How FreeBSD VPS v3 Provides Privacy and Protection
FreeBSD VPS v3 provides a private and protected area that operates as an independent server. FreeBSD VPS v3 behaves as if it
is, in fact, a stand-alone physical server offering excellent security, performance, and flexibility.
Operating system-level server virtualization creates isolated, secure virtual environments on a single physical server.
Server virtualization enables better server utilization and ensures applications do not conflict. Each account performs and
executes as a stand-alone server. You can simulate a reboot of your FreeBSD VPS v3 account independently and configure account
root access, users, memory, processes, files, applications, system libraries and configuration files.
Your FreeBSD VPS v3 behaves as a stand-alone FreeBSD server. It has standard startup scripts, and software from multiple
providers can operate in the account without modification. Change any configuration file and install additional software.
The file system, the processes, Interprocess Communication (IPC) mechanisms, and configuration are always fully isolated from
any other account. Processes which belong to your account are scheduled for execution on all available processing power.
Your FreeBSD VPS v3 includes its own IP address. The network traffic of your account is isolated from all other accounts.
Traffic snooping is not possible.
Resource management controls the amount of resources available to your account. This enables the Quality of Service (or QoS)
to meet the service level agreements associated with your account. The operating system-level server virtualization also
provides performance and resource isolation which protects your account from abuse by other accounts on the same physical
machine.
The isolated environment of the FreeBSD VPS v3 is established by creating a server sandbox. Each FreeBSD VPS v3 has its own
complete directory structure, a virtual file system, its own set of independent applications (Web server, mail server, etc.);
security that limits one FreeBSD VPS v3 from interfering with, or even seeing, another FreeBSD VPS v3; and advanced resource
management, which controls how system resources are shared among FreeBSD VPS v3 accounts.
- Functional Isolation -- Each FreeBSD VPS v3 (and the applications that run on it) are configured independently. Customers
have full administrative control, including the ability to install, customize, and run almost any custom or off-the-shelf
application. Additionally, customers have complete control of their FreeBSD VPS v3 configuration and settings.
- Fault Isolation -- Similar to separate physical servers, a fault in one application running within a FreeBSD VPS v3 account
does not affect any applications running on other VPS v3 accounts on the same physical server.
- Performance Isolation -- FairShare technology manages how each FreeBSD VPS v3 uses system resources like the central
processing unit (CPU), memory, and network connection, which protects each FreeBSD VPS v3 from the misbehavior of others
on the same server.
Operating System-Level Virtualization Features
The software architecture of operating system-level virtualization is different from traditional virtual machine
architecture because it always runs the same operating system (OS) kernel as the host system. It does this while
continuing to enable multiple FreeBSD distributions in individual FreeBSD VPS v3 accounts.
This single-kernel implementation technology enables you to run FreeBSD VPS v3 accounts with near-zero overhead.
FreeBSD VPS v3 accounts offer an order of magnitude higher efficiency and manageability than traditional virtualization
technologies.
Each physical server utilized by FreeBSD VPS v3 is divided into small computational partitions. Each partition operates
as a real, physical server. For Unix-like systems, FreeBSD VPS v3 technology is similar to an advanced extension of
the standard chroot mechanism.
Operating System-Level Virtualization
From the point of view of applications as well as FreeBSD VPS v3 users, each FreeBSD VPS v3 is an independent system.
This independence is provided by a virtualization layer in the kernel of the Host OS which is an operating system
installed on the Hardware Node (HN), a computer where the Operating system-level virtualization is installed for
hosting FreeBSD VPS v3 accounts.
Note: Only a small portion of the CPU resources is spent on virtualization (approximately one or two percent). The main
features of the virtualization layer implemented in operating system-level virtualization are the following:
- Any FreeBSD VPS v3 looks and behaves like a regular FreeBSD system. It has standard startup scripts; software from
multiple providers can run inside a FreeBSD VPS v3 without operating system-level virtualization-specific modifications
or adjustment.
- A user can change any configuration file and install additional software.
- FreeBSD VPS v3 accounts are completely isolated from each other (file system, processes, Inter Process
Communication (IPC)).
- Processes belonging to a FreeBSD VPS v3 are scheduled for execution on all available CPUs. Consequently, FreeBSD
VPS v3 accounts are not bound to only one CPU and can use all available CPU power.
Network Virtualization
The network virtualization layer isolates FreeBSD VPS v3 accounts from each other and from the physical network:
- By default, each FreeBSD VPS v3 has its own IP address.
- At all times, network traffic for one FreeBSD VPS v3 is isolated from the other FreeBSD VPS v3 accounts. In other
words, FreeBSD VPS v3 accounts are protected from each other in the way that makes traffic snooping impossible.
Resource Management
Resource management is important for FreeBSD VPS v3. Utilization of the resources available on your account is
considerably higher than that of typical computer system. FreeBSD VPS v3 resource management controls the amount of
resources available to each FreeBSD VPS v3 account. The controlled resources include such parameters as CPU power,
disk space, and a set of memory-related parameters. Resource management enables your account server to efficiently
provide the following functions:
- Share available resources among individual accounts.
- Maintain a server’s part in network Quality of Service (QoS).
- Isolate performance and resource isolation.
- Protect the server from Denial of Service (DoS) attacks.
- Collect usage information for system monitoring.
Skel Package
The provisioning system pre-configures each FreeBSD VPS v3 account with the following core services residing on the
virtual private server account:
- Web - Hypertext Transfer Protocol (HTTP) and HTTPS.
- Email -- Simple Mail Transfer Protocol (SMTP), Post Office Protocol (POP), and Internet Message Access Protocol (IMAP).
- File Transfer Protocol (FTP)
- Shell access tools -- Telnet, Secure Shell (SSH), cron
These core services are managed by support staff, but can be configured by the customer to run according to their
specific needs. Our support staff will provide basic instructional support for configuring and using the core services,
as well as maintaining the system functionality of these services free of charge. We reserve the right to adjust FreeBSD
VPS v3 resources as required to preserve an optimal operating environment for all FreeBSD VPS v3 customers.
By default your new FreeBSD VPS v3 account is pre-configured as a Web and email server. Your account begins as a
copy-on-write (COW) image of a technician-tested, basic FreeBSD installation. However, you can configure your
FreeBSD VPS v3 account to provide additional services.
Copy-on-Write
FreeBSD VPS v3 fully utilizes the advantages of a Copy-on-Write (COW) file system. As you update and customize the
server, FreeBSD VPS v3 continues to use central files maintained by our developers through file system overhead with
skel. The COW file system ensures that your server has relatively unrestrained access to system resources such as
Random Access Memory (RAM). Over time, files which are unique to your own server and configuration can change to suit
own your needs.
The COW file system is especially important for virtual memory operating systems; when a process creates a copy of
itself, the pages in memory that might be modified by either the process or its copy are then marked copy-on-write.
When one process modifies the memory, the operating system’s kernel intercepts the operation and copies the memory.
It does this so that changes in the memory associated with one process are not visible to any other processes.
The ability to sparsely use memory is an important advantage of the COW file system. This advantage is because the
usage of physical memory only increases as data are stored in physical memory. And this enables efficient hash tables
to be implemented. The hash tables use only a little more physical memory than necessary to store the objects they
contain.
Ports Collection
Your FreeBSD VPS v3 account supports the FreeBSD Ports and Packages Collection, an open packaging system for FreeBSD.
Each FreeBSD VPS v3 contains the Ports Collection already pre-installed and ready for use. Almost all of the over
16,000 ports and packages available through the Collection can be installed on FreeBSD VPS v3 using typical Ports
Collection installation methods.
|
