KVM vs. Xen?


Folks,

responding to an article on virtualization.info:

KVM is a type-2 hypervisor, Xen is a type-1 hypervisor. So, there is NO apples-to-apples comparison here, you're comparing apples-to-peaches.

Where's the difference?

With KVM ALL your "guests" run in the SAME user-space (there is only one kernel, namely Linux!), and therefore attacking one "guest" from a different "guest" seems way easier then with Xen, where they do get completely separate environments. You would need to HACK into the Xen microkernel to have access, whereas with KVM you have all access directly from your Linux-login.

Is that, what you want? One single unpriviliged user (or any other user!) being able to influence your "guest"? I bet, you don't like that!

If you want to compare KVM with VMware Workstation, Fusion, Parallels, VirtualBox, ok, that would be the right comparison. But nobody does do this comparison. Why?

Because Linux after all still doesn't seem to be "ready for the DataCenter"... OK; I'm making it easy (oversimplifying), but that thinking, expressed in KVM vs. Xen totally ignores many important points that are relevant in datacenters. These do not apply to Laptops, and that's still seemingly the domain of Linux...

Please, start thinking... (I do not want to discredit Linux, but the comparing of apples-and-peaches in this case really is sadening...)

Matthias
Kommentare:

I don't get your point. In both cases, each guest has its own kernel and userspace. All guest are run by hypervisor, Xen kernel or Linux kernel in case of KVM. Hacking Xen hypervisor is as plausible as hacking Linux console running KVM. Maybe you are confusing KVM with containers (like Zones, UML, OpenVZ etc?).
Additionaly, KVM is secured by SELinux policy, it's called sVirt. Do Xen have similar protection?

Gesendet von Tomasz am April 17, 2009 at 04:46 PM MESZ #

I guess, you know the difference between a Type-1 and a Type-2 hypervisor: Type-2 do require an OS, whereas Type-1 run on "bare-metal".

KVM is a Type-2 hypervisor, as it requires Linux, and uses Linux kernelland parts (the scheduler, for example!).

You are right with the GUESTS, still, in KVM-environments, the GUESTS do NOT run totally separate, they depend on the shared usage of parts the the Linux kernel. So, USERLAND processes in the Linux in a KVM enviroment CAN AFFECT the behavior of the multiple different GUESTS running in KVM.

So, as a linux kernel is way bigger then Xen microkernel, the PROBABILITY and therefore the POSSIBILITY is larger then with Xen.

I do not have anything against KVM nor Linux, BUT: I doubt, that KVM should belong into large virtual environments in large datacenters. With the same argument, as you would not run such large virtualized environments in VMware WORKSTATION.

Gesendet von Matthias Pfuetzner am April 20, 2009 at 02:37 AM MESZ #

Senden Sie einen Kommentar:
Kommentare sind ausgeschaltet.
About

user13366129

Search

Archives
« April 2014
MoDiMiDoFrSaSo
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
    
       
Heute