Virtualization versus jails [was Re: Creating and copying jail
?images]
Oliver Fromme
olli at lurza.secnetix.de
Tue Aug 14 13:20:37 UTC 2007
Angel Martin Alganza wrote:
> Supposing one doesn't need to run different operating systems or even
> different kernel versions of the same OS, are there any advantages of
> virtualization (Xen) over jails? Both can be copied, moved around,
> switched on/off, replaced with almos 0 downtime, etc. What do you
> think about that?
Jails don't give you a perfect separation. Jails still run
under the same kernel as the host system, and if there's a
bug somewhere, you're out of luck. You can also run into
various kinds of resource starvation with jails, i.e. jails
can use up shared resources. All of that isn't possible
(or at least to a much smaller degree) with virtualization
solutions (xen, qemu, vmware, whatever), because they run
the guest systems in a virtual machine with their own
kernel and resources.
Having said that, jails are still a good solution for a
number of things, depending on your needs, and they do have
advantages, too. For example, in general jails have less
overhead than virtual machines, and sometimes you want
sharing of certain resources, e.g. RAM. That's why you
can run thousands of jails on a single server, but when
you need virtual machines, you can usually do only a
dozen or two.
There's also a third possibility: Virtual kernels, such
as the vkernel feature of DragonFly BSD. It does not
emulate a virtual machine, but allows processes to be run
under a completely separate kernel (which itself is
running as a process under the "real" kernel).
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart
FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd
One Unix to rule them all, One Resolver to find them,
One IP to bring them all and in the zone to bind them.
More information about the freebsd-chat
mailing list