OpenVZ

January 14, 2009 by 1 Comment

What is OpenVZ?

OpenVZ is operating system-level virtualization based on a modified Linux kernel that allows a physical server to run multiple isolated instances known as containers, virtual private servers (VPS), or virtual environments (VE). The preferred term these days is container. Containers are sometimes compared to chroot or jail type environments but containers are really much better in terms of isolation, security, functionality, and resource management.

OpenVZ consists of a custom Linux kernel (available from the OpenVZ Project) and some user-level tools. OpenVZ is very portable, does not rely on VT support in the CPU, and as a result it is available for a number of CPU families including x86, x86-64, IA-64, PowerPC and SPARC.

OS-level virtualization is quite different from machine / hardware virtualization products such as VMware Server, Parallels Workstation, VirtualBox, QEMU, KVM, and Xen in that with OpenVZ you can only do Linux on Linux virtualization.

OpenVZ modifies the Linux kernel to add advanced containerization features which allow for isolated groups of processes under a parent init along with about twenty dynamic resource management parameters for controlling container resource usage. The OpenVZ Project maintains three stable kernel branches:

  1. RHEL4 / CentOS4 2.6.9 based
  2. RHEL5 / CentOS 5 2.6.18 based
  3. Vanilla 2.6.18 based

There are a number of unstable branches based on newer versions of the Linux kernel that may eventually reach stable status.

Why use OpenVZ?

Since it is relatively light weight, OS virtualization offers a number of benefits over machine / hardware virtualization:

  1. It is much more efficient
  2. It scales better
  3. It offers much greater machine density
  4. It offers a larger number of resource management parameters
  5. Resource management is dynamic so no container restart is needed

OpenVZ is able to achieve better performance (so close to native it is hard to measure a difference), scalability and density because there is a single Linux kernel running on the physical host with each container only taking up the resources necessary for running the processes / services you want inside them without all of the overhead of a full operating system. A basic container might be between 8-14 additional processes on the host node. OpenVZ can also handle more advanced applications such as huge multi-threaded Java applications with hundreds of threads / processes given the appropriate amount of container resource management configuration.

Another advantage of OpenVZ is that it offers a wide range of dynamic resource management parameters including several for memory usage, number of processes, CPU usage, disk space usage, etc… all of which may be changed while the container is running. OpenVZ also supports container disk quotas as well as (optional) user and group disk quotas within the containers.

OpenVZ offers a number of advanced features including checkpointing and container migration from one physical host to another. Migration comes in two forms:

  1. Live migration minimizes downtime (only a few seconds) and maintains machine uptime and network connections
  2. Offline migration where the machine is stopped, migrated, and then started back up again

The migration features of OpenVZ do NOT require a shared storage solution and utilizes rsync to flawlessly copy container directory structures from one physical host to another.

When NOT to use OS Virtualization

While there are a large number of usage scenarios where you would want to use OS Virtualization, there remain a few scenarios where OS Virtualization is NOT suited and machine / hardware virtualization would be preferred:

  1. When you need to run non-Linux OSes
  2. When you want to run multiple kernel versions
  3. When you need a highly customized kernel

OpenVZ History

SWsoft (now known as Parallels) initially released a product for Linux named Virtuozzo back in 2001. Their current product is named Parallels Virtuozzo Containers. In 2005 a version of Virtuozzo was released for Microsoft Windows. Also in 2005, SWsoft created the OpenVZ Project to release under a GPL 2 license the underlying technology upon which Virtuozzo builds.

While OS Virtualization does not seem to have garnered the press attention and excitement some of the machine / hardware virtualization products have gotten in recent years, having initially been released in 2001 (Virtuozzo) and 2005 (OpenVZ), they have both proven themselves to be efficient, stable, and secure workhorses on tens of thousands of servers around the world. Linux OS Virtualization (which includes Linux-VServer) is arguably the oldest and most widely deployed Linux virtualization platform to date.

OS Virtualization and OpenVZ Future

In a few presentations in 2007 and 2008 on the future of the Linux kernel, Andrew Morton identified containers as being the only thing he was certain of that was coming to the Linux kernel because there were a number of strong stake holders working on it including IBM, Google and the OpenVZ Project.

Container features started appearing in the mainline kernel starting with the 2.6.24 kernel and more have been added in subsequent releases. The joint effort is more commonly referred to as control groups (or cgroups for short) and a number of kernel subsystems have been modified (scheduler, memory management, etc) to be cgroup aware. It is not known how long it will take before the cgroup implementation in the mainline Linux kernel will be feature complete, stable, and in wide use… so it appears that OpenVZ will be around for some time to come.

There is another OS Virtualization product for Linux named Linux-Vserver. Linux-VServer is a quality product / project too but there are a number of differences between OpenVZ and Linux-VServer. Parallels / OpenVZ are working with the mainline Linux kernel developers to get container features into the mainline Linux kernel. The Linux-VServer developers are working independently and have decided that Linux-VServer will stay an out-of-tree patch for the foreseeable future. That is not to say that OpenVZ is going directly into the mainline kernel because it is not. The cgroup effort is a consensus of all of its stakeholders. It is clear however that the OpenVZ Project has contributed a lot of code to the mainline kernel.

Please follow and like us:
RSS
Follow by Email
Facebook
fb-share-icon
Twitter
Tweet

Related posts:

No related posts.

Filed Under: Virtualization
About shk

shk is a DevOps engineer with more than 12 years of experience in different organizations. He enthusiastic about learning new technologies and shares his knowledge through his blogs.

Comments

  1. GarykPatton says
    June 16, 2009 at 12:10 am

    You know so many interesting infomation. You might be very wise. I like such people. Don’t top writing.

    Reply

Comment Policy:

Your words are your own, so be nice and helpful if you can. Please, only use your real name, not your business name or keywords. Using business name or keywords instead of your real name will lead to the comment being deleted. Anonymous commenting is not allowed either. Limit the amount of links submitted in your comment. We accept clean XHTML in comments, but don't overdo it please.

Tell us what you're thinking...

All comments are moderated.

* Denotes required field.

*

CAPTCHA

*

Previous Post:
Next Post: