I’ve been preparing Learning Tree’s brand-new course on Linux virtualization and I think people will really enjoy the exciting topic when it has its first public run later this month!
This isn’t “How do I install Linux on VMware?” or “How do I install VMware on Linux?”, it is far more capable than either of those. This is about how to use the Linux operating system itself as the virtualization platform.
As with many decisions, it comes down to money. If you run all your servers on their own dedicated hardware, you have to buy that hardware even though none of them use close to 100% of their computing, storage, or network capacity. Then you have to provide electrical power and cooling.
Finally you have to manage and maintain all those duplicated operating systems. This is, of course, the point at which management decides they already spend enough on those monthly electrical and cooling bills. Instead of hiring the needed additional staff they simply tell you to do more and more work.
Consolidating network services onto virtualized platforms saves costs in hardware, power, and cooling, and reduces the amount of work. You can view and control all your virtualized servers from one console, even when the virtualized servers are running on multiple host operating systems on separate physical hardware.
What does Linux virtualization provide? There is a wide range of virtualization built into the Linux operating system, and you can use whatever mixture best suits your needs. Let’s look at the array of choices and start with the highest performance one.
Virtualization choices lie along a spectrum with the simplest and highest performance at one end, ranging through increasing capability to the point that you are running a different operating system on a virtualized platform of an entirely different architecture at the other end. For example, in one exercise in the course we use our Linux system running on x86-64 hardware to run Android on a virtualized ARM platform. When you get into the full-system virtualization you can also set up multiple virtual networks and control routing between them and also between them and the outside world. The new course also shows you how to do that.
Of course, full system virtualization of a foreign architecture has a noticeable performance hit. This is sort of like teaching a dog to dance: You don’t complain about nuances of style, it’s impressive that it happens at all. Meanwhile there is negligible performance overhead if you are virtualizing another OS on the same hardware, such as Windows 8.1 on x86-64 on top of Linux on x86-64.
Compartmentalization or isolation of the virtualized environment from the host OS, and of individual virtualized environments from each other, is always of some importance. Just how important depends on the task and data, organizational cybersecurity concerns, and the degree of trust in the users of the various virtualized environments.
The most efficient virtualization has the least isolation between the host OS and the virtualized environment. The isolation or compartmentalization increases as you move further along the spectrum of capabilities, with associated performance penalties. The new course exposes you to the full range, so you can select the best set of solutions to your problems.
One end of the Linux virtualization spectrum has been around for ages but only recently labeled as “virtualization.” Your BIND DNS servers are probably already running the
named service within a “
chroot jail”, and your Apache or Nginx web servers may have their own “
What those processes see as the root of the file system is really
/var/www/ or similar. They can’t climb out, “
..” points to the same directory, and so they can’t see or touch the rest of the file system. But the person administering the DNS service or the web site can reach right in and add and modify files.
With increasing interest in more complete and complex virtualization, we have realized that a
chroot environment does provide a virtualized file system with no noticeable overhead. It is one end of the virtualization spectrum.
chroot jail for one specialized network service is relatively simple and small, but a general-purpose
chroot environment requires you to construct a full operating system environment within a subtree under the host OS. That used to be accepted as the cost of doing this, but Linux Containers (or LXC) make that much easier and Docker makes container management much easier and more space-efficient.
I’m out of room for this week, but check back next time for Containers and Docker, hot topics in Linux virtualization!