Stephen Soltesz
ABSTRACT
Hypervisors, popularized by Xen and VMware, are quickly becoming commodity. They are appropriate for many usage scenarios, but there are scenarios that require system virtualization with high degrees of both isolation and efficiency. Examples include HPC clusters, the Grid, hosting centers, and PlanetLab. We present an alternative to hypervisors that is better suited to such scenarios. The approach is a synthesis of prior work on resource containers and security containers applied to general-purpose, time-shared operating systems. Examples of such container-based systems include Solaris 10, Virtuozzo for Linux, and Linux-VServer. As a representative instance of container-based systems, this paper describes the design and implementation of Linux-VServer. In addition, it contrasts the architecture of Linux-VServer with current generations of Xen, and shows how Linux-VServer provides comparable support for isolation and superior system efficiency.
- Ajay Tirumala, Feng Qin, Jon Dugan, Jim Ferguson, and Kevin Gibbs. Iperf version 1.7.1. http://dast.nlanr.net/Projects/Iperf/.Google Scholar
- G. Banga, P. Druschel, and J. C. Mogul. Resource Containers: A New Facility for Resource Management in Server Systems. In Proc. 3rd OSDI, pages 45--58, New Orleans, LA, Feb 1999. Google ScholarDigital Library
- P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. Xen and the Art of Virtualization. In Proc. 19th SOSP, Lake George, NY, Oct 2003. Google ScholarDigital Library
- B. Clark, T. Deshane, E. Dow, S. Evanchik, M. Finlayson, J. Herne, and J. Matthews. Xen and the art of repeated research. In USENIX Technical Conference FREENIX Track, June 2004. Google ScholarDigital Library
- R. P. Draves, B. N. Bershad, and A. F. Forin. Using Microbenchmarks to Evaluate System Performance. In Proc. 3rd Workshop on Workstation Operating Systems, pages 154--159, Apr 1992.Google Scholar
- K. Fraser, S. Hand, R. Neugebauer, I. Pratt, A. W. eld, and M. Williamson. Safe Hardware Access with the Xen Virtual Machine Monitor. In First Workshop on Operating System and Architectural Support for the On-Demand IT Infrastructure (OASIS), Oct 2004.Google Scholar
- P.-H. Kamp and R. N. M. Watson. Jails: Confining the Omnipotent Root. In Proc. 2nd Int. SANE Conf., Maastricht, The Netherlands, May 2000.Google Scholar
- J. Katcher. Postmark: a new file system benchmark. In TR3022. Network Appliance, October 1997.Google Scholar
- I. M. Leslie, D. McAuley, R. Black, T. Roscoe, P. T. Barham, D. Evers, R. Fairbairns, and E. Hyden. The Design and Implementation of an Operating System to Support Distributed Multimedia Applications. IEEE J. Sel. Areas Comm., 14(7):1280--1297, 1996. Google ScholarDigital Library
- Linux Advanced Routing and Traffic Control. http://lartc.org/.Google Scholar
- Linux-VServer Project. http://linux-vserver.org/.Google Scholar
- B. McCarty. SELINUX: NSA's open source Security Enhanced Linux. O'Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472, USA, 2005. Google ScholarDigital Library
- L. McVoy and C. Staelin. mbench: Portable Tools for Performance Analysis. In Proc. USENIX '96, pages 279--294, Jan 1996. Google ScholarDigital Library
- S. Nabah, H. Franke, J. Choi, C. Seetharaman, S. Kaplan, N. Singhi, V. Kashyap, and M. Kravetz. Class-based prioritized resource control in Linux. In Proc. OLS 2003, Ottawa, Ontario, Canada, Jul 2003.Google Scholar
- S. Osman, D. Subhraveti, G. Su, and J. Nieh. The Design and Implementation of Zap: A System for Migrating Computing Environments. In Proc. 5th OSDI, pages 361--376, Boston, MA, Dec 2002. Google ScholarDigital Library
- V. S. Pai, P. Druschel, and W. Zwaenepoel. Flash: An efficient and portable Web server. In Proceedings of the USENIX 1999 Annual Technical Conference, 1999. Google ScholarDigital Library
- L. Peterson, A. Bavier, M. E. Fiuczynski, and S. Muir. Experiences building planetlab. In Proceedings of the 7th USENIX Symposium on Operating System Design and Implementation (OSDI '06), Seattle, WA, November 2006. Google ScholarDigital Library
- S. Potter and J. Nieh. Autopod: Unscheduled system updates with zero data loss. In Abstract in Proceedings of the Second IEEE International Conference on Autonomic Computing (ICAC 2005), June 2005. Google ScholarDigital Library
- D. Price and A. Tucker. Solaris zones: Operating system support for consolidating commercial workloads. In Proceedings of the 18th Usenix LISA Conference., 2004. Google ScholarDigital Library
- J. Regehr. Inferring scheduling behavior with hourglass. In In Proceedings of the Freenix Track of the 2002 USENIX Annual Technical Conference, June 2002. Google ScholarDigital Library
- Y. Ruan, V. S. Pai, E. Nahum, and J. M. Tracey. Evaluating the impact of simultaneous multithreading on network servers using real hardware. In SIGMETRICS '05: Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems, pages 315--326, New York, NY, USA, 2005. ACM Press. Google ScholarDigital Library
- M. M. Swift, B. N. Bershad, and H. M. Levy. Improving the reliability of commodity operating systems. ACM Trans. Comput. Syst., 23(1):77--110, 2005. Google ScholarDigital Library
- SWSoft. Virtuozzo Linux Virtualization. http://www.virtuozzo.com.Google Scholar
- Vivek Pai and KyoungSoo Park. CoMon: A Monitoring Infrastructure for PlanetLab. http://comon.cs.princeton.edu.Google Scholar
- C. Wright, C. Cowan, S. Smalley, J. Morris, and G. Kroah-Hartman. Linux Security Modules: General Security Support for the Linux Kernel. In Proceedings of the 11th USENIX Security Symposium, San Francisco, CA, Aug 2002. Google ScholarDigital Library
Index Terms
- Container-based operating system virtualization: a scalable, high-performance alternative to hypervisors
Recommendations
My VM is Lighter (and Safer) than your Container
SOSP '17: Proceedings of the 26th Symposium on Operating Systems PrinciplesContainers are in great demand because they are lightweight when compared to virtual machines. On the downside, containers offer weaker isolation than VMs, to the point where people run containers in virtual machines to achieve proper isolation. In this ...
Container-based operating system virtualization: a scalable, high-performance alternative to hypervisors
EuroSys'07 Conference ProceedingsHypervisors, popularized by Xen and VMware, are quickly becoming commodity. They are appropriate for many usage scenarios, but there are scenarios that require system virtualization with high degrees of both isolation and efficiency. Examples include ...
Virtualization-Based Operation Support Systems: Performance Evaluation and Systems Design
APNOMS '08: Proceedings of the 11th Asia-Pacific Symposium on Network Operations and Management: Challenges for Next Generation Network Operations and Service ManagementRecent advances in virtualization technologies have allowed telecommunications carriers to apply virtualization-based operation support systems. By separating logical view of computing resources from physical view, virtualization is expected to help ...
Comments