Date: Tue, 22 Apr 2014 22:43:52 -0400 From: Boris <borisbsd@gmail.com> To: "Julian H. Stacey" <jhs@berklix.com> Cc: "edflecko ." <edflecko@gmail.com>, FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: FBSD jail versus VMWare? What services do YOU run in a jail? Message-ID: <CAJYdwgXDOSw6NXKQ7Pyvc6BbWZQWvLxtQ3NzO%2Bv1xdaLDLH4PQ@mail.gmail.com> In-Reply-To: <201404222302.s3MN2brb059084@fire.js.berklix.net> References: <CAFS4T6apJ30_WPrV3-azuwr5LHFE8htEk5a_xqe7DRZ7Wy5XqQ@mail.gmail.com> <201404222302.s3MN2brb059084@fire.js.berklix.net>
next in thread | previous in thread | raw e-mail | index | archive | help
'VMware' does not tell much of what you want to compare jails against. The have Fusion on Mac, ESXi for hosts, vCenter for ESXi host management, VSAN.... That can run on top of VERY complex datacenter architectures with fabric and L2 network and could potentially work for multiple clusters/DC across the world. </marketing> AFAIK, jails do not offer anything beyond the same physical server. Don't get me wrong, jails are a lot easier to spin in my opinion and make more sense when it comes to sticking to a full FreeBSD environment. For anything a bit more heterogenous, VMware products will help. Now, you can keep an eye on is Opencontrail, sponsored by Juniper who already released this as a product name Contrail. Opencontrail project details on FreeBSD: http://www.freebsd.org/news/status/report-2013-10-2013-12.html#FreeBSD-Host-Support-for-OpenStack-and-OpenContrail And Juniper ref to their product: http://www.juniper.net/us/en/products-services/sdn/contrail/ HTH Boris On Tue, Apr 22, 2014 at 7:02 PM, Julian H. Stacey <jhs@berklix.com> wrote: > "edflecko ." wrote: > > I'm really interested in the comparison of using a FBSD jail rather than > > VMWare in the context of virtualization. > > > > At my business, we heavily use VMWare - you might say we consider > ourselves > > a VMWare "shop". 99% of our servers are virtualized. > > > > I've heard that it's possible to run hundreds, if not thousands, of > > services in FBSD jails on a given host server because of the sharing of > > resources that all of your jails take advantage of. > > Yes, lots. > (If you really try a thousand, avoid a class C net interface though ;-) > > > If I understand that > > correctly, that's one of the HUGE advantages of running services in jails > > Yes > > > as opposed to creating VM after VM after VM - each VM eats up disk space > on > > the SAN as well as memory resources, etc. > > Yes. > Maybe if the prison (parent) host runs ZFS & there's sparse file detection > it could save space for (child) VMs & jails ? I don't know. > > > > Additionally, the jailed service > > is far better from a security perspective? > > No. The opposite. I would expect a VM to be more secure. I put my > finger on a security hole with jails last year, & raised it on a > freebsd list, it got considered, no solution, it'll be in archives, > but I cant remember detail, & no time to look, & when I do get time > to get back to it, I'd be aiming at list freebsd-jail@freebsd.org > not this general questions@ list. > > > > Having said all of that, I'm curious to hear from some of you who may be > > doing just this - are you running a FBSD server with some of your mission > > critical services (Apache, Bind, DHCP, etc., etc.) within jails and how > do > > you like it versus running hundreds of VMs and VMWare? > > As a mere VM user & jail owner, i run those services on both a VM > & a jail, they run functionaly the same, except in jail I've had > problems with chflags failing, & in jail I've had to take more care > with ifconfig flags. > > A VM is a cleaner concept if one can spare the RAM. A jail is a > cheaper: less security, less flexibility (eg No linux jail in a > FreeBSD prison), more efficiency of resources, thus cheaper. Both > useful, Analogy: I also use both a car & a bike. > > > > What type of services CAN be run from within a jail? > > Try it! All I guess, certainly inc. httpd ftpd sshd smtpd popd named sasld > etc. > > > Thank you, > > Ed > > Cheers, > Julian > -- > Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich > http://berklix.com > Interleave replies below like a play script. Indent old text with "> ". > Google breach privacy http://berklix.com/jhs/adverts/ > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJYdwgXDOSw6NXKQ7Pyvc6BbWZQWvLxtQ3NzO%2Bv1xdaLDLH4PQ>