RE: [Fedora-xen] Best practices questions

["Lopez, Denise" <dlopez humnet ucla edu>]

Are you talking about inside the guests or where the guests are in DomO?

I was talking about where the guests are in Dom0.

Denise Lopez


-----Original Message-----
From: Stephen John Smoogen [mailto:smooge gmail com] 
Sent: Wednesday, November 28, 2007 4:39 PM
To: Lopez, Denise
Cc: fedora-xen redhat com
Subject: Re: [Fedora-xen] Best practices questions

On Nov 28, 2007 5:31 PM, Lopez, Denise <dlopez humnet ucla edu> wrote:
>
>
>
>
> Hi all,
>
>
>
> I am in the process of building a new Xen server from scratch and
wanted to
> ask a couple of questions about best practices.
>
>
>
> First, should the guest domains be image files or LVM's or just
regular ext3
> partitions? What are the pros and/or cons of each?
>

Are you talking about inside the guests or where the guests are in DomO?

For the guests files on Dom0, I am using image files stored on DomO's
LVM.. though I may follow some howtos on shared storage so that
failover works in the future.

Inside the guests, I am using ext3 direct in the image versus using
LVM+ext3. I wanted things to be simple to understand for myself.

>
>
> Second,  since the Dom0 is supposed to be kept secure, and most of my
> servers I don't install any X11 server on, is there any security risk
> installing an X11 server on the Dom0 in order to take advantage of the
> virt-manager GUI interface?
>
>

I do not know of any major security issues... but you should use
security in depth.
1) secure the logins
2) firewall the machine so that only ssh X port forwarding is available
3) keep the system up-2-date.
4) follow other best practices for securing a system.



-- 
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"