Do you use let's encrypt?





7703 votes ~ 25 comments

 

Choice for Virtual Private Servers?

Posted by Kellen on Sun 8 Jan 2006 at 12:43

For free virtual private servers on linux there are several available choices User Mode Linux (UML), Xen, Linux-VServer and probably many others. If you use one; which did you choose and why?

(We've covered a lot of different Xen articles recently, this seems to be the current favourite).

 

 


Re: Choice for Virtual Private Servers?
Posted by philcore (70.161.xx.xx) on Sun 8 Jan 2006 at 16:04
[ View Weblogs ]
(We've covered a lot of different Xen articles recently, this seems to be the current favourite).
Definitely Steve's current fav. :-)

[ Parent | Reply to this comment ]

Re: Choice for Virtual Private Servers?
Posted by Steve (82.41.xx.xx) on Sun 8 Jan 2006 at 16:55
[ View Steve's Scratchpad | View Weblogs ]

It just works so very nicely. Low overhead, simple to install, trivial to automate and it has a cool name!

Steve

[ Parent | Reply to this comment ]

Re: Choice for Virtual Private Servers?
Posted by undefined (192.91.xx.xx) on Mon 9 Jan 2006 at 23:42
what do you mean by "low overhead"?

in search of a virtualization solution for purposes of security and modularization, but with the low overhead of not consuming memory (RAM & HD) on duplicate data, i recently settled on linux-vserver.

did i miss something in my personal research about xen's efficiency of memory usage or does "low overhead" refer to some other resource (CPU, admin's time, etc)?

thanks.

[ Parent | Reply to this comment ]

Re: Choice for Virtual Private Servers?
Posted by shufla (83.22.xx.xx) on Sun 8 Jan 2006 at 16:07
Hello,

That is important issue. I'm planning some servers which will need virtualization - for developing and deployment. AFAIR Xen would be the best one (servers will be based on Debian or Ubuntu). I'd like to see your some words about your experiences.

Best Regards,
Luke Nowak

[ Parent | Reply to this comment ]

Re: Choice for Virtual Private Servers?
Posted by jooray (85.216.xx.xx) on Sun 8 Jan 2006 at 16:10
Personally, I use linux-vserver, but I've researched on the others and tried them all. Here's my take:
  1. UML is the easiest to install. At this time, it requires no kernel-space changes, it is a user space application. It is as easy as installing some UML linux kernel binary (apt-get install user-mode-linux). You create a new installation using rootstrap, which does not even require root access. So user-mode-linux is entirely a user-space solution. If you want to setup advanced networking or want to have part of your existing filesystem mounted under uml as root, you need root access, but it should require absolutely no kernel modifications or reboots at all. Best for playing with virtual machines. The downside: it's slower than anything else, it's a kernel in userpace running under your kernel, all system calls are emulated. Anyways, I know of several hosting companies using this approach for providing virtual machines, so it's at all not that bad. We also used this at school for linux lessons. Users who do not have root access can boot, reboot, etc. their machines. It's probably best as a learning tool.
  2. Linux-vserver is simply advanced chroot. Very advanced, that is, but essentially you are running one kernel, which is knows, that it hosts several virtual machines. So essentially you can not have different kernel under your virtual machine, but you have different user space, so you can essentially boot different operating systems.

    Linux-vserver needs kernel patch. All utilities are in Debian, nice howto for sarge is here.

    You can limit the usage of ip addresses inside of vserver, you can boot your virtual machines, have different root user, etc. All is safe and sexy. Only downside is, that you are not running different kernel for each virtual machine, which is also the biggest advantage: it's the fastest and most efficient approach.

  3. Xen allows you to run different operating systems. It's a hypervisor, can be farly compared to vmware or qemu, but it essentially does only virtualization, it does not emulate anything. You can either use latest Intel chips, which support virtualization, or you need a patch into both host and "guest" kernels. But you can do things like migrating the machine live from one physical machine to the other, work with hardware resources.

    Since Xen guests run their own kernel, it's not as efficient as Linux-vserver, but it's faster than user mode linux, because there's no emulation.

    Currently, the biggest downside is patching (or installing binary kernels, which I would like to avoid), but it's going to mainstream kernel, so I hope that Xen will be standard under Etch.

  4. Qemu. To be complete, there's also a free processor emulator, called Qemu. It's very useful for testing. I used it for example to build openbsd userland for embedded machine, etc. It runs from userspace. There's also accelerator module, which makes it a lot faster, if running x86 guest on x86 machine. Actually, there are two. One free and one from the original author of qemu, which is proprietary. I have not tried the open-source module, I have not known about the Free one when I needed it, but building proprietary module is as easy as apt-get build-dep qemu && apt-get source qemu, untarring the module in the qemu source directory, enabling it in debian/rules (adding --with-kqemu) and doing fakeroot ./debian/rules binary for creating debian package.

