Sthu Deus wrote:
Thank You for Your time and answer, randall:

thanks to the fact it shares the same kernel with the host and all the guests, but this could be a disadvantage if you need a seperate kernel per guest.

One of the reasons I would like to use virtualization is security... so, how 
does using of a single kernel affect total security/separation - at my view - 
it does not help in this view. Though I do not know how openvz or xen work...
i'm not an expert but i will explain a little what i think i know.

xen and vmware can give you the best seperation/security because each guest will run its own kernel, this will affect the performance however since you are simply running several complete operating systems ( you could run linux in 1 guest, windows in another and FreeBSd in yet another etc... )

VServer and i guess also openvz are simply a very smart way of using chroot to isolate several services just like the jails utility in FreeBSD, this off course has the advantage that there is no performance overhead , VServer is set up by default not to allow the guest direct access to the kernel but for some programs, like bind, you have to loosen up the privileges to the kernel a little so this brings a little risk although most programs will run without any modification needed.

also, with xen and vmware you can run a firewall inside each guest itself as well which you can not do with VServer since this needs kernel access, with VServer i have the firewall on the host system allowing/blocking traffic to the guests.


Openvz basically is somewhere in the same league as VServer, i started with VServer and it did what i wanted + a active and extremely helpfull mailinglist so i never looked back

Did You compile Your own kernels for Debian? - And then ever after - on update?
some do, but i always use the vserver patched kernel from the repos, it never gave me any problems and i'm always assured of the security updates, did not have any issue when upgrading from etch to lenny.

The thing you heard was broken is the vserver-debiantools package which apparently is in a bad state for years already ( have used these in the past and still do, but i never experienced a problem myself ). But you simply do not need this package, just follow the directions on the VServer wiki





--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to