Getting older, not necessarily wiser!
I have been worked with Proxmox for the past couple of weeks, and with libvert, directly and indirectly, for several weeks before that. And I now find myself asking this question. Are Virtual Machines (VM) and/or Containers really necessary? Because in many cases I am not seeing either an advantage or a need. And frankly, in some cases they are a hindrance and/or a liability.
I would be remiss in saying that there are some cases where Containers and VM’s do come in handy, are useful, and helpful. However that is not in every case. I bring this up, because when I started this journey most material I reviewed and studied in preparation, and troubleshooting, seemed to advocate putting everything in a VM or a container. And I have found that while this is certainly possible, in many cases this adds needless complexity.
In this post I will be discussing my various revelations that led me to the above question. And so as to not keep anyone waiting through a long winded repartee (which if you are like me, you do not care and are not interested in), my basic conclusion is that Containers and Virtual Machines are interesting, and are entirely appropriate for some tasks and conditions. This also implies that they are inappropriate and not really useful for other tasks.
I will state that in most cases this is a matter of personal opinion, which might not coincide with test results. But then again knowing the almost religious zeal some people approach things with, that last bit was not unexpected.
Me, I am trying to keep an open mind. And remember what follows is my opinion. Feel free to disagree or agree. It is not going to hurt my feelings one bit.
The biggest advantage I see to Containers and Virtual Machines is hardware. Specifically the need, space, and cost for hardware. As a personal example I went from six computer boxes down to two, while still running the same number of servers with no loss in capacity or efficiency.
I can’t say for a certainty that I would have experienced a cost savings, as most of my stuff came from thrift stores, garage sales, and donations. However simple math tells me if I had bought everything new, yes there would be a cost savings, aka buying two boxes instead of six boxes.
You could argue that this might be offset by needing more resources in the two boxes you do buy. But in my experience this is not so cut and dry. Monitoring my servers, most of them are running at idle most of the time. And generally any that might do some heavy lifting are not going to be doing it at the same time. Also, since I am running two boxes, a little judicious planning about what server goes on what box can also alleviate the issue.
Having services running in their own space can help you secure. Monitor, and control them. Many of the VM interfaces will allow you to monitor what each individual machine is doing and using.
One might argue that one does that with servers already? However with multiplying boxes, I tended to group compatible, or at least non-interfering, applications together on a single box, which made individual application monitoring a unique challenge.
Another clear win for VM and Container is the ease of creating a test environment. One can run multiple operating systems on a single box along with a totally virtual network. This has advantages for both development, pre deployment testing, and learning new systems.
This is a huge advantage, but it is also rather specialized. Back when I was working with computer based routers (PFSense, OpenWart, IPFire, etc) with various VPN’s, I set up multiple machines and an entire virtual LAN on a single box using Oracles VirtualBox Type 2 Hypervisor. And yes there was severe performance hits, which is why I am looking at Type 1 Hypervisors now.
While I want to stress that this is a great use for Virtualization technology, it is also kind of niche. Not everyone will want to be doing this kind of stuff.
Virtual machines and Containers can add a level of flexibility to your network. Though this is an advantage more for the home lab user, rather than your average user from the street.
As an example, I know someone who runs a virtual version of Linux alongside a virtual version of Windows. No dual boot options, just run the machine you want, or even run them both at the same time.
While I can see the value for the tinker and the experimenter, but in this case it is because that person prefers Linux, but needs some specific Windows applications for their job.
Let me say up front I am not an expert on this particular subject in relation to Virtualization. I am simply speaking from a common sense perspective.
First, Virtualization requiters additional application and interfaces. My security mantra is less is better. Less attack surface exposed, the better the security that can be maintained. What ever else one wants to say, virtualization does increase the exposed attack surface area of the system.
Yes, this can be minimized though various security measures, which generally means increased complexity and less access. At least every security upgrade I have ever been involved in provided those two items, most times totally unintentionally.
Okay, this is inter-meshed with an advantage (imagine that, a two edged sword). During the last two days I have run a few resource tests against one of my original server setups. This was the file/media/cloud server. I knew what the resource requirements were for the whole system, as I have been running it for several years.
My first iteration was to break out the various services into VM’s. And no surprise, this setup increased resource draw by about 10%. Not bad, and most of the time this was adequate. However the server did start experiencing lag with multiple video streams and file downloads going on at the same time. I will state that this was a contrived situation for the test, as it is very unlikely (but not impossible) to occur during normal usage. And yes a newer CPU, more memory, or faster network connection would probably resolve the issue.
The next test was the same setup, but using containers for everything instead of VM’s. This showed approximate 5% resource draw increase over the base. So Containers use less resources than VM’s. Again I was not surprised with the results.
My basic takeaway is that performance issues will be unnoticeable at lower hardware demands, but become more visible as demand increases. If you are thinking of moving to VM’s or Containers, estimating resources is not clear cut. But it is something you need to consider, and yes Containers and VM’s, while not significant, do require more resources.
We need to be honest here. In spite of what any number of tutorials tell you, working with containers and VM’s is more complex than working with non VM or Container equivalents.
Adding virtualization to your system will require becoming somewhat familar with a new skill set. And how much of this skill set you need to learn will be dependent on what you are trying to accomplish. Setting up a basic container or VM is not hard. Adding virtual networking and file sharing between instances, somewhat more complex.
Another complexity that arises is file system usage. If you are not already using them, are you ready to learn zfs, btrfss, or LVM? If you want tot take full advantage of virtualization, you will probably need to learn a new file system or two. And this is not just through the interface. You may need to deal with them though the command line if things go south.
Is everyone familiar with the term “server sprawl”? This becomes real easy when you don’t need to add a new box to add a new server.
Note that I am not talking about home lab experimentation. I am talking about adding permanent servers (whose usability or need is questionable) to your network. I know because I have some space on one of my VM servers, and I keep thinking “what can I use it for”.
Lets get to the bottom line here. Because virtualization appears to be here to stay. There are some instances where it makes a lot of sense. Then there are other instances where it makes no sense at all.
So instead of repeating the virtualize everything mantra, I urge one to stop and think. What advantages and disadvantages does virtualization get me in this particular instance. Believe me, if you honestly think about it, there will be both advantages and disadvantages.
I want to end this with a personal example. I virtulaized my file server, media server, and cloud server. Previously all three applications had been happily running on one machine. I was able to spread them across three VM’s, and latter three Containers. But I had to setup a method for the cloud server and media server to access the file server. Not hard, but an additional level of complexity. Another level of complexity was making sure things started in the right order.
I have decided to go back to the all in one concept, in this particular case, as it caused me less trouble. I have not made my mind up if I want to do a bare metal install or virtualize the whole machine. Regardless I am going back to a single machine because it is easier to setup and maintain.