On Nov 28, 2007 5:31 PM, Lopez, Denise <dlopez(a)humnet.ucla.edu> wrote:
I am in the process of building a new Xen server from scratch and wanted to
ask a couple of questions about best practices.
First, should the guest domains be image files or LVM's or just regular ext3
partitions? What are the pros and/or cons of each?
Are you talking about inside the guests or where the guests are in DomO?
For the guests files on Dom0, I am using image files stored on DomO's
LVM.. though I may follow some howtos on shared storage so that
failover works in the future.
Inside the guests, I am using ext3 direct in the image versus using
LVM+ext3. I wanted things to be simple to understand for myself.
Second, since the Dom0 is supposed to be kept secure, and most of my
servers I don't install any X11 server on, is there any security risk
installing an X11 server on the Dom0 in order to take advantage of the
virt-manager GUI interface?
I do not know of any major security issues... but you should use
security in depth.
1) secure the logins
2) firewall the machine so that only ssh X port forwarding is available
3) keep the system up-2-date.
4) follow other best practices for securing a system.
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"