Operating system-level virtualization allows running multiple isolated Linux containers with only one kernel. It has the smallest overhead and is used since a decade by the webhosting industry for virtual private servers (lately called cloud server).Linux-Vserver started in 2001, followed by Virtuozzo/OpenVZ with big kernel patches.In contrast LXC has the goal to bring everything into mainline kernel. It's included since 2.6.29 and most of the distributions support it. LXC makes use of kernel namespaces for isolation and uses cgroups (control groups) for resource limits. Best practices, pitfalls and how LXC can be used in HA environments with Pacemaker are shown. The new apparmor profile that makes the use of LXC more secure is also discussed.Audience: The presentation is intended for system architects, administrators and developers. The level of technical experience is moderate.