
John A. Sullivan III píše v Čt 13. 09. 2012 v 12:36 -0400:
On Thu, 2012-09-13 at 20:16 +0430, Mohsen Saeedi wrote:
John A. Sullivan III <jsullivan@opensourcedevel.com> wrote on Thu, 13
<snip>> > >
We have also been toying with the idea of using KVM/KSM to move to a single server per user. This would provide much greater isolation and non-repudiation but we are concerned about the overhead of KVM on the KVM host and deduplication on the SAN. Thanks - John I think so, spice has experimental feature for multiple client to single windows XP now. is it true?? and what is the details for idea of using KVM/KSM to move to a single server per user? I didn't understand it very well. Thanks This is something we are able to do splendidly well with VServer and X2Go (an NX implementation). With the VServer hashification feature, I can have 400 VMs on a host and only take one VM's worth of space for system files.
oVirt (RHEV) templates will do the same for you. Then I had better start investigating it! Thanks.
Moreover, all instances in memory only take the space of one instance. Thus, we get deduplication and KSM almost for free.
oVirt (RHEV) runs KSM only when the host memory gets fuller but I seem to remember that guys were able to have high 1000's of % of memory overcommit ratios I have heard rumors of high CPU utilization with KSM but we have not experimented enough with it ourselves to know. Is that an issue?
BTW, how does VServer implement its memory sharing, isn't it KSM internally too? No, it's a consequence of their "hashification." As an option, all duplicate files in the file system (there is a single file system in VServer although accessed via different namespaces) are replaced by immutable hard links. I'm not sure of the details but, because each of
On Fri, 2012-09-14 at 11:49 +0200, David Jaša wrote: those files shares a common inode, I believe only one instance is loaded into memory.
Because the additional overhead is so minuscule (minimal memory and disk and almost no virtualization overhead since it is a container technology instead of a hypervisor), and because there are no licensing issues for our Linux desktops, it makes sense to give each user a dedicated VM. Not only does that give us excellent isolation from errant processes but it also means (because of the details of our implementation) that each user has a consistent IP address allowing us to correlate network events with specific users.
in oVirt, your guest systems have stable MAC address so with properly configured DHCP/DNS, you'd get the same.
David
<snip>