|
|
|
|
|
|
|
|
|
|
xen-users
Re: [Xen-users] Recommended multi-server approach
On Thu, 14 Jun 2007, Tom Mornini wrote:
On Jun 14, 2007, at 10:00 AM, Jordi Espasa Clofent wrote:
> It makes sense run *nothing* other than sshd in Dom0, IMHO.
Ok. But ¿why?
Because you don't need to. :-)
Better to keep it pristine. Upgrade and such will be easier.
And, if there are ever any *issues* with the services, those issues will have
zero effect on everything else.
which is one of the two arguments in my head. Stability and security.
By moving as much as you can into the domUs, you theoretically keep dom0
more stable... and since crashing dom0 crashes everything, you want dom0
to be rock solid.
The same argument applies to security. If there are no applications in
dom0, then there are less possible security holes (reduced footprint). In
theory it's difficult to break into dom0 from a domU, but simpler to
compromise a domU from dom0.
There may be situations where performance runs counter to these arguments
(drbd?).
-Tom _______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
|
|