On Wed, 24 Oct 2007, Paul de Weerd wrote:
> On Wed, Oct 24, 2007 at 08:31:26AM -0500, L. V. Lammert wrote:

quoted text
> | On Wed, 24 Oct 2007, Henning Brauer wrote:

> |

> | > * adam.getchell@gmail.com  [2007-10-24 03:03]:

> | > > Virtualization seems to have a lot of security benefits

> | >

> | > seems?

> | > to whom?

> | >

> | Virtualization provides near absolute security - DOM0 is not visible to

> | the user at all, only passing network traffic and handling kernel calls.

> | The security comes about in that each DOMU is totally isolated from the

> | the others, while the core DOM0 is isolated from any attacks.

>

> This is the theory.

>

Practice also. XEN is a great tool for 'duplicating' a machine in an

entererprise environment (IME running 'user level' tools for hundreds or

thousands of users). Separating applications is invaluable, and the

ability to do a machine restore in minutes, using the most recent data

from a local SAN is also a major advantage.

Nobody in the XEN (or VM) world in their right mind would put a VM on the

'Net without significant protection (an OBSD PF machine, perhaps), and

I'm certainly not suggesting that.
Remember that there is more than one world from a technology standpoint!

The vast majority of the SME marketspace (where we operate) is heavily

infiltrated with MS crap; OTOH, OBSD is the only choice for public

servers, or as a front-end to other OSs. The virtualization space

will have to mature significanty, if ever, to meet the security standards

of OBSD.
In the meantime, virtualization provides a great solution for those

applications that benefit from running separately & isolated, while

maximizing h/w utilization.
	Lee
================================================

  Leland V. Lammert            lvl@omnitec.net

    Chief Scientist     Omnitec Corporation

 Network/Internet Consultants   www.omnitec.net

================================================