OS Virtualization Interview 184
VirtualizationBuff writes "KernelTrap has a fascinating interview with Andrey Savochkin, the lead developer of the OpenVZ server virtualization project. In the interview Savochkin goes into great detail about how virtualization works, and why OpenVZ outshines the competition, comparing it to VServer, Xen and User Mode Linux. Regarding virtualization, Savochkin describes it as the next big step, 'comparable with the step between single-user and multi-user systems.' Savochkin is now focused on getting OpenVZ merged into the mainline Linux kernel."
I'm not convinced... (Score:2, Interesting)
Re:I'm not convinced... (Score:3, Insightful)
Re:I'm not convinced... (Score:2)
Re:I'm not convinced... (Score:2)
Re:I'm not convinced... (Score:2)
Re:I'm not convinced... (Score:3, Interesting)
via envy24, cirrus logic cs4630... (Score:2)
As a bonus the envy24 has very flexible hardware mixing and routing too... so you could actually have 4 different OSs running with 4 different stereo output pairs on the same card (check the Midiman 1010 for an example of the requisite hardware incantation for 8 mono outputs).
Errr, no. (Score:2)
Starting and stopping sounds, music and straight matrix mixing them is computationally simple and does not require anything resembling "pipelines" or multiple chips or any of that bullshit. It requires a decent DMA implementation and relatively low-end MAC-capable DSP to get uber-channels. What the envy24 and crystal-sound lines have going for them especially are supe
Re:Yep... (Score:4, Informative)
Virtualization has many advantages in the enterprise and the ability to recover from a virus in your example is one small part of the whole package.
[1] Host servers can share memory between virtual servers, not just the total memory but the memory between machines as well. Very simple example but if you open sol.exe on one of the virtual servers, you will not take up any more total memory on the host machine by opening sol.exe on another virtual server on that same host. The memory is shared between the running virtuals as well. This works great when you have quite a few of the same OS being virtualized on a host. You could run 10 plain vanilia virtual copies of Windows server 2003 and the total memory taken up on the host will be less then 1.5 times more then a single running copy of that OS, not 10x of a single virtual. That example of 10 exact copies is not likely in real life but the common memory is shared which can make up for a significant amount of total memory savings.
Don't let your lack of insight or knowledge of the capabilities of virtualization get in the way of your opinions
Re:Yep... (Score:2)
In the new senario, any one server failure will simply result in the VMs being down for moments (we're not paying for the expensive up all the time jazz, hard enough to get the money for this project).
When it is time to upgrade, we simply roll in faster hardwa
Re:Yep... (Score:2, Interesting)
Re:I'm not convinced... (Score:5, Insightful)
Indeed! (Score:2, Offtopic)
Re:Indeed! (Score:3, Funny)
Re:I'm not convinced... (Score:2, Insightful)
If windows apps (or group of apps) were virtualized, we could use activex webpages without having to worry about spyware. Just close the virtualization window and it's gone.
The same for e-mail, if you restrict write access only to the mail files, and all spawned process from the e-mail were virtualized. If it screws up, the most you lose is your e-mail, but
Re:I'm not convinced... (Score:2, Insightful)
I guess the true question is: Which solution is more likely to get attention ? Whiz-bang virtualization will probably win, since it seems very few people in this world have the patience and discipline to writ
Re:I'm not convinced... (Score:3)
No, it isn't. Didn't you RTF... oh, right, this is slashdot. Nevermind.
Re:I'm not convinced... (Score:2)
That's right. But how many do? I mean, it's not as if most application developers deliberately set out to write buggy insecure software.
Being able to, say, bring up a perferences dialog and totally sandbox an application would be cool. After all, do you really trust that utility you just downloaded? Should that browser have full access to your system.
And as to "booting a sub-OS", you obviously haven't used an OS 9 "Classic" app on OS X. You just doubl
Re:I'm not convinced... (Score:2)
Re:I'm not convinced... (Score:2)
On more than one occasion, I've trolled the warez sites for a "key generator". These are programs that you run that give you a workable key for a particular software product - but they are almost ALWAYS loaded with spyware and other easter eggs.
But, with VMWare, it's no big deal. Take a snapshot, download the generator & run, write d
This could be Microsoft's or Apple's future (Score:2)
Re:I'm not convinced... (Score:5, Insightful)
The student logs in and a disk image runs their OS of choice, they don't have to reboot or know much, they just click an icon saying which OS, which instantly is presented to them. A batch process manager removes the load from the distributed experiment from their machine.
Or, perhaps something that's already fielded. You're a graduate student, and want to emulate 1000 compute nodes for a distributed computing experiment, you log into emulab, and tell the 50 that you've signed up for to boot 20 OS's a piece, and emulate a 1000 node network.
Or, perhaps you're studying viruses (this has also been done), and want to build an Internet scale honeynet.
Or, perhaps you're running a large server farm. You want an easy way to load balance a multitude of services, so you can run something that looks like 100 servers on perhaps 50. By dynamically balancing across nodes, services can automatically adjust themselves, independently of mechanisms built into their software (to some degree). When you want to add new hardware to the network, you just plug in the machine, and tasks start being farmed to it. When you want to retire some, you just tell the manager to stop moving tasks onto that machine, and wait for the tasks on that machine to move off.
Briefly put, VMMs rock. You have to think outside of "geeks playing with VMWare" to really see the interesting applications though.
Could someone explain briefly what it is? (Score:2)
http://en.wikipedia.org/wiki/Virtualization [wikipedia.org]
Does virtualization basically run multiple OSes on one box? Make one computer appear to be 2, or 3, or n?
Steve
Yep (Score:3, Informative)
Another big advantage is that the virtualization provides a common "hardware" layer. For example, every VMWare "machine" sees standard VMWare "hardware", no matter what kind of metal it's actual
Correction (Score:2)
Re:Correction (Score:2)
Re:Could someone explain briefly what it is? (Score:2)
The cool part comes in what one chooses to do with this. See, now the operating system sets on something that in its simplest sense does this... but one can build more interesting things into the VMM that allow it to do things like snapshot the entire running operating system and move it across
Wow, very cool... (Score:2)
I think this is an awesome way to run a web browser - just destroy the virtual machine every time you are done browsing and you greatly minimize infection possibilities.
Steve
Re:I'm not convinced... (Score:2)
Re:There is a performance cost (Score:2)
Even as such, most of the really exciting technologies that are being brought i
Re:I'm not convinced... (Score:3, Insightful)
Allow me to introduce you to the world of Big Business: upper management want the Big Business pay check but, post dot-bomb bubble, they want none of the penalties associated with taking a risk. So you have the "one application per box" mentality. All of a sudden, you've got 20 boxes running at 5 percent utilization.
Can you see where virtualization would provide "virtually" the same thing with better cost efficiency?
Make no
Re:I'm not convinced... (Score:2)
I'm a performance tester who has had to completely reinvent how we do business thanks to virtualization. How do you give assurances to an application that they will perform adequately in a virtual environment when by definition performance will always be dynamic?
The primary approach we have had to take was to stop looking at whether an app will perform on a virtual machine, and start looking at whether or not it will be cost effective for the app t
Re:I'm not convinced... (Score:2, Interesting)
I know some people who use Virtuozzo, OpenVZ or Linux-VServer to host a single VPS. This does not makes sense from the first sight, does it? What about the second?..
The idea is virtualization (OS-level virtualization) provides some benefits without sacrificing much of anything. So what it provides?
Virtual Environment (VE) do not depend on the hardware, so you can move a VE to another box without changing anything. Every sysadmin will love that. No need to edit /etc/fstab or /etc/modprobe.conf.
