"J. Roeleveld" <jo...@antarean.org> writes: > On Thursday, April 23, 2015 11:03:53 PM lee wrote: >> "J. Roeleveld" <jo...@antarean.org> writes: >> >> >> > I disagree. Been using Xen for over 10 years now and find it very easy to >> > use. The documentation could be better on the Xen site itself, but there >> > is plenty of decent documentation available via Google. >> Then we just disagree about this. > > Do you have anything that you find insufficiently documented or is too > difficult?
sure, lots >> >>Virtualization with containers is basically as simple as running just >> >>another daemon. >> >> >> > Not quite. I use virtualization to minimizer the physical hardware. Xen is >> > easy for that. Containers are what chroot jails should have been. But >> > there is no simple method to set these up when security isolation is your >> > goal. >> Containers or chroots? > > Containers. > Chroots don't have much when it comes to isolation. What exactly are the issues with containers? Ppl seem to work on them and to manage to make them more secure over time. >> >>Which the "better" tool, or combination of tools is, depends on what >> >>you >> >>want to accomplish. You could use containers in a VM, too, or use >> >>virtualbox along with containers to run the odd VMs that require full >> >>virtualzation. >> >> >> > Virtualbox is nice for a quick test. I wouldn't use it for production. >> >> Why not? > > Several reasons: > > 1) I wouldn't trust a desktop application for a server So that's a gut feeling? > 2) The overhead from Virtualbox is quite high (still better then VMWare's > desktop versions though) Overhead in which way? I haven't done much with virtualbox yet and merely found it rather easy to use, very useful and to just work fine. Compared to containers, the overhead xen requires is enormous, and it doesn't give you a stable system to run VMs on because dom0 is already virtualized itself. I don't know how that compares to virtualbox --- I didn't have time to look into it and it just worked, allowing me to run a VM on the fly on the same machine I'm working on without any ado. That VM was simply a copy of a VM taken from a vmware server, and the copy could be used without any conversion or anything. You can't do that with xen because you'll be having lots of trouble to convert the VM, to convert the machine you're working on to xen and to get it to work, to work around all the problems xen brings about ... Some days later you might finally have it working --- which is out of the question because the VM is needed right away. And virtualbox does just that. I was really surprised that virtualbox worked that well. Maybe xen will get there some time. -- Again we must be afraid of speaking of daemons for fear that daemons might swallow us. Finally, this fear has become reasonable.
