This is interesting, in that it seems to be in compeiting space to LXC.. but makes use of VMX for machine isolation rather than using namespace / cgroups.
It's a shame they haven't provided some benchmarks...
It can't be competing with LXC, with LXC you can do over-provisioning of the server and maximize the utilization. With Jailhouse you under-subscribe your system in order to get maximal separation and performance guarantees.
I can see using this for real-time applications alongside management stuff and for separating critical and possibly buggy kernel drivers to where they can't harm the rest of the system.
Be fair. It can be said they compete, but, due to their very different design priorities, they don't compete directly.
I don't think the benchmarks make much sense in this situation, unless you measure server utilization and performance guarantees (which is the dimension in which they differentiate themselves).
One could use LXC for completely allocating a CPU for some container so they can compete on one aspect. LXC still doesn't run on bare-metal and so can't take on the cpu separation for hardware accesses but there is a dimension in which they compete.
Yes, and the "bare metal" aspect is more similar to Xen or KVM.
LXC is the exact opposite. It uses a shared kernel, while isolating various resources like networking, RAM, user IDs, etc between the different containers.
Xen or KVM provide something that looks like a bare metal computer.
The difference here, as far as I can understand, is that this is designed to be even more minimalist than what Xen or KVM gives you. Xen and KVM will still use some non-trivial amount of CPU resources on the CPU used by the guest (and depending in the setup may even share the CPU between different guests). This is designed to give the guest nearly complete control over the CPU, to allow you to run, say, a real-time operating system on one CPU, without interfering with the Linux kernel running on the others.
Xen and KVM also traditionally provide emulated devices that the guest talks to, while this just gives the guest direct access to the devices it needs.
So this is pretty much in exactly the opposite direction as LXC. The advantage of LXC is that containers are very lightweight, while still giving you a full Linux environment, as they share the kernel and lots of resources (like their root filesystem) with the host or other containers.
The advantage of Jailhouse is that the guest really gets full control of the CPU and hardware and very little interference, so you really can run a RTOS alongside a traditional Linux system.
There are a continuum of different virtualization designs; this extends the options available in a new direction. You use LXC if you want everything to be a Linux system sharing a kernel, and want control of what resources are shared vs. isolated. This can allow you to run a lot more VMs a lot more quickly and with lower resource impact than the other solutions. Xen or KVM if you want a full emulated virtual machine, which can run any OS that you want, and can share CPU, disk, and other resources with the host or other guests. Jailhouse if you basically want to have a separate computer sitting on the same motherboard.
I can see using this for real-time applications alongside management stuff and for separating critical and possibly buggy kernel drivers to where they can't harm the rest of the system.