Zones vs. Jail
Update #3: Zones vs Jail vs Xen working links.
|
| Solaris Zones | FreeBSD Jails | Linux/BSD chroot | User Mode Linux | VMware | Why is the question important |
| Independent File system | Yes if needed | Yes | Yes | Yes | Yes | Uses more Space, but provides more flexibility |
| Shared read-only immutable Filed System | Yes | Yes, requires complex scripts, or mounting via NFS. | Needs complex | Yes, May not notice changes on the underlying file system when changed by the host | Yes | Saves space and is more secure easier to maintain |
| Can access raw devices | No, requires permission from the host | No | Yes | File systems yes hardware no drivers are in the work but is raw hardware access a good thing. | Yes | Security Problem, but can be a requirement of the task |
| Access Network resources | Yes | Yes | Yes | Yes | Yes | Required in most tasks |
| Can create or change Network Devices | No | No | Yes | No hardware devices internally. Virtual devices, devices are more limited. | Yes | Security Risk |
| Can access hardware devices with out permission | No | No | Yes | No | No | Security Risk |
| Single Point of Maintenance (kernel and software changes) | Yes | No | No | No | No | Makes Maintaining a breeze |
| Can send signals and kill processes outside of the zone/jail you are in. | No | No | No | No | No | Security Risk |
| Run’s a separate kernel | No | No | No | Yes | Yes | Allows for flexibility more secure. |
| Can monitor Processes and IO using standard tools | Yes | Yes | Yes | Limited with use of Uml_mconsole, tools are lacking to automate this | No |
|
| Light weight uses less than 1% CPU overhead | Yes | Yes | Yes | No | No |
|
| Can be a NFS server | No | Maybe, requires extra configuration | Yes | Yes | Yes |
|
| Host can examine data inside the zone/choot/or UML instance without special tools
| Yes | Yes | Yes | No | No |
|
| Resource Control outside of the Secure Area | Yes | No | No |
| Limited | Keep a run away or rogue process from stealing all resources |
| Simple control interface | Yes | Startup yes, shut down no | No | Yes | Yes | Easy Administration |
| Configuration Application for simple setup and modification | Yes | No | No | No | Yes, user must still configure host OS. | Easy Administration |
posted by jamesd_wi at Wednesday, June 08, 2005
7 Comments:
This post has been removed by a blog administrator.
1) The table displays correctly only in Internet Explorer - quite an annoyance :-(
2) It would be interesting how Xen fits in here, esp. compared to User Mode Linux, as it is the latest hype.
Resource control for User Mode Linux outside of the "secure area" is possible for memory. There is a param you can pass it that sets how much memory it can use.
Plus, its a regular user process, so you can control its CPU utilization via stuff like 'nice' and etc.
Linux's Resorce control is and always has been serverly limited. Checkout Resource controls in Solaris and you will see what I mean.
In Solaris you can control the amount of ram, the percentage of CPU, bind the task to one or a group of CPU's. Even change the type of scheduler a task or group of tasks uses.
This table is a good starting point for getting an idea of some of the available virtualization methods. Thanks for putting it together.
Being a FreeBSD user, I miss a hint to the ezjail administration framework, which eases the management of jails on FreeBSD very much, and implements some interesting ideas.
Ezjail is not part of the base operating system, so the exclusion is valid, but since it's part of the ports system included with FreeBSD, a hint to it might be of value.
ezjails homepage can be found at http://erdgeist.org/arts/software/ezjail/
And no, I am not its author :)
Zones are Jail++. But I like BSD Better for most things
EVEN by wow gold the standards gold in wow of the worst financial buy wow gold crisis for at least wow gold cheap a generation, the events of Sunday September 14th and the day before were extraordinary. The weekend began with hopes that a deal could be struck,maplestory mesos with or without government backing, to save Lehman Brothers, America''s fourth-largest investment bank.sell wow gold Early Monday buy maplestory mesos morning Lehman maplestory money filed for Chapter 11 bankruptcy protection. It has more than maplestory power leveling $613 billion of debt.Other vulnerable financial giants scrambled maple money to sell themselves or raise enough capital to stave off a similar fate. billig wow gold Merrill Lynch, the third-biggest investment bank, sold itself to Bank of America (BofA), an erstwhile Lehman suitor,wow power leveling in a $50 billion all-stock deal.wow power leveling American International Group (AIG) brought forward a potentially life-saving overhaul and went maple story powerleveling cap-in-hand to the Federal Reserve. But its shares also slumped on Monday.
Post a Comment
<< Home