Why do lesser number of providers offer OpenVZ these days?
Some seasoned providers like SecureDragon have openly said that OpenVZ still sells more for them then why do we see a decline in number of providers offering OpenVZ these days
- KVM provides more isolation & ability to run own kernel but does everyone need own kernel?
- Security vulnerabilities which got discovered in OpenVZ a few years ago but almost everything we run these days including the processors have vulnerabilities
- It could also be because IP addresses have become expensive & only those who own large IP space can afford to provide it? Because number of OpenVZ containers running on a node are much more than a KVM node with same hardware
- LXC has become part of mainline kernel?
Isn't it more difficult to keep abuse under check in bare metal virtualization like KVM whereas in OpenVZ it only takes a script like Nodewatch to do it?
Would do you guys think? Would love to hear from providers & users both
Recommend: SmallWeb|BuyVM|Linode|RamNode
Thanked by (1)Amitz
Tagged:
Comments
There is 1 very simple reason, slow take up and development for Virtuozzo 7/ OpenVZ by the main industry control panel developers i.e. SolusVM and Virtulaizor.
the issue was that for a long time VZ7 supported legacy VZ6 OS tmplates, then suddenly it only half did, then it completely changed even the way EZ templates are deployed (OpenVZ 7 templates).
This meant everything needed to be triple checked and a lot re-developed, I still don't think Virtuzlizor support EZ templates (solusvm do in beta branch).
Basically not enough clarity about the changes and difference in OpenVZ7, mixed messages on installation and licensing with virtuozzo 7 being a commercial product and even the OpenVZ 7 release being called virtuozzo 7, temnplate confusion, migration from openVZ 6 limitations and then slow control panel take up.
Basically a perfect storm of bad industry wide communication.
This in turn made hosts nervous and wanting to be ready in time for openVZ 6 EOL they took the hit and went pure KVM in many cases and then started hyping KVM like it was a 1:1 replacement (it really is not).
Then it was now 99% of the VZ7 issues are taken care of, EZ templates are fantastic now they are supported in solusvm and life is good in container land.
https://inceptionhosting.com
Please do not use the PM system here for Inception Hosting support issues.
In that case, why not switch to LXC? Proxmox offers LXC and it's great at keeping resource usage to bare minimum.
Somik.org - Server admins cheat codes
Well its not so simple.
If you have 10k VZ containers already, November EOL for VZ 6 is looming do you think you will do well to say to everyone you need to self migrate, there is a new control panel that works totally differently, if you also have none VZ products you also need to now maintain an extra login and you need to do that by the end of the month.
Or do you just try and keep things uniform and migrate everyone to VZ7 and continue as you were?
I mean for 50 +/- containers, yeah whatever, but when hosting at scale and without direct control/knowledge of each container, its not so simple.
Things got pushed right to the line on solusvm though, many felt the risk was to great and just kicked over to KVM, cant blame them, but VZ will re-surge as the budget leader again as it always has.
https://inceptionhosting.com
Please do not use the PM system here for Inception Hosting support issues.
@AnthonySmith 's first response: careful, my man, you need meds for my typo disease - it's contagious!
lowendinfo.com had no interest.
Still issues with newer templates
https://clients.mrvm.net
**
KVM has a higher demand VS openVZ if you are selling anything with more than 1GB rmm.
Security vulnerabilities which got discovered in OpenVZ a few years ago but almost everything we run these days including the processors have vulnerabilities
Not really. Ant hits it right, supprot by panel is super limtied and not enough documentation available. Specially with Virtuozzo getting the next push, chances are, at some point, support for the "free" version might drop.
LXC has become part of mainline kernel?
While LXC improved a lot, I still won't recommend for multi-user scenario. I personally don't believe that LXC is mature enough to compete with OpenVZ.
And the last bit, you can't just install Centos and then install OpenVZ any more. You will need to install their own .Iso, for a lot of overnight spring hosts, that's a lot of extra work.
Nexus Bytes Ryzen Powered NVMe VPS | NYC|Miami|LA|London|Netherlands| Singapore|Tokyo
Storage VPS | LiteSpeed Powered Web Hosting + SSH access | Switcher Special |
Demand on the host node?
Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow
User demand. Educated userbase likes and wants KVM. Everyday users don't really care. But every day users won't signup for a lot of providers that promote on LE world. Because some of us are "too" cheap.
LE customer base tends to be different than GoDaddy customer base and hence GoDaddy can get away by charging 20x more for the same features and specs.
Host node? OVZ and LXC are light AF! I can probably cram 10x more users on an OVZ/LXC node vs KVM (got no clue about OVZ7 though, @AnthonySmith would know better).
