Hacker News new | past | comments | ask | show | jobs | submit login

since you bought up Xen, i have a honest question: why would you consider using Xen in presence of alternatives like vbox/vmware ? more importantly, in say 2-3 years, wouldn't something like this edge them out ?



VirtualBox is irrelevant.

VMware is closed source. The real Xen alternative is KVM. KVM is better than Xen in pretty much every way. There's a very big cost for big Xen shops to switch to KVM, but if you're not tied to Xen I can't imagine why you'd use it when KVM is better in every way (kernel integration, tooling, performance, etc).


I think the main argument in favor of Xen was that it would have a smaller attack surface for hackers than KVM. After all, Xen is a hypervisor-based solution, whereas with KVM you are running the full Linux kernel plus qemu as your host.

With that being said, there have been exploits in the Xen hypervisor. As more hardware integration gets added, dom0 starts to look a lot more like a traditional kernel.

Personally, I use kvm for all my virtual machines, since I don't want to run everything under dom0.


The option to run qemu in stub domains is a big advantage, or not run qemu at all if you use PV.


> Personally, I use kvm for all my virtual machines, since I don't want to run everything under dom0

Did you mean Xen?


kvm doesn't have dom0. More generally, you can run kvm on an unmodified SuSE (or other Linux distribution) kernel.


AFAIK xen is also in upstream kernel and there should be no difference in this regard.


> VirtualBox is irrelevant.

Except for every single "prepackaged developer's workstation" solution I've seen so far. Seriously it works on all systems more or less the same, so I see it used all over the place.


I believe he is saying that VirtualBox is irrelevant as an alternative to Xen, not that it is irrelevant in general.

Xen is meant for running a potentially large number of server VMs headless. VirtualBox is meant for running desktop VMs. You could make VirtualBox run headless (exposing a pseudo-screen over VRDP) to do what Xen does, but... eww.


Xen is also used on the desktop, e.g. Qubes (Type-1) or Bromium uXen (Type-2).


Is bromium out of vaporware stage yet? They make bold claims, but I've never heard of anyone actually getting a hold of their tech. I've certainly not seen any reviews by serious security professionals picking apart their offering.

Qubes is awesome though. It really does not get as much attention as it deserves.


Some companies are listed at http://www.bromium.com/customers.html. No sign of third-party reviews, sadly.


Why is it eww? I found it to be a very nice solution to running a legacy OS on new hardware. I could probably use something else, but VBox with vrdp works great!


It's also incredibly insecure. One uses it to run a different OS on the same computer, not really for isolating it from the host OS/other VMs.

Just look at the kinds of vulnerabilities regularly found in it. They're mostly run-of-the-mill buffer overflows or missing range checks in emulation. Simple stuff that should have been caught if they were serious about security.

Compare that to xen or kvm, which have of course also had vulnerabilities, but you can see people usually have to get a lot more creative when attacking those.

If you wouldn't run a program on your actual machine, you probably should not run it in a VirtualBox VM either.


You are exactly correct - VirtualBox is a workstation solution, not a back-end server solution. That's the domain of Xen, VMware, and KVM. Xen and KVM are interesting to hosting providers and technology companies like google, everywhere else in the world it's VMware.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: