On Mon, Apr 26, 2010 at 02:24:27PM +0200, Floris Sluiter wrote:
...Sounds good to me. What about performance issues? I'm especially concerned about file I/O and network I/O.
Any virtualization has overhead. The best you can squeeze it is about 90-95% percent on I/O and close to 100% native for CPU. This is independent from the network topology and with which rights a VM is running: i.e. how your network topology is designed does not make any difference on how your virtualization performs compared to the same setup for a native solution.
Hi Floris,
just a short question with respect to the network topology. Could you give some details on how you would do this. In order to get performance you need to put your VMs on a bridge, so can you get sufficient security or even a closed off VLAN with ebtables?
Furthermore, concerning the difference, or as you say equality, between a class-3 and a class-2 VM, how do you see this concerning for example syslogging? With a standard WN all logging is done by root in a site-installed WN, which means the logs have a very high level of trust. With a class-2 VM, logging is done by root inside the VM in a way endorsed by the endorser. With a class-3 VM there is no such thing, even if you demand logging to syslog (no idea how to do that with Windows), it's completely untrusted. Maybe you see this differently? The point is, even if the VM has only local user rights, just as a normal grid job, it's not clear to me how you can keep track of what that normal job is doing in the case of a VM. If a normal grid job does strange things, you can see traces in your syslog, in the VM case, you only see the VM process such as kvm, which is much harder to trace.
Cheers, Mischa