I agree with you that domain0 should be protected as much as possible,
so running an SNMP client might not be a very good idea.
I wonder how the new gui mgt tool will do this though:
http://www.enomalism.com/home.html
Rene
On Sat, 2006-03-18 at 20:10 -0500, Frank DiRocco wrote:
> i'm an infant as far as linux and xen is concerned, but i would be
> hesitant to run snmp on the dom0. If smnp was used to exploit this
> machine the attacker would have access to all my vm's, could mount and
> modify vm's disks or shutdown or create new ones. additionally I keep
> stuff like make and gcc on my domu which could be an attackers dream.
> I have seen webbased gui monitoring for xen, but i have not tried any
> of it.
>
> On 3/18/06, Rene <forumuser@xxxxxxxxxx> wrote:
> What about monitoring on domain0 like an snmp client
> monitoring all the
> guest domains? Wouldn't that be an exellent task for domain0?
>
> It seems such a waste not to use more resources on domain0 ;-)
>
> Thanks,
> Rene Kogels
>
> On Thu, 2006-03-16 at 20:27 +0000, M.A. Williamson wrote:
> > >- Does it prefer that i use Dom 0 only for Xen Hypervisor ?
> >
> > Dom0 doesn't run the hypervisor, it runs *on* the
> hypervisor; the only
> > difference from other domains is that it's allowed to access
> your network,
> > disk, graphics devices directly.
> >
> > But it's good practice not to run unnecessary services in
> dom0 - put them
> > in domUs instead. Dom0 has root-equivalent privileges on
> every domU on the
> > machine.
> >
> > >- If yes, how much ram i need to reserv for Dom0 ?
> >
> > I think 128Meg is solid for a lot of people, but it varies
> depending on if
> > you're doing RAM-intensive things in dom0.
> >
> > >- Are there a link between amount of ram in Dom0 and number
> of virtual
> > >machine run on this computer ?
> >
> > The more RAM you give to dom0, the less RAM is available for
> other domains.
> > RAM for domUs comes from the host system, not from dom0.
> >
> > Cheers,
> > Mark
> >
> > _______________________________________________
> > Xen-users mailing list
> > Xen-users@xxxxxxxxxxxxxxxxxxx
> > http://lists.xensource.com/xen-users
>
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
>
>
>
> --
> Thank you,
> Frank Di Rocco
>
> "Does an optimistic person look at a hard drive as half-full or
> half-empty?" - ofanged1-at-gmail.com
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
Home