Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Xen or KVM
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Xen or KVM

DoanVPS has decided to expand from just OpenVZ to either KVM or Xen.
We currently use SolusVM and would be using that or Virtualizor.

Which one is better performance wise/ functionality/ and security?


Which one releases updates more frequently?

Which one is easier to install/troubleshoot (Not that this is ever a problem) ?

Thanks!
Liam P

«1

Comments

  • You will buy Xen/KVM? or are you selling?

  • edited September 2013

    My bad, selling

  • Some people like Virtualizor or Proxmox for KVM, and some others like SolusVM for controlling XEN.

    But again, many will use SolusVM, since it has a bandwidth monitor and easy to allocate the IPv6

  • Who's from Srilanka?

  • +1 for xen and solusvm

  • @ErawanArifNugroho said:
    Who's from Srilanka?

    I am! Why?

  • MaouniqueMaounique Host Rep, Veteran

    Disclaimer: I am xen fan.

    KVM is full virtualization, slower, even with virtio drivers, Xen can be PV, faster, but you can also use HVM for windows if you need which is about as fast as KVM is with the right drivers.
    We tried hostbill with proxmox, it works but solus is better and more functional. You could also do KVM with solus. If you want something different, try cloudmin GPL, it is fun, but all the solus haters will then say it is too complicated even tho offers so much more in terms of freedom to run your VM as you wish.

  • smansman Member
    edited September 2013

    Only place I found many Solus haters is here on leb. The only REAL reason is because you actually have to pay for it. It's still the best out there for most things by far.

    Not a fan of cloudmin at all!.

  • @sman said:
    Only place I found many Solus haters is here on leb. The only REAL reason is because you actually have to pay for it. It's still the best out there for most things by far.

    Not a fan of cloudmin at all!.

    Here strikes sman again!

    Maybe we hate solus because they have PHP exploits 101, they take ages to release new features (people have been waiting for 2.0 for years and solus kept promising things like next month etc)

    Maybe you should assume less, and either do more research or just don't say anything

  • smansman Member
    edited September 2013

    @Frost said:
    Maybe you should assume less, and either do more research or just don't say anything

    Please provide me with the exact details of this exploit. Step by step as simple as possible since I'm not too bright. You say there are several so just pick one. I will verify it on my own server then come on here and tell everyone how smart you are for figuring out this exploit only you know about.

  • @sman said:
    Please provide me with the exact details of this exploit. Step by step as simple as possible since I'm not too bright. I will verify it on my own server then come on here and tell everyone how smart you are for figuring out this exploit only you know about.

    LOOOOOOOOOOOOOOOOOOOL

    Your stupidity keeps surprising me again!

    If you would have followed my advice

    @Frost said:
    Maybe you should assume less, and either do more research or just don't say anything

    you would have found the main thread which is http://lowendtalk.com/discussion/11187/solusvm-vulnerability

    Entire exploit: http://localhost.re/p/solusvm-11303-vulnerabilities

    So can you please try stop being such a smartass and check the facts first before you start saying your random shit again, can you do that? Great, thank you!

  • joepie91joepie91 Member, Patron Provider

    @sman said:
    Only place I found many Solus haters is here on leb. The only REAL reason is because you actually have to pay for it. It's still the best out there for most things by far.

    No. The real reason is that SolusVM is a terrible piece of shit, to put it bluntly. Try having a look at the code behind it.

  • GoodHostingGoodHosting Member
    edited September 2013

    @joepie91 said:
    No. The real reason is that SolusVM is a terrible piece of shit, to put it bluntly. Try having a look at the code behind it.

    Goodluck finding something better.

    @stirfriedpenquin said:
    DoanVPS has decided to expand from just OpenVZ to either KVM or Xen.
    We currently use SolusVM and would be using that or Virtualizor.

    Which one is better performance wise/ functionality/ and security?


    Which one releases updates more frequently?

    Which one is easier to install/troubleshoot (Not that this is ever a problem) ?

    Thanks!
    Liam P

    KVM will get you more sales but you cannot oversell, performance is 10x better it's dedicated hardware.
    Nothing else to choose from over SolusVM that has as many features,
    KVM is easy to install, KVM bridge is difficult for a beginner, troubleshoot is the same as troubleshooting is the same as your own computer for VM's, on the host it's easy too.
    SolusVM provide updates more then others.

    Conclussion;

    SolusVM > then any others yet to be

    KVM > most wanted for premium VPS's (you'll get many sales if you offer cheap pricing for KVM VPS's (like we do :P)

    KVM > overall

  • smansman Member
    edited September 2013

    @joepie91 said:
    No. The real reason is that SolusVM is a terrible piece of shit, to put it bluntly. Try having a look at the code behind it.

    So you have looked at the code? How did you do that exactly?

  • joepie91joepie91 Member, Patron Provider

    @sman said:
    So you have looked at the code? How did you do that exactly? Please give details.

    That's what Ioncube decoders are for. I'm not going to go into any more detail on here, but sufficient to say that there's a whole lot of code in there that I would never ever run any server under my control.

    Ioncube is quite a convenient way for them to try and hide how terrible their code is.

  • smansman Member
    edited September 2013

    @joepie91 said:

    Which ioncube decoder? What version? What are the exact exploits you found? Please post them here so we can all learn from your insights. Or just explain the coding style to be exploited in general terms if you want. The exact technique and the exact outcome. Also how about some recent examples of hosts that have been compromised. I'm sure you will agree that is the best anecdotal evidence.