VE can b
Re:I'm not convinced... - DON"T BE MYOPIC (Score:3, Insightful)
A server consumes 400 W at idle and 500 W when all 4 processors are pegged at 100% utilization. If I take 4 servers that normally
Re:I'm not convinced... - DON"T BE MYOPIC (Score:2)
A better way to do what you suggest would be figuring out some way to run all of those "virtual" machines/applications in a cluster so that if one gets
Re:I'm not convinced... - DON"T BE MYOPIC (Score:2)
Re:I'm not convinced... - DON"T BE MYOPIC (Score:2)
It takes a much different set of administration skills to manage systems like these than it does lots of distributed boxen. I can't admit that I know all of the problems and issues, but there are many. I know that at my last job, we had a lot of systems that were performing very poorly (s
Re:I'm not convinced... (Score:2)
Virtualization is great on servers (Score:2)
We make use of virtualization at my company all the time. When we need to prototype something or even need to deploy a production server application quickly we just take one of our pre-rolled skeleton installs of either Debian or Windows Server 2003, copy it and start it up. We can then just install whatever needs to be installed and we have a new "server" up within a few minutes with no need to purchase new hardware. When a particular physical server gets too busy we can buy a new one and easily migrate a
Re:I'm not convinced... (Score:2)
OT question (Score:2, Insightful)
Tom
Re:OT question (Score:4, Informative)
In this case it's an OSS version of a closed-source product called Virtuozzo, commonly abbreviated VZ. I think it's a perfectly descriptive name.
Re:OT question (Score:2)
If it's a clean-house implementation then it's not strictly based on it.
Call it something else like Vzeeforefree!
Dunno just annoyed at people abusing the OSS blanket for publicity.
Tom
Re:OT question (Score:2)
Where do you think Firefox came from? Do you think releasing Mozilla was abusive?
I don't think everything needs to be done for wholely untainted altruistic reasons. It's not like they're throwing out some old bones to chew on. This is an actual useful bit of software.
Re:OT question (Score:2)
Tom
Re:OT question (Score:2)
You consider it abuse when they call it Open even when it's a real product being released under a real OSS license. Under what circumstances would you consider the word "Open" to be NOT abusive?
Re:OT question (Score:3, Insightful)
1. How much does it cost to license
2. How much does it cost to setup
3. What does it solve any better than what we already have.
Tom
Re:OT question (Score:2)
Re:OT question (Score:3, Insightful)
Re:OT question (Score:2)
I guess the supplier (IBM/HP/Dell whatever) is usually accountable for any breakage that occurs. Failing that, you can call any of the billions of small tech shops that fix Windows installations for enourmous amounts of cash (I used to work for one
Re:OT question (Score:3, Insightful)
Re:OT question (Score:2)
If everyone else is using Windows, and you want to use Linux, you're the black sheep, so they blame you. On the other hand, if Windows has a glitch, you whine about Windows a bit, and then everyone else on the planet does (because you better be running the identical configuration or, again, it's your fault).
Re:OT question (Score:2)
Got no problem, I always blame Linus anyway
Re:OT question (Score:2)
Re:OT question (Score:2)
Re:OT question (Score:2)
(I'm not a windows user btw, I'm just saying that's what management does these days.)
Re:OT question (Score:2)
It's called personal responsibility.
Unfortunately all too many people want the credit for writing OSS [no matter how shoddy] but don't want the actual work of supporting it. How many OSS projects are known for their stellar documentation and 24 hour turnaround e-mail support?
Not that the commercial world is any better. I mean who do I write to, to get a behaviour in MS Word changed?
Tom
Re:OT question (Score:2)
4. How much the software costs to maintain over its lifetime. Administration, for example.
5. The downtime, if any, for upgrades. How much and what is the cost?
6. How new is the software? Could the software in it's current state run for as long as needed with the exception of significant performance improvements or security updates? If not, #5 comes into play.
A bit of bias... (Score:5, Informative)
Of course, Andrey works for the software company that wrote this thing, and their closed full-featured flavor, Virtuozzo. The VZ method is a good one, and has excellent performance, but it has its drawbacks, too. Personally, I don't like that my VPSes need to use my VPS provider's kernel, which lacks features I desperately want (like stateful iptables matching), and which forces me to reboot whenever they upgrade their kernel (my VPS can't be migrated to a host running a different kernel), and I can't upgrade until my provider does.
VServer, Xen, and UML all make different tradeoffs. VZ goes for performance. Saying one outshines the others is just trolling. That's mostly on the part of the
I don't want to crap on the OpenVZ project. They're working on very cool stuff, and I applaud SWSoft for opening the thing up. I just want people to keep the comparisons in context.
