On 08/11/2007, Don Jackson <[EMAIL PROTECTED]> wrote: > > As a minor note, I also found this article to be in interesting > introduction to Xen: > > http://www.acmqueue.org/modules.php?name=Content&pa=printer_friendly&pid=443&page=1
The article is interesting, however it also claims: "virtualization (...) decreases server count and reduces overall system complexity." I think that is plain wrong. Surely the hardware consolidation doesn't outweigh the added complexity of the virtualization software. Yes, your datacenter hardware may look leaner and cleaner, but just because the complexity of virtualization does not manifest itself in hardware form doesn't mean it isn't there. The article further claims: "Virtualization has a long history, starting in the mainframe environment and arising from the need to provide isolation between users." This makes it sound as if virtualization had been invented as a security technique. Maybe, MAYBE, one VM for each user one one box might be deemed somewhat more separate than many users on one box w/o VM -- but users most definitely are not more separate when the box with VMs is compared to separate computers. Also, the seperation with VMs one one box is questionable because of the added code and complexity. On page 2, the article includes a hefty gulp of security Kool Aid, including this claim: "In a system such as Xen, nontrusted applications (...) may be seconded to their own virtual machines and thus completely separated from both the underlying system software and other more trusted applications." Completely separated my arse. Yes, I'd still LOVE to see Christoph's OpenBSD/Xen port be officially included, but I can hardly help much to make it happen, nor do I expect OpenBSD/Xen to be a security godsend. --ropers
