From the point of view of applications and Virtual Private Server users, each VPS is an independent system. This independency is provided by a virtualization layer in the kernel of the host OS. Note that only a negligible part of the CPU resources is spent on virtualization (around 1-2%). The main features of the virtualization layer implemented in OpenVZ are the following:
Any VPS looks and behaves like a regular Linux system. It has standard startup scripts; software from vendors can run inside a VPS without OpenVZ-specific modifications or adjustment;
A user can change any configuration file and install additional software;
Virtual Private Servers are completely isolated from each other (file system, processes, Inter Process Communication (IPC), sysctl
variables);
Processes belonging to a VPS are scheduled for execution on all available CPUs. Consequently, VPSs are not bound to only one CPU and can use all available CPU power.
The OpenVZ network virtualization layer is designed to isolate VPSs from each other and from the physical network:
Each VPS has its own IP address; multiple IP addresses per VPS are allowed;
Network traffic of a VPS is isolated from the other VPSs. In other words, Virtual Private Servers are protected from each other in the way that makes traffic snooping impossible;
Firewalling may be used inside a VPS (the user can create rules limiting access to some services using the canonical iptables
tool inside the VPS). In other words, it is possible to set up firewall rules from inside a VPS;
Routing table manipulations and advanced routing features are supported for individual VPSs. For example, setting different maximum transmission units (MTUs) for different destinations, specifying different source addresses for different destinations, and so on.
OpenVZ Resource Management controls the amount of resources available for Virtual Private Servers. The controlled resources include such parameters as CPU power, disk space, a set of memory-related parameters, etc. Resource management allows OpenVZ to:
Effectively share available Hardware Node resources among VPSs:
Guarantee Quality-of-Service (QoS);
Provide performance and resource isolation and protect from denial-of-service attacks;
Collect usage information for system health monitoring.
Resource Management is much more important for OpenVZ than for a standalone computer since computer resource utilization in a OpenVZ-based system is considerably higher than that in a typical sys