Meetings and Events

High Availability with FreeBSD Jails and ZFS, Isaac (.ike) Levy

2011-06-01 @ 18:45 EDT (22:45 UTC) - Suspenders Bar and Restaurant +

After 14 years of jail(8), it`s mature enough for "high availability"

It`s been a long while since we heard a talk on FreeBSD jails from Ike.

In the 14 years since it was committed to FreeBSD, little has fundamentally changed with FreeBSD jail(8), yet the surrounding toolset has pushed jailed virtual servers to a level of noteworthy sophistication and polish- (as though any UNIX tool could really claim to possess either).

New and sexy jail(8) tools:

Jails as platform for HA/Failover Applications
ZFS for jails, in jails, between jails
Wild possibilities using HAST, and GEOM Gate
New run-time configurables
jid specification, smp cpuset, child jails, per-jail sysvipc and raw sockets, plus more...
Multiple IP`s, (ipv6 anyone?!)
devfs(8) and rc(8), teaching new warts old tricks

Base material that will be covered (quickly):

How Jails Work, internals overview.
How to setup jails, a practical how-to, cooking show style...
When NOT to use jails
jail(8) security vulnerabilities, design considerations
Jails vs. Linux UML, XEN, VMware- technical and philosophical differences
Basic jailing tools and management practices

Who wants jails?

System Engineers who need cost-effective high-availability systems.
System Administrators who need to securely separate feuding userland applications.
Software Developers who always need more dev machines.
Educators who need clean unix servers.
Anyone who wants to deploy virtual machines at the internet.

Why do these people want jail(8)?

The design of Jail(8) and jail(2) are very secureable, and because jails use native system utilities.
They are simple to work with using common UNIX tools.

Isaac (.ike) Levy is a Sr. UNIX Engineer at Tablet Inc., the cure for boring travel.

Ike has always been obsessed with high-availability systems and transparent failover, mostly because he likes to sleep at night. Standing on the shoulders of giants, his background includes partnering to run a Virtual Server ISP before anyone called it a cloud, as well as having a long history hacking internet-facing applications on UNIX systems.

.ike has been a part of NYC*BUG since it was first launched in January 2004. He was a long-time member of the Lower East Side Mac Unix User Group, and is still in denial that this group no longer exists. He has spoken frequently on a number of UNIX and internet security topics at various venues, particularly on the issue of FreeBSD's jail(8).

Event Audio (recorded and processed by Nikolai Fetissov)