Linode (Score:2)
Re:Linode (Score:2)
UML really does have performance issues. (Score:2)
OS virtualization (Score:5, Insightful)
Plus you can't run different operating systems on each virtual machine.
It does have some positive benefits, it all really depends on what you are doing. I like the security of Xen and VMware better though.
Perhaps they haven't heard, but Xen 3 is stable (Score:5, Informative)
Indeed, Xen 3 has been stable long enough that they're presently at 3.0.2. It's not prerelease anymore, and support for x86_64 and hardware-supported virtualization has been out and about for a while. I have semi-production (used by in-house staff only, but there are folks who can't work if it's down) systems running on Xen3 x86_64 DomUs, and the host they're on has been up (and running unattended) for 117 days now.
Sun has a OpenSolaris port to Xen (though I think it may be in-house-only still), and I have some good friends working on a microkernel OS targeted at embedded operation with a Xen DomU port pending (such that they -- and people working on it -- will be able to run it in parallel with the OS they use as their development platform). Being able to run more than one kernel -- indeed, more than one operating system -- is a big plus on the Xen side of things.
Re:Perhaps they haven't heard, but Xen 3 is stable (Score:2)
Re:Perhaps they haven't heard, but Xen 3 is stable (Score:2)
Re:Perhaps they haven't heard, but Xen 3 is stable (Score:2)
Barely counts. No disk I/O on Xen 3, no x86_64 support, no live migration... etc. It isn't usable, so I don't consider it released.
Imagine ... (Score:3, Funny)
Re:Imagine ... (Score:2)
Imagine playing solitaire on that !
Virtualization success (Score:2, Insightful)
Xen misconceptions (Score:3, Informative)
Re:Xen misconceptions (Score:2, Informative)
Re:Xen misconceptions (Score:2)
Can and do
Haven't used it as the root filesystem yet (just as a shared filesystem between domains), but when I do I will (in theory) be able to have 1 filesystem with 'per node symlinks' (ocfs2 calls them something else but that's what they are) so each node/domain can have a separate
Re:Xen misconceptions (Score:2)
Re:Xen misconceptions (Score:2)
The reason for virtualization is to solve different problems:
true isolation between nodes (with vservers other users can often bind to your ips etc)
resource limitation
ability to run differently-configured kernels, or even different operating systems
virtualisation (Score:2, Informative)
hardware that benefits from the aforementioned age-old mainframe technology
Yeah, but... (Score:2)
The great benefit of hardware level virtualization is that you can upgrade one app and one environment at a time. If app-"A" needs Linux 2.4 because that is what Oracle supports - fine, no problem. But if app-"B" needs to upgrade to Linux 2.6 because its reporting suite must have that version, that is ok too.
It seems to me that OS-l
Re:Yeah, but... (Score:2)
It depends on the application. If you're talking about a web host running lots of web servers it might make sense to use this approach, since the guest systems are likely to be very similar if not the same.
Re:Yeah, but... (Score:2)
"Virtualization" - in a sense (Score:3, Informative)
Easier management for vertical stacking of applications on a machine.
And, yes, it is VERY useful.
Not for typical home use though. At home, I use VMWare for virtualization, QEMU to run foreign code, and BOCHS to test x86 assembly sequences, all of which I do frequently. Stacking? Not so much, because my main server is a dual PPRO with 128MB -- httpd, imapd, file services, time services, etc. Not a heavy load (104 processes, easy enough to manage manually).
Ratboy.
FreeBSD Jails (Score:3, Interesting)
In what ways is OpenVZ different? I also wonder what their "commercial offering" adds... but i'm too lazy to look.
I run FreeBSD jails on my box for testing purposes. It's extremely easy to setup and administer, especially with many helper scripts available these days.
I am loving the simplicity of ezjail [erdgeist.org]. The coolest thing about it (besides the utter simplicity), is that it creates a "base jail" containing an entire FreeBSD install. From there it uses tricks with nullfs to mount parts of that base iinto jail 'instances'... this means each new jail takes only 2 megs of additional space, and about 1 second to create. It also adds security in that the base system remains absolutely read-only, while still permitting customisation and additional software to be installed in the jail.
