Meetings and Events

High Availability with FreeBSD Jails and ZFS, Isaac (.ike) Levy
2011-06-01 @ 18:45 - Suspenders Bar and Restaurant
Abstract

After 14 years of jail(8), its mature enough for "high availability" <P> Its been a long while since we heard a talk on FreeBSD jails from Ike.

In the 14 years since it was committed to FreeBSD, little has fundamentally changed with FreeBSD jail(8), yet the surrounding toolset has pushed jailed virtual servers to a level of noteworthy sophistication and polish- (as though any UNIX tool could really claim to possess either).

New and sexy jail(8) tools:

  • Jails as platform for HA/Failover Applications
  • ZFS for jails, in jails, between jails
  • Wild possibilities using HAST, and GEOM Gate
  • New run-time configurables
  • jid specification, smp cpuset, child jails, per-jail sysvipc and raw sockets, plus more...
  • Multiple IP`s, (ipv6 anyone?!)
  • devfs(8) and rc(8), teaching new warts old tricks

    Base material that will be covered (quickly):

  • How Jails Work, internals overview.
  • How to setup jails, a practical how-to, cooking show style...
  • When NOT to use jails
  • jail(8) security vulnerabilities, design considerations
  • Jails vs. Linux UML, XEN, VMware- technical and philosophical differences
  • Basic jailing tools and management practices

    Who wants jails?

  • System Engineers who need cost-effective high-availability systems.
  • System Administrators who need to securely separate feuding userland applications.
  • Software Developers who always need more dev machines.
  • Educators who need clean unix servers.
  • Anyone who wants to deploy virtual machines at the internet.

    Why do these people want jail(8)?

  • The design of Jail(8) and jail(2) are very secureable, and because jails use native system utilities,
  • they are simple to work with using common UNIX tools.

  • Media
    • [Event Audio] (Generously recorded and processed by Nikolai Fetissov)

    Speaker Biography

    Isaac (.ike) Levy is a Sr. UNIX Engineer at Tablet Inc., the cure for boring travel.

    Ike has always been obsessed with high-availability systems and transparent failover, mostly because he likes to sleep at night. Standing on the shoulders of giants, his background includes partnering to run a Virtual Server ISP before anyone called it a cloud, as well as having a long history hacking internet-facing applications on UNIX systems.

    .ike has been a part of NYC*BUG since it was first launched in January 2004. He was a long-time member of the Lower East Side Mac Unix User Group, and is still in denial that this group no longer exists. He has spoken frequently on a number of UNIX and internet security topics at various venues, particularly on the issue of FreeBSD's jail(8).