FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 07-03-2010, 03:52 AM
Emmanuel Noobadmin
 
Default ESXi, KVM or Xen?

Which of these would be the recommended virtualization platform for
mainly CentOS guest on CentOS host for running a virtualized mail
server? From what I've read, objectively it seems that VMWare's still
the way to go although I would had like to go with Xen or KVM just as
a matter of subjective preference.


VMWare's offering seems to have the best support and tools, plus
likely the most matured of the options. Also given their market
dominance, unlikely to just up and die in the near future.

Xen would had been a possible option except Redhat appears to be
focusing on KVM as their virtualization platform of choice to compete
with VMWare and Citrix. So maybe Xen support will be killed shortly.
Plus the modified xen kernel apparently causes conflict with certain
software, at least based on previous incidents where I'd been advised
not to use the CentOS xen kernel if not using xen virtualization.


KVM would be ideal since it's opensource and would be supported in
CentOS as far as can be reasonably foreseen. However, looking at
available resources, it seems to have these key disadvantages

1. Poorer performance under load.
http://wiki.xensource.com/xenwiki/Open_Topics_For_Discussion?action=AttachFile&do=ge t&target=Quantitative+Comparison+of+Xen+and+KVM.pd f
This 2008 XenSummit paper indicates that it dies on heavy network load
as well as when there are more than a few VM doing heavy processing at
the same time. But that's two years ago and they weren't using
paravirtual drivers it seems.

http://vmstudy.blogspot.com/2010/04/network-performance-test-xenkvm-vt-d.html
This blog testing out Xen/KVM pretty recently. While the loads are
not as drastic and neither the difference, it still shows that KVM
does lag behind by about 10%.

This is a concern since I plan to put storage on the network and the
most heavy load the client has is basically the email server due to
the volume plus inline antivirus and anti-spam scanning to be done on
those emails. Admittedly, they won't be seeing as much emails as say a
webhost but most of their emails come with relatively large
attachments.


2. Security
Some sites point out that KVM VM runs in userspace as threads. So a
compromised guest OS would then give intruder access to the system as
well as other VMs.

Should I really be concerned or are these worries only for extreme
situations and that KVM is viable for normal production situations?
Are there other things I should be aware of?
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-03-2010, 06:40 AM
 
Default ESXi, KVM or Xen?

On 03/Jul/2010 06:52 Emmanuel Noobadmin <centos.admin@gmail.com> wrote ..
> Which of these would be the recommended virtualization platform for
> mainly CentOS guest on CentOS host for running a virtualized mail
> server? From what I've read, objectively it seems that VMWare's still
> the way to go although I would had like to go with Xen or KVM just as
> a matter of subjective preference.

My subjective preference is similar. By now I'm running a dozen Centos
servers virtualized (xen), all I can say is "Centos5 + Xen = love" :-)
The darn thing runs out of the box very well; it's stable, it's fast,
tools and big community expertise available.

>
>
> VMWare's offering seems to have the best support and tools, plus
> likely the most matured of the options. Also given their market
> dominance, unlikely to just up and die in the near future.

Unlikely to die yes, possibly to just stop offering shit for free, yes
also. Unless you're a big enterprise looking for some serious corporate
backing, I wouldn't look at vmware, but that's just how I feel.

>
> Xen would had been a possible option except Redhat appears to be
> focusing on KVM as their virtualization platform of choice to compete
> with VMWare and Citrix. So maybe Xen support will be killed shortly.

Xen will be fully supported in Centos5 so you have until 2014 (if I'm
not mistaken) to change boat. I'm not sure about EL6, but I'm sure it
will have at least domU full support. And even so, I'm sure there will
be ways around it (centosplus, elrepo etc).

> Plus the modified xen kernel apparently causes conflict with certain
> software, at least based on previous incidents where I'd been advised
> not to use the CentOS xen kernel if not using xen virtualization.

Never had a problem, the only issue I encountered is NVidia proprietary
graphics driver doesn't like it, but there is a way around that as well
and anyway, you won't need that driver on a server.

>
>
> KVM would be ideal since it's opensource and would be supported in
> CentOS as far as can be reasonably foreseen. However, looking at
> available resources, it seems to have these key disadvantages
>
> 1. Poorer performance under load.
>
http://wiki.xensource.com/xenwiki/Open_Topics_For_Discussion?action=AttachFile&do=ge t&target=Quantitative+Comparison+of+Xen+and+KVM.pd f
> This 2008 XenSummit paper indicates that it dies on heavy network load
> as well as when there are more than a few VM doing heavy processing at
> the same time. But that's two years ago and they weren't using
> paravirtual drivers it seems.

Yes, indeed.

>
>
http://vmstudy.blogspot.com/2010/04/network-performance-test-xenkvm-vt-d.html
> This blog testing out Xen/KVM pretty recently. While the loads are
> not as drastic and neither the difference, it still shows that KVM
> does lag behind by about 10%.

The gap is only temporary, I'm sure. KVM is a very active project, and
for the moment at least what you lose in performance you gain in
flexibility; kvm machines being linux proceses, so from there sky's the
limit. You don't get this with any other virtualization platform out
there (talking about the big guys, not the like of "lguest" etc).

>
> This is a concern since I plan to put storage on the network and the
> most heavy load the client has is basically the email server due to
> the volume plus inline antivirus and anti-spam scanning to be done on
> those emails. Admittedly, they won't be seeing as much emails as say a
> webhost but most of their emails come with relatively large
> attachments.

The base rule performance wise with any virtualization solution is to
have fast disks. Raid10 is quite sweet unless you're looking at big
networked storage solutions.
The best thing to do is install and test all 3 of them and see which
works best on whatever hardware you possess.

>
>
> 2. Security
> Some sites point out that KVM VM runs in userspace as threads. So a
> compromised guest OS would then give intruder access to the system as
> well as other VMs.

Not necesarilly, I'm planning to switch my domUs to KVM at some point in
the near future and I'm not going to run them as root; they're only
processes after all. Even if they break the VM and get "out" they will
still be restricted.
That scenario though is quite a fantastic one, imho. I'm no kernel
hacker but it sounds extremely unlikely to happen.

>
> Should I really be concerned or are these worries only for extreme
> situations and that KVM is viable for normal production situations?
> Are there other things I should be aware of?

I wouldn't be concerned, really.
HTH

> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos



--
Nux!
www.nux.ro

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-03-2010, 11:18 AM
Stephen Harris
 
Default ESXi, KVM or Xen?

On Sat, Jul 03, 2010 at 11:52:41AM +0800, Emmanuel Noobadmin wrote:
> Which of these would be the recommended virtualization platform for
> mainly CentOS guest on CentOS host for running a virtualized mail
> server? From what I've read, objectively it seems that VMWare's still
> the way to go although I would had like to go with Xen or KVM just as
> a matter of subjective preference.

Also worth looking at Citrix XenServer.

My essay on this from a few months ago:
http://sweh.spuddy.org/Essays/Virtualization_options.html

> VMWare's offering seems to have the best support and tools, plus

Note that ESXi uses an embedded control node and is very limited in
hardware support.

> Xen would had been a possible option except Redhat appears to be

I found the Xen in CentOS 5.4 to be unstable for Windows guests; it
was fine for CentOS guests.

> KVM would be ideal since it's opensource and would be supported in

It seemed to work adequately, but the toolset isn't quite as user
friendly (eg need to manually create bridges).


--

rgds
Stephen
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-03-2010, 12:01 PM
David McGuffey
 
Default ESXi, KVM or Xen?

On Sat, 2010-07-03 at 11:52 +0800, Emmanuel Noobadmin wrote:
> 2. Security
> Some sites point out that KVM VM runs in userspace as threads. So a
> compromised guest OS would then give intruder access to the system as
> well as other VMs.
>
> Should I really be concerned or are these worries only for extreme
> situations and that KVM is viable for normal production situations?
> Are there other things I should be aware of?
>
As I understand it each VM under kvm has a different SELinux context.
Breaking into one VM doesn't give you the context to manipulate another.
One would have to go back out through the network to attack the next
VM...and if you have decent logging and IDS the noise should be
seen/detected.

I went with kvm specifically because it is integrated into SELinux.

Dave M


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-03-2010, 03:04 PM
Samuel Paragreen
 
Default ESXi, KVM or Xen?

Hi,

I'm running CentOS 5.5 under Xen, it works excellent, no problems.

--

Regards,
Samuel Paragreen.

On 7/3/10, David McGuffey <davidmcguffey@verizon.net> wrote:
>
> On Sat, 2010-07-03 at 11:52 +0800, Emmanuel Noobadmin wrote:
>> 2. Security
>> Some sites point out that KVM VM runs in userspace as threads. So a
>> compromised guest OS would then give intruder access to the system as
>> well as other VMs.
>>
>> Should I really be concerned or are these worries only for extreme
>> situations and that KVM is viable for normal production situations?
>> Are there other things I should be aware of?
>>
> As I understand it each VM under kvm has a different SELinux context.
> Breaking into one VM doesn't give you the context to manipulate another.
> One would have to go back out through the network to attack the next
> VM...and if you have decent logging and IDS the noise should be
> seen/detected.
>
> I went with kvm specifically because it is integrated into SELinux.
>
> Dave M
>
>
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


--
--

Regards,
Samuel Paragreen.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-03-2010, 04:15 PM
Emmanuel Noobadmin
 
Default ESXi, KVM or Xen?

