On Tue, 2009-08-11 at 11:23 +0200, Rik Bobbaers wrote:
> naaah... vserver is just too perfect for me. i'm the operator, fuck what
> the rest wants! ;)
>
> grtz...
>
> Rik Bobbaers
>
> -- http://harry.enzoverder.be
> linux/unix/system/network/security/hardware/DR admin
>
> > On 11/08/2009, at 09.28, Rik Bobbaers wrote:
> >
> >> just my 2 cents here...
> >>
> >> if i say: i want to run X in a guest
> >> then the sollution: just run X on the host... is NOT a sollution.
> >> Since
> >> that's not what i want!
> >>
> >> it's like saying: i want to walk to the grocery store, but don't know
> >> which way to go
> >> and someone says: take the car
> >>
> >> it's possible, but not a sollution to a problem!
> >> and all to often i see that kind of sollution pass here.
> >>
> >> e.g. i want to rent a guest "machine" to people but can't be
> >> bothered with
> >> how/what they firewall, then i want them to be able te make sure it's
> >> firewalled (or not). and i don't care if that's bad practice or not. i
> >> just want iptables in my guests and that 's not possible with vserver
> >> (which i can imagine, is a "problem" for some people)
> >
> > Maybe you should use one of those less efficient virtualisation
> > technologies then.
> >
> >
>
Hmm . . . I stopped following this discussion after the first few
interchanges and have been surprised at its persistence. I guess I can
see why now.
Yes, sometimes the vserver project comes across as more focused on the
technology than the solution but they are an excellent bunch with
excellent ideas, fabulous technology, an incredible willingness to help
everyone even outside of vserver and do it all for free. Thank you
vserver folks.
Perhaps this is really a case of using the correct tool. That's why
there are so many choices in the world of IT - it's a constant balance
of customizing parameters and solutions to meet different needs - that's
what integrators do - constant tradeoffs.
In our environment, we use vserver wherever possible because of its
extraordinary resource efficiency. However, there are some tasks that
are better done elsewhere. Whenever we need Windows virtualization, we
use KVM instead. Whenever we need more rights to the underlying OS than
we are comfortable giving via vserver capabilities, we use KVM, e.g.,
our OpenVAS vulnerability scanner. We do a lot of highly secure work
where server access, e.g., monitoring systems, is based upon X.509 certs
and VPN tunnels. We have learned how to do this in a vserver guest but
ultimately concluded it was simpler and a bit safer to do it on a KVM
guest. Our PBX is running on a standalone server - didn't want to risk
any contention for resources.
VServer is a great product. It does the job for us 70% of the time.
When it doesn't, we use what does. Peace all - John
-- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsullivan@opensourcedevel.com http://www.spiritualoutreach.com Making Christianity intelligible to secular societyReceived on Tue Aug 11 11:12:29 2009