Denise,
Personally, I recommend lvm or partitions in Dom0 vs image files for
performance reasons. The choice to use LVM or partitions can really safely
be left to whichever you are more comfortable with. If you want to be able
to resize DomUs, then lvm might be useful, but if that can be done, it is
probably quite complicated.
Dustin
-----Original Message-----
From: fedora-xen-bounces(a)redhat.com [mailto:fedora-xen-bounces@redhat.com]
On Behalf Of Lopez, Denise
Sent: Wednesday, November 28, 2007 19:43
To: fedora-xen(a)redhat.com
Subject: RE: [Fedora-xen] Best practices questions
Are you talking about inside the guests or where the guests are in DomO?
I was talking about where the guests are in Dom0.
Denise Lopez
-----Original Message-----
From: Stephen John Smoogen [mailto:smooge@gmail.com]
Sent: Wednesday, November 28, 2007 4:39 PM
To: Lopez, Denise
Cc: fedora-xen(a)redhat.com
Subject: Re: [Fedora-xen] Best practices questions
On Nov 28, 2007 5:31 PM, Lopez, Denise <dlopez(a)humnet.ucla.edu> wrote:
Hi all,
I am in the process of building a new Xen server from scratch and
wanted to
ask a couple of questions about best practices.
First, should the guest domains be image files or LVM's or just
regular ext3
partitions? What are the pros and/or cons of each?
Are you talking about inside the guests or where the guests are in DomO?
For the guests files on Dom0, I am using image files stored on DomO's
LVM.. though I may follow some howtos on shared storage so that
failover works in the future.
Inside the guests, I am using ext3 direct in the image versus using
LVM+ext3. I wanted things to be simple to understand for myself.
Second, since the Dom0 is supposed to be kept secure, and most of my
servers I don't install any X11 server on, is there any security risk
installing an X11 server on the Dom0 in order to take advantage of the
virt-manager GUI interface?
I do not know of any major security issues... but you should use
security in depth.
1) secure the logins
2) firewall the machine so that only ssh X port forwarding is available
3) keep the system up-2-date.
4) follow other best practices for securing a system.
--
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"
--
Fedora-xen mailing list
Fedora-xen(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-xen