OpenVZ has a number of unique features that can be effectively used in the following scenarios:
Contents
Improved security
Consider a Linux server used to serve mail, web site, and DNS. There are at least three different applications listening to and handling network requests, and any of them can contain security holes. Using OpenVZ, a server can be divided into three VEs, one for each application. Thus, if the DNS server is compromised, the other applications will still be left intact due to complete isolation between VEs.
Server consolidation
Having a separate physical server for each application is generally a good approach, it increases availability and improves security. However, separate servers lead to increased costs of hardware and collocation, and modern hardware is often underutilized in this scenario.
With OpenVZ, you can enjoy the benefits of dedicated server without such drawbacks. Create a VE for each application and use the existing hardware more efficiently. This approach can be deployed totally transparently to users using OpenVZ.
Development and testing
Developers often need access to several different Linux distributions to develop an application. Testing also needs to be performed on various software configurations. Therefore, testing and development groups often require a lot of hardware. Alternatively, using OpenVZ developers and QAs can create multiple partitions with different Linux distributions and configurations residing on one physical server. Each VE can have its own set of packages, system libraries, configuration files.
A better way is to use OpenVZ. You can use different Linux distributions for different VEs residing on one physical server. Each VE can have its own set of packages, system libraries, configuration files.
Hosting
- Isolated users
- A VE is like a real server, just very cheap
- Each user can have his own versions of applications
- Much easier to admin
Educational
With OpenVZ, a separate VE can be created for every student. Thus, each student gets their own root account and can do everything on their own server, e.g. experiment with firewall configuration rules (iptables).