On 8/29/06, Muli Ben-Yehuda <[EMAIL PROTECTED]> wrote:
On Mon, Aug 28, 2006 at 11:21:36PM +0300, Gil Freund wrote:
> I was asked about putting a firewall in Virtual Server environment.
> As far as I can tell, XEN will allow me to assign a NIC as a PCI
> desvice to a DomU.
Yes, but that makes the domU trusted (an attacker with root access ot
the domU can easily take down the entire machine - unless you have an
isolation capable IOMMU)
Can you elaborate a little more? Does this mean that if the guest/DomU
has direct access to physical hardware it can compromise the
host/DomU? Is this true for any hardware access, or for NICs only?
> VMware will only allow the usage of the NIC as bridge (albeit,
> without an IP address).
Xen can do this too, of course.
Xen can do both, which is what I like about it. I am skeptical about
running Windows 2003 as DomU with the hardware I will have (which will
arrive about 2 weeks after the date planned to go live....)
Cheers,
Muli
--
Gil Freund, Systems Analyst
-------------------------------------------
Sysnet consulting
[EMAIL PROTECTED], http://www.sysnet.co.il
voice: +972-54-2035888, Fax: +972-8-9356026
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
