Em 14-01-2014 06:49, Renaud Allard escreveu: > > To be fair, virtualizing stuff without a common shared storage is a > little bit useless. The biggest power of virtualization is to be able > to move VMs between physical hosts or even powering on physical hosts > when you need more power. > > But security wise, just to cite Theo: > x86 virtualization is about basically placing another nearly full > kernel, full of new bugs, on top of a nasty x86 architecture which > barely has correct page protection. Then running your operating system > on the other side of this brand new pile of shit. > > You are absolutely deluded, if not stupid, if you think that a > worldwide collection of software engineers who can't write operating > systems or applications without security holes, can then turn around > and suddenly write virtualization layers without security holes. I've never said that virtualization is secure. Some recent work on the field even prove that virtualization is almost impossible to do in a secure way. See the Gal Diskin talk on 30c3. But the demand is ever rising and power and cooling costs go along. That's why I use virtualization, not only it provides a better usage of resources, but it reduces the power bill. And in a world that is going to face more and more blackouts in the near future, that is a great thing. I've reduced my 10 server farm to just two, using 1/5 of the power that I used before, and faster. You can easily improve the hardware of two machines. But try improving the hardware of 10, spending the same amount of money. That's why I didn't blink when choosing to virtualize everything.
Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC
