[CentOS] ESXi, KVM or Xen?

Sat Jul 3 03:52:41 UTC 2010
Emmanuel Noobadmin <centos.admin at gmail.com>

Which of these would be the recommended virtualization platform for
mainly CentOS guest on CentOS host for running a virtualized mail
server? From what I've read, objectively it seems that VMWare's still
the way to go although I would had like to go with Xen or KVM just as
a matter of subjective preference.

VMWare's offering seems to have the best support and tools, plus
likely the most matured of the options. Also given their market
dominance, unlikely to just up and die in the near future.

Xen would had been a possible option except Redhat appears to be
focusing on KVM as their virtualization platform of choice to compete
with VMWare and Citrix. So maybe Xen support will be killed shortly.
Plus the modified xen kernel apparently causes conflict with certain
software, at least based on previous incidents where I'd been advised
not to use the CentOS xen kernel if not using xen virtualization.

KVM would be ideal since it's opensource and would be supported in
CentOS as far as can be reasonably foreseen. However, looking at
available resources, it seems to have these key disadvantages

1. Poorer performance under load.
This 2008 XenSummit paper indicates that it dies on heavy network load
as well as when there are more than a few VM doing heavy processing at
the same time. But that's two years ago and they weren't using
paravirtual drivers it seems.

This  blog testing out Xen/KVM pretty recently. While the loads are
not as drastic and neither the difference, it still shows that KVM
does lag behind by about 10%.

This is a concern since I plan to put storage on the network and the
most heavy load the client has is basically the email server due to
the volume plus inline antivirus and anti-spam scanning to be done on
those emails. Admittedly, they won't be seeing as much emails as say a
webhost but most of their emails come with relatively large

2. Security
Some sites point out that KVM VM runs in userspace as threads. So a
compromised guest OS would then give intruder access to the system as
well as other VMs.

Should I really be concerned or are these worries only for extreme
situations and that KVM is viable for normal production situations?
Are there other things I should be aware of?