WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] Recommended multi-server approach

On Thu, 14 Jun 2007, Tom Mornini wrote:

On Jun 14, 2007, at 10:00 AM, Jordi Espasa Clofent wrote:

> It makes sense run *nothing* other than sshd in Dom0, IMHO.

Ok. But ¿why?

Because you don't need to. :-)

Better to keep it pristine. Upgrade and such will be easier.

And, if there are ever any *issues* with the services, those issues will have zero effect on everything else.

which is one of the two arguments in my head. Stability and security.

By moving as much as you can into the domUs, you theoretically keep dom0 more stable... and since crashing dom0 crashes everything, you want dom0 to be rock solid.

The same argument applies to security. If there are no applications in dom0, then there are less possible security holes (reduced footprint). In theory it's difficult to break into dom0 from a domU, but simpler to compromise a domU from dom0.

There may be situations where performance runs counter to these arguments (drbd?).

-Tom
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users