This page looks best with JavaScript enabled

Introduction to virtualization with free software

 ·  🎃 kr0m

In this article, we will give an overview of the virtualization systems currently available in the world of free software under Linux. The main products are Xen, Proxmox, OpenStack, Docker.

Virtualization has been providing us with certain advantages over traditional computing for years, but when it comes time to take the plunge, several questions arise: which technology should I use? Containers or full virtualization? Which hypervisor best suits my needs? Which solution will give me better performance? In this article, we will give a general overview of virtualization systems in the Linux world and the main characteristics of each of them.

All full virtualization systems require a hypervisor, which is responsible for managing everything related to isolation, security, and access to hardware by virtual machines. Container-based systems have the host kernel itself managing all these aspects.

There are several types of hypervisors:

  • Type 1: This is an operating system specifically designed for virtualization. Some of the most well-known are: VMware ESXi Free (free), VMware ESX (paid), Xen (free), Citrix XenServer (free), Microsoft Hyper-V Server (free).

  • Type 2: This is software installed on a generic operating system: VirtualBox (free), VirtualBox OSE (free), VMware: Workstation (paid), Server (free), Player (free), QEMU (free), Microsoft: Virtual PC, Virtual Server.

Hypervisors, in turn, can use different virtualization techniques.

Code from one architecture is executed on another, but a complete translation of each and every instruction is required.

All hardware is simulated, and there is no need to modify the guest OS in any way. Privileged-level instructions must be rewritten by the host since guests do not have that level of privileges.

The host’s HW has specific registers to speed up the rewriting of privileged-level instructions.

We can check if we have them with:

egrep ‘^flags.*(vmx|svm)’ /proc/cpuinfo

In Full or HW virtualization, constant rewriting of instructions is required. To speed this up, a series of modifications can be made to the guest OS so that it can communicate with the host OS and execute privileged instructions directly without having to rewrite them. These calls are called hypercalls.

System-level virtualization:
The operating system imposes limits on the resources that each of the containers can access. Normally, the image is shared between the host and the guests, and patches are required in certain cases.

In Linux, we have several hypervisors, and the following list shows the most popular ones indicating the technology used:

  • Qemu : Emulator, Full-virtualization

  • Xen : HW-Virt, Full-virtualization, Paravirtualization, it is the only type 1 hypervisor, in reality, it is a distro with a patched kernel for virtualization (dom0), we can choose from the listings at:

    XCP is an ISO ready for use:

  • KVM /Qemu: Emulation, HW-Virt, Full-virtualization, Paravirtualization, KVM uses a modified version of QEMU as a front-end, the latter presents the virtual hw to the guest, Qemu uses KVM when the guest shares architecture with the host, if not, it will emulate it.

  • Openvz : System-level, Container, OpenVZ uses a patched kernel shared by all containers.

  • Linux-VServer : System-level, security context, uses a patched kernel shared by all security contexts.

  • LXC : System-level, container, LXC uses cgroups to isolate the containers from each other, the same kernel as the host is used.

  • UML : System-level, Guests, each operating system runs as just another application, each guest has its own kernel image ;), it is usually used to debug errors in kernel development.

NOTE: The LibVirt library allows us to manage hypervisor capabilities, give orders to the hypervisor, and monitor resources per VM. It is used by high-level software such as Proxmox, virsh, oVirt… and is compatible with:

  •     The KVM/QEMU Linux hypervisor
  •     The Xen hypervisor on Linux and Solaris hosts.
  •     The LXC Linux container system
  •     The OpenVZ Linux container system
  •     The User Mode Linux paravirtualized kernel
  •     The VirtualBox hypervisor
  •     The VMware ESX and GSX hypervisors
  •     The VMware Workstation and Player hypervisors
  •     The Microsoft Hyper-V hypervisor
  •     The IBM PowerVM hypervisor
  •     The Parallels hypervisor
  •     The Bhyve hypervisor
  •     Virtual networks using bridging, NAT, VEPA and VN-LINK.
  •     Storage on IDE/SCSI/USB disks, FibreChannel, LVM, iSCSI, NFS and filesystems

There are some hypervisors used in projects that provide us with a friendly interface for their management, the most interesting ones are shown below:

  • Docker : It relies on LXC, has a versioning system similar to GIT so we can revert to previous versions or even synchronize only the changes from one container to another. It also uses aufs, so a common part is achieved for all containers of a certain type and a dynamic part, thus the space of the static part is reused by all containers.
  • ShipYard : Container management interface using Docker.
  • CoreOS : It uses Docker as a base, it is a minimalist system designed for virtualization, when the OS is updated, packages are not updated as would be done in a traditional distro, but the snapshot of the partition is updated, being able to revert to the previous state if necessary.
  • QubeOS : It is an operating system that boots Xen-based virtual machines for groups of applications, thus isolating them from each other.
  • oVirt : Virtual machine management interface based on KVM.
  • virsh : qemu/kvm management through libvirt.
  • Xen : It is the only type 1 hypervisor under free software.
  • Xen-Orchesta : It is a quite striking graphical interface for Xen.
  • OpenStack : It supports virtualization through KVM, Xen, Hyper-V, LXC, the ideal option for large virtualization projects.
  • Proxmox : It uses QemuServer, an access interface to Qemu/KVM in addition to OpenVZ for containers, all management is through a web interface.
  • Archipel : It supports KVM, Xen, OpenVZ, VMWare uses the libvirt libraries to manage the actions to be performed and an xmpp server to communicate with the different hypervisors.

In Wikipedia, we can find an interesting table that compares most virtualization systems:

If you liked the article, you can treat me to a RedBull here