While operating system virtualization isnt a new concept—big-iron vendors such as IBM have offered hardware partitioning for some time now—interest in this sort of virtualization has heated up in recent months.
Driving this interest is a proliferation of new virtualization products and technologies that promise to bring security, consolidation and testing benefits to a wider audience—specifically, to organizations running high-volume platforms such as x86 and Advanced Micro Devices Inc.s AMD64.
eWEEK Labs is bullish on operating system virtualization and its potential to boost IT organizations infrastructure flexibility and stretch IT dollars. However, as with any hot technology trend, virtualization carries its share of new challenges, not the least of which are software licensing and system management complexity.
Were tracking two types of operating system virtualization technologies: those that provide a sandbox on a host operating system within which applications can run and those that virtualize an entire operating system instance.
On one end of the virtualization spectrum, theres chroot, a venerable Unix utility that specifies a new root directory for a process and its children, thereby giving chrooted applications a separate place to work where the potential damage they can do is limited.
The simplest places to use chroot are with applications that are preconfigured to work with chroot. For instance, the version of the BIND (Berkeley Internet Name Domain) DNS (Domain Name System) service that Red Hat Inc. ships with its Linux distributions runs by default within a chroot. This means no management resources are necessary beyond the standard host package requirement.
Since Version 4.0, FreeBSD has shipped with a similar feature called Jail, which expands on chroot by enforcing partitioning beyond the file system limits that chroot sets to include separate process spaces and network resources as well.
Sun Microsystems Inc.s Containers feature in Solaris 10 is similar to FreeBSDs Jail, but Sun has paired the Containers feature with compelling resource management facilities.
The Linux Vserver project is another interesting-looking alternative that allows for multiple Linux distributions to run on a single box under the same kernel. Unlike Containers and Jail, however, which are well-integrated with their respective host operating systems, Vserver (which we havent tested) isnt part of the default Linux kernel. It must be implemented with a kernel patch and additional software utilities.
One good thing about the sandbox approach is that it cuts down on overhead. These strategies dont require virtualizing entire systems; rather, they share system calls with the host operating system, so they perform faster than whole-machine-virtualization approaches.
One bad thing about the sandbox approach, at least potentially, follows from the above—the applications youre running in your virtual instance must run on the host system. If your service runs on Linux or Windows, Solaris Containers arent going to do you much good.
Another related drawback of this approach, particularly with Linux, is that applications often require a particular version of the Linux kernel on which to run, and applications that you want to run together on a single machine might have conflicting needs.
However, you can provide applications running in separate sandboxes with separate versions of particular libraries or other system files. For example, we have run 32-bit applications on AMDs AMD64 hardware running a 64-bit operating system by installing those applications in a chroot.
Sandbox-style virtualization and process separation runs only so deep. To gain more independent operating system instances and run, for example, Windows, Linux and Solaris 10 on a single box, youll need to turn to full-machine virtualization.
The biggest name in this space is VMware Inc. The company sells a variety of virtualization options ranging from VMware ESX Server, a Linux distribution tailored to run operating system instances, to VMware GSX Server, which enables the same thing but does so from atop Windows or Linux distributions.
Microsoft Corp.s Virtual Server 2005 works in much the same way, although it requires Windows as a host operating system and does not specifically support non-Microsoft operating systems as guests.
Qemu is an open-source emulator project that does the same thing, but its quite a bit slower than all VMware products.
User Mode Linux, a port of the Linux kernel that makes it possible to run a Linux guest as a process on a Linux host, provides a level of separation similar to what VMware offers but is limited to Linux guests running on Linux .
Xen, an open-source project, also allows separate operating systems to run on a host x86 system, although, currently, the kernel of the guest operating system must be modified to run with Xen.
Virtualizing the entire machine provides great flexibility—you can pair services with your choice of operating system and application stack, and everything can be optimized to best suit the service youre deploying.
Virtual machines present applications with an abstracted hardware layer, which makes it possible to build an operating system instance that can then be run on different types of hardware without driver issues.
Because virtual machine partitions exist as files on the host machine, they can be moved and copied easily, which makes them a good fit for disaster recovery or for deploying multiple instances for service failover.
The biggest downside of this approach is performance. Emulating a whole machine contributes significant processor overhead, and complete operating system instances require more storage and memory than does something such as a Solaris Container.
Also, fuller virtualization renders the guest instance less transparent and less subject to close management by its host.
Although operating system virtualization brings definite management benefits, including potentially fewer physical systems to care for, these technologies present management challenges as well. Virtualized operating system instances and application instances still require care and feeding, such as security updates and bug fixes.
For these chores, good software management tools that are accessible from a command line make life much easier. Weve had success using Debian GNU/ Linux and its APT (Advanced Packaging Tool), which works well over SSH (Secure Shell) sessions for providing remote access to virtual instances.
Virtualization issues to consider
OS virtualization issues to consider
- Licensing Multiple OS and application instances mean multiple licenses and license fees. Software vendors are beginning to take virtualization into account in their licensing schemes, but youll need to ensure that youre entitled to run the number and types of instances youre deploying. Open-source software, with its permissive licensing, offers a good way to avoid licensing troubles.
- Performance Virtualization carries with it additional performance overhead. Administrators must make sure that their virtually deployed services have enough horsepower available to take care of business.
- Management Having fewer physical boxes to care for is a management boon, but virtualized OS and application instances require their own separate software updates—a task that grows in complexity when youre dealing with different OSes and OS versions. Make sure your system management toolbox is in order before launching into a virtualization project.
- Compatibility Virtualization is great for running applications with conflicting library or kernel requirements side by side, but most applications arent designed with virtualized hardware in mind. Conduct testing to make sure that your software behaves as expected when its deployed in a virtual environment.
- Implementation There seem to be more virtualization options now than ever, but some of the options, particularly the open-source ones, require significant tweaking to get up and running properly. Evaluate the quality of the documentation and support resources—whether theyre commercial or community-provided—before deploying any systems to production, but keep your eyes open for new developments.
Senior Analyst Jason Brooks can be reached at [email protected].
Check out eWEEK.coms for the latest utility computing news, reviews and analysis.