Share on Facebook Share on Twitter Email
Answers.com

Operating system-level virtualization

 
Computer Desktop Encyclopedia: OS virtualization
Home > Library > Technology > Computer Encyclopedia

(1) In practice, the term may refer to the more traditional virtualization method rather than the technique described below (see virtual machine).

(2) A method for splitting a single computer into multiple partitions called "virtual environments" (VEs), in order to prevent applications from interfering with each other. A virtual environment (VE) is also called a "virtual private server" (VPS) or "container."

The OS virtualization method differs from the traditional "virtual machine" (VM) method, because it supports only the same operating system in each partition rather than different operating systems running simultaneously. Also called "operating system-level virtualization," OS virtualization replicates components of the host operating system into each virtual environment (VE). Therefore, if the operating system were Linux, all VEs must run Linux. For several usage scenarios that explain the benefits of virtualization, see virtual machine.

Advantages Over Virtual Machines (VMs)

In the traditional virtual machine method, each of the operating systems communicates through an abstraction layer to the hardware. The more VMs running at the same time, the more the entire system slows. However, virtual environments (VEs) communicate directly to the host operating system as in a non-virtualized computer, and performance is improved.

Because OS virtualization partitions can be much smaller than virtual machine partitions, many more can run in the same hardware configuration. In fact, hundreds of virtual environments (VEs) can exist in a single machine. An example of OS virtualization software is SWsoft's Virtuozzo (see Virtuozzo). Contrast with virtual machine.

Download Computer Desktop Encyclopedia to your iPhone/iTouch

Search unanswered questions...

Enter a question here...
Search: All sources Community Q&A Reference topics

Wikipedia: Operating system-level virtualization
Top
Home > Library > Miscellaneous > Wikipedia

Operating system-level virtualization is a server virtualization method where the kernel of an operating system allows for multiple isolated user-space instances, instead of just one. Such instances (often called containers, VEs, VPSs or jails) may look and feel like a real server, from the point of view of its owner. On Unix systems, this technology can be thought of as an advanced implementation of the standard chroot mechanism. In addition to isolation mechanisms, the kernel often provides resource management features to limit the impact of one container's activities on the other containers.

Contents

Uses

Operating system-level virtualization is commonly used in virtual hosting environments, where it is useful for securely allocating finite hardware resources amongst a large number of mutually-distrusting users. It is also used, to a lesser extent, for consolidating server hardware by moving services on separate hosts into containers on the one server.

Other typical scenarios include separating several applications to separate containers for improved security, hardware independence, and added resource management features.

OS-level virtualization implementations that are capable of live migration can be used for dynamic load balancing of containers between nodes in a cluster.

Advantages and disadvantages

Overhead

This form of virtualization usually imposes little or no overhead, because programs in virtual partition use the operating system's normal system call interface and do not need to be subject to emulation or run in an intermediate virtual machine, as is the case with whole-system virtualizers (such as VMware and QEMU) or paravirtualizers (such as Xen and UML). It also does not require hardware assistance to perform efficiently.

Flexibility

Operating system-level virtualization is not as flexible as other virtualization approaches since it cannot host a guest operating system different from the host one, or a different guest kernel. For example, with Linux, different distributions are fine, but other OS such as Windows cannot be hosted. This limitation is partially overcome in by its branded zones feature, which provides the ability to run an environment within a container that emulates a Linux 2.4-based release or an older Solaris release.

Storage

Some operating-system virtualizers provide file-level copy-on-write mechanisms. (Most commonly, a standard file system is shared between partitions, and partitions which change the files automatically create their own copies.) This is easier to back up, more space-efficient and simpler to cache than the block-level copy-on-write schemes common on whole-system virtualizers. Whole-system virtualizers, however, can work with non-native file systems and create and roll back snapshots of the entire system state.

Example restrictions inside the container

The following actions are often prohibited:

  • Modifying the running kernel by direct access and loading kernel modules.
  • Mounting and dismounting file systems.
  • Creating device nodes.
  • Accessing raw, divert, or routing sockets.
  • Modifying kernel runtime parameters, such as most sysctl settings.
  • Changing securelevel-related file flags.
  • Accessing network resources not associated with the container.

Implementations

Mechanism Operating system License Release date Features
File system isolation Disk quotas I/O rate limiting Memory limits CPU quotas Network isolation Partition checkpointing
and live migration
chroot most UNIX-like operating systems Proprietary

BSD

GNU GPL CDDL

 1982 Yes/No[1] No No No No No No
FreeVPS Linux GNU GPL - Yes Yes No Yes Yes Yes No
iCore Virtual Accounts Windows XP Proprietary 06/2008 Yes Yes No No No Yes No
Linux-VServer
(security context)		 Linux GNU GPL v.2 - Yes Yes Yes/No [2] Yes Yes Yes No
OpenVZ
(virtualization, isolation and resource management)		 Linux GNU GPL v.2 - Yes Yes Yes [3] Yes Yes No[4] Yes
Parallels Virtuozzo Containers Linux, Windows Proprietary - Yes Yes Yes [5] Yes Yes No[4] Yes
Container/Zone OpenSolaris CDDL 05/2008 Yes Yes No Yes Yes Yes[6] No[7]
Container/Zone Solaris CDDL 01/2005 Yes Yes No Yes Yes No[8] No[7]
FreeBSD Jail FreeBSD BSD 03/2000 Yes No No No Yes Yes No
sysjail OpenBSD, NetBSD BSD - Yes No No No No Yes No
WPARs AIX Proprietary 10/2007 Yes Yes Yes Yes Yes Yes[9] Yes[10]

Notes

  1. ^ Root user can easily escape from chroot. Chroot was never supposed to be used as a security mechanism.
  2. ^ Utilizing the CFQ scheduler, you get a separate queue per guest. Actually, the I/O queue is a per-process, not per-guest. So containers can still have arbitrary amount of disk I/O.
  3. ^ Available since kernel 2.6.18-028stable021. Implementation is based on CFQ disk I/O scheduler, but it is a two-level schema, so I/O priority is not per-process, but rather per-container. See OpenVZ wiki: I/O priorities for VE for details.
  4. ^ a b Network is not isolated, but rather virtualized, meaning each virtual environment can have its own IP addresses, firewall rules, routing tables and so on. Therefore this layer does not support network isolation, has to be architected at hardware level.
  5. ^ Available since version 4.0, January 2008.
  6. ^ See OpenSolaris Network Virtualization and Resource Control and Network Virtualization and Resource Control (Crossbow) FAQ for details.
  7. ^ a b Cold migration (shutdown-move-restart) is implemented.
  8. ^ Solaris 10 Containers have isolated networks when a dedicated NIC is assigned to the container ("exclusive IP"). Network is not isolated, but rather virtualized, meaning each virtual environment can have its own IP addresses, firewall rules, routing tables and so on. Therefore this layer does not support network isolation, has to be architected at hardware level.
  9. ^ Available since TL 02. See [1] for details.
  10. ^ See [2]

See also

External links


This entry is from Wikipedia, the leading user-contributed encyclopedia. It may not have been reviewed by professional editors (see full disclaimer)

 
 

 

Copyrights:

Computer Desktop Encyclopedia. THIS COPYRIGHTED DEFINITION IS FOR PERSONAL USE ONLY.
All other reproduction is strictly prohibited without permission from the publisher.
© 1981-2009 Computer Language Company Inc.  All rights reserved.  Read more
Wikipedia. This article is licensed under the Creative Commons Attribution/Share-Alike License. It uses material from the Wikipedia article "Operating system-level virtualization" Read more