I need a new virtual server to test my software:
Then run the ezjail startup script. And SSH in to my new virtual server. (Note: i set up the default server template to enable SSH and a few default logins... very easy to do. One does not need to use SSH; one can get into the jail environment a few different ways.)
History again repeats itself.. (Score:5, Informative)
CMS itself provided some limited simulation of IBM's two other mainframe operating systems OS/360 and DOS. Enough that one could write simple OS or DOS programs and do at least some unit testing. The simulation by CMS was by providing a limited set of the OS and DOS API.
Unlike MVS or DOS, (or even the CP/M, Windows, or *nix families) VM/CP itself does not provide many services directly. VM/CP does not provide any filesystems, any application APIs, etc. All VM/CP really did was to provide a barebone virtual machine and only provide those services one would find on the bare hardware. It was the responsibilty of the operating system running within the virtual machine to provide the application API, filesystems, application memory management, etc. Communication between vm's were originally only via the raw hardware model (channel-to-channel adapters, shared disk volumes, and a method of "punching" virtual cards and sending the virtual cards to another vm's virtual card reader.) As time progressed, VM/CP did provide some API's that allowed very simple messaging between two vm's (first VMCF - Virtual Machine Communication Facility, and then IUCV - Inter User Communication Vehicle).
Early on it was "discovered" that the virtual machine model made a lot of sense as a method to implement VM services. For example if one were to look at a modern VM system, you would see that the entire native VM TCP/IP stack is managed within a small collection of vm's. (Under VM/CP, a vm is called a "userid"). The native VM TCP/IP stack consists of a TCPIP userid that manages the network interface devices, and the TELNET server. The FTP userid implements the FTP protocol, etc. Each userid is totally seperate from the rest of the system and from each other (the tcp/ip socket facility "rides" on top of IUCV in a transparent fashion so that a tcp/ip server is coded the same as on *nix).
Because of the facilities provided by CMS, it is fairly easy to write little servers. For example the orginal LISTSERV server http://www.lsoft.com/products/listserv-history.as
If one wants to see what is and has been possible in a virtual machine environment, one should at least look at the history of IBM's VM.
For an excellent history of VM http://www.princeton.edu/~melinda/ [princeton.edu]
and the VMSHARE archive, an early BBS used by VM system adminshttp://vm.marist.edu/~vmshare/ [marist.edu]
Virtualization is the future (Score:2, Insightful)
Re:Virtualization is the future (Score:2)
Re:Virtualization is the future (Score:2)
VMWare and Xen virtualize an entire machine, creating multiple virtual machines, with virtual hardware and all that mess. Openvz just virtualizes an instance of ONE machine, mainly just doing priviledge / resource separation.
Considering that it is MUCH less complicated from a total lines of code POV and uses much fewer resources to operate, openvz seems like it would scale MUCH MUCH more. Don't get me wrong, I like VMWare a lot - been using it since 1.0... But the two product
Re:Virtualization is the future (Score:3, Interesting)
Speaking of complexity, it is indeed complex. Any OS is complex. VMWare itself is very complex. Any stuff that is not trivial is complex.
The questions are: whether it works, and is it maintainable?
Whether it works? OpenVZ and Virtuozzo works just fine -- ask anybody who's using it, get a cheap Virtuozzo VPS from one of the HSP, or just install it on your Linux box and see for yourself.
Is it maintainable? OpenVZ stable kernel is based on Linux kernel 2.6.8 (with tons of backported fixes and driver up
Following a well worn, but very productive, trail (Score:3, Interesting)
It seems to me that the differences in the *nix approaches are mainly whether the abstract machine seen by user written code resembles a hardware machine or some nicer abstract machine.
In all VM approaches the idea that one can freeze an entire system and look at it, or isolate it, or migrate it, is a very valuable one. It's done well for IBM on their mainframes.
