This is a digression, but do you have experience with z/OS?
When I took an operating systems class a few years back, a comment the professor made about z/OS stuck in my mind. "z/OS is one of the few operating systems that can run a VM of itself with almost no overhead." He went on to mention that he had seen nested VMs on z/OS about twelve steps deep that ran without noticeable delay.
Since he said this, I've always wanted to ask someone with some experience with the OS whether or not this is a valid observation. Additionally, does z/OS act similar to a BSD jail, where the kernel itself is replicated to improve security? I've not been able to find a whole lot of free/open documentation on the operating system.
I have some experience with z/OS, but mainly from a security perspective rather than a day to day admin role.
I wouldn't say that there's no overhead, but the structure of z series mainframes is completely different to any midrange architecture. Everything is designed to be virtualised, parallelised and incredibly redundant. Hard disk fails? No problem, carry on as normal. Motherboard failure? No problem, carry on as normal.
z/OS doesn't have a kernel, it has what's called the nucleus. Effectively, the physical system is divided into LPARS[1], which then provide in effect highly scalable virtualised systems. There's then further isolation through about 3 different methods IIRC (for example, each subsystem - analogous to a long running process has it's own addressable memory) to the point where everything can be completely isolated, so it's very different to a jail, slightly like something like Xen (but only slightly).
The security model on z/OS is completely different to Unix/Windows because the entire architecture is completely different (for example, z/OS uses a block-based disk operating system as opposed to a byte stream filesystem, meaning there's no such thing as files in the Unix sense on z/OS - outside of USS which is beyond the scope of this comment)[2].
Under z series LPAR virtualisation each LPAR runs it's own OS with it's own allocated resources. It's about as separate as you can get. You'd never use virtualisation that way on midrange as you cheat to get more VMs into less space, but on z series you need to absolutely guarantee access to a resource when needed, so you partition the systems up accordingly.
Please note, if anyone knows better than this please correct me, as I say I'm more on the security side than operator so I might be wrong in a couple of places.
When I took an operating systems class a few years back, a comment the professor made about z/OS stuck in my mind. "z/OS is one of the few operating systems that can run a VM of itself with almost no overhead." He went on to mention that he had seen nested VMs on z/OS about twelve steps deep that ran without noticeable delay.
Since he said this, I've always wanted to ask someone with some experience with the OS whether or not this is a valid observation. Additionally, does z/OS act similar to a BSD jail, where the kernel itself is replicated to improve security? I've not been able to find a whole lot of free/open documentation on the operating system.