM2 as the disk manager as mentioned above, the host operating system (Dom0) can access the DomU's filesystem for troubleshooting and run programs (though it would not be run in the scope of the DomU, I'm not sure that he's actually implying that is the case with OpenVZ). --josh
... and then there's the outstanding IBM p-Series machines with their Hypervisor in :}
hardware that benefits from the aforementioned age-old mainframe technology
I don't doubt that OS-level virtualization is more efficient, but have you ever tried upgrading the OS for hundreds of applications at the same time? It's darned near impossible.
The great benefit of hardware level virtualization is that you can upgrade one app and one environment at a time. If app-"A" needs Linux 2.4 because that is what Oracle supports - fine, no problem. But if app-"B" needs to upgrade to Linux 2.6 because its reporting suite must have that version, that is ok too.
It seems to me that OS-level virtualization is a cool sounding idea that is pretty hopeless in the real world.
As you would expect from such an interview, it ignores the advantages of products like VMWare Server which make them attractive over Virtuozzo (and OpenVZ). Hardware virtualization allows the guests to be independent of both host hardware and host OS. To us that alone is worth the trade-off in performance, and giving up the resource management that Virtuozzo has. With the enhanced support for virtualization in hardware (e.g. the new Intel and AMD CPUs) I expect that the performance difference between hardware and OS virtualization software will decrease, but the other advantages of hardware virtualization will remain. There must also be advantages in security and upgrade-management that come with being less dependent on the OS... ?
xen 3 and an amd pacifica/intel VT chip?
wouldn't be the first time
These are not virtual machines. The idea seems to be the same idea behind Solaris 10 Containers, and I wish that had been discussed (pros and cons) in the interview.
Easier management for vertical stacking of applications on a machine.
And, yes, it is VERY useful.
Not for typical home use though. At home, I use VMWare for virtualization, QEMU to run foreign code, and BOCHS to test x86 assembly sequences, all of which I do frequently. Stacking? Not so much, because my main server is a dual PPRO with 128MB -- httpd, imapd, file services, time services, etc. Not a heavy load (104 processes, easy enough to manage manually).
Ratboy.
Just another "Cubible(sic) Joe" 2 17 3061
A virtual server can be restored in seconds, no rebuild required. A virtual server can be moved to another host server in seconds without ever shutting down. A virtual server has a common hardware configuration and can be moved to another host with completely different physical hardware in seconds without shutting down (you can mix Dell and HP servers for example and switch between them on the fly). Not every virtual server needs dual Xeon processors and 8GB of memory, but a bunch of virtual servers can run on that machine and share load as required and if one of those virtual machines needs a little extra umph for some biweekly processing, it has the ability to grab more resources or the other virtual servers can be moved off to another physical server hosting virtual servers with more power without ever shutting it off [1]. Redundancy in the virtualization world requires two physical host servers each able to carry the load of all the virtual servers and a shared disk area (SAN, iSCSI). To have that level of redundancy in the plain of non virtual world, each server would have to have a second physical server for backup and unless you were clustering, you would not have the ability to move over your processes to the backup physical without some type of interuption if one of them suddenly failed like in your example.
;)
Virtualization has many advantages in the enterprise and the ability to recover from a virus in your example is one small part of the whole package.
[1] Host servers can share memory between virtual servers, not just the total memory but the memory between machines as well. Very simple example but if you open sol.exe on one of the virtual servers, you will not take up any more total memory on the host machine by opening sol.exe on another virtual server on that same host. The memory is shared between the running virtuals as well. This works great when you have quite a few of the same OS being virtualized on a host. You could run 10 plain vanilia virtual copies of Windows server 2003 and the total memory taken up on the host will be less then 1.5 times more then a single running copy of that OS, not 10x of a single virtual. That example of 10 exact copies is not likely in real life but the common memory is shared which can make up for a significant amount of total memory savings.
Don't let your lack of insight or knowledge of the capabilities of virtualization get in the way of your opinions
In what ways is OpenVZ different? I also wonder what their "commercial offering" adds... but i'm too lazy to look.
I run FreeBSD jails on my box for testing purposes. It's extremely easy to setup and administer, especially with many helper scripts available these days.
I am loving the simplicity of ezjail. The coolest thing about it (besides the utter simplicity), is that it creates a "base jail" containing an entire FreeBSD install. From there it uses tricks with nullfs to mount parts of that base iinto jail 'instances'... this means each new jail takes only 2 megs of additional space, and about 1 second to create. It also adds security in that the base system remains absolutely read-only, while still permitting customisation and additional software to be installed in the jail.
I need a new virtual server to test my software:
Then run the ezjail startup script. And SSH in to my new virtual server. (Note: i set up the default server template to enable SSH and a few default logins... very easy to do. One does not need to use SSH; one can get into the jail environment a few different ways.)
That's true, but come on, it's going to be pretty fun to play with on desktop machines, too, isn't it? Imagine all the tricks you can play on computer-illiterate friends/family. One second it's Windows, the next it's MacOSX, then 10 seconds later it's Linux! Heads may explode.
In the mid 60's IBM created CP-67 which virtualized the IBM S/360. In the following years the system became VM/370, and has evolved to z/VM today http://www.vm.ibm.com/. VM (the general term for z/VM) is made up of two primary components, VM/CP (control program) and VM/CMS (a mini single user operating system). VM/CMS provided the ground work for being able to administer the system, and provided a nice programming environment in that each VM/CMS user had their own "system" that one could edit, compile and run their programs in an interactive environment (think of a MS-DOS type of model -- then remember that this was in the late 60's).
p / was written as a CMS application. As well as several native VM webservers.
CMS itself provided some limited simulation of IBM's two other mainframe operating systems OS/360 and DOS. Enough that one could write simple OS or DOS programs and do at least some unit testing. The simulation by CMS was by providing a limited set of the OS and DOS API.
Unlike MVS or DOS, (or even the CP/M, Windows, or *nix families) VM/CP itself does not provide many services directly. VM/CP does not provide any filesystems, any application APIs, etc. All VM/CP really did was to provide a barebone virtual machine and only provide those services one would find on the bare hardware. It was the responsibilty of the operating system running within the virtual machine to provide the application API, filesystems, application memory management, etc. Communication between vm's were originally only via the raw hardware model (channel-to-channel adapters, shared disk volumes, and a method of "punching" virtual cards and sending the virtual cards to another vm's virtual card reader.) As time progressed, VM/CP did provide some API's that allowed very simple messaging between two vm's (first VMCF - Virtual Machine Communication Facility, and then IUCV - Inter User Communication Vehicle).
Early on it was "discovered" that the virtual machine model made a lot of sense as a method to implement VM services. For example if one were to look at a modern VM system, you would see that the entire native VM TCP/IP stack is managed within a small collection of vm's. (Under VM/CP, a vm is called a "userid"). The native VM TCP/IP stack consists of a TCPIP userid that manages the network interface devices, and the TELNET server. The FTP userid implements the FTP protocol, etc. Each userid is totally seperate from the rest of the system and from each other (the tcp/ip socket facility "rides" on top of IUCV in a transparent fashion so that a tcp/ip server is coded the same as on *nix).
Because of the facilities provided by CMS, it is fairly easy to write little servers. For example the orginal LISTSERV server http://www.lsoft.com/products/listserv-history.as
If one wants to see what is and has been possible in a virtual machine environment, one should at least look at the history of IBM's VM.
For an excellent history of VM http://www.princeton.edu/~melinda/
and the VMSHARE archive, an early BBS used by VM system adminshttp://vm.marist.edu/~vmshare/
Thanks for the post, it gives me some insight into what virtualization is. But I'm still confused about what it actually does. I read this entry over on wikipedia:
http://en.wikipedia.org/wiki/Virtualization
Does virtualization basically run multiple OSes on one box? Make one computer appear to be 2, or 3, or n?
Steve
A work that expires before its copyright never enters the public domain and thus enjoys eternal copyright protection.
