CentOS

I'm planning on getting 3-4 virtual machines on my new CentOS server. (High performing i7, 32gb ram etc.)
Is it sufficent to simply install virtualbox or equivalent, or are there better choices for stability and security?

I do need a graphical interface on my server.

Just to clarify.. This was posted to the CentOS 5 forum, but "new CentOS server" makes me wonder if you're actually using CentOS 6?

avij wrote:Just to clarify.. This was posted to the CentOS 5 forum, but "new CentOS server" makes me wonder if you're actually using CentOS 6?

This is indeed true, but I failed to find a suiting topic in the CentOS 6 forum. And I reckoned that it is not specific to CentOS 5 or 6.
If you feel that I put this under the wrong category do not hesitate to move it.

Ok, I moved it to CentOS 6 general.
Depending upon what you're doing with your virtual machines, KVM may be a better choice. It's less polished than VirtualBox in some ways, and if you're planning on using graphic interfaces with all machines, might seem slower, but if you're looking to, for example, run a few different types of servers, it seems to handle sharing memory better than does VirtualBox. The guide on the CentOS wiki is horribly dated but an article linked on the page is pretty simple to follow.
http://linux.dell.com/files/whitepapers ... e_easy.pdf

scottro wrote:Ok, I moved it to CentOS 6 general.
Depending upon what you're doing with your virtual machines, KVM may be a better choice. It's less polished than VirtualBox in some ways, and if you're planning on using graphic interfaces with all machines, might seem slower, but if you're looking to, for example, run a few different types of servers, it seems to handle sharing memory better than does VirtualBox. The guide on the CentOS wiki is horribly dated but an article linked on the page is pretty simple to follow.
http://linux.dell.com/files/whitepapers ... e_easy.pdf

"While Xen and KVM were running great on the new Intel CPU, Oracle's VirtualBox (the latest release, v4.2.16) was much slower than Xen and KVM. The benefit VirtualBox has though is means of guest 3D acceleration" - http://www.phoronix.com/scan.php?page=a ... ualization

Interesting, what about Xen vs KVM.. then?

You may also want to consider Xen4CentOS.

I'm personally running a few VMs with KVM on CentOS 5 (I don't need a GUI for these), and a few other VMs for testing purposes with VirtualBox on my non-Linux desktop computer (for testing GUI stuff). I'm quite happy with both.

Take a look at Proxmox

https://www.proxmox.com/proxmox-ve/comparison

Personally, I avoid running a FULL BLOWN Distro as the HOST, use a bare metal hypervisor and run ALL systems as VM Guests. You get better resource management PLUS you don't waste resources on the host os PLUS you get better security.

Or you could use the free version of ESXi if you just need a simple and robust BareMetalHypervisor.

vonskippy wrote:Take a look at Proxmox

https://www.proxmox.com/proxmox-ve/comparison

Personally, I avoid running a FULL BLOWN Distro as the HOST, use a bare metal hypervisor and run ALL systems as VM Guests. You get better resource management PLUS you don't waste resources on the host os PLUS you get better security.

Or you could use the free version of ESXi if you just need a simple and robust BareMetalHypervisor.

But how would I do if I f ex wanted all the virtual machines to use the same firewall rules, VPN etcetera?
How would this benefit security?

Having a PUBLICLY facing full blown distro is a security nightmare waiting to happen, adding a bunch of guest VM's just increases the "ouch factor".

Either run a "real" firewall in front of your VM Server (like PFSense or RouterOS or ASA or whatever flavor of dedicated firewall hardware you like) or run a "firewall appliance" (like PFsense or RouterOS or IPCOP) in a VM on your VM Server and then have all VM Guest traffic (both inbound and outbound) go thru that. With the latter choice, the key to minimizing the security vector is the fact that there isn't much in a bare metal hypervisor to be compromised (which can't be said for a full blown distro running a GUI no less).

vonskippy wrote:Having a PUBLICLY facing full blown distro is a security nightmare waiting to happen, adding a bunch of guest VM's just increases the "ouch factor".

Either run a "real" firewall in front of your VM Server (like PFSense or RouterOS or ASA or whatever flavor of dedicated firewall hardware you like) or run a "firewall appliance" (like PFsense or RouterOS or IPCOP) in a VM on your VM Server and then have all VM Guest traffic (both inbound and outbound) go thru that. With the latter choice, the key to minimizing the security vector is the fact that there isn't much in a bare metal hypervisor to be compromised (which can't be said for a full blown distro running a GUI no less).

Is it possible to enable the "bare metal hypervisor" to connect to a VPN, so all VMs are connected? Or do I need to do that in the router?