[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Management application on dom0 or domU

eva wrote:

Wouldn't it be better leaving dom0 without graphical interface, and
having the management application on a domU instead, which will
communicate with dom0 to perform the administrative tasks?

How would the management application communicate with dom0?

OK, two separate bits here. One is whether you expose a Dom0 management interface to it's guests, another is whether you expose one generally (ie via network).

Quite a few tools (in general, not specifically Xen) work with a split between a GUI that runs <somewhere> and a management tool the GUI communicates with running on the host. Some go a bit further and use a shared DB where the GUI (or even text tools) update the DB, and the hosts acts on what it gets from the DB.
Nothing in these approaches would be Xen specific.

If you specifically want to run a management tool in a DomU, and have it communicate with Dom0, then that means exposing a management API from Dom0 to it's guests. Personally I think that's not a good idea (beyond what is *essential* for the system to operate) as it opens up a whole new attack vector to secure. A generic network management API would be better IMO - you can block all traffic (or just not run it at all), and it allows you to run the tools on a DomU if you wish (and make the traffic routable between them).

Simon Hobson

Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.