Xi6.org

XenServer (citrix) vs ESXi (vmware) vs Xen (opensource)

by on Aug.13, 2009, under Virtualization

A common question in virtualization, which option is better.

We’ll take a look at the top options. (HyperV and KVM aside because quite honestly they suck). Sorry if you’re using either of those as a virtualization solution — but HyperV is bloated and based on windows… and KVM by nature is very insecure. On somewhat of a sidenote, it’s quite unfortunate that there are so many people in the world that get “sold” by gimmicks, bulleted lists and various other hyped up garbage.

Lets start off with a basic comparison on XenServer vs Xen. Both of which are free. Xen is opensource, while XenServer is based upon Xen, it’s owned by Citrix. (It may be useful to point out that XenServer is similar to ESXi, where as Xen is quite a bit different from both).

Xen (opensource) requires a base operating system (Dom0). So for instance you would install Ubuntu or CentOS first, having a fully operating desktop machine. On top of that you would install opensource Xen and a virtual maching manager tool. You are then able to create virtual machines on top of your host OS. (While you don’t necissarly need to install the x-windows system on Dom0, it still requires a base OS as such).

The opensource Xen solution is probably a good solution for your home network. I used open source Xen on my single desktop machine (3TB HD, 4GB ram, Quad Core Processor). Which allowed me to keep my base Ubuntu installation for development, web browsing, and various other things I do on my home desktop. But also allowed me to create a media server for streaming music and videos to my PS3, a VOIP server to manage calls, a ZoneMinder server to monitor IP cameras and create a new test server when I needed to play around with other applications in a server environment.

Now looking at XenServer (citrix) and ESXi (VMware), both of which are “free” and have extra licenses you can purchase for several thousand (to several hundred thousand) dollars in order to open up some pretty cool “enterprise” features. While both can server a production environment quite well in their free versions, having used both, XenServer is a better solution. Both are a barebones/baremetal type hypervisor and take about 10-15 minutes to install. (Unless of course you run across some hardware incompability issues). But that may only be a problem with very old hardware or perhaps very new cutting edge technology.

XenServer itself has more free features out of the box, and is all around a better implemntation. One of the biggest features (though actually small), is that XenServer uses IPtables!! I can easily setup firewall rules on the hypervisor itself, helping keep my server SECURE. Where as with ESXi, the command console is VERY limited. I had to create an additional virtual machine firewall appliance, then connect my management console to the virtual machine and setup port forward rules from the virtual machine to the management interface. (So if the VM crashed, I was pretty much SOL).

Another great feature of XenServer is the ease of clustering up to 16 physical servers together! This allows for High Availability failover and high  workloads to be distributed to other servers in the cluster. It’s as simple as point and click, as well as a simple drag/drop to move one VM to another physical machine. (In HA mode, a failed server automatically migrates the VM’s to another machine). Though I believe HA requires an enterprise license.

ESXi itself doesn’t have much in terms of “cool” features, I found it kind of boring actually. I guess the only thing notable about ESXi is that you can run unmodified guests without too much “performance loss”. (Though I did find ESXi painfully slow compared to XenServer with the same Virtual Machines running).

Another thing I found is that with ESXi, creating VM’s was pretty easy; but duplicating a VM was time consuming. I/O operations are very sluggish on the system itself. XenServer allows you to template a VM so they can be duplicated quickly and easily once you had created the initial install of one VM. XenServer saves hours of time when it comes to this feature.

I guess it’s becoming pretty aparent that XenServer (citrix) is just better. On two identical physical servers (Dual Quad core processors, 16gb of ram), XenServer (besides having better management features) performed much better in comparison to the same VM installations on the ESXi host.

All VM’s were linux (CentOS) based. I don’t run windows for anything aside from the odd desktop machine here and there (if that). Though running windows hosts on ESXi is (i believe at the moment) easier then XenServer.

:, , , ,
11 comments for this entry:
  1. Risar

    Alright, I’ve got to ask what makes you think KVM is any more insecure or security issue prone than Xen or VMware ?

