Linux-vserver

Linux-VServer is a Jail Mechanism in that it can be used to securely partition resources on a computer system (such as the File System , CPU time, network addresses and memory) in such a way that Processes cannot mount a Denial-of-service Attack on anything outside their partition.

Each partition is called a ''security context'', and the Virtualized system within it is the ''virtual private server''. A Chroot -like utility for descending into security contexts is provided. The contexts themselves are robust enough to boot many Linux Distribution s unmodified, including Debian and Fedora Core .

Virtual private servers are commonly used in web hosting services, where they are useful for segregating customer accounts, pooling resources and containing any potential security breaches.

Linux-VServer is not included in the mainline kernel. 2.0, the stable version as of September 2005 , exists as a Patch against the 2.6-series kernels. A patch against the 2.4-series is also provided.

Conceptually Linux-VServer is similar to the OpenSolaris "Containers" (formerly called "Zones").

ADVANTAGES

Very fast and lightweight: virtual servers share the same System Call interface and do not have any Emulation overhead.

Virtual servers can share a common file system and do not have to be backed by opaque Disk Image s. This makes it easier to back up and to pool disk space among virtual servers.

Processes within the virtual server run as regular processes on the host system. This is somewhat more memory-efficient and I/O-efficient than whole-system emulation, which cannot return "unused" memory or share a disk cache with the host.

DISADVANTAGES

Requires that the host kernel be patched.

All virtual servers share the same kernel and hence expose similar bugs and potential security holes.

No Clustering or Process Migration capability is included, so the host kernel and host computer is still a single point of failure for all virtual servers (similar to Xen and UML ).

Networking is not completely virtualized (yet) and virtual servers are commonly just allocated aliases of the same network interface. This prevents each virtual server from creating its own internal routing or firewalling setup.

I/O rate limits still cannot be set on a per-virtual server basis.

Some system calls (for example, those dealing with the Real-time Clock ) and parts of the /proc and /sys filesystems remain unimplemented or unvirtualized. This can prevent some Linux distributions (notably, Gentoo ) from booting properly inside a vserver without modifications.

No IPv6 support

EXTERNAL LINKS

Linux-VServer site

Official Releases

Implementation paper

VServer with Asterisk

	APPAREL
	BABY
	BEAUTY
	BOOKS
	CAR TOYS
	CELL PHONES
	DVD'S
	ELECTRONICS
	GOURMET FOOD
	GROCERIES
	HEALTH & PERSONAL
	HOME & GARDEN
	JEWELRY
	MUSIC
	MUSIC INSTRUMENTS
	OFFICE PRODUCTS
	SOFTWARE
	SPORTING GOODS
	TOOLS & HARDWARE
	TOYS
	VIDEO GAMES
	SHOPPING HOME

	MORE SHOPPING...

	CATEGORIES ABOUT LINUX-VSERVER

	free virtualization software

Information About

Linux-vserver