On Monday 21 July 2008 16:52:32 Paul Krizak wrote: > > One more question actually, this machine is gonna be a NFS "homes" > > server for 30 Linux workstations. The homes are fairly IO busy, > > especially when rsnapshot runs :) The question is, would such a > > workload be happy to run in a Xen domU or should I be running it as > > the dom0 ? I think it makes more sense to use it as the dom0! > > You should run the NFS server in a DomU. The Dom0 isn't "special" -- > don't confuse it with the Xen hypervisor, which runs *under* all of the > domains, even Dom0. Dom0, for security purposes, should be locked down > extremely tight. Any services that your box provides should be served > by domU's, not Dom0. This is because anybody that can gain access to > your Dom0 can manipulate your DomU's, which is a huge security problem. A little bit of topic but touches the specialty of Dom0 as well. There might be reasons to put more functionality to Dom0. For example performance reasons:
I've heard rumors that it is 20% faster to give blockdevices to DomUs instead of directly using NFS/iSCSI or whatever IP based protocol because the IP-Stack within DomUs is 20% slower then giving blockdevs up to DomU. Can anybody comment on this? -- Gruss / Regards, Marc Grimme http://www.atix.de/ http://www.open-sharedroot.org/ _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
