WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-users] practical example and explanation of Xen sHype

from [Henning Sprang] [Permanent Link][Original]
To: xen-users <xen-users@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-users] practical example and explanation of Xen sHype
From: "Henning Sprang" <henning_sprang@xxxxxx>
Date: Mon, 15 Jan 2007 16:48:50 +0100
Delivery-date: Mon, 15 Jan 2007 07:48:35 -0800
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:sender:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition:x-google-sender-auth; b=nc0fOtExDQxCHSWiKa29o4xKI6TfZFJWRH5SL7Ab4i9+evbkr27jRgF9zF4VT0jm9OWkrqeni2sXIWS1/cgF78/vDF6fvsyRsW0+SsK9eI90TD8v42SaV0baaOCjUCEIynrI9db7/l3YidHczjIvzjmCtUzncReeM5BJ8P2u6Bo=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
Hi,
I looked at the description of sHype in the Xen manual.

But I have trouble to see some real world usage: Is it really there
only to protect a careless admin to start a domain used by cocacola on
the same server where already a pepsicola domain is running, so they
cannot steal each others secrets? Why not just let the admin decide
and be careful about what domain he starts where?
I mean, to start a domain, he must put a config file there, log
himself on on the machine, run xm create. Assuming he's so careless
doing this on coca-cola-xen-server.mydatacentre.com instead of
pepsi-cola-xen-server.mydatacenter.com, then I have a totally
different problem that has not to be solved by adding a software
layer, but by selecting the right person who get root access - isn't
it?

I thought that anyway Xen protects DomU's from accessing each others
ressources - does the existence of sHype mean, domU's aren't really
well isolated?

If the idea is to have something in a distributed setup for multiple
Xen Servers (that eventual even try to automatically migrate to
another machine), then I am missing a bit the centralized management.
With multiple servers, and have these exclusion rules, I don't want to
be forced to put them on each machine manually - then I'd rather want
a central permission server, something like that.

Henning

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] forcing disk in read only also if mounted, Henning Sprang
Next by Date:  Re: [Xen-users] forcing disk in read only also if mounted, Daniele Palumbo
Previous by Thread:  [Xen-users] Ubuntu Dapper server kernel doesn't works as a HVM guest on Xen 3.0.3, C. L. Martinez
Next by Thread:  Re: [Xen-users] practical example and explanation of Xen sHype, Christian Horn
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy