How does cloud foundry handle process isolation?

[benmccann]

If I setup my own cloud using the open source implementation provided on cloudfoundry.org, will each app that I deploy be run as a separate user? Or is there any of VMWare's virtualization technology in use here? E.g. would each app run in a separate virtual machine or anything like that? How can I configure the memory, cpu, and disk resource limits for each app? 

Thanks,

Ben

[Patrick Bozeman]

If your DEA is configured to run in secure mode, then each app runs as its own user and process isolation is used to protect them.  We are moving toward a model of using linux cgroups http://en.wikipedia.org/wiki/Cgroups when on linux, using the warden cgroup wrappers that are already in our source tree.  

VM based isolation for a single app is pretty heavy weight, but we have long term plans to provide this for apps that need/desire it.  (As opposed to the warden/cgroup work which is a near term project)

[Ben McCann]

Great thanks for the info!  I agree that virtualization would be heavyweight, but had to wonder if it was being used given that the project is sponsored by VMWare.  I was a bit worried about the potential overhead, but the approach you described makes sense to me, so I'll probably be adopting CloudFoundry over Openshift with that clarified.

Thanks,

Ben