-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Thu, Dec 22, 2016 at 12:41:25PM -0800, stevenwinderl...@gmail.com wrote: > I thought about the fact if its possible to use Qubes OS as a Server OS for > example for shared hosting or for application servers,etc. > > You could basically use Template VMs and start AppVMs running the needed > softwares for example on a shared hosting system. > > Would something in this direction even be possible and would any other use > cases be possible too? > > I guess its possible to use it as VM Host too?
Most Qubes OS features are really for client systems. Like all the GUI integration stuff, requiring various confirmations specifically from local user, lack of network in dom0 etc. If you take that out, mostly standard Xen installation will left there. Just like any hosting provider have... > Are you using Qubes OS internally in some way like for the web server or at > the moment not? :D We're under assumption that server infrastructure should not be trusted. So, everything downloaded from the net - either ours servers, or others - - should be verified. This is why(*) we use github instead of our own git server, github pages + cloudflare for website, various mirrors for binaries distribution and so on. And why we have reproducible builds on the roadmap - to do the same with build machines - to not trust any single machine building packages, but distribute that trust, verify where possible. The only thing we want from the infrastructure is reliability - and using 3rd-party services makes it easier. That said, technically you can setup some network services. For example run a web server in netvm, and call some qrexec service in other VM. Or redirect traffic to various VMs. It still require local administration, so it's not suited to be running in some data center. In theory you could hook up some IP KVM for that, but then the whole setup would be only as secure as that IP KVM... Some examples/documentation: https://www.qubes-os.org/doc/development-workflow/#sending-packages-to-different-vm https://www.qubes-os.org/doc/firewall/#port-forwarding-to-a-qube-from-the-outside-world https://github.com/Rudd-O/qubes-network-server https://github.com/marmarek/signature-checker/#github-webhook-integration (*) And the other reason is limiting costs. But still, not running own infrastructure make it easier to keep it that way - think twice when you send/receive something from 3rd-party service, put some script etc. Running own infrastructure would make it tempting have some trust in it. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJYXJxqAAoJENuP0xzK19csXgYH/1qZU2Hqe1fNz4kzbq9yVxOd jZCzAK+d/UFtZRFlSE8hNLkx1GKLd/eQEhP9LZ+5fs6gSJtPPVF9ElCTYnTQlZ9/ HJEjpS3IJlhk0cYBM7KM5mSNCFXLXQYWf9M73N15nVP5j9V1Ewkyl5V0DHxPpVWI r5j2pslzgXsNql38gA1hAeA9JPB8W3+Dwm7zug2ln0PfinCER9q7oA39JWjPN2Wd zgGtVkyQU42T22p+vSZvEebUNO8As8uy7SVvkNHI77IpUA7G7kdVviRCqJ/nLpXV 3h7VgFEdtDoXfFZ+7uhKXL0Y4mT5O7+w4WQSsU0ZtQUBrD5flexXTyF6xj87Bno= =GNuw -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161223033923.GM1239%40mail-itl. For more options, visit https://groups.google.com/d/optout.
