On 01/14/2014 05:49 AM, Giancarlo Razzolini wrote:
Em 14-01-2014 01:11, Christopher Ahrens escreveu:
What I meant by bare-metal was if I should run a bunch of services on
the same installation of OpenBSD.
I've run in the same physical space issue with my company servers and
didn't think twice to use virtualization. But, as pointed by others, you
could easily accommodate all your services into one openbsd server with
chroot's. But I disagree when they compare chroot directly with a vm
hypervisor, because there are many things it can do, that a chroot
can't. I've been using linux with qemu/kvm. Lots of pci devices
passthrough's that work like a charm (there are potential security
issues, worth noting). I believe that the other obvious choice is Xen. I
would not go with virtualbox. And Vmware is expensive. Qemu/kvm tights
nicely into the system so it's my choice. You should make your own choice.
Cheers,
To be fair, virtualizing stuff without a common shared storage is a
little bit useless. The biggest power of virtualization is to be able to
move VMs between physical hosts or even powering on physical hosts when
you need more power.
But security wise, just to cite Theo:
x86 virtualization is about basically placing another nearly full
kernel, full of new bugs, on top of a nasty x86 architecture which
barely has correct page protection. Then running your operating system
on the other side of this brand new pile of shit.
You are absolutely deluded, if not stupid, if you think that a worldwide
collection of software engineers who can't write operating systems or
applications without security holes, can then turn around and suddenly
write virtualization layers without security holes.
