On Wed, Oct 24, 2007 at 01:41:38PM -0500, L. V. Lammert wrote:
| For example, say you have three departments within a company: Marketing, 
| Development, Production. Allowing each department to maintain their own 
| server instance allows each department to have their own users, home 
| directory configuration, samba (possibly) network config & authorization, 
| separate file/print sharing domain, etc.
| 
| That is simple not doable with a single OS, yet with a reasonable priced of 
| h/w all can be maintained on one platform.
| 
| The security benefits are at the application level, *NOT* at the OS level.

Let's have a look at the case.

Three departments all on one machine, each under one VM.

Why compare this to all departments on one machine, all on the same
OS ? That's not a fair comparison.

Compare your one machine with 3 VMs to three machines. What do you
think is more secure ? If you really, honestly think that the one
machine/3 VM's solution is more secure, I'm actually very interested
in your reasoning for this.

You seperate and isolate each department on their own machine. As
secure as the OS and/or application running on that machine.

Now you join three machines into one machine with three VMs, adding a
layer of complexity/code that is quite useful (as it saves on hardware
costs) but maybe not very mature yet.

How does that joining *add* security ? Please elaborate.

Cheers,

Paul 'WEiRD' de Weerd

-- 
quoted text
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
                 http://www.weirdnet.nl/