ahh idiot. Here is the link http://marc.info/?l=openbsd-misc&w=2&r=1&s=obsd+as+domU&q=b
On 14/01/2010 13:30, Michal wrote: > *Sorry for the top post but this has only to do with the subject* > > I think you should read these posts started with "obsd as domU". Someone > started talking about using OpenBSD with virtulisation and some people > had some interesting answers. I don't agree with everything said here, I > use VMware ESXi servers very well and backup/restore is a breeze, > especially with a change or upgrade you are nervous about (take a > snapshot, do it, if it breaks revert to snapshot. Can be up and running > again in a few minutes) but some people had some very good points. > > Take what you wish from these posts, but the OpenBSD devs are very good > and make some good points even if I don't agree with all of them > > > On 14/01/2010 12:44, Steve Kemp wrote: >> On Thu Jan 14, 2010 at 19:32:16 +0700, Sthu Deus wrote: >> >>> I want to separate diver services and make NAT to them - so that >>> it be more secure in case if one of them will be hacked - I still >> >> Right so you want a host which has a public IP (or more than one) >> and each guest will have private IPs on seperate ranges, such that >> they cannot talk to each other? >> >> That sounds like a good setup. >> >> If you're going to assume that a machine will be hacked, and then >> assume a kernel bug will come into play on one of the guests that >> strongly suggests you want to ensure that they aren't sharing a >> single kernel - ie. Don't choose vserver. >> >>> I know that KVM offers much less respond comparing w/ >>> vserver. How about Xen? Can I turn the guests on/off on the fly? >> >> Both Xen and KVM will let you start/stop guests independently of >> each other. >> >> KVM works as a process, so you just stop it. >> >> Xen has a lot of magic behind the scenes, but ultimately you can >> do things like list the running guests with "xm list", start one >> that is stopped with "xm create blah.cfg" and stop a running one >> with "xm shutdown blah". >> >>> I want them to use for email, web, and do not know if proxy >>> is any worth of to put in separate guest? - Nothing special. >> >> Probably not worth the overhead I'd have thought; historically the >> common squid proxy has had a good security record. >> >>> Ok, what is the best here (relating for my tasks)? - If any >>> had experience w/ several of them? >> >> Best is still going to be a personal preference. I'd choose KVM, >> then Xen, then vmware then vserver. >> >>> Why nobody says about packaging problem in Debian, net >>> interfaces at guests turning off?! >> >> If you use something like Xen/vmware/kvm you'd not concern yourself >> with the interfaces. Instead you'd shutdown a guest if you wanted it >> to be unreachable and disabled. >> >> Leaving it running but dropping the traffic would work, but it would >> be an odd thing to do. (e.g. it would still run cronjobs and try to >> send email, etc.) >> >>> I guess that KVM takes a lot of overload comparing w/ vserver - >>> for for example spam filtering, virus scanning. >> >> It will take overhead, yes. But not a lot. >> >> Certainly a virtual KVM guest can handle spam filtering just fine, >> assuming your setup is sane. (ie. Make lightweight tests before the >> heavier ones.) >> >> Steve >> -- >> Debian GNU/Linux System Administration >> http://www.debian-administration.org/ >> >> > > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