  2. swicknire

    Well currently with KVM and the way it’s implemented, if one host VM is compromised, it leaves the ability to gain access to the HOST and other VM’s on the machine… NOT good.

  3. sw0rd

    Hey, this has saved me lots of time looking all over the net for comparisons… for now let jump in to XenServer.

    thanks

  4. bmullan

    Swicknire

    >>leaves the ability to gain access to the HOST and >>other VM’s on the machine

    Just started looking at KVM and am interested in your statement?

    Could you explain how that could compromise the host..?

  5. swicknire

    With each VM not being isolated from the host it leaves the host vulnerable… no matter which way you look at it. The host and guests aren’t abstracted or isolated from eachother.. meaning that someone could potentially attack a weak guest to gain access to the rest of the system. (Not to say it can’t be kept secure by software patches and what not… but are you going to be responsible for all the VM’s on the host or do you resell VM’s?)

    In production I would stick to ESXi or Xenserver.

  6. Abbey Normal

    “Could potentially attack a weak guest to gain access to the rest of the system”

    what makes you think *any* of the other hyervisors are any different in this regard ?

  7. paul

    Will you please backup your statements about KVM security with more than just handwaving about “not being isolated”.
    From this http://avikivity.blogspot.com/2008/05/how-kvm-does-security.html description a cannot see why KVM is worse than others.

    cheers
    Paul

  8. Dave

    I am currently using VMWare server and am always interested to see how XenServer is faring…thanks for the info.

    I’ve experimented with KVM and found the management tools totally lacking. However, I believe your point about KVM being insecure is flat out wrong. There is no way for a KVM guest to get access to the host machine. Think of a chroot jail and then imagine it being 10x more secure.

    The only possible way to compromise the host would be if there is an bug/hole in the virtual network adapter — a vulnerability that both XenServer and VMWare ESX share with KVM. To my knowledge, there has never been a published breach of security via a virtual network adapter.

  9. kenrtx

    I know you mentioned the layers of application on the Xen side as far as needing an OS, then the Hypervisor, then your management tools, where XenServer is just a baremetal install.

    My goal is to find out which of the 2 perform better. My experience is only with XenServer and I love it. But what I also love is the Open Source community and it’s contribution to the tools available for managing it. I understand that XenServer has an API but I’m a network engineer and don’t want to write my own tools for it at the moment. (mainly user control, auto provisioning, etc.)

    So to me what it comes down to is performance. How much better is XenServer than Xen in performance and stability? How is the XenServer’s bare metal install anymore beneficial than the Xen install on a stripped down core install OS? XenServer though bare metal is still built on CentOS and built for 1 purpose right? Well couldn’t you achieve the same thing but building a minimal OS install?

    Something else to mention is that XenServer baremetal uses about 512mb reserved, which is good. Could you achieve this with Xen or would it require more?

  10. WebLock

    swicknire, I welcome you sharing your experiences – and as the earlier comments suggest, others have found both merit and challenges in your comments!

    A year on, how have your views evolved?

    Whilst VMware has enjoyed enterprise market leadership, other hypervisors have come to fill spaces in the market – and KVM has certainly moved-on
    {might VMware be seen as to InternetExplorer amongst hypervisors, and Xen or KVM as the Mozilla Firefox…?}

    For the community-written comparison of hypervisiors (covers features such as live migration, boot guest on separate partition), see the wikipedia entry: http://en.wikipedia.org/wiki/Comparison_of_platform_virtual_machines – an independent study would be ideal…

    Thanks again for offering your views, and for opening a discussion!

  11. goekmavi

    Very helpful comparison.
    I have a 64bit Windows system with 8GB.
    I plan to use Ubuntu as guest system. I will use the guest system to run some engineering Fortran codes. In terms of performance, which one of WMware and XenServer would you recommend?

    Many thanks

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Visit our friends!

A few highly recommended friends...