On 10/25/07, L. V. Lammert <[EMAIL PROTECTED]> wrote: > The 'obvious' security benefits were in two or three other posts, . but, to > summarize: > > > Separate UID/PWs for each domain/VM
Uh, how else would it work? How is this specific to virtualization? > > Separate admin configurations & tools See above. > > Separate authentication configurations (UID/PW, LDAP, ...) See above. > > Separate configs for network services (apache, samba) See above. > > Separate machine configurations (Ruby, Tomcat, or HTML) See above. > > Isolation of each OS guest (this has been a major discussion point, the > consensus being that with the possiblility of DOMU -> DOM0 exploits, > running 'insecure' VMs post a higher risk to DOM0 and the entire machine); Separation of guest OS's is a feature of VM's. It does'nt even apply to non-VM situations since it solves a problem that only exists in virtualization. > As pointed out previously, the discussion was originally about the benefits > of separate application domains within an enterprise. I'm sure there are benefits for certain situations. --- Lars Hansson
