• Article for your preferred language does not exist. Below is international version of the article.

Article ID: 114232, created on Jun 28, 2012, last review on Jun 17, 2016

  • Applies to:
  • Virtuozzo
  • Virtuozzo containers for Linux
  • Virtuozzo hypervisor


This article describes the best practices and known limitations of Virtuozzo containers for Linux and Virtuozzo hypervisor.

This article will help you to better understand OS virtualization capabilities and choose an appropriate usage scenario for your Virtuozzo containers product.

Known limitations

Despite the higher densities and faster management operations provided by container virtualization as compared to hypervisor solutions, the fact that containers share the same OS kernel with their host leads to certain restrictions in their use. This section provides recommendations to follow when deploying and maintaining Virtuozzo containers for Linux. These recommendations are imposed by the nature of OS virtualization.

  1. Third-party drivers

    Virtuozzo containers for Linux and Virtuozzo hypervisor support the same set of devices as an upstream kernel. If drivers for certain devices are not included in the stock Red Hat Enterprise Linux distribution, it is necessary to recompile the drivers for Virtuozzo containers kernel manually.

    NOTE: It is necessary to recompile drivers each time a kernel update is installed. Perform extensive testing of recompiled drivers before installing them on a production system.

    Related Knowledge Base articles:

    • 111488 Which hardware is Virtuozzo hypervisor compatible with?
    • 111375 How to create driver disk for Virtuozzo hypervisor installation
    • 111113 How to compile custom drivers for Virtuozzo containers kernel
    • 114181 How to compile IBM RDAC drivers for Virtuozzo containers kernel
    • 6731 How to build HP-ILO modules for Virtuozzo containers
  2. Kernel modules and iptables

    Starting with Virtuozzo 6.0 update 6, loading IPtables modules can be initiated from containers. Details of the configuration are described in the documentation, Using iptables Modules in Containers. The global configuration option "IPTABLES" is marked as deprecated.

    For other kernel modules and for IPtables modules in the previous versions of Virtuozzo, Virtuozzo containers, Virtuozzo hypervisor, it is not possible to load kernel modules from inside a container; however, all modules loaded on the node are generally available for all containers. Virtuozzo containers for Linux, however, provides the capability to restrict several modules' availability for particular containers. These include IPtables modules and network device-related modules.

    Related Knowledge Base articles:

    • 113056 Managing iptables modules in containers
    • 113000 Issues with firewall on HW Node - Impossible to use ip_nat and ipt_state modules
    • 112493 [Info] Is IPSec supported inside Virtuozzo containers for Linux containers?
  3. Online migration

    Online migration of containers requires both source and destination nodes to match specific conditions in order to successfully restore a container's memory on the destination host. The destination node must have not fewer capabilities than the source node.

    Related Knowledge Base articles:

    • 113024 Online container migration product version compatibility
    • 113781 Online migration and checkpointing limitations for Linux containers
    • 113129 Preparing containers for migration
    • 111855 /vz over NFS: online migration does not work
  4. OS compatibility

    Virtuozzo containers for Linux and Virtuozzo hypervisor support most modern and popular Linux distributions as the host OS and the guest OS. It is possible to create custom OS templates; however, these OSes must use the same mainstream kernel as supported distributions.

    Related Knowledge Base articles:

    • 111921 Which OS templates are supported by Virtuozzo containers 4.7?
    • 112437 Host OS versions supported by Virtuozzo containers for Linux

Best practices

  1. Planning deployment and upgrade

    Before deploying or upgrading the Virtuozzo containers infrastructure, it is recommended that you review the relevant deployment guides, best practices documents, and recommendations.

    Related Knowledge Base articles:

    • 113433 Best Practices for Virtuozzo containers as an IaaS Virtualization Platform
    • 112499 Virtuozzo containers for Linux FAQ
    • 111815 Recommended resources for planning an upgrade from Virtuozzo containers for Linux 3.0 or 3.0 SP1
    • 112388 Is it possible to perform an in-place upgrade from Virtuozzo containers for Linux 3.0 to 4.7?
    • 112334 Upgrade Path from Virtuozzo containers 3.0 for Linux on CentOS 4 to Virtuozzo Containers 4.7 on CentOS 6.x
    • 112554 Upgrade paths for Virtuozzo containers for Linux 3.0 node registered in PBA-S

    Related documentation:

    Virtuozzo containers Deployment Resources

  2. Keeping server up-to-date

    Both host OS vendors and Virtuozzo are continually publishing updates to provide the latest security patches and stability improvements.

    Related Knowledge Base articles:

    • 1170 How do I keep a Virtuozzo containers installation up-to-date?
    • 1647 How do I update the base OS on a Virtuozzo containers server?
    • 111318 Which repository is safe to use with Virtuozzo hypervisor?
    • 111582 How to apply Virtuozzo containers updates on a spare node in an Active-Passive RHL cluster
  3. Configuring network

    Container hosting is inextricably bound to network services, which is why it is necessary to plan the network schema of containers, network topology, and provided services requirements.

    Related Knowledge Base articles:

    • 112961 How to create a container attached to two different networks
    • 113732 Power Panel on Virtuozzo hypervisor 5 best practices
    • 1004 Which ports should be opened on the Virtuozzo containers Hardware Node and Service Container?
  4. Backing up containers

    Make backups on a regular basis and periodically do a test backup restore.

    NOTE: Without a backup, there is no guarantee that customers' services can be restored after a failure.

    Read the below-mentioned resources and select a backup which suits your needs best.

    Related Knowledge Base articles:

    • 113790 Backups in Virtuozzo containers and Virtuozzo hypervisor
    • 8133 How to increase VA Agent timeouts for backup operations
    • 114248 How to move container backups to another server

    Related documentation:

    Virtual Automation Administrators Guide

  5. Mitigating failures

    It is necessary to be prepared for possible failures and to be able to quickly bring up a customer's services. There are several general recommendations which virtually eliminate the downtime of your customers:

    • Make backups on a regular basis and periodically do a test backup restore.
    • Consider deploying clustered servers and services.
    • Ensure Hardware Nodes have enough resources to host the required amount of services.

      In the case of a clustered installation, it is necessary to consider the total load on the server if all resource groups are failed over to a single machine.

    • Configure the environment to facilitate troubleshooting of failures.

    Related Knowledge Base articles:

    • 1449 How to handle a server crash scenario
    • 10049 How to handle a server hang scenario
    • 10041 How to set up a serial console to a Linux server
    • 10044 How to configure kernel crash dumps on a Linux server
    • 112599 How do I determine if my container is hacked/compromised?
    • 112807 UBC resources in Virtuozzo containers for Linux
    • 112740 Memory limits in Virtuozzo containers for Linux

    Related documentation:

Search Words

known limitation

firewall bare metal

best practice


2897d76d56d2010f4e3a28f864d69223 a26b38f94253cdfbf1028d72cf3a498b e8e50b42231236b82df27684e7ec0beb d02f9caf3e11b191a38179103495106f 0dd5b9380c7d4884d77587f3eb0fa8ef

Email subscription for changes to this article
Save as PDF