Re: [SAGE] JAILS (Re: Respondents needed for article on sysadmin survival)

[Thornton Prime <thornton@yoyoweb.com>]

Dustin Puryear wrote:
> I wonder if anyone has tried to do a performance comparison of running
> real-world services (i.e., a mail server with AV and spam filtering) under a
> FreeBSD jail, user-mode Linux, and VMware.
> 
> So let's say I have a nice server that I use for hosting multiple services.
> I can run each service (or client's virtual server) under a FreeBSD jail,
> user-mode Linux, or VMware. Which solution gives you the most PERFORMANCE
> bang for the hardware buck?

It is important, of course, to realize that these three products offer 
three very different levels of virtualization and therefore protection. 
People choose them for three very different reasons, and I wouldn't 
expect them to benchmark in ways that compare meaningfully.

For example for mail services, VMWare gives you virtualized hardware 
which might protect you down to even layer-2 attacks. They might crash 
your VMWare instance, but your host system would still be OK. Similarly, 
UML should protect you down to Layer-3 IP attacks, and even if there was 
a kernel flaw hopefully the most the most an attacker could do is kill 
your UML kernel instance (but your host kernel would still be fine). 
Jails are "vulnerable" because you share kernel space (and therefore the 
IP stack) with the host system, though "vulnerable" is a relative term 
when you are considering OpenBSD as a host. ;)

For the truly paranoid, there is nothing preventing people from mixing 
the technologies, VMWare running a host with UML instances or an 
instance with Jails.

I would like to see a comparison of VMWare vs. Virtuozzo vs. Plex86 vs. 
Bochs. These all do do the same thing, with the exception that Bochs 
actually emulates x86 instead of just virtualizing a x86 platform 
(enabling you to run Windows on Bochs within Solaris on Sparc).

thornton