Date: Mon, 26 Nov 2001 18:33:48 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Joesh Juphland <part_lion@hotmail.com> Cc: hackers@freebsd.org Subject: Re: compare and contrast vmware and jail ? Message-ID: <20011126183348.B21308@xor.obsecurity.org> In-Reply-To: <F183jKoMFYsDSzhxRz300010a60@hotmail.com>; from part_lion@hotmail.com on Mon, Nov 26, 2001 at 02:11:42PM -0700 References: <F183jKoMFYsDSzhxRz300010a60@hotmail.com>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Mon, Nov 26, 2001 at 02:11:42PM -0700, Joesh Juphland wrote: > > I am going to be setting up four freeBSD servers as a test environment - > they need to be totally isolated machines. However, I would like to see if > I can do all of this on one server. The choice that comes to mind > immediately is vmware, but since I am required to use all freeBSD, I would > be using vmware via linux compatibility mode, which is somewhat slower than > native vmware on linux. Is this just your guess, or a conclusion based on measurement? Linux compatibility mode does not entail any performance loss in the general case because it's basically an alternative interface to the FreeBSD kernel, not a virtual machine emulation layer running on top of it (if you can show slowdown in this particular case, please do). > I have two specific questions: > > 1. Is jail ready for prime time ? that is, taking into account stability, > performance, and _security_, would you feel comfortable running multiple > servers on a single machine where the relative contents of the machines were > sensitive (in terms of performance and security) ? > > 2. Any comments on the differences between using vmware and jail ? Why > would I choose vmware over jail ? Does jail offer the same memory usage > guarantees, etc. ? > > Any thoughts / comments on vmware vs. jail, and the viability of using > jail on a multi-system system are appreciated. I wouldn't have even considered using vmware..it sounds like a very heavyweight solution for something jail can probably do better (see the manpage for limitations). Kris [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8AvuLWry0BWjoQKURAn4DAKCP1k82BUeSQLjS2ijXF62nlzUbMACdEcIl q56KyvreO7DMlErMgxY8op0= =6lzy -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011126183348.B21308>