Many software engineers strive for modularity and component decoupling, sacrificing some things (e.g. performance, to a varying degree) and gaining others. I agree with this line of thinking, and I see no reason not to apply it to OS kernels as well. The MMU is a really good friend to have, and I think most systems in this world should appreciate reliability more than performance, especially when it comes to the kernel. I always get a bit sad as I think of the general state of things, remembering that a decade ago I thought today everything would be properly divided and sandboxed with a minimum of necessary privileges. I guess user experience trumps it in many cases.
It's interesting (to me at least) that we have largely dispensed with the Unix privilege model in production and replaced it with running an entire unix system for each application, virtually hosted on the real one. I wonder if, had there been more emphasis historically on reliability and decoupling, we would nowadays be running more than one service on a host instead of running them in individual VMs hypervised by that host.
I suspect the answewer is "no, not entirely" due to other limitations of the model: ports under 1024 are root-only, regular users can't call chroot(), etc etc - but there have been solutions proposed/designed/implemented for most of this stuff , they just haven't had much uptake.
I think it's entirely possible to admin a multi service box, but it requires more skill and effort. Putting everything in a distinct VM makes all your problems look more like nails. Also, who wants to say they admin the server when they can say they admin the server cluster?
Good point. I heartily agree. The hardware is the resource the software is utilizing, and the better thought through and perhaps the more uniform (thus receiving much scrutiny and work) the tools for delegating and regulating access to those resources in order to preserve reliability, the better and more efficient the utilization of said resource, I should think.
One server one app - we do this in production and dev, for a number of reasons.
The biggest reason is that it's just easier. Easier to build a new host, install services. If you need to bring the vm down it only affects one application. And so on.
