By James Dickens
Modified June 16, 2005
I have currently just answered the current questions for Xen no other changes have been made. But i should add more in the future. Some possibility include “Scales to more than 128” containers.
|
|
Solaris Zones |
FreeBSD Jails |
Xen |
User Mode Linux |
VMware |
Why is the question important |
|
Independent File system |
Yes if needed |
Yes |
Yes |
Yes |
Yes |
Uses more Space, but provides more flexibility |
|
Shared read-only immutable Filed System |
Yes |
Yes, requires complex scripts, or mounting via NFS. |
One user says yes, but not confirmed |
Yes, May not notice changes on the underlying file system when changed by the host |
Yes |
Saves space and is more secure easier to maintain |
|
Can access raw devices |
No, requires permission from the host |
No |
Yes |
File systems yes hardware no drivers are in the work but is raw hardware access a good thing. |
Yes |
Security Problem, but can be a requirement of the task |
|
Access Network resources |
Yes |
Yes |
Yes |
Yes |
Yes |
Required in most tasks |
|
Can create or change Network Devices |
No |
No |
Yes |
No hardware devices internally. Virtual devices, devices are more limited. |
Yes |
Security Risk |
|
Can access hardware devices with out permission |
No by default, permission can be granted if needed |
No |
No |
No |
No |
Security Risk |
|
Single Point of Maintenance (kernel and software changes) |
Yes |
No |
No |
No |
No |
Makes Maintaining a breeze |
|
Can send signals and kill processes outside of the zone/jail you are in. |
No |
No |
No |
No |
No |
Security Risk |
|
Run’s a separate kernel |
No |
No |
Yes |
Yes |
Yes |
Allows for flexibility more secure. |
|
Can monitor Processes and IO using standard tools |
Yes |
Yes |
No |
Limited with use of Uml_mconsole, tools are lacking to automate this |
No |
|
|
Light weight uses less than 1% CPU overhead |
Yes |
Yes |
No, upto 8% on some workloads |
No |
No |
|
|
Can be a NFS server |
No |
Maybe, requires extra configuration |
Yes |
Yes |
Yes |
|
|
Host can examine data inside the zone/choot/or UML instance without special tools
|
Yes |
Yes |
No |
No |
No |
|
|
Resource Control outside of the Secure Area |
Yes |
No |
Yes, but limited |
|
Limited |
Keep a run away or rogue process from stealing all resources |
|
Simple control interface |
Yes |
Startup yes, shut down no |
No |
Yes |
Yes |
Easy Administration |
|
Configuration Application for simple setup and modification |
Yes |
No |
No |
No |
Yes, user must still configure host OS. |
Easy Administration |
Freebsd Jail Resources:
http://www.awprofessional.com/articles/article.asp?p=366888&seqNum=9&rl=1
Xen Resources:
http://www.cl.cam.ac.uk/Research/SRG/netos/xen/performance.html
http://www.xensource.com/files/xensource_wp.pdf