On Wed, 24 Oct 2007, Paul de Weerd wrote:
> On Wed, Oct 24, 2007 at 08:31:26AM -0500, L. V. Lammert wrote:
> | On Wed, 24 Oct 2007, Henning Brauer wrote:
> |
> | > * [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2007-10-24 03:03]:
> | > > Virtualization seems to have a lot of security benefits
> | >
> | > seems?
> | > to whom?
> | >
> | Virtualization provides near absolute security - DOM0 is not visible to
> | the user at all, only passing network traffic and handling kernel calls.
> | The security comes about in that each DOMU is totally isolated from the
> | the others, while the core DOM0 is isolated from any attacks.
>
> This is the theory.
>
Practice also. XEN is a great tool for 'duplicating' a machine in an
entererprise environment (IME running 'user level' tools for hundreds or
thousands of users). Separating applications is invaluable, and the
ability to do a machine restore in minutes, using the most recent data
from a local SAN is also a major advantage.
Nobody in the XEN (or VM) world in their right mind would put a VM on the
'Net without significant protection (an OBSD PF machine, perhaps), and
I'm certainly not suggesting that.
Remember that there is more than one world from a technology standpoint!
The vast majority of the SME marketspace (where we operate) is heavily
infiltrated with MS crap; OTOH, OBSD is the only choice for public
servers, or as a front-end to other OSs. The virtualization space
will have to mature significanty, if ever, to meet the security standards
of OBSD.
In the meantime, virtualization provides a great solution for those
applications that benefit from running separately & isolated, while
maximizing h/w utilization.
Lee
================================================
Leland V. Lammert [EMAIL PROTECTED]
Chief Scientist Omnitec Corporation
Network/Internet Consultants www.omnitec.net
================================================
