Operating system level virtualization
- Category: Software
Operating system-level virtualization is a server virtualization method where the kernel of an operating system allows for multiple isolated user-space instances, instead of just one. Such instances (often called containers, VEs, VPSs or jails) may look and feel like a real server, from the point of view of its owner. On Unix systems, this technology can be thought of as an advanced implementation of the standard chroot mechanism. In addition to isolation mechanisms, the kernel often provides resource management features to limit the impact of one container's activities on the other containers.
Uses
Operating system-level virtualization is commonly used in virtual hosting environments, where it is useful for securely allocating finite hardware resources amongst a large number of mutually-distrusting users. It is also used, to a lesser extent, for consolidating server hardware by moving services on separate hosts into containers on the one server.
Other typical scenarios include separating several applications to separate containers for improved security, hardware independence, and added resource management features.
OS-level virtualization implementations that are capable of live migration can be used for dynamic load balancing of containers between nodes in a cluster.
Advantages and disadvantages
Overhead
This form of virtualization usually imposes little or no overhead, because programs in virtual partition use the operating system's normal system call interface and do not need to be subject to emulation or run in an intermediate virtual machine, as is the case with whole-system virtualizers (such as VMware and QEMU) or paravirtualizers (such as Xen and UML). It also does not require hardware assistance to perform efficiently.
Flexibility
Operating system-level virtualization is not as flexible as other virtualization approaches since it cannot host a guest operating system different from the host one, or a different guest kernel. For example, with Linux, different distributions are fine, but other OS such as Windows cannot be hosted. This limitation is partially overcome in Solaris by its branded zones feature, which provides the ability to run an environment within a container that emulates a Linux 2.4-based release or an older Solaris release.
Storage
Some operating-system virtualizers provide file-level copy-on-write mechanisms. (Most commonly, a standard file system is shared between partitions, and partitions which change the files automatically create their own copies.) This is easier to back up, more space-efficient and simpler to cache than the block-level copy-on-write schemes common on whole-system virtualizers. Whole-system virtualizers, however, can work with non-native file systems and create and roll back snapshots of the entire system state.
Application virtualization
- Category: Software
Application virtualization is an umbrella term that describes software technologies that improve portability, manageability and compatibility of applications by encapsulating them from the underlying operating system on which they are executed. A fully virtualized application is not installed in the traditional sense, although it is still executed as if it were. The application is fooled at runtime into believing that it is directly interfacing with the original operating system and all the resources managed by it, when in reality it is not. In this context, the term "virtualization" refers to the artifact being encapsulated (application), which is quite different to its meaning in hardware virtualization, where it refers to the artifact being abstracted (physical hardware).
Description
Limited application virtualization is used in modern operating systems such as Microsoft Windows and Linux. For example, IniFileMappings were introduced with Windows NT to virtualize (into the Registry) the legacy INI files of applications originally written for Windows 3.1. Similarly, Windows Vista implements limited file and Registry virtualization so that legacy applications that try to save user data in a system location that was writable in older versions of Windows, but is now only writable by highly privileged system software, can work on the new Windows system without the obligation of the program having higher-level security privileges (which would carry security risks).
Illustration of An Application running in a native environment and running in an Application Virtualisation environment
Full application virtualization requires a virtualization layer. Application virtualization layers replace part of the runtime environment normally provided by the operating system. The layer intercepts all file and Registry operations of virtualized applications and transparently redirects them to a virtualized location, often a single file. The application never knows that it's accessing a virtual resource instead of a physical one. Since the application is now working with one file instead of many files and registry entries spread throughout the system, it becomes easy to run the application on a different computer and previously incompatible applications can be run side-by-side. Examples of this technology for the Windows platform are Cameyo, Ceedo, Evalaze, InstallFree, Citrix XenApp, Novell ZENworks Application VIrtualization, Endeavors Technologies Application Jukebox, Microsoft Application Virtualization, Software Virtualization Solution, VMware ThinApp and InstallAware Virtualization.
Related Technologies
Technology categories that fall under application virtualization include:
· Application Streaming. Pieces of the application's code, data, and settings are delivered when they're first needed, instead of the entire application being delivered before startup. Running the packaged application may require the installation of a lightweight client application. Packages are usually delivered over a protocol such as HTTP, CIFS or RTSP.
· Desktop Virtualization/Virtual Desktop Infrastructure (VDI). The application is hosted in a VM or blade PC that also includes the operating system (OS). These solutions include a management infrastructure for automating the creation of virtual desktops, and providing for access control to target virtual desktop. VDI solutions can usually fill the gaps where application streaming falls short.
Benefits of application virtualization
· Allows applications to run in environments that do not suit the native application (e.g. Wine allows Microsoft Windows applications to run on Linux).
· May protect the operating system and other applications from poorly written or buggy code.
· Uses fewer resources than a separate virtual machine.
· Run applications that are not written correctly, for example applications that try to store user data in a read-only system-owned location.
· Run incompatible applications side-by-side, at the same time and with minimal regression testing against one another.
· Maintain a standard configuration in the underlying operating system across multiple computers in an organization, regardless of the applications being used, thereby keeping costs down.
· Implement the security principle of least privilege by removing the requirement for end-users to have Administrator privileges in order to run poorly written applications.
· Simplified operating system migrations.
· Accelerated application deployment, through on-demand application streaming.
· Improved security, by isolating applications from the operating system.
· Enterprises can easily track license usage. Application usage history can then be used to save on license costs.
· Fast application provisioning to the desktop based upon user's roaming profile.
· Allows applications to be copied to portable media and then imported to client computers without need of installing them.
Limitations of application virtualization
· Not all software can be virtualized. Some examples include applications that require a device driver and 16-bit applications that need to run in shared memory space.
· Some types of software such as anti-virus packages and applications that require heavy OS integration, such as WindowBlinds or StyleXP are difficult to virtualize.
· Only file and Registry-level compatibility issues between legacy applications and newer operating systems can be addressed by application virtualization. For example, applications that don't manage the heap correctly will not execute on Windows Vista as they still allocate memory in the same way, regardless of whether they are virtualized or not. For this reason, specialist application compatibility fixes (shims) may still be needed, even if the application is virtualized.