On Wed, 24 Oct 2007, Paul de Weerd wrote: > On Wed, Oct 24, 2007 at 08:31:26AM -0500, L. V. Lammert wrote: > | On Wed, 24 Oct 2007, Henning Brauer wrote: > | > | > * [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2007-10-24 03:03]: > | > > Virtualization seems to have a lot of security benefits > | > > | > seems? > | > to whom? > | > > | Virtualization provides near absolute security - DOM0 is not visible to > | the user at all, only passing network traffic and handling kernel calls. > | The security comes about in that each DOMU is totally isolated from the > | the others, while the core DOM0 is isolated from any attacks. > > This is the theory. > Practice also. XEN is a great tool for 'duplicating' a machine in an entererprise environment (IME running 'user level' tools for hundreds or thousands of users). Separating applications is invaluable, and the ability to do a machine restore in minutes, using the most recent data from a local SAN is also a major advantage.
Nobody in the XEN (or VM) world in their right mind would put a VM on the 'Net without significant protection (an OBSD PF machine, perhaps), and I'm certainly not suggesting that. Remember that there is more than one world from a technology standpoint! The vast majority of the SME marketspace (where we operate) is heavily infiltrated with MS crap; OTOH, OBSD is the only choice for public servers, or as a front-end to other OSs. The virtualization space will have to mature significanty, if ever, to meet the security standards of OBSD. In the meantime, virtualization provides a great solution for those applications that benefit from running separately & isolated, while maximizing h/w utilization. Lee ================================================ Leland V. Lammert [EMAIL PROTECTED] Chief Scientist Omnitec Corporation Network/Internet Consultants www.omnitec.net ================================================