Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ask slashdot: Which 100+ User Virtualization Solution Should I Use?

samzenpus posted about a year ago | from the best-of-virtual-class dept.

Technology 191

Gonzalez_S writes "Let's say you need to give access to 100+ users to create their own virtual machines and devices (eg. switches, .., ms windows or linux family) in a manageable and secure way. Which virtualization solution would you choose? There are vmware, xen, kvm, .. based solutions, but which one would you prefer and why? The solution should be stable, manageable, scriptable and preferably have ldap integration. In this case I also need to setup a playground for IT students, next to hosting production servers on the same system."

cancel ×

191 comments

Sorry! There are no comments related to the filter you selected.

If you have to ask /. (-1, Flamebait)

Anonymous Coward | about a year ago | (#43828967)

Even if it's just for students to play with: If you have to ask us, then you're not qualified to do your job.

Re:If you have to ask /. (-1, Flamebait)

ZeroPly (881915) | about a year ago | (#43828981)

Agreed. This question is along the lines of "how do I surgically repair an aortic dissection?". If you are unable to do the research on your own, and come up with the best fit for your scenario, you don't have a prayer of being technically competent enough to survive the implementation phase.

Re:If you have to ask /. (5, Insightful)

DarkOx (621550) | about a year ago | (#43829037)

I don't agree. There is nothing really unique to virtualization, it's just really interdisciplinary, storage, network engineering, wintel admin, Linux admin, physical datacenter management, etc on these scales. Nothing anyone who has been in IT for awhile and worn a few hats in that time can't be expected to do so reading and then get started.

It is a useful question to ask though, at least several of the products mentioned can likely meet his needs, there are qualitative and technical differences and soliciting some info on he experience of others, to help direct his research effort is not unreasonable

Re:If you have to ask /. (3)

bloodhawk (813939) | about a year ago | (#43829137)

I don't agree. There is nothing really unique to virtualization, it's just really interdisciplinary, storage, network engineering, wintel admin, Linux admin, physical datacenter management, etc on these scales. Nothing anyone who has been in IT for awhile and worn a few hats in that time can't be expected to do so reading and then get started.

If he had those discplines and skills then I doubt he would be asking slashdot. Seriously if you need to ask slashdot the question he asked then he is unlikely to have the skillset to implemet ANY of the solutions in a well managed way.

Re:If you have to ask /. (4, Insightful)

XcepticZP (1331217) | about a year ago | (#43829543)

I highly agree with you. The answers to technical/geeky questions on Slashdot always have a lot of experience and insight. That is something Google searches would never yield, unless they happen to be results of Slashdot questions regarding the topic you're searching for.

Re:If you have to ask /. (2)

smitty_one_each (243267) | about a year ago | (#43829687)

I 90% agree with you.
But the force of the 10% disagreement is 9 times that of the agreement, leaving me stymied.

Re:If you have to ask /. (-1)

Anonymous Coward | about a year ago | (#43829635)

It is a useful question to ask though

Especially for Slashdot, who VMWare paid to have their products endorsed in the comments below.

Re:If you have to ask /. (1)

Anonymous Coward | about a year ago | (#43829135)

He's asking because he realizes he's not technically competent to do the research himself. Would you fault a first-year med student for asking someone about that procedure if they had never done it before?

Re:If you have to ask /. (5, Insightful)

Billly Gates (198444) | about a year ago | (#43829265)

Or an expert for that matter?

I have setup VMware before but I sure as hell would ask others before I put live production and recommend an expensive solution and put my job on the line for 100 users. Google will show just search engine optimized crap of people trying to see stuff anyway and it is hard to tell which is real and which is a fake website pulling data from another designed to pimp up the ratings of a 2nd website.

Windows 7 forums are copied by bots all the time and put in fake ad/malware ridden sites with links to someone trying to sell something to get a higher Google SEO rating whenever I try to search for something technical. It is annoying.

Re:If you have to ask /. (1)

Creepy (93888) | about a year ago | (#43830461)

I like VMWare for larger installations as well. We also have special requirements, specifically we need GPUs. Until recently, that meant offloading that work to real hardware, but nVidia GRID is a godsend because we can install that part on the VMWare server (this is still in beta at my company, so I don't yet personally have access to it, but I've seen demos and I have to do the multi-server setup by hand and that is no fun).

Re:If you have to ask /. (1)

shentino (1139071) | about a year ago | (#43829665)

He might even be held hostage by a PHB who expects him to be a miracle worker.

Re:If you have to ask /. (1)

Billly Gates (198444) | about a year ago | (#43830129)

Like the ones who filed a complaint on me for not installing their phones and assembling the cubicle when I am desktop and must get approval and have 40 other tickets

Re:If you have to ask /. (0)

Anonymous Coward | about a year ago | (#43829945)

No i wouldn't fault a first year med student for asking. But regardless of the answer I also wouldn't trust a first year med student to perform anything but the most basic of procedures and even then I would be nervous. Similarly when you start to get into more demanding scnearios in IT (even though this one is on the very low end scale), I would not trust a beginner to get it right regardless of advise and reading he is doing. It comes back to if you need advise and you considered slashdot as your best source for that advise then you should not be doing the job in the first place.

Re:If you have to ask /. (1)

GigaBurglar (2465952) | about a year ago | (#43830831)

Ha! Think you can learn it all from a book do you?

Anyway.. it's not really a "how do I.." kind of question - it's more of a question that draws from experience.

Nothing wrong with asking questions.. Thinking you know it all however..

Re:If you have to ask /. (2)

ludwigmace (514661) | about a year ago | (#43828993)

Pretend the last sentence or two weren't there. Then how would you answer the question? That might help the OP and community at large.

