[xomb] r256 committed - Edited wiki page through web user interface.
codesite...@google.com
Author: transmethyl
Date: Thu Feb 25 14:21:44 2010
Log: Edited wiki page through web user interface.
http://code.google.com/p/xomb/source/detail?r=256
Modified:
/wiki/WhyAnExokernel.wiki
=======================================
--- /wiki/WhyAnExokernel.wiki Tue Oct 21 17:51:10 2008
+++ /wiki/WhyAnExokernel.wiki Thu Feb 25 14:21:44 2010
@@ -15,7 +15,7 @@
= Why the Market Wants an Exokernel =
-For years, operating systems such as BSD, Linux and Solaris have been
struggling to improve isolation in the system. Chroot and FreeBSD jails
have been developed to limit the damage a program can do in case of a
security breach. Solaris Containers and Zones, and AIX's WPARs take this
concept a step further, isolating processes use of in-kernel data
structures. This provides not just security isolation but also fault
isolation as even corruption of in-kernel memory is limited to a subset of
all active processes. Performance isolation is also provided because
policies can be set limiting the percentage of resources a single container
can consume, ensuring other containers continue to function at an
acceptable level of performance. All of this requires substantial
configuration effort on the administrator's part to set sane limits,
however.
+For years, operating systems such as BSD, Linux and Solaris have been
struggling to improve isolation in the system. Chroot and FreeBSD jails
have been developed to limit the damage a program can do in case of a
security breach. Solaris Containers and Zones, and AIX's WPARs take this
concept a step further, isolating processes' use of in-kernel data
structures. This provides not just security isolation but also fault
isolation as even corruption of in-kernel memory is limited to a subset of
all active processes. Performance isolation is also provided because
policies can be set limiting the percentage of resources a single container
can consume, ensuring other containers continue to function at an
acceptable level of performance. All of this requires substantial
configuration effort on the administrator's part to set sane limits,
however.
The many rewrites of the Linux kernel scheduler, in an attempt to balance
the needs of interactive and server workloads, is but one example of the
difficulty traditional OSes have had, trying to satisfy market demands.
Another (longstanding) class of systems, virtual machines, has recently
been thrust to the fore with the success of VMware and the advent of Xen.
Virtual machines are strong on the the Isolation front, claiming to be as
effective as separate hardware at isolation of performance, security and
faults. They also mix well with modern trends of storage virtualization and
large numbers of CPUs, and allow easy migration of processes and workloads,
with a general claim of reducing management complexity for large data
centers.
VM users also enjoy the ability to mix applications using different OSes
on the same machine. All of this comes at a price, however. Whereas
containers duplicated some kernel data structures, now entire OS images are
being duplicated including not just in-memory, but also on-disk data. Also,
due to the way that the traditional OS running on-top of the VM is kept
mostly intact (and separate from the user process), even paravirtualization
can only hope to approach to the performance of a native system; virtual
machines decrease performance, plain and simple.
VMs can be used to provide hot sparing and failover of applications (along
with their host OS) to handle fatal errors and exceptions. Exokernels
provide the same advantages, but due to tighter integration with the client
OS, have the added possibility of adding application restart to the error /
exception handling chain.