Re: [Xen-users] Best practice for Dom0

To:	forumuser@xxxxxxxxxx, xen-users@xxxxxxxxxxxxxxxxxxx
Subject:	Re: [Xen-users] Best practice for Dom0
From:	"Frank DiRocco" <ofanged1@xxxxxxxxx>
Date:	Sat, 18 Mar 2006 20:10:49 -0500
Delivery-date:	Sun, 19 Mar 2006 01:12:12 +0000
Domainkey-signature:	a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=K32WrlXzQ2Kdju6vWc2z+EXLN2D/QuR1XXEj4m5eEoTFMDOISzXVgFISBGesVvbAW5gmm4JCJCsOPEKhURI+9MVTIn26f6yPx9Ri4IrX1zWQT+LCd64Wl1SlL0M+SEmIfMzmF4ifBFg24Tf/Z1osOo0lG70mPYgi1pFCNkVtuF0=
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<1142710862.15320.7.camel@localhost>
List-help:	<mailto:xen-users-request@lists.xensource.com?subject=help>
List-id:	Xen user discussion <xen-users.lists.xensource.com>
List-post:	<mailto:xen-users@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References:	<c5530b840603160458n31495edfi1cfc622b8be0e572@xxxxxxxxxxxxxx> <Prayer.1.0.16.0603162027310.26118@xxxxxxxxxxxxxxxxxxxxxx> <1142710862.15320.7.camel@localhost>
Sender:	xen-users-bounces@xxxxxxxxxxxxxxxxxxx

i'm an infant as far as linux and xen is concerned, but i would be hesitant to run snmp on the dom0. If smnp was used to exploit this machine the attacker would have access to all my vm's, could mount and modify vm's disks or shutdown or create new ones. additionally I keep stuff like make and gcc on my domu which could be an attackers dream.
I have seen webbased gui monitoring for xen, but i have not tried any of it.

On 3/18/06, Rene <forumuser@xxxxxxxxxx > wrote:

What about monitoring on domain0 like an snmp client monitoring all the
guest domains? Wouldn't that be an exellent task for domain0?

It seems such a waste not to use more resources on domain0 ;-)

Thanks,
Rene Kogels

On Thu, 2006-03-16 at 20:27 +0000, M.A. Williamson wrote:
> >- Does it prefer that i use Dom 0 only for Xen Hypervisor ?
>
> Dom0 doesn't run the hypervisor, it runs *on* the hypervisor; the only
> difference from other domains is that it's allowed to access your network,
> disk, graphics devices directly.
>
> But it's good practice not to run unnecessary services in dom0 - put them
> in domUs instead. Dom0 has root-equivalent privileges on every domU on the
> machine.
>
> >- If yes, how much ram i need to reserv for Dom0 ?
>
> I think 128Meg is solid for a lot of people, but it varies depending on if
> you're doing RAM-intensive things in dom0.
>
> >- Are there a link between amount of ram in Dom0 and number of virtual
> >machine run on this computer ?
>
> The more RAM you give to dom0, the less RAM is available for other domains.
> RAM for domUs comes from the host system, not from dom0.
>
> Cheers,
> Mark
>
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

--
Thank you,
Frank Di Rocco

"Does an optimistic person look at a hard drive as half-full or half-empty?" - ofanged1-at-gmail.com

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

WARNING - OLD ARCHIVES

xen-users

Re: [Xen-users] Best practice for Dom0