In a comment on a previous post silopolis recommended Proxmox. Since I am very interested in container based virtualization I decided to give it a try. My goal was to see if I could use Proxmox containers as a replacement for Xen. After some experimentation and research my initial impression is that it is probably not a suitable replacement. This is due to limitations in Open VZ and container technology rather to any issue with Proxmox.

Installing Proxmox was easy. I got it running quickly and with no trouble. The Proxmox web UI is well designed. It also has an API but I didn’t try it. I then installed the CentOS 6 template. That too was an easy and pleasant experience. I was able to SSH into the CentOS container and explore its configuration. Then I ran into a problem: security.

I wanted to configure my CentOS containers using the same strict security guidelines that I use for my VM based deployments. It appears, however, that containers only partially support this. With a bit of extra configuration they can support iptables based firewalls. They do not support SELinux nor a locked down partitioning scheme.  And that’s a problem. I prioritize security over performance therefore the container approach will not work for me.

If you need the performance benefits that containers provide and you do not want to implement such a strict security protocol then Promox containers could be an excellent option. Of course, if you run KVM virtualization in Proxmox you can configure them with strict security just as I do with Xen. My interest was in only in containers.

As container technology matures, I’m sure that strict security configurations will eventually be possible. In the meantime I will stay with Xen.

My thanks to silopolis for pointing out Proxmox.

Categories: Security, Software

Tags: Hypervisor, Proxmox