Re:If you have to ask /. (5, Insightful)

papa1890 (2901295) | about a year ago | (#43829007)

Opinions are a great thing to gather when building any type of system no matter how experienced you are. People stand shit up all the time that they aren't 100% familiar with and in this day and age products can change drastically. Do you really expect OP to know everything about every possible virtualization product? I don't see anywhere in his post that he is asking for anything more than an opinion. He doesn't even state that he needs one, he's simple asking for peer feedback. Instead he gets asshat responses from the internets...

Re:If you have to ask /. (2, Informative)

Anonymous Coward | about a year ago | (#43829023)

Ah fuck off. It's actually a good and interesting question to see what the various specialists come up with.

Re:If you have to ask /. (-1, Flamebait)

discord5 (798235) | about a year ago | (#43829175)

Ah fuck off. It's actually a good and interesting question to see what the various specialists come up with.

Nah, it's called getting a set of basic user requirements and then looking through a set of products to see which match the list. This just reeks of laziness and namedropping on slashdot so someone will post the solution for you.

By the way, I'm looking for a toaster on linux, it needs to be able to have 6 settings, usuable by many people (including students). I need to be able to develop toast on it, but it also needs to run an operational toasting environment, preferably on the same hardware. I would like it to be fully scriptable, and I need to be able to hook it up to an LDAP. It would be nice if it came included with a coffeemachine, which should also be fully scriptable. I've found the Coffee HOWTO [tldp.org] , but haven't bothered reading it. Could you guys give me an opinion on how to adapt this to my toaster project? I've looked at relays, resistors and capacitors... They all seem very nice.

Please spend a little more time reading the manuals and typing in a few requests in Google before posting this to Ask Slashdot: be a bit more professional.

Fuck it, karma to burn anyway.

Re:If you have to ask /. (3, Insightful)

Anonymous Coward | about a year ago | (#43829263)

Nah, it's called getting a set of basic user requirements and then looking through a set of products to see which match the list.

"That worked so well!!", said no one who ever did that ever.

Re:If you have to ask /. (1)

hawguy (1600213) | about a year ago | (#43829987)

Ah fuck off. It's actually a good and interesting question to see what the various specialists come up with.

Nah, it's called getting a set of basic user requirements and then looking through a set of products to see which match the list. This just reeks of laziness and namedropping on slashdot so someone will post the solution for you.

By the way, I'm looking for a toaster on linux, it needs to be able to have 6 settings, usuable by many people (including students). I need to be able to develop toast on it, but it also needs to run an operational toasting environment, preferably on the same hardware. I would like it to be fully scriptable, and I need to be able to hook it up to an LDAP. It would be nice if it came included with a coffeemachine, which should also be fully scriptable. I've found the Coffee HOWTO [tldp.org] , but haven't bothered reading it. Could you guys give me an opinion on how to adapt this to my toaster project? I've looked at relays, resistors and capacitors... They all seem very nice.

Please spend a little more time reading the manuals and typing in a few requests in Google before posting this to Ask Slashdot: be a bit more professional.

Fuck it, karma to burn anyway.

You could try doing a little basic research before posting your question.

Here's a toaster that meets more of your requirements, though it runs NetBSD rather than Linux:

http://www.theinquirer.net/inquirer/news/1018836/toaster-pc-runs-bsd-makes-toast [theinquirer.net]

Let us know if that doesn't meet your requirements for some reason, there may be some NetBSD packages that can do what you need.

a bunch of disgruntled jealous neckbeards (1)

Anonymous Coward | about a year ago | (#43829095)

seemed to have modded you "insightful" ?

sounds like youre a butthurt little bitch with a high sensitivity for job security

yes - ive seen your types everywhere - hording all the knowledge with retarded excuses for not sharing anything.

as for the poster's question, - id use KVM - but as in any virtual environment youll need a beefy server/servers to handle the cumulative shared resouces that people will be using along with allocated those shared resources according. try to anticipate cpu intensive tasks etc. I've tried xen, but it doesnt see to be as developed and I've seen some hypervisor security vulns lately that if a noob put their hypervisor publicly accessable able they can get ownt. vmware i just never got a good feeling for, though it's good for a quick OS load on windows. so yeah, KVM all the way.

Re:If you have to ask /. (4, Insightful)

Billly Gates (198444) | about a year ago | (#43829243)

If you have to be so arrogant and pretend to know what is best without research or asking other I.T. professionals then I have to say you are not doing yours and neither are the moderators who made this +4??

Stating that you are not qualified is also highly insulting and ruins the quality of candid discussion on Slashdot that I do like and enjoy reading the comments.

In fact regardless of the field I do not know of anyone who is competent who does not look to others with more expertise in a specific area for opinions. No matter how badass you think you are at your job there is always someone who knows more than you. Especially in a particularly area such as this case virtualization.

Re:If you have to ask /. (3, Insightful)

kermidge (2221646) | about a year ago | (#43829549)

Gotta step in somewhere.

My first response halfway through Gonzalez' post was "Oh, yeah, he's an instructor, maybe at a community college, and he's in charge of getting this thing up and running." Next thought, "He's done no homework other than learning the names of some virtualization methods/engines and wants the smart folks on /. to do it for him." Clinched with the last two sentences.

Then, before delving into all the helpful posts thus far, I figured it was also possible he'd done a bit of swotting up and reached the point where he's brain-burnt, confused and maybe over his head. As another here has said, simply trying to use Google to get to sources for decent advice or real infos can be... disheartening.

Finally, since we all plopped out of the womb knowing little more than how to suck, poop, and cry, it's not unreasonable to ask those who might know more, or who've been in the same boat, for any useful info, pointers, advices, which lead him to right here and now.

Now to continue reading, see if anything interesting and useful shows up.

