[CoLoCo] XEN and QEMU

[Ringo Kamens]

Thanks for all of that information! I have a few more questions. The
reason I'm looking into this is to set up a tor secure desktop type
thingey. Even though it's secure to run things through tor or a VPN or
something, if there is a zero-day in Firefox then the remote attacker
might be able to view the files on your drive and have something to
identify you with or install a trojan or something. My idea would be
to run a VM so even if firefox etc. had a zero-day, the attacker
wouldn't be able to do anything because I would be running from a disk
image. If I used xen, since I'm running a 64-bit vm on a 64-bit
processor, it sounds like it would be faster. Would I still get that
separation of the OSes I'm looking for?
Thank you,
Comrade Ringo Kamens

On Mon, Jun 9, 2008 at 9:43 AM, Kevin Fries <kfries at cctus.com> wrote:
> On Sun, 2008-06-08 at 21:17 -0400, Ringo Kamens wrote:
>> I am currently running the most recent ubuntu on AMD64 and I want to
>> run a virtual machine from within it using Xen or QEMU. I'm new to
>> this field, so I have a few questions. I looked at the wikipedia
>> entries for both of them but I don't exactly get how they are
>> different. If I'm going to be running a 64-bit virtual machine on a
>> 64-bit processor, is there any which will be inherently better? How
>> about a 32-bit virtual machine on a 64-bit processor? Also, how does
>> networking work for these, ie does it just route through an interface
>> I configure on my host machine to forward traffic?
>> Thanks for any help you can give me,
>
> When it comes to virtualization, you essentially have four options:
>
> 1) QEMU/KVM - This is the grand daddy of virtualization.  It is an old
> and mostly stable product that is not always going to be your fastest
> option.  The biggest advantage of QEMU is that you can emulate different
> CPU types.  Therefore, unlike any of the other options mentioned here,
> you can emulate a PPC and run Mac OS/9 or emulate an ARM based
> processor.  The KVM variety bypasses much of this cross platform for
> x86, and runs kernel level optimizations.  In order for this to work,
> your kernel must have VM support.  With either flavor, every VM will
> look like just any other program to the underlying OS.
>
> 2) XEN - Xen is different from all the others in that it is what is
> known as a hypervisor.  In this case, You have one core that all VMs can
> share.  Then the OS in each of the VMs can operate in a stack above
> that.  In this case, there is a blurring of the lines between the host
> and guest operating systems.  While not a fair analogy, you could think
> of the other VMs in this each having their own process, while Xen treats
> them almost more like threads.  Much faster and more efficient... that
> is when everything plays nice.  If the guest OS is Xen aware, all is
> good, but when it is not, then you must resort to processor level
> support to handle non-Xen aware operating systems, such as Windows.
> Microsoft has been working hard with XenSource to get Windows to be Xen
> aware, and Vista was supposed to be the first MS OS to be so... Like
> everything other than Aero, it did not make it.  Lets hold out hope for
> Windows 7 (8? maybe 9, lol)
>
> There are also two other major players in the virtualization world you
> did not mention.  The two above only work with Linux as a host, and
> Windows is always a spotty proposition.  The remainder of this are not
> open source, but are free to use, and have a strong commitment to the
> Linux community.
>
> 3) VMWare - This is the 800lb gorilla when you are talking virtual
> machines.  This product just flat works.  Guaranteed, you can have a
> server set up in minutes rather than hours or days.  If I had to pick an
> annoyance on VMWare, it is that the driver needs to be recompiled every
> time you upgrade your kernel.  It takes just a minute to do, but I
> really wish it would happen automatically (KVM also has this issue if
> the driver is not distributed in binary form).  The greatest advantage
> to this product is that you will be able to find much more support for
> this, than any other product, including both David and I on this list,
> we are both heavy users of VMWare.  If your project has the posibility
> of going commercial or large scale, this is probably your only real
> choice.  The commercial packages have some serious feature sets that are
> unmatched.  This is my choice for servers running multiple VMs to
> provide services to end users.
>
> 4) VirtualBox - This is an excellent product with some great unique
> features.  It is owned by Sun Microsystems, and is used in Solaris 10 as
> their underlying VM engine... so you know this thing is rock solid.
> There are three versions of this product: OSE; the limited free version;
> and the commercial version.  The OSE is far too feature restricted for
> me to advise.  As for the commercial version, I think you would be
> better off with VMWare.  But the free non-FOSS version is terific!  In
> my opinion the best of the bunch, and the one I use for my day to day
> use (I run a VM on demand of Windows XP that when started blends in with
> my Ubuntu desktop, and provides a popup start bar for Windows Start
> menu).  This is my choice for running on desktop machines... Seamless
> mode is worth the free admission alone.
>
> In addition their is one new comer to the party:
>
> 5) Parallells - This product has been available to Mac users for some
> time.  It has been very popular their.  Recently they have ported to
> Windows, then to Linux.  I have no experience with this program, so can
> neither endorse or advise against it.
>
> I hope this rundown will help you make a well informed decision that
> will help you accomplish your goals.
>
> --
> Kevin Fries
> Senior Linux Engineer
> Computer and Communications Technology, Inc
> A Division of Japan Communications Inc.
>
> --
> Ubuntu-us-co mailing list
> Ubuntu-us-co at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-us-co
>