Date: Wed, 23 Apr 2014 01:02:37 +0200 From: "Julian H. Stacey" <jhs@berklix.com> To: "edflecko ." <edflecko@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: FBSD jail versus VMWare? What services do YOU run in a jail? Message-ID: <201404222302.s3MN2brb059084@fire.js.berklix.net> In-Reply-To: Your message "Tue, 22 Apr 2014 14:47:45 -0700." <CAFS4T6apJ30_WPrV3-azuwr5LHFE8htEk5a_xqe7DRZ7Wy5XqQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"edflecko ." wrote: > I'm really interested in the comparison of using a FBSD jail rather than > VMWare in the context of virtualization. > > At my business, we heavily use VMWare - you might say we consider ourselves > a VMWare "shop". 99% of our servers are virtualized. > > I've heard that it's possible to run hundreds, if not thousands, of > services in FBSD jails on a given host server because of the sharing of > resources that all of your jails take advantage of. Yes, lots. (If you really try a thousand, avoid a class C net interface though ;-) > If I understand that > correctly, that's one of the HUGE advantages of running services in jails Yes > as opposed to creating VM after VM after VM - each VM eats up disk space on > the SAN as well as memory resources, etc. Yes. Maybe if the prison (parent) host runs ZFS & there's sparse file detection it could save space for (child) VMs & jails ? I don't know. > Additionally, the jailed service > is far better from a security perspective? No. The opposite. I would expect a VM to be more secure. I put my finger on a security hole with jails last year, & raised it on a freebsd list, it got considered, no solution, it'll be in archives, but I cant remember detail, & no time to look, & when I do get time to get back to it, I'd be aiming at list freebsd-jail@freebsd.org not this general questions@ list. > Having said all of that, I'm curious to hear from some of you who may be > doing just this - are you running a FBSD server with some of your mission > critical services (Apache, Bind, DHCP, etc., etc.) within jails and how do > you like it versus running hundreds of VMs and VMWare? As a mere VM user & jail owner, i run those services on both a VM & a jail, they run functionaly the same, except in jail I've had problems with chflags failing, & in jail I've had to take more care with ifconfig flags. A VM is a cleaner concept if one can spare the RAM. A jail is a cheaper: less security, less flexibility (eg No linux jail in a FreeBSD prison), more efficiency of resources, thus cheaper. Both useful, Analogy: I also use both a car & a bike. > What type of services CAN be run from within a jail? Try it! All I guess, certainly inc. httpd ftpd sshd smtpd popd named sasld etc. > Thank you, > Ed Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://berklix.com Interleave replies below like a play script. Indent old text with "> ". Google breach privacy http://berklix.com/jhs/adverts/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201404222302.s3MN2brb059084>