This journal is intended to document various solutions to computer problems that might be of interest to other people. The material is intended for people with a background in systems administration, but is not restricted to just administration problems.
February 26, 2010
P2V Firewall migration
This document describes some details of the process of taking an existing Linux firewall, and placing it into a virtual machine. Before we go on, though, it’s important to understand why we’d want to do this. There are benefits and drawbacks to a virtualized setup:
Benefits
- Improved reliability: migration to a new host computer reduces the # of active hardware components that can fail (and can help eliminate old hardware support costs).
- Reduced costs/consolidation: less redundant hardware also means reduced fan noise, power consumption, etc.
- Improved security: chroot jails allow access to the native hardware and host kernel more easily than a VM does.
- Improved use of remaining hardware: it’s less likely for the machine to be completely idle.
Drawbacks
- Performance is reduced for guests (disk and network I/O mainly; CPU if it doesn’t support full virtualization).
- Reduced hardware redundancy. While there are fewer parts to fail, the remaining hardware now has more roles to fill.
- Initial setup can be complicated.
I decided it made sense to virtualize the server in my case. After reading about Qemu/KVM and Xen, I selected KVM since I had previous experience with it, and because it wouldn’t require changes to the host environment (Xen a hypervisor environment which would have added complexity to the setup steps). (more…)
Comments Off