There was a reason why all the Mega Giga Ultra VPS plans used to OVZ based during the early days of Lowend Universe.
Nexus Bytes Ryzen Powered NVMe VPS | NYC|Miami|LA|London|Netherlands| Singapore|Tokyo
Storage VPS | LiteSpeed Powered Web Hosting + SSH access | Switcher Special |
I guess for OpenVZ, shared kernel means some restrictions (minor but still inconvenient at times) when your applications require certain kernel versions. At least that was the annoyance for me with OpenVZ 6. I also like to update all my stuff to the latest and greatest, including the kernel, and KVM suits me better in that regard. Of course, if you want a non-Linux OS, you need a KVM but that's probably the minority. I agree that abuse can be monitored a lot more easily with OpenVZ and it is also a lot more cost effective (translates into lower cost for end user).
I think I am ok with either, depending on use case. I generally prefer KVM because I want my latest and greatest kernel, but if I am just running an OpenSSH server or a backup storage server, then I think cost trumps everything. For my main box with my LAMP stack and stuff, I prefer going with KVM.
Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow
There should be no other than KVM and dedicated!!!!!!!
Selfishfolaif
I bench YABS 24/7/365 unless it's a leap year.
That's why LEB shitshows love OpenVZ. I used to not know the difference until kernel issues starting popping up with applications I was trying to install and upgrade. I think I rather pay more for KVM to minimise issues. At least if there are issues with my applications, I can troubleshoot and adjust right down to the kernel.
Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow
KVM would actually be a better option if you care about privacy. Especially if you are storing things like this,
Nexus Bytes Ryzen Powered NVMe VPS | NYC|Miami|LA|London|Netherlands| Singapore|Tokyo
Storage VPS | LiteSpeed Powered Web Hosting + SSH access | Switcher Special |
There's the option of LUKS encryption to mitigate that but KVM is definitely better out of the box. It's harder to oversell so that cuts down one potential performance problem on the host node, although it is much harder to see who is torrenting on the node. With OpenVZ you can easily monitor all the processes.
Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow
If I am bored enough, I can snoop through your Luks encrypted partition. Not saying most hosts would. But just saying.
There are ways to monitor torrenting with kvm as well. So is most other abuse monitoring. KVM vs XEN ve OVZ is an age old debate, just like OSx vs Windows vs *nix. Everyone has their favorite.
For ultra budget, OVZ will be the best bang for the bucks (I.e the LEBRE scoring ) and for everyday users, it is perfect. Does what is needed, up and running in a minute, works perfectly fine.
Overselling on kvm is no longer hard anymore either. Some of the well reputed hosts here do such and as I said, if done properly, it will be beneficial to both end user and host. (Not my cup of tea).
Nexus Bytes Ryzen Powered NVMe VPS | NYC|Miami|LA|London|Netherlands| Singapore|Tokyo
Storage VPS | LiteSpeed Powered Web Hosting + SSH access | Switcher Special |
You are right that the data is not safe when mounted. If not mounted then it probably is fine. That's the main downside of a shared kernel for sure. KVM is not immune, but it takes a lot more effort.
I don't think you can see the torrent processes in KVM since the box is pretty much fully isolated, although you can probably triangulate from the disk reading and writing patterns. I don't know what goes on under the hood, but I think I should be right in that the abuse monitoring in a KVM-based host node is more of an educated guess as compared to OpenVZ where you can clearly see which container is running what process.
Ultimately though, it is the one managing the node that makes the most difference, not the virtualization technology.
Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow
More or less correct! If this, plus that and this, aha! This is it. My homebrew script does a decent job identifying BS but I have the same old No dick policy, if you are smart enough to keep your usage under control, I wouldn't bother you at all. Don't get me in trouble, don't do BS, I guess is the standard policy (even though I am very proactive(
Ditto. If it is run by Jar, Fran, Ant and the likes of them, I will signup even if it is jailed SSH.
Nexus Bytes Ryzen Powered NVMe VPS | NYC|Miami|LA|London|Netherlands| Singapore|Tokyo
Storage VPS | LiteSpeed Powered Web Hosting + SSH access | Switcher Special |
OpenVZ 7's pretty OK.
Its by no means my favorite setup, and I wish it supported Debian, but it's a lot better than 6 was.
For the life of me I can't get live migrations to work with the new system though and I had to use the old vzmigrate w/ some modifications.
Francisco
because KVM
LXD looks promising. I've been giving it a try.
Has anyone tried it? What has been your experience so far?
LXC really isn't designed for multi tenant usage.
While they have unprivileged containers, its missing other key items that proper multi tenant systems need.
Francisco