On 7/3/10, David McGuffey <davidmcguffey@verizon.net> wrote:
> As I understand it each VM under kvm has a different SELinux context.
> Breaking into one VM doesn't give you the context to manipulate another.
> One would have to go back out through the network to attack the next
> VM...and if you have decent logging and IDS the noise should be
> seen/detected.
>
> I went with kvm specifically because it is integrated into SELinux.

In theory that sounds great and would had covered the security concern
part. But my own experience with SELinux had basically been well less
than positive.

When I first knew about it 2 years ago on my first install of CentOS,
it just made things really difficult and even when it worked,
setroubleshootd ends up sucking up memory and lags the system, making
it extremely difficult to even view the SE event log to try to figure
out what happened.

Maybe it's just my noobness then, so I'll give it another try with
leaving SELinux enforcing instead of permissive.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-03-2010, 04:35 PM
"Keith Beeby"
 
Default ESXi, KVM or Xen?

Hi,

We went for Esxi, with Vmware essentials, cost about 300 for 3 hosts managed via vcenter, so far so good most vm's are CentOS 5.x

Running NFS shared storage on RHEL

Regards

Keith

On 3 Jul 2010, at 04:52, Emmanuel Noobadmin <centos.admin@gmail.com> wrote:

> Which of these would be the recommended virtualization platform for
> mainly CentOS guest on CentOS host for running a virtualized mail
> server? From what I've read, objectively it seems that VMWare's still
> the way to go although I would had like to go with Xen or KVM just as
> a matter of subjective preference.
>
>
> VMWare's offering seems to have the best support and tools, plus
> likely the most matured of the options. Also given their market
> dominance, unlikely to just up and die in the near future.
>
> Xen would had been a possible option except Redhat appears to be
> focusing on KVM as their virtualization platform of choice to compete
> with VMWare and Citrix. So maybe Xen support will be killed shortly.
> Plus the modified xen kernel apparently causes conflict with certain
> software, at least based on previous incidents where I'd been advised
> not to use the CentOS xen kernel if not using xen virtualization.
>
>
> KVM would be ideal since it's opensource and would be supported in
> CentOS as far as can be reasonably foreseen. However, looking at
> available resources, it seems to have these key disadvantages
>
> 1. Poorer performance under load.
> http://wiki.xensource.com/xenwiki/Open_Topics_For_Discussion?action=AttachFile&do=ge t&target=Quantitative+Comparison+of+Xen+and+KVM.pd f
> This 2008 XenSummit paper indicates that it dies on heavy network load
> as well as when there are more than a few VM doing heavy processing at
> the same time. But that's two years ago and they weren't using
> paravirtual drivers it seems.
>
> http://vmstudy.blogspot.com/2010/04/network-performance-test-xenkvm-vt-d.html
> This blog testing out Xen/KVM pretty recently. While the loads are
> not as drastic and neither the difference, it still shows that KVM
> does lag behind by about 10%.
>
> This is a concern since I plan to put storage on the network and the
> most heavy load the client has is basically the email server due to
> the volume plus inline antivirus and anti-spam scanning to be done on
> those emails. Admittedly, they won't be seeing as much emails as say a
> webhost but most of their emails come with relatively large
> attachments.

>
>
> 2. Security
> Some sites point out that KVM VM runs in userspace as threads. So a
> compromised guest OS would then give intruder access to the system as
> well as other VMs.
>
> Should I really be concerned or are these worries only for extreme
> situations and that KVM is viable for normal production situations?
> Are there other things I should be aware of?
> _______________________________________________
> CentOS mailing list

> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-03-2010, 06:18 PM
Les Mikesell
 
Default ESXi, KVM or Xen?

nux@li.nux.ro wrote:
>
> My subjective preference is similar. By now I'm running a dozen Centos
> servers virtualized (xen), all I can say is "Centos5 + Xen = love" :-)
> The darn thing runs out of the box very well; it's stable, it's fast,
> tools and big community expertise available.
>
>>
>> VMWare's offering seems to have the best support and tools, plus
>> likely the most matured of the options. Also given their market
>> dominance, unlikely to just up and die in the near future.
>
> Unlikely to die yes, possibly to just stop offering shit for free, yes
> also. Unless you're a big enterprise looking for some serious corporate
> backing, I wouldn't look at vmware, but that's just how I feel.

You never know when any company is going to die, change directions, or be
acquired by Oracle, but VMware has a fairly long history of providing
increasingly better free offerings (better in that respect than RedHat...) so I
would downplay the risk of it going away. The main issue with using ESXi is
just that you need a windows box to run the client when you want to change
configurations or access the guest consoles. And with the free version you have
to use the converter program to copy images in or out (but the converter is very
well done).

--
Les Mikesell
lesmikesell@gmail.com

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 04:05 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org