I would like to point out that energy efficiency goes down, and in our times of energy wars, mc*c is the most dreaded thing. So virtualisation is meant to become the energy compliant thing. but, i'm with you on slashdot/geek thing.. only until Oracle and IBM will acquire some market players. hmm.. maybe they should buy VMWare :)
And it's coming. But I think VMWare and Xen got it right. OpenVZ tries to do it inside the OS, which makes OS too much more complicated. It's not going to scale.
Another big advantage is that the virtualization provides a common "hardware" layer. For example, every VMWare "machine" sees standard VMWare "hardware", no matter what kind of metal it's actually runnning on. Want to move your "server" from your Celeron desktop to a big RISC server? You don't even have to reboot it. (It'll be inaccessible while you transfer it, but there are ways around that too.)
It sounds like the *nix VM world is moving along the track established by Multics and IBM's CP/67 (later VM/370) projects.
It seems to me that the differences in the *nix approaches are mainly whether the abstract machine seen by user written code resembles a hardware machine or some nicer abstract machine.
In all VM approaches the idea that one can freeze an entire system and look at it, or isolate it, or migrate it, is a very valuable one. It's done well for IBM on their mainframes.
As for adding resources on the fly - way, way back (mid 1980's) Robin O'Neil and I did a System V based kernel for the Cray's out at Livermore. We had to run on top of the real OS, so we gave each user his/her own copy of Unix and create a file system that could grow or contract, adding, or removing inodes on the fly. And some of those inodes could reference files held by the underlying OS, thus making strange things, like "df" showing less space on the file system than was shown by a "du" summation of the file sizes in the file system. We published a paper on this at one of various Unix gatherings of the time.
So if we could expand file systems on the fly 20 years ago I don't see why it should be so hard to do today.
Now if we'd just get serious about capability architectures... (Much of the secure OS work of the '70's was done with capability architectures with hardware support such as the old Plessy machines.)
Imagine that in the future nearly every application will be run inside its own private virtual systems. This will be done to improve security, scalability, etc etc. For very complex applications, this will improve the stability of the system as a whole!
Basically, I would never jump into separating everything around just to make things safe, unless I look for a fancy way to mess up.
But for sure, this tool can be very useful for some cases.
I'm not quite following you. What do you mean by "true virtualization"? Emulation? First of all, "virtualization" is a broad concept, it means making something that is not real look like real. Virtuozzo and OpenVZ does just that. From a point of view of a virtual environment only, it looks pretty much like a real server (with the only exception he can not use another kernel and/or load kernel modules).
Speaking of security, Virtuozzo is used by almost every major hosting service provider, and they sell cheap VPSs. If the level of security isolation provided by VZ is not strong enough, all those providers are screwed.
OpenVZ has undergone a throughout security review by a leading security expert Solar Designer last year; some bugs (including a few bugs in the mainstream Linux kernel 2.6) were found and fixed (and submitted to mainstream). Of course that does not mean it is free of bugs -- so I urge you to give it a try and find it out for yourself.
In theory the concept of OS-level virtualization is not weaker than other approaches as it comes for security. In practice, one should take a lot of care to make sure his software is secure. We at OpenVZ do care much for security, because it is a vital feature of OpenVZ (and Virtuozzo, for that matter).
-- Kir Kolyshkin, OpenVZ project leader.
Virtuozzo is in production since 2001, according to http://www.swsoft.com/en/company It is way ahead of Solaris Zones, which, by the way, still lacks proper resource management, similar to that found in OpenVZ/Virtuozzo. And why resource management is of paramount importance is described in Andrey's interview.
-- Kir Kolyshkin, OpenVZ project leader.
We surely do understand that.
All of the OpenVZ aspects and features (like User Beancounters) can be turned on or off in kernel .config. I.e. OpenVZ kernel can be compiled without (or with) any of OpenVZ features.
-- Kir Kolyshkin, OpenVZ project leader.
Very short answer -- Solaris Containers is the same technology as OpenVZ or VServer. Their isolation is OK as well, their resource management is worse than that in OpenVZ. There are some system-wide resources that you can not limit for a containter -- which can create problem if an application inside a containter goes crazy (or a container is owned by a c00l ha>
Remember, Solaris Containers are a recent feature, while Virtuozzo was available as a product since year 2001. So, Solaris is doing the right things and great things, but it still has a way to go.
-- Kir Kolyshkin, OpenVZ project leader.
You are damn right pal!
The obvious difference though is x86 crowd is now doing it in software, not in hardware -- and so it's much cheaper.
-- Kir Kolyshkin, OpenVZ project leader.
Have you actually read the interview?
OpenVZ provides a kind of virtualization called OS-level virt, or partitioning, or slicing. Basically you divide your Linux box into multiple small linux boxes, called virtual environments (VEs).
In each VE you can have different Linux distro installed. Consider FC4, FC5, CentOS and Debian running on the same box, so you can compile and test you app in all these distros, without a need to reboot or have a dedicated boxes for each of those.
To further understand between three different kinds of virtualization, read this small article
-- Kir Kolyshkin, OpenVZ project leader.
No one is going to want to run their servers at a high utilization rate as it leaves no headroom. Let one of those combined "virtual" servers get Slashdotted or mentioned in a blog or Time and you bring down the whole shooting match.
/.'ed the load spreads out and is handled across multiple boxes. In a sense, you need to make the cluster look like a single server to the application as well as the client, so that to both it's balanced transparently.
A better way to do what you suggest would be figuring out some way to run all of those "virtual" machines/applications in a cluster so that if one gets
Any sect, cult, or religion will legislate its creed into law if it acquires the political power to do so.
that's why an essential part of any virtulization is qos.
QOS systems won't help if your sole server is getting hammered. In fact a "fair" allocation system could quite easily make things worse by forcing allocation of time to virtual server's who're idling in comparison.
Any sect, cult, or religion will legislate its creed into law if it acquires the political power to do so.
We make use of virtualization at my company all the time. When we need to prototype something or even need to deploy a production server application quickly we just take one of our pre-rolled skeleton installs of either Debian or Windows Server 2003, copy it and start it up. We can then just install whatever needs to be installed and we have a new "server" up within a few minutes with no need to purchase new hardware. When a particular physical server gets too busy we can buy a new one and easily migrate a virtual machine to the new server with minimal downtime. With some of the more fancy virtualization solutions you can even transport running images between hosts with no downtime at all, though we don't make use of that here since we don't run critical services in virtual machines.
I expect the market for server virtualization to continue to grow for some time, especially now that modern processors can do much of the work in hardware so the guest kernels can run in ring 0 and talk to real rather than emulated hardware.
After all if an OS can run 'under' a Virtual Server, then surely the Virtual Server is the OS, and the OS is just a collection of applications which work together to improve the experience of running other applications.....ad nauseam
The big server would still need to be x86 in that scenario.
Very interesting points. My company is moving towards virtual servers (not MS Virtual Server) for some of those very reasons. Right now, if a server fails we need to either reinstall the OS and restore from backup tape or replace the failed hardware.
In the new senario, any one server failure will simply result in the VMs being down for moments (we're not paying for the expensive up all the time jazz, hard enough to get the money for this project).
When it is time to upgrade, we simply roll in faster hardware and move the VMs over to it. If we want to test upgrades to the guest OSes, we can simply take a snapshot of the LUN it is on, test, and if we like it, fully populate it to the SAN. If we don't, we roll it back and no harm done.
Here we speak of Software Virtualization and not of Virtualization in general. Software Virtualization traditionally means running an OS in emulated environment. You emulate environment for OS software only, not for its kernel. In traditional context, that could not be considered as a true OS virtualization. Of course, virtualization is still emerging field, and it is not quite correct to point out "true virtualization" or "false one". In that I agree with you.
"Speaking of security, Virtuozzo is used by almost every major hosting service provider, and they sell cheap VPSs. If the level of security isolation provided by VZ is not strong enough, all those providers are screwed."
