On 11/18/20 5:54 AM, Matt McCutchen wrote:
I have the honor of a response from Andrew! :)
On Tue, 2020-11-17 at 20:57 -0800, Andrew David Wong wrote:For me, the advantage of TemplateVMs over StandaloneVMs (even if there's only one TemplateBasedVM based on the TemplateVM) is that it's easier to update the TemplateVM and back up the TemplateBasedVM.I assumed the update process was the same for a TemplateVM or a StandaloneVM (though I've never tried the latter),
It mostly is, but I personally find it easier to be able to update and install packages in the TemplateVM separately from the TemplateBasedVM. There's also the minor fact that I can update all of my templates with a single qubesctl command, whereas StandaloneVMs would be left out.
Oh, and there's also a bit of a security benefit, which I forgot to mention: https://www.qubes-os.org/doc/templates/#note-on-treating-templatebasedvms-root-filesystem-non-persistence-as-a-security-feature
and for backups, I can select any set of VMs in the Qube Manager. Perhaps you're pointing out that if the system volume of the desired AppVM is easy enough to recreate that it's not worth backing up, then using a TemplateVM + TemplateBasedVM rather than a StandaloneVM makes it possible to skip the backup? Interesting point.
Yes, but even if you don't skip backing up templates, just being able to include them in different backup sets and being able to back them up at different frequencies is handy. There was a forum discussion about this recently:
Though I suppose the more general observation underlying my original proposal was that if the process to generate the system volume from that of the main TemplateVM is automated and reasonably fast, then there's the option to run it on every boot of the TemplateBasedVM rather than persisting a separate system volume at all.
I can't speak to that. My experience has led me to keep things simple and in line with intended functionality, since I've found that erecting elaborate custom processes that aren't necessarily supported by the underlying system results in too high of a maintenance burden for me in the future.
-- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/53c92729-acb9-ac42-7576-f09ada2e74e3%40qubes-os.org.
Description: OpenPGP digital signature