OpenVZ is an OS-level virtualization technology that partitions a physical server into multiple isolated virtual environments called containers. It provides strong isolation between containers and allows them to independently run their own services and applications. OpenVZ offers benefits like high density, native performance, dynamic resource allocation and easier management compared to other virtualization methods. It has been widely adopted for server consolidation, hosting, development/testing and other use cases.
OpenVZ, which has turned 7 recently, is an implementation of lightweight virtualization technology for Linux, something which is also referred to as LXC or just containers. The talk gives an insight into 7 different problems with containers and how they were solved. While most of these problems and solutions belongs in the Linux kernel, kernel knowledge is not expected from the audience.
LXC, Docker, security: is it safe to run applications in Linux Containers?Jérôme Petazzoni
Linux Containers (or LXC) is now a popular choice for development and testing environments. As more and more people use them in production deployments, they face a common question: are Linux Containers secure enough? It is often claimed that containers have weaker isolation than virtual machines. We will explore whether this is true, if it matters, and what can be done about it.
Docker, Linux Containers, and Security: Does It Add Up?Jérôme Petazzoni
Containers are becoming increasingly popular. They have many advantages over virtual machines: they boot faster, have less performance overhead, and use less resources. However, those advantages also stem from the fact that containers share the kernel of their host, instead of abstracting an new independent environment. This sharing has significant security implications, as kernel exploits can now lead to host-wide escalations.
In this presentation, we will:
- Review the actual security risks, in particular for multi-tenant environments running arbitrary applications and code
- Discuss how to mitigate those risks
- Focus on containers as implemented by Docker and the libcontainer project, but the discussion also stands for plain containers as implemented by LXC
Linux Containers(LXC) allow running multiple isolated Linux instances (containers) on the same host.
Containers share the same kernel with anything else that is running on it, but can be constrained to only use a defined amount of resources such as CPU, memory or I/O.
A container is a way to isolate a group of processes from the others on a running Linux system.
OpenVZ, which has turned 7 recently, is an implementation of lightweight virtualization technology for Linux, something which is also referred to as LXC or just containers. The talk gives an insight into 7 different problems with containers and how they were solved. While most of these problems and solutions belongs in the Linux kernel, kernel knowledge is not expected from the audience.
LXC, Docker, security: is it safe to run applications in Linux Containers?Jérôme Petazzoni
Linux Containers (or LXC) is now a popular choice for development and testing environments. As more and more people use them in production deployments, they face a common question: are Linux Containers secure enough? It is often claimed that containers have weaker isolation than virtual machines. We will explore whether this is true, if it matters, and what can be done about it.
Docker, Linux Containers, and Security: Does It Add Up?Jérôme Petazzoni
Containers are becoming increasingly popular. They have many advantages over virtual machines: they boot faster, have less performance overhead, and use less resources. However, those advantages also stem from the fact that containers share the kernel of their host, instead of abstracting an new independent environment. This sharing has significant security implications, as kernel exploits can now lead to host-wide escalations.
In this presentation, we will:
- Review the actual security risks, in particular for multi-tenant environments running arbitrary applications and code
- Discuss how to mitigate those risks
- Focus on containers as implemented by Docker and the libcontainer project, but the discussion also stands for plain containers as implemented by LXC
Linux Containers(LXC) allow running multiple isolated Linux instances (containers) on the same host.
Containers share the same kernel with anything else that is running on it, but can be constrained to only use a defined amount of resources such as CPU, memory or I/O.
A container is a way to isolate a group of processes from the others on a running Linux system.
An introduction to Linux Container, Namespace & Cgroup.
Virtual Machine, Linux operating principles. Application constraint execution environment. Isolate application working environment.
Union FileSystem - A Building Blocks Of a ContainerKnoldus Inc.
Namespace, CGroup, and Union file-system are the basic building blocks of a container. Let’s have our focus on file-system. Why yet another file-system for the container? Is Conventional Linux file-systems like ext2, ext3, ext4, XFS, etc. not good enough to meet the purpose? In this blog post, I will try to answer these questions. Here we will be delving deeply into the Union File System and a few of its essential properties.
A guest lecture at National University of Defense Technology (NUDT) in 2016 to postgraduate students in China about emerging technologies in the Linux operating system.
Needle In An Encrypted Haystack: Forensics in a hardened environment (with Fu...Nicolas Collery
Full Disk Encryption (FDE) may be rather useful as a defense mechanism against potential theft of a computer system. However, when the system is compromised and requires careful forensic analysis, FDE can be quite painful to forensic analysts. Unless you deal with standard and widely supported encryption such as LUKS, Bitlocker, TrueCrypt or few others, it might really hard to get through the layers of crypto code in proprietary software.
This presentation delivered at HTCIA (HIGH TECHNOLOGY CRIME INVESTIGATION ASSOCIATION - Singapore) highlights few techniques to let a remote analyst perform investigations.
https://htcia.org
Advanced cgroups and namespaces
This talk picks up where we left off in the previous cgroups and namespaces talk and dive in even deeper!
Agenda:
* cgroups v2 design (cgroup v2 was started to be merged in the current kernel, 4.4)
* cgroups v2 examples (migrating tasks, enabling and disabling controllers, and more).
* comparison between cgroup v2 unified hierarchy and cgroup v1 legacy hierarchy.
* PIDs namespaces (from kernel 4.3)
* cgroup namespaces (not merged yet)
The talk is about operating system virtualization technology known as OpenVZ. This is an effective way of partitioning a Linux machine into multiple isolated Linux containers. All containers are running on top of one single Linux kernel, which results in excellent density, performance and manageability. The talk gives an overall description of OpenVZ building blocks, such as namespaces, cgroups and various resource controllers. A few features, notably live migration and virtual swap, are described in greater details. Results of some performance measurements against VMware, Xen and KVM are given. Finally, we will provide a status update on merging bits and pieces of OpenVZ kernel to upstream Linux kernel, and share our plans for the future.
presentation held at SUSE Linux Expert Forum December 2014
Linux container history and Linux namespaces
examples include:
* Move a VPN connection to its own namespace(p 25)
* User namespaces demo(p 28)
see collection of useful articles and advanced container usecases pp 29
An introduction to Linux Container, Namespace & Cgroup.
Virtual Machine, Linux operating principles. Application constraint execution environment. Isolate application working environment.
Union FileSystem - A Building Blocks Of a ContainerKnoldus Inc.
Namespace, CGroup, and Union file-system are the basic building blocks of a container. Let’s have our focus on file-system. Why yet another file-system for the container? Is Conventional Linux file-systems like ext2, ext3, ext4, XFS, etc. not good enough to meet the purpose? In this blog post, I will try to answer these questions. Here we will be delving deeply into the Union File System and a few of its essential properties.
A guest lecture at National University of Defense Technology (NUDT) in 2016 to postgraduate students in China about emerging technologies in the Linux operating system.
Needle In An Encrypted Haystack: Forensics in a hardened environment (with Fu...Nicolas Collery
Full Disk Encryption (FDE) may be rather useful as a defense mechanism against potential theft of a computer system. However, when the system is compromised and requires careful forensic analysis, FDE can be quite painful to forensic analysts. Unless you deal with standard and widely supported encryption such as LUKS, Bitlocker, TrueCrypt or few others, it might really hard to get through the layers of crypto code in proprietary software.
This presentation delivered at HTCIA (HIGH TECHNOLOGY CRIME INVESTIGATION ASSOCIATION - Singapore) highlights few techniques to let a remote analyst perform investigations.
https://htcia.org
Advanced cgroups and namespaces
This talk picks up where we left off in the previous cgroups and namespaces talk and dive in even deeper!
Agenda:
* cgroups v2 design (cgroup v2 was started to be merged in the current kernel, 4.4)
* cgroups v2 examples (migrating tasks, enabling and disabling controllers, and more).
* comparison between cgroup v2 unified hierarchy and cgroup v1 legacy hierarchy.
* PIDs namespaces (from kernel 4.3)
* cgroup namespaces (not merged yet)
The talk is about operating system virtualization technology known as OpenVZ. This is an effective way of partitioning a Linux machine into multiple isolated Linux containers. All containers are running on top of one single Linux kernel, which results in excellent density, performance and manageability. The talk gives an overall description of OpenVZ building blocks, such as namespaces, cgroups and various resource controllers. A few features, notably live migration and virtual swap, are described in greater details. Results of some performance measurements against VMware, Xen and KVM are given. Finally, we will provide a status update on merging bits and pieces of OpenVZ kernel to upstream Linux kernel, and share our plans for the future.
presentation held at SUSE Linux Expert Forum December 2014
Linux container history and Linux namespaces
examples include:
* Move a VPN connection to its own namespace(p 25)
* User namespaces demo(p 28)
see collection of useful articles and advanced container usecases pp 29
PHP Apps on the Move - Migrating from In-House to Cloud RightScale
RightScale Conference NYC 2012 -- PHP Apps on the Move - Migrating from In-House to Cloud
Kent Mitchell - Sr. Director, Product Management, Zend
It’s a common problem: How to move your PHP system to the cloud without completely overhauling your app. Most existing systems and applications were not designed for the level of elasticity the cloud brings. But many of those apps can still take advantage of all that the cloud offers - while requiring very few modifications.
In this session, we will discuss how one customer leveraged the off-the-shelf capabilities of RightScale and Zend to migrate from a fixed, non-scalable traditional architecture to an elastic, high-availability cloud architecture. Join us for a deeper look at this auto-scaling PaaS solution specifically designed to make it easier for you to deploy and manage cloud-based, highly available PHP server clusters.
Trabajo de fin de Ciclo Formativo Grado Superior en Administración de Sistemas en red (ASIR/ASIX).
El trabajo consiste en un proyecto de virtualizacion de servidores para dar una alta disponibilidad (HA) mediante el sistema Proxmox. El servicio a dar en cuestión finalmente fue de un servidor proxy y web, por falta de tiempo y problemas con la configuración de Zentyal, fue imposible su instalación.
For people who want to start out with #opensource , #openstack, #cloud , #bigdata Linux is the foundational skill. Consider this a beginner guide to linux , understand why it is important , what is the landscape and how easy it is to learn it.
The learning cheat sheet can be utilized from http://linoxide.com/guide/linux-command-shelf.html
PDF version attached as well .
What is an operating System Structure?
We want a clear structure to let us apply an operating system to our particular needs because operating systems have complex structures. It is easier to create an operating system in pieces, much as we break down larger issues into smaller, more manageable subproblems. Every segment is also a part of the operating system. Operating system structure can be thought of as the strategy for connecting and incorporating various operating system components within the kernel. Operating systems are implemented using many types of structures, as will be discussed below:
SIMPLE STRUCTURE
It is the most straightforward operating system structure, but it lacks definition and is only appropriate for usage with tiny and restricted systems. Since the interfaces and degrees of functionality in this structure are clearly defined, programs are able to access I/O routines, which may result in unauthorized access to I/O procedures.
Note: also see https://www.slideshare.net/xen_com_mgr/ossna18-xen-beginners-training-exercise-script
The Xen Project supports some of the biggest clouds in production today and is moving into new industries, like security and automotive. Usually, you will use Xen indirectly as part of a commercial product, a distro, a hosting or cloud service and only indirectly use Xen. By following this session you will learn how Xen and virtualization work under the hood exploring high-level topics like architecture concepts related to virtualization to more technical attributes of the hypervisor like memory management (ballooning), virtual CPUs, scheduling, pinning, saving/restoring and migrating VMs.
Live migrating a container: pros, cons and gotchas -- Pavel EmelyanovOpenVZ
Live migrating a container: pros, cons and gotchas
Monday, November 16 • 17:20 - 18:05
Pavel Emelyanov
Principal Engineer, Odin
Principal engineer at Odin Server Virtualization team, creator and maintainer of the CRIU project. Joined Parallels in 2004 as junior Linux kernel developer, later became kernel team leader. Now works on architecture of the Odin Server products. | | Pavel tweets at @xemulp.
http://dockerconeu2015.sched.org/event/62e6d2ea7380442a48fafaeee26c9842
В своей презентации мы на примере дистрибутива Linux расскажем об опыте организации процесса тестирования продукта, существенная часть (более 90%) кода которого создается независимыми от компании разработчиками.
https://www.youtube.com/watch?v=AstgrnE7_dI
Atelier - Innover avec l’IA Générative et les graphes de connaissancesNeo4j
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Allez au-delà du battage médiatique autour de l’IA et découvrez des techniques pratiques pour utiliser l’IA de manière responsable à travers les données de votre organisation. Explorez comment utiliser les graphes de connaissances pour augmenter la précision, la transparence et la capacité d’explication dans les systèmes d’IA générative. Vous partirez avec une expérience pratique combinant les relations entre les données et les LLM pour apporter du contexte spécifique à votre domaine et améliorer votre raisonnement.
Amenez votre ordinateur portable et nous vous guiderons sur la mise en place de votre propre pile d’IA générative, en vous fournissant des exemples pratiques et codés pour démarrer en quelques minutes.
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Łukasz Chruściel
No one wants their application to drag like a car stuck in the slow lane! Yet it’s all too common to encounter bumpy, pothole-filled solutions that slow the speed of any application. Symfony apps are not an exception.
In this talk, I will take you for a spin around the performance racetrack. We’ll explore common pitfalls - those hidden potholes on your application that can cause unexpected slowdowns. Learn how to spot these performance bumps early, and more importantly, how to navigate around them to keep your application running at top speed.
We will focus in particular on tuning your engine at the application level, making the right adjustments to ensure that your system responds like a well-oiled, high-performance race car.
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
What is Augmented Reality Image Trackingpavan998932
Augmented Reality (AR) Image Tracking is a technology that enables AR applications to recognize and track images in the real world, overlaying digital content onto them. This enhances the user's interaction with their environment by providing additional information and interactive elements directly tied to physical images.
May Marketo Masterclass, London MUG May 22 2024.pdfAdele Miller
Can't make Adobe Summit in Vegas? No sweat because the EMEA Marketo Engage Champions are coming to London to share their Summit sessions, insights and more!
This is a MUG with a twist you don't want to miss.
Transform Your Communication with Cloud-Based IVR SolutionsTheSMSPoint
Discover the power of Cloud-Based IVR Solutions to streamline communication processes. Embrace scalability and cost-efficiency while enhancing customer experiences with features like automated call routing and voice recognition. Accessible from anywhere, these solutions integrate seamlessly with existing systems, providing real-time analytics for continuous improvement. Revolutionize your communication strategy today with Cloud-Based IVR Solutions. Learn more at: https://thesmspoint.com/channel/cloud-telephony
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxrickgrimesss22
Discover the essential features to incorporate in your Winzo clone app to boost business growth, enhance user engagement, and drive revenue. Learn how to create a compelling gaming experience that stands out in the competitive market.
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppGoogle
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-fusion-buddy-review
AI Fusion Buddy Review: Key Features
✅Create Stunning AI App Suite Fully Powered By Google's Latest AI technology, Gemini
✅Use Gemini to Build high-converting Converting Sales Video Scripts, ad copies, Trending Articles, blogs, etc.100% unique!
✅Create Ultra-HD graphics with a single keyword or phrase that commands 10x eyeballs!
✅Fully automated AI articles bulk generation!
✅Auto-post or schedule stunning AI content across all your accounts at once—WordPress, Facebook, LinkedIn, Blogger, and more.
✅With one keyword or URL, generate complete websites, landing pages, and more…
✅Automatically create & sell AI content, graphics, websites, landing pages, & all that gets you paid non-stop 24*7.
✅Pre-built High-Converting 100+ website Templates and 2000+ graphic templates logos, banners, and thumbnail images in Trending Niches.
✅Say goodbye to wasting time logging into multiple Chat GPT & AI Apps once & for all!
✅Save over $5000 per year and kick out dependency on third parties completely!
✅Brand New App: Not available anywhere else!
✅ Beginner-friendly!
✅ZERO upfront cost or any extra expenses
✅Risk-Free: 30-Day Money-Back Guarantee!
✅Commercial License included!
See My Other Reviews Article:
(1) AI Genie Review: https://sumonreview.com/ai-genie-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
#AIFusionBuddyReview,
#AIFusionBuddyFeatures,
#AIFusionBuddyPricing,
#AIFusionBuddyProsandCons,
#AIFusionBuddyTutorial,
#AIFusionBuddyUserExperience
#AIFusionBuddyforBeginners,
#AIFusionBuddyBenefits,
#AIFusionBuddyComparison,
#AIFusionBuddyInstallation,
#AIFusionBuddyRefundPolicy,
#AIFusionBuddyDemo,
#AIFusionBuddyMaintenanceFees,
#AIFusionBuddyNewbieFriendly,
#WhatIsAIFusionBuddy?,
#HowDoesAIFusionBuddyWorks
Graspan: A Big Data System for Big Code AnalysisAftab Hussain
We built a disk-based parallel graph system, Graspan, that uses a novel edge-pair centric computation model to compute dynamic transitive closures on very large program graphs.
We implement context-sensitive pointer/alias and dataflow analyses on Graspan. An evaluation of these analyses on large codebases such as Linux shows that their Graspan implementations scale to millions of lines of code and are much simpler than their original implementations.
These analyses were used to augment the existing checkers; these augmented checkers found 132 new NULL pointer bugs and 1308 unnecessary NULL tests in Linux 4.4.0-rc5, PostgreSQL 8.3.9, and Apache httpd 2.2.18.
- Accepted in ASPLOS ‘17, Xi’an, China.
- Featured in the tutorial, Systemized Program Analyses: A Big Data Perspective on Static Analysis Scalability, ASPLOS ‘17.
- Invited for presentation at SoCal PLS ‘16.
- Invited for poster presentation at PLDI SRC ‘16.
Zoom is a comprehensive platform designed to connect individuals and teams efficiently. With its user-friendly interface and powerful features, Zoom has become a go-to solution for virtual communication and collaboration. It offers a range of tools, including virtual meetings, team chat, VoIP phone systems, online whiteboards, and AI companions, to streamline workflows and enhance productivity.
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeAftab Hussain
Understanding variable roles in code has been found to be helpful by students
in learning programming -- could variable roles help deep neural models in
performing coding tasks? We do an exploratory study.
- These are slides of the talk given at InteNSE'23: The 1st International Workshop on Interpretability and Robustness in Neural Software Engineering, co-located with the 45th International Conference on Software Engineering, ICSE 2023, Melbourne Australia
Mobile App Development Company In Noida | Drona InfotechDrona Infotech
Looking for a reliable mobile app development company in Noida? Look no further than Drona Infotech. We specialize in creating customized apps for your business needs.
Visit Us For : https://www.dronainfotech.com/mobile-application-development/
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Enterprise Resource Planning System includes various modules that reduce any business's workload. Additionally, it organizes the workflows, which drives towards enhancing productivity. Here are a detailed explanation of the ERP modules. Going through the points will help you understand how the software is changing the work dynamics.
To know more details here: https://blogs.nyggs.com/nyggs/enterprise-resource-planning-erp-system-modules/
GraphSummit Paris - The art of the possible with Graph TechnologyNeo4j
Sudhir Hasbe, Chief Product Officer, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Hand Rolled Applicative User ValidationCode KataPhilip Schwarz
Could you use a simple piece of Scala validation code (granted, a very simplistic one too!) that you can rewrite, now and again, to refresh your basic understanding of Applicative operators <*>, <*, *>?
The goal is not to write perfect code showcasing validation, but rather, to provide a small, rough-and ready exercise to reinforce your muscle-memory.
Despite its grandiose-sounding title, this deck consists of just three slides showing the Scala 3 code to be rewritten whenever the details of the operators begin to fade away.
The code is my rough and ready translation of a Haskell user-validation program found in a book called Finding Success (and Failure) in Haskell - Fall in love with applicative functors.
OpenMetadata Community Meeting - 5th June 2024OpenMetadata
The OpenMetadata Community Meeting was held on June 5th, 2024. In this meeting, we discussed about the data quality capabilities that are integrated with the Incident Manager, providing a complete solution to handle your data observability needs. Watch the end-to-end demo of the data quality features.
* How to run your own data quality framework
* What is the performance impact of running data quality frameworks
* How to run the test cases in your own ETL pipelines
* How the Incident Manager is integrated
* Get notified with alerts when test cases fail
Watch the meeting recording here - https://www.youtube.com/watch?v=UbNOje0kf6E
1. An overview of OpenVZ
virtualization technology
Kir Kolyshkin <kir@openvz.org>
OpenVZ project manager
Gelato ICE
17 Apr 2007
2. 2
What is virtualization?
Virtualization is a technique for deploying technologies. Virtualization
creates a level of indirection or an abstraction layer between a physical
object and the managing or using application.
http://www.aarohi.net/info/glossary.html
Virtualization is a framework or methodology of dividing the resources of
a computer into multiple execution environments...
http://www.kernelthread.com/publications/virtualization/
A key benefit of the virtualization is the ability to run multiple operating
systems on a single physical server and share the underlying hardware
resources – known as partitioning.
http://www.vmware.com/pdf/virtualization.pdf
3. 3
Ways to Virtualize
Hardware Emulation
Para-Virtualization
Virtualization on the OS level
Multi-server virtualization
6. Comparison
Can run different OSs
on the same box
Low density/scalability
Slow/complex
management – OS sprawl
problem
Low/moderate
performance
Native performance:
no overhead
Dynamic resource
allocation, best scalability
Single OS per box:
easier to manage
7. 7
Evolution of Operating Systems
Multitask
many processes
Multiuser
many users
Multiple execution environments
many virtual environments (VEs, VPSs, containers, guests,
partitions...)
8. 8
OpenVZ: components
Kernel
− Virtualization and Isolation
− Resource Management
− Checkpointing
Tools
− vzctl: Virtual Environment (VE) control utility
− vzpkg: VE software package management
Templates
− precreated VE images for fast VE creation
9. 9
Kernel: Virtualization & Isolation
Each virtual environment has its own
Files
System libraries, applications, virtualized /proc and /sys, virtualized locks etc.
Process tree
Featuring virtualized PIDs, so that the init PID is 1
Network
Virtual network device, its own IP addresses, set of netfilter and routing rules
Devices
Plus if needed, any VE can be granted access to real devices like network interfaces,
serial ports, disk partitions, etc.
IPC objects
shared memory, semaphores, messages
…
10. 10
Kernel: Resource Management
Managed resource sharing and limiting.
User Beancounters is a set of per-VE
resource counters, limits, and guarantees
(kernel memory, network buffers, phys pages, etc.)
Fair CPU scheduler (SFQ with shares and hard limits)
Two-level disk quota (first-level: per-VE quota;
second-level: ordinary user/group quota inside a VE)
Resource management is what makes OpenVZ
different from other OS virtualization solutions.
11. Kernel: Checkpointing/Migration
Complete VE state can be saved in a file
− running processes
− opened files
− network connections, buffers, backlogs, etc.
− memory segments
VE state can be restored later
VE can be restored on a different server
12. 12
Tools: VE control
# vzctl create 101 --ostemplate fedora-core-5
# vzctl set 101 --ipadd 192.168.4.45 --save
# vzctl start 101
# vzctl exec 101 ps ax
PID TTY STAT TIME COMMAND
1 ? Ss 0:00 init
11830 ? Ss 0:00 syslogd -m 0
11897 ? Ss 0:00 /usr/sbin/sshd
11943 ? Ss 0:00 xinetd -stayalive -pidfile ...
12218 ? Ss 0:00 sendmail: accepting connections
12265 ? Ss 0:00 sendmail: Queue runner@01:00:00
13362 ? Ss 0:00 /usr/sbin/httpd
13363 ? S 0:00 _ /usr/sbin/httpd
..............................................
13373 ? S 0:00 _ /usr/sbin/httpd
6416 ? Rs 0:00 ps axf
# vzctl enter 101
bash# logout
# vzctl stop 101
# vzctl destroy 101
15. 15
Users Feedback
Hello all, just downloaded and installed OpenVZ, and i must say its a big
improvement over other VPS systems that i have tested IMHO.
http://forum.openvz.org/index.php?t=msg&goto=646#msg_646
I use virtuozzo in my day job and openvz is very much the same. Just no
windows GUI which I hate using anyway! Virtuozzo and openvz are wonderful -
I don't know why more people aren't using them. I hear a lot of hype for xen and
usermode but virtuozzo/openvz is so great for many common needs. I'm very
happy to be using openvz - very good for my side projects that I can't afford real
virtuozzo for.
http://forum.openvz.org/index.php?t=msg&goto=650#msg_650
Last week when we were in limbo about what to do, it was decided to try out
XEN Virtualization. From what is written in the press the Xen system has alot of
promise, <…> but was far too complicated to get working in our configuration.
OpenVZ was the only virtual server system that was simple to install and get
working.
http://forum.openvz.org/index.php?t=msg&goto=568#msg_568
17. 17
Server Consolidation
A bunch of servers:
harder to manage
upgrade is a pain
eats up rack space
high electricity bills
A bunch of VEs:
uniform management
easily upgradeable
and scalable
fast migration
18. 18
Hosting
Web server serving
hundreds of virtual
hosts
Users see each other
processes etc
DoS attacks
Unable to
change/upgrade
hardware
Users are isolated
from each other
VE is like a real
server, just cheap
Much easier to admin
19. 19
Development & Testing
A lot of hardware
Zoo: many different
Linux distros
Frequent reinstalls
take much time
Fast provisioning
Different distros can
co-exist on one box
Cloning, snapshots,
rollbacks
VE is a sandbox –
work and play, no
fear
20. 20
Security
Several network
services are running
One of them has a
hole
Cracker gets through
Put each service into
a separate VE
OpenVZ creates walls
between applications
Added benefit:
dynamic resource
management
21. 21
Educational
No root access
Frequent reinstalls
DoS attacks
Everybody and his
dog can have a root
access
Different Linux distros
No need for a lot of
hardware
22. 22
Recent achievments
NFS and FUSE in VE
VE I/O accounting and scheduling
Checkpointing/live migration for IA64
Port to RHEL5 kernel
Port to vanilla 2.6.20
23. Mainstream kernel integration
Collaborative community effort:
− OpenVZ
− IBM (Metacluster)
− Linux-VServer
− Eric Biederman (namespaces)
− Google (Paul Menage, containers)
Current progress (as of linux-2.6.20):
− IPC namespaces/virtualization
− utsname() virtualization
− preliminary support for PID namespaces
More to come soon (networking, beancounters)
24. 24
How can you help?
Use OpenVZ
Contribute to OpenVZ, be a part of community:
− Programmer
fixes
enhancements
new functionality
− Non-programmer
bug reports
work with wiki
answer support questions
25. What about Itanium?
OpenVZ is platform-independent
− as long as Linux support it, we support it
The only arch-dependent piece is CPT
− recently added checkpointing for IA64
We support and care for Itanium for years
− production quality, first released in Mar 2003
No problems with scalability or disk IO
− lots of memory, lots of CPUs no prob
− native I/O speed
multi-server virtualization is actually not about virtualization; it&apos;s rather more about grid and clustering, so I&apos;m not going to cover that.
Low manageability: many os to manage, must login to each, mass management is equally difficult to multiple physical.
Low performance is/will be mitigated by Intel VT and AMD V, so it&apos;s not really an issue.
After all, emulation approach looks strange: why do we run OS on top of another OS? OS is designed to be run on hardware, not something virtual.
This is a natural step in evolution of the Operating Systems, and Linux is the first one.
Virtualization is really needed by everyone, and will be a part of any OS kernel.
Resource management is a very important and very complex thing.
Consider the story of CPU scheduler development:
(1) Need for CPU shares – to balance CPU power between VEs. So every VE have a guaranteed minimum share but can use up to all CPU power if available.
(1a) BUT as number of VEs per server grow, guaranteed minimum remains but power decreases, thus ppl complain, thus
(2) Need for upper CPU limit. Hard limits the max CPU power, even if it&apos;s available. It solves 1a problem, but introduces another problem – power is not used even if available. Thus
(3) Need for burstable CPU limit (not yet implemented). VE can have up to all CPU power but not always – say, limited per month or so.
I will actually show a two-minute live demo in a green-on-black terminal instead of this page.
Test used is «dynamic latency» test. Apaches were serving dynamically generated web pages (a simple CGI Perl script is run for each request).