VirtualizationVirtualization ofof LinuxLinux basedbased computers:computers: thethe LinuxLinux--VServerVServer projectproject
BenoBenoîîtt desdes Ligneris,Ligneris, Ph.Ph. D.D.
[email protected] Objectives:Objectives: Objectives:Objectives:
1)1) PresentPresent thethe availableavailable programsprograms thatthat cancan provideprovide aa virtualizationvirtualization ofof LinuxLinux computerscomputers withwith differentdifferent technologies.technologies. Objectives:Objectives:
1)1) PresentPresent thethe availableavailable programsprograms thatthat cancan provideprovide aa virtualizationvirtualization ofof LinuxLinux computerscomputers withwith differentdifferent technologies.technologies.
2)2) FocusFocus onon LinuxLinux--VServers:VServers: aa veryvery lightweightlightweight andand effectiveeffective technologytechnology forfor thethe regularregular LinuxLinux useruser notnot interstedintersted inin KernelKernel hacking.hacking. PlanPlan PlanPlan
● IntroductionIntroduction PlanPlan
● IntroductionIntroduction
● OverviewOverview ofof thethe availableavailable technologytechnology PlanPlan
● IntroductionIntroduction
● OverviewOverview ofof thethe availableavailable technologytechnology
● ClassificationClassification ofof thethe problems:problems: usageusage criteriacriteria PlanPlan
● IntroductionIntroduction
● OverviewOverview ofof thethe availableavailable technologytechnology
● ClassificationClassification ofof thethe problems:problems: usageusage criteriacriteria
● ComparativeComparative studystudy ofof thethe existingexisting technologytechnology PlanPlan
● IntroductionIntroduction
● OverviewOverview ofof thethe availableavailable technologytechnology
● ClassificationClassification ofof thethe problems:problems: usageusage criteriacriteria
● ComparativeComparative studystudy ofof thethe existingexisting technologytechnology
● TechnologyTechnology overviewoverview ofof LinuxLinux--VServersVServers PlanPlan
● IntroductionIntroduction
● OverviewOverview ofof thethe availableavailable technologytechnology
● ClassificationClassification ofof thethe problems:problems: usageusage criteriacriteria
● ComparativeComparative studystudy ofof thethe existingexisting technologytechnology
● TechnologyTechnology overviewoverview ofof LinuxLinux--VServersVServers
● ConclusionConclusion IntroductionIntroduction IntroductionIntroduction
WhyWhy vservers?vservers? IntroductionIntroduction
WhyWhy vservers?vservers?
➔ Virtualization is now more and more acessible for regular users given the extreme processing power of the current computers IntroductionIntroduction
WhyWhy vservers?vservers?
➔ Virtualization is now more and more acessible for regular users given the extreme processing power of the current computers
➔ The availability of COTS multi-processor 64 bit architecture accelerates the needs for a mature virtualization technique, as it's more and more difficult for a common application to use 100% of the available resources IntroductionIntroduction
WhyWhy vservers?vservers?
➔ Virtualization is now more and more acessible for regular users given the extreme processing power of the current computers
➔ The availability of COTS multi-processor 64 bit architecture accelerates the needs for a mature virtualization technique, as it's more and more difficult for a common application to use 100% of the available resources
➔ Virtualization also affect scientific computing and could become, in the near future, the corner stone of the so called «grid computing» as it solves elegantly most of the problems (security, resources consumption) of the current Grid technology OverviewOverview ofof thethe availableavailable technologytechnology OverviewOverview ofof thethe availableavailable technologytechnology
VMwareVMware OverviewOverview ofof thethe availableavailable technologytechnology
VMwareVMware plex86plex86 OverviewOverview ofof thethe availableavailable technologytechnology
VMwareVMware plex86plex86 BochsBochs OverviewOverview ofof thethe availableavailable technologytechnology
VMwareVMware plex86plex86 BochsBochs LinuxLinux--VServersVServers OverviewOverview ofof thethe availableavailable technologytechnology
VMwareVMware plex86plex86 BochsBochs LinuxLinux--VServersVServers UserUser ModeMode LinuxLinux (UML)(UML) OverviewOverview ofof thethe availableavailable technologytechnology
VMwareVMware plex86plex86 BochsBochs LinuxLinux--VServersVServers UserUser ModeMode LinuxLinux (UML)(UML) XenXen OverviewOverview ofof thethe availableavailable technologytechnology
VMwareVMware plex86plex86 BochsBochs LinuxLinux--VServersVServers UserUser ModeMode LinuxLinux (UML)(UML) XenXen QEMUQEMU VMwareVMware VMwareVMware
« Vmware workstation is a powerfull virtual machine software for the desktop. VMware workstation runs multiple operating systems, including Microsoft Windows, Linux and Novell NetWare, simultaneously on a single PC in fully networked, portable virtual machines » http://www.vmware.com/products/ VMwareVMware
➔ ProvideProvide completecomplete multimulti--OSOS emulationemulation onon x86x86 CPUCPU onlyonly VMwareVMware
➔ ProvideProvide completecomplete multimulti--OSOS emulationemulation onon x86x86 CPUCPU onlyonly
➔ TheThe wholewhole installationinstallation processprocess ofof aa LinuxLinux distributiondistribution cancan bebe donedone withwith VMwareVMware VMwareVMware
➔ ProvideProvide completecomplete multimulti--OSOS emulationemulation onon x86x86 CPUCPU onlyonly
➔ TheThe wholewhole installationinstallation processprocess ofof aa LinuxLinux distributiondistribution cancan bebe donedone withwith VMwareVMware
➔ ResourceResource consumptionconsumption isis staticstatic (RAM,(RAM, Disck,Disck, etc)etc) andand veryvery importantimportant (up(up toto 50%50% ofof thethe availableavailable computingcomputing power!)power!) plex86plex86 plex86plex86
« (...) a very lightweight Virtual Machine (VM) for running Linux/x86»
http://plex86.sourceforge.net/ (Feb/2005) plex86plex86
« (...) a very lightweight Virtual Machine (VM) for running Linux/x86»
http://plex86.sourceforge.net/ (Feb/2005)
➔ UseUse thethe samesame VmwareVmware logiclogic butbut isis restrictedrestricted onlyonly toto LinuxLinux OSOS (native(native OSOS asas wellwell asas guestguest OS)OS) plex86plex86
« (...) a very lightweight Virtual Machine (VM) for running Linux/x86»
http://plex86.sourceforge.net/ (Feb/2005)
➔ UseUse thethe samesame VmwareVmware logiclogic butbut isis restrictedrestricted onlyonly toto LinuxLinux OSOS (native(native OSOS asas wellwell asas guestguest OS)OS)
➔ It'sIt's neededneeded toto recompilerecompile thethe kernelkernel onon thethe guestguest OSOS plex86plex86
« (...) a very lightweight Virtual Machine (VM) for running Linux/x86»
http://plex86.sourceforge.net/ (Feb/2005)
➔ UseUse thethe samesame VmwareVmware logiclogic butbut isis restrictedrestricted onlyonly toto LinuxLinux OSOS (native(native OSOS asas wellwell asas guestguest OS)OS)
➔ It'sIt's neededneeded toto recompilerecompile thethe kernelkernel onon thethe guestguest OSOS
➔ VeryVery slowslow atat thethe timetime ofof thisthis writingwriting BochsBochs BochsBochs
« Bochs is a highly portable open source IA-32(x86) PC emulator written in C++, that runs on most popular platforms. It includes emulation of the Intel x86 CPU, common I/O devices and a custom BIOS. Currently, Bochs can be compiled to emulate a 386, 486, Pentium, Pentium Pro or AMD64 CPU including optional MMX, SSE, SSE2 and 3DNow instructions »
http://bochs.sourceforge.net/ (Feb/2005) BochsBochs
➔ TheThe performanceperformance ofof bochsbochs doesdoes notnot comparecompare toto VmwareVmware oror plex86plex86 mainlymainly becausebecause itit emulatesemulates thethe CPUCPU insteadinstead ofof usingusing thethe nativenative instructioninstruction setset ofof thethe IAIA--3232 CPUsCPUs BochsBochs
➔ TheThe performanceperformance ofof bochsbochs doesdoes notnot comparecompare toto VmwareVmware oror plex86plex86 mainlymainly becausebecause itit emulatesemulates thethe CPUCPU insteadinstead ofof usingusing thethe nativenative instructioninstruction setset ofof thethe IAIA--3232 CPUsCPUs
➔ ThereThere isis nono lockinglocking mechanismmechanism forfor thethe disks.disks. TheThe LinuxLinux--VServersVServers TheThe LinuxLinux--VServersVServers
« Linux-VServer allows you to create virtual private servers and security contexts which operate like a normal Linux server, but allow many independent servers to be run simultaneously in one box at full speed»
http://www.linux-vserver.org (Feb/2005) TheThe LinuxLinux--VServersVServers
➔ TheThe LinuxLinux--VServerVServer projectproject consistsconsists ofof aa kernelkernel patchpatch andand installationinstallation ofof userlanduserland toolstools TheThe LinuxLinux--VServersVServers
➔ TheThe LinuxLinux--VServerVServer projectproject consistsconsists ofof aa kernelkernel patchpatch andand installationinstallation ofof userlanduserland toolstools
➔ ItIt managemanage resourcesresources dinamically:dinamically: aa singlesingle kernelkernel isis inin chargecharge ofof allocatingallocating resources.resources. TheThe LinuxLinux--VServersVServers
➔ TheThe LinuxLinux--VServerVServer projectproject consistsconsists ofof aa kernelkernel patchpatch andand installationinstallation ofof userlanduserland toolstools
➔ ItIt managemanage resourcesresources dinamically:dinamically: aa singlesingle kernelkernel isis inin chargecharge ofof allocatingallocating resources.resources.
➔ Priority,Priority, Memory,Memory, DiskDisk space,space, CPUCPU ticksticks cancan bebe managedmanaged dynamicallydynamically forfor aa givengiven vserver.vserver. TheThe LinuxLinux--VServersVServers
➔ TheThe LinuxLinux--VServerVServer projectproject consistsconsists ofof aa kernelkernel patchpatch andand installationinstallation ofof userlanduserland toolstools
➔ ItIt managemanage resourcesresources dinamically:dinamically: aa singlesingle kernelkernel isis inin chargecharge ofof allocatingallocating resources.resources.
➔ Priority,Priority, Memory,Memory, DiskDisk space,space, CPUCPU ticksticks cancan bebe managedmanaged dynamicallydynamically forfor aa givengiven vserver.vserver.
➔ BecauseBecause onlyonly oneone kernelkernel accessaccess thethe hardwarehardware andand interrupts,interrupts, itit usesuses thethe advancedadvanced managementmanagement mechanismmechanism alreadyalready presentpresent inin thethe LinuxLinux KernelKernel TheThe LinuxLinux--VServersVServers
➔ AsAs aa consequence,consequence, thisthis isis aa veryvery fastfast andand lightweightlightweight systemsystem asas onlyonly thethe necessarynecessary servicesservices areare runrun (ssh,(ssh, http,http, postfix,postfix, etc)etc) andand notnot aa completecomplete bootboot process.process. TheThe LinuxLinux--VServersVServers
➔ AsAs aa consequence,consequence, thisthis isis aa veryvery fastfast andand lightweightlightweight systemsystem asas onlyonly thethe necessarynecessary servicesservices areare runrun (ssh,(ssh, http,http, postfix,postfix, etc)etc) andand notnot aa completecomplete bootboot process.process.
➔ AdditionalAdditional securitysecurity occursoccurs insideinside aa vserver;vserver; thethe LinuxLinux-- VServerVServer useuse thethe POSIXPOSIX capabilitiescapabilities toto increaseincrease itsits security.security. TheThe LinuxLinux--VServersVServers
➔ AsAs aa consequence,consequence, thisthis isis aa veryvery fastfast andand lightweightlightweight systemsystem asas onlyonly thethe necessarynecessary servicesservices areare runrun (ssh,(ssh, http,http, postfix,postfix, etc)etc) andand notnot aa completecomplete bootboot process.process.
➔ AdditionalAdditional securitysecurity occursoccurs insideinside aa vserver;vserver; thethe LinuxLinux-- VServerVServer useuse thethe POSIXPOSIX capabilitiescapabilities toto increaseincrease itsits security.security.
➔ NetworkNetwork access,access, devicedevice accessaccess andand manymany moremore capabilitiescapabilities cancan bebe givengiven oror takentaken inin orderorder toto havehave aa moremore securesecure virtualvirtual server.server. UserUser--ModeMode LinuxLinux (UML)(UML) UserUser--ModeMode LinuxLinux (UML)(UML)
« User-Mode Linux is a safe, secure way of running Linux versions and Linux processes. Run buggy software, experiment with new Linux Kernel or distributions, and poke around in the internals of Linux, all without risking your main Linux setup»
http://user-mode-linux.sourceforge.net/ (Feb/2005) UserUser--ModeMode LinuxLinux (UML)(UML)
« User-Mode Linux is a safe, secure way of running Linux versions and Linux processes. Run buggy software, experiment with new Linux Kernel or distributions, and poke around in the internals of Linux, all without risking your main Linux setup»
http://user-mode-linux.sourceforge.net/ (Feb/2005)
➔ veryvery slowslow performanceperformance becausebecause onlyonly oneone programprogram cancan runrun inin privilegedprivileged mode:mode: thethe hosthost KernelKernel thatthat supportsupport thethe hostedhosted onesones UserUser--ModeMode LinuxLinux (UML)(UML)
« User-Mode Linux is a safe, secure way of running Linux versions and Linux processes. Run buggy software, experiment with new Linux Kernel or distributions, and poke around in the internals of Linux, all without risking your main Linux setup»
http://user-mode-linux.sourceforge.net/ (Feb/2005)
➔ veryvery slowslow performanceperformance becausebecause onlyonly oneone programprogram cancan runrun inin privilegedprivileged mode:mode: thethe hosthost KernelKernel thatthat supportsupport thethe hostedhosted onesones
➔ thethe performanceperformance penaltypenalty isis veryvery importantimportant andand aa completecomplete bootboot processprocess isis necessarynecessary XenXen XenXen
« Xen is a virtual machine monitor for x86 that supports execution of multiple guest operating systems with unprecedented levels of performance and resource isolation»
http://www.cl.cam.ac.uk/Research/SRG/netos/xen/ (Feb/2005) XenXen
➔ thisthis isis achievedachieved byby installinginstalling aa kingking ofof ««megamega--biosbios»» layerlayer (Xen)(Xen) thatthat hideshides thethe physicalphysical hardwarehardware andand providesprovides supportedsupported OSOS specificspecific ««XenXen driversdrivers»» inin orderorder toto interactinteract withwith thethe XenXen abstractionabstraction layer.layer. XenXen
➔ thisthis isis achievedachieved byby installinginstalling aa kingking ofof ««megamega--biosbios»» layerlayer (Xen)(Xen) thatthat hideshides thethe physicalphysical hardwarehardware andand providesprovides supportedsupported OSOS specificspecific ««XenXen driversdrivers»» inin orderorder toto interactinteract withwith thethe XenXen abstractionabstraction layer.layer.
➔ thethe virtualvirtual serversservers interactinteract withwith XenXen hardwarehardware (including(including CPU)CPU) needsneeds aa specificspecific kernelkernel butbut applicationsapplications cancan runrun unchanged.unchanged. XenXen
➔ thisthis isis achievedachieved byby installinginstalling aa kingking ofof ««megamega--biosbios»» layerlayer (Xen)(Xen) thatthat hideshides thethe physicalphysical hardwarehardware andand providesprovides supportedsupported OSOS specificspecific ««XenXen driversdrivers»» inin orderorder toto interactinteract withwith thethe XenXen abstractionabstraction layer.layer.
➔ thethe virtualvirtual serversservers interactinteract withwith XenXen hardwarehardware (including(including CPU)CPU) needsneeds aa specificspecific kernelkernel butbut applicationsapplications cancan runrun unchanged.unchanged.
➔ aa lightweightlightweight technology,technology, butbut demandsdemands completecomplete systemssystems toto bebe ««bootedbooted»» insideinside thethe XenXen domainsdomains (virtual(virtual servers)servers) soso resourceresource consumptionconsumption (RAM,(RAM, CPU,CPU, processes,processes, etc)etc) isis muchmuch moremore importantimportant thanthan thethe LinuxLinux--VServerVServer project.project. QEMUQEMU QEMUQEMU
« QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation»
http://fabrice.bellard.free.fr/qemu/ (Feb/2005) QEMUQEMU
➔ emulatesemulates onlyonly thethe x86x86 familyfamily ofof processorsprocessors QEMUQEMU
➔ emulatesemulates onlyonly thethe x86x86 familyfamily ofof processorsprocessors
➔ supportssupports emulationemulation ofof useruser codecode onon otherother architecturearchitecture (ARM,(ARM, SPARC,SPARC, PowerPC)PowerPC) QEMUQEMU
➔ emulatesemulates onlyonly thethe x86x86 familyfamily ofof processorsprocessors
➔ supportssupports emulationemulation ofof useruser codecode onon otherother architecturearchitecture (ARM,(ARM, SPARC,SPARC, PowerPC)PowerPC)
➔ emulation,emulation, byby default,default, veryvery slow;slow; aa nonnon--freefree layerlayer (QEMU(QEMU accelerator)accelerator) givesgives aa muchmuch betterbetter performanceperformance onon thethe samesame architecturearchitecture (x86(x86 emulatedemulated onon x86)x86) QEMUQEMU
➔ emulatesemulates onlyonly thethe x86x86 familyfamily ofof processorsprocessors
➔ supportssupports emulationemulation ofof useruser codecode onon otherother architecturearchitecture (ARM,(ARM, SPARC,SPARC, PowerPC)PowerPC)
➔ emulation,emulation, byby default,default, veryvery slow;slow; aa nonnon--freefree layerlayer (QEMU(QEMU accelerator)accelerator) givesgives aa muchmuch betterbetter performanceperformance onon thethe samesame architecturearchitecture (x86(x86 emulatedemulated onon x86)x86)
➔ aa youngyoung andand stillstill veryvery experimentalexperimental projectproject usage ClassificationClassification ofof problems:problems: usage criteriacriteria usage ClassificationClassification ofof problems:problems: usage criteriacriteria
WeWe presentpresent inin thethe followingfollowing severalseveral needsneeds forfor computercomputer virtualizationvirtualization andand willwill useuse thosethose criteriacriteria toto comparecompare thethe selectedselected technologytechnology usage ClassificationClassification ofof problems:problems: usage criteriacriteria MultiMulti OSOS usage ClassificationClassification ofof problems:problems: usage criteriacriteria MultiMulti OSOS KernelKernel developmentdevelopment // debuggingdebugging usage ClassificationClassification ofof problems:problems: usage criteriacriteria MultiMulti OSOS KernelKernel developmentdevelopment // debuggingdebugging OSOS installationinstallation processprocess usage ClassificationClassification ofof problems:problems: usage criteriacriteria MultiMulti OSOS KernelKernel developmentdevelopment // debuggingdebugging OSOS installationinstallation processprocess ResourcesResources consumptionconsumption usage ClassificationClassification ofof problems:problems: usage criteriacriteria MultiMulti OSOS KernelKernel developmentdevelopment // debuggingdebugging OSOS installationinstallation processprocess ResourcesResources consumptionconsumption DynamicalDynamical allocationallocation ofof resourcesresources usage ClassificationClassification ofof problems:problems: usage criteriacriteria MultiMulti OSOS KernelKernel developmentdevelopment // debuggingdebugging OSOS installationinstallation processprocess ResourcesResources consumptionconsumption DynamicalDynamical allocationallocation ofof resourcesresources MultiMulti architecturearchitecture usage ClassificationClassification ofof problems:problems: usage criteriacriteria MultiMulti OSOS KernelKernel developmentdevelopment // debuggingdebugging OSOS installationinstallation processprocess ResourcesResources consumptionconsumption DynamicalDynamical allocationallocation ofof resourcesresources MultiMulti architecturearchitecture MaturityMaturity usage ClassificationClassification ofof problems:problems: usage criteriacriteria MultiMulti OSOS KernelKernel developmentdevelopment // debuggingdebugging OSOS installationinstallation processprocess ResourcesResources consumptionconsumption DynamicalDynamical allocationallocation ofof resourcesresources MultiMulti architecturearchitecture MaturityMaturity SecuritySecurity MultiMulti OSOS MultiMulti OSOS
➔ SomeSome virtualizationvirtualization technologytechnology onlyonly supportsupport aa typetype ofof OSOS (Linux,(Linux, Windows,Windows, FreeBSD,FreeBSD, etc)etc) whilewhile othersothers areare moremore genericgeneric andand cancan runrun LinuxLinux onon Windows,Windows, WindowsWindows onon Linux,Linux, etc.etc. MultiMulti OSOS
➔ SomeSome virtualizationvirtualization technologytechnology onlyonly supportsupport aa typetype ofof OSOS (Linux,(Linux, Windows,Windows, FreeBSD,FreeBSD, etc)etc) whilewhile othersothers areare moremore genericgeneric andand cancan runrun LinuxLinux onon Windows,Windows, WindowsWindows onon Linux,Linux, etc.etc.
➔ MultiMulti OSOS virtualizationvirtualization systemssystems includeinclude VMwareVMware andand Xen.Xen. KernelKernel developmentdevelopment // debuggingdebugging KernelKernel developmentdevelopment // debuggingdebugging
➔ SomeSome usersusers needneed toto developdevelop thethe kernel.kernel. ThisThis criteriacriteria willwill definedefine if,if, yesyes oror no,no, thosethose taskstasks cancan bebe achievedachieved withwith thethe chosenchosen virtualizationvirtualization techniquetechnique KernelKernel developmentdevelopment // debuggingdebugging
➔ SomeSome usersusers needneed toto developdevelop thethe kernel.kernel. ThisThis criteriacriteria willwill definedefine if,if, yesyes oror no,no, thosethose taskstasks cancan bebe achievedachieved withwith thethe chosenchosen virtualizationvirtualization techniquetechnique
➔ UMLUML hashas beenbeen designeddesigned forfor KernelKernel HackingHacking andand developmentdevelopment OSOS installationinstallation processprocess OSOS installationinstallation processprocess
➔ SomeSome usersusers needneed toto reproducereproduce thethe completecomplete installationinstallation ofof aa systemsystem (install(install CD,CD, networknetwork boot,boot, hardhard diskdisk partitioning,partitioning, etc).etc). OSOS installationinstallation processprocess
➔ SomeSome usersusers needneed toto reproducereproduce thethe completecomplete installationinstallation ofof aa systemsystem (install(install CD,CD, networknetwork boot,boot, hardhard diskdisk partitioning,partitioning, etc).etc).
➔ VMwareVMware supportssupports perfectlyperfectly thethe simulationsimulation ofof thethe installationinstallation processprocess forfor thethe supportedsupported LinuxLinux distributionsdistributions ResourcesResources consumptionconsumption ResourcesResources consumptionconsumption
➔ ThisThis criteriacriteria willwill definedefine howhow muchmuch resourcesresources aa virtualvirtual computercomputer needneed toto useuse inin orderorder toto bebe fullyfully functional.functional. ResourcesResources consumptionconsumption
➔ ThisThis criteriacriteria willwill definedefine howhow muchmuch resourcesresources aa virtualvirtual computercomputer needneed toto useuse inin orderorder toto bebe fullyfully functional.functional.
➔ ForFor eacheach virtualizationvirtualization technique,technique, thethe approximativeapproximative resourceresource consumptionconsumption ofof aa fullyfully functionalfunctional virtualvirtual serverserver hashas beenbeen estimated.estimated. ResourcesResources consumptionconsumption
➔ ThisThis criteriacriteria willwill definedefine howhow muchmuch resourcesresources aa virtualvirtual computercomputer needneed toto useuse inin orderorder toto bebe fullyfully functional.functional.
➔ ForFor eacheach virtualizationvirtualization technique,technique, thethe approximativeapproximative resourceresource consumptionconsumption ofof aa fullyfully functionalfunctional virtualvirtual serverserver hashas beenbeen estimated.estimated.
➔ VMwareVMware needsneeds aa lotlot ofof resources,resources, asas doesdoes UML,UML, thenthen XenXen andand finallyfinally LinuxLinux--VServers.VServers. DynamicalDynamical allocationallocation ofof resourcesresources DynamicalDynamical allocationallocation ofof resourcesresources
➔ SomeSome usersusers needneed toto dynamicallydynamically changechange thethe resourcesresources usedused byby aa virtualvirtual computer.computer. SomeSome virtualizationvirtualization programsprograms allowallow thethe useruser toto livelive changechange thethe resourcesresources availableavailable forfor thethe virtualvirtual serverserver whilewhile othersothers cancan notnot dodo this.this. DynamicalDynamical allocationallocation ofof resourcesresources
➔ SomeSome usersusers needneed toto dynamicallydynamically changechange thethe resourcesresources usedused byby aa virtualvirtual computer.computer. SomeSome virtualizationvirtualization programsprograms allowallow thethe useruser toto livelive changechange thethe resourcesresources availableavailable forfor thethe virtualvirtual serverserver whilewhile othersothers cancan notnot dodo this.this.
➔ UML,UML, XenXen andand LinuxLinux--VServersVServers cancan dynamicallydynamically alocatealocate resourcesresources anan ensureensure QoSQoS criteriacriteria betweenbetween thethe virtualvirtual serversservers andand thethe hosthost system.system. MultiMulti architecturearchitecture MultiMulti architecturearchitecture
➔ SomeSome virtualizationvirtualization technologytechnology onlyonly supportsupport aa typetype ofof architecture,architecture, x86x86 forfor thethe mostmost part.part. MultiMulti architecturearchitecture
➔ SomeSome virtualizationvirtualization technologytechnology onlyonly supportsupport aa typetype ofof architecture,architecture, x86x86 forfor thethe mostmost part.part.
➔ UMLUML andand LinuxLinux--VServersVServers supportsupport severalseveral architectures.architectures. MaturityMaturity MaturityMaturity
➔ ThisThis isis aa relativerelative indicatorindicator ofof thethe maturitymaturity ofof thethe technology.technology. MaturityMaturity
➔ ThisThis isis aa relativerelative indicatorindicator ofof thethe maturitymaturity ofof thethe technology.technology.
➔ VMwareVMware isis veryvery maturemature (but(but notnot wellwell supportedsupported withwith 2.62.6 kernelkernel andand moremore experimentalexperimental kernels)kernels) MaturityMaturity
➔ ThisThis isis aa relativerelative indicatorindicator ofof thethe maturitymaturity ofof thethe technology.technology.
➔ VMwareVMware isis veryvery maturemature (but(but notnot wellwell supportedsupported withwith 2.62.6 kernelkernel andand moremore experimentalexperimental kernels)kernels)
➔ UMLUML andand LinuxLinux--VServerVServer areare productionproduction readyready MaturityMaturity
➔ ThisThis isis aa relativerelative indicatorindicator ofof thethe maturitymaturity ofof thethe technology.technology.
➔ VMwareVMware isis veryvery maturemature (but(but notnot wellwell supportedsupported withwith 2.62.6 kernelkernel andand moremore experimentalexperimental kernels)kernels)
➔ UMLUML andand LinuxLinux--VServerVServer areare productionproduction readyready
➔ XenXen isis moremore experimentalexperimental SecuritySecurity SecuritySecurity
➔ WhileWhile allall virtualizationvirtualization techniquestechniques increasesincreases securitysecurity byby allowingallowing systemsystem administratorsadministrators toto cleanlycleanly separateseparate servicesservices onon differentdifferent virtualvirtual servers,servers, somesome ofof themthem offersoffers additionaladditional protectionsprotections withwith rules/rolesrules/roles andand additionaladditional securitysecurity modelsmodels thatthat cancan makemake aa virtualvirtual serverserver moremore robustrobust thanthan aa realreal one.one. SecuritySecurity
➔ LinuxLinux--VServerVServer shareshare somesome codecode withwith thethe guestguest OSOS andand thisthis cancan bebe consideredconsidered asas aa vulnerability.vulnerability. SecuritySecurity
➔ LinuxLinux--VServerVServer shareshare somesome codecode withwith thethe guestguest OSOS andand thisthis cancan bebe consideredconsidered asas aa vulnerability.vulnerability.
➔ WeWe diddid notnot considerconsider thisthis asas aa vulnerabilityvulnerability becausebecause wewe considerconsider thatthat ifif aa securitysecurity problemproblem occursoccurs inin thethe kernelkernel inin aa primitiveprimitive methodmethod usedused byby aa LinuxLinux-- VServerVServer (chroot,(chroot, chcontext,chcontext, chbind,chbind, etc)etc) thenthen everyevery LinuxLinux serverserver (vserver(vserver oror not)not) hashas thisthis problemproblem andand hashas toto bebe upgraded.upgraded. SecuritySecurity
➔ InIn thisthis context,context, thethe LinuxLinux--VServerVServer projectproject isis thethe moremore ««securitysecurity orientedoriented»» becausebecause itit offersoffers additionaladditional securitysecurity featuresfeatures (POSIX(POSIX capabilities).capabilities). SecuritySecurity
➔ InIn thisthis context,context, thethe LinuxLinux--VServerVServer projectproject isis thethe moremore ««securitysecurity orientedoriented»» becausebecause itit offersoffers additionaladditional securitysecurity featuresfeatures (POSIX(POSIX capabilities).capabilities).
➔ TheThe otherother technologiestechnologies dodo notnot provideprovide additionaladditional security.security. ComparativeComparative studystudy ofof thethe existingexisting technologytechnology ComparativeComparative studystudy ofof thethe existingexisting technologytechnology
➔ OnlyOnly thethe majormajor virtualizationvirtualization techniquestechniques willwill bebe analyzedanalyzed ComparativeComparative studystudy ofof thethe existingexisting technologytechnology
➔ OnlyOnly thethe majormajor virtualizationvirtualization techniquestechniques willwill bebe analyzedanalyzed
➔ TheThe BochsBochs andand plex86plex86 projectsprojects willwill notnot bebe comparedcompared withwith thethe othersothers asas theythey areare notnot yetyet fullyfully functionalfunctional ComparativeComparative studystudy ofof thethe existingexisting technologytechnology
Ker nel Int al l Dy nam i c al Name Multi OS Development Process Resources Resources Sercurity Maturity Architecture Vmware Yes No Yes 2 Gb No No Good x86 Linux-VServer No No No 256 Mb Yes Yes Excelent x86, IA64, x86_64 UML No Yes No 1 Gb No No Good x86, IA64, x86_64 Xe n Ye s Ex p . Ye s 1 Gb No No Yo u n g x 8 6 QEMU Exp. No Exp. 1 Gb No No Young x86 ComparativeComparative studystudy ofof thethe existingexisting technologytechnology
➔ BasedBased onon thethe needsneeds fromfrom thethe user,user, oneone shouldshould bebe ableable toto easilyeasily choosechoose thethe bestbest suitedsuited virtualizationvirtualization techniquetechnique ➔ InIn orderorder toto facilitatefacilitate thisthis process,process, wewe havehave establishedestablished somesome basicbasic useuse--casescases forfor thethe virtualizationvirtualization ofof computers:computers: ➔ InIn orderorder toto facilitatefacilitate thisthis process,process, wewe havehave establishedestablished somesome basicbasic useuse--casescases forfor thethe virtualizationvirtualization ofof computers:computers:
• HostingHosting ➔ InIn orderorder toto facilitatefacilitate thisthis process,process, wewe havehave establishedestablished somesome basicbasic useuse--casescases forfor thethe virtualizationvirtualization ofof computers:computers:
• HostingHosting
• TestingTesting oneone applicationapplication ➔ InIn orderorder toto facilitatefacilitate thisthis process,process, wewe havehave establishedestablished somesome basicbasic useuse--casescases forfor thethe virtualizationvirtualization ofof computers:computers:
• HostingHosting
• TestingTesting oneone applicationapplication
• BuildBuild environmentenvironment oror developmentdevelopment environmentenvironment ➔ InIn orderorder toto facilitatefacilitate thisthis process,process, wewe havehave establishedestablished somesome basicbasic useuse--casescases forfor thethe virtualizationvirtualization ofof computers:computers:
• HostingHosting
• TestingTesting oneone applicationapplication
• BuildBuild environmentenvironment oror developmentdevelopment environmentenvironment
• TestingTesting distributeddistributed applicationapplication and/orand/or complexcomplex upgradeupgrade processprocess ➔ InIn orderorder toto facilitatefacilitate thisthis process,process, wewe havehave establishedestablished somesome basicbasic useuse--casescases forfor thethe virtualizationvirtualization ofof computers:computers:
• HostingHosting
• TestingTesting oneone applicationapplication
• BuildBuild environmentenvironment oror developmentdevelopment environmentenvironment
• TestingTesting distributeddistributed applicationapplication and/orand/or complexcomplex upgradeupgrade processprocess
• SecuritySecurity usageusage ➔ InIn orderorder toto facilitatefacilitate thisthis process,process, wewe havehave establishedestablished somesome basicbasic useuse--casescases forfor thethe virtualizationvirtualization ofof computers:computers:
• HostingHosting
• TestingTesting oneone applicationapplication
• BuildBuild environmentenvironment oror developmentdevelopment environmentenvironment
• TestingTesting distributeddistributed applicationapplication and/orand/or complexcomplex upgradeupgrade processprocess
• SecuritySecurity usageusage
• HighHigh availabilityavailability ➔ InIn orderorder toto facilitatefacilitate thisthis process,process, wewe havehave establishedestablished somesome basicbasic useuse--casescases forfor thethe virtualizationvirtualization ofof computers:computers:
• HostingHosting
• TestingTesting oneone applicationapplication
• BuildBuild environmentenvironment oror developmentdevelopment environmentenvironment
• TestingTesting distributeddistributed applicationapplication and/orand/or complexcomplex upgradeupgrade processprocess
• SecuritySecurity usageusage
• HighHigh availabilityavailability
• DisasterDisaster recoveryrecovery HostingHosting HostingHosting
➔ AnAn InternetInternet providerprovider oror sosomeonemeone thatthat simplysimply havehave toto provideprovide accessaccess toto oneone oror severalseveral hostshosts onon aa realreal system.system. HostingHosting
➔ AnAn InternetInternet providerprovider oror sosomeonemeone thatthat simplysimply havehave toto provideprovide accessaccess toto oneone oror severalseveral hostshosts onon aa realreal system.system.
