From owner-freebsd-hackers Mon Nov 26 18:33:52 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from obsecurity.dyndns.org (adsl-64-165-226-105.dsl.lsan03.pacbell.net [64.165.226.105]) by hub.freebsd.org (Postfix) with ESMTP id 44F6437B416 for ; Mon, 26 Nov 2001 18:33:49 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 9C11F66B27; Mon, 26 Nov 2001 18:33:48 -0800 (PST) Date: Mon, 26 Nov 2001 18:33:48 -0800 From: Kris Kennaway To: Joesh Juphland Cc: hackers@freebsd.org Subject: Re: compare and contrast vmware and jail ? Message-ID: <20011126183348.B21308@xor.obsecurity.org> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="BwCQnh7xodEAoBMC" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from part_lion@hotmail.com on Mon, Nov 26, 2001 at 02:11:42PM -0700 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --BwCQnh7xodEAoBMC Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Nov 26, 2001 at 02:11:42PM -0700, Joesh Juphland wrote: >=20 > I am going to be setting up four freeBSD servers as a test environment -= =20 > they need to be totally isolated machines. However, I would like to see = if=20 > I can do all of this on one server. The choice that comes to mind=20 > immediately is vmware, but since I am required to use all freeBSD, I woul= d=20 > be using vmware via linux compatibility mode, which is somewhat slower th= an=20 > native vmware on linux. Is this just your guess, or a conclusion based on measurement? Linux compatibility mode does not entail any performance loss in the general case because it's basically an alternative interface to the FreeBSD kernel, not a virtual machine emulation layer running on top of it (if you can show slowdown in this particular case, please do). > I have two specific questions: >=20 > 1. Is jail ready for prime time ? that is, taking into account stability= ,=20 > performance, and _security_, would you feel comfortable running multiple= =20 > servers on a single machine where the relative contents of the machines w= ere=20 > sensitive (in terms of performance and security) ? >=20 > 2. Any comments on the differences between using vmware and jail ? Why= =20 > would I choose vmware over jail ? Does jail offer the same memory usage= =20 > guarantees, etc. ? >=20 > Any thoughts / comments on vmware vs. jail, and the viability of using= =20 > jail on a multi-system system are appreciated. I wouldn't have even considered using vmware..it sounds like a very heavyweight solution for something jail can probably do better (see the manpage for limitations). Kris --BwCQnh7xodEAoBMC Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8AvuLWry0BWjoQKURAn4DAKCP1k82BUeSQLjS2ijXF62nlzUbMACdEcIl q56KyvreO7DMlErMgxY8op0= =6lzy -----END PGP SIGNATURE----- --BwCQnh7xodEAoBMC-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message