On Wed, Oct 24, 2007 at 01:41:38PM -0500, L. V. Lammert wrote:
| For example, say you have three departments within a company: Marketing,
| Development, Production. Allowing each department to maintain their own
| server instance allows each department to have their own users, home
| directory configuration, samba (possibly) network config & authorization,
| separate file/print sharing domain, etc.
|
| That is simple not doable with a single OS, yet with a reasonable priced of
| h/w all can be maintained on one platform.
|
| The security benefits are at the application level, *NOT* at the OS level.
Let's have a look at the case.
Three departments all on one machine, each under one VM.
Why compare this to all departments on one machine, all on the same
OS ? That's not a fair comparison.
Compare your one machine with 3 VMs to three machines. What do you
think is more secure ? If you really, honestly think that the one
machine/3 VM's solution is more secure, I'm actually very interested
in your reasoning for this.
You seperate and isolate each department on their own machine. As
secure as the OS and/or application running on that machine.
Now you join three machines into one machine with three VMs, adding a
layer of complexity/code that is quite useful (as it saves on hardware
costs) but maybe not very mature yet.
How does that joining *add* security ? Please elaborate.
Cheers,
Paul 'WEiRD' de Weerd
--
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
http://www.weirdnet.nl/
