1 |
"J. Roeleveld" <joost@××××××××.org> writes: |
2 |
|
3 |
> On Thursday, April 23, 2015 11:03:53 PM lee wrote: |
4 |
>> "J. Roeleveld" <joost@××××××××.org> writes: |
5 |
>> >> |
6 |
>> > I disagree. Been using Xen for over 10 years now and find it very easy to |
7 |
>> > use. The documentation could be better on the Xen site itself, but there |
8 |
>> > is plenty of decent documentation available via Google. |
9 |
>> Then we just disagree about this. |
10 |
> |
11 |
> Do you have anything that you find insufficiently documented or is too difficult? |
12 |
|
13 |
sure, lots |
14 |
|
15 |
>> >>Virtualization with containers is basically as simple as running just |
16 |
>> >>another daemon. |
17 |
>> >> |
18 |
>> > Not quite. I use virtualization to minimizer the physical hardware. Xen is |
19 |
>> > easy for that. Containers are what chroot jails should have been. But |
20 |
>> > there is no simple method to set these up when security isolation is your |
21 |
>> > goal. |
22 |
>> Containers or chroots? |
23 |
> |
24 |
> Containers. |
25 |
> Chroots don't have much when it comes to isolation. |
26 |
|
27 |
What exactly are the issues with containers? Ppl seem to work on them |
28 |
and to manage to make them more secure over time. |
29 |
|
30 |
>> >>Which the "better" tool, or combination of tools is, depends on what |
31 |
>> >>you |
32 |
>> >>want to accomplish. You could use containers in a VM, too, or use |
33 |
>> >>virtualbox along with containers to run the odd VMs that require full |
34 |
>> >>virtualzation. |
35 |
>> >> |
36 |
>> > Virtualbox is nice for a quick test. I wouldn't use it for production. |
37 |
>> |
38 |
>> Why not? |
39 |
> |
40 |
> Several reasons: |
41 |
> |
42 |
> 1) I wouldn't trust a desktop application for a server |
43 |
|
44 |
So that's a gut feeling? |
45 |
|
46 |
> 2) The overhead from Virtualbox is quite high (still better then VMWare's |
47 |
> desktop versions though) |
48 |
|
49 |
Overhead in which way? I haven't done much with virtualbox yet and |
50 |
merely found it rather easy to use, very useful and to just work fine. |
51 |
|
52 |
Compared to containers, the overhead xen requires is enormous, and it |
53 |
doesn't give you a stable system to run VMs on because dom0 is already |
54 |
virtualized itself. I don't know how that compares to virtualbox --- I |
55 |
didn't have time to look into it and it just worked, allowing me to run |
56 |
a VM on the fly on the same machine I'm working on without any ado. |
57 |
|
58 |
That VM was simply a copy of a VM taken from a vmware server, and the |
59 |
copy could be used without any conversion or anything. You can't do |
60 |
that with xen because you'll be having lots of trouble to convert the |
61 |
VM, to convert the machine you're working on to xen and to get it to |
62 |
work, to work around all the problems xen brings about ... Some days |
63 |
later you might finally have it working --- which is out of the question |
64 |
because the VM is needed right away. And virtualbox does just that. |
65 |
|
66 |
I was really surprised that virtualbox worked that well. Maybe xen will |
67 |
get there some time. |
68 |
|
69 |
|
70 |
-- |
71 |
Again we must be afraid of speaking of daemons for fear that daemons |
72 |
might swallow us. Finally, this fear has become reasonable. |