[Fedora-xen] Best practices questions
Dustin Henning
Dustin.Henning at prd-inc.com
Thu Nov 29 13:03:20 UTC 2007
Denise,
Personally, I recommend lvm or partitions in Dom0 vs image files for
performance reasons. The choice to use LVM or partitions can really safely
be left to whichever you are more comfortable with. If you want to be able
to resize DomUs, then lvm might be useful, but if that can be done, it is
probably quite complicated.
Dustin
-----Original Message-----
From: fedora-xen-bounces at redhat.com [mailto:fedora-xen-bounces at redhat.com]
On Behalf Of Lopez, Denise
Sent: Wednesday, November 28, 2007 19:43
To: fedora-xen at redhat.com
Subject: RE: [Fedora-xen] Best practices questions
Are you talking about inside the guests or where the guests are in DomO?
I was talking about where the guests are in Dom0.
Denise Lopez
-----Original Message-----
From: Stephen John Smoogen [mailto:smooge at gmail.com]
Sent: Wednesday, November 28, 2007 4:39 PM
To: Lopez, Denise
Cc: fedora-xen at redhat.com
Subject: Re: [Fedora-xen] Best practices questions
On Nov 28, 2007 5:31 PM, Lopez, Denise <dlopez at humnet.ucla.edu> wrote:
>
>
>
>
> Hi all,
>
>
>
> I am in the process of building a new Xen server from scratch and
wanted to
> ask a couple of questions about best practices.
>
>
>
> First, should the guest domains be image files or LVM's or just
regular ext3
> partitions? What are the pros and/or cons of each?
>
Are you talking about inside the guests or where the guests are in DomO?
For the guests files on Dom0, I am using image files stored on DomO's
LVM.. though I may follow some howtos on shared storage so that
failover works in the future.
Inside the guests, I am using ext3 direct in the image versus using
LVM+ext3. I wanted things to be simple to understand for myself.
>
>
> Second, since the Dom0 is supposed to be kept secure, and most of my
> servers I don't install any X11 server on, is there any security risk
> installing an X11 server on the Dom0 in order to take advantage of the
> virt-manager GUI interface?
>
>
I do not know of any major security issues... but you should use
security in depth.
1) secure the logins
2) firewall the machine so that only ssh X port forwarding is available
3) keep the system up-2-date.
4) follow other best practices for securing a system.
--
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"
--
Fedora-xen mailing list
Fedora-xen at redhat.com
https://www.redhat.com/mailman/listinfo/fedora-xen
More information about the Fedora-xen
mailing list