On 09/06/2009 09:38 AM, 7v5w7go9ub0o wrote:
walt wrote:
[]
I don't use vmware but I do use virtualbox every day and I love it.
It's extremely fast even compared to kvm, which I also use on my
newest machine with hardware virtualization support.
Some questions, please:
1. How would you contrast these two packages for "security" use?
(I'm planning on setting up a server on my desktop, and would think
running it in a VM would be appropriate)
2. Should someone get a shell in either of these VM clients, would they
even be able to determine that they're not on hardware (using full
virtualization)?
3. Do the VMs see themselves as being on a LAN (e.g. 192.168.x.x), or do
they actually share the hardware with the host?
4. Do you communicate with them via, e.g. SSH and/or X?
I'm not a computer professional, so I'm not the best one to give advice
about security. I can tell you that both vbox and kvm are built on top
of a qemu base so they share a lot of code.
The principal advantage for vbox is its nice gui interface to the massive
list of qemu command-line options, and its highly optimized virtual graphics
driver, which is what make vbox faster than kvm.
If you don't need the fancy fast graphics driver (for your server) then
it's just about a tossup between the two, both being based on qemu.(Oh,
but vbox is very fast even without hardware virtualization support, and
kvm isn't.)
Networking is anywhere between trivial and a nightmare, depending on what
you need it to do. Both by default "just work" when a guest is talking to
the internet via your host machine, but then it's difficult communicating
with the guest locally. There are ways to do bridging, firewalling, making
a virtual lan between guests, and lots of fancy stuff, but then you really
need to know how to use all those fancy options (which I don't).
I use both of them to run Windows guests using the default network settings
(no custom configuration whatever) and I use samba on the host to share files
with the guests, which is very easy.
I suspect that running a virtual server might require some network tweaking
to make a decent job of it, but I'm only guessing.
I hope some experts can add to or correct the above.
