From owner-freebsd-questions@FreeBSD.ORG Wed Apr 23 03:28:47 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D76C66CB for ; Wed, 23 Apr 2014 03:28:47 +0000 (UTC) Received: from mail-lb0-x22b.google.com (mail-lb0-x22b.google.com [IPv6:2a00:1450:4010:c04::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4C0CD149C for ; Wed, 23 Apr 2014 03:28:47 +0000 (UTC) Received: by mail-lb0-f171.google.com with SMTP id w7so282783lbi.16 for ; Tue, 22 Apr 2014 20:28:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=37MFb6qnWA1g/fDRvA7XjI9wpt3/HQksBauenXg/Ta8=; b=uXcIvXl0MOwtCD2LfkdDtB7BmZ42M+lxz2ozNhNsViOTM0fJpKHvbqCSPiMkBAYcib 5fh5D1qL45CvMrJeXUGJh6CaVCy17gBVKT0wrgvqpE9XrW0vFlH9QJMXE92bGva06MGA 3DcaQ0yn2znPzhseJ3yEcIlLD3cYxpNvCLSEFQT2Iu7mwOpB1WCLhpyfdhafmK3/m9kr RAqBZyZzHuRHZqAD30z7OIEK4TMLljsgJelOoDUSBqspLLlxkMAKusX7pQrQxCZkMcjf g9pQr3HjfSbpfC38NWMN6HuttKe6PuIvcO3N3ZvI11G7WvRrlm8nYAfMm++to5eBW/WG 0/cQ== MIME-Version: 1.0 X-Received: by 10.152.42.144 with SMTP id o16mr34405435lal.9.1398223725212; Tue, 22 Apr 2014 20:28:45 -0700 (PDT) Received: by 10.152.87.6 with HTTP; Tue, 22 Apr 2014 20:28:45 -0700 (PDT) In-Reply-To: References: <201404222302.s3MN2brb059084@fire.js.berklix.net> Date: Tue, 22 Apr 2014 23:28:45 -0400 Message-ID: Subject: Re: FBSD jail versus VMWare? What services do YOU run in a jail? From: Outback Dingo To: Boris Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.17 Cc: "Julian H. Stacey" , "edflecko ." , FreeBSD Mailing List X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Apr 2014 03:28:48 -0000 On Tue, Apr 22, 2014 at 10:43 PM, Boris wrote: > 'VMware' does not tell much of what you want to compare jails against. > The have Fusion on Mac, ESXi for hosts, vCenter for ESXi host management, > VSAN.... > That can run on top of VERY complex datacenter architectures with fabric > and L2 network and could potentially work for multiple clusters/DC across > the world. > > AFAIK, jails do not offer anything beyond the same physical server. Don't > get me wrong, jails are a lot easier to spin in my opinion and make more > sense when it comes to sticking to a full FreeBSD environment. > For anything a bit more heterogenous, VMware products will help. > > Now, you can keep an eye on is Opencontrail, sponsored by Juniper who > already released this as a product name Contrail. > Opencontrail project details on FreeBSD: > > http://www.freebsd.org/news/status/report-2013-10-2013-12.html#FreeBSD-Host-Support-for-OpenStack-and-OpenContrail > > And Juniper ref to their product: > http://www.juniper.net/us/en/products-services/sdn/contrail/ This in itself is quite interesting, opencontrail, openstack, and bhyve merged together would be awesome, however, i would think someone by now would have done a comparison of FreeBSD jails, bhyve and vimage...... and lastly VPS for FreeBSD, http://www.7he.at/freebsd/vps/features.html while it seems, bhyve has the most traction, vps might be a better fit for those using jails, or wanting to compare it to say VMWare. But a feature comparison matrix would be beneficial to the BSD community overall. I seriously hate VMWare, it bloted and over-engineered by far, and well, can become quite costly, but depending on your needs, Ive found for commercial environments, XenServer 6.2 with cloudstack / or openstack to be a much better choice, openstack with bhyve support, well gives us a whole new world of BSD virtualization environments. > > > HTH > > Boris > > > On Tue, Apr 22, 2014 at 7:02 PM, Julian H. Stacey wrote: > > > "edflecko ." wrote: > > > I'm really interested in the comparison of using a FBSD jail rather > than > > > VMWare in the context of virtualization. > > > > > > At my business, we heavily use VMWare - you might say we consider > > ourselves > > > a VMWare "shop". 99% of our servers are virtualized. > > > > > > I've heard that it's possible to run hundreds, if not thousands, of > > > services in FBSD jails on a given host server because of the sharing of > > > resources that all of your jails take advantage of. > > > > Yes, lots. > > (If you really try a thousand, avoid a class C net interface though ;-) > > > > > If I understand that > > > correctly, that's one of the HUGE advantages of running services in > jails > > > > Yes > > > > > as opposed to creating VM after VM after VM - each VM eats up disk > space > > on > > > the SAN as well as memory resources, etc. > > > > Yes. > > Maybe if the prison (parent) host runs ZFS & there's sparse file > detection > > it could save space for (child) VMs & jails ? I don't know. > > > > > > > Additionally, the jailed service > > > is far better from a security perspective? > > > > No. The opposite. I would expect a VM to be more secure. I put my > > finger on a security hole with jails last year, & raised it on a > > freebsd list, it got considered, no solution, it'll be in archives, > > but I cant remember detail, & no time to look, & when I do get time > > to get back to it, I'd be aiming at list freebsd-jail@freebsd.org > > not this general questions@ list. > > > > > > > Having said all of that, I'm curious to hear from some of you who may > be > > > doing just this - are you running a FBSD server with some of your > mission > > > critical services (Apache, Bind, DHCP, etc., etc.) within jails and how > > do > > > you like it versus running hundreds of VMs and VMWare? > > > > As a mere VM user & jail owner, i run those services on both a VM > > & a jail, they run functionaly the same, except in jail I've had > > problems with chflags failing, & in jail I've had to take more care > > with ifconfig flags. > > > > A VM is a cleaner concept if one can spare the RAM. A jail is a > > cheaper: less security, less flexibility (eg No linux jail in a > > FreeBSD prison), more efficiency of resources, thus cheaper. Both > > useful, Analogy: I also use both a car & a bike. > > > > > > > What type of services CAN be run from within a jail? > > > > Try it! All I guess, certainly inc. httpd ftpd sshd smtpd popd named > sasld > > etc. > > > > > Thank you, > > > Ed > > > > Cheers, > > Julian > > -- > > Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich > > http://berklix.com > > Interleave replies below like a play script. Indent old text with "> ". > > Google breach privacy http://berklix.com/jhs/adverts/ > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to " > > freebsd-questions-unsubscribe@freebsd.org" > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >