Linux vendor Red Hat is aggressively pushing to get Xen virtualization technology included in the Linux kernel as quickly as possible. Brian Stevens, the newly appointed chief technology officer of the company, said that previous efforts to merge Xen into the kernel ran out of steam when nobody stepped forward to drive them. Red Hat is now stepping forward, Stevens said.
Let’s put KDE in the kernel!
Xorg will do
,
This is a good thing, instead of having different xen-enabled kernels a kernel should be ready for virtualization by default.
Who needs it outside of the isp cutting up big servers into lots of little ones for re-sale. What would possibly possess someone to default to booting a hog like xen? There’s no free lunch, someone must pay for the horsepower for all that slicing and dicing of virtualization.
I spent two weekends getting the XEN kernel to work on my laptop. The only thing that worked for me was the XEN livecd that too the Keyboard was not functional. The concept is nice however it still needs a lot of work. Currently I am using an eval of GSX server which is headless too. The best part is I suspend Windows 2003 /Freebsd/Linux before shutting down and I have all of them running when I restart. The speed is not bad since I have 2GB RAM.
I consider myself an OS junkie, currently I have 4. I am seriously considering having just barebone GSX server on FC4 x86 and use multiple OS’s running simultaneusly. This because my laptop is no longer limited in speed or memory.
Ultimately I want to use Xnest to open multiple VT’s with a differnt OS on each VT.
Yes Xen is nice, but people interested in virtualization should have a look at Linux Vserver: it provides a light way to have multiple virtual server on a single physical computer, with almost no overhead (~2-3%).
We use it extensively and it’s mature and easy. We have a P3 700Mhz with 380 Mo RAM and 10 virtual server on it (Debian Sarge, Debian Woody and Redhat ES3). They’re developpment servers so, not heavily loaded, but I can assure you it’s pleasure to administer and install..
http://linux-vserver.org/
FYI, our 40 production servers are on two physical bi-Xeon server 4Go RAM, providing redundancy.
You might want to read this
http://lwn.net/Articles/144187
Edited 2005-10-31 20:13
1) every kernel subsystem needs to be virtualized
Doesn’t really talk to me… Process are separated by context and network by protected IP alias.
2) you cannot load different kernel modules in different virtual machines
90% of the modules are used for driving hardware or filesystems. So if only the host OS takes care of the annoying problem of hardware driving, it seems to me that is a gain of time. Of course, if you plan to build a firewall (and use the ip* modules), I don’t think that any kind of virtualisation is a good idea anyway.
3) if you have an exploitable kernel bug, every virtual machine is compromised
Yes, exactly. And that’s a good thing because you only need to take care of one kernel (and spend time tuning it). With Xen or VmWare, each virtual server has his own kernel and his own version, so you need to take care of several kernel, and different kernel version, and you cannot spend a long time trying to tune each of them…
4) since there is no virtual machine abstraction, installing and managing the virtual systems is very different from the way normal systems are managed
Oh, my God, what a troll ;-). It’s not different at all from managing a normal system. Most of our users (developpers who have root access) doesn’t even know that they are working an vserver: they install, configure, tune things the same way they do on real server. And FYI, the vserver technology is used by several hosting company, because it can provide access for the customer to a complete server for the cost of a shared server.
I’m sure that vserver is not the absolute and perfect solution for every needs, but in case of hosting of internet and intranet applications, vserver is a very nice and low cost solution.
Vserver is a not a true hypervisor and does not provide fine grained access control. Linking to IP does not sit well with MAC based security systems such as SELinux
Loading different kernels and modules is especially critical for many users. Vserver might be good for some use cases but it doesnt address virtualisation comprehensively
Vserver is not even proposed or discussed for merger with upstream kernel and one off patches are not well integrated, peer reviewed, tested and maintained as a upstream solution
>Vserver is a not a true hypervisor and does not provide
>fine grained access control. Linking to IP does not sit
>well with MAC based security systems such as SELinux
Yes, in this very particular case, if you base your security on MAC adress, vserver won’t be good for you.
>Loading different kernels and modules is especially
>critical for many users.
In my case, very few users, if any, does need special kernels or modules. They only want to install and configure their PHP and JAVA applications. After all, they’re “real” users.
>Vserver might be good for some use cases but it doesnt
>address virtualisation comprehensively
As said before, from the point of view of the user, everything, but the kernel and modules, works exactly the same as a real server.
And as said before as well, I’m sure that vserver is not a perfect solution for everybody, but it’s a very lightweight solution that uses a lot of standard Linux functions (chroot, IP aliases) and a relatively light patch (~19k lines).
>Vserver is not even proposed or discussed for merger
>with upstream kernel and one off patches are not well
>integrated, peer reviewed, tested and maintained as a
>upstream solution
Yes, people doesn’t push it for inclusion on the upstream kernel, but that doesn’t make it a bad quality product. It has been developped and maintained for severeal years now.
But, anyway, what I think is that I presented the advantages of this very useful solution and Rahul is my “devil’s advocate” on this 😉 (thank you to you Rahul for presenting the disadvantages of it ), so people can have a look on the both side of the coin.
So if you want an objective presentation on vserver (advantages and disadvantages), you should have a look on the wikipedia page:
http://en.wikipedia.org/wiki/Linux-VServer
if you have an exploitable kernel bug, every virtual machine is compromised
If you have an exploitable kernel bug present in the OS you are running that exploit will work no matter how many instances of the OS you have. With VServer there is one OS instance, with Xen there are many. If there is a bug in the OS it just means that you will have to break into each domain individually using the exploit.