Trying to understand how project isolation works in a SAAS platforms.
Trying to understand how project isolation works in a SAAS platforms.
By project, I am talking about a "virtual" instance. I get to use a computer on their server, but how? Are those virtual machines, or containers?
If the former, then why - given how virtual machines have a large overhead? If the latter, then containers have a low degree of isolation compared to VMs, right? I've also heard about K3 and K8 before, but I don't know exactly what they are, and what role they place here.
And speaking about either of them - how are they introduced through a backend - by using bindings? Or is there a port-equivalent to pass instructions, similar to how we connect to a database?
You're viewing a single thread.
It's VMs. The overhead is not nearly as bad as you think it is, especially with the highly tuned cloud hypervisors. I've seen dual EPYC monsters running 300+ VMs. Server CPUs are basically designed for that kind of workload these days.
Virtualization tech is really, really good. On my desktop, I have a VM that runs Windows+SteamOS with a passed through GPU, game on it and everything. You wouldn't know it's a VM. The overhead is so low that I just let it run in the background most of the time. When it's idling it basically just occupies RAM. You can't really feel the VM on the host either, everything is as responsive as usual. As long as there's enough resources for everyone, you can barely tell it's a VM or not.
Modern CPUs have extensions to handle it at the processor level, and most operating systems have good paravirtualized devices, so there's not a whole lot of overhead left other than the guest kernel and processes.
Never tried passing the GPU through. You use virtualbox or something else?
On Linux KVM is what people use for this. Not an option in VirtualBox.
Using VirtualBox is also how you get the impression virtual machines are slow and heavy. It served us well but it's essentially obsolete at this point.
The virtio devices and drivers are much better overall and optimized for performance. VirtualBox is optimized to be user friendly and run most operating systems easily. It's compatible but to do so, it relies a lot on emulating existing hardware. Virtio devices often rely on either shared memory for zero copy, or at least DMA and exposes higher level APIs. No point encoding and decoding SATA commands when you can just move raw data in and out of the VM.
We also have hardware with native VM support, so multiple VMs can talk directly to the network without going through the host at all. VirtualBox can't make use of those either, as it requires IOMMU and the same stuff that powers VFIO.
KVM + QEMU is where it's at. There's also cloud-hypervisor which is supposed to be even better for cloud use cases.