|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] using encrypted swap & tmpfs in Xen DomUs ?
On Wed, Jan 14, 2009 at 6:03 PM, Fajar A. Nugraha <fajar@xxxxxxxxx> wrote: > Generally speaking best practices on standalone hosts should be apply on > domU hosts. Sure, in general. But I'm looking for any Xen 'gotchas', in partuclar, performance related issues due to 'communication & traffic' between xen/hypervisor components. Tough to say specifically what I'm looking for, when I don't know what I'm looking for ;-) > I am curious though, which reference points you that it's good to > encrypt swap while still having filesystem unencrypted? Simply usage. Primarily, -- I need remote reboot capability ... iiuc, can't do that if / is encrypted. -- Physical penetration is not an issue. -- My data & configs are all on attached/remote drives/servers that are encrypted, if/when required. Nothing's on / that I care about anyway, so why take the performance hit? -- encrypted swap does provide some protection against buffer overflow attacks that don't, necessarily, need to gain root (if they do, i'm hosed anyway), and dumping encrypted data in swap. _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |