Quoting David Laight (david@l8s.co.uk):
>On Thu, Aug 07, 2003 at 11:57:01AM -0400, gabriel rosenkoetter wrote:
>> On Sun, Aug 03, 2003 at 08:29:57AM -0700, Bruce J.A. Nourish wrote:
>> > Apparently, lots of sysadmin/webmaster types think it's rather nifty. 
>> > You can give >20 clients the feel of a dedicated system using one machine. 
> > 
> > Uh. Only if you've actually got >20 real processors and enough RAM
> > to cover the usage.
> > 
> > Faked up, software-level partitioning schemes are functional, but
> > they simply cannot deliver on what they advertise. Just ask anyone
> > who's used an IBM mainframe with a bunch of LPARs lately.

Well, I've stuffed 30 Linux boxes on a hip-high S/390 and while they
ran slower than just one, most of the virtual machines we're all running
full blast at the same time.  And that's the temptation.

I find it excessively rare for a user or many processes to be
needing 100% of a CPU much of the time (barring Windows).  Perhaps
sharing a VAX with 30 other people taught me that.  Given that my
work is full of 8 Way V880s with 16GB of RAM or 4 Way 3GHz Compaqs,
and given that MANY of the desktops are just fine at 500MHz boxes,
my belief is that shared computing, in part, works.  Part of the
distributed computing is that I can put some work off to another
machine.


I recall a coworker looking out at rows and rows of datacenter
cabinets at a Very Large Bank.  Thousands of Suns and cabinets of
AIX boxes.  He said:
"Some day, they'll be able to fit all this into one computer."

As the pendulum swings back and forth, thousands of boxes let us
be more agile and faster than we could be on a mainframe with (key
diff) over-ritualized change management that prevented innovation
or reactions to our users needs.  However the costs of managing
those machines are bringing us (or my current job at least) towards
those same over-ritualized procedures in "distributed computing"
land.  Barring the exceptions running variations of "clustering"
software, rare is the site where the power of all our machines is
being utilized and where we couldn't use more in parts of them.

If my database is hauling ass on an 8 CPU machine and wanting more,
but 20 blades serving up web data are sitting at 90% idle and
network bound or waiting for the database.

> > Now, real partitioning al? Sun's SunFire series, that's some
> > fancy stuff.
> 
> But requires that you do actually have the >20 real processors etc...
> Why not just use simple single cpu systems!

For the record that Sun "real partitioning stuff" is a poor imitation
of the IRIX stuff that's available.  When my V480 is too small at
4 CPUs, I have to buy a new box to get more.  When my O2000 SGI is
too small, I can get another just like it and plug them together into
one large box.  Up to 512 processors in theory.  And I can knock off
a few processors for say "accounting" during the night and give them
more in the day.  Freezing a process and moving it - I don't think
Solaris lets me do that.


In the above scenario, I could have a 32CPU machine and perhaps
allocate 8 CPUs for the web servers and nGB of RAM while the
DB gets 12CPUs.  If things change, I can change without a forklift.

There are mumblings that with solid clustering and 10GB or Miranet
networks, I could spatter this over 16 2CPU machines.  Not here
yet.


But back on NetBSD - which lets me run a 266MHz Alpha as a desktop
just fine.  Virtual machines are tempting.  But there are many
things in between that are equally tempting.  That holy grail of
breaking up "root" and losing some of it's binary-ness (you've got
all power or you don't) has been a long time coming.

OpenBSD's approach has been to "de-root" many of the daemons that run
quite actively.  portmap runs as user _portmap, same for ssh and many
others.

Give me ACL access to files might be a neat thing. I recall how
nice that was to get back after a mainframe (CDC cyber-something)
had it then using VMS 3.x without it and getting it back in VMS 4.

How many of us have played group games with people jumbled around
in 14 different groups so they could see this file or that directory?

I'd rather be able to lock users into areas due to privilege than
try to manage 30 virtual machines.  It's enough to manage one machine
per virtual machine.

okay, enough topic drift....