• Immutable Page
  • Info
  • Attachments

Linux-VServer

  1. The Linux-VServer approach
    1. Abstract
    2. Introduction
    3. Concept
    4. Isolation vs. Virtualization
      1. Isolation
      2. Virtualization
    5. Features
    6. Supported Hardware
    7. Distributions
    8. More info

Linux-VServer provides virtualization for GNU/Linux systems. This is accomplished by kernel level isolation. It allows to run multiple virtual units at once. Those units are sufficiently isolated to guarantee the required security, but utilize available resources efficiently, as they run on the same kernel.

The Linux-VServer approach

Abstract

The Linux-VServer technology is a soft partitioning concept based on Security Contexts which permits the creation of many independent Virtual Private Servers (VPS) that run simultaneously on a single physical server at full speed, efficiently sharing hardware resources.

A VPS provides an almost identical operating environment as a conventional Linux server. All services, such as ssh, mail, web and database servers can be started on such a VPS, without (or in special cases with only minimal) modification, just like on any real server.

Each VPS has its own user account database and root password and is isolated from other virtual servers, except for the fact that they share the same hardware resources.

Introduction

Over the years, computers have become sufficiently powerful to use virtualization to create the illusion of many smaller virtual machines, each running a separate operating system instance.

There are several kinds of Virtual Machines (VMs) which provide similar features, but differ in the degree of abstraction and the methods used for virtualization.

Most of them accomplish what they do by emulating some real or fictional hardware, which in turn requires real resources from the Host System (the machine running the VMs). This approach, used by most System Emulators (like QEMU or Bochs), allows the emulator to run an arbitrary Guest Operating System, even for a different architecture (CPU and hardware). No modifications need to be made to the Guest OS because it isn't aware of the fact that it isn't running on real hardware.

Some System Emulators (including Paravirtualization) require small modifications or specialized drivers to be added to the Host or Guest system to improve performance and minimize the overhead required for the hardware emulation. Although this significantly improves efficiency, there are still large amounts of resources being wasted in caches and mediation between Guest and Host (examples for this approach are UML and Xen).

But suppose you do not want to run many different Operating Systems simultaneously on a single box? Most applications running on a server do not require hardware access or kernel level code, and could easily share a machine with others, if they could be separated and secured...

Concept

At a basic level, a Linux server consists of three building blocks: hardware, kernel and applications. The hardware usually depends on the provider or system maintainer, and, while it has a big influence on the overall performance, it cannot be changed that easily, and will likely differ from one setup to another.

The main purpose of the kernel is to build an abstraction layer on top of the hardware to allow processes (applications) to work with and operate on resources (data) without knowing the details of the underlying hardware. Ideally, those processes would be completely hardware agnostic, by being written in an interpreted language and therefore not requiring any hardware-specific knowledge.

Given that a system has enough resources to drive ten times the number of applications a single Linux server would usually require, why not put ten servers on that box, which will then share the available resources in an efficient manner?

Most server applications (e.g. httpd) will assume that it is the only application providing a particular service, and usually will also assume a certain filesystem layout and environment. This dictates that similar or identical services running on the same physical server but differing only in their addresses (for example), must be coordinated. This typically requires a great deal of administrative work which can lead to reduced system stability and security.

The basic concept of the Linux-VServer solution is to separate the user-space environment into distinct units (Virtual Private Servers) in such a way that each VPS looks and feels like a real server to the processes contained within.

Although different Linux distributions use (sometimes heavily) patched kernels to provide special support for unusual hardware or extra functionality, most Linux distributions are not tied to a special kernel.

Linux-VServer uses this fact to allow several distributions, to be run simultaneously on a single, shared kernel, without direct access to the hardware, and share the resources in a very efficient way.

That said, you may have already figured out that Linux-VServer uses Operating System-level virtualization ;-)

Isolation vs. Virtualization

For performance reasons, certain components are not completely virtualized but utilize isolation to guarantee that one unit cannot affect the other

Isolation

  • user/process spaces

  • network space

  • ipc/uts spaces

Virtualization

  • userspace information and visibility

  • disk space and memory

  • init pid

Features

  • persistent filesystem tagging

  • copy on write (CoW) link breaking

  • network/template based guest creation

  • resource limits and extensive capability system

  • fair/hard scheduler with minimal overhead

Supported Hardware

basically all linux architectures are supported, but not all of them are extensively tested (mostly because of lack of hardware), the following are known to work:

  • alpha

  • i386 and higher (and compatible)

  • ia32 / ia64

  • mips / mips64

  • hppa / hppa64

  • ppc / ppc64

  • sparc / sparc64

  • s390 / s390x

  • x86_64 (AMD64)

  • uml/xen

Distributions

Linux-VServer is distribution agnostic, so basically all combinations of host/guest distros can be used, nevertheless, certain guest distros have better support than others ...

More info

Home page: http://linux-vserver.org/

Wikipedia: http://en.wikipedia.org/wiki/Linux-VServer


FrontPage

Tell others about this page:

last edited 2007-08-03 17:19:39 by HerbertPƶtzl