➔ TheThe resourcesresources consumptionconsumption isis veryvery smallsmall becausebecause onlyonly thethe neededneeded processesprocesses areare startedstarted onon thethe vservers.vservers. HostingHosting
➔ AnAn InternetInternet providerprovider oror sosomeonemeone thatthat simplysimply havehave toto provideprovide accessaccess toto oneone oror severalseveral hostshosts onon aa realreal system.system.
➔ TheThe resourcesresources consumptionconsumption isis veryvery smallsmall becausebecause onlyonly thethe neededneeded processesprocesses areare startedstarted onon thethe vservers.vservers.
➔ AdditionalAdditional securitysecurity isis providedprovided byby thethe POSIXPOSIX capabilitiescapabilities HostingHosting
➔ OnOn demanddemand serversservers cancan bebe createdcreated inin secondsseconds andand delivereddelivered toto thethe customer.customer. HostingHosting
➔ OnOn demanddemand serversservers cancan bebe createdcreated inin secondsseconds andand delivereddelivered toto thethe customer.customer.
➔ EveryEvery LinuxLinux--VServerVServer consistconsist onlyonly ofof filesfiles thatthat cancan bebe easilyeasily backupedbackuped andand restoredrestored onon anotheranother serverserver ifif needed.needed. HostingHosting
➔ OnOn demanddemand serversservers cancan bebe createdcreated inin secondsseconds andand delivereddelivered toto thethe customer.customer.
➔ EveryEvery LinuxLinux--VServerVServer consistconsist onlyonly ofof filesfiles thatthat cancan bebe easilyeasily backupedbackuped andand restoredrestored onon anotheranother serverserver ifif needed.needed.
➔ UnificationUnification isis aa mechanismmechanism atat thethe packagepackage levellevel thatthat allowsallows LinuxLinux--VServersVServers toto shareshare programsprograms andand librarylibrary TestingTesting oneone applicationapplication TestingTesting oneone applicationapplication
➔ PerformPerform stressstress teststests oror unitaryunitary testingtesting onon oneone application.application. TestingTesting oneone applicationapplication
➔ PerformPerform stressstress teststests oror unitaryunitary testingtesting onon oneone application.application.
➔ IsIs easyeasy toto movemove aa LinuxLinux--VServerVServer onon differentdifferent hardwarehardware toto comparecompare performance.performance. TestingTesting oneone applicationapplication
➔ PerformPerform stressstress teststests oror unitaryunitary testingtesting onon oneone application.application.
➔ IsIs easyeasy toto movemove aa LinuxLinux--VServerVServer onon differentdifferent hardwarehardware toto comparecompare performance.performance.
➔ BecauseBecause thethe regularregular devicedevice driversdrivers areare used,used, thethe virtualizationvirtualization layerlayer impactimpact onon performanceperformance measurementmeasurement isis expectedexpected toto bebe nebligible.nebligible. BuildBuild environmentenvironment oror developmentdevelopment environmentenvironment BuildBuild environmentenvironment oror developmentdevelopment environmentenvironment
EasilyEasily toto createcreate onon demandeman differentdifferent versionsversions ofof distributionsdistributions fromfrom aa hosthost systemsystem BuildBuild environmentenvironment oror developmentdevelopment environmentenvironment
EasilyEasily toto createcreate onon demandeman differentdifferent versionsversions ofof distributionsdistributions fromfrom aa hosthost systemsystem
DevelopmentDevelopment startingstarting fromfrom aa cleanclean virtualvirtual server:server: BuildBuild environmentenvironment oror developmentdevelopment environmentenvironment
EasilyEasily toto createcreate onon demandeman differentdifferent versionsversions ofof distributionsdistributions fromfrom aa hosthost systemsystem
DevelopmentDevelopment startingstarting fromfrom aa cleanclean virtualvirtual server:server: ➔ GreatlyGreatly increasesincreases bugbug reproducibilityreproducibility andand processprocess ofof developmentdevelopment BuildBuild environmentenvironment oror developmentdevelopment environmentenvironment
EasilyEasily toto createcreate onon demandeman differentdifferent versionsversions ofof distributionsdistributions fromfrom aa hosthost systemsystem
DevelopmentDevelopment startingstarting fromfrom aa cleanclean virtualvirtual server:server: ➔ GreatlyGreatly increasesincreases bugbug reproducibilityreproducibility andand processprocess ofof developmentdevelopment
➔ WhenWhen aa bugbug isis found,found, thethe vservervserver wherewhere thethe bugbug cancan bebe triggeredtriggered cancan bebe easilyeasily copiedcopied andand ««givengiven »» toto thethe developerdeveloper inin charge.charge. TestingTesting distributeddistributed applicationapplication and/orand/or complexcomplex upgradeupgrade processprocess TestingTesting distributeddistributed applicationapplication and/orand/or complexcomplex upgradeupgrade processprocess
➔ OneOne ofof thethe problemsproblems forfor complexcomplex applicationsapplications isis thethe factfact thatthat itit isis veryvery difficultdifficult toto reproduce,reproduce, inin thethe laboratory,laboratory, anan evironmentevironment similarsimilar toto thethe productionproduction one.one. TestingTesting distributeddistributed applicationapplication and/orand/or complexcomplex upgradeupgrade processprocess
➔ OneOne ofof thethe problemsproblems forfor complexcomplex applicationsapplications isis thethe factfact thatthat itit isis veryvery difficultdifficult toto reproduce,reproduce, inin thethe laboratory,laboratory, anan evironmentevironment similarsimilar toto thethe productionproduction one.one.
➔ AsAs aa consequence,consequence, andand whilewhile thisthis isis certainlycertainly notnot thethe bestbest practices,practices, developersdevelopers oftenoften needneed toto developdevelop onon oror ««nearnear»» thethe productionproduction systems.systems. TestingTesting distributeddistributed applicationapplication and/orand/or complexcomplex upgradeupgrade processprocess
➔ OneOne ofof thethe problemsproblems forfor complexcomplex applicationsapplications isis thethe factfact thatthat itit isis veryvery difficultdifficult toto reproduce,reproduce, inin thethe laboratory,laboratory, anan evironmentevironment similarsimilar toto thethe productionproduction one.one.
➔ AsAs aa consequence,consequence, andand whilewhile thisthis isis certainlycertainly notnot thethe bestbest practices,practices, developersdevelopers oftenoften needneed toto developdevelop onon oror ««nearnear»» thethe productionproduction systems.systems.
➔ WithWith oneone ofof thethe virtualizativirtualizationon techniquestechniques itit isis veryvery easyeasy toto duplicateduplicate thethe productionproduction environmentenvironment inin thethe laboratory:laboratory: justjust copycopy youryour productionproduction virtualvirtual computercomputer onon aa developmentdevelopment system.system. SecuritySecurity usageusage SecuritySecurity usageusage
1 ➔ TheThe KISSKISS principleprinciple encouragesencourages thethe deploymentdeployment ofof simplesimple systemssystems thatthat onlyonly deliverdeliver oneone serviceservice perper system.system.
1 KeepKeep ItIt SimpleSimple andand StupidStupid SecuritySecurity usageusage
1 ➔ TheThe KISSKISS principleprinciple encouragesencourages thethe deploymentdeployment ofof simplesimple systemssystems thatthat onlyonly deliverdeliver oneone serviceservice perper system.system.
➔ ThisThis principleprinciple isis rarelyrarely usedused onon thethe fieldfield becausebecause thisthis willwill leadlead toto aa veryvery bigbig increaseincrease ofof thethe physicalphysical computerscomputers number.number. SecuritySecurity usageusage
1 ➔ TheThe KISSKISS principleprinciple encouragesencourages thethe deploymentdeployment ofof simplesimple systemssystems thatthat onlyonly deliverdeliver oneone serviceservice perper system.system.
➔ ThisThis principleprinciple isis rarelyrarely usedused onon thethe fieldfield becausebecause thisthis willwill leadlead toto aa veryvery bigbig increaseincrease ofof thethe physicalphysical computerscomputers number.number.
➔ InIn turn,turn, becausebecause modernmodern computerscomputers havehave aa hugehuge computingcomputing power,power, thosethose computerscomputers willwill bebe underunder-- usedused HighHigh availabilityavailability HighHigh availabilityavailability
➔ WhileWhile XenXen isis presentlypresently oneone ofof thethe firstfirst toto managemanage loadload balancingbalancing betweenbetween liveslives computers,computers, oneone cancan easilyeasily setset upup aa highhigh availabilityavailability systemsystem withwith anyany virtualizationvirtualization technique.technique. HighHigh availabilityavailability
➔ WhileWhile XenXen isis presentlypresently oneone ofof thethe firstfirst toto managemanage loadload balancingbalancing betweenbetween liveslives computers,computers, oneone cancan easilyeasily setset upup aa highhigh availabilityavailability systemsystem withwith anyany virtualizationvirtualization technique.technique.
➔ AA coldcold swapswap serverserver thatthat isis syncedsynced eithereither periodicallyperiodically (cron(cron isis youryour friend)friend) ofof live,live, eithereither atat thethe applicationapplication levellevel (replication(replication forfor MySQL,MySQL, PostGreSQL,PostGreSQL, LDAP,LDAP, etc)etc) oror withwith aa lowlow levellevel tooltool likelike DRDR--DB/DB/ HighHigh availabilityavailability
➔ ThenThen thethe hothot oror coldcold backupbackup virtualvirtual--serverserver cancan monitormonitor failuresfailures fromfrom thethe otherother virtualvirtual--serverserver provideprovide aa veryvery inexpensiveinexpensive highhigh availabilityavailability layer.layer. HighHigh availabilityavailability
➔ ThenThen thethe hothot oror coldcold backupbackup virtualvirtual--serverserver cancan monitormonitor failuresfailures fromfrom thethe otherother virtualvirtual--serverserver provideprovide aa veryvery inexpensiveinexpensive highhigh availabilityavailability layer.layer.
➔ OneOne cancan eveneven useuse thisthis procedureprocedure onon aa singlesingle hardwarehardware system:system: thisthis willwill provideprovide whatwhat wewe calledcalled ««softwaresoftware highhigh availabilityavailability»» andand protectprotect thethe useruser fromfrom softwaresoftware bugs.bugs. DisasterDisaster recoveryrecovery DisasterDisaster recoveryrecovery
➔ VirtualizationVirtualization deeplydeeply modifymodify thisthis areaarea ofof modernmodern computingcomputing providingproviding anan abstractionabstraction layerlayer betweenbetween thethe hardwarehardware andand thethe virtualvirtual servers.servers. DisasterDisaster recoveryrecovery
➔ VirtualizationVirtualization deeplydeeply modifymodify thisthis areaarea ofof modernmodern computingcomputing providingproviding anan abstractionabstraction layerlayer betweenbetween thethe hardwarehardware andand thethe virtualvirtual servers.servers.
➔ ThisThis meandsmeands thatthat heterogeneousheterogeneous hardwarehardware cancan easilyeasily bebe used,used, withoutwithout additionaladditional risk,risk, toto provideprovide disasterdisaster recoveryrecovery capacities.capacities. TechnologyTechnology overviewoverview overviewoverview ofof ofof LinuxLinux--VServersVServers TechnologyTechnology overviewoverview ofof LinuxLinux--VServersVServers
➔ http://linuxhttp://linux--vserver.orgvserver.org TechnologyTechnology overviewoverview ofof LinuxLinux--VServersVServers
➔ http://linuxhttp://linux--vserver.orgvserver.org
➔ CreatedCreated byby JacquesJacques Gelinas,Gelinas, aa wellwell knowknow LinuxLinux hackerhacker fromfrom QuebecQuebec (Linuxconf,(Linuxconf, insmod/modprobe,insmod/modprobe, umsdos,umsdos, etc).etc). TechnologyTechnology overviewoverview ofof LinuxLinux--VServersVServers
➔ http://linuxhttp://linux--vserver.orgvserver.org
➔ CreatedCreated byby JacquesJacques Gelinas,Gelinas, aa wellwell knowknow LinuxLinux hackerhacker fromfrom QuebecQuebec (Linuxconf,(Linuxconf, insmod/modprobe,insmod/modprobe, umsdos,umsdos, etc).etc).
➔ ProjectProject isis leadedleaded nownow byby HerbertHerbert PoetzlPoetzl andand aa lotlot ofof developmentdevelopment occursoccurs TechnologyTechnology overviewoverview ofof LinuxLinux--VServersVServers
➔ http://linuxhttp://linux--vserver.orgvserver.org
➔ CreatedCreated byby JacquesJacques Gelinas,Gelinas, aa wellwell knowknow LinuxLinux hackerhacker fromfrom QuebecQuebec (Linuxconf,(Linuxconf, insmod/modprobe,insmod/modprobe, umsdos,umsdos, etc).etc).
➔ ProjectProject isis leadedleaded nownow byby HerbertHerbert PoetzlPoetzl andand aa lotlot ofof developmentdevelopment occursoccurs
➔ TheThe communitycommunity isis veryvery activeactive andand supportivesupportive TechnologyTechnology overviewoverview ofof LinuxLinux--VServersVServers
TheThe LinuxLinux--VServerVServer projectproject cancan bebe seesee asas thethe integrationintegration ofof 44 concepts,concepts, halfhalf ofof themthem havinghaving beenbeen specificallyspecifically developeddeveloped forfor thethe project:project: TechnologyTechnology overviewoverview ofof LinuxLinux--VServersVServers
TheThe LinuxLinux--VServerVServer projectproject cancan bebe seesee asas thethe integrationintegration ofof 44 concepts,concepts, halfhalf ofof themthem havinghaving beenbeen specificallyspecifically developeddeveloped forfor thethe project:project:
chroot:chroot: diskdisk isolationisolation TechnologyTechnology overviewoverview ofof LinuxLinux--VServersVServers
TheThe LinuxLinux--VServerVServer projectproject cancan bebe seesee asas thethe integrationintegration ofof 44 concepts,concepts, halfhalf ofof themthem havinghaving beenbeen specificallyspecifically developeddeveloped forfor thethe project:project:
chroot:chroot: diskdisk isolationisolation chcontext:chcontext: processprocess isolationisolation TechnologyTechnology overviewoverview ofof LinuxLinux--VServersVServers
TheThe LinuxLinux--VServerVServer projectproject cancan bebe seesee asas thethe integrationintegration ofof 44 concepts,concepts, halfhalf ofof themthem havinghaving beenbeen specificallyspecifically developeddeveloped forfor thethe project:project:
chroot:chroot: diskdisk isolationisolation chcontext:chcontext: processprocess isolationisolation chbind:chbind: networknetwork isolationisolation TechnologyTechnology overviewoverview ofof LinuxLinux--VServersVServers
TheThe LinuxLinux--VServerVServer projectproject cancan bebe seesee asas thethe integrationintegration ofof 44 concepts,concepts, halfhalf ofof themthem havinghaving beenbeen specificallyspecifically developeddeveloped forfor thethe project:project:
chroot:chroot: diskdisk isolationisolation chcontext:chcontext: processprocess isolationisolation chbind:chbind: networknetwork isolationisolation capabilities:capabilities: additionaladditional securitysecurity chroot:chroot: diskdisk isolationisolation chroot:chroot: diskdisk isolationisolation
➔ OnceOnce called,called, thethe chrootchroot systemsystem callcall allowallow thethe followingfollowing commandscommands toto startstart fromfrom aa differentdifferent filesystemfilesystem root.root. chroot:chroot: diskdisk isolationisolation
➔ OnceOnce called,called, thethe chrootchroot systemsystem callcall allowallow thethe followingfollowing commandscommands toto startstart fromfrom aa differentdifferent filesystemfilesystem root.root.
➔ ThisThis providesprovides whatwhat wewe cancan callcall ««diskdisk isolationisolation»».. chroot:chroot: diskdisk isolationisolation
➔ OnceOnce called,called, thethe chrootchroot systemsystem callcall allowallow thethe followingfollowing commandscommands toto startstart fromfrom aa differentdifferent filesystemfilesystem root.root.
➔ ThisThis providesprovides whatwhat wewe cancan callcall ««diskdisk isolationisolation»»..
➔ ItIt isis veryvery commoncommon toto useuse aa chrootedchrooted environmentenvironment forfor securitysecurity sensiblesensible servicesservices (FTP,(FTP, Bind,Bind, etc).etc). chroot:chroot: diskdisk isolationisolation
➔ OnceOnce called,called, thethe chrootchroot systemsystem callcall allowallow thethe followingfollowing commandscommands toto startstart fromfrom aa differentdifferent filesystemfilesystem root.root.
➔ ThisThis providesprovides whatwhat wewe cancan callcall ««diskdisk isolationisolation»»..
➔ ItIt isis veryvery commoncommon toto useuse aa chrootedchrooted environmentenvironment forfor securitysecurity sensiblesensible servicesservices (FTP,(FTP, Bind,Bind, etc).etc).
➔ IfIf thethe chrootedchrooted serviceservice isis hacked,hacked, onlyonly thethe filesfiles writablewritable insideinside thethe chrootchroot cancan bebe compromised.compromised. chroot:chroot: diskdisk isolationisolation
Briefly:Briefly:
thethe rootroot ofof allall thethe commandscommands runrun inin aa LinuxLinux--VServerVServer isis notnot thethe samesame asas thethe hosthost systemsystem root.root. ThisThis providesprovides filefile systemsystem isolation.isolation. chcontext:chcontext: processprocess isolationisolation chcontext:chcontext: processprocess isolationisolation
➔ ThisThis isis aa specificspecific vservervserver systemsystem callcall thatthat createscreates aa newnew securitysecurity context.context. chcontext:chcontext: processprocess isolationisolation
➔ ThisThis isis aa specificspecific vservervserver systemsystem callcall thatthat createscreates aa newnew securitysecurity context.context.
➔ ThisThis provideprovide whatwhat wewe callcall ««processprocess isolationisolation»».. chcontext:chcontext: processprocess isolationisolation
➔ ThisThis isis aa specificspecific vservervserver systemsystem callcall thatthat createscreates aa newnew securitysecurity context.context.
➔ ThisThis provideprovide whatwhat wewe callcall ««processprocess isolationisolation»»..
➔ TheThe usualusual oror ««hostedhosted»» securitysecurity contextcontext isis thethe contextcontext ''0'',''0'', whichwhich hashas thethe samesame privilegesprivileges ofof thethe rootroot useruser (UID(UID 0):0): cancan seesee andand killkill otherother taskstasks inin thethe otherother contexts.contexts. chcontext:chcontext: processprocess isolationisolation
➔ IfIf wewe exceptexcept thethe contextcontext numbernumber 11 whichwhich isis usedused toto ««viewview»» otherother contextscontexts butbut cancan notnot affectaffect them,them, thenthen thethe contextcontext isolationisolation isis complete:complete: processesprocesses fromfrom oneone contextcontext cancan notnot seesee neitherneither interactinteract withwith processesprocesses fromfrom anotheranother context.context. chcontext:chcontext: processprocess isolationisolation
➔ IfIf wewe exceptexcept thethe contextcontext numbernumber 11 whichwhich isis usedused toto ««viewview»» otherother contextscontexts butbut cancan notnot affectaffect them,them, thenthen thethe contextcontext isolationisolation isis complete:complete: processesprocesses fromfrom oneone contextcontext cancan notnot seesee neitherneither interactinteract withwith processesprocesses fromfrom anotheranother context.context.
➔ ThisThis provideprovide thethe abilityability toto runrun similarsimilar contextscontexts onon thethe samesame computercomputer withoutwithout anyany interactioninteraction possiblepossible atat thethe applicationapplication level.level. chcontext:chcontext: processprocess isolationisolation
Briefly:Briefly:
thethe rootroot ofof allall thethe commandscommands runrun inin aa LinuxLinux--VServerVServer isis notnot thethe samesame asas thethe hosthost systemsystem root.root. ThisThis providesprovides filefile systemsystem isolation.isolation. chbind:chbind: networknetwork isolationisolation chbind:chbind: networknetwork isolationisolation
➔ TheThe otherother vservervserver specificspecific systemsystem callcall thatthat providesprovides ««networknetwork isolationisolation»».. chbind:chbind: networknetwork isolationisolation
➔ TheThe otherother vservervserver specificspecific systemsystem callcall thatthat providesprovides ««networknetwork isolationisolation»»..
➔ OnceOnce called,called, allall traffictraffic sentsent byby anyany ofof thethe networknetwork interfaceinterface isis alteratedalterated soso thatthat itit comescomes fromfrom thethe argumentargument givengiven toto chbindchbind (an(an ipv4ipv4 oror ipv6ipv6 address).address). chbind:chbind: networknetwork isolationisolation
➔ TheThe otherother vservervserver specificspecific systemsystem callcall thatthat providesprovides ««networknetwork isolationisolation»»..
➔ OnceOnce called,called, allall traffictraffic sentsent byby anyany ofof thethe networknetwork interfaceinterface isis alteratedalterated soso thatthat itit comescomes fromfrom thethe argumentargument givengiven toto chbindchbind (an(an ipv4ipv4 oror ipv6ipv6 address).address).
➔ ProcessesProcesses runrun fromfrom oneone chbindchbind sendsend packetspackets withwith oneone IPIP addressaddress whilewhile processesprocesses runrun fromfrom anotheranother chbindchbind sendsend packetspackets withwith anotheranother IPIP adress.adress. chbind:chbind: networknetwork isolationisolation
➔ TheThe otherother vservervserver specificspecific systemsystem callcall thatthat providesprovides ««networknetwork isolationisolation»»..
➔ OnceOnce called,called, allall traffictraffic sentsent byby anyany ofof thethe networknetwork interfaceinterface isis alteratedalterated soso thatthat itit comescomes fromfrom thethe argumentargument givengiven toto chbindchbind (an(an ipv4ipv4 oror ipv6ipv6 address).address).
➔ ProcessesProcesses runrun fromfrom oneone chbindchbind sendsend packetspackets withwith oneone IPIP addressaddress whilewhile processesprocesses runrun fromfrom anotheranother chbindchbind sendsend packetspackets withwith anotheranother IPIP adress.adress.
