Linux-Virtual Server, an implementation of a virtual private server, was developed by adding the operating system, capabilities of level virtualization to the Kernel shell of Linux. It is created as an open-source software and distributed in the same way.
This project was begun by Jacques Gélinas. Moreover, now it is under maintenance, and responsibility lies in the hands of Herbert Pötzl from Austria. It has no relation to Linux Virtual Server project, by which network load balancing is implemented.
Linux-Virtual Server is a jail mechanism. It is highly beneficial in doing partition of the resources such as the time of CPU, file system, memory and network addresses in a safe and secure manner on a computer system. It is performed in such a way that processes are unable to mount a denial of service attack on anything which does not come under the partition.
All the partitions are known as security context and inside them, a virtualized system is there known as a virtual private server. For the purpose of descending in the security contexts, a utility is offered as a chroot. Booting process of a virtual private server is very easy; a VPS can start in just a shot in a new context of security. Similarly, when it was shut down, all the processes are killed within that security context. Security contexts are robust enough for starting most of the Linux distributions without being modified, comprises of Fedora and Debian too.
Virtual private servers are commonly used servers offered by a no. of web hosting companies. Here, space on a server is allocated to the user's website for hosting it. Here all the accounts of clients are segregated, with their pooling resources and potential security breaches, if any. The file system of each and every virtual server may be developed like a tree of copy-on-write hard links to a “template” file system, leads to saving some space on such installations. A hard link is marked with an attribute of a special filesystem and when it gets modified, it is replaced with a file's real copy in a safe, secure and transparent manner.
Linux Virtual Server offers two branches, first stable (2.2.x) and second devel (2.3.x). These branches are offered for 2.6-series of kernels and for a single branch of 2.4-series. A separate and a stable branch integrating the security patch set is also offered.
Advantages it offers
- Virtual servers are free of emulation overhead as the same system call interface is shared.
- Virtual servers do not require the support of opaque disk images, a common file system and sets of files which are common (via copy-on-write hard links) are shared. It leads to the easy system backup with pool web space among the virtual servers.
- Processes which run within the virtual server worked as a process running on a daily basis on the host system. It is quite input-output efficient and memory-efficient as compared to the whole-system of emulation, by which memory which is not used cannot be received back, or a disk cache is shared with the host and other virtual servers.
- Virtual server processes are queued on the same schedule as they act on the host, thereby permitting guests processes to run on the SMP systems on a concurrent basis. It is not trivial to implement the same with the complete system of emulation.
- Packets do not incur additional overheads because networking is not based on virtualization; it is based on isolation.
- It offers just a single kernel with small additional code-base as compared to more than 2 kernels and large interfaces which were between them.
- It offers rich scheduling features of Linux like real-time priorities.
Disadvantages it has
- Host kernel needs to be patched.
- Host kernel and a host computer is a point of failure for all the virtual servers because it does not include the capability of process migration and clustering.
- As stated above; Networking is not based on virtualization, rather than it is based on isolation. Due to this, no virtual server is unable to create its own internal routing or setup of a firewall.
- Some of the calls of a system, most of them are related to hardware, for instance, real-time clock and parts of the /sys filesystems and /proc remain unvirtualized.
- Permission is not granted to allocate disk I/O bandwidth on a per-virtual-server basis.