Re: Which virtualization is the best for Debian?
ahh idiot. Here is the link
http://marc.info/?l=openbsd-misc&w=2&r=1&s=obsd+as+domU&q=b
On 14/01/2010 13:30, Michal wrote:
> *Sorry for the top post but this has only to do with the subject*
>
> I think you should read these posts started with "obsd as domU". Someone
> started talking about using OpenBSD with virtulisation and some people
> had some interesting answers. I don't agree with everything said here, I
> use VMware ESXi servers very well and backup/restore is a breeze,
> especially with a change or upgrade you are nervous about (take a
> snapshot, do it, if it breaks revert to snapshot. Can be up and running
> again in a few minutes) but some people had some very good points.
>
> Take what you wish from these posts, but the OpenBSD devs are very good
> and make some good points even if I don't agree with all of them
>
>
> On 14/01/2010 12:44, Steve Kemp wrote:
>> On Thu Jan 14, 2010 at 19:32:16 +0700, Sthu Deus wrote:
>>
>>> I want to separate diver services and make NAT to them - so that
>>> it be more secure in case if one of them will be hacked - I still
>>
>> Right so you want a host which has a public IP (or more than one)
>> and each guest will have private IPs on seperate ranges, such that
>> they cannot talk to each other?
>>
>> That sounds like a good setup.
>>
>> If you're going to assume that a machine will be hacked, and then
>> assume a kernel bug will come into play on one of the guests that
>> strongly suggests you want to ensure that they aren't sharing a
>> single kernel - ie. Don't choose vserver.
>>
>>> I know that KVM offers much less respond comparing w/
>>> vserver. How about Xen? Can I turn the guests on/off on the fly?
>>
>> Both Xen and KVM will let you start/stop guests independently of
>> each other.
>>
>> KVM works as a process, so you just stop it.
>>
>> Xen has a lot of magic behind the scenes, but ultimately you can
>> do things like list the running guests with "xm list", start one
>> that is stopped with "xm create blah.cfg" and stop a running one
>> with "xm shutdown blah".
>>
>>> I want them to use for email, web, and do not know if proxy
>>> is any worth of to put in separate guest? - Nothing special.
>>
>> Probably not worth the overhead I'd have thought; historically the
>> common squid proxy has had a good security record.
>>
>>> Ok, what is the best here (relating for my tasks)? - If any
>>> had experience w/ several of them?
>>
>> Best is still going to be a personal preference. I'd choose KVM,
>> then Xen, then vmware then vserver.
>>
>>> Why nobody says about packaging problem in Debian, net
>>> interfaces at guests turning off?!
>>
>> If you use something like Xen/vmware/kvm you'd not concern yourself
>> with the interfaces. Instead you'd shutdown a guest if you wanted it
>> to be unreachable and disabled.
>>
>> Leaving it running but dropping the traffic would work, but it would
>> be an odd thing to do. (e.g. it would still run cronjobs and try to
>> send email, etc.)
>>
>>> I guess that KVM takes a lot of overload comparing w/ vserver -
>>> for for example spam filtering, virus scanning.
>>
>> It will take overhead, yes. But not a lot.
>>
>> Certainly a virtual KVM guest can handle spam filtering just fine,
>> assuming your setup is sane. (ie. Make lightweight tests before the
>> heavier ones.)
>>
>> Steve
>> --
>> Debian GNU/Linux System Administration
>> http://www.debian-administration.org/
>>
>>
>
>
Reply to: