1 |
>> Basically what I want to do is create a series of VERY tiny VMs that |
2 |
>> are all independent of each other, which provide one service. For |
3 |
>> instance, I might put apache on one VM, and tomcat on another, and so |
4 |
>> on. Obviously, I would want their memory usage to be absolutely |
5 |
>> minimized, seeing that I would like to run them all on one computer. |
6 |
>> I would probably provide them 64M-128M of RAM each, for their specific |
7 |
>> service. Perhaps a little more if really required. |
8 |
|
9 |
Lots of interest in VMs lately - Is this to increase security (isolating |
10 |
servers and components in case one is compromised)? Or perhaps you are |
11 |
isolating components for the purpose of evaluating them? |
12 |
|
13 |
<snip> |
14 |
|
15 |
> Nick[1] made a post about minimizing Gentoo a while back. |
16 |
> But that topic was mainly about the disk usage. |
17 |
> I suppose you would benefit from a system that uses the -Os flag to |
18 |
|
19 |
<snip> |
20 |
|
21 |
> But do you think vmware is fit for such a task? |
22 |
> vmware is a big strain on resources itself. |
23 |
> You might want to have a look at xen[2] instead. |
24 |
> |
25 |
> [1] http://thread.gmane.org/gmane.linux.gentoo.user/160899/focus=160903 |
26 |
> [2] http://www.xensource.com/xen/xen/index.html |
27 |
|
28 |
Presuming that one is seeking greater security, how does xen compare with |
29 |
vmware in that regard? |
30 |
|
31 |
Would a server in a VM actually be more secure than a server in a |
32 |
"hardened" chroot jail? |
33 |
|
34 |
(though I'd guess that a hardened system would be the best basis for a |
35 |
server, VM or chroot; and the logical placement of a VM would be within a |
36 |
chroot jail?). |
37 |
|
38 |
TIA |
39 |
|
40 |
|
41 |
-- |
42 |
gentoo-security@g.o mailing list |