More on container-based virtualization
Building a Linux virtualization solution with OpenVZ
How to create virtual machines using OpenVZ
Container-based virtualization uses a single kernel to run multiple instances of an operating system. Each instance runs in a completely isolated environment, so there is no risk that one container can gain access to another’s files. As a result, container-based virtualization is secure.
And this virtualization method is also very resource efficient, because everything runs on top of the same kernel. But this efficiency also comes with a price: With one kernel, there is no flexibility in your choice of operating systems. When evaluating each virtualization method, it’s important to understand the differences as well as where each approach excels.
Container-based virtualization vs. the hypervisor: The differences
There are some differences between a hypervisor environment and container-based virtualization. For one, with hypervisor-based virtualization, every virtual machine (VM) needs a complete operating-system installation, including a kernel. This requirement makes hypervisor-based virtualization rather massive but also very flexible. The hypervisor just coordinates access to hardware, and every virtual machine has its own kernel. Therefore, you can install any operating system you want, and these OSes run in completely isolated environments.
On the other hand, with container-based virtualization, the virtual machines are one level closer to the hardware, because they all use the same kernel, without the need for a hypervisor. Popular forms of container-based virtualization run on top of a Windows kernel, in the case of Parallels Virtuozzo Containers, or atop Linux. Because of the flexibility and openness of the latter, container-based virtualization is used with Linux in most cases. And many open and free solutions are available.
Typically, corporate environments avoid container-based virtualization, preferring hypervisors and the versatility of having many operating systems. But a container-based virtual environment is an ideal choice for hosting providers. It delivers an efficient and secure way to offer operating systems for customers to run services on.
A hosting provider strives to use the same operating system for every virtual machine, to simplify VM maintenance. For example, you can update hundreds of virtual machines on a physical server with one Linux kernel patch. Also, with far-reaching methods (e.g., cgroups) to optimize performance, container-based virtualization is an ideal solution, if optimal efficiency is the first priority and the choice of operating systems is less important.
Linux LXC a boon for container-based virtualization
LXC is one of the newest additions to enterprise Linux, and it’s a native solution that can create containers. It is based on chroot and the so-called chroot jail. This approach allows for an isolated environment on top of the kernel. But not everything is copied in a chroot jail -- only the binaries, libraries and configuration file are really needed. As such, the individual virtual machine can be stripped down to an absolute minimum.
The use of cgroups is another major step forward in Linux container virtualization. Cgroups are groups of resources that can be created at the kernel level, and you can assign priorities to them. Therefore, you can ensure that each virtual machine has exactly the resources it needs and nothing more.
These two aspects of container-based virtualization create a really efficient environment, where many instances of the same operating system are offered to your customers.
This was first published in June 2012