Re:If you have to ask /. (2)

kermidge (2221646) | about a year ago | (#43829671)

so I got to the end, and /.ers stepped up. Nice!

I never did any of this for a living, only a few classes, and very little of it for a hobby as time allows, only use VirtualBox for my own stuff, having tried several of the other end-user solutions over the past few years. Already got hipped to some neat things I'd not heard of - proxmox, chef, vagrant, ovirt, jenkins, etc. Don't know what OP gets from it, but I have some reading to do.

I'd be interested to see what Gonzalez ends up doing.

From those who really know their stuff, I suppose it's not a hardship to toss off the informative paragraph or two, but I can imagine that it might be nice to get some feedback even so.

Re:If you have to ask /. (0)

Anonymous Coward | about a year ago | (#43829281)

Just because he's asking doesn't mean he needs to ask us to get the job done. He listed out a few different solutions already! The question is "... which one would you prefer and why?" Maybe there's some quality about a different solution that would make his life easier.

Re:If you have to ask /. (1)

Anonymous Coward | about a year ago | (#43829299)

You are an awesome human being. I'm sure many people like you and enjoy your company. When you die you will be remembered as a friendly person. Everyone will reflect on how helpful and kind you were.

Re:If you have to ask /. (4, Insightful)

nospam007 (722110) | about a year ago | (#43829355)

"Even if it's just for students to play with: If you have to ask us, then you're not qualified to do your job."

You seem to suffer under the impression that US schools have the money to hire top specialists.

Re:If you have to ask /. (3, Interesting)

hodet (620484) | about a year ago | (#43829751)

What a load of elitist bullshit. Maybe he has already done a lot of research and has a good idea. Do you really think he is panicking and turning to /. because he has no clue? I think that this, being a technical community that still has alot of expertise and insight in it, he decided to hear other peoples/professionals perspectives.

Re:If you have to ask /. (1)

elashish14 (1302231) | about a year ago | (#43829767)

it never hurts to ask and get more information. The submitter didn't phrase it like he/she is going entirely by what /. says.

Re:If you have to ask /. (0)

Anonymous Coward | about a year ago | (#43830771)

True enough, however, the request submitter deserves a real answer to their question.

I recommend Oracle VirtualBox hosted on a GNU/Linux server and having the students learn how to define, create, and manage these virtual machine instances from the command-line. I prefer VirtualBox over the other virtualization solutions for its relative simplicity and ease of configuration and management via the GNU/Linux shell interface.

That already exists... (3, Informative)

Anonymous Coward | about a year ago | (#43828971)

Why not work with AWS to setup a "private cloud" sandbox? Reserved instances can keep your costs relatively flat, and the AWS crew seems pretty amenable to helping out when it comes to unique needs...

VMWare vs Citrix (4, Informative)

alen (225700) | about a year ago | (#43828987)

vmware is cheaper and easier to set up
Citrix is a lot more expensive and a PITA to set up but a lot faster since Windows 7 and later has native citrix code in it for virtualization and a lot more customization

Re:Citrix because its web enabled (1)

Billly Gates (198444) | about a year ago | (#43829287)

No need to push a VMware client to +100 computers and users can use a modern browser on their home computers to get work done too if you choose Citrix.

As the licensing and costs? I do not know. But as a user and someone who has limited time to write a push update it is the least hassle.

Re:Citrix because its web enabled (1)

Splab (574204) | about a year ago | (#43829623)

Just make sure you disable Excel

http://www.youtube.com/watch?v=qk_va2LLox4 [youtube.com]

(Added bonus, those guys are friggin hilarious, check out their other talks).

Re: Citrix because its web enabled (0)

Anonymous Coward | about a year ago | (#43829867)

Totally not the point of that presentation,, the main point was disable macros (which applies for all but trusted paths), make sure users can't modify files in those paths.

Alsn dont trust users.

Re:VMWare vs Citrix (0)

Anonymous Coward | about a year ago | (#43830463)

I've used both VMWare and Citrix in production critical environments.

IMHO, (to repeat, this is -opinion-), Citrix makes a top tier application virtualization and remote access product.

The Xen hypervisor blows goats and is definitely nowhere near production quality compared to VMWare.

VMWare's ESXi is also free (although no vMotion or other nice toys), although you don't have all the cool management tools, you can still clone machines via sshing in if needed.

I'd go that route, or perhaps Hyper-V if this is mainly windows.

VMWare, Ubuntu and Puppet (4, Interesting)

i_want_you_to_throw_ (559379) | about a year ago | (#43828995)

When my company had to come up with a solution to have all of our developers to develop in an environment that absolutely mimicked the production server we used a combination of VMWare to run a version of the Ubuntu. Puppet made creating all of this really easy. It gave us the ability to completely blow away a machine and reconstitute in very little time.

do you need full virtualization? (2)

Chirs (87576) | about a year ago | (#43828997)

If you can get away with sharing one kernel (and ideally one distro for userspace), a container-based solution is likely going to be less resource-intensive overall.

Re:do you need full virtualization? (2)

gl4ss (559668) | about a year ago | (#43829059)

If you can get away with sharing one kernel (and ideally one distro for userspace), a container-based solution is likely going to be less resource-intensive overall.

well, he needs virtual switches and routers so they can ditch the physical networks learning lab.

Hyper-V or vSphere. (5, Informative)

tysonedwards (969693) | about a year ago | (#43829001)

Considering that you are likely out of an educational institution, Microsoft likely provides you with free licenses for their products. As such, Hyper-V and SystemCenter would provide you with a fairly good experience that is easy to manage and automatically deploy based off of Active Directory. It is a solution that will likely meet all of your stated requirements and your other likely needs and wants in a package that is "good enough".

