OpenVZ Delivers Easy Virtualization
A Virtual Primer
Understanding virtualization is not an easy thing to do. The concept of many virtual machines running on board a single physical machine sounds all well and good but to many, even in the IT field, the idea seems rather, well... virtual.
There are those who do understand the concept quite well, but even they may be hard pressed at times to find a cost- and performance-effective way to implement virtualization in their organization. It doesn't help that there are multiple approaches to virtualization--each with their own pros and cons. It was a discussion of these virtualization approaches and how his own virtualization project, OpenVZ. works that brought SWsoft's Kirill Kolyshkin to last month's Southern California Linux Expo.
Kolyshkin, the leader and project manager for the OpenVZ project, addressed the four primary areas of virtualization in his talk at SCALE. Most familiar to end-users is the hardware virtualization approach, which is used by software products such as VMWare, Bochs, and QEmu. The chief advantage of these applications is that they can pretty much run any arbitrary operating system. But the cost seems rather high: management tools are slow and complex, the tools don't scale well, and they have a low performance level.
Para-vituralization is the approach used by Xen and User Mode Linux. Kolyshkin seemed to hold this approach in higher regard, citing its performance level as being pretty good. He added that there the disadvantages, such as non-dynamic (static) resource allocation, poor scalability and manageability, and the need to run said software on a modified host operating system.
Kolyshkin had very little interest in describing multi-server virtualization, which is an approach used for such implementations as storage virtualization with distributed filesystems. It was the fourth category, operating system level virtualization, that held the most interest. Little wonder, since this is where the OpenVZ Project lives. Other products in this space include FreeBSD jails, Linux vservers, and Solaris Zones. Natually, Kolyshkin highlighted the advantages of OS-level virtualization; specifically, native-level performance, dynamic resource allocation, and the strongest scalability capabilities. He admitted to the audience the chief disadvantage of this class of virtualtization products: they were limited to one single kernel per physical server.
This seeming limitation is where OpenVZ tries to distinguishes itself from the other OS-level virtualization projects. Kolyshkin emphasized that resource management of that single kernel is approached differently by the OpenVZ project.
It seems to be working well. In a demonstration, Kolyshkin was able to create and take down whole virtual machines in seconds from the command line of of his demonstration machine. The management software, vzctl, was even installed on a borrowed machine (Kolyshkin's personal laptop was inoperable before the presentation) running Xandros--a distro not officially supported by OpenVZ.
The ease of use and speed of OpenVZ should help potential users figure out what they can use virtualization for. The historical uses include server consolidation and development/testing, but the OpenVZ virtual machines are so simple to set up, various security, training, and hosting implementations come very quickly to mind as well. During the demonstration, it was not hard to imagine a scenario where a virtual machine could be set up with a deliberately open (and "broken") service that would act as an attractive honeypot to crackers.
OpenVZ was actually born as a commercial product first, as SWsoft's Virtuozzo, which Kolyshkin worked on soon after coming on board SWsoft in 2000, following work on an open source database for the company. Virtuozzo, which just released its 3.0 for Linux version last December, contains the core virtualization engine that was released to the OpenVZ Project in September. Changes made to the OpenVZ Project, therefore, will ultimately find their way back to the Virtuozzo product.
OpenVZ also has a dual-nature in its licensing structure. The core elements of the software fall under the GPL, but the Q Public License holds the user-level management tools. According to the QPL's Wikipedia entry, "the main difference between GPL and QPL is that QPL forces the software developer to provide the source code, if in any way it links with QPL'd code (a library for example), even if the QPL'd code is not distributed with the software developer's code."
SWsoft chose this dual-license schema to maintain control of its user-level code, likely because of OpenVZ's connection to its sister commercial product.
Licensing issues aside, the biggest advantage of OpenVZ may be its close ties to the Linux kernel. Currently OpenVZ is written to the 2.6.8 kernel, which is a bit antiquated in Linux terms (the current stable kernel version is 2.6.15, with development at 2.6.16-rc5). Kolyshkin outlined plans to formally integrate OpenVZ into the mainline kernel development tree. Parts of OpenVZ's code have already been merged into the Linux kernel, but Linus Torvalds has publicly indicated that he and his development team will integrate whatever virtualization tools best fit into Linux.
Obviously, Kolyshkin hopes this will include most, if not all, of OpenVZ's code. But even if it doesn't, the parts and pieces from other virtualization technologies will be open by the simple virtue of being int the kernel code. "Better code will eventually be merged into the kernel, and we will use it, even if its not ours."