There is something oddly pleasurable in a zen kind of way to be able to log into an
OpenVz container, and see a process list like this:
root@ldap:~# pstree
init-+-apache2---apache2
|-cron
|-slapd---3*[{slapd}]
|-syslogd
`-vzctl---bash---pstree
This is
everything that's running in our new OpenLDAP container at work, including Apache for running a web based user interface, which I could have just as well put in a separate container, but since this is unreachable from outside our firewal I thought that would be unnecessary paranoia. I don't need sshd, since I can always enter from the host node, and the only reason vzctl shows up is
because I'm doing just that at the moment. The nice thing about it is that I can tar up the entire root fs of the container and replicate it wherever I want, or for that matter migrate it while it's running to somewhere else. And of course more isolation is always nice.
I prefer OpenVz to
Xen mainly because it's easier to work with - the root filesystems for the containers are just ordinary directories on the host etc. Of course it comes at the cost of some reduced flexibility, such as the ability to run different kernels in the containers or the host. But Xen and OpenVz can co-exist on the same machine, so you can mix and match as desired.