* Gordon Waidhofer <gww@traakan.com> [1209 15:09]:
> 
>     http://linux.slashdot.org/article.pl?sid=04/12/02/2238253&from=rss

>     4. Separation. This is Linux VServer, which is a fantastic
>     project that doesn't have the publicity engine and funding
>     of a big university behind it. This isn't really virtualization
>     as much as it is separation. This approach is also shared by
>     SwSoft's Virtuozzo, FreeBSD jails and Solaris containers. Since
>     there is only one kernel in this scenario, this method is not
>     OS-independent, i.e. VServer only runs Linux, Jails are only
>     for FreeBSD, etc. Performance-wise, this approach should far
>     outrun any other method as it carries practically no overhead
>     and takes advantage of all the existing UN*X optimization. It
>     is also very secure, possibly most secure of all

I did'nt agree with this when i read it on slashdot, and still don't.

One of the big wins with xen versus jail-like approaches (this may
apply to solaris 10 containers/zones, I've not researched them much yet)
is that you can apply resource limits to a domain, so for example you
run your mysql databases in a linux xen domain and your postgresqls
in a BSD one - if one domain gets forkbombed, the others barely notice.

See the paper 'Xen and the Art of Virtualization'
(probably already posted by Thor, but doesn't hurt to repeat):

http://www.cl.cam.ac.uk/netos/papers/2003-xensosp.pdf


-- 
...and then we wrote scripts to write the configs for us, and using
these scripts, we made mistakes in a faster, more automated manner.
		- 'A Gentle Introduction to Cricket', on MRTG configuration
Rasputin :: Jack of All Trades - Master of Nuns