Operating System-Level Virtualization

Source: Wikipedia: OS Virtualization

Operating system-level virtualization

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Operating system-level virtualization is a server virtualization method where the kernel of an operating system allows for multiple isolated user-space instances, instead of just one. Such instances (often called containers, VEs, VPSs or jails) may look and feel like a real server, from the point of view of its owner. On Unix systems, this technology can be thought of as an advanced implementation of the standard chroot mechanism. In addition to isolation mechanisms, the kernel often provides resource management features to limit the impact of one container's activities on the other containers.

* 1 Uses
* 2 Advantages and disadvantages
o 2.1 Overhead
o 2.2 Flexibility
o 2.3 Storage
* 3 Implementations
o 3.1 Notes
* 4 See also
* 5 External links

[edit] Uses

Operating system-level virtualization is commonly used in virtual hosting environments, where it is useful for securely allocating finite hardware resources amongst a large number of mutually-distrusting users. It is also used, to a lesser extent, for consolidating server hardware by moving services on separate hosts into containers on the one server.

Other typical scenarios include separating several applications to separate containers for improved security, hardware independence, and added resource management features.

OS-level virtualization implementations that are capable of live migration can be used for dynamic load balancing of containers between nodes in a cluster.
[edit] Advantages and disadvantages
[edit] Overhead

This form of virtualization usually imposes little or no overhead, because programs in virtual partition use the operating system's normal system call interface and do not need to be subject to emulation or run in an intermediate virtual machine, as is the case with whole-system virtualizers (such as VMware and QEMU) or paravirtualizers (such as Xen and UML). It also does not require hardware assistance to perform efficiently.
[edit] Flexibility

Operating system-level virtualization is not as flexible as other virtualization approaches since it cannot host a guest operating system different from the host one, or a different guest kernel. For example, with Linux, different distributions are fine, but other OS such as Windows cannot be hosted. This limitation is partially overcome in Solaris by its branded zones feature, which provides the ability to run an environment within a container that emulates a Linux 2.4-based release or an older Solaris release.
[edit] Storage

Some operating-system virtualizers provide file-level copy-on-write mechanisms. (Most commonly, a standard file system is shared between partitions, and partitions which change the files automatically create their own copies.) This is easier to back up, more space-efficient and simpler to cache than the block-level copy-on-write schemes common on whole-system virtualizers. Whole-system virtualizers, however, can work with non-native file systems and create and roll back snapshots of the entire system state.
[edit] Implementations
Mechanism Operating system License Release date Features
File system isolation Disk quotas I/O rate limiting Memory limits CPU quotas Network isolation Partition checkpointing
and live migration
chroot most UNIX-like operating systems Proprietary


1982 Partial[1] No No No No No No
FreeVPS Linux GNU GPL - Yes Yes No Yes Yes Yes No
iCore Virtual Accounts Windows XP Proprietary 06/2008 Yes Yes No No No Yes No
(security context) Linux GNU GPL v.2 - Yes Yes Yes [2] Yes Yes Yes[3] No
(virtualization, isolation and resource management) Linux GNU GPL v.2 - Yes Yes Yes [4] Yes Yes Yes[5] Yes
Parallels Virtuozzo Containers Linux, Windows Proprietary - Yes Yes Yes [6] Yes Yes Yes[5] Yes
Container/Zone OpenSolaris CDDL 05/2008 Yes Yes No Yes Yes Yes[7] No[8]
Container/Zone Solaris CDDL 01/2005 Yes Yes No Yes Yes No[9] No[8]
FreeBSD Jail FreeBSD BSD 03/2000 Yes Yes [10] No Partial [11] Partial [12] Yes No
sysjail OpenBSD, NetBSD BSD - Yes No No No No Yes No
WPARs AIX Proprietary 10/2007 Yes Yes Yes Yes Yes Yes[13] Yes[14]
[edit] Notes

1. ^ Root user can easily escape from chroot. Chroot was never supposed to be used as a security mechanism.
2. ^ Utilizing the CFQ scheduler, you get a separate queue per guest.
3. ^ Networking is based on isolation, not virtualization.
4. ^ Available since kernel 2.6.18-028stable021. Implementation is based on CFQ disk I/O scheduler, but it is a two-level schema, so I/O priority is not per-process, but rather per-container. See OpenVZ wiki: I/O priorities for VE for details.
5. ^ a b Network is not isolated, but rather virtualized, meaning each virtual environment can have its own IP addresses, firewall rules, routing tables and so on. Therefore this layer does not support network isolation, has to be architected at hardware level.
6. ^ Available since version 4.0, January 2008.
7. ^ See OpenSolaris Network Virtualization and Resource Control and Network Virtualization and Resource Control (Crossbow) FAQ for details.
8. ^ a b Cold migration (shutdown-move-restart) is implemented.
9. ^ Solaris 10 Containers have isolated networks when a dedicated NIC is assigned to the container ("exclusive IP"). Network is not isolated, but rather virtualized, meaning each virtual environment can have its own IP addresses, firewall rules, routing tables and so on. Therefore this layer does not support network isolation, has to be architected at hardware level.
10. ^ Check the "allow.quotas" option and the "Jails and File Systems" section on the FreeBSD jail man page for details.
11. ^ Now available with a still unofficial patch. Check the FreeBSD Wiki for further information.
12. ^ Check the "cpuset.id" option on the FreeBSD jail man page and the cpuset command. It's not a full cpu quota support because it constraints one or more processes to a given set/list of processors (cores) but it doesn't control the absolute processor/core related utilization.
13. ^ Available since TL 02. See [1] for details.
14. ^ See [2]

[edit] See also

* Platform virtualization
* Application virtualization
* Portable application creators

[edit] External links

* An introduction to Virtualization
* A short intro to three different virtualization techniques

Retrieved from "http://en.wikipedia.org/wiki/Operating_system-level_virtualization"
Categories: Virtualization software | Operating system technology | Operating system security
Personal tools

* New features
* Log in / create account


* Article
* Discussion



* Read
* Edit
* View history



* Main page
* Contents
* Featured content
* Current events
* Random article


* About Wikipedia
* Community portal
* Recent changes
* Contact Wikipedia
* Donate to Wikipedia
* Help


* What links here
* Related changes
* Upload file
* Special pages
* Permanent link
* Cite this page


* Create a book
* Download as PDF
* Printable version


* Русский

* This page was last modified on 1 June 2010 at 10:02.
* Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. See Terms of Use for details.
Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization.
* Contact us

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License