If you have a budget, consider VMware's vSphere offering. It can get pretty expensive (license costs greater than that of your physical hardware) however it is currently best-in-class and provides some truly amazing administration tools.

Re:Hyper-V or vSphere. (0, Interesting)

Anonymous Coward | about a year ago | (#43829157)

As such, Hyper-V and SystemCenter would provide you with a fairly good experience that is easy to manage and automatically deploy based off of Active Directory. It is a solution that will likely meet all of your stated requirements and your other likely needs and wants in a package that is "good enough".

As long as your definition of "good enough" includes endless problems with Linux guests.

Re:Hyper-V or vSphere. (3, Informative)

jerquiaga (859470) | about a year ago | (#43829559)

As such, Hyper-V and SystemCenter would provide you with a fairly good experience that is easy to manage and automatically deploy based off of Active Directory. It is a solution that will likely meet all of your stated requirements and your other likely needs and wants in a package that is "good enough".

As long as your definition of "good enough" includes endless problems with Linux guests.

A couple of years ago, you would have been right. Anything with a 3.0 or above kernel has all of the Hyper-V modules in the kernel. For CentOS or RHEL, you can use the integration tools. I run about a dozen Linux machines on our Hyper-V cluster without any issues.

Re:Hyper-V or vSphere. (3, Informative)

evenmoreconfused (451154) | about a year ago | (#43830107)

I second this. I've migrated several business services (e.g. svn, flyspray, etc.) from physical boxes running various OSes (W2K8, Ubuntu) to CentOS virtual hosts on HyperV. Apart from one issue*, which is a stupidity using Minimal CentOS unrelated to Hyper-V, I have yet to see a single problem running CentOS on Hyper-V.

* CentOS Minimal requires manual network setup, which is fine, but there is no plug-and-play support. So whenever the VM is moved to a new Hyper-V server, the CentOS networking breaks (the solution is to manually assign a MAC address for the virtual NIC, rather than using the default "automatic" setting).

Re:Hyper-V or vSphere. (1, Interesting)

Anonymous Coward | about a year ago | (#43829185)

Considering that you are likely out of an educational institution, Microsoft likely provides you with free licenses for their products. As such, Hyper-V and SystemCenter would provide you with a fairly good experience that is easy to manage and automatically deploy based off of Active Directory. It is a solution that will likely meet all of your stated requirements and your other likely needs and wants in a package that is "good enough".

They are not free. They come with the price of an especially tight vendor lock-in (not just the virtualization product, but also the host system).

Re:Hyper-V or vSphere. (2)

TheRealSlimShady (253441) | about a year ago | (#43829399)

There is basically no lock-in to any virtualisation platform these days. They all use essentially open virtual hard disk formats and it's trivial to convert from one to the other. But you end up locked in anyway, as all your scripting & management is targeted at whatever platform you choose - be it KVM/vSphere/Hyper-V. So choose the one that makes managing it easiest for you. If you like bash, choose KVM. If you like PowerShell, choose Hyper-V or vSphere.

Re:Hyper-V or vSphere. (1)

BitZtream (692029) | about a year ago | (#43830089)

Moving Windows machines around different Hypervisors is generally non-trivial.

Re:Hyper-V or vSphere. (1)

FreelanceWizard (889712) | about a year ago | (#43830305)

Honestly, I've not found that to be the case. In most cases, you can disable the integration drivers in the guest, then move the VM to the new virtualization platform and start it back up. You may need to do a startup repair or in-place upgrade on an older version of Windows; Windows 7 (2008 R2) and 8 (2012), however, are fairly resilient.

The smoothest way to do it, though, if you've got the time, is to use the new platform's P2V tool to create a new virtualized VM based on the old one. This is how I've moved guests from Virtual Iron and Oracle VM to Hyper-V. In general, I'd say this is probably the smoothest way to move a VM running any OS to any other hypervisor, as it gives you a backup copy on the old hypervisor if needed and ensures that any special drivers are injected for the first startup.

Re:Hyper-V or vSphere. (1)

Flere Imsaho (786612) | about a year ago | (#43830211)

Also, if you go VMWare, be prepared for licensing hassles from Microsoft with regard to MSDN and other "deals". Actually, hassles doesn't do it justice. Microsoft licensing is a fucking nightmare. Do your homework or licensing will bite you in the arse.

Openstack (1)

Anonymous Coward | about a year ago | (#43829009)

I'd consider openstack for this.

CloudStack and XEN Cloud Platform (0)

Anonymous Coward | about a year ago | (#43829013)

CloudStack and XEN Cloud Platform.....known as XCP now thats free...... VMWare isnt FREE........

QEMU (1)

Anonymous Coward | about a year ago | (#43829015)

If they are IT students, install QEMU/KVM kernel modules, and let the students set up the rest.

The fact its all open source and mostly hackable without root rights makes it an ideal project to play with for advanced students.

If you have classes requiring this stuff, set up a few pre-made disk images and run scripts suitable for the classes involved.

Proxmox (5, Informative)

Anonymous Coward | about a year ago | (#43829029)

It's free and offers higher performance than VMWare (which as far as ESXi 5 goes) sucks.

You can create users with privilege levels as expected and you may also cluster several servers together (as you can with other solutions).

You can also do containers OR a full virtual machine depending upon the OS you are trying to emulate.

Give this a shot before paying for any of the software others have recommended. Our company has switched all virtualized servers to run on Proxmox hosts and the uptime is 100% with MANY users.

Re:Proxmox (1)

toygeek (473120) | about a year ago | (#43829383)

I came here to say this. Proxmox is very cool. I haven't had the opportunity to use it in a production environment, but the testing I did with it left me impressed with its simplicity and capability. It has node management built in and is laid out very logically. Definitely worth a look!