Cheap emulated dedicated servers may revolutionize corresponding IT services. But that concept is not about security. For me, Virtualization is all about possibilities, not security.
Virtualization is a very much spoken about idea, often complemented by "Let's put all our distributed services into one box" (inspired by VmWare and server blades) publicity. Some posts here were saying just that, considering OpenVZ. Or even marveled "What a great idea to put each software piece into a separate virtual machine!". OK, no problem they consolidate services such a way, if they feel to. But for what sake should they feel safer having done so?
So, you have an agile, 'open-source' like environment for rapid operating system development and you have the virtual machines that can be frozen at some point in history when the legacy application was supported.
Luckily, Microsoft moves so slowly that I would bet that either Linux or a BSD like OS/X will be able to implement this first. This could be a future where the open-source model of development is the prefered environment. Elephants are imposing and dangerous, but they can't swim with Penguins (or Puffy the blowfish).
Think global, act loco
The only caveat to virtualization the way you are describing it is that if a system has most of it's time at 10% utilization, but peaks for a few hours pegging the CPU, and using all of the memory... you could be in a bind.
It takes a much different set of administration skills to manage systems like these than it does lots of distributed boxen. I can't admit that I know all of the problems and issues, but there are many. I know that at my last job, we had a lot of systems that were performing very poorly (serious disk I/O and latency). This was probably due to a kernel bug, as it existed on many systems and platforms, but we never had time (or motivation) to fix the problem. The amount of knowledge and understandig to convert an environment to a virtualized one is, IMHO, non-trivial. Benefits are there, but it takes a lot of work and planning.
v4sw6PU$hw6ln6pr4F$ck 4/6$ma3+6u7LNS$w2m4l7U$i2e4+7en6a2X h
I used to use UML fairly heavily, but the real-world I/O performance was awful, even with the skas patches applied on the host. Xen's a dog too right now (as far as I/O operations are concerned -- particularly video) when doing VMX domains [which use hardware-supported virtualization rather than a paravirtualization-aware guest], but on native domains the performance hit isn't nearly as bad as it is with UML. Do some I/O-heavy (rather than CPU-heavy) benchmarking, and the difference becomes fairly visible. This is particularly true on a multiprocessor box where the Xen Dom0 has a core to itself to use for driving I/O.
(Also, Xen has had live migration for a long time now. OpenVZ will have Virtuozzo's implementation in the not-distant future, but I'm not aware of any plans to bring live migration to UML at all).
OpenVZ, on the other hand, *does* have a design which makes it inherently better as far as performance is concerned. It's not nearly as flexible as Xen (in terms of being able to mix guests' kernels and operating systems), but from the design I'd expect that I/O overhead would be practically nonexistant. UML was a damn cool piece of hackery in its day, and still has practical uses -- but as a server virtualization tool, there are getting to be tools out better suited to the job.
"Well, the question is, why virtualization?"
"virtualization is very usefull in a corporate context, eg you want to separate environnements, ease up backups, increase security, have 10 different OSes installed on one server for testing purposes"
You really answered your own question, which is something to respect in the slashdot halls, where an empty question is more common...
To add my own thoughts, though, I'd say that's exactly why I want virtualization, and why I'd rather have it at the hardware level than anywhere else. If I could test out what the latest patch from my software vendor will do (whose patches have a tendency to crap out their system) in an entirely simulated environment, I would love it.
While I'm preparing for implementing a new and improved way of doing things, such as authenticating against LDAP instead of locally on each of my ten servers, it's reassuring to my higher ups to see the process actually implemented in a test environment, with ten servers, and working. Something tangeable for them to try out always sells better than "I think we can do this, I read about it, but I haven't tried it out yet."
Running in a production environment may be something of a different beast. I'll probably wait a year for others to test the waters before I jump on board, but I AM anxious to do so.
It was great to see the latest (I think) AMD hardware running Suse 10 with its Xen installation (So, Linux base) with an unmodified Windows XP OS on top. Sweet stuff. I'll never use it. But it indicates I'll be able to install any version of Linux, without kernel modification, and use it for my daily test needs. As soon as I can remember what the underlying hardware was, that's going on my list of 'toys to buy'.
