On 27/01/2010 02:09, Scott Kuehn wrote: > Hello All, > > I'm investigating the possibility of running an EAL-certified Solaris as > a dom0 and domU on Xen or xVM. The rationale of running Solaris in > dom0 is for security features, such as the features provided by the > Controlled Access Protection Profile. So far it seems like a Solaris > HVM is ideal for each domU in my current scenario, due to the ability > for labeling via trusted extensions and the RTOS capabilities of the > kernel. > > My efforts to understand the capabilities of Xen, xVM, Solaris, and > OpenSolaris, have me running in circles. Does anyone understand the > feasibility of running a certified Solaris with a xen-based hypervisor? > My web searches show OpenSolaris with xVM is the only solaris/xen > combination with a community backing. Any advice is appreciated.
That is correct. OpenSolaris has xVM (ie Xen) but OpenSolaris doesn't have a common criteria evaluation, those only apply to Solaris 10. For Solaris 10 I recommend using VirtualBox. You can even run VirtualBox inside a labelled zone and get network isolation as well as all the other containment a labeled zone provides for "normal" applications. Solaris 10 + VirtualBox is already in use at several customer sites where labelled security is required to be run on a common criteria system - sorry but I can't give references given the nature of the customers businesses. -- Darren J Moffat
