Virtual Machines: Linux,Mac os X, Windows

Fellow Syndicates

As a student in operating systems and compilers I need a setup where I can quickly switch to different operating systems. I currently own a macbook pro with both os X and windows. My desktop is running Linux and windows. I am now looking for an option to install a main operating system (mac os x, windows or linux) and run VM's for the other two operating systems.

I am currently looking into virtualbox in linux to do just that. I have experience (and a licence) for VM Ware workstation on my windows computer. I am hesitating installing a main Windows installation with linux and os x in vm's or another main OS.

What do you guys suggest as a main OS in combination with a VM workflow.
Please give a professional opinion with reasons why not. Preferable performance related answers.

Best,
Enias

If you are to go for a Linux main machine then you should try QEMU/KVM virtual machines. They do give you much more options than Vbox and the possibility of hardware passthrough, even though not as simple as Vbox and has a bit of a learning curve.

Then if you want to go really hardcore in virtualization there is always XEN.

I would suggest linux.. Its options are a bit more flexible.. plus combining it with a QEMU VM env opens a world of possibilities.... Hmm consider a XEN server on SUSEserver maybe? why not hahah?

Unless you hack the bugger out of the VM software OSX can't be installed as a guest OS to my knowledge. It's possible and not particularly difficult, just not officially supported. I'm only aware of OSX working on a modified version of VMWare Workstation.
If it does work with Virtual Box I'd go with whichever operating system that you want to specialise in.

Generally speaking, I advocate running Linux as the main OS, with QEMU and KVM installed to run others. I'd also recommend looking at Docker containers.

Link: https://www.docker.com/

I'll link through here to an earlier VM topic reply from @Zoltan

Quote
"I'm not replying to your post specifically here, but there is an important factor to the whole discussion on dual booting versus virtualization, and using Windows on bare metal!

There are many reasons to NEVER EVER install MS-Windows on bare metal on any machine:

The SHA-2 update for Windows 7, which just came out last patch tuesday, requires MS-Windows to boot directly, because it needs direct bare metal access from the Microsoft bootloader, and refuses to install and gets into an endless install loop when another bootloader is used. Why? Maybe because Microsoft needs to make sure that the hardware is flashed directly from something in their closed source code? Microsoft says that the installer just needs to read something from the Microsoft bootloader (which then isn't used and the thing works after another bootloader is used after the install, so that must be really important, to read something from an unused useless piece of software that isn't part of the main system). Who cares, the reason why is not exciting, the fact is that Microsoft implements a hugely unsafe procedure, making a very important feature implementation like SHA-2 dependent on a readout from the Microsoft bootloader, the arguably most targeted piece of software on any PC that ever had Windows installed on it. Only solution here is to never ever install Windows on bare metal and keep it in a VM, where this problem does not present itself, because in the VM, Microsoft Windows "thinks" it has bootloader access, because the bootloader is faked by the virtualization engine.

Another thing is secure boot. Contrary to popular belief, Secure Boot does not need to be disabled to install Linux. In fact, Secure Boot works better with Linux than it works with Windows, because Linux has an extra/better security layer it builds upon Secure Boot in comparison to Windows. In fact, for all BIOS'es, the code has to be transferred to the Chinese government before the production or distribution in China is allowed, and many of those BIOS'es are available on the internet, they are mostly leaked through either Hong Kong or Taiwan. There is actually a Taiwanese site that puts all BIOS codes online, for any hacker to have a go at it. That includes the Microsoft keys that are implemented in Secure Boot, and that Microsoft has already had to change twice because the leaks that obviously were exploited by hackers reached the press. This happens several times a day though, but Microsoft only reacts when it reaches the press. In Linux, you can actually keep your system clean, because you can install from a hashchecked ISO downloaded from a secure site, burned onto a DVD (or a USB stick, which obviously is way less secure), then install the machine offline (of course a machine that never had Windows installed before or never was online, even if you change the hard drive, once Windows or other closed source software was installed, might as well throw away the machine if the object is to have a secure machine), then (still offline) delete the Microsoft keys in Secure Boot, and replace them with your own keys that nobody else has and that you've made yourself, then restart the machine with those keys, and connect the machine to do updates and stuff. That procedure gives you a reasonable chance to not have a machine that is infected with spyware from different governments and organizations. Then you can worry about firmwares and othet closed source code in the next phase, but open hardware is available in decent quantities these days, and so are dev kits that allow you to flash any chip you would like in hardware that is just as powerful as insecure hardware, except for PC graphics and x86 CPU's to a certain extent that would lead too far. If you have ever had MS-Windows installed on the bare metal, you can be 100% sure that there is undocumented software in the very deepest bottom of your system that won't be easy to get out and that you basically don't want there. Microsoft has had to justify the discovery of such software before the EU parliament, but has always failed to do so. They have denied by formal statement without answering precise questions (remember the incident where Linus Torvalds' father, a member of the committee, mentioned the role of the alphabet organizations with regards to operating system software, that was in the Microsoft interrogation, where Microsoft only sent two lawyers with written statements instead of properly cooperating), and when the EU threatened to prohibit MS-Windows because it's not safe, Microsoft promised to open "transparency stores" all over the world to provide governments with source code access, but they have never kept their promise outside of the US, because their software falls under the Patriot Act, and they just can't, so that's more than proof enough. China has had the same request as the EU, and when Microsoft didn't come through, they did huge razzias in Microsoft settlements in China, and confiscated servers and storage. Microsoft still didn't come through...

You don't need a huge amount of intelligence to smell doodoo when it's in front of your nose... Microsoft is rubbing it in everybody's face and many people still don't smell it... sad really... of course, it's perfectly possible to use MS-Windows for what it is, if you have money enough for disposable hardware, you can perfectly use MS-Windows for what it is, a software console that is a security and privacy nightmare, and that is basically a weapon that can be used against you and others by alphabet organizations and private hacker armies as long as it is connected to the Internet. I have a dedicated gaming machine, it's actually on a separate network for Windows PC's. That networks also gets used through passed through NICs, by Windows VM's on linux hosts, which are used for business purposes sometimes. It is a separate multisite VPN and insulated from the normal network and VPS/VPN. That way, when there is a problem, the plug can be pulled on everything Windows in terms of connectivity, without losing any functionality for the main systems, so that my businesses are safe, well, safe is very relative, but thousands of times safer than if there were a weakest link courtesy of Microsoft or other closed source malware. I'm not saying everyone has to care about that, not everyone needs computing power for their business, not everyone has a legal obligation to keep data confidential and has an insurance company that imposes very strict rules, etc... Many people won't even realize they've been dependent on Linux until SteamOS comes out officially in November 2015, and will be using Linux on systems that have Microsoft code on them for years, and SteamOS is not all open source either, it will not cause any problems, and for those people, I think that dual booting on separate storage devices is the best solution, because it offers the most flexibility (you can hit F8 or F12 to pop up the boot menu when powering on the system and bypass the bootloader by directly booting from any disk, which is a solution even Microsoft recommends for dual booters than don't want problems like the aforementioned SHA-2 update problem, not that it's a good or even acceptable solution, it's crap, but hey, time is money, if you're going to use Windows on bare metal, no use in complaining about details when you've submerged yourself in the system anyway, might as well go with it and make it as painless as possible).

There is nothing "ultra safe" about running linux in a VM on a Windows host. It's just about the negation of every reason you would use Linux for in the first place. If you're not bothered with security or performance, just don't use Linux, keep using Windows. If you want more security and performance, never ever install Windows on bare metal, don't dual boot it either, just use it in a KVM in linux, and install linux as bare metal host OS, because that's the only way to enjoy the extra performance of linux. Microsoft has submitted 20000 lines of code (open source) to the linux foundation, and that code (which is way too big for what it's worth, but then, the linux kernel is pretty bloated already, who cares that Microsoft can't code efficiently, it's not like that's news) was merged with the linux kernel, and provides extra performance and compatibility potential for running Windows in a VM on a Linux host. There is no such thing in HyperV, and HyperV doesn't even come with normal Windows versions, so you have to pay extra to run a free operating system in Windows, and you don't get to see any performance... it's just a bad deal, not only a security black hole, but also a huge misrepresentation of the capabilities of Linux. MS-Windows actually runs faster in a KVM container on a Linux host than on bare metal, so that's a direct performance benefit.

Those that want safety/privacy and performance, have to go through the process of never installing Windows on bare metal, installing Linux, changing the Secure Boot keys (because Secure Boot is not a safety feature for Windows, it's a liability, because once software is signed with the Microsoft key that everyone and their dog have, the software, even if it's malware, will be trusted by the machine and executed, and - yet again - that might compromise even a perfectly inherently safe Linux install). Microsoft Windows is the main and almost only vector by which malware can affect Linux systems. If there were no MS-Windows, it would practically be almost impossible to infect or get into any Linux system. Linux systems that are infected, are mainly infected through the bootloader, which is infected because MS-Windows is also used on the system. That is just fact. There is also no need for anti-virus softwares in Linux, except for the fact that the Linux system serves or connects with MS-Windows machines, which are inherently unsafe, so Linux has anti-malware software (in fact, the best of them all) to protect MS-Windows machines from themselves. So no cutting corners if you want the maximum safety and performance. There is also little to no use in spending time trying to enhance performance and/or safety for those that use bare metal Windows installs, even in dual boot, it's either a full solution, or a full problem that can be accepted, but when the user accepts the problem, there is really no use in wasting time with intermediate solutions that bring nothing anyway. It's much cheaper to dedicate disposable hardware to Windows, and keep it galvanically insulated from everything else, if you want to tackle the problem. Not saying that you need to tackle the problem if you don't perceive it as a problem, and many users will not perceive it as a problem. That doesn't make it any less of a problem, so proper information should be given on the subject so that everyone can make an informed decision. MS-Windows is like heart infarct. As long as you're not struck by it, you don't perceive it as a problem. Many people will even say people that are struck by the problem have themselves to blame for it, because they were eating bad and living bad, etc... but it's the number one cause of death in the US, it is a problem, a huge problem even. Some people will really do something about it, before they are struck by it, some people will try to inform others of the dangers, others will laugh at them and tell them to fuck off, and some of those will never be struck by a heart infarct, and then some people that try to mind their lifestyle and eating habits will still be struck by heart infarct. It's exactly the same situation with MS-Windows. Games are like burgers, they provide pleasure, but force you to subject yourself to the heart infarct risk. I eat burgers from time to time, I play games in Windows, I even use Microsoft products for business purposes, so I'm not telling anyone to do this or that or don't do this or that, I'm just saying that everyone should be aware that there are problems and risks, huge problems and risks that have to be accepted in order to have access to certain types of entertainment or pleasure, whereas these do not hae to be accepted for productivity or performance, just like you can actually perform better physically without eating burgers...

Everybody should make his/her own decision on whether MS-Windows is necessary, whether or not they will install it on bare metal, whether they need linux, whether they want privacy/security, etc... people should just not get the idea that they will be able to get a secure system if they are dual booting with MS-Windows, because they will not, MS-Windows on bare metal is the main and almost only vector of malware in Linux. Those people should just use Linux for the added functionality and future SteamOS games with best performance. Just like I use MS-Windows to make money from time to time, they should use Linux if they make money with it or get satisfaction out of it. Running Linux is a VM on a Windows host, just doesn't offer any benefits at all, because the performance sucks and the feature benefits are not available in full. For those people that don't want to virtualize MS-Windows, that are convinced that they need a bare metal MS-Windows install, dual booting is the only solution. For those that only need MS-Windows occasionally for specific things, running a Linux host with a virtualized MS-Windows install is the best solution. There is no use case scenario where an MS-Windows host with a virtualized Linux install ever makes any sense."

OK, back to me now. I agree with all the above. Tip, if you go with an Intel CPU make sure it supports VT-d.

Here's some links that have some useful info on virtualization.

Link: http://virt-tools.org/

Link: http://theurbanpenguin.com/citrix/a20.html

Link: https://www.youtube.com/watch?v=x56qS08NDGc

Go for Linux with QEmu/kvm. KVM standing for kernel virtual machine, QEmu also allowing you to emulate non-x86 architectures. Use virsh (terminal) or virt-manager to manage the VMs. Usage is similar to Vbox, but this setup is a lot more versatile, also allowing for PCI passthrough and VGA passthrough (there is a certain logic to making this work, but it's sure as hell not easy to do if you've never done it before and are just following the few tutorials out there). Performance of kvm should be basically the same as VBox, probably better.

I would suggest going with Debian, Arch or Gentoo. Debian being quite old at times, but very stable. Arch and Gentoo are rolling release and usually cutting edge. You may want to use Gentoo over Arch if you dislike systemd, otherwise try them out and choose whichever of the two you happen to prefer.

Xen with a FreeBSD or netBSD dom0 is often recommended for performance, but I have zero experience with Xen, so I can't comment on that. However, this should give you the best performance, albeit with the steepest learning curve.