Re:Proxmox (2)

bprodoehl (1730254) | about a year ago | (#43829697)

Yes, +1 to Proxmox. Runs on commodity hardware, performance is good, cluster and backups haven't given me a headache yet. I'm running 100+ VMs across 5 machines, with about a dozen users, and it feels nowhere near its limit.

Proxmox++ (0)

Anonymous Coward | about a year ago | (#43830537)

I have been running it for several years for personal use and several uses of it professionally.

One of the better installs was a sensor for Tenable Security Center. For performance reasons we decided that we wanted a scanner on the same sub net for about 40 networks. So I built a centos container that had all of those vlans as interfaces to the machine.

I then installed an OpenBSD LVM machine and placed the container's management interface on a bridge that was only accessible internally to the machine. The end result is a scanner sensor that is still running to this day in an academic network with no compromises. It is running on a 16 gig Dell 1950.

For my home lab, I have a freenas machine running iScsi over two nics, and a dedicated nfs nic to a Dell C1100 with 2 2.8gig cpu and 72 gigs of ram. The secondary cluster machine is a dell 2900 and while there is a minor performance hit due to the older hardware, it works flawlessly.

I would try this out to see if your needs are met, and then purchase a commercial support license. Just do not skimp on hardware, and plan out your backend storage.
 

KVM (5, Informative)

Zeromous (668365) | about a year ago | (#43829031)

End of story, everything else here is overkill. KVM sounds just about right for your needs and is very stable and FREE.

You can provide people with a variety of images and single command to deploy them (without root). It's not even that hard to setup. The hard part really is setting up an LDAP server to meet your needs.

Re:KVM (4, Informative)

DarkOx (621550) | about a year ago | (#43829117)

KVM is great for a environment where everyone is being cooperative; and sorta knows what they are doing. It lacks the resource management and isolation features you'd want in an academic lab. You need to be able control how much storage I/O a single vm can use. You might have someone learning about networking even doing things purposefully that are going to slam CPU resources like creating loops in Ethernet topologies.

Yes you might be able to get some Linux hosts with KVM to what you need with cgroups, and limits, etc but its going to be anything but simple and manageable across multiple physical hosts without tons of scripting and testing on your part. Libvirt is still a moving target, so keeping everything working is going to be adventure as well. All the precursors to provide the experience vSphere and Xen offer are there but lets not kidd anyone about the work that is still needed to get there. It would be wonderful if original poster could offer the resources to do that and even better if it could get contributed back to the community but its a tall order.

Re:KVM (0, Troll)

Anonymous Coward | about a year ago | (#43829431)

you've never heard of cgroups, have you ?

Re:KVM (2)

Coram (4712) | about a year ago | (#43829521)

kvm itself doesn't really give you anything in terms of control or management features. That all comes from libvirt or ganeti or whatever you've got. We've been using ganeti for a while and it does a reasonable job for our purposes but it is still a long way off from being something i'd feel comfortable deploying for customer use.

If you ask me (2, Informative)

Anonymous Coward | about a year ago | (#43829033)

Xen with paravirtualized guests would be stable and scale well, as I understand it. There is Xen Center to do this, or you could get the new Debian 7, which is supposed to have good support for that out of the box as well. It has good manageability as I understand it.

But yeah, I'd be of the inclination to do your research rather than have us make the choice for you. We can only offer suggestions, but you need a good idea of what you want to do too. For example, IT students often don't have a good understanding of Linux, despite what you'd think.

You cannot mix production and playground (4, Interesting)

gweihir (88907) | about a year ago | (#43829049)

Virtualization will not isolate them against each other. For example, it is quite easy to saturate I/O from the playground. Then your production performance goes down the drain as well. Also, basically no plain virtualization is really secure, these things are fat too complex. Another reason not to mix different classification levels like production and playground. Maybe if you really, really carefully isolate them with SE-Linux, but then you still have things like VM-to-VM crypto-key leakage.

Re:You cannot mix production and playground (1)

Anonymous Coward | about a year ago | (#43829121)

vSphere has great I/O control tools available in it's Enterprise Plus licencing. It's ridiculously expensive but creating mixed production/sandbox environment on a single infrastructure without risking production performance is trivial.

Re:You cannot mix production and playground (1)

BitZtream (692029) | about a year ago | (#43830541)

vSphere has some great features, but that doesn't protect you from human error.

Just because you configure vSphere to properly throttle the playground doesn't mean someone can't easily come along and modify that resource in a horrible way.

Re:You cannot mix production and playground (1)

cultiv8 (1660093) | about a year ago | (#43829219)

Vagrant + Chef + Git. git clone, cd to directory, then vagrant up. Problem solved!

Re:You cannot mix production and playground (1)

Anonymous Coward | about a year ago | (#43829295)

I beg to differ.

With VMware for example, using a combination of DRS, Resource Pools, and Storage I/O control, you're easily able to handle resource contention without impacting production.

Re:You cannot mix production and playground (1)

mysidia (191772) | about a year ago | (#43829821)

Virtualization will not isolate them against each other. For example, it is quite easy to saturate I/O from the playground.

That is an architecture issue. Implement Vsphere Enterprise+ with Network I/O control, Storage I/O control.

Put the playground on different SAN LUNs from the production LUNs.

Place the playground LUNs backed by different physical disks on separate vFilers, and/or use FlexShare [netapp.com] to prioritize production workloads.

Leverage vShield App / vCloud networking and security, to ensure IT playgrounds don't have internet access, or the ability to export data or be used as a covert channel to escape the network; that they run on a separate vSwitch.

If you're really paranoid, use direct-mapped crypto hardware or CPU affinities to defend against academic timing attacks (at the cost of scalability and system performance)

Re:You cannot mix production and playground (2)

gweihir (88907) | about a year ago | (#43830271)

The timing and cache attacks are very much non-academic, unfortunately. As are the problems of generating good key-material in virtualized environments in the first place.

Your SAN proposal should solve the I/O issues, but it makes everything that more complicated as this has to be configured right, and that is _not_ easy and requires quite a bit of experience and skill. If it can be done at all without having the thing fail regularly for a while. It would be far easier to just have on production cluster and one playground cluster, as the playground is extremely hard to model, but at the same time not that critical. KISS applies. Virtualization increases complexity and its therefore a problem in itself. It only makes sense if there are significant benefits to be expected. Being buzzword-compliant is not a benefit, unless you have to cater to the whims of terminally stupid management.

Vagrant and Jenkins and Virtual Box (1)

Anonymous Coward | about a year ago | (#43829055)

Take a look at using Jenkins which is a continuous integration builder but can be customized to just bring up VMS as needed. Using LDAP for authentication , and vagrant for VM management, you should be able to get a decent setup going.

Jenkins can ask the user for system name, IP, etc, and pass those values on to a dynamically generated vagrant file used to instantiate the VM. Best part is that users can store their public ssh key in LDAP and Jenkins would automatically deploy it, giving the user instant access to their box

Re:Vagrant and Jenkins and Virtual Box (4, Funny)

cstacy (534252) | about a year ago | (#43829193)

Take a look at using Jenkins which is a continuous integration builder but can be customized to just bring up VMS as needed.

VMS? Cool!!

$ DEFINE/SYSTEM LNK$LIBRARY $DISK1:[PLAYGROUND]STARTER_EXAMPLES

Re:Vagrant and Jenkins and Virtual Box (0)

Anonymous Coward | about a year ago | (#43829365)

I want to see the x86 emulator running on your 11/780...

Re:Vagrant and Jenkins and Virtual Box (2)

gavron (1300111) | about a year ago | (#43829619)

/trans=(conc)

Sounds like a job for..... (4, Insightful)

Heebie (1163973) | about a year ago | (#43829125)

I think the closest thing you'll get to "out of the box" for what you're looking for is Apache Cloudstack running on Citrix XenServer for a hypervisor. With basic networking, you can keep things pretty simple. With advanced networking, you can allow your users to build virtual data centres. It can be 100% free open-source software as well, although if you get Citrix CloudPlatform, you get a couple of extra features, and support, but you pay for the support. You could be something similar with other products, but CloudStack actually has a pretty amazing amount of stuff that is just there already, and doesn't need configuring.

A REAL Answer.. (4, Informative)

Anonymous Coward | about a year ago | (#43829141)

There are a lot of options, and the OP is just asking for a general structure. Classic /. community fail to assume we are even dealing with someone that will be doing with implementation. This could be the director trying to get a ballpark before sinking their teeth in or a under-paid teacher, with little time, whto wants to make their students' learning environment better. I was the only one with a VPS in my classes, and thus the only one, in the end, who actually knew how to get anything done, outside of theory.

My rant to /. is over. Now to answer the OP:

The easiest way to get started would be Xen Cloud Platform + Citrix Xen Center. That alone will get you a free robust virtual hosting environment, but this will require you to set up a few VM templates and manually deploy to students. You can take this one step further by using OpenStack + XCP which will give you an API which you can use to build a web-front for student deployment. Some might already exist, but all the ones I am aware of are built around payment models.

As for users managing switches, I have no clue and good luck there. IMHO, I would VLAN and let OpenStack manage it. You can use the US Navy's network simulator [navy.mil] to teach concepts if you like. It even allows using tools like wireshark for real-world analysis experience.

Good luck, I hope you use this to make students more ready for the real world.

Re:A REAL Answer.. (2)

GPLHost-Thomas (1330431) | about a year ago | (#43830635)

As for users managing switches, I have no clue and good luck there. IMHO, I would VLAN and let OpenStack manage it.

VLAN used to be the common solution for networking with OpenStack. Though there are major drawbacks with that (limitation in the number of VLAN, hardware needs to support it, etc.), so these days, mostly everyone (me included) prefer the GRE tunnel solution.

OpenStack (1)

Anonymous Coward | about a year ago | (#43829145)

http://www.openstack.org/

Scalable to 1000s of machines, self provisionable, quota based. Runs on commodity servers.

linux and virtual box (3, Interesting)

Anonymous Coward | about a year ago | (#43829165)

I ran redhat 6.0 with virtualbox to 60 plus student doing computer science projects. The base was on a quad core with 16 Gb and local Tb storage. this worked great with ssh access. Adim was via nomachine and ssh.

Try the same in redhat 6.3 with redhat virtualization.

Openstack (1)

Anonymous Coward | about a year ago | (#43829173)

For self management of systems a private cloud solution is perfect. Openstack can allow each user their own projects to spin/tear down servers as needed in an easy to use interface as well as provide API access (nova or ec2). Usage tracking and quotas are built in to prevent too much over subscription and the system scales easily.

Fat Workstations, GNS3, and Virtualbox (1)

SmegTheLight (521218) | about a year ago | (#43829275)

If I understand your question, it sounds like you are trying to deploy virtual private clouds for each student to play and have full control over. Sounds expensive and complex. Have fun.

Having students use GNS3 and Virtualbox on workstations, with the containers / config stored in user directories sounds like an easier solution. This allows the students for complete control to spin up extra VM of any type, use real router/switch images, vlans, etc.. It also allows the students to totally bugger it up and only affect their local system. If you allow external storage devices, they can even take their environment home.

You will need some decent fat workstations. I can't comment on how well GNS3/Virtualbox will run under virtual/thin workstations, if at all.