Sorry to jump on your bandwagon, but I had to say it somehow...
There's a 68.71% chance you're right.
At the most I'd use VMware for something that's highly controlled (like your test lab example) or non-resource-intensive. I don't think it's ready for full virtualization though. I can clearly tell the difference between running a process off a VM box and running it off a "real" box.
My book, podcast
Have you actually read the interview?
:-)
Welcome to Slashdot 'kir', where in Microsoft Russia, all your Portmans are gritted by joo, but you missed a interspersed diacritic mark between the conjunctive pronoun in the second sentence.
(If you've been around a while, you'll recognise that
Personally, I think OpenVZ is fantastic - I've heard very good things about Virtuozzo, even that its worth the price, so I'm going to try it out. The only thing that concerns me is the kernel versions, I'd be far happier if a more recent version was available (eg 2.6.16) and kept more up to date. I don't know how much effort is required for this though. Good luck with getting at least parts included in the kernel.
Thanks!
Speaking of "recentness", current development branch of OpenVZ kernel is 2.6.16 based (here). You can actually use it, but we can not guarantee it is as stable and matured as the current stable 2.6.8-based kernel.
-- Kir Kolyshkin, OpenVZ project leader.
This is so 1995.
They had this way back then, you can see it when Razor and Blade contact their affiliates and they take that Gibson down. The blocks turn red when they're hacked.
It comes with sound fx.
Defining Statistics and Social Research
Their system sounds like what MULTIX was supposed to be, before we gave up and switched over to UNIX.
Andy Out!
EMC already bought VMWare...
Prudence | Justice | Fortitude | Temperance
It sounds like the *nix VM world is moving along the track established by . . . IBM's CP/67 (later VM/370) projects.
Of course, Linux on zSeries is already out, stable, and effective for S/390 and later zSeries hardware, and plays very nicely with z/VM. The tricky part is doing the same thing on x86 boxes (given the instructiuon set noncompliance with Popek-Goldberg), which is why there are so many projects going at it from so many different angles.
Mostly right, but mainframe VM doesn't have the ability to migrate a virtual machine. Nor does it have a balloon technique to manage pressure on memory, as VMware does. Rumor is that is being worked on
All good sound DSPs (arguably better than anything from Creative quality-wise), and they all support 8+ hardware mixed sound streams.
As a bonus the envy24 has very flexible hardware mixing and routing too... so you could actually have 4 different OSs running with 4 different stereo output pairs on the same card (check the Midiman 1010 for an example of the requisite hardware incantation for 8 mono outputs).
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
It's the economics of the thing: if you are paying money for your server-class hardware, you should be using between 90 and 99% of the box, or you're wasting money. But, you say, it's so HARD to run a server at 90%, and my SMTP service barfs all over my SQL database, or it corrupts memory by being poorly written, so I run those on separate boxes. Virtualization allows you to use separate "boxes" while still running the hardware as flat out as you can.
Two reasons it came about in the mainframe world first: 1) those boxes were originially horrendously expensive (now they're just "merely" expensive) and so you definitely didn't want to buy more than one or two; and B) the IBM 360 architecture, from which the current z/series has evolved, was designed and engineered from the ground up for multi-user, multi-tasking environments, with later evolutions added for multi-processor envuronments. Things like storage protect keys on each hardware page of storage help to kill those applications that don't play nice with others, rather than killing your system.
If you haven't looked into it yet, look into Linux (especially SuSE) on 390x architecture, running on z/VM as the virtualization hypervisor. It runs your favorite Linux stuff, runs Apache, and you can get Mono for it too if you need to handle the .NET stuff as well. Depending on your z/box size, you can scale to hundreds of virtual servers making it potentially useful for a hosting environment as well.
Not to mention that most virus binaries won't run on this architecture.
See the Linux VM group. Although their web page is sometimes a little out of date, the mailing list isn't.
So basically, what has happened, I gather, is that computers have gotten so powerful that now we can split up one "hardware unit" (a PC) into serveral virtual units, with different levels of connection (or none at all) between these virtual units.
I think this is an awesome way to run a web browser - just destroy the virtual machine every time you are done browsing and you greatly minimize infection possibilities.
Steve
A work that expires before its copyright never enters the public domain and thus enjoys eternal copyright protection.
I fully concur with the parent - I'm helping with an ESX environment at the moment that's running on 8 Proliant blades. Each of these will end up with on average 8 Virtual machines on each one and that leaves us with a lot of overhead 'just in case'. As well as redundancy it's physically taking up a lot less space and power. Regarding redundancy, we're running with storage on a SAN - if the error detection system uncovers an imminent failure in the hardware (or if we decide to), the time taken to transfer a virtual machine onto another server doesn't take long at all - after all, you're only looking at shifting the memory, not the drive contents. It *is* weird seing a fully function copy of W2k3 running SQL Server only taking up less than 100 MB RAM, though :)
How about, err, just run all the applications on the same box if you really want to consolidate them? You know, a (well designed) application can be moved with minimal disrruption as well?
The only point I can see is for proprietary softwares that have really annoying requirements and do not play well with others. For well designed free softwares virtualization does not give you much.
The only advantage that the X-fi system gives you is the ability to mix in surround and do environemntal processing and filtering in hardware.
Starting and stopping sounds, music and straight matrix mixing them is computationally simple and does not require anything resembling "pipelines" or multiple chips or any of that bullshit. It requires a decent DMA implementation and relatively low-end MAC-capable DSP to get uber-channels. What the envy24 and crystal-sound lines have going for them especially are superior ADC/DAC paths and the support for more analog input and output channels.
Really the games can mix down the sounds in realtime easy. Its just that most games don't do jack shit in terms of preloading the environmental effects into memory, so that the first time they're used, you get a disk-hit... or god forbid they use some kind of basic synthesis. The sound engine design is always an afterthought, and it shows.
But yeah, turn off EAX. Its retarded.
And if you must have accelerated surround sound with wall reflections and crap, try a Terratec DMX (envy24 + EAX acceleration DSP) or maybe a Hercules GameSurround III (cs46xx + vortex engine)
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Using OpenVZ or Virtuozzo, you can live migrate all your Virtual Environments (VEs) to another physical server before rebooting your box. "Live migrate" here means no need to reboot VEs, means no existing network connection will be broken etc. etc. After you've done your maintenance on the physical server (be it adding more RAM, or kernel upgrade, or switching from one distro to another -- you just migrate your VEs back. Also note that if another server has different NIC or SCSI controller -- you don't have to worry. This (ability to do live migration and be independent of hardware) is just one little piece of functionality that OS-level virtualization provides.
-- Kir Kolyshkin, OpenVZ project leader.
If you run all the apps on the same box you gonna have problems. Here are just a few.
System-wide resources. There are some system-wide resources like the number of open files, number of sockets, IPC shared memory pages, physical memory pages, virtual memory pages, swap, number of processes etc. etc. Basically, any app can go mad and abuse one of those resources, rendering the whole system (and all the other apps) unusable. This is the most serious problem I believe. You can limit some of the resources -- like disk space, using per-user and per-group disk quotas -- but you can not control all of them. In contrast, in OpenVZ each VPS has a set of resource limits (and guarantees) and a VPS owner can not eat the whole box (unless configured to do so).
Users, libraries, distros. Different apps like different environments -- for example, app A requres library B version C. Not every application can run on every distro -- we have to face the truth. This is not a serious problem usually, but it arises sometimes. In OpenVZ you can have different sets of libs, different distros in different VPSs.
Security. Intruder hacked your old sendmail and got a local user. At the very least, he can now see the other processes and files. In some worse scenario he might find yet another hole and have a root user -- and all your apps are now had.
There are some other things like that as well. To conclude, virtual environment gives you the needed level of isolation between apps. Besides that, there are some added benefits -- like you can migrate your VE to another box without restarting your application(s)...
-- Kir Kolyshkin, OpenVZ project leader.