Operating system-level virtualization
Encyclopedia
Operating system-level virtualization is a server virtualization method where the kernel of an operating system
allows for multiple isolated user-space instances, instead of just one. Such instances (often called containers, VEs, VPSs or jails) may look and feel like a real server, from the point of view of its owner. On Unix systems, this technology can be thought of as an advanced implementation of the standard chroot
mechanism. In addition to isolation mechanisms, the kernel often provides resource management features to limit the impact of one container's activities on the other containers.
environments, where it is useful for securely allocating finite hardware resources amongst a large number of mutually-distrusting users. System administrators may also use it, to a lesser extent, for consolidating server hardware by moving services on separate hosts into containers on the one server.
Other typical scenarios include separating several applications to separate containers for improved security, hardware independence, and added resource management features.
OS-level virtualization implementations that are capable of live migration
can be used for dynamic load balancing of containers between nodes in a cluster.
interface and do not need to be subject to emulation
or run in an intermediate virtual machine, as is the case with whole-system virtualizers (such as VMware
and QEMU
) or paravirtualizers
(such as Xen
and UML
). It also does not require hardware assistance to perform efficiently.
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
allows for multiple isolated user-space instances, instead of just one. Such instances (often called containers, VEs, VPSs or jails) may look and feel like a real server, from the point of view of its owner. On Unix systems, this technology can be thought of as an advanced implementation of the standard chroot
Chroot
A chroot on Unix operating systems is an operation that changes the apparent root directory for the current running process and its children. A program that is run in such a modified environment cannot name files outside the designated directory tree. The term "chroot" may refer to the chroot...
mechanism. In addition to isolation mechanisms, the kernel often provides resource management features to limit the impact of one container's activities on the other containers.
Uses
Operating system-level virtualization is commonly used in virtual hostingVirtual hosting
Virtual hosting is a method for hosting multiple domain names on a server using a single IP address. This allows one server to share its resources, such as memory and processor cycles, in order to use its resources more efficiently....
environments, where it is useful for securely allocating finite hardware resources amongst a large number of mutually-distrusting users. System administrators may also use it, to a lesser extent, for consolidating server hardware by moving services on separate hosts into containers on the one server.
Other typical scenarios include separating several applications to separate containers for improved security, hardware independence, and added resource management features.
OS-level virtualization implementations that are capable of live migration
Live Migration
Live migration allows a server administrator to move a running virtual machine or application between different physical machines without disconnecting the client or application...
can be used for dynamic load balancing of containers between nodes in a cluster.
Overhead
This form of virtualization usually imposes little or no overhead, because programs in virtual partition use the operating system's normal system callSystem call
In computing, a system call is how a program requests a service from an operating system's kernel. This may include hardware related services , creating and executing new processes, and communicating with integral kernel services...
interface and do not need to be subject to emulation
Emulator
In computing, an emulator is hardware or software or both that duplicates the functions of a first computer system in a different second computer system, so that the behavior of the second system closely resembles the behavior of the first system...
or run in an intermediate virtual machine, as is the case with whole-system virtualizers (such as VMware
VMware
VMware, Inc. is a company providing virtualization software founded in 1998 and based in Palo Alto, California, USA. The company was acquired by EMC Corporation in 2004, and operates as a separate software subsidiary ....
and QEMU
QEMU
QEMU is a processor emulator that relies on dynamic binary translation to achieve a reasonable speed while being easy to port on new host CPU architectures....
) or paravirtualizers
Paravirtualization
In computing, paravirtualization is a virtualization technique that presents a software interface to virtual machines that is similar but not identical to that of the underlying hardware....
(such as Xen
Xen
Xen is a virtual-machine monitor providing services that allow multiple computer operating systems to execute on the same computer hardware concurrently....
and UML
User-mode Linux
User-mode Linux enables multiple virtual Linux systems to run as an application within a normal Linux system...
). It also does not require hardware assistance to perform efficiently.
Flexibility
Operating system-level virtualization is not as flexible as other virtualization approaches since it cannot host a guest operating system different from the host one, or a different guest kernel. For example, with Linux, different distributions are fine, but other OS such as Windows cannot be hosted. This limitation is partially overcome in Solaris by its branded zones feature, which provides the ability to run an environment within a container that emulates an older Solaris 8 or 9 version in a Solaris 10 host. (a Linux branded zone was also announced but later abandoned).Storage
Some operating-system virtualizers provide file-level copy-on-write mechanisms. (Most commonly, a standard file system is shared between partitions, and partitions which change the files automatically create their own copies.) This is easier to back up, more space-efficient and simpler to cache than the block-level copy-on-write schemes common on whole-system virtualizers. Whole-system virtualizers, however, can work with non-native file systems and create and roll back snapshots of the entire system state.Implementations
Mechanism | Operating system | License | Available since/between | Features | |||||||
---|---|---|---|---|---|---|---|---|---|---|---|
File system isolation | Copy on Write | Disk quotas | I/O rate limiting | Memory limits | CPU quotas | Network isolation | Partition checkpointing and live migration |
||||
chroot Chroot A chroot on Unix operating systems is an operation that changes the apparent root directory for the current running process and its children. A program that is run in such a modified environment cannot name files outside the designated directory tree. The term "chroot" may refer to the chroot... |
most UNIX-like Unix-like A Unix-like operating system is one that behaves in a manner similar to a Unix system, while not necessarily conforming to or being certified to any version of the Single UNIX Specification.... operating systems |
Proprietary Proprietary software Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary... BSD GNU GPL GNU General Public License The GNU General Public License is the most widely used free software license, originally written by Richard Stallman for the GNU Project.... CDDL |
1982 | ||||||||
iCore Virtual Accounts ICore Virtual Accounts iCore Virtual Accounts is free download OS level virtualization for Microsoft Windows XP.-Program:The program is an isolated virtual machine that runs on top of the existing hardware and operating system... |
Windows XP Windows XP Windows XP is an operating system produced by Microsoft for use on personal computers, including home and business desktops, laptops and media centers. First released to computer manufacturers on August 24, 2001, it is the second most popular version of Windows, based on installed user base... |
Proprietary/Freeware Proprietary software Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary... |
2008 | ||||||||
Linux-VServer Linux-VServer Linux-VServer is a virtual private server implementation that was created by adding operating system-level virtualization capabilities to the Linux kernel. It is developed and distributed as open source software.The project was started by Jacques Gélinas... (security context) |
Linux Linux Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds... |
GNU GPL v.2 GNU General Public License The GNU General Public License is the most widely used free software license, originally written by Richard Stallman for the GNU Project.... |
2001 | ||||||||
LXC LXC LXC is an operating system-level virtualization method for running multiple isolated Linux systems on a single control host... |
Linux Linux Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds... |
GNU GPL v.2 GNU General Public License The GNU General Public License is the most widely used free software license, originally written by Richard Stallman for the GNU Project.... |
2008 | . Yes with Btrfs Btrfs Btrfs is a GPL-licensed copy-on-write file system for Linux.Development began at Oracle Corporation in 2007.... . |
. Yes with LVM Logical Volume Manager (Linux) LVM is a logical volume manager for the Linux kernel; it manages disk drives and similar mass-storage devices, in particular large ones. The term "volume" refers to a disk drive or partition thereof... or Disk quota Disk quota A disk quota is a limit set by a system administrator that restricts certain aspects of file system usage on modern operating systems. The function of using disk quotas is to allocate limited disk space in a reasonable way.-Types of quotas:... . |
||||||
OpenVZ OpenVZ OpenVZ is an operating system-level virtualization technology based on the Linux kernel and operating system. OpenVZ allows a physical server to run multiple isolated operating system instances, known as containers, Virtual Private Servers , or Virtual Environments... |
Linux Linux Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds... |
GNU GPL v.2 GNU General Public License The GNU General Public License is the most widely used free software license, originally written by Richard Stallman for the GNU Project.... |
2005 | ||||||||
Parallels Virtuozzo Containers | Linux Linux Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds... , Windows, Mac OS X Mac OS X Mac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, has been included with all new Macintosh computer systems... |
Proprietary Proprietary software Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary... |
2001 | ||||||||
Container/Zone Solaris Containers Solaris Containers is an implementation of operating system-level virtualization technology for x86 and SPARC systems, first released publicly in February 2004 in build 51 beta of Solaris 10, and subsequently in the first full release of Solaris 10, 2005.It is present in newer OpenSolaris based... |
Solaris Solaris Operating System Solaris is a Unix operating system originally developed by Sun Microsystems. It superseded their earlier SunOS in 1993. Oracle Solaris, as it is now known, has been owned by Oracle Corporation since Oracle's acquisition of Sun in January 2010.... and OpenSolaris OpenSolaris OpenSolaris was an open source computer operating system based on Solaris created by Sun Microsystems. It was also the name of the project initiated by Sun to build a developer and user community around the software... |
CDDL | 2005 | . Yes with ZFS | |||||||
FreeBSD Jail FreeBSD Jail The FreeBSD jail mechanism is an implementation of operating system-level virtualization that allows administrators to partition a FreeBSD-based computer system into several independent mini-systems called jails.... |
FreeBSD FreeBSD FreeBSD is a free Unix-like operating system descended from AT&T UNIX via BSD UNIX. Although for legal reasons FreeBSD cannot be called “UNIX”, as the direct descendant of BSD UNIX , FreeBSD’s internals and system APIs are UNIX-compliant... |
BSD | 1998 | (ZFS) | |||||||
sysjail Sysjail sysjail is a now-defunct user-land virtualiser for systems supporting the systrace library - as of version 1.0 limited to OpenBSD, NetBSD and MirOS... |
OpenBSD OpenBSD OpenBSD is a Unix-like computer operating system descended from Berkeley Software Distribution , a Unix derivative developed at the University of California, Berkeley. It was forked from NetBSD by project leader Theo de Raadt in late 1995... , NetBSD NetBSD NetBSD is a freely available open source version of the Berkeley Software Distribution Unix operating system. It was the second open source BSD descendant to be formally released, after 386BSD, and continues to be actively developed. The NetBSD project is primarily focused on high quality design,... |
BSD | - no longer supported as of 03-03-2009 | ||||||||
WPARs Workload Partitions AIX Workload partitions are a software implementation of operating system-level virtualization technology introduced in the IBM's AIX 6.1 operating system that provides application environment isolation and resource control.... |
AIX | Proprietary Proprietary software Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary... |
2007 | ||||||||
HP SRP | HPUX | Proprietary Proprietary software Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary... |
2007 | ||||||||
Sandboxie Sandboxie Sandboxie is a proprietary sandbox-based isolation program developed by Ronen Tzur, for 32- and 64-bit Windows NT-based operating systems. It creates a sandbox-like isolated operating environment in which applications can be run or installed without permanently modifying the local or mapped... |
Windows | Shareware Shareware The term shareware is a proprietary software that is provided to users without payment on a trial basis and is often limited by any combination of functionality, availability, or convenience. Shareware is often offered as a download from an Internet website or as a compact disc included with a... |
See also
- Platform virtualization
- Application virtualizationApplication VirtualizationApplication virtualization is an umbrella term that describes software technologies that improve portability, manageability and compatibility of applications by encapsulating them from the underlying operating system on which they are executed. A fully virtualized application is not installed in...
- Storage HypervisorStorage hypervisorIn computing, a storage hypervisor is a portable software program that runs on a physical hardware platform, on a virtual machine, inside a hypervisor OS or in all three places. It may co-reside with virtual machine supervisors or have exclusive control of its platform...
- HypervisorHypervisorIn computing, a hypervisor, also called virtual machine manager , is one of many hardware virtualization techniques that allow multiple operating systems, termed guests, to run concurrently on a host computer. It is so named because it is conceptually one level higher than a supervisory program...
- Portable application creatorsPortable application creatorsPortable application creators allow the creation of portable applications . They usually use application virtualization.- Creators of independent portable applications :...