Virtualization with CentOS

General support questions
spel565
Posts: 6
Joined: 2013/12/29 17:12:24

Virtualization with CentOS

Post by spel565 » 2013/12/29 17:22:12

I'm planning on getting 3-4 virtual machines on my new CentOS server. (High performing i7, 32gb ram etc.)
Is it sufficent to simply install virtualbox or equivalent, or are there better choices for stability and security?

I do need a graphical interface on my server.

User avatar
avij
Retired Moderator
Posts: 3046
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: Virtualization with CentOS

Post by avij » 2013/12/29 17:57:35

Just to clarify.. This was posted to the CentOS 5 forum, but "new CentOS server" makes me wonder if you're actually using CentOS 6?

spel565
Posts: 6
Joined: 2013/12/29 17:12:24

Re: Virtualization with CentOS

Post by spel565 » 2013/12/29 18:31:36

avij wrote:Just to clarify.. This was posted to the CentOS 5 forum, but "new CentOS server" makes me wonder if you're actually using CentOS 6?
This is indeed true, but I failed to find a suiting topic in the CentOS 6 forum. And I reckoned that it is not specific to CentOS 5 or 6.
If you feel that I put this under the wrong category do not hesitate to move it.

scottro
Forum Moderator
Posts: 2556
Joined: 2007/09/03 21:18:09
Location: NYC
Contact:

Re: Virtualization with CentOS

Post by scottro » 2013/12/29 18:47:03

Ok, I moved it to CentOS 6 general.
Depending upon what you're doing with your virtual machines, KVM may be a better choice. It's less polished than VirtualBox in some ways, and if you're planning on using graphic interfaces with all machines, might seem slower, but if you're looking to, for example, run a few different types of servers, it seems to handle sharing memory better than does VirtualBox. The guide on the CentOS wiki is horribly dated but an article linked on the page is pretty simple to follow.
http://linux.dell.com/files/whitepapers ... e_easy.pdf
New users should check the FAQ and Read Me First pages

spel565
Posts: 6
Joined: 2013/12/29 17:12:24

Re: Virtualization with CentOS

Post by spel565 » 2013/12/29 19:10:18

scottro wrote:Ok, I moved it to CentOS 6 general.
Depending upon what you're doing with your virtual machines, KVM may be a better choice. It's less polished than VirtualBox in some ways, and if you're planning on using graphic interfaces with all machines, might seem slower, but if you're looking to, for example, run a few different types of servers, it seems to handle sharing memory better than does VirtualBox. The guide on the CentOS wiki is horribly dated but an article linked on the page is pretty simple to follow.
http://linux.dell.com/files/whitepapers ... e_easy.pdf
"While Xen and KVM were running great on the new Intel CPU, Oracle's VirtualBox (the latest release, v4.2.16) was much slower than Xen and KVM. The benefit VirtualBox has though is means of guest 3D acceleration" - http://www.phoronix.com/scan.php?page=a ... ualization

Interesting, what about Xen vs KVM.. then?

User avatar
avij
Retired Moderator
Posts: 3046
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: Virtualization with CentOS

Post by avij » 2013/12/29 19:40:58

You may also want to consider Xen4CentOS.

I'm personally running a few VMs with KVM on CentOS 5 (I don't need a GUI for these), and a few other VMs for testing purposes with VirtualBox on my non-Linux desktop computer (for testing GUI stuff). I'm quite happy with both.

User avatar
vonskippy
Posts: 839
Joined: 2006/12/30 03:00:04
Location: Western Slope Colorado

Re: Virtualization with CentOS

Post by vonskippy » 2013/12/29 20:49:51

Take a look at Proxmox

https://www.proxmox.com/proxmox-ve/comparison

Personally, I avoid running a FULL BLOWN Distro as the HOST, use a bare metal hypervisor and run ALL systems as VM Guests. You get better resource management PLUS you don't waste resources on the host os PLUS you get better security.

Or you could use the free version of ESXi if you just need a simple and robust BareMetalHypervisor.
For the 2.5^15th time :: Better Details = Better Answers

spel565
Posts: 6
Joined: 2013/12/29 17:12:24

Re: Virtualization with CentOS

Post by spel565 » 2013/12/29 21:07:19

vonskippy wrote:Take a look at Proxmox

https://www.proxmox.com/proxmox-ve/comparison

Personally, I avoid running a FULL BLOWN Distro as the HOST, use a bare metal hypervisor and run ALL systems as VM Guests. You get better resource management PLUS you don't waste resources on the host os PLUS you get better security.

Or you could use the free version of ESXi if you just need a simple and robust BareMetalHypervisor.
But how would I do if I f ex wanted all the virtual machines to use the same firewall rules, VPN etcetera?
How would this benefit security?

User avatar
vonskippy
Posts: 839
Joined: 2006/12/30 03:00:04
Location: Western Slope Colorado

Re: Virtualization with CentOS

Post by vonskippy » 2013/12/29 22:06:01

Having a PUBLICLY facing full blown distro is a security nightmare waiting to happen, adding a bunch of guest VM's just increases the "ouch factor".

Either run a "real" firewall in front of your VM Server (like PFSense or RouterOS or ASA or whatever flavor of dedicated firewall hardware you like) or run a "firewall appliance" (like PFsense or RouterOS or IPCOP) in a VM on your VM Server and then have all VM Guest traffic (both inbound and outbound) go thru that. With the latter choice, the key to minimizing the security vector is the fact that there isn't much in a bare metal hypervisor to be compromised (which can't be said for a full blown distro running a GUI no less).
For the 2.5^15th time :: Better Details = Better Answers

spel565
Posts: 6
Joined: 2013/12/29 17:12:24

Re: Virtualization with CentOS

Post by spel565 » 2013/12/29 23:10:11

vonskippy wrote:Having a PUBLICLY facing full blown distro is a security nightmare waiting to happen, adding a bunch of guest VM's just increases the "ouch factor".

Either run a "real" firewall in front of your VM Server (like PFSense or RouterOS or ASA or whatever flavor of dedicated firewall hardware you like) or run a "firewall appliance" (like PFsense or RouterOS or IPCOP) in a VM on your VM Server and then have all VM Guest traffic (both inbound and outbound) go thru that. With the latter choice, the key to minimizing the security vector is the fact that there isn't much in a bare metal hypervisor to be compromised (which can't be said for a full blown distro running a GUI no less).
Is it possible to enable the "bare metal hypervisor" to connect to a VPN, so all VMs are connected? Or do I need to do that in the router?

Post Reply