OpenVZ and XEN virtualization technology insight and comparison
Virtualization is a widely used technology nowadays. A whole set of hosting plans is based on it – the so-called Virtual Private Servers (VPS). They allow steady transition from regular shared to the most powerful dedicated solutions. While big projects may require the power of an independent dedicated server, some personal and small-to-medium businesses may not need such resources at high costs at first. At the same time the needs of such customers may not be satisfied with what regular shared hosting has to offer due its nature . Unlike shared hosting, V PS allows full isolation from other users on the host server. It provides full control over the account (i.e. root access), remote reboots and system restore.
Nowadays various approaches and implementations of virtualization exist. In this article we will compare two most widely used virtualization engines: OpenVZ and Xen. The main goal of the article is to provide basic concept, and outline the differences and similarities of the two engines.
As defined by Wikipedia virtualization is a term that refers to the abstraction of computer resources. In case of VPS hosting plans, platform virtualization is used. Its idea is to separate an operating system (OS) from hardware it is being run on. With no virtualization applied, normally only one operating system can be run on one set of hardware at the same time. As depicted in the Figure 1, every server composed of a definite hardware set can simultaneously run only one OS, however, if the virtualization technology is applied, one achieves the ability to have numerous OSs run on single set of hardware at the same time:
As we can see, the virtualization is used to create an independence from the hardware for an OS. Virtualization software not only allows to run several OSs on the hardware, but also separates the resources a single OS is consuming. This way various quotas for CPU, RAM, HDD I/O and such can be defined for a single OS. Quota based isolation increases the utilization of a single dedicated server by dividing resources of the latter into smaller chunks. This is quite efficient as it decreases the cost of a single VPS and, at the same time, provides new unique features to the user.
In order to understand how virtualization works let’s consider its structure (see Figure 2 ). As we can see form the figure, main idea of virtualization is creating a special interaction layer (Virtualization layer) between the hardware and OS which acts as a resource isolator and manager at the same time:
Figure 2 Basic structure of virtualization. Source: http://desktop-virtualization.com
Figure 2 shows a special case when the virtualization layer is placed directly on top of the hardware (architecture) and then the OSs are installed on top of the virtualization layer. Consequently, the applications such as Apache Web Server and MySQL server are run on top of the OS and do not interact with the applications run on the other OSs. This way the depletion of resources given to one OS does not influence the performance of the other OSs on the hardware carrier server. Such isolation eliminates the possibility of overloads caused by other users on the carrier. This kind of virtualization can be referred to as to a Paravitualization.
As defined by Wikipedia paravirtualization is a virtualization technique that presents a software interface to virtual machines that is similar but not identical to that of the underlying hardware. This technique is used in the XEN virtual engine. Paravirtualization has a number of limitations, one of which being a special need for slight modification of the OS kernel in order to teach it to use the instructions given by virtualization layer. Such need, however, can be avoided by utilization of special processors supporting the hardware assisted virtualization technology. A processor with such capability can help the software virtualization layer to perform the abstraction. This way no modification is required to be performed to the OS, and therefore any proprietary software like Microsoft Windows can be run on the virtualization layer. Not only it allows for running of proprietary technologies, but it also lets using the original form of the OS which can be important for a number of applications run on it.
Operating system-level virtualization
Paravirtualization is not the only type of the virtualization used in hosting industry. Another widely used type is Operating system-level virtualization (OSLV). This kind is defined In Wikipedia as a method where the operating system allows for multiple user-space instances (virtual hosting, chroot jail + resource management). This means ,that only one OS with only one kernel is running on the server. OS is modified in such a way that it allows for creation of so-called containers which appear as a separate OS entity to the user and software within that container. This can be depicted as shown in the Figure 3:
This type of virtualization is implemented in the OpenVZ engine. Resource sharing in such structure differs from the paravirtualization. In the latter technology the resources are firmly distributed on the virtualization level, and no sharing takes place. In the OSLV all containers (VPSs) are running in the same environment. The resources of each one are assigned and limited. However, there is a certain amount of the resources that is kept for sharing within the host OS and is not assigned to any specific VPS. If such resources are not occupied by host system, any VPS can use them if necessary. An example can be given in terms of a burstable RAM. There is a guaranteed RAM quota VPS always has, and there is also a top limit of burstable RAM this VPS can also use in case the system has any additional free RAM besides the amount already guaranteed and provided.
In OSLV all containers run inside a single host system. Each container emulates an OS within itself, but it can only emulate the OS kernel which is similar to the one the container itself is running in. This is a great limitation. OpenVZ is run on Linux OSs. Therefore, the only OS that can be installed in the containers within the carrier is of Linux. This way usage of FreeBSD is simply not possible within the OpenVZ based VPS. At the same time, there is no problem using FreeBSD in a paravirtualized environment like Xen.
Xen vs OpenVZ
Figure 4 Xen paravirtualization architecture. Source: http://uberhip.com
Xen is a virtualization engine (to be exact it is a virtual-machine monitor) for x86, x86-64, Itanium and PowerPC platforms. On number of processor a paravirtualization technique is applied by Xen. This means that the operation systems run on Xen are modified in order to achieve high performance on a wide range of hardware architectures, which are initially not intended for virtualization technologies. The architecture of Xen is presented in Figure 4.
Xen uses one privileged OS to control the hardware resources. This privileged OS must be a Unix based one (e.g. Linux, FreeBSD etc.). In the latest versions of Xen the following OSs can be run as guest ones:Linux, Minix, Plan 9 from Bell Labs, NetBSD, OpenBSD, FreeBSD, OpenSolaris, NetWare, GNU/Hurd/Mach, OZONE.
Figure 5 OpenVZ operating system-level virtualization architecture.
OpenVZ is an open-source virtualization engine on the x86, x86_64, and IA64 processors. OpenVZ, itself, is built on top of Linux. Unlike Xen’s paravirtualization technique, with OSLV virtualization the operating environment is virtualized instead of the hardware. Thus, while there is only one operating system kernel, multiple programs run in isolation from each other within the single OS instance. The basic architecture of OpenVZ is shown in the Figure 5. OpenVZ project manager Kir Kolyshkin said in a statement about its architecture:
“Unlike hypervisor-based virtualization technology [such as Xen and VMware], OpenVZ is extremely easily portable across different architectures, since 95 percent of the code is platform-independent. With the port to Power, we’ve opened the door for another segment of the user community to benefit from our open source virtualization software”.
Differences and Similarities.
Both system present the user with the following benefits:
- increased utilization
- rapid provisioning
- dynamic fault tolerance against software failures (through rapid bootstrapping or rebooting)
- hardware fault tolerance (through migration of a virtual machine to different hardware)
Additionally both Xen and OpenVZ provide the the ability to securely separate virtual operating systems. However, this feature is implemented through different techniques in these two virtualization solutions. Xen provides full fixed isolation, where the initially assigned quotas are kept throughout the entire functioning period, and additional request for memory are processed using the swap space on the HDDs. OpenVZ ,on the other hand, provides semi-dynamical assignment of resources. Such terms as burstable RAM and resources exist on OpenVZ. Therefore, unlike the case with Xen, VPSs based on OpenVZ may also take advantage of the free resources of the server. This can result in better utilization of the resources of the carrier hardware.
The virtualization overhead observed in both OpenVZ and Xen is limited. Various opinions exist on the difference in performance between the two. However, in both cases the performance levels of virtualized environment, as compared to the real hardware, are of acceptance-quality level. Specific figures depend on a great number of factors and cannot be summed up for the general conclusion.
Unlike OpenVZ, XEN has the ability to support legacy software as well as new OS instances on the same computer. That means that proprietary systems can be installed on Xen based carrier without any additional modification if hardware assisted virtualization is used. OpenVZ provides compatibility only in frame of the alike kernel, such as various distributions of Linux OSs.
Both provide great and relatively equal check pointing and live migration options.
Both engines are based on the Unix OSs, therefore they have great scalability. For example in case of OpenVZ which employs a single kernel model, it is as scalable as the Linux kernel. Such kernel supports up to 64 CPUs and up to 64 GB of RAM. (on 32-bit with PAE) A single container can scale up to the whole physical system, i.e. use all the CPUs and all the RAM.
Peculiarity of OpenVZ is the mass management support. An administrator (i.e. root) of an OpenVZ physical server (carrier) can see all the running processes and files of all the containers on the system. That makes mass management scenarios possible. Let’s look into the case in which Xen is used for server consolidation: in order to apply a security update to 10 virtual servers, an administrator is required to log in into each one and run an update procedure. Since VPSs are normally indented for different users with their own projects, this is not an issue for Xen based virtualization. However, the fact that with OpenVZ a simple shell script can update all containers at once greatly eases the management of the entire system.
Virtualization basics as well as the main principles of two fundamentally different virtualization solutions have been described in this post. It is obvious that both projects are outstanding virtualization systems and provide host industry with sufficient number of features to support an entire type of VPS plans. Each of the engines is aimed at solving specific set of tasks, which they successfully do. Xen is a technology mainly aimed at providing the maximum approach to the full virtualization and full separation of virtual machines on the hardware carrier. It is also aimed at supporting the maximum range of existing operating systems. OpenVZ, on the other hand, is a system specifically aimed at Linux based virtual environments. It provides good dynamic resource sharing and isolation tools, which leads to higher server utilization figures. Both engines show great performance.