  • rskrsk Member, Patron Provider

    @sman said:
    Which ioncube decoder? What version? What are the exact exploits you found? Please post them here so we can all learn from your insights. Or just explain the coding style to be exploited in general terms if you want. The exact technique and the exact outcome. Also how about some recent examples of hosts that have been compromised. I'm sure you will agree that is the best anecdotal evidence.

    Just FYI, putting exploits out in public is bad idea. The more professional approach is that whoever finds any sort of exploit, contacts the developers to get it patched.

    The idea is to help fix a product, not butcher it down to the ground.

  • The idea is to help fix a product, not butcher it down to the ground.

    But butchering it in this thread, without substance, is still ok, right? :-)

  • joepie91joepie91 Member, Patron Provider

    @sman said:
    Which ioncube decoder? What version? What are the exact exploits you found? Please post them here so we can all learn from your insights. Or just explain the coding style to be exploited in general terms if you want. The exact technique and the exact outcome. Also how about some recent examples of hosts that have been compromised. I'm sure you will agree that is the best anecdotal evidence.

    http://google.com/

    I don't have the time to write up a giant article about what exactly is wrong with SolusVM, what exploits there have been, etc. etc. just because you can't be bothered to Google. There are quite a few well-documented cases of ridiculously simple SolusVM exploits, and finding a free Ioncube decoding service shouldn't take much more than 5 minutes.

  • smansman Member
    edited September 2013

    @rsk said:

    If any of it were actually true then of course yes.

  • rskrsk Member, Patron Provider

    @sman said:
    If any of it were actually true then of course yes.

    what makes you soo sure that there aren't any more exploits? There have been several in the past, which were patched. It doesn't mean it is 100% without exploits now?

    I do not really know, but sometimes it just gets me thinking.

  • MaouniqueMaounique Host Rep, Veteran

    Solus was badly conceived from the start but they did patch up some holes and had some audit. I dont think it is more insecure than the majority of panels out there, but it has the potential to be exploited like any other. If we are to think of this we will all take a little land and plant tomatoes, nobody would be in computers except for fun.

  • @Maounique said:
    If we are to think of this we will all take a little land and plant tomatoes, nobody would be in computers except for fun.

    Tempting.
    And yes I agree - just because this control panel get more attention due to popularity it doesn't mean that other less widely used are more safe.

  • SolusVM <-> popularity <-> exploits

    The same equation goes for microsoft windows.

  • MaouniqueMaounique Host Rep, Veteran

    @john_k said:
    SolusVM <-> popularity <-> exploits

    The same equation goes for microsoft windows.

    Except that they both had an initial conception which excluded security. The design itself was flawed, they did come a long way in patching holes, but it would have been better if the security was planned in from the start.

  • Please post them here so we can all learn from your insights.

    Not to be rude, but a large number of SolusVM users I've seen wouldn't know the difference between good code or bad code if it bit them on the ass so it would be pointless for joepie to post examples.

    Also how about some recent examples of hosts that have been compromised.

    By most standards 3 months would qualify as "recent" so the June SolusVM compromises and node wipings of CVPS, Host1Free, and RamNode would be 3 very recent examples.

  • @rsk said:

    Same reason I am sure that space aliens do not live among us. Because I see no evidence to the contrary. Of course people of low intellect such as some obvious ones in this thread will always believe otherwise.

  • smansman Member
    edited September 2013

    @john_k said:
    SolusVM <-> popularity <-> exploits

    The same equation goes for microsoft windows.

    Finally someone pointed out the blatantly obvious. Will never stop the haters from posting their FUD. They have probably never used Solus. Maybe bitter because they could never make that hosting business work and can't afford the $10 a month.

  • Nick_ANick_A Member, Top Host, Host Rep

    @HardCloud - did you equate KVM with dedicated hardware?

  • Master_BoMaster_Bo Member
    edited September 2013

    Answering original question, Xen PV is somewhat faster, Xen HVM and KVM are, roughly speaking, almost as fast. I use all types of Xen and KVM VMs, preferring to use KVM (native virtualization) when possible.

    Both Xen and KVM are live projects. As for security issues, it would be interesting to see detailed comparison.

    RedHat KVM CVE security entries:
    http://www.cvedetails.com/vulnerability-list/vendor_id-25/product_id-19922/Redhat-KVM.html
    QEMU CVE entries: http://www.cvedetails.com/vulnerability-list/vendor_id-7506/Qemu.html

    Xen CVE entries: http://www.cvedetails.com/vulnerability-list/vendor_id-6276/product_id-23463/XEN-XEN.html

    Other entries might easily be found. To me, KVM is pretty stable and secure at the moment.

    @sman said:
    If any of it were actually true then of course yes.

    Good trolling, congratulations.

    There are quite many references to SolusVM exploits. Most "famous" ones, one of them resulted in thousands VPSes destroyed etc. have been published on localhost.re - visit that site and find details.

    SolusLabs blog entry about that: http://blog.soluslabs.com/2013/06/16/important-security-alert-all-solusvm-versions/

    Kind of epic WHT thread: http://www.webhostingtalk.com/showthread.php?t=1276286

    My advice is to consult with security experts who looked at SolsVM code and know its intrinsics. Knowledge is power, make use of it.

Sign In or Register to comment.