Re: Which virtualization is the best for Debian?
*Sorry for the top post but this has only to do with the subject*
I think you should read these posts started with "obsd as domU". Someone
started talking about using OpenBSD with virtulisation and some people
had some interesting answers. I don't agree with everything said here, I
use VMware ESXi servers very well and backup/restore is a breeze,
especially with a change or upgrade you are nervous about (take a
snapshot, do it, if it breaks revert to snapshot. Can be up and running
again in a few minutes) but some people had some very good points.
Take what you wish from these posts, but the OpenBSD devs are very good
and make some good points even if I don't agree with all of them
On 14/01/2010 12:44, Steve Kemp wrote:
> On Thu Jan 14, 2010 at 19:32:16 +0700, Sthu Deus wrote:
>
>> I want to separate diver services and make NAT to them - so that
>> it be more secure in case if one of them will be hacked - I still
>
> Right so you want a host which has a public IP (or more than one)
> and each guest will have private IPs on seperate ranges, such that
> they cannot talk to each other?
>
> That sounds like a good setup.
>
> If you're going to assume that a machine will be hacked, and then
> assume a kernel bug will come into play on one of the guests that
> strongly suggests you want to ensure that they aren't sharing a
> single kernel - ie. Don't choose vserver.
>
>> I know that KVM offers much less respond comparing w/
>> vserver. How about Xen? Can I turn the guests on/off on the fly?
>
> Both Xen and KVM will let you start/stop guests independently of
> each other.
>
> KVM works as a process, so you just stop it.
>
> Xen has a lot of magic behind the scenes, but ultimately you can
> do things like list the running guests with "xm list", start one
> that is stopped with "xm create blah.cfg" and stop a running one
> with "xm shutdown blah".
>
>> I want them to use for email, web, and do not know if proxy
>> is any worth of to put in separate guest? - Nothing special.
>
> Probably not worth the overhead I'd have thought; historically the
> common squid proxy has had a good security record.
>
>> Ok, what is the best here (relating for my tasks)? - If any
>> had experience w/ several of them?
>
> Best is still going to be a personal preference. I'd choose KVM,
> then Xen, then vmware then vserver.
>
>> Why nobody says about packaging problem in Debian, net
>> interfaces at guests turning off?!
>
> If you use something like Xen/vmware/kvm you'd not concern yourself
> with the interfaces. Instead you'd shutdown a guest if you wanted it
> to be unreachable and disabled.
>
> Leaving it running but dropping the traffic would work, but it would
> be an odd thing to do. (e.g. it would still run cronjobs and try to
> send email, etc.)
>
>> I guess that KVM takes a lot of overload comparing w/ vserver -
>> for for example spam filtering, virus scanning.
>
> It will take overhead, yes. But not a lot.
>
> Certainly a virtual KVM guest can handle spam filtering just fine,
> assuming your setup is sane. (ie. Make lightweight tests before the
> heavier ones.)
>
> Steve
> --
> Debian GNU/Linux System Administration
> http://www.debian-administration.org/
>
>
Reply to: