This preview shows pages 1–2. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: Virtual Doppelganger: On the Performance, Isolation, and Scalability of Para- and Paene- Virtualized Systems Stephen Soltesz*, Marc E. Fiuczynski*, Larry Peterson*, Michael McCabe+, Jeanna Matthews+ *Department of Computer Science, Princeton University +Department of Computer Science, Clarkson University Abstract Paravirtualization, popularized by the Xen hyper- visor, is quickly expanding into commodity mar- kets, with many in the IT sector considering it for a variety of purposes. It is appropriate for many usage scenarios, yet for those requiring strong iso- lation and good performance and high scalability there is at least one often overlooked alternative, which we call paene virtualization 1 Paenevirtual- ized systems are general-purpose, time-shared OSs retrofitted with abstractions to provide both name- space isolation and resource isolation. Examples of such systems include HP UX 11i Secure Re- source Partitions, and Solaris 10 Zones, Virtuozzo for Linux, and Linux Vservers. Both approaches to virtualization provide better isolation than traditional time-shared systems, but to a regular user, there is little tangible difference between the two; at a superficial level, one appears as a virtual doppelganger of the other. Of course there are differences, and this paper digs below the surface to report on their strengths and weaknesses in terms of performance, scalability, and isolation. 1 Introduction Operating systems face a fundamental tension between providing isolation and sharing among applicationsthey simultaneously support the il- lusion that each application has the physical ma- chine to itself, yet let applications share objects (e.g., files, pipes) with each other. Todays operating 1 Paene is Latin for nearly and pronounced just like the pasta. systems designed for personal computers, adapted from earlier time-sharing systems, typically provide a relatively weak form of isolation (the process ab- straction) with generous facilities for sharing (e.g., a global file system and global process ids). In contrast, hypervisors strive to provide strong isola- tion between virtual machines (VMs), providing no more support for sharing between VMs than the net- work provides between physical machines. The point on the design spectrum supported by any given system depends on the workload it is de- signed to support. Workstation OSs generally run multiple applications on behalf of a single user, making it natural to favor sharing over isolation. Hypervisors are often designed to let a single ma- chine host multiple unrelated applications, possibly running on behalf of independent organizations, as might be the case in a hosting or utility data center....
View Full Document
This note was uploaded on 03/01/2012 for the course CMP 426 taught by Professor Gwangs.jung during the Spring '12 term at CUNY Lehman.
- Spring '12