New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Advantages of KVM over OpenVZ for LAMP/LNMP
Hello,
I run a small community with Ramnode 1024 SKVM.
The service, as you know, is excellent but do I have any advantage running KVM over OpenVZ?
If i switch to OpenVZ I can run a 2048 almost for the same value, but I don't know if the isolation and the impact others have in the node will influence badly my VPS.
What do you think?
Thanks
Comments
OVZ is faster than KVM if not oversold. If you buy from ramnode, then you wont have to worry.
For hosting OVZ is better, just get a reputable host. Also Xen is faster than KVM and provides almost perfect isolation and offers more control compared to OVZ, but you dont need that for hosting only unless a very special firewall configuration.
Only if you need special things, such as a MAC address, multiple interfaces, encrypted FS, arbitrary ISO, non-linux system, a ton of modules for firewall/networking, sound, custom partitioning, etc, will you need Xen/KVM.
Will CSF work ok? Am I able to adjust timezone?
yes and yes
@nfn
CSF / (other iptables firewalls) will work on OpenVZ, BUT, depending on what you are doing, some modules may need to be enabled on the host node (if they are not already). This means raising a support ticket with your provider.
I have actually run into more than one provider that I had to educate on what needed to be done/how to do it. :-(
In terms of performance, I have many VPS's that are mirrors of each other and I haven't really noticed the performance difference (since it also depends on the host node hardware/network/% utilization). But, I have run into some issues with heavy traffic to a LAMP stack that caused OpenVZ to choke on some config files where KVM handled it without a problem.
KVM is far more flexible and independent:
1) You can run practically any OS
2) You don't have to worry about modules not being loaded (you configure everything you want)
3) You can run disk encryption and other specialized configuration, etc
4) KVM supposedly offers guaranteed resources and is less likely to be oversold
For the host: OpenVZ > KVM
For the customer: KVM >> OpenVZ
IMHO, KVM (with a reliable host) is worth the extra money.
A good VPS (ample CPU power, fast disk, good network, not oversold) is a good VPS; a crap one is a crap one ..... regardless of virtualization type.
I would agree @geekalot, but I personally see the difference between performance of my KVM nodes vs. OpenVZ nodes. KVM is more dependable IMO. Although I do believe pessimistically that OpenVZ is not the problem but symptom of a problem.
I use KVM or XEN for my important nodes because of the ability to perform system wide encryption.
For the customer: KVM >> OpenVZ
First though after looking at that was bit shifting. :P
Depends on host, we make all efforts to convince people Xen is the best compromise between speed and features and KVM offers the most options, however OVZ is faster and on a busy site it will show. If you host your cat pictures with 1-2 visitors at a time, fine, anything will do, but for scalable resources, OVZ will do much better because will be able to use the resources other customers dont need at that time, especially CPU and IOPS. While IOPS will also be available on other platforms as well as CPU to some extent, you must not forget there is another layer between disk and the emulated CPU, while in OVZ this is done directly by the kernel as it was one big machine, no emulated CPU, no matter how good the virtualization, it is still not direct access, no emulated bus and interface, even virtio, to access the storage either. Not to mention the easy scalability without as much as a reboot.
Yes, I hate ovz due to its instability compared to xen where we have years of uptime, but being biased will not help. From this provider point of view, Xen uber alles, also KVM means less headache than OVZ, but the customer or potential customer must know the options and the aspects needed to be considered.
when are we getting xen for iwstack then
I am afraid it is too late now to change, but for corporate deployment, alongside vmware and rhev, it will probably be xen.
Long story short, security is why you should use KVM.
Depends against whom you are defending against. If against admins, lasciate ogni speranza...
Perché è così?
^^This!
It is bit shifting in a slightly different way :-)
So, in my case and since Ramnode is reputable a known to be very caution about abuse, I could benefit from replacing my 1024 KVM with a 2048 OpenVZ since the difference is irrelevant?
OVZ will perform better normally, KVM is only useful for custom installations / kernels and / or if you want to encrypt your drive. So KVM is only really useful for users that want to significantly change the OS. If you're running it as a stock OS / vps template with some services on top, OVZ will be better.
That's a dangerous blanket statement.
For a LAMP setup, not really. You have better isolation, a more dedicated chunk of a server, and can do much more with it.
Not to mention it would actually take some time with a KVM to access the drive (especially if you encrypt it) unlike OVZ where you just can have a host cd into your server, and access your whole config.
Mun
I agree. A KVM system gives you full virtualization and is a bit harder to oversell than with a OpenVZ system. However, in terms of security, I believe they both do a good job on that front. I don't think that really fits into the equation of things
You said security, not those things -- some of which are questionable, anyhow.
Time is not security. But, time is not even a factor . . . it's trivial to access a KVM "drive", unless it's encrypted. Then again my comment stated "KVM is more secure" was a dangerous blanket statement.
I never said how much, but it is better to go with KVM. OpenVZ is very very very open.
The far best would be a colocated server of your own.
While it will be better, it can be accessed without even a reboot by the host. It will take a bit more time and needs special hardware, agreed, but it will not be secure in the end.
In such a case you're screwed anyway.