OpenVZ is an operating system (OS) virtualisation implementation that enables a physical server to run multiple isolated user space virtual environments referred to as containers. Containers are structurally comparable to traditional Unix chroot or jail environments, but provide much better isolation, security, functionality, and resource management.

The OpenVZ project is supported and sponsored by Parallels Inc. OpenVZ is licensed under the GPL version 2, and is the basis of the proprietary Parallels Virtuozzo Containers product. Since their initial release in 2001 (Virtuozzo) and 2005 (OpenVZ), both have proven to be efficient, stable, and secure virtualisation solutions on thousands of production servers. In fact, OS Virtualization is arguably the oldest and most widely deployed Linux virtualisation platform to date.

OpenVZ consists of a modified Linux kernel and several user utilities. OpenVZ adds advanced containerisation features to the Linux kernel which enables isolated groups of processes to run under a parent init process, along with about twenty dynamic resource management parameters for controlling container resource usage. Currently, the OpenVZ kernel aims to support the same hardware that Red Hat Enterprise Linux (RHEL) kernels support, and follows the RHEL kernels fairly closely. Consequently, the RHEL-based OpenVZ kernels are well suited for use on RHEL and CentOS hosts, although the OpenVZ kernel is less modular than the stock Red Hat/CentOS kernels with some hardware support being compiled in.

OpenVZ differs from both Xen and KVM in that it:

• supports Linux on Linux virtualization only.
• does not require VT support in the CPU.
• supports a wider variety of CPU architectures including x86, x86-64, IA-64, PowerPC and SPARC.

As an OS virtualisation implementation, OpenVZ is relatively lightweight in comparison to Xen and KVM, and offers a number of concrete benefits including:

• Performance: OpenVZ's virtualization overhead is negligible in most scenarios. Independent tests confirm that OpenVZ's performance is so close to native that it is often difficult to measure a difference.
• Efficiency: OS virtualisation requires less memory per instance and less duplication of resources. Homogenous guests do not require their own kernels as they would all be absolutely identical, and guests can often share copies of user space programs, libraries and even stacks of software.
• Scalability: being based on a single kernel model, OpenVZ is as scalable as the 2.6 Linux kernel and therefore supports up to 64 CPUs and up to 64GB of RAM. A single container can scale up to consume the full resources of the physical machine (ie, all the CPUs and all the RAM).
• Machine density: OpenVZ can host hundreds of containers on suitable hardware, the main limitations being RAM and CPU. Tests have demonstrated that a single physical machine with 2GB of RAM can support over 300 concurrent containers running Apache web servers at acceptable response levels.
• Resource management parameters: a larger array of parameters are available including several for memory usage, number of processes, CPU usage, container disk quotas, user and group disk quotas within containers, etc
• Dynamic resource management: it is not necessary to restart containers to effect changes.
• Mass-management: the administrator of an OpenVZ physical server can access all files and running processes in all containers on the system, enabling mass management using simple tools such as shell scripts. Alternatively, the administrator of a Xen system running 10 virtual servers who wishes to update a software package, for example, must log into each server separately and run the same update procedure 10 times.

OpenVZ delivers better performance, scalability and density because the physical host runs a single Linux kernel, while each container consumes only those additional resources necessary for running the specific processes or services inside them. Without the substantial overhead of running a full operating system in each instance, a basic container may add only 8-14 additional processes to the host node. Nevertheless, given appropriate resources an OpenVZ container can also handle much more complex applications involving hundreds of processes, such as a large multi-threaded Java application for example.

OpenVZ also provides advanced features such as checkpointing and live container migration across physical hosts. Migration does not require a shared storage backend, and instead uses rsync to copy container directory structures from one physical host to another. Two forms of migration are possible:

• Live migration: a container is from one physical server to another without shutting down the container. Using a process known as checkpointing, the container is frozen and its state saved to a file which is then transferred to another machine where it is unfrozen (restored). State is usually preserved completely, and the delay is typically a few seconds.
• Offline migration: the machine is stopped, migrated, and then restarted.

OS virtualization is well suited to environments requiring extreme scalability of concurrently running guests, particularly where the guests are either identical or at least all running the same operating system. A good example of such an environment is the mass hosting of virtual private servers (VPS). Conversely, environments where OS virtualization is not suitable include those requiring non-Linux operating systems, multiple kernel versions or highly customized kernels. Such environments are typically found where virtualisation is being used to consolidate of a heterogenous mix of server operating systems and loads.

Kernel developer Andrew Morton has identified containers as having very good prospects for inclusion in the Linux kernel, given the interest exhibited by a number of stake holders including IBM, Google and the OpenVZ Project. As part of a joint effort referred to as control groups (or cgroups), container features began appearing in the 2.6.24 kernel and more have been added subsequently. Several kernel subsystems including the scheduler and memory management have been modified to be cgroup aware. The cgroup effort is a consensus of all of its stakeholders, so OpenVZ is not being incorporated directly into the mainline kernel "as is". Nevertheless, the OpenVZ Project has clearly contributed a substantial portion of code to the mainline kernel. Until such time that the kernel's cgroup implementation is feature complete and stable, OpenVZ offers a proven and solid Linux OS virtualisation implementation.