[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Xen-users] Isolated network
- To: "Florian Manschwetus" <florianmanschwetus@xxxxxx>, <Xen-users@xxxxxxxxxxxxxxxxxxx>
- From: "Jonathan Tripathy" <jonnyt@xxxxxxxxxxx>
- Date: Fri, 4 Jun 2010 16:04:50 +0100
- Cc:
- Delivery-date: Fri, 04 Jun 2010 08:08:16 -0700
- List-id: Xen user discussion <xen-users.lists.xensource.com>
- Thread-index: AcsD9a28MaE7Q1yGThizEhhZLuhcbQAAZoLF
- Thread-topic: [Xen-users] Isolated network
From: Florian Manschwetus
[mailto:florianmanschwetus@xxxxxx] Sent: Fri 04/06/2010
15:53 To: Jonathan Tripathy Cc:
Xen-users@xxxxxxxxxxxxxxxxxxx Subject: Re: [Xen-users] Isolated
network
... > Hi There, > > Sorry, I think I worded my
post wrong. What I meant was is there a way > to make sure that the DomUs
can't access the Dom0, i.e. so they are on > an isolated network. By
default in virt-manager, the Dom0 gets attached > to each bridge
created... > > Also, what additional features does opensolaris
support? > > Thanks > Depending where and how your guest
disks are stored, you would have zfs for that. At least your dom0 would
benefit from zfs (bootenvironments and frequent snapshotting of all
data). Really easy handling of vlans, bridges and other networking
stuff. (e.g. to configure a nic, you have to plumb it to the system, but
you can use an unplumbed nic for a bridge (what would address your
current question)) No idea so far how well it integrate that all with
virt-manager
For udom or smarter dom0 you can use zones.
At all, I
would say, you should have a closer look (read a bit at opensolaris.org) and
try it for your own if you are interested.
I have a productive xen
running with two osolb134 dom0s with x64-linux, -windows and -opensolaris as
guests.
Florian
-----------------------------------------------------------------------------------------------------------------------
My main question is though, is that since all bridge are
actually located in the Dom0, what is the best way to stop DomUs from access
Dom0? Should I just make a "bridge firewall" at the bridge?
Thanks
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|