Panix is offering Xen-based virtual servers. I mention same here
only because I've seen almost no discussion of virtualized servers,
and hope to learn from the surely-resulting flameware....
Once upon a time, David Lesher <wb8foz@nrk.com> said:
Panix is offering Xen-based virtual servers. I mention same here
only because I've seen almost no discussion of virtualized servers,
and hope to learn from the surely-resulting flameware....
unixshell.com claims more service (RAM, disk, monthly transfer) for less
per month:
a message of 17 lines which said:
unixshell.com claims more service (RAM, disk, monthly transfer) for less
per month:
Apparently, it is no based on Xen which you may find a good or a bad
thing, depending on your requirments. (For instance, Unixshell's offer
is limited to Linux, while Panix allows NetBSD.)
Virtualization solutions are very different and comparing RAM and disk
is not sufficient.
According to Unixshell's website, it is, in fact, Xen. Their
technology link goes to:
http://www.unixshell.com/xen.html
Of which the first line is "unixshell# is powered by the Xen
hypervisor engine. "
Once upon a time, Stephane Bortzmeyer <bortzmeyer@nic.fr> said:
a message of 17 lines which said:
> unixshell.com claims more service (RAM, disk, monthly transfer) for less
> per month:
>
> http://www.unixshell.com/Apparently, it is no based on Xen which you may find a good or a bad
thing, depending on your requirments. (For instance, Unixshell's offer
is limited to Linux, while Panix allows NetBSD.)
Both unixshell and Panix are using Xen. Both have a limited set of OSes
they offer. It looks like Panix includes some support, while unixshell
charges extra for support.
Virtualization solutions are very different and comparing RAM and disk
is not sufficient.
No, but for companies offering similar services (e.g. Fedora on Xen if
that is what you are looking for), that's a significant thing to note.
Xen and similar solutions are gaining popularity because they work on a
similar model as that used for ADSL: most users don't use all the resources
all the time. By virtualizing, the provider can offer "dedicated
colocation" at a somewhat lower cost to the user, and a *much* lower cost to
the provider. If properly provisioned, by distributing more heavily loaded
virtual machines appropriately, you can probably attain virtualization of
20-30 or more per 2-way or 2-dual-core SMP box and still have CPU left over.
Note that Xen in particular has major advantages over some similar products
because it eliminates CPU-consuming system trap hackery needed to emulate
hardware devices and page-table mappings. Xen is not, however, backed with
extensive commercial support (XenSource is still evolving at the moment),
lacks easy integration into popular UI/control-panel products, and requires
special kernels for the contained OS's (not such a big deal in practice).
The current problems haven't stopped some early adopters from trying out
Xen. By and large, those who were once using UML[*] and have now tried Xen
have switched and not looked back.
[*] User Mode Linux, which I went out of my way to heckle (with technically
sound arguments, mind you) at an IETF when it was proposed as a method
of virtualization. The sad part is, some folks bought the drivel and
actually set up businesses using UML as a virtualization layer.
Once upon a time, Todd Vierling <tv@duh.org> said:
Xen is not, however, backed with
extensive commercial support (XenSource is still evolving at the moment),
Red Hat has announced that the next rev of their commercial OS offering,
RHEL 5, will include Xen as a major component.
lacks easy integration into popular UI/control-panel products, and requires
special kernels for the contained OS's (not such a big deal in practice).
With the right CPUs (late model Intel only at the moment), you can run
an OS unmodified with a little higher overhead. This means you can run
Windows on the same box as Linux on the same box as *BSD, all at the
same time. Later this year, AMD's CPUs will add a similar (but
different) extension.
> Xen is not, however, backed with
> extensive commercial support (XenSource is still evolving at the moment),Red Hat has announced that the next rev of their commercial OS offering,
RHEL 5, will include Xen as a major component.
The point is that decent commercial support is evolving and not quite Here
Right Now.
> lacks easy integration into popular UI/control-panel products, and requires
> special kernels for the contained OS's (not such a big deal in practice).With the right CPUs (late model Intel only at the moment), you can run
an OS unmodified with a little higher overhead.
It's still some overhead because it's emulating hardware devices, but thanks
to VX, it's not as bad as the classical virtualization trap hacks. Once AMD
releases their counterpart version of the virtualization extensions en
masse, this will probably get more steam from providers.
If a Xen-instrumented kernel is available for the desired OS, that would
still be preferable, of course.
Hi,
Speaking of commercial support, I have been looking really closely at using Solaris 10 which includes Zones.
I am not so much concerned about the OS games, but very much concerned about the HW % utilization issue that this could help solve. From what I have found with Solaris Zones it is VERY easy to setup and configure. The question that I got flamed on a while back for being off topic, how do you get two different DHCP addresses from difference sources on the same interface, can be solved by using Zones for example.
But there has been so much press lately about Xen. And from what I read in Linux mag recently there is HW support that totally changes how efficient Xen can be. So one thing I am wondering, with Zones you can setup a new instance that is a copy of another pretty much instantly. Does Xen offer the same thing? Or do you still have to go through an install process for example? I am esp wondering about this with something like XP..
Thanks,
Eric
Date: Mon, 3 Apr 2006 09:25:40 -0400 (Eastern Daylight Time)
From: Todd Vierling
Note that Xen in particular has major advantages over some similar products
because it eliminates CPU-consuming system trap hackery needed to emulate
hardware devices and page-table mappings. Xen is not, however, backed with
extensive commercial support (XenSource is still evolving at the moment),
For those not following Xen closely, Google with quotes for
"xensource gets new ceo, direction"
This should be interesting. Hardly MS/Novell/IBM, but that's not all
inherently bad...
Eddy
Speaking of commercial support, I have been looking really closely at using
Solaris 10 which includes Zones.
...
But there has been so much press lately about Xen. And from what I read in
Linux mag recently there is HW support that totally changes how efficient
Xen can be.
Solaris shops are going to find Zones useful. Linux shops are going to find
Xen useful. However, I severely doubt that Zones are going to attract any Linux
shops, or that Xen will be enough to make Solaris shops convert.
And the shops that are so totally Java/PHP/Perl/whatever that it doesn't matter
if they're on Solaris or Linux will end up choosing whatever hosting solution
costs them the least per month...
Xen's bigges strength really is in the colocation business. With VX-enabled
machines, it is capable of running instrumented OS's (Linux, Free/NetBSD) at
almost native speeds, and non-instrumented OS's (Windows, Solaris) with a
couple-% hit. It's that flexibility that leads to colo as the market where
Xen shines.
If it really were an OS-specific issue, then "Linux shops" might as well use
UML. (<cough> <shudder>)
Xen's bigges strength really is in the colocation business. With
VX-enabled
machines, it is capable of running instrumented OS's (Linux,
Free/NetBSD) at
almost native speeds, and non-instrumented OS's (Windows, Solaris) with
a
couple-% hit. It's that flexibility that leads to colo as the market
where
Xen shines.
People seem to be thinking that Xen is only for sharing
a colo machine with somebody else. But it could just as
well be used for one organization to isolate each major
application to a single virtual server, i.e. email server,
general web server, wiki server, hot web app server,
Asterisk server, etc. This way, when one of the applications
justifies its own server, migration is somewhat simpler
because it is not entangled with other applications.
-- Michael Dillon
> Xen's bigges strength really is in the colocation business. With
VX-enabled
> machines, it is capable of running instrumented OS's (Linux,
Free/NetBSD) at
> almost native speeds, and non-instrumented OS's (Windows, Solaris) with
a
> couple-% hit. It's that flexibility that leads to colo as the market
where
> Xen shines.People seem to be thinking that Xen is only for sharing
a colo machine with somebody else. But it could just as
well be used for one organization to isolate each major
application to a single virtual server, i.e. email server,
general web server, wiki server, hot web app server,
Asterisk server, etc. This way, when one of the applications
justifies its own server, migration is somewhat simpler
because it is not entangled with other applications.
Now that is what I have in mind. For me this is esp important where I have something nasty like a guy hosting a bunch of forums that are always not getting updated and getting defaced or worse. Until now I have had a dirty machine for stuff I know could lead to problems like that. But that brings up another question, how far isolated are different instances from each other really?
This is now straying really OT. I answered some of this offlist, but
generally, the best place for technical background on Xen is its home:
Todd Vierling wrote:
This is now straying really OT. I answered some of this offlist, but
generally, the best place for technical background on Xen is its home:
This forum is about operating.
I guess if some bad operators separated their poorly managed systems with
things like Xen, then Gadies drone armies would drown.
Suppose you have the users 'root', 'morone' and 'monkey'.
Guess who root is?
monkey is running an old and buggy forum software - gets hacked everyday ...
morone is running an ftp-server with anonymous access.
Neither morone nor monkey can bring the system down because neither of
them has root access. Both are chrooted as seen from 'root'
If morone gets hacked then his ftp-server is gone but the hackers cannot
deface monkeys html-site.
If the hackers get monkey they dont have a clue about morone's ftp-servers.
The guys are splendidly isolated and root has an undesturbed sleep.
Best is: You dont run anything that is not needed. If you run only a
single application, your system is not worth the time it takes to hack it 
Cheers
Peter and Karin Dambier
Xen itself: no. But LVM is a wonderful thing.
- Matt
Fairly well -- a lot better than (eg) vservers, and almost certainly better
than UMLs. To get into the host, you'd need to subvert one of the backend
drivers via the guest in such a way that you got the ability to run some
sort of subversive command in the host. The possibility of a DoS (crash) is
much higher than a take-over compromise, but even then it's not something
I'd be inclined to worry about deeply.
- Matt
For the benefit of people reading the archives in search of clue: There's
a smiley on that, because Peter knows full well that the single biggest
security problem on the Internet is boxes that are running one application,
or end-user boxes, that aren't run in a secure manner because there's nothing
of interest on the box.
If the box has an IP address, and an Internet connection, it's *always* of
interest, if only as a zombie or a steppingstone box to launder a connection.
> Best is: You dont run anything that is not needed. If you run only a
> single application, your system is not worth the time it takes to hack itFor the benefit of people reading the archives in search of clue: There's
a smiley on that, because Peter knows full well that the single biggest
security problem on the Internet is boxes that are running one application,
or end-user boxes, that aren't run in a secure manner because there's nothing
of interest on the box.
though one application means a very simple host, firewall, audit:
1) its running smtp
2) its filtered to permit any -> tcp/25 tcp/25 -> any
3) its log auditor (offline on the log host of course) flags anything NOT
smtp
presume that smtpd is, of course, hardened and patched and looked-after
properly... Sean is right, anything with an ip address is a target,
perhaps not a focused target, but a target none-the-less.
If it's on the internet take proper precautions.
If the box has an IP address, and an Internet connection, it's *always* of
interest, if only as a zombie or a steppingstone box to launder a connection.
oh zombies... where would we be without thee?