On Fri, Jul 16, 2010 at 3:32 PM, Jonathan Tripathy <jonnyt@xxxxxxxxxxx> wrote:
> I'm guessing the same risks apply to Xen as they do
> VMWare?
in general, yes. As for vendor support, Redhat has been very
responsive in fixing whatever security bug that comes up (like
http://www.securitytracker.com/alerts/2009/Oct/1022977.html), so if
you're concerned about that, I suggest using RHEL/Centos and their
bundled Xen/kernel-xen version (which might be somewhat old, but
should be sufficient for most uses).
I also suggest you do whatever security measures you normally do in
your normal, non-virtual environment. Think of domU as just another
server, and dom0 as SAN/switch/router/firewall.
For example, if you never bother to rewrite a SAN's LUN with 0s before
reusing it on another host, then I don't see why you should bother
writing 0s to an LV that will be used by Xen. Another example, if
you're comfortable having a single firewall box and switch used by all
traffic on your network (using vlans), then I don't see why you should
treat Xen networking differently.
-- 
Fajar
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users