New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Xen or KVM
stirfriedpenquin
Member
in Help
DoanVPS has decided to expand from just OpenVZ to either KVM or Xen.
We currently use SolusVM and would be using that or Virtualizor.
Which one is better performance wise/ functionality/ and security?
Which one releases updates more frequently?
Which one is easier to install/troubleshoot (Not that this is ever a problem) ?
Thanks!
Liam P
Comments
You will buy Xen/KVM? or are you selling?
My bad, selling
Some people like Virtualizor or Proxmox for KVM, and some others like SolusVM for controlling XEN.
But again, many will use SolusVM, since it has a bandwidth monitor and easy to allocate the IPv6
Who's from Srilanka?
+1 for xen and solusvm
I am! Why?
Disclaimer: I am xen fan.
KVM is full virtualization, slower, even with virtio drivers, Xen can be PV, faster, but you can also use HVM for windows if you need which is about as fast as KVM is with the right drivers.
We tried hostbill with proxmox, it works but solus is better and more functional. You could also do KVM with solus. If you want something different, try cloudmin GPL, it is fun, but all the solus haters will then say it is too complicated even tho offers so much more in terms of freedom to run your VM as you wish.
Only place I found many Solus haters is here on leb. The only REAL reason is because you actually have to pay for it. It's still the best out there for most things by far.
Not a fan of cloudmin at all!.
Here strikes sman again!
Maybe we hate solus because they have PHP exploits 101, they take ages to release new features (people have been waiting for 2.0 for years and solus kept promising things like next month etc)
Maybe you should assume less, and either do more research or just don't say anything
Please provide me with the exact details of this exploit. Step by step as simple as possible since I'm not too bright. You say there are several so just pick one. I will verify it on my own server then come on here and tell everyone how smart you are for figuring out this exploit only you know about.
LOOOOOOOOOOOOOOOOOOOL
Your stupidity keeps surprising me again!
If you would have followed my advice
you would have found the main thread which is http://lowendtalk.com/discussion/11187/solusvm-vulnerability
Entire exploit: http://localhost.re/p/solusvm-11303-vulnerabilities
So can you please try stop being such a smartass and check the facts first before you start saying your random shit again, can you do that? Great, thank you!
No. The real reason is that SolusVM is a terrible piece of shit, to put it bluntly. Try having a look at the code behind it.
Goodluck finding something better.
KVM will get you more sales but you cannot oversell, performance is 10x better it's dedicated hardware.
Nothing else to choose from over SolusVM that has as many features,
KVM is easy to install, KVM bridge is difficult for a beginner, troubleshoot is the same as troubleshooting is the same as your own computer for VM's, on the host it's easy too.
SolusVM provide updates more then others.
Conclussion;
SolusVM > then any others yet to be
KVM > most wanted for premium VPS's (you'll get many sales if you offer cheap pricing for KVM VPS's (like we do :P)
KVM > overall
So you have looked at the code? How did you do that exactly?
That's what Ioncube decoders are for. I'm not going to go into any more detail on here, but sufficient to say that there's a whole lot of code in there that I would never ever run any server under my control.
Ioncube is quite a convenient way for them to try and hide how terrible their code is.
Which ioncube decoder? What version? What are the exact exploits you found? Please post them here so we can all learn from your insights. Or just explain the coding style to be exploited in general terms if you want. The exact technique and the exact outcome. Also how about some recent examples of hosts that have been compromised. I'm sure you will agree that is the best anecdotal evidence.
Just FYI, putting exploits out in public is bad idea. The more professional approach is that whoever finds any sort of exploit, contacts the developers to get it patched.
The idea is to help fix a product, not butcher it down to the ground.
But butchering it in this thread, without substance, is still ok, right? :-)
http://google.com/
I don't have the time to write up a giant article about what exactly is wrong with SolusVM, what exploits there have been, etc. etc. just because you can't be bothered to Google. There are quite a few well-documented cases of ridiculously simple SolusVM exploits, and finding a free Ioncube decoding service shouldn't take much more than 5 minutes.
If any of it were actually true then of course yes.
what makes you soo sure that there aren't any more exploits? There have been several in the past, which were patched. It doesn't mean it is 100% without exploits now?
I do not really know, but sometimes it just gets me thinking.
Solus was badly conceived from the start but they did patch up some holes and had some audit. I dont think it is more insecure than the majority of panels out there, but it has the potential to be exploited like any other. If we are to think of this we will all take a little land and plant tomatoes, nobody would be in computers except for fun.
Tempting.
And yes I agree - just because this control panel get more attention due to popularity it doesn't mean that other less widely used are more safe.
SolusVM <-> popularity <-> exploits
The same equation goes for microsoft windows.
Except that they both had an initial conception which excluded security. The design itself was flawed, they did come a long way in patching holes, but it would have been better if the security was planned in from the start.
Not to be rude, but a large number of SolusVM users I've seen wouldn't know the difference between good code or bad code if it bit them on the ass so it would be pointless for joepie to post examples.
By most standards 3 months would qualify as "recent" so the June SolusVM compromises and node wipings of CVPS, Host1Free, and RamNode would be 3 very recent examples.
Same reason I am sure that space aliens do not live among us. Because I see no evidence to the contrary. Of course people of low intellect such as some obvious ones in this thread will always believe otherwise.
Finally someone pointed out the blatantly obvious. Will never stop the haters from posting their FUD. They have probably never used Solus. Maybe bitter because they could never make that hosting business work and can't afford the $10 a month.
@HardCloud - did you equate KVM with dedicated hardware?
Answering original question, Xen PV is somewhat faster, Xen HVM and KVM are, roughly speaking, almost as fast. I use all types of Xen and KVM VMs, preferring to use KVM (native virtualization) when possible.
Both Xen and KVM are live projects. As for security issues, it would be interesting to see detailed comparison.
RedHat KVM CVE security entries:
http://www.cvedetails.com/vulnerability-list/vendor_id-25/product_id-19922/Redhat-KVM.html
QEMU CVE entries: http://www.cvedetails.com/vulnerability-list/vendor_id-7506/Qemu.html
Xen CVE entries: http://www.cvedetails.com/vulnerability-list/vendor_id-6276/product_id-23463/XEN-XEN.html
Other entries might easily be found. To me, KVM is pretty stable and secure at the moment.
Good trolling, congratulations.
There are quite many references to SolusVM exploits. Most "famous" ones, one of them resulted in thousands VPSes destroyed etc. have been published on localhost.re - visit that site and find details.
SolusLabs blog entry about that: http://blog.soluslabs.com/2013/06/16/important-security-alert-all-solusvm-versions/
Kind of epic WHT thread: http://www.webhostingtalk.com/showthread.php?t=1276286
My advice is to consult with security experts who looked at SolsVM code and know its intrinsics. Knowledge is power, make use of it.