WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Xen-users] RE: If a DomU was compramised..

from [Jonathan Tripathy] [Permanent Link][Original]
To: <matt@xxxxxxxxxxxxxxxxxx>, <xen-users@xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Xen-users] RE: If a DomU was compramised..
From: "Jonathan Tripathy" <jonnyt@xxxxxxxxxxx>
Date: Thu, 20 May 2010 14:47:10 +0100
Cc:
Delivery-date: Thu, 20 May 2010 06:50:32 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <46C13AA90DB8844DAB79680243857F0F061FD0@xxxxxxxxxxxxxxxxxxx> <5DB0519124BB3D4DBEEB14426D4AC7EA17E924DAF8@xxxxxxxxxxxxxxxxxxxxx> <46C13AA90DB8844DAB79680243857F0F061FD3@xxxxxxxxxxxxxxxxxxx> <60154c577b6ed8a864e1178d234da21d.squirrel@xxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: Acr4HePim4rc+GAmQu6ocKalQFdhiwABQ4Og
Thread-topic: [Xen-users] RE: If a DomU was compramised..
Hmm ok that worries me a bit...
 
I thought that Xen is a type-1 hypervisor, so why do they say that VMWare is more suitable?
 
Surely VMWare's *nix "console" abailable from the VGA port (or ssh if you hack it) is equivalent to the Dom0 in Xen? Or have I got the whole concept of a Dom0 wrong?

From: Matthew Law [mailto:matt@xxxxxxxxxxxxxxxxxx]
Sent: Thu 20/05/2010 14:10
To: Jonathan Tripathy
Subject: RE: [Xen-users] RE: If a DomU was compramised..


On Thu, May 20, 2010 1:41 pm, Jonathan Tripathy wrote:
> Ok so to sum up, it's no worse than VMWare ESXi?

Exactly.  However, if you were to ask a PCI DSS assessor they would
probably give you the scripted answer that Xen is not a suitable candidate
for a PCI DSS environment despite the fact that if configured properly it
is no more insecure than ESXi or a hardware box.

Another option to increase separation between the dom0 and domUs is to
configure the dom0 to only be accessible on one physical interface which
is and then have another public interface with no address which is bridged
for the domUs.  Unless I am mistaken, this is the default setup for XCP
and XenServer when multiple interfaces are available.


Cheers,

Matt.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Xen-users] Openvswitch, Jonathan Tripathy
Next by Date:  RE: [Xen-users] Another install xen on Ubuntu 10.04 question, Tom Potwin
Previous by Thread:  RE: [Xen-users] RE: If a DomU was compramised.., Jonathan Tripathy
Next by Thread:  RE: [Xen-users] RE: If a DomU was compramised.., Matthew Law
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy