[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Recommended multi-server approach

On Thu, 14 Jun 2007, Tom Mornini wrote:


On Jun 14, 2007, at 10:00 AM, Jordi Espasa Clofent wrote:


> It makes sense run *nothing* other than sshd in Dom0, IMHO.

Ok. But ¿why?


Because you don't need to. :-)

Better to keep it pristine. Upgrade and such will be easier.
And, if there are ever any *issues* with the services, those issues will have zero effect on everything else. 

which is one of the two arguments in my head. Stability and security.
By moving as much as you can into the domUs, you theoretically keep dom0 more stable... and since crashing dom0 crashes everything, you want dom0 to be rock solid.
The same argument applies to security. If there are no applications in dom0, then there are less possible security holes (reduced footprint). In theory it's difficult to break into dom0 from a domU, but simpler to compromise a domU from dom0.
There may be situations where performance runs counter to these arguments (drbd?). 

-Tom
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.