RE: [Xen-users] Xen Security

["Jonathan Tripathy" <jonnyt@xxxxxxxxxxx>]

 

On Fri, Jul 16, 2010 at 5:27 PM, Jonathan Tripathy <jonnyt@xxxxxxxxxxx> wrote:
> Do people on this list generally trust Xen with their private data, mixed
> with public VMs? The folks over at Slicehost, Amazon etc.. seem to...

"mixed" as in having an "intranet only" VM and a "public facing" VM in
the same dom0 box? Yes.

Anyway, like Bart mentioned, "seclusion is created by software. In
theory it is the same thing as physical seclusion, until the software
fails or is compromised." IMHO the risk is no bigger than (say) having
a L2 switch separate public and private network with vlans. There are
some risk involved, and you have to decide whether you can accept it
or not.

--
Fajar

--------------------------------------------------------------------------------------------------------------

 

I think this sums it up pretty well! We could even go as far as saying that the firewall which seperates our DMZ/LAN could have unknown flaws. Anyway, I'm sure if something show-stopping comes up, I'm guessing this list will be the first to hear about it!

 

Bart, good point on the liability issue.

 

Does Xen 4.0 have any security fixes compared to 3.4.2? Or is 4.0 more about features (which could potentially create more holes)?

 

Cheers

 

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users