Operating System-level Virtualization

Operating system-level virtualization is a server virtualization method where the kernel of an operating system allows for multiple isolated user-space instances, instead of just one. Such instances (often called containers, VEs, VPSs or jails) may look and feel like a real server, from the point of view of its owner. On Unix systems, this technology can be thought of as an advanced implementation of the standard chroot mechanism. In addition to isolation mechanisms, the kernel often provides resource management features to limit the impact of one container's activities on the other containers.

Uses

Operating system-level virtualization is commonly used in virtual hosting environments, where it is useful for securely allocating finite hardware resources amongst a large number of mutually-distrusting users. System administrators may also use it, to a lesser extent, for consolidating server hardware by moving services on separate hosts into containers on the one server.

Other typical scenarios include separating several applications to separate containers for improved security, hardware independence, and added resource management features. The improved security provided by the use of a chroot mechanism, however, is nowhere near ironclad[1]

OS-level virtualization implementations that are capable of live migration can be used for dynamic load balancing of containers between nodes in a cluster.

Overhead

This form of virtualization usually imposes little or no overhead, because programs in virtual partition use the operating system's normal system call interface and do not need to be subject to emulation or run in an intermediate virtual machine, as is the case with whole-system virtualizers (such as VMware ESXi and QEMU) or paravirtualizers (such as Xen and UML). It also does not require hardware assistance to perform efficiently.

Flexibility

Operating system-level virtualization is not as flexible as other virtualization approaches since it cannot host a guest operating system different from the host one, or a different guest kernel. For example, with Linux, different distributions are fine, but other OS such as Windows cannot be hosted. This limitation is partially overcome in Solaris by its branded zones feature, which provides the ability to run an environment within a container that emulates an older Solaris 8 or 9 version in a Solaris 10 host. (a Linux branded zone was also announced and implemented for some Linux kernels, but later abandoned).

Storage

Some operating-system virtualizers provide file-level copy-on-write mechanisms. (Most commonly, a standard file system is shared between partitions, and partitions which change the files automatically create their own copies.) This is easier to back up, more space-efficient and simpler to cache than the block-level copy-on-write schemes common on whole-system virtualizers. Whole-system virtualizers, however, can work with non-native file systems and create and roll back snapshots of the entire system state.

Implementations

Mechanism Operating system License Available since/between Features
File system isolation Copy on Write Disk quotas I/O rate limiting Memory limits CPU quotas Network isolation Partition checkpointing
and live migration
Root privilege isolation
chroot most UNIX-like operating systems Proprietary

BSD

GNU GPL CDDL

1982 Partial[2] No No No No No No No No
iCore Virtual Accounts Windows XP Proprietary/Freeware 2008 Yes No Yes No No No No No  ?
Linux-VServer
(security context)
Linux GNU GPL v.2 2001 Yes Yes Yes Yes [3] Yes Yes Partial[4] No Partial[5]
LXC Linux GNU GPL v.2 2008 Partial[6] Partial. Yes with Btrfs. Partial. Yes with LVM or Disk quota. Yes Yes Yes Yes No No [7][8][9]
OpenVZ Linux GNU GPL v.2 2005 Yes No Yes Yes [10] Yes Yes Yes[11] Yes Yes[12]
Parallels Virtuozzo Containers Linux, Windows Proprietary 2001 Yes Yes Yes Yes [13] Yes Yes Yes[11] Yes Yes
Solaris Containers Solaris and OpenSolaris CDDL 2005 Yes Partial. Yes with ZFS Yes Partial. Yes with Illumos. [14] Yes Yes Yes[15] No[16] Yes[17]
FreeBSD Jail FreeBSD BSD 1998 Yes Yes (ZFS) Yes [18] No Yes [19] Yes Yes No Partial[20]
sysjail OpenBSD, NetBSD BSD no longer supported as of 03-03-2009 Yes No No No No No Yes No  ?
WPARs AIX Proprietary 2007 Yes No Yes Yes Yes Yes Yes[21] Yes[22]  ?
HP-UX Containers (SRP) HPUX Proprietary 2007 Yes No Partial. Yes with logical volumes Yes Yes Yes Yes Yes  ?
Sandboxie Windows Proprietary/Shareware 2004 Yes Yes No ? ? ? ? ?  ?

Notes

See also

External links

  • An introduction to Virtualization
  • A short intro to three different virtualization techniques
This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and USA.gov, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for USA.gov and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
 
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
 
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.