[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] Security audits and compliances



Hey guys,

I was just looking into some standards concerning the certification of critical 
computer systems in general when I thought about how this relates to 
virtualization. Is there anyone out there who has experiences with security 
audits for Xen like PCI-DSS? Or to put it as a general question: does 
virtualization matter? I think its a pretty interesting question - how is the 
isolation between virtual machines accepted with regards to security 
compliances?

Lets have an additional example to discuss: There are two networks that are 
generally not allowed to be directly connected to one physical machine. What 
about creating two driver domains on one physical host both having a dedicated 
NIC connected to one of these networks. The resulting security rule could be 
that the virtual machines are never allowed to use both driver domains. Do you 
think this would work out in a security audit?

Looking forward to an interesting discussion...

Best regards,
Bjoern
________________________________________________________________________
Schon gehört? Bei WEB.DE gibt' s viele kostenlose Spiele:
http://games.entertainment.web.de/de/entertainment/games/free/index.html


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.