➔ ThisThis usesuses thethe virtualvirtual devicedevice infrastructureinfrastructure thatthat allowallow aa computercomputer withwith aa singlesingle NICNIC toto havehave numerousnumerous IPIP address.address. chbind:chbind: networknetwork isolationisolation
Briefly:Briefly:
eacheach packetpacket sendsend fromfrom aa LinuxLinux-- VServerVServer hashas itsits originorigin sentsent toto aa wellwell defineddefined IPIP address.address. ThisThis providesprovides networknetwork isolation.isolation. capabilities:capabilities: additionaladditional securitysecurity capabilities:capabilities: additionaladditional securitysecurity
➔ TheThe POSIXPOSIX capabilitiescapabilities werewere designeddesigned toto ««hardenedhardened»» aa POSIXPOSIX system.system. capabilities:capabilities: additionaladditional securitysecurity
➔ TheThe POSIXPOSIX capabilitiescapabilities werewere designeddesigned toto ««hardenedhardened»» aa POSIXPOSIX system.system.
➔ AA rootroot accountaccount inin aa defaultdefault LinuxLinux--VServerVServer hashas muchmuch lessless privilegesprivileges thanthan aa rootroot accountaccount onon aa regularregular LinuxLinux serverserver capabilities:capabilities: additionaladditional securitysecurity
➔ TheThe POSIXPOSIX capabilitiescapabilities werewere designeddesigned toto ««hardenedhardened»» aa POSIXPOSIX system.system.
➔ AA rootroot accountaccount inin aa defaultdefault LinuxLinux--VServerVServer hashas muchmuch lessless privilegesprivileges thanthan aa rootroot accountaccount onon aa regularregular LinuxLinux serverserver
➔ ForFor instance,instance, IPIP addressesaddresses cannotcannot bebe changedchanged (no(no ifconfig!),ifconfig!), nodesnodes cancan notnot bebe createdcreated (no(no mknod),mknod), hardwarehardware timetime cancan notnot bebe set,set, etc.etc. capabilities:capabilities: additionaladditional securitysecurity
➔ ThisThis isis speciallyspecially interstingintersting becausebecause fitsfits veryvery nicelynicely withwith thethe LinuxLinux--VServerVServer modelmodel wherewhere onlyonly thethe hosthost serverserver cancan setset upup certaincertain propertiesproperties ofof thethe vservervserver (IP(IP address,address, time,time, networknetwork interface,interface, etc)etc) andand thethe LinuxLinux--VServersVServers cancan notnot alteralter thosethose settingssettings (for(for obviousobvious securitysecurity reasons).reasons). capabilities:capabilities: additionaladditional securitysecurity
Briefly:Briefly: eacheach LinuxLinux--VServerVServer hashas aa setset ofof capabilitiescapabilities (none(none byby default)default) inin orderorder toto bebe ableable toto work.work. StrictlyStrictly speaking,speaking, thisthis meansmeans thatthat aa rootroot onon aa LinuxLinux--VServerVServer hashas muchmuch lessless ««privilegesprivileges»» thanthan aa rootroot accountaccount onon aa regularregular LinuxLinux server.server. ThisThis providesprovides ««rootroot»»--isolation.isolation. HowHow itit works?works?
Vserver1 Vserver3 RAM
Vserver2 Vserver4 Devices
Host system (context 0) Kernel 2.6.8.1-vs1.9.2 Context 413455 Context 23456 Context 234656 Context 3456 HowHow itit works?works? HowHow itit works?works?
ContextContext 00 hashas powerpower overover allall thethe othersothers contextscontexts HowHow itit works?works?
ContextContext 00 hashas powerpower overover allall thethe othersothers contextscontexts ContextContext 11 :: cancan onlyonly watchwatch thethe otherother contextscontexts (special)(special) HowHow itit works?works?
ContextContext 00 hashas powerpower overover allall thethe othersothers contextscontexts ContextContext 11 :: cancan onlyonly watchwatch thethe otherother contextscontexts (special)(special) OtherOther contextescontextes :: cancan onlyonly seesee themselves.themselves. HowHow itit works?works?
ContextContext 00 hashas powerpower DevicesDevices :: it'sit's thethe hosthost overover allall thethe othersothers serverserver (context(context 0)0) thatthat contextscontexts decidesdecides whowho havehave ContextContext 11 :: cancan onlyonly acessacess toto whatwhat watchwatch thethe otherother contextscontexts (special)(special) OtherOther contextescontextes :: cancan onlyonly seesee themselves.themselves. HowHow itit works?works?
ContextContext 00 hashas powerpower DevicesDevices :: it'sit's thethe hosthost overover allall thethe othersothers serverserver (context(context 0)0) thatthat contextscontexts decidesdecides whowho havehave ContextContext 11 :: cancan onlyonly acessacess toto whatwhat watchwatch thethe otherother ExempleExemple :: network,network, contextscontexts (special)(special) mountmount points,points, /proc,/proc, OtherOther contextescontextes :: cancan etc.etc. onlyonly seesee themselves.themselves. ConclusionConclusion ConclusionConclusion
BecauseBecause ofof itsits maturitymaturity (several(several productionproduction systemssystems withwith moremore thanthan 2020 LinuxLinux--VServersVServers inin productionproduction forfor years)years) andand becausebecause thisthis isis thethe moremore lightweightlightweight virtualizationvirtualization technique,technique, wewe believebelieve thatthat LinuxLinux--VServerVServer isis thethe bestbest tooltool forfor virtualizingvirtualizing LinuxLinux serversservers onon aa LinuxLinux operatingoperating systemsystem host.host. ConclusionConclusion
ThereThere areare somesome casescases wherewhere otherother techniquestechniques areare necessary,necessary, mainlymainly runningrunning anotheranother OSOS andand kernelkernel development,development, butbut besidebeside thisthis twotwo cases,cases, thethe LinuxLinux--VServerVServer isis reallyreally thethe bestbest virtualizationvirtualization techniquetechnique available.available. ConclusionConclusion
TheThe useuse ofof aa singlesingle kernelkernel forfor allall thethe LinuxLinux--VServersVServers hostedhosted onon oneone systemsystem providesprovides thethe projectproject severalseveral keykey advantagesadvantages whenwhen comparedcompared toto otherother virtualizationvirtualization techniques:techniques: ConclusionConclusion
TheThe useuse ofof aa singlesingle kernelkernel forfor allall thethe LinuxLinux--VServersVServers hostedhosted onon oneone systemsystem providesprovides thethe projectproject severalseveral keykey advantagesadvantages whenwhen comparedcompared toto otherother virtualizationvirtualization techniques:techniques:
➔LightweightLightweight:: onlyonly servicesservices areare startedstarted onon thethe hostedhosted LinuxLinux--VServerVServer,, notnot allall thethe processesprocesses resultingresulting fromfrom aa completecomplete bootboot process.process. ConclusionConclusion
➔ UsesUses thethe latestlatest LinuxLinux kernelkernel developmentdevelopment easilyeasily:: forfor instance,instance, withwith thethe O(1)O(1) scheduler,scheduler, allall thethe processesprocesses areare wellwell prioritized.prioritized. ConclusionConclusion
➔ UsesUses thethe latestlatest LinuxLinux kernelkernel developmentdevelopment easilyeasily:: forfor instance,instance, withwith thethe O(1)O(1) scheduler,scheduler, allall thethe processesprocesses areare wellwell prioritized.prioritized.
➔ NativeNative usageusage ofof devicedevice driversdrivers:: withwith thethe LinuxLinux-- VServerVServer project,project, oneone cancan useuse thethe latestlatest kernelkernel driversdrivers withoutwithout anyany performanceperformance penaltypenalty introducedintroduced byby thethe virtualizationvirtualization layer.layer. AcknowledgementsAcknowledgements
ThisThis researchresearch hashas beenbeen fundedfunded byby thethe NationalNational ResearchResearch Council'sCouncil's IndustrialIndustrial ResearchResearch AssistanceAssistance ProgramProgram (NRC(NRC--IRAP),IRAP), projectproject numbernumber 547017547017 JacquesJacques Gelinas,Gelinas, forfor thethe originaloriginal ideaidea andand valuablevaluable discussion.discussion. HerbertHerbert Poetzl,Poetzl, thethe currentcurrent projectproject leaderleader TheThe LinuxLinux--VServerVServer communitycommunity forfor theirtheir positivepositive attitude.attitude......