Virtual Servers Analysis and Howto

Running Multiple Server enviroments on a single machine sharing a single kernel.



We want to run several indepentant virtual servers on a machine (single physical piece of hardware). The technologies around for doing this are the BSD jail() call, vmware which runs x86 on x86, Bochs, which acts as a full PC emulator, UML (User-Mode-Linux, multiple kernels) and vserver.

Two Approaches

There have been two approachs to create virtual server type environments out there;

FreeVSD -- userspace hacks

FreeVSD provides a reasonable virtual environment that is particularly well suited to the reseller market. This is done by allocating a range of user and group IDs (uid gid) one of which is a psuedo-root user called `admin'. This user is treated no different from a normal user by the underlaying kernel or operating system. The difference however comes in the provision of patched versions of ultities such as su(1), chown(1), chmod(1), ps(1) and kill(1) that analyse the userid and allow the use of privileged operations upon other file or processes belonging to that virtual servers process range.

FreeVSD has also provided us with something much more useful--a daemon and defined communication protocol, for which there exist both open Web-based and a proprietary Microsoft Windows based client.

vserver -- kernel patches

The alternate approach is modifying the kernel to provide a partition-like environment and is based on cutting down privileges to what is safe (eg. no hardware or system-management related filesystem or kernel access). Because this requires no modifications to the userspace system we can run out-of-the-box images of Redhat and Debian, even quiet happily besides each other on the same host system.

Virtuozo néé ASPcomplete -- kernel patches

SW-Soft from Russia. Need to write now I have seen the code.

Our Approach


We achieve the virtualization of multiple seperate virtual machines on a single host by combining several technologies; the first is a series of extra kernel calls, some of which are now provided through the vserver kernel patches produces by Jacques.

Autonomous environment.


To make a profitable system that we can sell we need to look at what DSVR have done; they not produced a system that is a truely completely representation of virtual server or dedicated machine; but that they have produced something that is good enough and that closely cators and exceeds the requirements of most resellers.

It is this four-level pyramid system that allows us to keep focused upon technical provision and seperating the support chain so that end-users are dealt with through the reseller chain.

Paul Sladen
Last modified: Fri Oct 25 05:18:34 BST 2002