As for adding resources on the fly - way, way back (mid 1980's) Robin O'Neil and I did a System V based kernel for the Cray's out at Livermore. We had to run on top of the real OS, so we gave each user his/her own copy of Unix and create a file system that could grow or contract, adding, or removing inodes on the fly. And some of those inodes could reference files held by the underlying OS, thus making strange things, like "df" showing less space on the file system than was shown by a "du" summation of the file sizes in the file system. We published a paper on this at one of various Unix gatherings of the time.
So if we could expand file systems on the fly 20 years ago I don't see why it should be so hard to do today.
Now if we'd just get serious about capability architectures... (Much of the secure OS work of the '70's was done with capability architectures with hardware support such as the old Plessy machines.)
Re:Following a well worn, but very productive, tra (Score:2)
Of course, Linux on zSeries is already out, stable, and effective for S/390 and later zSeries hardware, and plays very nicely with z/VM. The tricky part is doing the same thing on x86 boxes (given the instructiuon set noncompliance with Popek-Goldberg), which is why there are so many projects going at it from so many different angles.
Just Imagine (Score:2)
Imagine that in the future nearly every application will be run inside its own private virtual systems. This will be done to improve security, scalability, etc etc. For very complex applications, this will improve the stability of the system as a whole!
Hate to say it, but it is not true virtualization (Score:2, Insightful)
Basically, I would never jump into separating everything around just to make things safe, unless I look for a fancy way to mess up.
But for sure, this tool can be very useful for some cases.
Price? (Score:3, Insightful)
Re:So it's a VMWare ESX Server clone ? (Score:4, Informative)
Re:It's hot...it's coming...and you are left wonde (Score:2, Informative)
Re:Virtu. Linux/Windows Dual Boot (Score:2)
wouldn't be the first time [taborcommunications.com]
Re:Obvious question: containers (Score:2, Interesting)
Very short answer -- Solaris Containers is the same technology as OpenVZ or VServer. Their isolation is OK as well, their resource management is worse than that in OpenVZ. There are some system-wide resources that you can not limit for a containter -- which can create problem if an application inside a containter goes crazy (or a container is owned by a c00l ha>
Remember, Solaris Containers are a recent feature, while Virtuozzo was available as a product since year 2001. So, Solaris is doing the right t
Re:Virtualization is no silver bullet (Score:2, Informative)
Have you actually read the interview?
OpenVZ [openvz.org] provides a kind of virtualization called OS-level virt, or partitioning, or slicing. Basically you divide your Linux box into multiple small linux boxes, called virtual environments (VEs).
In each VE you can have different Linux distro installed. Consider FC4, FC5, CentOS and Debian running on the same box, so you can compile and test you app in all these distros, without a need to reboot or have a dedicated boxes for each of those.
To further understand betw
Re:Virtualization is no silver bullet (Score:2)
Welcome to Slashdot 'kir', where in Microsoft Russia, all your Portmans are gritted by joo, but you missed a interspersed diacritic mark between the conjunctive pronoun in the second sentence.
(If you've been around a while, you'll recognise that
Personally, I think OpenVZ is fantastic - I've heard very good things about Virtuozzo, even that its worth the price, so I'm going to try it out. The only thing that concerns me is the kernel versions, I'd be far happier if a
Exactly Why Virtualization is Good (Score:2, Interesting)
"virtualization is very usefull in a corporate context, eg you want to separate environnements, ease up backups, increase security, have 10 different OSes installed on one server for testing purposes"
You really answered your own question, which is something to respect in the slashdot halls, where an empty question is more common...
To add my own thoughts, though, I'd say that's exactly why I want virtualization, and why I'd rather have it at the hardware level than
Re:Very one-sided (Score:2)
I suspect you're going the wrong way; with the hardware support in VT and Pacifica, Xen and VMWare are going to get a lot faster. It won't be that hard for them to add in features like what you have (particularly for Xen, which is integrated in the Linux kernel), but it will be very hard for you to do what they're doing.
Specialized hardware support is always faster than general-
Re:Very one-sided (Score:2)
VMware gets faster. Xen gets a mode in which it acts more like VMware (can run unmodified operating systems), but is slower than otherwise on account of needing to virtualize drivers rather than having a guest modified to pass requests in an optimal manner. OpenVZ still wins for performance, while Xen wins for flexibility.