    The main advantage of qemu is, that it allows you to emulate any architecture on any other. So you can run i386 debian userland on PowerPC, etc. I know, that there's a Debian port of it, but in cases you are developing specially targeted userland for one processor, it's quite useful. Networking is also not so easy to setup (different than user-space networking, which does not grant the userland it's own ip address, but for outgoing connections, it works).

    If you don't need advanced networking or accelerator module, you can run qemu entirely from userland, which is very useful - you don't need root access.

I hope this was helpful.

Juraj.

[ Parent | Reply to this comment ]

Posted by jooray (85.216.xx.xx) on Sun 8 Jan 2006 at 16:13
one more thing. I think all of these projects are very useful and cover some of the virtualization areas, so I'm really glad, that all of them exist. If you are taking a decision, really think about Linux-vserver. It's pretty stable and mature and brings little overhead. Most people use Xen because it's what's on slashdot and Debian Administration these days, but most people use it for things, that can be safely done with Linux-vserver with less overhead and easier setup. For real hosting, it's mostly Linux-vserver vs. Xen choice. For testing, developing, ..., it's mostly Qemu vs. UML (vs. Xen if that's possible for you....).

[ Parent | Reply to this comment ]

Re:
Posted by Steve (82.41.xx.xx) on Sun 8 Jan 2006 at 19:50
[ View Steve's Scratchpad | View Weblogs ]

That does seem like a good choice, but having a single shared-kernel does give you some drawbacks. You cannot develop custom kernel modules, for example, without the risk of taking down the complete system.

Also you do have to take precautions when using it. (Minor things such as binding daemons to particular interfaces, rather than all of them).

Personally I rate things, for my needs in the order:

  1. Xen
    • VMWare
  2. Qemu
  3. Linux-vserver
  4. UML

VMWare is tied with Xen as the leader - but slips behind because of its closed nature, and price.

It is certainly nice to see more "competition" in this area, and I'm sure we'll all benefit from it regardless of which system we use.

Steve

[ Parent | Reply to this comment ]

Posted by jooray (85.216.xx.xx) on Sun 8 Jan 2006 at 21:19
yes, binding daemons is an issue.

I said, that for developing, it's better not to use linux-vserver, but for production, it is ideal, because of little overhead (not having multiple kernels).

Depends on the use, that's why it's great to have different approaches and solutions (which would not occur in proprietary world -- in Solaris, you have Zones and you can quite hardly choose anything else -- ok, Solaris is now open-source, but it wasn't for a long time. And it seems we'll have Xen port to solaris sometime soon)...

[ Parent | Reply to this comment ]

linux-vserver fit my needs
Posted by undefined (192.31.xx.xx) on Tue 10 Jan 2006 at 00:24
quickie: as far as i know, the "don't bind daemons to 0.0.0.0" only applies to the host, not to the guests. if you are fully utilizing linux-vserver, there should not be any daemons in the host operating system (except ssh, and ssh's Listen directive is easy enough to use).

anyways...

i wanted virtualization of user-land, like a super-chroot, extending into networking. i wanted to separate my daemons so a root exploit in one doesn't compromise all of them. but i also wanted the implementation to be as efficient as possible in terms of system memory and persistent storage. if i run 10 apache instances in 10 different virtual environments it should be as efficient as running 10 apaches instances in a single environment. i also wanted to provide different environments for thin clients (remote x, nx, or vnc), so that i could use debian testing while others use ubuntu or debian stable, but this is a lesser requirement yet untested.

so far i have only implemented linux-vserver for daemon separation and for this linux-vserver works well. i currently have apache (dynamic content), thttpd (static content), mysql, jabber, and exim set up, with courier-imap, samba, cups, and others to follow. apache is installed in several vservers, one for each web application (moin, webcalendar, squirrelmail, phpmyadmin, cacti, etc), but it's actually the same apache by way of hardlinks (automatically using vhashify). as currently all my vservers are based on sarge, the basic filesystem (/usr, /bin, /lib) is mostly shared between all the vservers. this means reduced duplication on the hard drive and in memory (like with shared libraries).

and migrating vservers from one server to another is as easy as stopping the vserver, tarballing its installation and configuration directories, moving the tarball to another machine, extracting the tarball, and starting it back up. that's mobile enough for me to migrate to a new server on an application basis.

hopefully elaborating on my needs, requirements, and experiences with linux-vserver will help somebody determine if linux-vserver is right for them.

[ Parent | Reply to this comment ]

Re: linux-vserver fit my needs
Posted by undefined (192.91.xx.xx) on Tue 10 Jan 2006 at 16:02
okay, i'm replying to myself, but after "sleeping on it" i decided to post some of the risks of linux-vserver (which are not problems themselves, but can cause problems).

linux-vserver, compared to xen, seems to have a smaller development team. xen has a company supporting it; linux-vserver has a smaller number of developers. assuming all developers are equal, a fewer number of developers would have to leave linux-vserver than xen to disrupt, or even halt, the project.

xen is part of the official linux kernel sources; linux-vserver is not. linux-vserver is maintained as a patch to the official kernel. this paired with the frequent changes in the 2.6 kernel means that the linux-vserver patch lags behind the official kernel releases by a few days and doesn't apply cleanly to any other version. the patch also rarely applies cleanly to distributions' kernels as distributions do not account for linux-vserver when merging their own patches into their kernel for release.

the size of the development team and the out-of-tree nature of linux-vserver are not necessarily problems, but can cause problems in the long-term (if this is a technology a company wants to standardize on for years).

[ Parent | Reply to this comment ]

Re: Choice for Virtual Private Servers?
Posted by Kellen (85.178.xx.xx) on Sun 8 Jan 2006 at 19:41
[ View Weblogs ]
Thanks, this is exactly the kind of run-down I was looking for. <3

[ Parent | Reply to this comment ]

Re: Choice for Virtual Private Servers?
Posted by Anonymous (222.154.xx.xx) on Tue 10 Jan 2006 at 04:45
UML looks to be moribund. I fought long and hard for several days to get it to work under Debian testing and a 2.6 kernel to no avail. It might be ok with 2.4 and Sarge, but not for my needs.

Also, Xen wasn't working against testing when using udev - udev is experiencing a high turn over in code and improvements which makes it a slippery dependency.

I ened up using vserver as it's good enough for my needs and actually worked :-)

John.

[ Parent | Reply to this comment ]

Re: Choice for Virtual Private Servers?
Posted by Anonymous (129.16.xx.xx) on Tue 10 Jan 2006 at 09:52
I recently set up UML with kernel 2.6. It was not difficult at all. I only applied the (optional) SKAS patch to my host kernel and used make-kpkg to build both kernels. This document helped a lot:
http://www.golden-gryphon.com/software/security/selinux-uml.xhtml

[ Parent | Reply to this comment ]

Re: Choice for Virtual Private Servers?
Posted by Anonymous (195.35.xx.xx) on Thu 12 Jan 2006 at 14:40
Do you have any idea how these compare whith Solaris' zones?

BertJan

[ Parent | Reply to this comment ]

Re: Choice for Virtual Private Servers?
Posted by Anonymous (194.149.xx.xx) on Tue 21 Feb 2006 at 20:01
qemu networking is quite simple. (tun/tap networking and support within kernel)
---/etc/network/interfaces

# The loopback network interface
auto lo
iface lo inet loopback


# The primary bridged network interface
auto br0
iface br0 inet dhcp
bridge_ports eth0
bridge_ageing 30
bridge_fd 1
bridge_hello 1
bridge_maxage 2
bridge_maxwait 3

---cut here

exec qemu -hda /qemu/qemu-hda.img -hdc /qemu/q1swap -boot c -n /usr/local/bin/qemutun -m 255 -nographic -macaddr whatever

---/usr/local/bin/qemutun

sudo /sbin/ifconfig $1 up
sudo /usr/sbin/brctl delif br0 $1
sleep 1
sudo /usr/sbin/brctl addif br0 $1

[ Parent | Reply to this comment ]

Re: Choice for Virtual Private Servers?
Posted by Anonymous (86.135.xx.xx) on Sun 8 Jan 2006 at 18:59
can any one list of available vitual private servers in linux other than these three

[ Parent | Reply to this comment ]

Re: Choice for Virtual Private Servers?
Posted by Kellen (85.178.xx.xx) on Mon 9 Jan 2006 at 00:45
[ View Weblogs ]
See this wikipedia entry. Also QEmu and VMWare have been mentioned.

[ Parent | Reply to this comment ]

Re: Choice for Virtual Private Servers?
Posted by Anonymous (84.101.xx.xx) on Thu 20 Jul 2006 at 11:00
You have OpenVZ, xen, uml, vmware, vserver, and so on...

[ Parent | Reply to this comment ]

Why not two at a time?
Posted by Anonymous (24.118.xx.xx) on Sun 8 Jan 2006 at 19:33
I've been using Xen for quite some time now on a single piece of physical hardware and love having multiple virtual machines available. One intriguing idea I've seen discussed on the Xen mailing list is combining Xen and VServer, with VServer running inside a Xen'ified kernel. This gives you broad segmentation of your hardware using Xen, plus fine-grained segmentation inside a single virtual machine using VServer.

With this combination I would have Xen supporting a mix of different Linux or BSD virtual machines (e.g., one running Ubuntu for my desktop using VNC, one with Debian Stable for production services, one with Debian Unstable for development), while using VServer inside the "production services" Xen domain to keep my Apache services securely separated from my Exim services by using separate security contexts.

I haven't gotten around to implementing myself, so I'm curious if anyone has first-hand experience to report.

[ Parent | Reply to this comment ]

Re: Why not two at a time?
Posted by jooray (85.216.xx.xx) on Sun 8 Jan 2006 at 21:16
should work, but please note, that linux-vserver is a patch, that touches almost everything in the kernel. That means, that it's very difficult to combine linux-vserver with other patches (such as grsecurity and probably also xen, I haven't tried), so you will probably end with manual merging and at least a little C coding is required for the merge to work....

[ Parent | Reply to this comment ]

Re: Choice for Virtual Private Servers?
Posted by ajayet (82.216.xx.xx) on Sun 8 Jan 2006 at 21:44
Hello,

i'm using linux v-server since few times for testing, i think it's an easy to install solution for virtualization especially for services which don't need advanced networking features like web hosting, smtp, pop/imap server. You can find good documentations (like step-by-step) on http://linux-vserver.org/ and mailing-list is pretty active.

At present, i don't use linux v-server in production environnement , but i plan to do it as soon as possible. My essential use is for doing some tests with copies of production servers and it's very useful !

What about openVZ, Free version based on Virtozzo ?
http://openvz.org/

Does anyone have some good/bad testing/production experiences with openvz ?

best regards,
Arnaud

[ Parent | Reply to this comment ]

Re: Choice for Virtual Private Servers?
Posted by Kellen (85.178.xx.xx) on Mon 9 Jan 2006 at 00:39
[ View Weblogs ]
Any chance you can elaborate on how you need "advanced networking" for web hosting? Is it just differentiating which vserver should get what data?

[ Parent | Reply to this comment ]

Re: Choice for Virtual Private Servers?
Posted by Anonymous (84.101.xx.xx) on Thu 20 Jul 2006 at 12:26
Got some : it is very very accurate. One conf file per VPS, tools to let you share your hardware node resources easily, completed and understandable support and user guide. Pretty much reliable than VServer, since it is a kind of free advertising for the Virtuzzo solution -which is not free-.

Cya :3

KXan

[ Parent | Reply to this comment ]

Re: Choice for Virtual Private Servers?
Posted by Anonymous (57.67.xx.xx) on Mon 9 Jan 2006 at 11:39
Hello,

Having only such exotic parisc-linux to test many linux stuff, I don't have yet a lot of choise?

Since a month, I run so Linux-Vserver (development release) with success on 2 32bit up parisc boxes :<), though.

hth,
Joel

[ Parent | Reply to this comment ]

Re: Choice for Virtual Private Servers?
Posted by Anonymous (81.57.xx.xx) on Fri 13 Jan 2006 at 11:31
It will be great to have a up-to-date benchmark on performance of the different solution instead of overhall impression ?

Do someone has done such tests ?

Cheers,

[ Parent | Reply to this comment ]

Re: Choice for Virtual Private Servers?
Posted by philcore (216.54.xx.xx) on Fri 13 Jan 2006 at 13:49
[ View Weblogs ]
LJ has a pretty cool article on Xen and clustering. The author uses debian, too.

http://www.linuxjournal.com/article/8812

[ Parent | Reply to this comment ]

Re: Choice for Virtual Private Servers?
Posted by Anonymous (84.101.xx.xx) on Thu 20 Jul 2006 at 08:48
I've tried both VServer and OpenVZ, conclusion : VServer isn't stable.

[ Parent | Reply to this comment ]

Re: Choice for Virtual Private Servers?
Posted by Anonymous (212.88.xx.xx) on Fri 18 Aug 2006 at 13:12
We are using vserver in production environment for nearly 3 years !
The machines are 24h x 7d running under heavy load. I made a failover-configuration using rsync by myself. As I'm about to upgrade these servers I'm still thinking of using vserver (using san this time).
In these 3 years we had no (0) problems with the servers (except of hardware-issues) at all.
vserver is stable.

regards, daniel

[ Parent | Reply to this comment ]