On Sun, Jan 03, 2010 at 12:47:54PM +0800, Paul Wise wrote: > On Sun, Jan 3, 2010 at 9:01 AM, Brian May <b...@snoopy.debian.net> wrote: > > > 1) I believe Xen, with paravirtualization (that is without QEMU) is more > > secure > > then KVM (or Xen) with QEMU. > > I haven't heard this claim before, do you have any references to support this? >
Xen guests (domUs) communicate only with Xen hypervisor, and the guests are totally separated from each other and dom0. Xen hypervisor then passes IO requests to/from dom0 for disk/net. Also if running HVM guests the qemu-dm emulator binary can be run in a 'stubdom', so qemu can be put into it's own/private guest to get it out of dom0.. this makes HVM guests communicate with dom0 in the same way as PV guest would. Some people prefer these models, instead of the KVM model where guests are directly running on the host kernel. -- Pasi -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
