[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Best practice for Dom0



I agree with you that domain0 should be protected as much as possible,
so running an SNMP client might not be a very good idea. 

I wonder how the new gui mgt tool will do this though:
http://www.enomalism.com/home.html

Rene

On Sat, 2006-03-18 at 20:10 -0500, Frank DiRocco wrote:
> i'm an infant as far as linux and xen is concerned, but i would be
> hesitant to run snmp on the dom0. If smnp was used to exploit this
> machine the attacker would have access to all my vm's, could mount and
> modify vm's disks or shutdown or create new ones. additionally I keep
> stuff like make and gcc on my domu which could be an attackers dream.
> I have seen webbased gui monitoring for xen, but i have not tried any
> of it.
> 
> On 3/18/06, Rene <forumuser@xxxxxxxxxx> wrote:
>         What about monitoring on domain0 like an snmp client
>         monitoring all the 
>         guest domains? Wouldn't that be an exellent task for domain0?
>         
>         It seems such a waste not to use more resources on domain0 ;-)
>         
>         Thanks,
>         Rene Kogels
>         
>         On Thu, 2006-03-16 at 20:27 +0000, M.A. Williamson wrote: 
>         > >- Does it prefer that i use Dom 0 only for Xen Hypervisor ?
>         >
>         > Dom0 doesn't run the hypervisor, it runs *on* the
>         hypervisor; the only
>         > difference from other domains is that it's allowed to access
>         your network, 
>         > disk, graphics devices directly.
>         >
>         > But it's good practice not to run unnecessary services in
>         dom0 - put them
>         > in domUs instead. Dom0 has root-equivalent privileges on
>         every domU on the
>         > machine. 
>         >
>         > >- If yes, how much ram i need to reserv for Dom0  ?
>         >
>         > I think 128Meg is solid for a lot of people, but it varies
>         depending on if
>         > you're doing RAM-intensive things in dom0.
>         > 
>         > >- Are there a link between amount of ram in Dom0 and number
>         of virtual
>         > >machine run on this computer ?
>         >
>         > The more RAM you give to dom0, the less RAM is available for
>         other domains.
>         > RAM for domUs comes from the host system, not from dom0.
>         >
>         > Cheers,
>         > Mark
>         >
>         > _______________________________________________
>         > Xen-users mailing list
>         > Xen-users@xxxxxxxxxxxxxxxxxxx
>         > http://lists.xensource.com/xen-users
>         
>         
>         _______________________________________________
>         Xen-users mailing list
>         Xen-users@xxxxxxxxxxxxxxxxxxx
>         http://lists.xensource.com/xen-users
> 
> 
> 
> -- 
> Thank you,
> Frank  Di Rocco
> 
> "Does an optimistic person look at a hard drive as half-full or
> half-empty?" - ofanged1-at-gmail.com 
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.