Andrew Lentvorski wrote: > Yes and no. I'm more interested in whether a "shared" network card > could be used as an attack vector rather than whether I can actually > share it. In the case of network cards, this tends to be manageable > because they have very little "state" which could be used against me. > However, if a card has something like a cryptoaccelerator, that's a > different problem.
Good point. > Personally, I'm not a big fan of sharing cheap hardware resources like > network cards. Single point of failure and all that ... While it would be better to have multiple network cards as far as I am concerned if the network card on the xen system that a particular domain is hosted on fails we just kill that box and restart the domain on a different box since they should both be attached to some sort of san for shared storage. It will appear to applications as a hard reboot of the server but if we monitor the systems with heartbeat we could probably keep the total downtime to less than 30 seconds. -- Tracy R Reed http://copilotconsulting.com 1-877-MY-COPILOT -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
