Date: Mon, 26 Nov 2001 18:33:48 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Joesh Juphland <part_lion@hotmail.com> Cc: hackers@freebsd.org Subject: Re: compare and contrast vmware and jail ? Message-ID: <20011126183348.B21308@xor.obsecurity.org> In-Reply-To: <F183jKoMFYsDSzhxRz300010a60@hotmail.com>; from part_lion@hotmail.com on Mon, Nov 26, 2001 at 02:11:42PM -0700 References: <F183jKoMFYsDSzhxRz300010a60@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--BwCQnh7xodEAoBMC Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Nov 26, 2001 at 02:11:42PM -0700, Joesh Juphland wrote: >=20 > I am going to be setting up four freeBSD servers as a test environment -= =20 > they need to be totally isolated machines. However, I would like to see = if=20 > I can do all of this on one server. The choice that comes to mind=20 > immediately is vmware, but since I am required to use all freeBSD, I woul= d=20 > be using vmware via linux compatibility mode, which is somewhat slower th= an=20 > native vmware on linux. Is this just your guess, or a conclusion based on measurement? Linux compatibility mode does not entail any performance loss in the general case because it's basically an alternative interface to the FreeBSD kernel, not a virtual machine emulation layer running on top of it (if you can show slowdown in this particular case, please do). > I have two specific questions: >=20 > 1. Is jail ready for prime time ? that is, taking into account stability= ,=20 > performance, and _security_, would you feel comfortable running multiple= =20 > servers on a single machine where the relative contents of the machines w= ere=20 > sensitive (in terms of performance and security) ? >=20 > 2. Any comments on the differences between using vmware and jail ? Why= =20 > would I choose vmware over jail ? Does jail offer the same memory usage= =20 > guarantees, etc. ? >=20 > Any thoughts / comments on vmware vs. jail, and the viability of using= =20 > jail on a multi-system system are appreciated. I wouldn't have even considered using vmware..it sounds like a very heavyweight solution for something jail can probably do better (see the manpage for limitations). Kris --BwCQnh7xodEAoBMC Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8AvuLWry0BWjoQKURAn4DAKCP1k82BUeSQLjS2ijXF62nlzUbMACdEcIl q56KyvreO7DMlErMgxY8op0= =6lzy -----END PGP SIGNATURE----- --BwCQnh7xodEAoBMC-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011126183348.B21308>