|
||||||||
On 24/07/07, Paulo Meireles <subscribe at exxpert dot com> wrote: > I never used Xen, but the basics should be the same. With VMware Server > I used Windows 2000 as the host (as it's "thinner" than XP) but you may > use your favorite Linux distro - or BSD if you're using Xen. I recommend > you to use a stripped-down installation, with only the bare minimum > needed to run the virtualization layer (either VMware or Xen). Then, > create virtual machines where you will install everything you need. Yes, I'm also quite familiar with that and have used it in many instances. > Keeping applications off the host and running everything in VMs makes > hardware upgrades (and recovery) a piece of cake: just copy the virtual > machines to a new host and power them up. Yes > As for networking, the trick is not to configure IP (or any other > protocol) on the host's NICs exposed to the Internet. This way, it's > almost as if the NIC does not exist and, while you can sometime attack > what you can't see, you can't attack what is not there! Ah, that makes sense. I have read that there are claims that the VM layer can be hacked, which allows and attacker to actually change the VM settings. Is this a real threat? I mean, the VM firewall instance in theory is not as secure as would be a dedicated firewall, right? On the other hand, the difference in security is probably negligible. > You may add an extra layer of security by not having IP on the LAN > interface either, and have an isolated NIC configured specifically for > managing the host; you may the connect to it from a laptop with a > crossover cable or something alike. Good idea. > Hope it helps a bit, and good luck! Thanks, it does! regards Roland |