Welcome!

Linux Containers Authors: Liz McMillan, Sematext Blog, Elizabeth White, Yeshim Deniz, Stackify Blog

RSS Feed Item

Comparing Isolation in Hardware and OS Virtualization

In our recent discussions with customers and analysts, the question of isolation has come up again. The reason is that whenever an article in the press needs a one-sentence explanation of OS virtualization it is something like ’OS virtualization provides better density and performance but cannot run different operating systems simultaneously and does not provide as much isolation between partitions as hardware virtualization technologies such as Xen or VMware.’ The two “not” statements require some clarification.

The statement about different operating systems is generally correct, but one needs to understand that Virtuozzo can run different Linux distributions – such as Red Hat, SuSE and Debian - as long as they use the same kernel.

The issue of isolation requires a more detailed explanation. There are several aspects of isolation:

·         Namespace isolation - Each partition provides a complete virtual copy of the entire system namespace – file system, registry, processes, users, IP addresses, port numbers, routing table, etc. Virtuozzo fully virtualizes all system namespaces and provides the same level of isolation as hardware virtualization.

·         Functional isolation - Each partition and the applications it hosts can be configured independently from other partitions and applications. Each Virtuozzo partition has a complete OS environment in it and provides the same level of isolation as hardware virtualization technology.

·         Fault isolation - A fault in one partition does not affect others. Here, hardware virtualization has a theoretical advantage – a fault in the OS would crash all virtual environments on a given machine, although an OS crash in one virtual machine would leave other VMs intact. In practice, though, more than 90% of OS crashes are related to hardware drivers, which always run in the host partition – the one that manages the physical hardware. So, when the driver crashes, the entire machine goes down regardless of which virtualization technology is used.

·         Performance isolation - A partition cannot monopolize resources of the entire machine and hamper performance of other partitions, yet will receive resources required for its execution. Here, Virtuozzo has an advantage over existing hardware technologies because it provides much more granular control of, and intelligent policies for, allocation of system resources.

·         Security isolation - A partition cannot breach security of other partitions, even if its own security was compromised. Each partition has an independent set of local users, including the administrative account. Because of the reasons mentioned above, Virtuozzo is at least as good as hardware virtualization.

However good these logical conclusions are, the best argument is experience. As of now, there are over 500,000 Virtuozzo virtual environments out there running on the public networks, without firewall protection, typically with about a hundred virtual environments on a single machine. In my opinion, these numbers speak for themselves.

What do you think?

Read the original blog entry...

IoT & Smart Cities Stories
Artificial intelligence, machine learning, neural networks. We're in the midst of a wave of excitement around AI such as hasn't been seen for a few decades. But those previous periods of inflated expectations led to troughs of disappointment. This time is (mostly) different. Applications of AI such as predictive analytics are already decreasing costs and improving reliability of industrial machinery. Pattern recognition can equal or exceed the ability of human experts in some domains. It's devel...
The term "digital transformation" (DX) is being used by everyone for just about any company initiative that involves technology, the web, ecommerce, software, or even customer experience. While the term has certainly turned into a buzzword with a lot of hype, the transition to a more connected, digital world is real and comes with real challenges. In his opening keynote, Four Essentials To Become DX Hero Status Now, Jonathan Hoppe, Co-Founder and CTO of Total Uptime Technologies, shared that ...
The Japan External Trade Organization (JETRO) is a non-profit organization that provides business support services to companies expanding to Japan. With the support of JETRO's dedicated staff, clients can incorporate their business; receive visa, immigration, and HR support; find dedicated office space; identify local government subsidies; get tailored market studies; and more.
After years of investments and acquisitions, CloudBlue was created with the goal of building the world's only hyperscale digital platform with an increasingly infinite ecosystem and proven go-to-market services. The result? An unmatched platform that helps customers streamline cloud operations, save time and money, and revolutionize their businesses overnight. Today, the platform operates in more than 45 countries and powers more than 200 of the world's largest cloud marketplaces, managing mo...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
When Enterprises started adopting Hadoop-based Big Data environments over the last ten years, they were mainly on-premise deployments. Organizations would spin up and manage large Hadoop clusters, where they would funnel exabytes or petabytes of unstructured data.However, over the last few years the economics of maintaining this enormous infrastructure compared with the elastic scalability of viable cloud options has changed this equation. The growth of cloud storage, cloud-managed big data e...
Your applications have evolved, your computing needs are changing, and your servers have become more and more dense. But your data center hasn't changed so you can't get the benefits of cheaper, better, smaller, faster... until now. Colovore is Silicon Valley's premier provider of high-density colocation solutions that are a perfect fit for companies operating modern, high-performance hardware. No other Bay Area colo provider can match our density, operating efficiency, and ease of scalability.
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
As you know, enterprise IT conversation over the past year have often centered upon the open-source Kubernetes container orchestration system. In fact, Kubernetes has emerged as the key technology -- and even primary platform -- of cloud migrations for a wide variety of organizations. Kubernetes is critical to forward-looking enterprises that continue to push their IT infrastructures toward maximum functionality, scalability, and flexibility. As they do so, IT professionals are also embr...
ScaleMP is the leader in virtualization for in-memory high-end computing, providing higher performance and lower total cost of ownership as compared with traditional shared-memory systems. The company's innovative Versatile SMP (vSMP) architecture aggregates multiple x86 systems into a single virtual x86 system, delivering an industry-standard, high-end shared-memory computer. Using software to replace custom hardware and components, ScaleMP offers a new, revolutionary computing paradigm. vSMP F...