[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Which virtualization is the best for Debian?

ahh idiot. Here is the link

http://marc.info/?l=openbsd-misc&w=2&r=1&s=obsd+as+domU&q=b

On 14/01/2010 13:30, Michal wrote:
> *Sorry for the top post but this has only to do with the subject*
> 
> I think you should read these posts started with "obsd as domU". Someone
> started talking about using OpenBSD with virtulisation and some people
> had some interesting answers. I don't agree with everything said here, I
> use VMware ESXi servers very well and backup/restore is a breeze,
> especially with a change or upgrade you are nervous about (take a
> snapshot, do it, if it breaks revert to snapshot. Can be up and running
> again in a few minutes) but some people had some very good points.
> 
> Take what you wish from these posts, but the OpenBSD devs are very good
> and make some good points even if I don't agree with all of them
> 
> 
> On 14/01/2010 12:44, Steve Kemp wrote:
>> On Thu Jan 14, 2010 at 19:32:16 +0700, Sthu Deus wrote:
>>
>>> I want to separate diver services and make NAT to them - so that
>>> it be more secure in case if one of them will be hacked - I still
>>
>>   Right so you want a host which has a public IP (or more than one)
>>  and each guest will have private IPs on seperate ranges, such that
>>  they cannot talk to each other?
>>
>>   That sounds like a good setup.
>>
>>   If you're going to assume that a machine will be hacked, and then
>>  assume a kernel bug will come into play on one of the guests that
>>  strongly suggests you want to ensure that they aren't sharing a
>>  single kernel - ie. Don't choose vserver.
>>
>>> I know that KVM offers much less respond comparing w/
>>> vserver. How about Xen? Can I turn the guests on/off on the fly?
>>
>>   Both Xen and KVM will let you start/stop guests independently of
>>  each other.
>>
>>   KVM works as a process, so you just stop it.
>>
>>   Xen has a lot of magic behind the scenes, but ultimately you can
>>  do things like list the running guests with "xm list", start one
>>  that is stopped with "xm create blah.cfg" and stop a running one
>>  with "xm shutdown blah".
>>
>>> I want them to use for email, web, and do not know if proxy
>>> is any worth of to put in separate guest? - Nothing special.
>>
>>   Probably not worth the overhead I'd have thought; historically the
>>  common squid proxy has had a good security record.
>>
>>> Ok, what is the best here (relating for my tasks)? - If any
>>> had experience w/ several of them?
>>
>>   Best is still going to be a personal preference.  I'd choose KVM,
>>  then Xen, then vmware then vserver.
>>
>>> Why nobody says about packaging problem in Debian, net
>>> interfaces at guests turning off?!
>>
>>   If you use something like Xen/vmware/kvm you'd not concern yourself
>>  with the interfaces.  Instead you'd shutdown a guest if you wanted it
>>  to be unreachable and disabled.
>>
>>   Leaving it running but dropping the traffic would work, but it would
>>  be an odd thing to do.  (e.g. it would still run cronjobs and try to
>>  send email, etc.)
>>
>>> I guess that KVM takes a lot of overload comparing w/ vserver -
>>> for for example spam filtering, virus scanning.
>>
>>   It will take overhead, yes.  But not a lot.
>>
>>   Certainly a virtual KVM guest can handle spam filtering just fine,
>>  assuming your setup is sane.  (ie. Make lightweight tests before the
>>  heavier ones.)
>>
>> Steve
>> --
>> Debian GNU/Linux System Administration
>> http://www.debian-administration.org/
>>
>>
> 
>
Reply to: