On 03/Jul/2010 06:52 Emmanuel Noobadmin centos.admin@gmail.com wrote ..
Which of these would be the recommended virtualization platform for mainly CentOS guest on CentOS host for running a virtualized mail server? From what I've read, objectively it seems that VMWare's still the way to go although I would had like to go with Xen or KVM just as a matter of subjective preference.
My subjective preference is similar. By now I'm running a dozen Centos servers virtualized (xen), all I can say is "Centos5 + Xen = love" :-) The darn thing runs out of the box very well; it's stable, it's fast, tools and big community expertise available.
VMWare's offering seems to have the best support and tools, plus likely the most matured of the options. Also given their market dominance, unlikely to just up and die in the near future.
Unlikely to die yes, possibly to just stop offering shit for free, yes also. Unless you're a big enterprise looking for some serious corporate backing, I wouldn't look at vmware, but that's just how I feel.
Xen would had been a possible option except Redhat appears to be focusing on KVM as their virtualization platform of choice to compete with VMWare and Citrix. So maybe Xen support will be killed shortly.
Xen will be fully supported in Centos5 so you have until 2014 (if I'm not mistaken) to change boat. I'm not sure about EL6, but I'm sure it will have at least domU full support. And even so, I'm sure there will be ways around it (centosplus, elrepo etc).
Plus the modified xen kernel apparently causes conflict with certain software, at least based on previous incidents where I'd been advised not to use the CentOS xen kernel if not using xen virtualization.
Never had a problem, the only issue I encountered is NVidia proprietary graphics driver doesn't like it, but there is a way around that as well and anyway, you won't need that driver on a server.
KVM would be ideal since it's opensource and would be supported in CentOS as far as can be reasonably foreseen. However, looking at available resources, it seems to have these key disadvantages
- Poorer performance under load.
http://wiki.xensource.com/xenwiki/Open_Topics_For_Discussion?action=AttachFi...
This 2008 XenSummit paper indicates that it dies on heavy network load as well as when there are more than a few VM doing heavy processing at the same time. But that's two years ago and they weren't using paravirtual drivers it seems.
Yes, indeed.
http://vmstudy.blogspot.com/2010/04/network-performance-test-xenkvm-vt-d.htm...
This blog testing out Xen/KVM pretty recently. While the loads are not as drastic and neither the difference, it still shows that KVM does lag behind by about 10%.
The gap is only temporary, I'm sure. KVM is a very active project, and for the moment at least what you lose in performance you gain in flexibility; kvm machines being linux proceses, so from there sky's the limit. You don't get this with any other virtualization platform out there (talking about the big guys, not the like of "lguest" etc).
This is a concern since I plan to put storage on the network and the most heavy load the client has is basically the email server due to the volume plus inline antivirus and anti-spam scanning to be done on those emails. Admittedly, they won't be seeing as much emails as say a webhost but most of their emails come with relatively large attachments.
The base rule performance wise with any virtualization solution is to have fast disks. Raid10 is quite sweet unless you're looking at big networked storage solutions. The best thing to do is install and test all 3 of them and see which works best on whatever hardware you possess.
- Security
Some sites point out that KVM VM runs in userspace as threads. So a compromised guest OS would then give intruder access to the system as well as other VMs.
Not necesarilly, I'm planning to switch my domUs to KVM at some point in the near future and I'm not going to run them as root; they're only processes after all. Even if they break the VM and get "out" they will still be restricted. That scenario though is quite a fantastic one, imho. I'm no kernel hacker but it sounds extremely unlikely to happen.
Should I really be concerned or are these worries only for extreme situations and that KVM is viable for normal production situations? Are there other things I should be aware of?
I wouldn't be concerned, really. HTH
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-- Nux! www.nux.ro