OpenStack (4, Informative)

subreality (157447) | about a year ago | (#43829311)

The specific virtualization system you use doesn't really matter. You're looking for ways to manage it.

If you want to run your own cluster, check out http://en.wikipedia.org/wiki/OpenStack [wikipedia.org] , specifically the Nova, Quantum, and Keystone components.

If you want to do it efficiently you might also want to consider using it as a service. Other people are already selling OpenStack on a massive scale with levels of efficiency that you'll never touch. Rent what you need, see what works, and then start building your own in-house when (or if) you find things you need to improve.

oVirt (5, Informative)

Anonymous Coward | about a year ago | (#43829351)

www.ovirt.org

Full VM solution, for free. What more do you want. Easy to setup, easy to use, easy to control. It has LDAP integration.

Re:oVirt (0)

Anonymous Coward | about a year ago | (#43829479)

openQRM lets you create users, give them credits and let them create their own infrastructure in a graphical web-editor. Pretty nifty, and, of course, open source!

oVirt (3, Interesting)

new23d (2504790) | about a year ago | (#43829357)

oVirt, of course. It is the upstream of RHEV - which is Red Hat's offering, well polished and what not.

OpenStack (2)

buss_error (142273) | about a year ago | (#43829423)

What about Open Stack? For production, don't oversubscribe RAM. For a play ground, isolate them to one physical machine and let that machine over subscribe. I'm guessing but you can host about 20-25 virtual servers per compute node, you'll need a physical management machine, and if you do a lot of different images/want backups, you'll need a machine with a bunch of disk space or a iSCSI appliance. The open stack doc will tell you which iSCSI system will work.

Virtualisation (1)

Neo-Rio-101 (700494) | about a year ago | (#43829567)

VMware - best in class but can be hideously expensive if you start using vsphere, but support is great
Hyper-V - probably the most sensible way to go if you're just virtualizing windows
OracleVM - immature for prime-time on commodity hardware, but free to implement
SmartOS - is an OpenIndiana based solution where the whole stack runs in memory.
RedHat has implementations of their own virtualisation stack, and they also do openstack as well.

Re:Virtualisation (1)

mysidia (191772) | about a year ago | (#43829769)

VMware - best in class but can be hideously expensive if you start using vsphere, but support is great

I get the idea you have some issue with VMware's pricing?

Of course their per-2 CPU up front software license costs for vSphere Enterprise Plus at $6,990, and probably closer to $8k per host after SnS are higher than the cost of paying $2500 for a basic XenEnterprise license, or nothing for Hyper-V.

The Hyper-V solution is more appropriate for running a very large number of cheap servers with local storage, where VMware features VMware has a big lead over the competition such as DRS load balancing workloads, NIOC / SIOC, memory overcommitment, and many other enhancements don't provide value.

The vSphere solution is more appropriate for running very large expensive servers in many cases, where you need to get as much value out of the hardware purchase as possible.

There is also a risk component; and you could say the vSphere solutions in some cases are well more understood, so certain risk components are lower. Which goes back to the fact, that there is no such thing as a good return.... just different risk / return choices for different kinds of companies working on different kinds of projects.

If vSphere lets you get 150 equal-sized VMs loaded onto a server, where Hyper-V could have only gotten you 100 of those, then by definition, vSphere has provided you an incremental benefit of 33% additional capacity per server.

That is, you could take the price of your physical server, say $50,000 server, and say that above and beyond what Hyper-V does, the hypervisors overcommit features saved you $16,500 in hardware cost, and approximately $1500 a year in annual electricity consumption (heat generation, administration, and operationg costs).

If it cost you $8000 in additional licensing costs over free Hyper-V; Who cares? VMware vSphere is still the better choice in that scenario.

This is the key: Management of hosts matters, Overcommitment enablement features and contention management features, and performance advantages/overhead differences matter at scale.

Stop considering license prices, and start considering Total cost of ownership

In many cases Hyper-V won't be sensible. In other cases of different details, Hyper-V or XenServer may be clear winners :)

There may be other considerations as well --- like interoperability between clouds, that may favor one or the other.

Also, vSphere Enterprise Plus is not the only license level; Standard and Essentials+ are perfectly viable solutions in some cases, and comparing them to Hyper-V plus Systemcenter the TCO advantages is not defined to lie with one vendor or the other.

Nested virtualization (2)

shentino (1139071) | about a year ago | (#43829645)

Look into solutions that make use of nested virtualization.

If you want to create an IT playground that itself involves virtualization, being able to have nested virtualization will let you use VMs to confine the playground without taking away the VM toys.

VMware hypervisor for virtualization. (1)

mysidia (191772) | about a year ago | (#43829649)

I would point the best of breed solution for Tier1 production use, and getting the most out of your hardware: VMware vSphere vCloud Suite.

With other hypervisors, you get less hardware efficiency, because limited/less good overcommit options, more limited ability to efficiently mediate contention, and greater overheads.

Products:

Virtualization hosts: VMware vSphere ESXi Enterprise Plus with Distributed vSwitch -- provides you options that you can use to run production and IT playground side-by-side
VMware vCenter Server (Your infrastructure management)
VMware vCloud Networking and Security -- provides the ability to create isolated virtual networks using VXLAN
VMware vCloud Director (To provide users their management interface to their "Virtual datacenters" inside your environment)
VMware vCenter Orchestrator -- to automate the process of configuring these users

For monitoring; I would look to VKernel's solution, because VMware's operations management framework is fairly immature and requires huge amounts of RAM and other costs last I checked.

For backup; I would look very favorably towards SAN replication solutions; specifically NetApp SnapMirror + SnapRestore + SnapManager. Storage VMs using a storage solution that provides the required levels of backup for each workload.

Fallbacks being solutions like Dell AppAssure, Veeam Backup, unitrends, for lower Tiers especially like IT playgrounds.

For service management automation/ticketing and physical hardware level management, I would look a BMC's solutions or MS Systemcenter Service manager and Systemcenter Orchestrator.

I find myself in the unusual predicament of strongly preferring VMware's Hypervisor, but Microsoft's management solutions, especially for ITSM, because it seems like VMware does extremely well with virtualization, but not very well managing other layers; they have the whole "VMware Service Manager" offering, but it will probably whither and die.

Re:VMware hypervisor for virtualization. (0)

jcarr (20735) | about a year ago | (#43829725)

Funny Score:5

OP: You can do what you want with a simple install of ubuntu and 20 minutes worth of bash to get a prototype together. It works, it's fast, it makes sense and you will be much happier. Digital Ocean is built this way.

Re:VMware hypervisor for virtualization. (4, Insightful)

mysidia (191772) | about a year ago | (#43829857)

OP: You can do what you want with a simple install of ubuntu and 20 minutes worth of bash to get a prototype together.

Prototypes are easy; there are a lot of problems you don't have to worry about like bad neighbors on a VM host, or proper failover and reliability considerations.

The author said secure and manageable.

It's hard to imagine something as less manageable than "You have to write your own code" just to even get a working prototype.

And it's hard to imagine something less secure from an availability perspective than... "I just cobbled together some ad-hoc failover code in bash"

The OP question is too vague (1)

D1G1T (1136467) | about a year ago | (#43829921)

Will you just run Windows and Linux? If not, what? What is your budget? How complex will your virtual network be? What are your security requirements? What are your performance requirements? Are the vms more for desktop user or will they be network server? Do you need high-availability and live vm migration? Does your virtualization setup need to work with an existing storage solution? If you simply don't know, and want to get something quick, the easy, but expensive, way to go is vmware.

check cisco stuff (1)

i.r.id10t (595143) | about a year ago | (#43829925)

Someone - I think Cisco - has a server based application very similar to Cisco's PacketTracer - server based virtualization for both machines and networking equipment. Forget the name of it though.

According to use case, not Citrix, maybe VmWare or (1)

numdig (2932431) | about a year ago | (#43830021)

I'm a Citrix user and happy with it. But you might need something more flexible and dynamic. I get the feeling Citix is good for server virtualization (website, db) but when it comes to sandboxing, quick testing, ad-hoc group-as-LAN VMs associations (and isolation), quick vm addition, processor sharing (vs. dedicating a processor to one VM!)... I was quite impressed when I saw VMWare's capabilities (demo from colleagues in the US).

Look for a orchestration platform (1)

lotus87 (620338) | about a year ago | (#43830055)

Use a higher level orchestration platform that's cloud/hypervisor agnostic. As fast as IaaS are evolving, the only thing certain is that they'll keep changing. Amazon & others will expand APIs, and deprecate things, too. OpenStack is new, but still relatively immature. VMWare is mature, but bloated and designed for lock-in.

You'll want to design your VMs in a way that's agnostic to the underlying layers. That way you can migrate easily as cost structures change, or features evolve. You'll want to be capable of that evolution with no discernible change to your users.

If a key feature is LDAP, long-term you'll want a solution that has policy in place now, and runway for you to implement governance and controls down the line. It would also help to have automated monitoring, lifecycle management, notifications, API-based programmability, etc.

You can build the basics with chef/puppet type automation, but then you've got to implement LDAP, policy, & governance on your own.

I'd suggest products like ServiceMesh [servicemesh.com] , Enstratius [enstratius.com] , vCloud Director, and others. Most are pretty new. vCloud Director is designed to lock you into VMWare. Enstratius may stay relatively cloud agnostic now that Dell (its new owners) are dumping public cloud offerings. ServiceMesh is the disruptive startup with no IaaS alliances (at least until it gets acquired).

Re:Look for a orchestration platform (2)

GPLHost-Thomas (1330431) | about a year ago | (#43830651)

OpenStack is new, but still relatively immature.

I would have say that 8 months ago. Now, with the latest release (code name Grizzly, version 2013.1.x), we are up to a very good level, with quantum finally working correctly. For storage, I would suggest Ceph rather than Swift + Cinder. Thomas

nested virtualization (0)

Anonymous Coward | about a year ago | (#43830095)

I will suggest Nested Virtualization,

Example, if you install RedHat5 with Virtualization, and create a RedHat 5 machine with virtualization, you are done, they can create virtual VM, virtual Storage, virtual Switch.

You create one virtualized RedHat 5 machine to each person.

Alvaro.

Eucalyptus (1)

chrylis (262281) | about a year ago | (#43830119)

I'd suggest taking a look at Eucalyptus [eucalyptus.com] , an open-source cloud management system that's compatible with the Amazon EC2 APIs and thus pretty easy to script and automate for production resources and any of the students who want to play with features like on-demand load balancing.

No. (1)

Alex Belits (437) | about a year ago | (#43830517)

I suggest looking at the purpose of this thing -- then you will find out that whatever you are trying to build, is impossible (full emulation of a real-life network, secure sandbox environment, etc.), or does not require virtualization (everything else).

Obvious Answer (0)

Anonymous Coward | about a year ago | (#43830605)

I'd go ahead and implement the user authentification in CICS and would run automatically managed instances of z/OS Unix. According to IBM, mainframes give you the best value for your money.

Also, that way you could allow your students to play around with COBOL. Everyone loves COBOL!

gYOU FAIL IT?! (-1)

Anonymous Coward | about a year ago | (#43830763)

Legitimise Doing

Archipel (0)

Anonymous Coward | about a year ago | (#43830789)

Archipel + KVM has all your requirements:
LDAP management ACL, based on libvirt

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>